Analysis 1: Private Sub Command1_Click () Dim x As Integer, y As Integer, z As Integerx = 123y = 321z = x yMsgBox zEnd Sub [Command1.Click]: 00401874 F47B LitI2_Byte; Push 7B // 123 stack: 00401876 707AFF FSTI2; POP WORD [LOCAL_0086] // Pop-up 0086 Operation / / Planted 2 words {x = 123}: 00401879 F34101 LITI2; PUSH 0141 // 321 Add Store: 0040187C 7078FF FSTI2; Pop Word [Local_0088] // Popup 0088 Operations // Present 0086 2, indicating that the memory is continuous {y = 321}: 0040187F 6B7AFF FLDI2; Push Word [Local_0086] // f? LOAD? I2 should be integer: 00401882 6b78ff Fldi2; Push Word [Local_0088] // Continue the second parameter Add Stack: 00401885 A9 Addi2; // Integer Added, save at 0088 2 {z = x y}: 00401886 7076FF FSTI2; Pop Word [Local_008a] // SUM outlet Waiting for ============================ Ons] ====================================: 00401889 2704ff Litvar; Pushvar local_00fc // Unempound: 0040188C 2724FF Litvar; Pushvar No negative LOCAL_00DC // parameters, helpfile: 0040188F 2744FF LitVar; non-negative parameter PushVar LOCAL_00BC //, title: 00401892 F500000000 LitI4; Push 00000000 // buttons default value 0: 00401897 0476FF FLdRfVar; Push LOCAL_008A // prompt, As a message displayed in the dialog.: 0040189A 4D64FF0240 CVARREF; ********** REFERENCE TO->
msvbvm60.rtcMsgBox |: 0040189F 0A00001400 ImpAdCallFPR4; Call ptr_00401020; check stack 0014; Push EAX // call the MsgBox {MsgBox z}: 004018A4 36060044FF24FF04 FFreeVar; Free 0006/2 variants // release variables: 004018AD 13 ExitProcHresult; // exit program analysis 2: Private Sub Command1_Click () Dim x As Integer, y As Integer, z As Integerx = 123y = 321z = x yMsgBox z, vbOKOnly, "pcode" End Sub [Command1.Click]: 00401888 F47B LitI2_Byte; Push 7B // 123 Add: 0040188A 707AFF FSTI2; POP Word [Local_0086] // Popup 0086 Operance {x = 123}: 0040188D F34101 Liti2; Push 0141 // 321 Add Stack: 00401890 7078FF FSTI2; Pop Word [Local_0088] // Popup 0088 Operation {y = 321}: 00401893 6B7AFF FLDI2; Push Word [local_0086] // Add first parameter Add Store: 00401896 6B78FF FLDI2; Push Word [local_0088] // Add second parameter Add Store: 00401899 A9 Addi2; 00401899 A9 Addi2; // Add {z = x y}: 0 040189A 7076FF FSTI2; POP WORD [Local_008a] // SUM outlet to be used: 0040189D 2704ff LitVar; Pushvar local_00fc // Unempounded value parameters, context: 004018A0 2724FF Litvar; Pushvar local_00dc // Unempounded value parameters, helpfile **** ** Possible String Ref To -> "pcode" |: 004018A3 3A54FF0000 LitVarStr; PushVarString ptr_004013C8 // "pcode" Drawing: 004018A8 4E44FF FStVarCopyObj; [LOCAL_00BC] = vbaVarDup (Pop) // address negative: 004018AB 0444FF FLdRfVar; push Local_00bc // Title is really negative, it seems that there is no error: 004018AE F500000000 Liti4;
Push 00000000 // buttons default value is 0: 004018B3 0476FF FLdRfVar; Push LOCAL_008A // prompt, SUM: 004018B6 4D64FF0240 CVarRef; ********** Reference To-> msvbvm60.rtcMsgBox |: 004018BB 0A01001400 ImpAdCallFPR4; call ptr_00401020; check stack 0014; Push EAX // call MsgBox {MsgBox z, vbOKOnly, "pcode"}: 004018C0 36060044FF24FF04 FFreeVar; Free 0006/2 variants // release variables: 004018C9 13 ExitProcHresult; // exit the program: 004018CA 0000 LargeBos ; IDE beginning of line with 00 byte codes analysis 3: Private Declare Function MessageBox Lib "user32" Alias "MessageBoxA" (ByVal hwnd As Long, ByVal lpText As String, ByVal lpCaption As String, ByVal wType As Long) As LongConst MB_OK = & H0 & Private Sub Command1_Click () Dim x As Integer, y As Integer, z As Integerx = 123y = 321z = x yMessageBox Me.hwnd, "sum =" & z, "pcode", MB_OKEnd Sub [Command1.Click]: 004018FC F47B LitI2_Byte ; PUSH 7B // 123 Add: 004018FE 707AFF FSTI2; POP Word [Local_0086] // Popup 0086 Operance {x = 123}: 00401901 F34101 Liti2; Push 0141 // 321 Form: 00401904 7078FF FSTI2; Pop Word [Local_0088] / / Pop-up 0088 operand {x = 123}: 00401907 6B7AFF FLDI2; Push Word [local_0086] // Add first parameter Add Store: 0040190A 6B78FF FLDI2; Push Word [local_0088] // Add second parameter Add Store: 0040190d A9 addi2; / add {z = x y}: 0040190e 7076ff fsti2; pop Word [local_008a] // sum outlet to be used: 00401911 0470ff Fldrfvar;
PUSH LOCAL_0090 // Put the address in the stack, record address: 00401914 080800 FLDPR; [SR] = [stack_0008]: 00401917 0D58000000 VCALLHRESULT; CALL PTR_004014CC / / This should be called me.hwnd, save at 0090 ======= =========== // msgbox original int MessageBox (HWND HWND, // Handle Owner Window LPCTSTR LPTEXT, / / Address of Text In Message Box LPCTSTR LPCAPTION, / / Address of Title of Message Box uint UTYPE // style of message box); ==================================================================================================================================================== **** Possible String Ref to -> "pcode" |: 00401921 1B0100 LitStr; Push ptr_00401624 // load "pcode" character: 00401924 0460FF FLdRfVar; Push LOCAL_00A0: 00401927 34 CStr2Ansi; vbaStrToAnsi // converts Ansi to Unicode : 00401928 6C60FF ILDRF; Push DWORD [Local_00A0] // LPCAPTION, Parameter Two ***** Possible String Ref to -> "Sum =" |: 0040192B 1B0200 Litstr; Push PTR_00401614 // Load "SUM =" character: 0040192e 6b76ff Fldi2; Push Word [Local_008a] // Parameter SUM Add Store: 00401931 FBFD CSTRUI1; VBASTRI2 // Transition integer to character type, save at 0094: 00401933 236CFF FStStrNoPop; SysFreeString [LOCAL_0094]; [LOCAL_0094] = [stack]: 00401936 2A ConcatStr; vbaStrCat // connected characters, stored in 0098: 00401937 2368FF FStStrNoPop; SysFreeString [LOCAL_0098]; [LOCAL_0098] = [stack]: 0040193A 0464FF FLdRfVar;
Push LOCAL_009C // address stack, the address record: 0040193D 34 CStr2Ansi; vbaStrToAnsi // Converts the Unicode Ansi: 0040193E 6C64FF ILdRf; Push DWORD [LOCAL_009C] // lpText, three parameters: 00401941 6C70FF ILdRf; Push DWORD [ LOCAL_0090] // hWnd, four parameters *********** Reference To: user32.MessageBoxA |: 00401944 0A03001000 ImpAdCallFPR4; call ptr_004015E8; check stack 0010; Push EAX // call the MessageBox: 00401949 3C SetLastSystemError; kernel GetLastError // MessageBox function for the call, to obtain extended error message: 0040194A 3208006CFF68FF64 FFreeStr; Do SysFreeString [arg_n]; [arg_n] = 0 0008/2 times ~ arg: 00401955 13 ExitProcHresult;: 00401956 0000 LargeBos; IDE beginning of line with 00 Byte Codesmoodsky [DFCG] 2005.02.01
