.NET开发

本类阅读TOP10

·NHibernate快速指南(翻译)
·vs.net 2005中文版下载地址收藏
·【小技巧】一个判断session是否过期的小技巧
·VB/ASP 调用 SQL Server 的存储过程
·?dos下编译.net程序找不到csc.exe文件
·通过Web Services上传和下载文件
·学习笔记(补)《.NET框架程序设计(修订版)》--目录
·VB.NET实现DirectDraw9 (2) 动画
·VB.NET实现DirectDraw9 (1) 托管的DDraw
·建站框架规范书之——文件命名

分类导航
VC语言Delphi
VB语言ASP
PerlJava
Script数据库
其他语言游戏开发
文件格式网站制作
软件工程.NET开发
Pcode粗略分析(1)

作者:未知 来源:月光软件站 加入时间:2005-2-28 月光软件站


分析1:

Private Sub Command1_Click()
Dim x As Integer, y As Integer, z As Integer
x = 123
y = 321
z = x + y
MsgBox z

End Sub

[Command1.Click]
:00401874  F47B              LitI2_Byte          ;Push 7B //123入栈
:00401876  707AFF            FStI2               ;Pop WORD [LOCAL_0086] //弹出0086操作数
                                                                        //整形占2个字
{x=123}
:00401879  F34101            LitI2               ;Push 0141 //321入栈
:0040187C  7078FF            FStI2               ;Pop WORD [LOCAL_0088] //弹出0088操作数
                                                                        //正好是0086+2,说明内存写时是连续的
{y=321}
:0040187F  6B7AFF            FLdI2               ;Push WORD [LOCAL_0086] //f?load?i2应该是integer
:00401882  6B78FF            FLdI2               ;Push WORD [LOCAL_0088] //继续第二个参数入栈
:00401885  A9                AddI2               ; //整数相加,保存在0088+2
{z = x + y}
:00401886  7076FF            FStI2               ;Pop WORD [LOCAL_008A] //SUM出栈待用

================ //MsgBox原形
MsgBox(prompt[, buttons] [, title] [, helpfile, context])
================

:00401889  2704FF            LitVar              ;PushVar LOCAL_00FC //未负值参数,context
:0040188C  2724FF            LitVar              ;PushVar LOCAL_00DC //未负值参数,helpfile
:0040188F  2744FF            LitVar              ;PushVar LOCAL_00BC //未负值参数,title
:00401892  F500000000        LitI4               ;Push 00000000 //buttons 缺省值为 0
:00401897  0476FF            FLdRfVar            ;Push LOCAL_008A //prompt,作为显示在对话框中的消息.
:0040189A  4D64FF0240        CVarRef             ;

**********Reference To->msvbvm60.rtcMsgBox
                               |
:0040189F  0A00001400        ImpAdCallFPR4       ;Call ptr_00401020; check stack 0014; Push EAX //调用MsgBox
{MsgBox z}
:004018A4  36060044FF24FF04  FFreeVar            ;Free 0006/2 variants //释放变量
:004018AD  13                ExitProcHresult     ; //退出程序

分析2:

Private Sub Command1_Click()
Dim x As Integer, y As Integer, z As Integer
x = 123
y = 321
z = x + y
MsgBox z, vbOKOnly, "pcode"

End Sub


[Command1.Click]

:00401888  F47B              LitI2_Byte          ;Push 7B //123入栈
:0040188A  707AFF            FStI2               ;Pop WORD [LOCAL_0086] //弹出0086操作数
{x=123}
:0040188D  F34101            LitI2               ;Push 0141 //321入栈
:00401890  7078FF            FStI2               ;Pop WORD [LOCAL_0088] //弹出0088操作数
{y=321}
:00401893  6B7AFF            FLdI2               ;Push WORD [LOCAL_0086] //ADD第一个参数入栈
:00401896  6B78FF            FLdI2               ;Push WORD [LOCAL_0088] //ADD第二个参数入栈
:00401899  A9                AddI2               ; //ADD
{z = x + y}
:0040189A  7076FF            FStI2               ;Pop WORD [LOCAL_008A] //SUM出栈待用
:0040189D  2704FF            LitVar              ;PushVar LOCAL_00FC //未负值参数,context
:004018A0  2724FF            LitVar              ;PushVar LOCAL_00DC //未负值参数,helpfile
******Possible String Ref To->"pcode"
                               |
:004018A3  3A54FF0000        LitVarStr           ;PushVarString ptr_004013C8 //"pcode"入栈
:004018A8  4E44FF            FStVarCopyObj       ;[LOCAL_00BC]=vbaVarDup(Pop) //地址负值
:004018AB  0444FF            FLdRfVar            ;Push LOCAL_00BC //title果然被负值,看来分析并没有错误
:004018AE  F500000000        LitI4               ;Push 00000000 //buttons 缺省值为 0
:004018B3  0476FF            FLdRfVar            ;Push LOCAL_008A //prompt,SUM
:004018B6  4D64FF0240        CVarRef             ;
**********Reference To->msvbvm60.rtcMsgBox
                               |
:004018BB  0A01001400        ImpAdCallFPR4       ;Call ptr_00401020; check stack 0014; Push EAX //调用MsgBox
{MsgBox z, vbOKOnly, "pcode"}
:004018C0  36060044FF24FF04  FFreeVar            ;Free 0006/2 variants //释放变量
:004018C9  13                ExitProcHresult     ; //退出程序
:004018CA  0000              LargeBos            ;IDE beginning of line with 00 byte codes


分析3:

Private Declare Function MessageBox Lib "user32" Alias "MessageBoxA" (ByVal hwnd As Long, ByVal lpText As String, ByVal lpCaption As String, ByVal wType As Long) As Long

Const MB_OK = &H0&

Private Sub Command1_Click()
Dim x As Integer, y As Integer, z As Integer
x = 123
y = 321
z = x + y
MessageBox Me.hwnd, "sum=" & z, "pcode", MB_OK

End Sub


[Command1.Click]

:004018FC  F47B              LitI2_Byte          ;Push 7B //123入栈
:004018FE  707AFF            FStI2               ;Pop WORD [LOCAL_0086] //弹出0086操作数
{x = 123}
:00401901  F34101            LitI2               ;Push 0141 //321入栈
:00401904  7078FF            FStI2               ;Pop WORD [LOCAL_0088] //弹出0088操作数
{x = 123}
:00401907  6B7AFF            FLdI2               ;Push WORD [LOCAL_0086] //ADD第一个参数入栈
:0040190A  6B78FF            FLdI2               ;Push WORD [LOCAL_0088] //ADD第二个参数入栈
:0040190D  A9                AddI2               ; /ADD
{z = x + y}
:0040190E  7076FF            FStI2               ;Pop WORD [LOCAL_008A] //SUM出栈待用
:00401911  0470FF            FLdRfVar            ;Push LOCAL_0090 //将地址入栈,记录地址
:00401914  080800            FLdPr               ;[SR]=[STACK_0008]
:00401917  0D58000000        VCallHresult        ;Call ptr_004014CC //这里应该是调用Me.hwnd,保存在0090
==================//MsgBox原形
int MessageBox(

    HWND hWnd, // handle of owner window
    LPCTSTR lpText, // address of text in message box
    LPCTSTR lpCaption, // address of title of message box 
    UINT uType  // style of message box
   );
==================//下面是参数入栈
:0040191C  F500000000        LitI4               ;Push 00000000 //uType,参数一
******Possible String Ref To->"pcode"
                               |
:00401921  1B0100            LitStr              ;Push ptr_00401624 //装入"pcode"字符
:00401924  0460FF            FLdRfVar            ;Push LOCAL_00A0
:00401927  34                CStr2Ansi           ;vbaStrToAnsi //把Unicode形式转换为Ansi
:00401928  6C60FF            ILdRf               ;Push DWORD [LOCAL_00A0] //lpCaption,参数二
******Possible String Ref To->"sum="
                               |
:0040192B  1B0200            LitStr              ;Push ptr_00401614 //装入"sum="字符
:0040192E  6B76FF            FLdI2               ;Push WORD [LOCAL_008A] //参数SUM入栈
:00401931  FBFD              CStrUI1             ;vbaStrI2 //将整数转换为字符型,保存在0094
:00401933  236CFF            FStStrNoPop         ;SysFreeString [LOCAL_0094]; [LOCAL_0094]=[stack]
:00401936  2A                ConcatStr           ;vbaStrCat //连接字符,保存在0098
:00401937  2368FF            FStStrNoPop         ;SysFreeString [LOCAL_0098]; [LOCAL_0098]=[stack]
:0040193A  0464FF            FLdRfVar            ;Push LOCAL_009C //将地址入栈,记录地址
:0040193D  34                CStr2Ansi           ;vbaStrToAnsi //把Unicode形式转换为Ansi
:0040193E  6C64FF            ILdRf               ;Push DWORD [LOCAL_009C] //lpText,参数三
:00401941  6C70FF            ILdRf               ;Push DWORD [LOCAL_0090] //hWnd,参数四
***********Reference To:user32.MessageBoxA
                              |
:00401944  0A03001000        ImpAdCallFPR4       ;Call ptr_004015E8; check stack 0010; Push EAX //调用MessageBox
:00401949  3C                SetLastSystemError  ;Kernel GetLastError //针对调用MessageBox函数,取得扩展错误信息
:0040194A  3208006CFF68FF64  FFreeStr            ;Do SysFreeString [arg_n]; [arg_n]=0 0008/2 times ~ arg
:00401955  13                ExitProcHresult     ;
:00401956  0000              LargeBos            ;IDE beginning of line with 00 byte codes

              
                                                                      Moodsky[DFCG]
                                                                         2005.02.01




相关文章

相关软件