[URL="http://progress-tools.x10.mx/p32dasm.html"]原始链接[/URL]

P32Dasm is a Visual Basic 5.0/6.0 PCode + Native code Decompiler. It can generate String, Numbers, Objects, Import and Export function listing. There is also Jump calculator. For VB Native code executables are generated only MSVBVM, External calls and string references. Usefull for setting BPX, you don't need search in debugger where start some Command Button event. You can generate .map files, which you can import to DataRescue IDA (LoadMap plugin) or to Olly Debugger (MapConv plugin).
Language support: arabic, czech, english, german, chinese, korean, russian, slovak, spanish.

Read more in Readme.txt !

-+- P32Dasm 2.80 * Copyright (C) DARKER (SCF) 2o11 -+-
===========================================================

P32Dasm is a VB PCode + Native code Decompiler. It can generate String, Numbers,
Objects, Import and Export function listing. There is also PCode Jump calculator.
You can set shortcut to your favorite hex editor for fast patching. I personally
prefer Hiew.


How to use it
=============
Load file by pressing F1, from command line or Drag and Drop.


Tips & Tricks
=============
- You can edit output by pressing button "Edit". Now you can color interesting
sections, write yours comments, etc ...
- For fast moving you can use Position manager. Set cursor to some position click
in Position manager to "Add" button and enter your description. Any time you
need fast jump to your location just doubleclick to your list.
- For VB Native code executables are generated only MSVBVM, External calls and
string references. Usefull for setting BPX, you don't need search in debugger
where start some Command Button event etc ...
- On BIG apps I don't recommend use option "Use syntax highlight color" - it's
slow, use normal mode
- If you still need syntax highlighting you can use included Syntax highlighting
for UltraEdit. Just add it to the end of original "wordfile.txt".
- By some problems you can decompile only some parts with "Decompile from offset"
function. Experienced users only! or read below
- Procedure window has two modes:
1) "Full Decompiling" ON - by DblClicking on procedure you can search it
2) "Full Decompiling" OFF - by DblClicking you can manually decompile selected
procedure. (you don't need decompile whole file, you can explore it on the fly,
fastest decompile solution!)
- In Object list you can see Object Type displayed with appropriate Icon
- At the beginning of decompiled output you can see sometime original procedure
names - this helps you identify missing names for some procedures
- vbCRLF, vbCR, vbLF, vbNullChar, vbTab - are VB constants not strings
- You can easy search for Jumps by clicking on Offset and selecting from right
MouseClick Option "Search:" and you can continue search with F3 key
- You can change Label of autogenerated Position with "Label" button or current
Position in main Screen with "Position" Button. There is possibility also save
your own Position file.
- You can easy jump to specified Offset by clicking on Offset and selecting from
right MouseClick Option "Internal HexEditor Offset:". Immediately start editor
and you are on your offset so you can start patching.
- If you want use also HIEW for direct jump, then in Options set in path %1 e.g.
"your_path\hiew.exe %1" and in output click inside some offset and click run.
P32Dasm has algo to detect if it's offset or memory address. Address must be
in format XXXXXXXX: (check if your HIEW version support jump from commandline
/O param)
- You can generate .map files which you can import to DataRescue IDA (LoadMap
plugin) or to Olly Debugger (MapConv plugin).
- In control tree you can see object offset over mouse cursor. This is usefull
if you want manualy patch default control properties: label, enabled, disabled,
visible, timer values ... This can be also exported with Copy All (to clipboard)
(basic knowledge of object properties structure is needed)

Shortcut keys:
F1 - Open exe to decompile
F2 - Save generated output to file
F3 - Search next
F4 - Internal HexEditor start
F5 - Position Manager
F6 - External editor (Hiew)
F8 - String References
F9 - Number References
F12 - Exit
Ctrl + C - Copy to clipboard
Ctrl + F - New search


Supported OCX and DLL:
======================
MSCOMCTL.OCX, RICHTX32.OCX, MSFLXGRD.OCX, MSCOMCT2.OCX, VBOLOCK.OCX, ACTBAR3.OCX
MSINET.OCX, MSWINSCK.OCX, TABCTL32.OCX, COMCT332.OCX, COMCT32.OCX, JSBBAR16.OCX
COMCT232.OCX, VSFLEX7L.OCX, THREED32.OCX, THREED20.OCX, FM20.DLL, GRIDEX20.OCX
JSBBAR16.OCX, MSDATLST.OCX, TOC.OCX, SSSPLT30.OCX, DBLIST32.OCX, DBGRID32.OCX
MSDATGRD.OCX, MSCOMM32.OCX, MSCHRT20.OCX, MSMASK32.OCX


Known limitations, Bugs
=======================
- Searching strings with regional characters can cause that no string is found!
(this is M$ RichTextBox bug or some Unicode problems ...)
- In native code are sometimes displayed "???????????" strings, this can contain
usefull strings, just ignore it if isn't interesting
- At the end of procedure (PCode) after ExitProcHresult you get sometime random
opcodes that are not valid - just ignore it. You can suppress them by setting
"Check End Bytes" to higher value, but you can get after some errors "Not found
jump destination" then go down with this value :-)
- In "Decompile from offset" (PCode) mode are Strings, Calls and Properties not
displayed in case that you do not fit to the correct range.
- If P32Dasm speak your language it doesn't mean that it also fully support your
language (displaying Objects from Executable ...)
- Always only one instance of internal HexEditor can be running in memory
- If you want reset settings to default values just delete in registry this key:
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\P32Dasm\Settings
- IDA Visual Basic debugger plugin is NOT available in this package!


System requirements
===================
P32Dasm need Visual Basic 6.0 run-time files + additional OCX files:
MSCOMCTL.OCX, COMDLG32.OCX and RICHTX32.OCX.

for missing OCXs you can download this:

Microsoft Visual Basic 6.0 Service Pack 6 Cumulative Update
-----------------------------------------------------------
VB60SP6-KB957924-v2-x86-ENU.msi 9.8MB

To obtain this file, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyID=CB824E35-0403-45C4-9E41-459F0EB89E36

To install this cumulative update rollup, you must have at least Windows Installer 3.1
or a later version installed on the computer. To obtain the latest version of
Windows Installer for the computer, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?familyid=5A58B56F-60B6-4412-95B9-54D056D6F9F4

Setup installs versions of the Microsoft Visual Basic run-time files required by
all applications created with Visual Basic 6.0. The files include the fixes shipped
with Service Pack 6 for Visual Basic 6.0:

Also contain these files needed by P32Dasm:
Comdlg32.ocx
Mscomctl.ocx
Richtx32.ocx

for missing Visual Basic 6.0 run-time you can download this:

Visual Basic 6.0 SP6 run-time files
-----------------------------------
VB6.0-KB290887-X86.exe 1.0MB

To obtain this file, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7B9BA261-7A9C-43E7-9117-F673077FFB3C

VBRun60sp6.exe installs the following core files that are included with
Visual Studio 6.0 Service Pack 6:

Asycfilt.dll
Comcat.dll
Msvbvm60.dll
Oleaut32.dll
Olepro32.dll
Stdole2.tlb


Credits
=======
Thank you:
Kood - for some new ideas
Ivuso - for IDA Visual Basic Debugger plugin
Sarge, VBgamer45 - for your help
Eugegne Suslikov - for Hiew
Hakeem, suddenLy, killlcn, llAmElliK, GPcH, Thomas, suCRACK - Translators
Yoda - for 16Edit

Greetings:
JosephCo - You old man, remember me ? (This is first VB PCode Guru !)
All known people from Exetools, -=[t4C]=- and Woodmann forum
and all slovak crackers and hackers ...

Visit http://progress-tools.x10.mx for more information or updates. If you have
some ideas, comments, improvements or you find some bug you can mail to me at
darker[at]inmail[dot]sk


History
=======
0.5 - [13.03.2005] - OCX Release
+ Display Caption to objects: Text, Label, Form, CheckBox, OptionButton,
Frame, Menu
+ Stop button (Break process)
* Fixed some opcodes
+ Added support for Events:
MSCOMCTL.OCX Controls: ListView, Toolbar, StatusBar, ImageCombo,
ProgressBar, TreeView, TabStrip, Slider
RICHTX32.OCX: RichTextBox
* Fixed menu decompiling

0.6 - [17.03.2005] - Optimization Release
* Fixed OCX recognition
+ Add Options window
+ Add OCX Library name to Object window
+ Add Menu popup on right click mouse
* Better handling end of procedure (Check End Bytes Option)
+ Compacting DB, from 64kb to 33kb by same functionality :-)
+ Optimized code for better speed

0.7 - [27.03.2005] - Easter Release
+ Added Properties recognition
+ Added recognition of 24 new objects
* Better procedure ending
* Fixed Control recognition
+ Unknown counter added
* Fixed some opcodes
+ Added Buttons separators, Removed customizing
+ Jumps Speed Up
* Fixed Jumps recognitions
+ Added Syntax Coloring OFF

0.8 - [05.04.2005] - Ladybird Release
* BIG! Speed Up by processing large apps
+ Added MRU files
+ Moved storing settings from ini to registry
* Fixed some opcodes
+ Detection VB5 apps (but not supported yet)

0.9 - [09.04.2005] - Soya Release
* Fixed apps with no controls
+ Improved Import, Export Dll recognition
+ Identifing SubMain procedure
+ Added Partial decompilation (Start Step - End Step)
* Fixed some opcodes
+ Error handling

1.0 - [14.04.2005] - Green Release
* Improved Objects listing
+ Added Procedure listing with two modes:
1) Find selected procedure on DblClick
2) Decompile selected procedure on DblClick (you don't need decompile
whole file, you can explore it on the fly)
+ Added Syntax highlighting for PCode to UltraEdit

1.1 - [19.04.2005] - Dll Release
+ Added VB6 Dll and OCX support
* Small speed optimization
+ Added support for Events:
MSFLXGRD.OCX: MSFlexGrid

1.2 - [04.05.2005] - VB5 Release
+ Added VB5 support
* Fixed 2 opcodes
* Fixed one rare bug on some applications
+ Show Options screen in taskbar
* Fixed "Check file" function in case that file doesn't exist
* Fixed working on chinese system (Thanx SunYJ for testing)

1.3 - [12.05.2005] - Ice Hockey Release (Canada - Slovakia 5:4, Damn! :-)
+ Added displaying of Object by unknown Events
+ Added type Icons for Controls (You can see now Type of Control)
+ Added support for Events:
MSCOMCT2.OCX: Animation, UpDown, MonthView, DTPicker, FlatScrollBar
VBOLOCK.OCX : LockIt
+ Added "Allways on Top"
* Fixed bug on some rare Import Tables

1.4b - [23.05.2005] - "Love is in the Air" Release
+ Change Font Option
* Fixed decompiling of dummy Procedures (P32Dasm stop responding)
+ Added support for Events:
MSINET.OCX : Inet
MSWINSCK.OCX: Winsock
TABCTL32.OCX: SSTab
* Fixed Crash on non-english Windows

1.5 - [29.05.2005] - Sunny Release
+ Added some support for unpacked Apps
* Improved Error handling
+ Display offsets for NCode events (Usefull for setting BPX :-)

1.6 - [22.07.2005] - Summer Release
* Fixed Control recognition
+ Added support for Events:
COMCT32.OCX : TabStrip, Toolbar, StatusBar, ProgressBar, TreeView,
ListView, Slider
COMCT332.OCX: CoolBar
COMCT232.OCX: Animation, UpDown

1.7 - [31.07.2005] - "Where is the fuc*ing Sun ?" Release
* Fixed some OCX Events recognition
+ More Procedures are now recognized (VB5)
+ Added listing of Procedures (only if exist)
+ Added Refresh button to Control/Procedure window
+ Added support for Events:
TOC.OCX : Toc

1.8 - [19.08.2005] - "Make Peace No War!" Release
+ Really incredible Speed Up by decompiling with "No Colors" and "Output
to File" Option
+ Added identifing of some VB Constant (vbCRLF, vbCR, vbLF, vbNullChar,
vbTab, vbBack)
+ Added Search String under Cursor
+ Added to Position Manager: Save, Load, Update Label and Position

1.9 - [07.09.2005] - Engaged Release
+ Now you can tanslate P32Dasm into other languages
+ Added in List of Strings new Menu for fast view of other Objects
+ Added Posibility of saving Project as pure Text
* Fixed recognition of some OCX and their Events in VB5
* Fixed Position Manager problems by "Output to File" Setting
* Fixed rare bug with Procedure Names
* Fixed some screen Issues by switching between Windows
+ Added support for Events of FM20.DLL

2.0 - [16.10.2005] - "Born to be Free" Release
+ Added support for Events of VSFLEX7L.OCX THREED32.OCX THREED20.OCX and
SSSPLT30.OCX
+ Added save last Dir
+ Added Support for rebuilded Apps
+ Small Speed Up
+ Added additional info by Timers
+ Added Russian and German translation
+ In Objects window by Copy function show also object type
* Fixed bug "On Top" in Position Screen

2.1 - [03.11.2005] - "13th week" Release
+ Added Internal Hex Editor
+ Added Export events to .map Files (for IDA, Olly ...)
* Fixed default filename by saving Project

2.2 - [04.01.2006] - Birthday Release
* Fixed crash on some apps
* Fixed crash on exit by unsupported apps
* Fixed crash on strange SectionHeaders
* Fixed crash on some ImportTables
* Fixed VB5/VB6 recognition by unpacked apps
+ Added support to some obfuscated apps
+ Added some class types

2.3 - [24.05.2006] - "Terezka" Release
* Fixed "On Top" displaying in Procedure/Object window
* Fixed "Edit Output" refresh on loading new file
+ Added Spanish translation

2.4 - [03.11.2008] - Alex Release
+ Native code fast preview (display MSVBVM calls + string references)
+ Added new class types
+ Added designer identificaton
+ Posibility direct jump to offset in HIEW
+ Improoved Debug mode
+ Filter out not supported "In DB doesn't exist ..."
+ Added Possibility disable creation of Position Files
+ Added support for Events of JSBBAR16.OCX, MSDATLST.OCX, GRIDEX20.OCX and
ACTBAR3.OCX
+ Faster decompiling
* Default syntax coloring Off (slow)
* New search shortcut changed from F7 to Ctrl + F
* Fixed External API scan
* Fixed crash when is missing 16Edit.dll
* Better Unicode String handling
- Removed "Output to file" settings

2.5 - [14.06.2009] - Slovakia Release
* Changed app font for better language support
* Fixed storing wrong window possition
* Fixed displaying other language characters (tested on Russian, check screen)
* Word over cursor support other languages (take word divided by spaces)
(Beware! Due some RichTextBox bug or unicode problems some strings with special
REGIONAL CHARACTERS will be not found in main window!)
* Fixed Word over cursor string length extraction for other languages
* Fixed crash on some VB5 apps
+ Possibility select and apply font charset for better output (language support)
+ Search in tree
+ Added support for Events of DBLIST32.OCX, DBGRID32.OCX, MSDATGRD.OCX,
MSCOMM32.OCX, MSCHRT20.OCX, MSMASK32.OCX

2.6 - [24.12.2009] - Christmas Release
+ Added procedure names identification
+ More objects recognition
+ Added reading more details (Enumerators, Constants, Events and Properties)
+ Added new Events icon for better resolution
+ Internal code tidy up and changes for displaying better debug info
+ More procedures details identified on some strange type apps (NCode)
- Removed displaying of procedure names list in output (moved to real names)
* fixed working of MRU files
* Fixed bug: missing end address in one procedure NCode object
* Fixed some GUI problems when app use visual styles

2.7 - [04.12.2010] - "Another start" Release
+ Added support for IDA Visual Basic Debugger plugin (source export)
+ Added "Heurestic assign unknown procedures into objects" (not all but it
helps a lot of in native code apps!)
+ Adding VB5 SubMain to list of procedures if it's missing in list
+ Added parameters to some opcodes
* Fixed Drag & Drop files into P32Dasm (thanx Ivuso)

2.8 - [24.05.2011] - "It's my life" Release
+ Added identification of some created objects
+ Added identification of some CALLs and Objects
* Fixed some unknown CALLs
+ Better CALLs naming
+ Small speed up
+ Added better procedure naming in NCode (also for calls)
+ Better naming of Unknown Events
* Fixed export of some procedure names to IDA Visual Basic Debugger plugin
+ Possibility open any file extension (renamed malware or virus)
+ Default save extension: check if it's enabled Coloring and then set *.txt/*.rtf
+ Some changes in output formating
+ Now selected text is default string for searching
+ Removed some false alarm messages (In DB doesn't exist)
* Fixed crash on some big applications
* Fixed load and jump to offset in Hiew if cursor is not on address
+ Added display object offset and object ID in controls tree over mouse cursor,
also included in export (Copy All) Usefull if you want manualy patch default
control properties: label, enabled, disabled, visible, timer values ...
+ Added object ID to controls tree output
* Fixed wrong Event identification in some cases
+ Added identification of Private/Public function/procedures
+ Added identification of parameter names
- Removed some non usefull counters

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课