vbd-novice
New User
Joined: 13 Oct 2004
Posts: 3
|
|
Posted: Tue Feb 01, 2005 9:23 am
Post subject: VB runtime objects
|
|
Good day all.
Here is short description
Digging into native-code compiled application, I've noticed, that calls are looking like that:
push or lea/mov ecx/edx to store params,
then mov reg,this
push reg ; 'this' pointer
mov reg,[reg]
call [reg+Offset].
At first look there is nothing difficult - usual __thiscall, but how to define which set/put property or method is called?
I can research what is 'this' - Form or anything else and [this+0] is its v_table - IObject, inherited from IDispatch (In VB application everything is ActiveX object, so all the objects inherited from IDispatch/IUnknown interfaces)
I've tried to use #import "VB6.Olb" into C++ project and got some massive classes describing VB objects, their events and i-faces.
There are 3 "sections" in interface class - "property data" - __declspec-ed properties declarations (same as OleView shows), "Wrapper methods" and "raw methods".
"raw methods" give better results than "wrapper methods" but it's not 100% fits - Sometime I'm getting something as call[reg+_ILabel.PutDefault] or write access to R/O property (each property has propget & propput, but some of them are stubs returning E_NOTIMPL)
or the raw access members are mixed:
...
0098 get_MousePointer dd ?
009C put_MousePointer dd ?
00A0 get_Text dd ?
00A4 get__Default dd ?
00A8 put_Text dd ?
00AC put__Default dd ?
00B0 get_FontName dd ?
00B4 put_FontName dd ?
...
these lines are from _TextBox interface description (in IDA).
I strongly believe that this way can lead to rather interesting results, because _App and VBGlobal interfaces are fully correct - I can trace any method which use them and tell what it does (except math operations and "For.. To.. Step.." cycle ).
And finally, the questions:
How can I extract adecuate information about properties access and raw methods in object?
What is "propputref"?
PS. Re-ing of C* compiled app is much easier for me...
|
|
Memberlist