【VB6】从汇编角度看vb的字符串
本帖最后由 Ayala 于 2017-4-10 18:52 编辑写了个简单的C2替换原C2 在原C2目录新建立一个文件夹org把原C2放进去 追加输出.asm文件
参考 https://www.0xaa55.com/forum.php?mod=viewthread&tid=1881&ctid=2
char * __stdcall GetCommandLineA();
int main()
{
char buf={0};
sprintf(&buf,"org\\%s -Fa foo.asm",GetCommandLineA());
return system(&buf);;
}
Sub foo(ByVal str1 As String, ByRef str2 As String)
End Sub
Sub Main()
Dim str As String
str = "0xAA55·技术宅的结界"
foo str, str
End Sub
Sub too()
Dim str As String
str = "0xAA55·技术宅的结界"
str = "论坛"
End Sub
TITLE Module1
.386P
include listing.inc
if @Version gt 510
.model FLAT
else
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
_DATA SEGMENT DWORD USE32 PUBLIC 'DATA'
_DATA ENDS
CONST SEGMENT DWORD USE32 PUBLIC 'CONST'
CONST ENDS
_BSS SEGMENT DWORD USE32 PUBLIC 'BSS'
_BSS ENDS
_TLS SEGMENT DWORD USE32 PUBLIC 'TLS'
_TLS ENDS
text$1 SEGMENT PARA USE32 PUBLIC ''
text$1 ENDS
; COMDAT ?foo@Module1@@AAGXXZ
text$1 SEGMENT PARA USE32 PUBLIC ''
text$1 ENDS
; COMDAT ?Main@Module1@@AAGXXZ
text$1 SEGMENT PARA USE32 PUBLIC ''
text$1 ENDS
; COMDAT ?too@Module1@@AAGXXZ
text$1 SEGMENT PARA USE32 PUBLIC ''
text$1 ENDS
FLAT GROUP _DATA, CONST, _BSS
ASSUME CS: FLAT, DS: FLAT, SS: FLAT
endif
PUBLIC ?foo@Module1@@AAGXXZ ; Module1::foo
EXTRN __imp_@__vbaStrCopy:NEAR
EXTRN __imp_@__vbaFreeStr:NEAR
EXTRN ___vbaExceptHandler:NEAR
EXTRN __except_list:DWORD
; COMDAT CONST
; File Module1
CONST SEGMENT
$S25 DB 02H, 00H
DB 04H, 00H
DB 00H, 00H, 00H, 00H
DD FLAT:$L24
CONST ENDS
; COMDAT ?foo@Module1@@AAGXXZ
text$1 SEGMENT
_str1$ = 8
_str1$ = -20
__$SEHRec$ = -16
?foo@Module1@@AAGXXZ PROC NEAR ; Module1::foo, COMDAT
; File Module1
; Line 1
push ebp
mov ebp, esp
sub esp, 8
push OFFSET FLAT:___vbaExceptHandler
mov eax, DWORD PTR fs:__except_list
push eax
mov DWORD PTR fs:__except_list, esp
sub esp, 8
push ebx
push esi
push edi
mov DWORD PTR __$SEHRec$, esp
mov DWORD PTR __$SEHRec$, OFFSET FLAT:$S25
mov edx, DWORD PTR _str1$
lea ecx, DWORD PTR _str1$
mov DWORD PTR _str1$, 0
call DWORD PTR __imp_@__vbaStrCopy
push $L55
$L50:
; Line 3
$L24:
lea ecx, DWORD PTR _str1$
call DWORD PTR __imp_@__vbaFreeStr
$L53:
ret 0
$L55:
mov ecx, DWORD PTR __$SEHRec$
pop edi
pop esi
mov DWORD PTR fs:__except_list, ecx
pop ebx
mov esp, ebp
pop ebp
ret 8
?foo@Module1@@AAGXXZ ENDP ; Module1::foo
text$1 ENDS
PUBLIC ?Main@Module1@@AAGXXZ ; Module1::Main
EXTRN ___vba@056067A4:BYTE
; COMDAT CONST
; File Module1
CONST SEGMENT
$S33 DB 02H, 00H
DB 04H, 00H
DB 00H, 00H, 00H, 00H
DD FLAT:$L32
CONST ENDS
; COMDAT ?Main@Module1@@AAGXXZ
text$1 SEGMENT
_str$ = -20
__$SEHRec$ = -16
?Main@Module1@@AAGXXZ PROC NEAR ; Module1::Main, COMDAT
; File Module1
; Line 5
push ebp
mov ebp, esp
sub esp, 8
push OFFSET FLAT:___vbaExceptHandler
mov eax, DWORD PTR fs:__except_list
push eax
mov DWORD PTR fs:__except_list, esp
sub esp, 8
push ebx
push esi
push edi
mov DWORD PTR __$SEHRec$, esp
mov DWORD PTR __$SEHRec$, OFFSET FLAT:$S33
; Line 7
mov edx, OFFSET FLAT:___vba@056067A4
lea ecx, DWORD PTR _str$
mov DWORD PTR _str$, 0
call DWORD PTR __imp_@__vbaStrCopy
; Line 8
mov ecx, DWORD PTR _str$
lea eax, DWORD PTR _str$
push eax
push ecx
call ?foo@Module1@@AAGXXZ ; Module1::foo
push $L67
$L62:
; Line 9
$L32:
lea ecx, DWORD PTR _str$
call DWORD PTR __imp_@__vbaFreeStr
$L65:
ret 0
$L67:
mov ecx, DWORD PTR __$SEHRec$
pop edi
pop esi
mov DWORD PTR fs:__except_list, ecx
pop ebx
mov esp, ebp
pop ebp
ret 0
?Main@Module1@@AAGXXZ ENDP ; Module1::Main
text$1 ENDS
PUBLIC ?too@Module1@@AAGXXZ ; Module1::too
EXTRN ___vba@056067C8:BYTE
; COMDAT CONST
; File Module1
CONST SEGMENT
$S40 DB 02H, 00H
DB 04H, 00H
DB 00H, 00H, 00H, 00H
DD FLAT:$L39
CONST ENDS
; COMDAT ?too@Module1@@AAGXXZ
text$1 SEGMENT
_str$ = -20
__$SEHRec$ = -16
?too@Module1@@AAGXXZ PROC NEAR ; Module1::too, COMDAT
; File Module1
; Line 11
push ebp
mov ebp, esp
sub esp, 8
push OFFSET FLAT:___vbaExceptHandler
mov eax, DWORD PTR fs:__except_list
push eax
mov DWORD PTR fs:__except_list, esp
sub esp, 8
push ebx
push esi
push edi
mov DWORD PTR __$SEHRec$, esp
mov DWORD PTR __$SEHRec$, OFFSET FLAT:$S40
; Line 13
mov esi, DWORD PTR __imp_@__vbaStrCopy
mov edx, OFFSET FLAT:___vba@056067A4
lea ecx, DWORD PTR _str$
mov DWORD PTR _str$, 0
call esi
; Line 14
mov edx, OFFSET FLAT:___vba@056067C8
lea ecx, DWORD PTR _str$
call esi
push $L77
$L72:
; Line 16
$L39:
lea ecx, DWORD PTR _str$
call DWORD PTR __imp_@__vbaFreeStr
$L75:
ret 0
$L77:
mov ecx, DWORD PTR __$SEHRec$
pop edi
pop esi
mov DWORD PTR fs:__except_list, ecx
pop ebx
mov esp, ebp
pop ebp
ret 0
?too@Module1@@AAGXXZ ENDP ; Module1::too
text$1 ENDS
END
新人表示没用过VB,一开始就接触的VC :loveliness: 本帖最后由 china_shy_wzb 于 2020-7-20 13:33 编辑
学习用汇编角度看vb的字符串,有另一种感觉
页:
[1]