[求助]给vb程序添加chm帮助-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [求助]给vb程序添加chm帮助 0.00雪花

发表于: 2008-10-19 00:42 3056

[旧帖] [求助]给vb程序添加chm帮助 0.00雪花

cqlyd

2008-10-19 00:42

3056

以下是VB程序的“Help”子菜单按钮事件（这个事件没有任何动作），想要在od中为这个事件添加
Private Sub MnuInfoHelp_Click()
Shell "hh.exe help.chm", vbNormalFocus 添加这个过程
End Sub

VB程序的“Help”子菜单按钮事件

00440690 > \55          push ebp
00440691 .  8BEC       mov    ebp, esp
00440693 .  83EC 0C    sub    esp, 0C
00440696 .  68 06734000 push <jmp.&MSVBVM60.__vbaExceptHandle>;  SE 处理程序安装
0044069B .  64:A1 0000000>mov    eax, dword ptr fs:[0]
004406A1 .  50          push eax
004406A2 .  64:8925 00000>mov    dword ptr fs:[0], esp
004406A9 .  83EC 08    sub    esp, 8
004406AC .  53          push ebx
004406AD .  56          push esi
004406AE .  57          push edi
004406AF .  8965 F4    mov    dword ptr [ebp-C], esp
004406B2 .  C745 F8 20194>mov    dword ptr [ebp-8], jiexing.00401>
004406B9 .  8B45 08    mov    eax, dword ptr [ebp+8]
004406BC .  8BC8       mov    ecx, eax
004406BE .  83E1 01    and    ecx, 1
004406C1 .  894D FC    mov    dword ptr [ebp-4], ecx
004406C4 .  24 FE       and    al, 0FE
004406C6 .  50          push eax
004406C7 .  8945 08    mov    dword ptr [ebp+8], eax
004406CA .  8B10       mov    edx, dword ptr [eax]
004406CC .  FF52 04    call dword ptr [edx+4]
004406CF .  FF15 D4104000 call dword ptr [<&MSVBVM60.#598>]    ;  MSVBVM60.rtcDoEvents
004406D5 .  C745 FC 00000>mov    dword ptr [ebp-4], 0
004406DC .  8B45 08    mov    eax, dword ptr [ebp+8]
004406DF .  50          push eax
004406E0 .  8B08       mov    ecx, dword ptr [eax]
004406E2 .  FF51 08    call dword ptr [ecx+8]
004406E5 .  8B45 FC    mov    eax, dword ptr [ebp-4]
004406E8 .  8B4D EC    mov    ecx, dword ptr [ebp-14]
004406EB .  5F          pop    edi
004406EC .  5E          pop    esi
004406ED .  64:890D 00000>mov    dword ptr fs:[0], ecx
004406F4 .  5B          pop    ebx
004406F5 .  8BE5       mov    esp, ebp
004406F7 .  5D          pop    ebp
004406F8 .  C2 0400    retn 4

我用VB6写了这个过程
Private Sub MnuInfoHelp_Click()
Shell "hh.exe help.chm", vbNormalFocus 添加这个过程
End Sub

在OD中看到的过程如下

004019E0 > \55          push ebp
004019E1 .  8BEC       mov    ebp, esp
004019E3 .  83EC 0C    sub    esp, 0C
004019E6 .  68 96104000 push <jmp.&MSVBVM60.__vbaExceptHandler>                      ;  SE 处理程序安装
004019EB .  64:A1 0000000>mov    eax, dword ptr fs:[0]
004019F1 .  50          push eax
004019F2 .  64:8925 00000>mov    dword ptr fs:[0], esp
004019F9 .  83EC 30    sub    esp, 30
004019FC .  53          push ebx
004019FD .  56          push esi
004019FE .  57          push edi
004019FF .  8965 F4    mov    dword ptr [ebp-C], esp
00401A02 .  C745 F8 80104>mov    dword ptr [ebp-8], jiexing.00401080
00401A09 .  8B45 08    mov    eax, dword ptr [ebp+8]
00401A0C .  8BC8       mov    ecx, eax
00401A0E .  83E1 01    and    ecx, 1
00401A11 .  894D FC    mov    dword ptr [ebp-4], ecx
00401A14 .  24 FE       and    al, 0FE
00401A16 .  50          push eax
00401A17 .  8945 08    mov    dword ptr [ebp+8], eax
00401A1A .  8B10       mov    edx, dword ptr [eax]
00401A1C .  FF52 04    call dword ptr [edx+4]
00401A1F .  33F6       xor    esi, esi
00401A21 .  8D55 CC    lea    edx, dword ptr [ebp-34]
00401A24 .  8975 CC    mov    dword ptr [ebp-34], esi
00401A27 .  8D4D DC    lea    ecx, dword ptr [ebp-24]
00401A2A .  8975 DC    mov    dword ptr [ebp-24], esi
00401A2D .  C745 D4 C0164>mov    dword ptr [ebp-2C], jiexing.004016C0                      ;  UNICODE "hh.exe help.chm"
00401A34 .  C745 CC 08000>mov    dword ptr [ebp-34], 8
00401A3B .  FF15 68104000 call dword ptr [<&MSVBVM60.__vbaVarDup>]                      ;  MSVBVM60.__vbaVarDup
00401A41 .  8D45 DC    lea    eax, dword ptr [ebp-24]
00401A44 .  6A 01       push 1
00401A46 .  50          push eax
00401A47 .  FF15 34104000 call dword ptr [<&MSVBVM60.#600>]                            ;  MSVBVM60.rtcShell
00401A4D .  8D4D DC    lea    ecx, dword ptr [ebp-24]
00401A50 .  DDD8       fstp st
00401A52 .  FF15 08104000 call dword ptr [<&MSVBVM60.__vbaFreeVar>]                      ;  MSVBVM60.__vbaFreeVar
00401A58 .  8975 FC    mov    dword ptr [ebp-4], esi
00401A5B .  9B          wait
00401A5C .  68 6E1A4000 push jiexing.00401A6E
00401A61 .  EB 0A       jmp    short jiexing.00401A6D
00401A63 .  8D4D DC    lea    ecx, dword ptr [ebp-24]
00401A66 .  FF15 08104000 call dword ptr [<&MSVBVM60.__vbaFreeVar>]                      ;  MSVBVM60.__vbaFreeVar
00401A6C .  C3          retn
00401A6D >  C3          retn                                                             ;  RET 用作跳转到 00401A6E
00401A6E >  8B45 08    mov    eax, dword ptr [ebp+8]
00401A71 .  50          push eax
00401A72 .  8B08       mov    ecx, dword ptr [eax]
00401A74 .  FF51 08    call dword ptr [ecx+8]
00401A77 .  8B45 FC    mov    eax, dword ptr [ebp-4]
00401A7A .  8B4D EC    mov    ecx, dword ptr [ebp-14]
00401A7D .  5F          pop    edi
00401A7E .  5E          pop    esi
00401A7F .  64:890D 00000>mov    dword ptr fs:[0], ecx
00401A86 .  5B          pop    ebx
00401A87 .  8BE5       mov    esp, ebp
00401A89 .  5D          pop    ebp
00401A8A .  C2 0400    retn 4

请教各位老师用OD 如何为源程序的“Help”事件添加如下过程？
Shell "hh.exe help.chm", vbNormalFocus

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

收藏・0

免费・0

支持