分析1:
Private Sub Command1_Click() Dim x As Integer, y As Integer, z As Integer x = 123 y = 321 z = x + y MsgBox z
End Sub
[Command1.Click] :00401874 F47B LitI2_Byte ;Push 7B //123入栈 :00401876 707AFF FStI2 ;Pop WORD [LOCAL_0086] //弹出0086操作数 //整形占2个字 {x=123} :00401879 F34101 LitI2 ;Push 0141 //321入栈 :0040187C 7078FF FStI2 ;Pop WORD [LOCAL_0088] //弹出0088操作数 //正好是0086+2,说明内存写时是连续的 {y=321} :0040187F 6B7AFF FLdI2 ;Push WORD [LOCAL_0086] //f?load?i2应该是integer :00401882 6B78FF FLdI2 ;Push WORD [LOCAL_0088] //继续第二个参数入栈 :00401885 A9 AddI2 ; //整数相加,保存在0088+2 {z = x + y} :00401886 7076FF FStI2 ;Pop WORD [LOCAL_008A] //SUM出栈待用
================ //MsgBox原形 MsgBox(prompt[, buttons] [, title] [, helpfile, context]) ================
:00401889 2704FF LitVar ;PushVar LOCAL_00FC //未负值参数,context :0040188C 2724FF LitVar ;PushVar LOCAL_00DC //未负值参数,helpfile :0040188F 2744FF LitVar ;PushVar LOCAL_00BC //未负值参数,title :00401892 F500000000 LitI4 ;Push 00000000 //buttons 缺省值为 0 :00401897 0476FF FLdRfVar ;Push LOCAL_008A //prompt,作为显示在对话框中的消息. :0040189A 4D64FF0240 CVarRef ;
**********Reference To->msvbvm60.rtcMsgBox | :0040189F 0A00001400 ImpAdCallFPR4 ;Call ptr_00401020; check stack 0014; Push EAX //调用MsgBox {MsgBox z} :004018A4 36060044FF24FF04 FFreeVar ;Free 0006/2 variants //释放变量 :004018AD 13 ExitProcHresult ; //退出程序
分析2:
Private Sub Command1_Click() Dim x As Integer, y As Integer, z As Integer x = 123 y = 321 z = x + y MsgBox z, vbOKOnly, "pcode"
End Sub
[Command1.Click]
:00401888 F47B LitI2_Byte ;Push 7B //123入栈 :0040188A 707AFF FStI2 ;Pop WORD [LOCAL_0086] //弹出0086操作数 {x=123} :0040188D F34101 LitI2 ;Push 0141 //321入栈 :00401890 7078FF FStI2 ;Pop WORD [LOCAL_0088] //弹出0088操作数 {y=321} :00401893 6B7AFF FLdI2 ;Push WORD [LOCAL_0086] //ADD第一个参数入栈 :00401896 6B78FF FLdI2 ;Push WORD [LOCAL_0088] //ADD第二个参数入栈 :00401899 A9 AddI2 ; //ADD {z = x + y} :0040189A 7076FF FStI2 ;Pop WORD [LOCAL_008A] //SUM出栈待用 :0040189D 2704FF LitVar ;PushVar LOCAL_00FC //未负值参数,context :004018A0 2724FF LitVar ;PushVar LOCAL_00DC //未负值参数,helpfile ******Possible String Ref To->"pcode" | :004018A3 3A54FF0000 LitVarStr ;PushVarString ptr_004013C8 //"pcode"入栈 :004018A8 4E44FF FStVarCopyObj ;[LOCAL_00BC]=vbaVarDup(Pop) //地址负值 :004018AB 0444FF FLdRfVar ;Push LOCAL_00BC //title果然被负值,看来分析并没有错误 :004018AE F500000000 LitI4 ;Push 00000000 //buttons 缺省值为 0 :004018B3 0476FF FLdRfVar ;Push LOCAL_008A //prompt,SUM :004018B6 4D64FF0240 CVarRef ; **********Reference To->msvbvm60.rtcMsgBox | :004018BB 0A01001400 ImpAdCallFPR4 ;Call ptr_00401020; check stack 0014; Push EAX //调用MsgBox {MsgBox z, vbOKOnly, "pcode"} :004018C0 36060044FF24FF04 FFreeVar ;Free 0006/2 variants //释放变量 :004018C9 13 ExitProcHresult ; //退出程序 :004018CA 0000 LargeBos ;IDE beginning of line with 00 byte codes
分析3:
Private Declare Function MessageBox Lib "user32" Alias "MessageBoxA" (ByVal hwnd As Long, ByVal lpText As String, ByVal lpCaption As String, ByVal wType As Long) As Long
Const MB_OK = &H0&
Private Sub Command1_Click() Dim x As Integer, y As Integer, z As Integer x = 123 y = 321 z = x + y MessageBox Me.hwnd, "sum=" & z, "pcode", MB_OK
End Sub
[Command1.Click]
:004018FC F47B LitI2_Byte ;Push 7B //123入栈 :004018FE 707AFF FStI2 ;Pop WORD [LOCAL_0086] //弹出0086操作数 {x = 123} :00401901 F34101 LitI2 ;Push 0141 //321入栈 :00401904 7078FF FStI2 ;Pop WORD [LOCAL_0088] //弹出0088操作数 {x = 123} :00401907 6B7AFF FLdI2 ;Push WORD [LOCAL_0086] //ADD第一个参数入栈 :0040190A 6B78FF FLdI2 ;Push WORD [LOCAL_0088] //ADD第二个参数入栈 :0040190D A9 AddI2 ; /ADD {z = x + y} :0040190E 7076FF FStI2 ;Pop WORD [LOCAL_008A] //SUM出栈待用 :00401911 0470FF FLdRfVar ;Push LOCAL_0090 //将地址入栈,记录地址 :00401914 080800 FLdPr ;[SR]=[STACK_0008] :00401917 0D58000000 VCallHresult ;Call ptr_004014CC //这里应该是调用Me.hwnd,保存在0090 ==================//MsgBox原形 int MessageBox(
HWND hWnd, // handle of owner window LPCTSTR lpText, // address of text in message box LPCTSTR lpCaption, // address of title of message box UINT uType // style of message box ); ==================//下面是参数入栈 :0040191C F500000000 LitI4 ;Push 00000000 //uType,参数一 ******Possible String Ref To->"pcode" | :00401921 1B0100 LitStr ;Push ptr_00401624 //装入"pcode"字符 :00401924 0460FF FLdRfVar ;Push LOCAL_00A0 :00401927 34 CStr2Ansi ;vbaStrToAnsi //把Unicode形式转换为Ansi :00401928 6C60FF ILdRf ;Push DWORD [LOCAL_00A0] //lpCaption,参数二 ******Possible String Ref To->"sum=" | :0040192B 1B0200 LitStr ;Push ptr_00401614 //装入"sum="字符 :0040192E 6B76FF FLdI2 ;Push WORD [LOCAL_008A] //参数SUM入栈 :00401931 FBFD CStrUI1 ;vbaStrI2 //将整数转换为字符型,保存在0094 :00401933 236CFF FStStrNoPop ;SysFreeString [LOCAL_0094]; [LOCAL_0094]=[stack] :00401936 2A ConcatStr ;vbaStrCat //连接字符,保存在0098 :00401937 2368FF FStStrNoPop ;SysFreeString [LOCAL_0098]; [LOCAL_0098]=[stack] :0040193A 0464FF FLdRfVar ;Push LOCAL_009C //将地址入栈,记录地址 :0040193D 34 CStr2Ansi ;vbaStrToAnsi //把Unicode形式转换为Ansi :0040193E 6C64FF ILdRf ;Push DWORD [LOCAL_009C] //lpText,参数三 :00401941 6C70FF ILdRf ;Push DWORD [LOCAL_0090] //hWnd,参数四 ***********Reference To:user32.MessageBoxA | :00401944 0A03001000 ImpAdCallFPR4 ;Call ptr_004015E8; check stack 0010; Push EAX //调用MessageBox :00401949 3C SetLastSystemError ;Kernel GetLastError //针对调用MessageBox函数,取得扩展错误信息 :0040194A 3208006CFF68FF64 FFreeStr ;Do SysFreeString [arg_n]; [arg_n]=0 0008/2 times ~ arg :00401955 13 ExitProcHresult ; :00401956 0000 LargeBos ;IDE beginning of line with 00 byte codes
Moodsky[DFCG] 2005.02.01 
|