 |
VB Decompiler
Hosted by TheAutomaters.com
|
| Author |
Message |
vbgamer45
Regular user
Joined: 07 Jul 2004
Posts: 93
Location: 127.0.0.1
|
|
Posted: Sat Sep 04, 2004 9:42 pm
Post subject: Finally Getting somewhere
|
|
Finally making some good progress. Decided I would give it a try this week for readable vbcode from PCode. It can do some simple things right now. Needs work. I think i am going to do maybe another pass after a decode it once to clean up the code.
I understand and can get the function names from msvbvm60, using by big list of that contains the function address for each function.
Now I need to start thinking about how to find out stuff like
command1.caption = "Hello World"
and getting control names from pcode.
Talked a little to alfa who gave me some hints.
Original Code
[vb]Private Sub Form_Load()
Dim a As Integer
a = 4000
a = a + 1
a = a + 666
End Sub[/vb]
PCode
[pcode]401798 Form1.Form_Load():
401798 F3 A00F LitI2 ::push 0FA0
40179B 70 7AFF FStI2 ::pop [var_86]
40179E 6B 7AFF FLdI2 ::push [var_86]
4017A1 F4 01 LitI2_Byte ::push 01
4017A3 A9 AddI2 ::addw
4017A4 70 7AFF FStI2 ::pop [var_86]
4017A7 6B 7AFF FLdI2 ::push [var_86]
4017AA F3 9A02 LitI2 ::push 029A
4017AD A9 AddI2 ::addw
4017AE 70 7AFF FStI2 ::pop [var_86]
4017B1 13 ExitProcHresult ::ret[/pcode]
Translated PCode
[vb]
Sub Form1.Form_Load()
'ProcInfo: StartAddress=401798 ProcSize: 28
Dim int4200345 as Integer
int4200345 = 4000
Dim byte4200354 as Byte
byte4200354 = 1
var4200345 = var4200345 + 1
Dim int4200363 as Integer
int4200363 = 666
var4200345 = var4200345 + 666
End Sub
[/vb]
Last edited by vbgamer45 on Sat Sep 11, 2004 3:14 pm; edited 2 times in total
|
|
| Back to top |
|
 |
|
_aLfa_
Site Admin
Joined: 21 Sep 2002
Posts: 233
Location: Aveiro, Portugal
|
|
Posted: Sun Sep 05, 2004 8:43 am
Post subject:
|
|
Good job, and keep the good work
_________________
One thing only I know, and that is that I know nothing. (Socrates)
|
|
| Back to top |
|
|
|
MrUnleaded
Site Admin
Joined: 21 Sep 2002
Posts: 385
Location: California
|
|
Posted: Sun Sep 05, 2004 5:31 pm
Post subject:
|
|
FYI, Literals do not need to be declared.
Looking good.
_________________
-MrU
|
|
| Back to top |
|
|
|
sarge
Moderator
Joined: 24 Sep 2002
Posts: 194
|
|
Posted: Wed Sep 08, 2004 1:39 pm
Post subject:
|
|
Quite good. But you might want to be careful in using local addresses as variable identifiers...what happens if the variable is of non-local scope, and is instantiated by some other procedure?
Comment:
I myself tend to be somewhat more verbose in my "definitions" of the opcodes; I feel it helps others learn faster if they don't have to look up the details themselves. Would you consider doing so, also? If you like, I could post my equivalent output of this same prog, just to demonstrate by obsession with consistancy of details. (It might take a day or two, we're still picking up the pieces down here [Florida] from that minor weather problem we've just had)
Please keep on learning, and teaching.
Sarge
|
|
| Back to top |
|
|
|
vbgamer45
Regular user
Joined: 07 Jul 2004
Posts: 93
Location: 127.0.0.1
|
|
Posted: Thu Sep 09, 2004 1:06 am
Post subject:
|
|
[="sarge":14n0r577]Quite good. But you might want to be careful in using local addresses as variable identifiers...what happens if the variable is of non-local scope, and is instantiated by some other procedure?
[/:14n0r577]
True, I haven't yet started on global variables yet, thinking about ways of naming variables that sort of make sense.
I wil try explain things a little better in the future, right now I have school and work eating up my time...so I do not have as much free time as I did before.
I would love to see your output that's when I learn the most, I got this far by reading one of your old posts on programmers heaven and then decided to give it a try.
You are like the fourth person I know who been impacted by the storm, I have a couple friends down there, and the storm made pscode go down for a couple of days.
|
|
| Back to top |
|
|
|
sarge
Moderator
Joined: 24 Sep 2002
Posts: 194
|
|
Posted: Thu Sep 09, 2004 5:44 pm
Post subject:
|
|
Wow! and thanks for the complement. Unfortunately, a new "minor weather event" is fast approaching; I will try to get some results in this weekend.
Sarge
|
|
| Back to top |
|
|
|
sarge
Moderator
Joined: 24 Sep 2002
Posts: 194
|
|
Posted: Thu Sep 09, 2004 6:46 pm
Post subject:
|
|
Here goes, just the pertinent data:
---Begin Form1 contained events---
(Offset d/h: 4628/1214)
Form_Load( )
(Offset d/h: 6044/179C)
L00000000:
'F3, LitI2, A0, 0F
'Push 2-byte literal integer value onto stack.
'Parameter 1 = 2 bytes.
'Parameter 1 is Signed Integer value to Push onto stack.
'Integer value = 4000.
'Stack operations: Push x1.
L00000003:
'70, FStI2, 7A, FF
'Pop data from stack, store lower 2 bytes into local Frame at offset.
'Parameter 1 = 2 bytes.
'Parameter 1 is offset into local Frame where data is written.
'Offset value = &hFF7A.
'Stack operations: Pop x1.
L00000006:
'6B, FLdI2, 7A, FF
'Get 2 byte data from local frame at offset, Push onto stack.
'Parameter 1 = 2 bytes.
'Parameter 1 is offset for retrieving saved data from local Frame.
'Offset value = &hFF7A.
'Stack operations: Push x1.
L00000009:
'F4, LitI2_Byte, 01
'Push 1-byte literal integer value onto stack.
'Parameter 1 = 1 byte.
'Parameter 1 is Signed Integer value to Push onto stack.
'Integer value = 1.
'Stack operations: Push x1.
L00000011:
'A9, AddI2
'Pop integer data off stack, add to data at (new) stack position; perform error check.
'Stack operations: Pop x1.
L00000012:
'70, FStI2, 7A, FF
'Pop data from stack, store lower 2 bytes into local Frame at offset.
'Parameter 1 = 2 bytes.
'Parameter 1 is offset into local Frame where data is written.
'Offset value = &hFF7A.
'Stack operations: Pop x1.
L00000015:
'6B, FLdI2, 7A, FF
'Get 2 byte data from local frame at offset, Push onto stack.
'Parameter 1 = 2 bytes.
'Parameter 1 is offset for retrieving saved data from local Frame.
'Offset value = &hFF7A.
'Stack operations: Push x1.
L00000018:
'F3, LitI2, 9A, 02
'Push 2-byte literal integer value onto stack.
'Parameter 1 = 2 bytes.
'Parameter 1 is Signed Integer value to Push onto stack.
'Integer value = 666.
'Stack operations: Push x1.
L00000021:
'A9, AddI2
'Pop integer data off stack, add to data at (new) stack position; perform error check.
'Stack operations: Pop x1.
L00000022:
'70, FStI2, 7A, FF
'Pop data from stack, store lower 2 bytes into local Frame at offset.
'Parameter 1 = 2 bytes.
'Parameter 1 is offset into local Frame where data is written.
'Offset value = &hFF7A.
'Stack operations: Pop x1.
L00000025:
'13, ExitProcHresult
'Exit procedure; release class
'Stack operations: None.
---End Form1 contained events---
And the "translation":
Sub Form_Load( )
L00000000: 'Integer data: 4000.
L00000009: 'Integer data: 1.
L00000011: 'Arithmetic control: Addition.
L00000018: 'Integer data: 666.
L00000021: 'Arithmetic control: Addition.
L00000025: 'Flow control: End procedure.
End Sub
Sarge
|
|
| Back to top |
|
|
|
vbgamer45
Regular user
Joined: 07 Jul 2004
Posts: 93
Location: 127.0.0.1
|
|
Posted: Fri Sep 10, 2004 4:43 pm
Post subject:
|
|
Wow that is very verbose.
I love it! It explains exactly whats going on. Thats a real good idea.
Good Job.
I saw the verbose option in R.A.C.E 3.3.0 but its not enabled.
|
|
| Back to top |
|
|
|
sarge
Moderator
Joined: 24 Sep 2002
Posts: 194
|
|
Posted: Fri Sep 10, 2004 5:24 pm
Post subject:
|
|
Well, what you are seeing is 3.4, but it's not finished yet. And, there are other outputs not shown here.
Like you and the rest, I'll keep on trucking.
Sarge
|
|
| Back to top |
|
|
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You can edit your posts in this forum
You can delete your posts in this forum
You can vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
Memberlist