史萊姆論壇 - 查看單個文章 - VB6逆向工程淺析(1-5全)

psac · 2006-05-25, 04:00 PM

2)select case 語句

select case 語句的語法如下：

Select Case 測試陳述式
Case 陳述式列表1
語句塊1
Case 陳述式列表2
語句塊2
......
Case Else
語句塊n
End Select
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
程式碼：
Dim a, b
a = 5
Select Case a
Case 3
b = "3"
Case 5
b = "5"
Case Else
b = "0"
End Select
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
反彙編程式碼(速度最佳化編譯）
00401A2F XOR ESI,ESI // 用來啟始化變數
00401A31 LEA EDX,DWORD PTR SS:[EBP-44]
00401A34 MOV DWORD PTR SS:[EBP-44],ESI
00401A37 LEA ECX,DWORD PTR SS:[EBP-24]
00401A3A MOV DWORD PTR SS:[EBP-24],ESI
00401A3D MOV DWORD PTR SS:[EBP-34],ESI
00401A40 MOV DWORD PTR SS:[EBP-54],ESI
00401A43 MOV DWORD PTR SS:[EBP-3C],5 // 5
00401A4A MOV DWORD PTR SS:[EBP-44],2 // 檔案類型
00401A51 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarMove>]
// a = 5 //[ebp-24]

00401A57 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaVarCopy>]
00401A5D LEA EDX,DWORD PTR SS:[EBP-24]
00401A60 LEA ECX,DWORD PTR SS:[EBP-54]
00401A63 CALL EBX // 產生一個臨時變數 //[ebp-54]
// Select Case a

00401A65 MOV EDI,DWORD PTR DS:[<&MSVBVM60.__vbaVarTstEq>
00401A6B LEA EAX,DWORD PTR SS:][EBP-54]
00401A6E LEA ECX,DWORD PTR SS:[EBP-44]
00401A71 PUSH EAX
00401A72 PUSH ECX
00401A73 MOV DWORD PTR SS:[EBP-3C],3 // 3
00401A7A MOV DWORD PTR SS:[EBP-44],8002
00401A81 CALL EDI
00401A83 TEST AX,AX
00401A86 JE SHORT 工程2.00401A91 // 不等於3則跳
// Case 3
00401A88 MOV DWORD PTR SS:[EBP-3C],工程2.004016B4 // '3'
00401A8F JMP SHORT 工程2.00401ABC

00401A91 LEA EDX,DWORD PTR SS:[EBP-54]
00401A94 LEA EAX,DWORD PTR SS:[EBP-44]
00401A97 PUSH EDX
00401A98 PUSH EAX
00401A99 MOV DWORD PTR SS:[EBP-3C],5 // 5
00401AA0 MOV DWORD PTR SS:[EBP-44],8002
00401AA7 CALL EDI
00401AA9 TEST AX,AX
00401AAC MOV DWORD PTR SS:[EBP-3C],工程2.004016BC // '5'
00401AB3 JNZ SHORT 工程2.00401ABC // 不等於5則跳
// Case 5

00401AB5 MOV DWORD PTR SS:[EBP-3C],工程2.004016C4 // '0'
00401ABC LEA EDX,DWORD PTR SS:[EBP-44]
00401ABF LEA ECX,DWORD PTR SS:[EBP-34]
00401AC2 MOV DWORD PTR SS:[EBP-44],8 // String檔案類型
00401AC9 CALL EBX // 為變數 b 賦值
// Case Else
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
當然這段程式碼在逆向時也可以用if語句來表達。逆向出來的不如select case
語句那樣直觀。在我看來用if語句表達應該是這樣的：
dim a,b
if a = 3 then
b = '3'
else if a = 5 then
b = '5'
else
b = '0'
end if
===========================================================
3)while語句

while語句的典型語法是：

While 條件
語句塊
Wend
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
程式碼：
Dim a, b
a = 3
b = 0
While a > 0
b = b + a
a = a - 1
Wend
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
反彙編程式碼(速度最佳化編譯）
00401A1F MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaVarMove>]
00401A25 XOR EDI,EDI // 啟始化變數
00401A27 MOV EBX,2
00401A2C MOV DWORD PTR SS:[EBP-54],EDI
00401A2F LEA EDX,DWORD PTR SS:[EBP-54]
00401A32 LEA ECX,DWORD PTR SS:[EBP-24]
00401A35 MOV DWORD PTR SS:[EBP-24],EDI
00401A38 MOV DWORD PTR SS:[EBP-34],EDI
00401A3B MOV DWORD PTR SS:[EBP-44],EDI
00401A3E MOV DWORD PTR SS:[EBP-4C],3 // 3
00401A45 MOV DWORD PTR SS:[EBP-54],EBX // integer檔案類型
00401A48 CALL ESI
// a = 3 //[ebp-24]

00401A4A LEA EDX,DWORD PTR SS:[EBP-54]
00401A4D LEA ECX,DWORD PTR SS:[EBP-34]
00401A50 MOV DWORD PTR SS:[EBP-4C],EDI // 0
00401A53 MOV DWORD PTR SS:[EBP-54],EBX // integer檔案類型
00401A56 CALL ESI
// b = 0 //[ebp-34]

00401A58 MOV EDI,DWORD PTR DS:[<&MSVBVM60.__vbaVarAdd>]
00401A5E MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaVarSub>]

00401A64 LEA EAX,DWORD PTR SS:[EBP-24]
00401A67 LEA ECX,DWORD PTR SS:[EBP-54] // 0
00401A6A PUSH EAX
00401A6B PUSH ECX
00401A6C MOV DWORD PTR SS:[EBP-4C],0
00401A73 MOV DWORD PTR SS:[EBP-54],8002
00401A7A CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTstGt>]
00401A80 TEST AX,AX
00401A83 JE SHORT 工程2.00401ABF // a 不大於0則結束循環
// while a > 0

00401A85 LEA EDX,DWORD PTR SS:[EBP-34]
00401A88 LEA EAX,DWORD PTR SS:[EBP-24]
00401A8B PUSH EDX // b
00401A8C LEA ECX,DWORD PTR SS:[EBP-44]
00401A8F PUSH EAX // a
00401A90 PUSH ECX
00401A91 CALL EDI
00401A93 MOV EDX,EAX // b + a
00401A95 LEA ECX,DWORD PTR SS:[EBP-34] // b
00401A98 CALL ESI
// b = b + a

00401A9A LEA EDX,DWORD PTR SS:[EBP-24] // a
00401A9D LEA EAX,DWORD PTR SS:[EBP-54]
00401AA0 PUSH EDX
00401AA1 LEA ECX,DWORD PTR SS:[EBP-44]
00401AA4 PUSH EAX
00401AA5 PUSH ECX
00401AA6 MOV DWORD PTR SS:[EBP-4C],1 // 1
00401AAD MOV DWORD PTR SS:[EBP-54],2 // integer檔案類型
00401AB4 CALL EBX
00401AB6 MOV EDX,EAX // a - 1
00401AB8 LEA ECX,DWORD PTR SS:[EBP-24]
00401ABB CALL ESI
// a = a - 1

00401ABD JMP SHORT 工程2.00401A64 //注意：這裡往回跳
// Wend
===========================================================
4)do語句

這個語句的格式比較多，典型的格式如下：

Do
語句塊
Loop Until 循環條件
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Dim a, b
a = 3
b = 0
Do
b = a + b
a = a - 1
Loop Until a <= 0
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
反彙編程式碼(速度最佳化)
00401A1F MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaVarMove>]
00401A25 XOR EDI,EDI
00401A27 MOV EBX,2
00401A2C MOV DWORD PTR SS:[EBP-54],EDI
00401A2F LEA EDX,DWORD PTR SS:[EBP-54]
00401A32 LEA ECX,DWORD PTR SS:[EBP-24]
00401A35 MOV DWORD PTR SS:[EBP-24],EDI
00401A38 MOV DWORD PTR SS:[EBP-34],EDI
00401A3B MOV DWORD PTR SS:[EBP-44],EDI
00401A3E MOV DWORD PTR SS:[EBP-4C],3 //3
00401A45 MOV DWORD PTR SS:[EBP-54],EBX //integer
00401A48 CALL ESI
// a = 3 //[ebp-24]

00401A4A LEA EDX,DWORD PTR SS:[EBP-54]
00401A4D LEA ECX,DWORD PTR SS:[EBP-34]
00401A50 MOV DWORD PTR SS:[EBP-4C],EDI //0
00401A53 MOV DWORD PTR SS:[EBP-54],EBX //integer
00401A56 CALL ESI
// b = 0 //[ebp-34]

00401A58 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaVarAdd>]
00401A5E LEA EAX,DWORD PTR SS:[EBP-24] // a
00401A61 LEA ECX,DWORD PTR SS:[EBP-34] // b
00401A64 PUSH EAX
00401A65 LEA EDX,DWORD PTR SS:[EBP-44]
00401A68 PUSH ECX
00401A69 PUSH EDX
00401A6A CALL EBX
00401A6C MOV EDX,EAX
00401A6E LEA ECX,DWORD PTR SS:[EBP-34]
00401A71 CALL ESI
// b = a + b

00401A73 LEA EAX,DWORD PTR SS:[EBP-24] // a
00401A76 LEA ECX,DWORD PTR SS:[EBP-54]
00401A79 PUSH EAX
00401A7A LEA EDX,DWORD PTR SS:[EBP-44]
00401A7D PUSH ECX
00401A7E PUSH EDX
00401A7F MOV DWORD PTR SS:[EBP-4C],1 // 1
00401A86 MOV DWORD PTR SS:[EBP-54],2 // integer
00401A8D CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarSub>]
00401A93 MOV EDX,EAX
00401A95 LEA ECX,DWORD PTR SS:[EBP-24] // a
00401A98 CALL ESI
// a = a - 1
00401A9A LEA EAX,DWORD PTR SS:[EBP-24]
00401A9D LEA ECX,DWORD PTR SS:[EBP-54]
00401AA0 PUSH EAX
00401AA1 PUSH ECX
00401AA2 MOV DWORD PTR SS:[EBP-4C],EDI // 0
00401AA5 MOV DWORD PTR SS:[EBP-54],8002
00401AAC CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTstLe>]
00401AB2 TEST AX,AX
00401AB5 JE SHORT 工程2.00401A5E
loop until a <= 0
===========================================================
5)for語句

for語句的典型語法如下：

for 循環變數 = 初值 to 終值 [step 步長]
循環體
next 循環變數
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
程式碼:
a = 0
For i = 0 To 100 Step 2
a = a + i
Next i
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
反彙編程式碼(速度最佳化)
00401A42 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaVarMove>]
00401A48 XOR ESI,ESI
00401A4A MOV EDI,2
00401A4F MOV DWORD PTR SS:[EBP-54],ESI
00401A52 LEA EDX,DWORD PTR SS:[EBP-54]
00401A55 LEA ECX,DWORD PTR SS:[EBP-34]
00401A58 MOV DWORD PTR SS:[EBP-24],ESI
00401A5B MOV DWORD PTR SS:[EBP-34],ESI
00401A5E MOV DWORD PTR SS:[EBP-44],ESI
00401A61 MOV DWORD PTR SS:[EBP-64],ESI
00401A64 MOV DWORD PTR SS:[EBP-74],ESI
00401A67 MOV DWORD PTR SS:[EBP-84],ESI
00401A6D MOV DWORD PTR SS:[EBP-94],ESI
00401A73 MOV DWORD PTR SS:[EBP-4C],ESI //0
00401A76 MOV DWORD PTR SS:[EBP-54],EDI //integer
00401A79 CALL EBX
// a = 0 //[ebp-34]

00401A7B LEA EAX,DWORD PTR SS:[EBP-54]
00401A7E LEA ECX,DWORD PTR SS:[EBP-64]
00401A81 PUSH EAX // 增量
00401A82 LEA EDX,DWORD PTR SS:[EBP-74]
00401A85 PUSH ECX // 終值
00401A86 LEA EAX,DWORD PTR SS:[EBP-94]
00401A8C PUSH EDX // 初值
00401A8D LEA ECX,DWORD PTR SS:[EBP-84]
00401A93 PUSH EAX //臨時終值
00401A94 LEA EDX,DWORD PTR SS:[EBP-24]
00401A97 PUSH ECX //臨時增量
00401A98 PUSH EDX // 循環變數
00401A99 MOV DWORD PTR SS:[EBP-4C],EDI // 2
00401A9C MOV DWORD PTR SS:[EBP-54],EDI // integer
00401A9F MOV DWORD PTR SS:[EBP-5C],64 // 100
00401AA6 MOV DWORD PTR SS:[EBP-64],EDI // integer
00401AA9 MOV DWORD PTR SS:[EBP-6C],ESI // 0
00401AAC MOV DWORD PTR SS:[EBP-74],EDI // integer
00401AAF CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarForInit>]
//For i = 0 To 100 Step 2

00401AB5 MOV EDI,DWORD PTR DS:[<&MSVBVM60.__vbaVarAdd>]
00401ABB CMP EAX,ESI
00401ABD JE SHORT 工程2.00401AEE

00401ABF LEA EAX,DWORD PTR SS:[EBP-34] //a
00401AC2 LEA ECX,DWORD PTR SS:[EBP-24] //i
00401AC5 PUSH EAX
00401AC6 LEA EDX,DWORD PTR SS:[EBP-44]
00401AC9 PUSH ECX
00401ACA PUSH EDX
00401ACB CALL EDI
00401ACD MOV EDX,EAX
00401ACF LEA ECX,DWORD PTR SS:[EBP-34]
00401AD2 CALL EBX
// a = a + i

00401AD4 LEA EAX,DWORD PTR SS:[EBP-94] //臨時終值
00401ADA LEA ECX,DWORD PTR SS:[EBP-84] //臨時增量
00401AE0 PUSH EAX
00401AE1 LEA EDX,DWORD PTR SS:[EBP-24] // 循環變數
00401AE4 PUSH ECX
00401AE5 PUSH EDX
00401AE6 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarForNext>]
00401AEC JMP SHORT 工程2.00401ABB
// next i
===========================================================
上面出現了我定義的兩個名詞:臨時終值和臨時增量,這兩個值什麼意思呢?
也就是當__vbaVarForInit函數執行完後這兩個值將分別被賦予終值和增量的值。
從上面可以看出，__vbaVarForInit只是執行一次，以後再執行就是__vbaVarForNext
了。因此程序必須知道循環變數到那裡結束，每次步長多少。這兩個值就是儲存這些
訊息的。
當滿足循環條件時,這兩個函數都返回1,不滿足時返回0。

===========================================================

2006-05-25, 04:00 PM	#3 (permalink)
psac 榮譽會員榮譽勳章勳章總數19 UID - 3662 在線等級: 註冊日期: 2002-12-07 住址: 木柵市立動物園文章: 17381 精華: 2 現金: 5253 金幣資產: 33853 金幣	2)select case 語句 select case 語句的語法如下： Select Case 測試陳述式 Case 陳述式列表1 語句塊1 Case 陳述式列表2 語句塊2 ...... Case Else 語句塊n End Select %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 程式碼： Dim a, b a = 5 Select Case a Case 3 b = "3" Case 5 b = "5" Case Else b = "0" End Select %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 反彙編程式碼(速度最佳化編譯） 00401A2F XOR ESI,ESI // 用來啟始化變數 00401A31 LEA EDX,DWORD PTR SS:[EBP-44] 00401A34 MOV DWORD PTR SS:[EBP-44],ESI 00401A37 LEA ECX,DWORD PTR SS:[EBP-24] 00401A3A MOV DWORD PTR SS:[EBP-24],ESI 00401A3D MOV DWORD PTR SS:[EBP-34],ESI 00401A40 MOV DWORD PTR SS:[EBP-54],ESI 00401A43 MOV DWORD PTR SS:[EBP-3C],5 // 5 00401A4A MOV DWORD PTR SS:[EBP-44],2 // 檔案類型 00401A51 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarMove>] // a = 5 //[ebp-24] 00401A57 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaVarCopy>] 00401A5D LEA EDX,DWORD PTR SS:[EBP-24] 00401A60 LEA ECX,DWORD PTR SS:[EBP-54] 00401A63 CALL EBX // 產生一個臨時變數 //[ebp-54] // Select Case a 00401A65 MOV EDI,DWORD PTR DS:[<&MSVBVM60.__vbaVarTstEq> 00401A6B LEA EAX,DWORD PTR SS:][EBP-54] 00401A6E LEA ECX,DWORD PTR SS:[EBP-44] 00401A71 PUSH EAX 00401A72 PUSH ECX 00401A73 MOV DWORD PTR SS:[EBP-3C],3 // 3 00401A7A MOV DWORD PTR SS:[EBP-44],8002 00401A81 CALL EDI 00401A83 TEST AX,AX 00401A86 JE SHORT 工程2.00401A91 // 不等於3則跳 // Case 3 00401A88 MOV DWORD PTR SS:[EBP-3C],工程2.004016B4 // '3' 00401A8F JMP SHORT 工程2.00401ABC 00401A91 LEA EDX,DWORD PTR SS:[EBP-54] 00401A94 LEA EAX,DWORD PTR SS:[EBP-44] 00401A97 PUSH EDX 00401A98 PUSH EAX 00401A99 MOV DWORD PTR SS:[EBP-3C],5 // 5 00401AA0 MOV DWORD PTR SS:[EBP-44],8002 00401AA7 CALL EDI 00401AA9 TEST AX,AX 00401AAC MOV DWORD PTR SS:[EBP-3C],工程2.004016BC // '5' 00401AB3 JNZ SHORT 工程2.00401ABC // 不等於5則跳 // Case 5 00401AB5 MOV DWORD PTR SS:[EBP-3C],工程2.004016C4 // '0' 00401ABC LEA EDX,DWORD PTR SS:[EBP-44] 00401ABF LEA ECX,DWORD PTR SS:[EBP-34] 00401AC2 MOV DWORD PTR SS:[EBP-44],8 // String檔案類型 00401AC9 CALL EBX // 為變數 b 賦值 // Case Else %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 當然這段程式碼在逆向時也可以用if語句來表達。逆向出來的不如select case 語句那樣直觀。在我看來用if語句表達應該是這樣的： dim a,b if a = 3 then b = '3' else if a = 5 then b = '5' else b = '0' end if =========================================================== 3)while語句 while語句的典型語法是： While 條件語句塊 Wend %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 程式碼： Dim a, b a = 3 b = 0 While a > 0 b = b + a a = a - 1 Wend %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 反彙編程式碼(速度最佳化編譯） 00401A1F MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaVarMove>] 00401A25 XOR EDI,EDI // 啟始化變數 00401A27 MOV EBX,2 00401A2C MOV DWORD PTR SS:[EBP-54],EDI 00401A2F LEA EDX,DWORD PTR SS:[EBP-54] 00401A32 LEA ECX,DWORD PTR SS:[EBP-24] 00401A35 MOV DWORD PTR SS:[EBP-24],EDI 00401A38 MOV DWORD PTR SS:[EBP-34],EDI 00401A3B MOV DWORD PTR SS:[EBP-44],EDI 00401A3E MOV DWORD PTR SS:[EBP-4C],3 // 3 00401A45 MOV DWORD PTR SS:[EBP-54],EBX // integer檔案類型 00401A48 CALL ESI // a = 3 //[ebp-24] 00401A4A LEA EDX,DWORD PTR SS:[EBP-54] 00401A4D LEA ECX,DWORD PTR SS:[EBP-34] 00401A50 MOV DWORD PTR SS:[EBP-4C],EDI // 0 00401A53 MOV DWORD PTR SS:[EBP-54],EBX // integer檔案類型 00401A56 CALL ESI // b = 0 //[ebp-34] 00401A58 MOV EDI,DWORD PTR DS:[<&MSVBVM60.__vbaVarAdd>] 00401A5E MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaVarSub>] 00401A64 LEA EAX,DWORD PTR SS:[EBP-24] 00401A67 LEA ECX,DWORD PTR SS:[EBP-54] // 0 00401A6A PUSH EAX 00401A6B PUSH ECX 00401A6C MOV DWORD PTR SS:[EBP-4C],0 00401A73 MOV DWORD PTR SS:[EBP-54],8002 00401A7A CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTstGt>] 00401A80 TEST AX,AX 00401A83 JE SHORT 工程2.00401ABF // a 不大於0則結束循環 // while a > 0 00401A85 LEA EDX,DWORD PTR SS:[EBP-34] 00401A88 LEA EAX,DWORD PTR SS:[EBP-24] 00401A8B PUSH EDX // b 00401A8C LEA ECX,DWORD PTR SS:[EBP-44] 00401A8F PUSH EAX // a 00401A90 PUSH ECX 00401A91 CALL EDI 00401A93 MOV EDX,EAX // b + a 00401A95 LEA ECX,DWORD PTR SS:[EBP-34] // b 00401A98 CALL ESI // b = b + a 00401A9A LEA EDX,DWORD PTR SS:[EBP-24] // a 00401A9D LEA EAX,DWORD PTR SS:[EBP-54] 00401AA0 PUSH EDX 00401AA1 LEA ECX,DWORD PTR SS:[EBP-44] 00401AA4 PUSH EAX 00401AA5 PUSH ECX 00401AA6 MOV DWORD PTR SS:[EBP-4C],1 // 1 00401AAD MOV DWORD PTR SS:[EBP-54],2 // integer檔案類型 00401AB4 CALL EBX 00401AB6 MOV EDX,EAX // a - 1 00401AB8 LEA ECX,DWORD PTR SS:[EBP-24] 00401ABB CALL ESI // a = a - 1 00401ABD JMP SHORT 工程2.00401A64 //注意：這裡往回跳 // Wend =========================================================== 4)do語句這個語句的格式比較多，典型的格式如下： Do 語句塊 Loop Until 循環條件 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Dim a, b a = 3 b = 0 Do b = a + b a = a - 1 Loop Until a <= 0 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 反彙編程式碼(速度最佳化) 00401A1F MOV ESI,DWORD PTR DS:[<&MSVBVM60.__vbaVarMove>] 00401A25 XOR EDI,EDI 00401A27 MOV EBX,2 00401A2C MOV DWORD PTR SS:[EBP-54],EDI 00401A2F LEA EDX,DWORD PTR SS:[EBP-54] 00401A32 LEA ECX,DWORD PTR SS:[EBP-24] 00401A35 MOV DWORD PTR SS:[EBP-24],EDI 00401A38 MOV DWORD PTR SS:[EBP-34],EDI 00401A3B MOV DWORD PTR SS:[EBP-44],EDI 00401A3E MOV DWORD PTR SS:[EBP-4C],3 //3 00401A45 MOV DWORD PTR SS:[EBP-54],EBX //integer 00401A48 CALL ESI // a = 3 //[ebp-24] 00401A4A LEA EDX,DWORD PTR SS:[EBP-54] 00401A4D LEA ECX,DWORD PTR SS:[EBP-34] 00401A50 MOV DWORD PTR SS:[EBP-4C],EDI //0 00401A53 MOV DWORD PTR SS:[EBP-54],EBX //integer 00401A56 CALL ESI // b = 0 //[ebp-34] 00401A58 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaVarAdd>] 00401A5E LEA EAX,DWORD PTR SS:[EBP-24] // a 00401A61 LEA ECX,DWORD PTR SS:[EBP-34] // b 00401A64 PUSH EAX 00401A65 LEA EDX,DWORD PTR SS:[EBP-44] 00401A68 PUSH ECX 00401A69 PUSH EDX 00401A6A CALL EBX 00401A6C MOV EDX,EAX 00401A6E LEA ECX,DWORD PTR SS:[EBP-34] 00401A71 CALL ESI // b = a + b 00401A73 LEA EAX,DWORD PTR SS:[EBP-24] // a 00401A76 LEA ECX,DWORD PTR SS:[EBP-54] 00401A79 PUSH EAX 00401A7A LEA EDX,DWORD PTR SS:[EBP-44] 00401A7D PUSH ECX 00401A7E PUSH EDX 00401A7F MOV DWORD PTR SS:[EBP-4C],1 // 1 00401A86 MOV DWORD PTR SS:[EBP-54],2 // integer 00401A8D CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarSub>] 00401A93 MOV EDX,EAX 00401A95 LEA ECX,DWORD PTR SS:[EBP-24] // a 00401A98 CALL ESI // a = a - 1 00401A9A LEA EAX,DWORD PTR SS:[EBP-24] 00401A9D LEA ECX,DWORD PTR SS:[EBP-54] 00401AA0 PUSH EAX 00401AA1 PUSH ECX 00401AA2 MOV DWORD PTR SS:[EBP-4C],EDI // 0 00401AA5 MOV DWORD PTR SS:[EBP-54],8002 00401AAC CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarTstLe>] 00401AB2 TEST AX,AX 00401AB5 JE SHORT 工程2.00401A5E loop until a <= 0 =========================================================== 5)for語句 for語句的典型語法如下： for 循環變數 = 初值 to 終值 [step 步長] 循環體 next 循環變數 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 程式碼: a = 0 For i = 0 To 100 Step 2 a = a + i Next i %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 反彙編程式碼(速度最佳化) 00401A42 MOV EBX,DWORD PTR DS:[<&MSVBVM60.__vbaVarMove>] 00401A48 XOR ESI,ESI 00401A4A MOV EDI,2 00401A4F MOV DWORD PTR SS:[EBP-54],ESI 00401A52 LEA EDX,DWORD PTR SS:[EBP-54] 00401A55 LEA ECX,DWORD PTR SS:[EBP-34] 00401A58 MOV DWORD PTR SS:[EBP-24],ESI 00401A5B MOV DWORD PTR SS:[EBP-34],ESI 00401A5E MOV DWORD PTR SS:[EBP-44],ESI 00401A61 MOV DWORD PTR SS:[EBP-64],ESI 00401A64 MOV DWORD PTR SS:[EBP-74],ESI 00401A67 MOV DWORD PTR SS:[EBP-84],ESI 00401A6D MOV DWORD PTR SS:[EBP-94],ESI 00401A73 MOV DWORD PTR SS:[EBP-4C],ESI //0 00401A76 MOV DWORD PTR SS:[EBP-54],EDI //integer 00401A79 CALL EBX // a = 0 //[ebp-34] 00401A7B LEA EAX,DWORD PTR SS:[EBP-54] 00401A7E LEA ECX,DWORD PTR SS:[EBP-64] 00401A81 PUSH EAX // 增量 00401A82 LEA EDX,DWORD PTR SS:[EBP-74] 00401A85 PUSH ECX // 終值 00401A86 LEA EAX,DWORD PTR SS:[EBP-94] 00401A8C PUSH EDX // 初值 00401A8D LEA ECX,DWORD PTR SS:[EBP-84] 00401A93 PUSH EAX //臨時終值 00401A94 LEA EDX,DWORD PTR SS:[EBP-24] 00401A97 PUSH ECX //臨時增量 00401A98 PUSH EDX // 循環變數 00401A99 MOV DWORD PTR SS:[EBP-4C],EDI // 2 00401A9C MOV DWORD PTR SS:[EBP-54],EDI // integer 00401A9F MOV DWORD PTR SS:[EBP-5C],64 // 100 00401AA6 MOV DWORD PTR SS:[EBP-64],EDI // integer 00401AA9 MOV DWORD PTR SS:[EBP-6C],ESI // 0 00401AAC MOV DWORD PTR SS:[EBP-74],EDI // integer 00401AAF CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarForInit>] //For i = 0 To 100 Step 2 00401AB5 MOV EDI,DWORD PTR DS:[<&MSVBVM60.__vbaVarAdd>] 00401ABB CMP EAX,ESI 00401ABD JE SHORT 工程2.00401AEE 00401ABF LEA EAX,DWORD PTR SS:[EBP-34] //a 00401AC2 LEA ECX,DWORD PTR SS:[EBP-24] //i 00401AC5 PUSH EAX 00401AC6 LEA EDX,DWORD PTR SS:[EBP-44] 00401AC9 PUSH ECX 00401ACA PUSH EDX 00401ACB CALL EDI 00401ACD MOV EDX,EAX 00401ACF LEA ECX,DWORD PTR SS:[EBP-34] 00401AD2 CALL EBX // a = a + i 00401AD4 LEA EAX,DWORD PTR SS:[EBP-94] //臨時終值 00401ADA LEA ECX,DWORD PTR SS:[EBP-84] //臨時增量 00401AE0 PUSH EAX 00401AE1 LEA EDX,DWORD PTR SS:[EBP-24] // 循環變數 00401AE4 PUSH ECX 00401AE5 PUSH EDX 00401AE6 CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarForNext>] 00401AEC JMP SHORT 工程2.00401ABB // next i =========================================================== 上面出現了我定義的兩個名詞:臨時終值和臨時增量,這兩個值什麼意思呢? 也就是當__vbaVarForInit函數執行完後這兩個值將分別被賦予終值和增量的值。從上面可以看出，__vbaVarForInit只是執行一次，以後再執行就是__vbaVarForNext 了。因此程序必須知道循環變數到那裡結束，每次步長多少。這兩個值就是儲存這些訊息的。當滿足循環條件時,這兩個函數都返回1,不滿足時返回0。 ===========================================================
	__________________
	送花文章: 3, 收花文章: 1631 篇, 收花: 3205 次