void ReadGUITable(VBHeader header) { if (header == null || header.GUITables == null || header.GUITables.Length <= 0) { return; } KernelWin.WriteLine("正在处理界面 {0}", typeof(GUITable).Name); UInt32 address = (UInt32)header.GUITable; for (int i = 0; i < header.GUITables.Length; i++) { GUITable item = header.GUITables[i]; String name = "GUITable_" + i.ToString("X2"); //if(item.FormPointer2!=null&&item.FormPointer2. KernelWin.WriteLine("界面 {0}", name); UInt32 addr = (UInt32)(item.Address + ImageBase); VBStruct.Make <GUITable>(item, address, true); Bytes.MakeNameAnyway(addr, name); } }
private void 打开ToolStripMenuItem_Click(object sender, EventArgs e) { if (openFileDialog1.ShowDialog() != DialogResult.OK) { return; } //BinaryReader reader = new BinaryReader(File.Open(openFileDialog1.FileName, FileMode.Open, FileAccess.Read)); Byte[] buffer = File.ReadAllBytes(openFileDialog1.FileName); BinaryReader reader = new BinaryReader(new MemoryStream(buffer)); VBInfo info = VBInfo.Current; info.Reader = reader; info.ReadInfo(reader); reader.BaseStream.Seek(info.Header - info.ImageBase, SeekOrigin.Begin); VBHeader header = new VBHeader(); header.Info = info; header.Read(reader); info.HeaderInfo = header; LoadVBInfo(info); }
void ReadExternalComponentTable(VBHeader header) { if (header == null || header.ExternalComponentTables == null || header.ExternalComponentTables.Length <= 0) { return; } KernelWin.WriteLine("正在处理外部组件 {0}", typeof(ExternalComponentTable).Name); UInt32 address = (UInt32)header.ExternalComponentTable; foreach (ExternalComponentTable item in header.ExternalComponentTables) { KernelWin.WriteLine("外部组件 {0}", item.Name2); UInt32 addr = (UInt32)(item.Address + ImageBase); VBStruct.Make <ExternalComponentTable>(item, addr, true); Bytes.MakeNameAnyway(addr, "Ext_" + item.Name2); } }
void ReadHeader(BinaryReader reader) { KernelWin.WriteLine("正在处理头部 {0}", typeof(VBHeader).Name); //Seek(reader, Header - ImageBase); VBHeader header = HeaderInfo; //header.Info = this; //header.Read(reader); //HeaderInfo = header; UInt32 address = Header; //if (!VBStruct.Make<VBHeader>(header)) throw new Exception("创建结构体失败!"); VBStruct.Make <VBHeader>(header, address, true); ReadProjectInfo(header.ProjectInfo2); ReadComRegData(header.ComRegisterData2); ReadGUITable(header); ReadExternalComponentTable(header); }
public static void Test() { String filename = @"D:\CrackMe.exe"; Byte[] buffer = File.ReadAllBytes(filename); BinaryReader reader = new BinaryReader(new MemoryStream(buffer)); VBInfo.Current.ReadInfo(reader); //DosHeader dosHeader = new DosHeader(); //dosHeader.Read(reader); //dosHeader.Show(true); //Console.WriteLine(); //FileHeader fileHeader = new FileHeader(); //fileHeader.Read(reader); //fileHeader.Show(false); //Console.WriteLine(); //OptionalHeader optionalHeader = new OptionalHeader(); //optionalHeader.Read(reader); //optionalHeader.Show(false); //Console.WriteLine(); VBInfo info = VBInfo.Current; //info.ImageBase = 0x11000000; //info.Header = 0x110079A4; //info.ImageBase = 0x400000; //info.Header = 0x441944; info.ReadInfo(reader); reader.BaseStream.Seek(info.Header - info.ImageBase, SeekOrigin.Begin); VBHeader header = new VBHeader(); header.Info = info; header.Read(reader); //header.ReadExtend(); header.Show(true); //ComRegData regdata = header.ComRegisterData2; //regdata.ReadExtend(); //Console.WriteLine(); //Console.WriteLine("ComRegData:"); //regdata.Show(); //ComRegInfo reginfo = regdata.RegInfo2; //while (reginfo != null) //{ // reginfo.ReadExtend(); // Console.WriteLine(); // Console.WriteLine("ComRegInfo:"); // reginfo.Show(); // reginfo = reginfo.Next; //} //ProjectInfo pinfo = header.ProjectInfo2; ////pinfo.ReadExtend(); //Console.WriteLine(); //Console.WriteLine("ProjectInfo:"); //pinfo.Show(); }
/// <summary> /// 读取基本信息 /// </summary> public void ReadInfo(BinaryReader reader) { //Seek(reader, 0x3c); //PEoffset = reader.ReadInt32(); //Seek(reader, PEoffset + 0x34); //ImageBase = reader.ReadUInt32(); //Seek(reader, PEoffset + 0x28); //PEEntry = reader.ReadUInt32() + ImageBase; //KernelWin.WriteLine("PEEntry:0x{0:X}", PEEntry); //PEEntry = Entry.GetEntryPoint(Entry.GetEntryOrdinal(0)); //KernelWin.WriteLine("EntryOrdinal:0x{0:X}", Entry.GetEntryOrdinal(0)); //KernelWin.WriteLine("PEEntry:0x{0:X}", PEEntry); DosHeader dosHeader = new DosHeader(); dosHeader.Read(reader); PEoffset = dosHeader.NewExeHeader; ImageBase = (UInt32)dosHeader.OptionalHeader.ImageBase; ExportDirectory export = dosHeader.OptionalHeader.Export; Int32 address = 0; if (export != null) { Seek(reader, export.AddressOfFunctions); address = reader.ReadInt32(); } else { address = dosHeader.OptionalHeader.AddressOfEntryPoint; } PEEntry = (UInt32)address + ImageBase; Seek(reader, PEEntry - ImageBase); long temp = reader.ReadByte(); if (temp == 0x68) { temp = PEEntry + 1 - ImageBase; } else if (temp == 0x58) { temp = PEEntry + 2 - ImageBase; } Seek(reader, temp); Header = reader.ReadUInt32(); //VBSig = IDCFunction.EvalAndReturnLong("Dword(" + VBHeader + ")"); //VBSig = Bytes.Dword(Header); if (Header - ImageBase > reader.BaseStream.Length) { throw new Exception("非VB文件格式!"); } Seek(reader, Header - ImageBase); VBSig = reader.ReadUInt32(); if (VBSig != 0x21354256) //VB5 { throw new Exception(String.Format("错误VB签名:0x{0:X}", VBSig)); } //temp = IDCFunction.EvalAndReturnLong("Word(" + VBHeader + "+0x22)"); //temp = Bytes.Word((UInt32)Header + 0x22); Seek(reader, Header + 0x22 - ImageBase); temp = reader.ReadInt16(); if (temp < 0x0a) { throw new Exception("不是VB6程序!"); } Seek(reader, Header - ImageBase); VBHeader header = new VBHeader(); header.Info = this; header.Read(reader); HeaderInfo = header; }
public void LoadVBInfo(VBInfo info) { treeView1.Nodes.Clear(); TreeNodeCollection rootNodes = treeView1.Nodes; TreeNodeCollection nodes = rootNodes; TreeNode node = null; VBHeader vbheader = info.HeaderInfo; node = rootNodes.Add(typeof(VBHeader).Name); node.Tag = vbheader; node = rootNodes.Add(typeof(ProjectInfo).Name); node.Tag = vbheader.ProjectInfo2; if (vbheader.ProjectInfo2.ObjectTable2 != null) { node = rootNodes.Add(typeof(ObjectTable).Name); ObjectTable entity = vbheader.ProjectInfo2.ObjectTable2; node.Tag = entity; if (entity.ProjectInfo22 != null) { node = rootNodes.Add(typeof(ProjectInfo2).Name); node.Tag = entity.ProjectInfo22; } if (entity.Objects != null && entity.Objects.Length > 0) { node = rootNodes.Add("对象"); nodes = node.Nodes; foreach (PublicObjectDescriptor item in entity.Objects) { node = nodes.Add(item.Name); node.Tag = item; TreeNode node2 = null; if (item.ObjectInfo2 != null) { node2 = node.Nodes.Add(typeof(ObjectInfo).Name); node2.Tag = item.ObjectInfo2; } if (item.OptionalObjectInfo != null) { node2 = node.Nodes.Add(typeof(OptionalObjectInfo).Name); node2.Tag = item.OptionalObjectInfo; TreeNode node3 = null; if (item.OptionalObjectInfo.EventLinks != null && item.OptionalObjectInfo.EventLinks.Length > 0) { node2 = node.Nodes.Add("事件"); Int32 i = 1; foreach (EventLink2 elm in item.OptionalObjectInfo.EventLinks) { String name = String.Empty; if (item.ProcNames != null && item.ProcNames.Length > i - 1) { name = item.Name + "_" + item.ProcNames[i - 1].FriendName; } if (String.IsNullOrEmpty(name)) { name = item.Name + "_" + i.ToString("X2"); } i++; node3 = node2.Nodes.Add(name); node3.Tag = elm; } } if (item.OptionalObjectInfo.Controls != null && item.OptionalObjectInfo.Controls.Length > 0) { node2 = node.Nodes.Add("控件"); foreach (VBControl elm in item.OptionalObjectInfo.Controls) { node3 = node2.Nodes.Add(elm.Name2); node3.Tag = elm; } } } //if (item.ProcNames != null && item.ProcNames.Length > 0) //{ // foreach (ProcName elm in item.ProcNames) // { // node2 = node.Nodes.Add(elm.Name); // node2.Tag = elm; // } //} } } } if (vbheader.ComRegisterData2 != null) { node = rootNodes.Add(typeof(ComRegData).Name); ComRegData entity = vbheader.ComRegisterData2; node.Tag = entity; if (entity.RegInfo2 != null && entity.RegInfo2.Length > 0) { node = rootNodes.Add("COM注册"); nodes = node.Nodes; foreach (ComRegInfo item in entity.RegInfo2) { node = nodes.Add(item.Name); node.Tag = item; } } } if (vbheader.ExternalComponentTables != null && vbheader.ExternalComponentTables.Length > 0) { node = rootNodes.Add("引用组件"); nodes = node.Nodes; foreach (ExternalComponentTable item in vbheader.ExternalComponentTables) { node = nodes.Add(item.Name2); node.Tag = item; } } if (vbheader.GUITables != null && vbheader.GUITables.Length > 0) { node = rootNodes.Add("窗体"); nodes = node.Nodes; foreach (GUITable item in vbheader.GUITables) { node = nodes.Add(typeof(GUITable).Name); node.Tag = item; } } }