VB6 机器码转存VB6代码,方便写内嵌汇编代码
发表于 今天 20:24
其实是前一篇那个无崩溃子类代码里面的东西, 因为这次要写的字节码太多了,我又不爱用文本转换的方法
于是写了个小函数, 做了一些文本自动编辑,替换工作,实现了一个将机器码自动转换为
Long 类型数组, 并提供机器码标志修改的功能.
先说使用:
打开 OD ,选中自己想转换为vb代码的函数或代码段,然后点鼠标右键菜单 > 二进制 > 二进制复制
2. 打开 Opcodes SaveAs VisualBasic 6.0,在灰色的文本框中,粘贴,你就会得到一串 55 8B EC 83 C4 FC B8 D4 13 40 00 8B 文本
3. 文本本身就是按照空格分开的1组,1组的,不要修改格式, 直接点 GetVisualBasicCode 按钮,就会得到转换后的内容
vb代码这样就在绿色文本框中生成了;
数组 LinkProc 是 4字节 Long 型, 转换程序会自动声明 Dim LinkProc() as long 并且自动计算元素个数;
通常, 这些机器码我们可能会做些修改, 比如把 Mov eax, 12345 的12345 修改成动态数据, 你可以将这个12345,在od中就修改成16进制的 1000(4字节)
程序将自动查找这个 1000 (最大支持16进制的 20000) ,也就是说把 &H1000 这个值做为标记,程序自动查找,并自动计算他的在 LinkProc 数组中的位置
然后用 CopyMemory 表示出来,如图上那样 CopyMemory ByVal VarPtr(LinkProc(11)) + 3, &H0100000, 4& 这个&H &H0100000 是要你修改的
你可以改成你,需要的数值, ByVal VarPtr(LinkProc(11)) + 3 表示的就是找到的 &H1000 在数组中的位置,自动算出来的.
依次方法, 你可以设置 &H1000 2000 3000 ~ 10000 11000 12000 ~ 20000, 一共20个标记, 这些标记都会被自动找出来,而且表示出来
你要做得就是修改copymemory 的第2个参数为你想要的结果, 如果标记位置正好占据了某个元素的位置,就会以 LinkProc(13) = 0200000 的形式表示,同样
自己修改 0200000。
opcodes 2 vb6.frm 代码:
返回列表VERSION 5.00
Begin VB.Form Form2
BorderStyle = 3 'Fixed Dialog
Caption = "Opcodes SaveAs VisualBasic 6.0"
ClientHeight = 6795
ClientLeft = 45
ClientTop = 435
ClientWidth = 9285
LinkTopic = "Form2"
MaxButton = 0 'False
MinButton = 0 'False
ScaleHeight = 6795
ScaleWidth = 9285
StartUpPosition = 2 '屏幕中心
Begin VB.CheckBox Check1
Caption = "Copy to clipboard"
Height = 240
Left = 4590
TabIndex = 6
Top = 6390
Width = 2040
End
Begin VB.CommandButton Command1
Caption = "&Get VisualBasic Code"
Default = -1 'True
Height = 375
Left = 6660
TabIndex = 2
Top = 6300
Width = 2445
End
Begin VB.TextBox T2
BackColor = &H00C0FFC0&
BeginProperty Font
Name = "宋体"
Size = 11.25
Charset = 0
Weight = 400
Underline = 0 'False
Italic = 0 'False
Strikethrough = 0 'False
EndProperty
Height = 3435
Left = 225
MultiLine = -1 'True
ScrollBars = 3 'Both
TabIndex = 1
ToolTipText = "click Get button, conver opcodes to vb6 codes."
Top = 2700
Width = 8880
End
Begin VB.TextBox T1
BackColor = &H00E0E0E0&
Height = 1815
Left = 225
MultiLine = -1 'True
ScrollBars = 2 'Vertical
TabIndex = 0
ToolTipText = "copy byte code from Olldbg to this textbox!"
Top = 450
Width = 8835
End
Begin VB.Label Label1
AutoSize = -1 'True
Caption = "VB Codes:"
Height = 180
Index = 2
Left = 7605
TabIndex = 5
Top = 2430
Width = 810
End
Begin VB.Label Label1
AutoSize = -1 'True
Caption = "Opcodes:"
Height = 180
Index = 1
Left = 1305
TabIndex = 4
Top = 450
Width = 720
End
Begin VB.Line Line2
Index = 3
X1 = 90
X2 = 7485
Y1 = 2520
Y2 = 2520
End
Begin VB.Line Line2
BorderColor = &H00FFFFFF&
Index = 2
X1 = 90
X2 = 7485
Y1 = 2535
Y2 = 2535
End
Begin VB.Line Line2
BorderColor = &H00FFFFFF&
Index = 1
X1 = 90
X2 = 7485
Y1 = 290
Y2 = 290
End
Begin VB.Label Label1
AutoSize = -1 'True
Caption = "Opcodes:"
Height = 180
Index = 0
Left = 7605
TabIndex = 3
Top = 180
Width = 720
End
Begin VB.Line Line2
Index = 0
X1 = 90
X2 = 7485
Y1 = 270
Y2 = 270
End
End
Attribute VB_Name = "Form2"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Option Explicit
Private Sub Command1_Click()
Const sm = vbCrLf & " Dim LinkProc(%Repl) As Long" & vbCrLf
Dim tSrc$, i&, strTmp$, a&
Dim strArray$(), strDest$()
T2 = vbCrLf & " ' Current Converter Version: No.111" & vbCrLf
T2 = T2 & " ' This Code Generated By PctGL's Opcodes 2 VisualBasic 6.0" & vbCrLf & vbCrLf
T2 = T2 & " ' The VarPtr(LinkProc(0)) is sub entry."
If Len(T1) Then
tSrc = Replace(T1, vbCrLf, " ")
tSrc = Replace(tSrc, vbCr, " ")
tSrc = Replace(tSrc, vbLf, " ")
Do
i = Len(tSrc)
If Mid(tSrc, i, 1) = " " Then tSrc = Left(tSrc, i - 1) Else Exit Do
Loop
Do
i = 1
If Mid(tSrc, i, 1) = " " Then tSrc = Right(tSrc, Len(tSrc) - i) Else Exit Do
Loop
T1 = tSrc
strArray = Split(tSrc, " ")
i = (UBound(strArray) Mod 4)
ReDim strDest((UBound(strArray) \ 4) + IIf(i, 1, 0) - 1)
a = UBound(strArray)
For i = 0 To UBound(strDest)
If i * 4 > a Then
Exit For
ElseIf i * 4 + 1 > a Then
strTmp = strArray(i * 4)
ElseIf i * 4 + 2 > a Then
strTmp = strArray(i * 4 + 1) & strArray(i * 4)
ElseIf i * 4 + 3 > a Then
strTmp = strArray(i * 4 + 2) & strArray(i * 4 + 1) & strArray(i * 4)
Else
strTmp = strArray(i * 4 + 3) & strArray(i * 4 + 2) & strArray(i * 4 + 1) & strArray(i * 4 + 0)
End If
strDest(i) = vbCrLf & Replace(" LinkProc(%Repl) = &H", "%Repl", i) & strTmp
Next
T2 = T2 & Replace(sm, "%Repl", UBound(strDest)) & Join(strDest) & vbCrLf
Const fxSign = vbCrLf & " CopyMemory ByVal VarPtr(LinkProc(%Repl1)) + %Repl2, &H%Repl3, 4& ' Label Sign: %Repl3" & vbCrLf
Const fxSign2 = vbCrLf & " LinkProc(%Repl1) = %Repl2 ' Label Sign: %Repl2" & vbCrLf
' On Error Resume Next
For i = 0 To UBound(strArray) - 4
strTmp = strArray(i) & strArray(i + 1) & strArray(i + 2) & strArray(i + 3)
' Debug.Print strTmp, Timer
Select Case strTmp
Case "00100000", "00200000", "00300000", "00400000", "00500000", "00600000", "00700000", "00800000", "00900000", "01000000", "01100000", "01200000", "01300000", "01400000", "01500000", "01600000", "01700000", "01800000", "01900000", "02000000"
If i Mod 4 <> 0 Then
tSrc = Replace(fxSign, "%Repl1", i \ 4)
tSrc = Replace(tSrc, "%Repl2", i Mod 4)
tSrc = Replace(tSrc, "%Repl3", Right(strTmp, 7))
Else
tSrc = Replace(fxSign2, "%Repl1", i \ 4)
tSrc = Replace(tSrc, "%Repl2", Right(strTmp, 7))
End If
T2 = T2 & tSrc
i = i + 4
End Select
Next
Const vxResultProt = vbCrLf & " Dim PG_OldProtect As Long"
Const vxProt = vbCrLf & " VirtualProtect Byval VarPtr(LinkProc(0)),ByVal %Repl1&, ByVal &H40&, PG_OldProtect"
T2 = T2 & vxResultProt
T2 = T2 & Replace(vxProt, "%Repl1", (UBound(strDest) + 1) * 4)
If Check1.Value Then Clipboard.SetText T2.Text
End If
End Sub