powerbuilder反编译器开发-第一步：pbd结构分析和PBKILLER分析 转载 - 河北商业与条码设备的日志 - 网易博客 网易 新闻 微博 邮箱 相册 阅读 有道 摄影 爱拍 优惠券 云笔记 闪电邮 手机邮 印像派 网易识字 更多 博客 手机博客 博客搬家 博客VIP服务 LiveWriter写博 word写博 邮件写博 短信写博 群博客 博客油菜地 博客话题 博客热点 博客圈子 找朋友 发现 小组 风格 网易真人搭配社区iStyle 把最美的记录工具，装进你的口袋 >> 把最美的记录工具，装进你的口袋 >> 把最美的记录工具，装进你的口袋 >> 创建博客 登录 加关注 显示下一条 | 关闭 温馨提示！由于新浪微博认证机制调整，您的新浪微博帐号绑定已过期，请重新绑定！立即重新绑定新浪微博》 | 关闭 河北商业与条码设备 各种商业与条码设备技术支持 导航 首页 日志 相册 音乐 收藏 博友 关于我 日志 powerbuilder反编译器开发-第一步：pbd结构分析和PBKILLER分析 转载 2009-12-12 13:39:00| 分类： pb研究 | 标签： |举报 |字号大中小 订阅 今天做了一个简单的structrue，编译得到一个pbd文件，在pb中，全局结构是代码最少的。发现几个问题：1.PBKILLER无法得到blob{n}这种申明，ue查看是他少分析了一部分字节，比如dec{2},dec{4}都不能反编译，全部编译为：dec。2.PBKILLER目录下的文件vmxxx.dat大致为一个包含pb所有内置对象，函数，实践，属性调用的例程。可能视图通过此样本与客户代码比较得到反编译信息。具体还得研究。另外shudepb当时应该也是参考此软件，我记得之前好像他说参考PBKILLER不断对比调试之类的话，在哪里看到的搞忘了。*经查：vm196.dat来自pbvm90.dll的0x422200h处的资料。看样子是pb9的全部枚举和对象清单。3.对PBKILLER的原理进行了透析：编译一个pbd，然后启动PBKILLER，然后ue修改pbd的字节，逐渐推断和比较，终于分析出PBKILLER依赖的部分，这些部分就形成解析源码的依据。目前我对structrue已经完全解析，而且知道了各部分的真正含义。包括blob{256}是如何申明和表示的。后续其他对象可能很复杂，比如window。但我现在已经打开思路，并会沿着这个思路一致研究下去。4.附上我分析的pbd文件，是一个结构：a。源码：global type str_a from structure blob{256} aaa boolean bbb character ccc checkbox ddd commandbutton eee datawindow fff datawindowchild ggg date hhh datetime iii decimal { 0 } jjj decimal { 2 } kkk decimal { 4 } lll double mmm w_bbbb nnnend typeb。关键字节（无关字节我已经抹为00了），具体含义我就不便写的太明白了。本来写在这里也主要给自己留个参考。00001200h: 44 41 54 2A 00 14 00 00 F6 01 00 00 08 00 00 00 ; DAT*....?......00001210h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................00001220h: 00 00 DE 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ..?............00001230h: 00 00 73 74 72 75 63 74 75 72 65 00 73 74 72 5F ; ..structure.str_00001240h: 61 00 61 63 63 65 73 73 69 62 6C 65 73 74 61 74 ; a.accessiblestat00001250h: 65 00 61 63 63 65 73 73 69 62 69 6C 69 74 79 00 ; e.accessibility.00001260h: 6D 61 69 6C 72 65 63 69 70 69 65 6E 74 00 65 6E ; mailrecipient.en00001270h: 76 69 72 6F 6E 6D 65 6E 74 00 6D 61 69 6C 66 69 ; vironment.mailfi00001280h: 6C 65 64 65 73 63 72 69 70 74 69 6F 6E 00 6D 61 ; ledescription.ma00001290h: 69 6C 6D 65 73 73 61 67 65 00 64 61 74 61 77 69 ; ilmessage.datawi000012a0h: 6E 64 6F 77 63 68 69 6C 64 00 6C 69 73 74 76 69 ; ndowchild.listvi000012b0h: 65 77 69 74 65 6D 00 74 72 65 65 76 69 65 77 69 ; ewitem.treeviewi000012c0h: 74 65 6D 00 63 6F 6E 6E 65 63 74 69 6F 6E 69 6E ; tem.connectionin000012d0h: 66 6F 00 63 68 65 63 6B 62 6F 78 00 63 6F 6D 6D ; fo.checkbox.comm000012e0h: 61 6E 64 62 75 74 74 6F 6E 00 64 61 74 61 77 69 ; andbutton.datawi000012f0h: 6E 64 6F 77 00 77 5F 62 62 62 62 00 70 6F 77 65 ; ndow.w_bbbb.powe00001300h: 72 6F 62 6A 65 63 74 00 54 01 00 00 00 00 FF FF ; robject.T..... 00001310h: 00 00 08 00 00 00 00 00 00 00 40 15 00 00 00 00 ; ..........@.....00001320h: 00 00 FF FF 00 00 12 00 00 00 00 00 00 00 00 15 ; .. ............00001330h: 00 00 00 00 00 00 FF FF 00 00 18 00 00 00 02 00 ; ...... ........00001340h: 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 28 00 ; .......... ..(.00001350h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF ; .............. 00001360h: 00 00 36 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ..6.............00001370h: 00 00 FF FF 00 00 44 00 00 00 00 00 00 00 00 00 ; .. ..D.........00001380h: 00 00 00 00 00 00 FF FF 00 00 50 00 00 00 00 00 ; ...... ..P.....00001390h: 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 64 00 ; .......... ..d.000013a0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF ; .............. 000013b0h: 00 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ..p.............000013c0h: 00 00 FF FF 00 00 80 00 00 00 00 00 00 00 00 00 ; .. .. .........000013d0h: 00 00 00 00 00 00 FF FF 00 00 8D 00 00 00 00 00 ; ...... ..?....000013e0h: 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 9A 00 ; .......... ..?000013f0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF ; .............. 00001400h: 44 41 54 2A 00 16 00 00 F6 01 00 00 A9 00 00 00 ; DAT*....?..?..00001410h: 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 ; ............ ..00001420h: B2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ?..............00001430h: FF FF 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 ; ..?..........00001440h: 00 00 00 00 FF FF 00 00 CB 00 00 00 00 00 00 00 ; .... ..?......00001450h: 00 00 00 00 00 00 00 00 FF FF 00 00 D2 00 00 00 ; ........ ..?..00001460h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 ; ................00001470h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................00001480h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................00001490h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................000014a0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................000014b0h: 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 ; ................000014c0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................000014d0h: 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; @...............000014e0h: 61 61 61 00 62 62 62 00 63 63 63 00 64 64 64 00 ; aaa.bbb.ccc.ddd.000014f0h: 65 65 65 00 66 66 66 00 67 67 67 00 68 68 68 00 ; eee.fff.ggg.hhh.00001500h: 69 69 69 00 6A 6A 6A 00 6B 6B 6B 00 6C 6C 6C 00 ; iii.jjj.kkk.lll.00001510h: 6D 6D 6D 00 6E 6E 6E 00 18 01 00 00 00 00 FF FF ; mmm.nnn....... 00001520h: 00 00 08 00 00 00 00 00 00 00 00 1D 0B 00 00 00 ; ................00001530h: 00 00 FF FF 00 00 0C 00 00 00 00 00 00 00 00 00 ; .. ............00001540h: 07 00 00 00 00 00 FF FF 00 00 10 00 00 00 00 00 ; ...... ........00001550h: 00 00 00 00 12 00 00 00 00 00 FF FF 00 00 14 00 ; .......... ....00001560h: 00 00 00 00 00 00 00 00 0C 80 00 00 00 00 FF FF ; ......... .... 00001570h: 00 00 18 00 00 00 00 00 00 00 00 00 0D 80 00 00 ; ............. ..00001580h: 00 00 FF FF 00 00 1C 00 00 00 00 00 00 00 00 00 ; .. ............00001590h: 0E 80 00 00 00 00 FF FF 00 00 20 00 00 00 00 00 ; . .... .. .....000015a0h: 00 00 00 00 08 80 00 00 00 00 FF FF 00 00 24 00 ; ..... .... ..$.000015b0h: 00 00 00 00 00 00 00 00 0C 00 00 00 00 00 FF FF ; .............. 000015c0h: 00 00 28 00 00 00 00 00 00 00 00 00 0E 00 00 00 ; ..(.............000015d0h: 00 00 FF FF 00 00 2C 00 00 00 00 00 00 00 00 00 ; .. ..,.........000015e0h: 05 00 00 00 00 00 FF FF 00 00 30 00 00 00 00 00 ; ...... ..0.....000015f0h: 00 00 04 0D 05 00 00 00 00 00 FF FF 00 00 34 00 ; .......... ..4.00001600h: 44 41 54 2A 00 00 00 00 A2 00 00 00 00 00 00 00 ; DAT*....?......00001610h: 08 0D 05 00 00 00 00 00 FF FF 00 00 38 00 00 00 ; ........ ..8...00001620h: 00 00 00 00 00 0D 04 00 00 00 00 00 FF FF 00 00 ; ............ ..00001630h: 3C 00 00 00 00 00 00 00 00 00 0F 80 00 00 00 00 ; <.......... ....//补充主要任务：1. 各种对象的编译后数据结构分析（主要是win，structre,menu,funciton,uo，比如函数的变量在哪，变量的类型，accesstype，返回值类型等)2. 从对象角度看：pb中都是对象（structre除外，它保持c的习惯；function除外，它也保持c函数习惯，其他几种都可以看做对象object，凡是对象就有几个要素：a.它的名字就是新类型;2.属性区（共享和实例）;3.函数（分外部和局部）与事件；4.控件，比如tab里面放置的子控件;5.局部结构体）3. 分析要点：a. 各种对象存放编译后数据的框架（结构）；b.变量申明和初始值；c. 文字和数字字面量; d.赋值操作; e. 混合运算; f.函数和事件调用；g. 特殊语法分析，如if，for，while，try...catch,throws等；h.sql语法嵌入和变量绑定。本文来自CSDN博客，转载请标明出处：http://blog.csdn.net/chengg0769/archive/2009/07/26/4380623.aspx 评论这张 转发至微博 转发至微博 阅读(2)| 评论(0) | 分享到： 喜欢 推荐 0人 | 转载 历史上的今天 最近读者 热度 评论 this.p={ m:2, b:2, id:'fks_087065081080084071081082080071072082087070086084095075', blogTitle:'powerbuilder反编译器开发-第一步：pbd结构分析和PBKILLER分析 转载', blogAbstract:' 今天做了一个简单的structrue，编译得到一个pbd文件，在pb中，全局结构是代码最少的。发现几个问题：1.PBKILLER无法得到blob{n}这种申明，ue查看是他少分析了一部分字节，比如dec{2},dec{4}都不能反编译，全部编译为：dec。2.PBKILLER目录下的文件vmxxx.dat大致为一个包含pb所有内置对象，函数，实践，属性调用的例程。可能视图通过此样本与客户代码比较得到反编译信息。具体还得研究。另外shudepb当时应该也是参考此软件，我记得之前好像他说参考PBKILLER不断对比调试之类的话，在哪里看到的搞忘了。*经查：vm196.dat来自pbvm90.dll的0x422200h处的资料。看样子是pb9的全部枚举和对象清单。3.对PBKILLER的原理进行了', blogTag:'', blogUrl:'blog/static/4652298200911121390722', isPublished:1, istop:false, type:0, modifyTime:0, publishTime:1260596340722, permalink:'blog/static/4652298200911121390722', commentCount:0, mainCommentCount:0, recommendCount:0, bsrk:-100, publisherId:0, recomBlogHome:false, currentRecomBlog:false, attachmentsFileIds:[], vote:{}, groupInfo:{}, friendstatus:'none', followstatus:'unFollow', pubSucc:'', visitorProvince:'', visitorCity:'', visitorNewUser:false, postAddInfo:{}, mset:'000', mcon:'', srk:-100, remindgoodnightblog:false, isBlackVisitor:false, isShowYodaoAd:false, hostIntro:'', hmcon:'0', selfRecomBlogCount:'0', lofter_single:'' } {list a as x} {if !!x} {if x.visitorName==visitor.userName} {else} {/if} {if x.moveFrom=='wap'} {elseif x.moveFrom=='iphone'} {elseif x.moveFrom=='android'} {elseif x.moveFrom=='mobile'} {/if} ${fn(x.visitorNickname,8)|escape} {/if} {/list} {if !!a} ${fn(a.nickname,8)|escape} ${a.selfIntro|escape}{if great260}${suplement}{/if} {/if} {list a as x} {if !!x} ${fn(x.title,26)|escape} {/if} {/list} 推荐过这篇日志的人： {list a as x} {if !!x} ${fn(x.recommenderNickname,6)|escape} {/if} {/list} {if !!b&&b.length>0} 他们还推荐了： {list b as y} {if !!y} &#183;${y.recommendBlogTitle|escape} {/if} {/list} {/if} 转载记录： {list d as x} &#183; ${x.referBlogTitle|escape} ${x.referUserName|escape} {/list} {list a as x} {if !!x} ${x.title|default:""|escape} {/if} {/list} {list a as x} {if !!x} ${x.title|default:""|escape} {/if} {/list} {list a as x} {if !!x} ${x.blogTile|default:""|escape} {/if} {/list} {list a as x} {if x_index>4}{break}{/if} {if !!x} ${fn1(x.title,60)|escape}${fn2(x.publishTime,'yyyy-MM-dd HH:mm:ss')} {/if} {/list} {list a as x} {if !!x} ${fn(x.title,26)|escape} {/if} {/list} {if !!(blogDetail.preBlogPermalink)} ${blogDetail.preBlogTitle|escape} {/if} {if !!(blogDetail.nextBlogPermalink)} ${blogDetail.nextBlogTitle|escape} {/if} {list a as x} {if !!x} {if x.publisherUsername==visitor.userName} {else} {/if} ${fn(x.publisherNickname,8)|escape} {/if} {/list} 被推荐日志 最新日志 该作者的其他文章 博主推荐 随机阅读 首页推荐 更多>> {list a as x} {if !!x} ${x.nickName|escape} 投票给 {var first_option = true;} {list x.voteDetailList as voteToOption} {if voteToOption==1} {if first_option==false},{/if} “${b[voteToOption_index]}” {/if} {/list} {if (x.role!="-1") },“我是${c[x.role]}” {/if} ${fn1(x.voteTime)} {if x.userName==''}{/if} {/if} {/list} 页脚 公司简介 - 联系方法 - 招聘信息 - 客户服务 - 隐私政策 - 博客风格 - 手机博客 - VIP博客 - 订阅此博客 网易公司版权所有 &copy;1997-2014 帮助 ${u} {list wl as x} ${x.g} {list x.l as y} ${y.n} {/list} {/list} {if defined('wl')} {list wl as x}${x.n}{/list} {/if}