使用Dll Export Viewer看到dll有2个导出函数
函数名 地址 相对偏移地址 序号 文件名
Dll_EncIn 0x00403780 0x00003780 2 (0x2) EncryptionA.dll
Dll_EncOut 0x00403aa4 0x00003aa4 1 (0x1) EncryptionA.dll
反汇编源程序,调用了的dll汇编代码
应该只传了一个参数进去可以就是不知道怎么写参数越来越发现受不了vb了.....哎....就是一个加密解密函数.....啊.啊啊啊啊 啊啊啊啊 啊
救命啊 啊啊 啊啊啊啊 啊啊
函数名 地址 相对偏移地址 序号 文件名
Dll_EncIn 0x00403780 0x00003780 2 (0x2) EncryptionA.dll
Dll_EncOut 0x00403aa4 0x00003aa4 1 (0x1) EncryptionA.dll
反汇编源程序,调用了的dll汇编代码
应该只传了一个参数进去可以就是不知道怎么写参数越来越发现受不了vb了.....哎....就是一个加密解密函数.....啊.啊啊啊啊 啊啊啊啊 啊
救命啊 啊啊 啊啊啊啊 啊啊
参数怎么弄用了varptr,strptr我声明的是Private Declare Function Dll_EncIn Lib "EncryptionA.dll" (ByVal Str As Long) As String返回的是一个字符串,怎么在vb里面接收,函数怎么声明?,差数传进去的时候用strptr转换了...
返回的ASCII("好长的....")是加密之后的密文,出现于内存当中的
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long)Dim GetAddress As Long
Dim GetEncIn As String * 50
Dim TempStr
Dim TempLongPrivate Sub btA_Click()
On Error GoTo Error
GetEncIn = Space(20)
TempStr = StrConv("123123", vbFromUnicode)TempLong = StrPtr(TempStr)GetAddress = VarPtr(Dll_EncIn(TempLong))CopyMemory ByVal GetEncIn, ByVal GetAddress, 50Text2.Text = Trim$(GetEncIn)end sub如果改为long ,程序不会崩溃,结果为空
00402245 . 57 push edi
00402246 . 6A 32 push 32
00402248 . FF15 58104000 call dword ptr [<&MSVBVM60.__vbaStrFi>; MSVBVM60.__vbaStrFixstr
0040224E . 8BD0 mov edx, eax
00402250 . 8D4D E0 lea ecx, dword ptr [ebp-20]
00402253 . FFD3 call ebx
00402255 . 50 push eax
00402256 . 8D55 DC lea edx, dword ptr [ebp-24]
00402259 . 52 push edx
0040225A . FF15 C8104000 call dword ptr [<&MSVBVM60.__vbaStrTo>; MSVBVM60.__vbaStrToAnsi
00402260 . 50 push eax
00402261 . E8 9EFBFFFF call 00401E04 ; dll 函数入口
00402266 . FF15 34104000 call dword ptr [<&MSVBVM60.__vbaSetSy>; MSVBVM60.__vbaSetSystemError
0040226C . 8B45 DC mov eax, dword ptr [ebp-24]
0040226F . 50 push eax
00402270 . 8D4D D8 lea ecx, dword ptr [ebp-28]
00402273 . 51 push ecx
00402274 . FF15 84104000 call dword ptr [<&MSVBVM60.__vbaStrTo>; MSVBVM60.__vbaStrToUnicode
0040227A . 50 push eax
0040227B . 57 push edi
0040227C . 6A 32 push 32
0040227E . FF15 30104000 call dword ptr [<&MSVBVM60.__vbaLsetF>; MSVBVM60.__vbaLsetFixstr
00402284 . 8D55 D8 lea edx, dword ptr [ebp-28]
00402287 . 52 push edx上面好像调用了.__vbaStrToAnsi
这是vb编译的exe文件,反汇编代码片段
00383781 8BEC mov ebp, esp
00383783 81C4 D0FCFFFF add esp, -330
00383789 53 push ebx
0038378A 56 push esi
0038378B 57 push edi
0038378C 33C0 xor eax, eax ; eax寄存器清空
0038378E 8985 D4FCFFFF mov dword ptr [ebp-32C], eax ; 以下是申请内存空间,在当前,edx寄存器存有待加密的明文
00383794 8985 D0FCFFFF mov dword ptr [ebp-330], eax
0038379A 8985 DCFCFFFF mov dword ptr [ebp-324], eax
003837A0 8985 D8FCFFFF mov dword ptr [ebp-328], eax
003837A6 8985 E4FCFFFF mov dword ptr [ebp-31C], eax
003837AC 8985 E0FCFFFF mov dword ptr [ebp-320], eax
003837B2 8985 F8FCFFFF mov dword ptr [ebp-308], eax
003837B8 8985 F4FCFFFF mov dword ptr [ebp-30C], eax
003837BE 8985 F0FCFFFF mov dword ptr [ebp-310], eax
003837C4 8985 E8FCFFFF mov dword ptr [ebp-318], eax ; 内存分配完毕
003837CA 8B75 0C mov esi, dword ptr [ebp+C] ; 将待加密的字符串存入 esi
003837CD 8DBD FCFEFFFF lea edi, dword ptr [ebp-104]
003837D3 33C9 xor ecx, ecx
003837D5 8A0E mov cl, byte ptr [esi] ; 取待加密字符串esi的地址
003837D7 41 inc ecx
003837D8 F3:A4 rep movs byte ptr es:[edi], byte p>
003837DA 33C0 xor eax, eax
003837DC 55 push ebp
003837DD 68 913A3800 push 00383A91
003837E2 64:FF30 push dword ptr fs:[eax]
003837E5 64:8920 mov dword ptr fs:[eax], esp
003837E8 C685 FCFCFFFF 0>mov byte ptr [ebp-304], 0
003837EF 8D85 FCFDFFFF lea eax, dword ptr [ebp-204]
003837F5 E8 16050000 call 00383D10
003837FA 33C0 xor eax, eax
003837FC 8A85 FCFEFFFF mov al, byte ptr [ebp-104]
00383802 8945 FC mov dword ptr [ebp-4], eax
00383805 8B7D FC mov edi, dword ptr [ebp-4]
00383808 85FF test edi, edi
0038380A 0F8E E5000000 jle 003838F5
00383810 BE 01000000 mov esi, 1
00383815 8D9D FDFEFFFF lea ebx, dword ptr [ebp-103] ; ebx=待加密字符串
0038381B 8D85 F4FCFFFF lea eax, dword ptr [ebp-30C] ; 加密函数开始,循环次数为字符串长度
00383821 8D95 FCFCFFFF lea edx, dword ptr [ebp-304]
00383827 E8 FCF8FFFF call 00383128
0038382C FFB5 F4FCFFFF push dword ptr [ebp-30C]
00383832 8BC6 mov eax, esi
00383834 B9 07000000 mov ecx, 7
00383839 99 cdq
0038383A F7F9 idiv ecx
0038383C 33C0 xor eax, eax
0038383E 8A8415 FDFDFFFF mov al, byte ptr [ebp+edx-203]
00383845 33D2 xor edx, edx
00383847 8A13 mov dl, byte ptr [ebx]
00383849 03C2 add eax, edx
0038384B B9 3E000000 mov ecx, 3E
00383850 33D2 xor edx, edx
00383852 F7F1 div ecx
00383854 A1 B4403800 mov eax, dword ptr [3840B4]
00383859 8A1410 mov dl, byte ptr [eax+edx]
0038385C 8D85 ECFCFFFF lea eax, dword ptr [ebp-314]
00383862 8850 01 mov byte ptr [eax+1], dl
00383865 C600 01 mov byte ptr [eax], 1
00383868 8D95 ECFCFFFF lea edx, dword ptr [ebp-314]
0038386E 8D85 F0FCFFFF lea eax, dword ptr [ebp-310]
00383874 E8 AFF8FFFF call 00383128
00383879 FFB5 F0FCFFFF push dword ptr [ebp-310]
0038387F 8BC6 mov eax, esi
00383881 B9 07000000 mov ecx, 7
00383886 99 cdq
00383887 F7F9 idiv ecx
00383889 33C0 xor eax, eax
0038388B 8A8415 FDFDFFFF mov al, byte ptr [ebp+edx-203]
00383892 33D2 xor edx, edx
00383894 8A13 mov dl, byte ptr [ebx]
00383896 03C2 add eax, edx
00383898 B9 3E000000 mov ecx, 3E
0038389D 33D2 xor edx, edx
0038389F F7F1 div ecx
003838A1 33D2 xor edx, edx
003838A3 8A95 FDFDFFFF mov dl, byte ptr [ebp-203]
003838A9 03C2 add eax, edx
003838AB 8B15 B4403800 mov edx, dword ptr [3840B4] ; Encrypti.00383740
003838B1 8A5402 BF mov dl, byte ptr [edx+eax-41]
003838B5 8D85 E8FCFFFF lea eax, dword ptr [ebp-318]
003838BB E8 58F8FFFF call 00383118
003838C0 FFB5 E8FCFFFF push dword ptr [ebp-318]
003838C6 8D85 F8FCFFFF lea eax, dword ptr [ebp-308]
003838CC BA 03000000 mov edx, 3
003838D1 E8 DEF8FFFF call 003831B4
003838D6 8B95 F8FCFFFF mov edx, dword ptr [ebp-308]
003838DC 8D85 FCFCFFFF lea eax, dword ptr [ebp-304]
003838E2 B9 FF000000 mov ecx, 0FF
003838E7 E8 60F8FFFF call 0038314C
003838EC 46 inc esi
003838ED 43 inc ebx
003838EE 4F dec edi
003838EF ^ 0F85 26FFFFFF jnz 0038381B
003838F5 E8 92ECFFFF call 0038258C
003838FA 8B75 FC mov esi, dword ptr [ebp-4]
003838FD 03F6 add esi, esi
003838FF 46 inc esi
00383900 83FE 20 cmp esi, 20
00383903 7F 70 jg short 00383975
00383905 8D85 E4FCFFFF lea eax, dword ptr [ebp-31C]
' Module : Module1
'---------------------------------------------------------------------------------------
Option ExplicitPrivate Declare Function Dll_EncIn Lib "EncryptionA.dll" (ByVal lpstrInput As Long) As Long
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, _
Source As Any, ByVal Length As Long)Public Sub Test_Encode()
Dim strInput As String
Dim lpstrOutput As Long
Dim bytOutput() As Byte
Dim strOutput As String
On Error GoTo Err_Encode
'假设1:DLL返回的是密文字符串缓冲区的指针'
'假设2:DLL使用的是Unicode字符串'
strInput = "123"
lpstrOutput = Dll_EncIn(StrPtr(strInput))
ReDim bytOutput(100) '初始化内存多多益善'
CopyMemory bytOutput(0), ByVal lpstrOutput, 100
strOutput = bytOutput
Erase bytOutput
strOutput = Left(strOutput, InStr(1, strOutput, "\0") - 1)
Debug.Print strOutput
Err_Encode:
Stop
Resume '这里单步'
End Sub
传进去的时候看见一个这样的
06,"123123"
应该是长度,待加密字符串,,每次都一样....感谢西西,我试试西西的方法.谢谢陈辉由于是解密,不是二次开发,没有delphi的函数声明及其相关文档..╮(╯▽╰)╭
strInput = "123"
strInput = StrConv(strInput, vbFromUnicode)
lpstrOutput = Dll_EncIn(StrPtr(strInput))
最后打印的时候,也翻译一下字符串,像这样:
Debug.Print strOutput, StrConv(strOutput, vbUnicode)
下午没仔细看你的回复。现在按两个参数(一个长度、一个字符串),并且假设DLL使用的是ANSI字符串来试:'---------------------------------------------------------------------------------------
' Module : Module1
'---------------------------------------------------------------------------------------
Option ExplicitPrivate Declare Function Dll_EncIn Lib "EncryptionA.dll" (ByVal Length As Long, _
ByVal lpstrInput As Long) As Long
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, _
Source As Any, ByVal Length As Long)Public Sub Test_Encode()
Dim strInput As String
Dim lpstrOutput As Long
Dim bytOutput() As Byte
Dim strOutput As String
On Error GoTo Err_Encode
'假设1:DLL返回的是密文字符串缓冲区的指针'
'假设2:DLL使用的是ANSI字符串'
strInput = "123123"
strInput = StrConv(strInput, vbFromUnicode)
lpstrOutput = Dll_EncIn(LenB(strInput), StrPtr(strInput))
ReDim bytOutput(100) '初始化内存多多益善'
CopyMemory bytOutput(0), ByVal lpstrOutput, 100
strOutput = bytOutput
Erase bytOutput
strOutput = Left(strOutput, InStr(1, strOutput, "\0") - 1)
strOutput = StrConv(strOutput, vbUnicode)
Debug.Print strOutput
Err_Encode:
Stop
Resume '这里单步'
End Sub
ByVal Length As Long)
注意最后一个参数先入栈,而且未有返回值,则应该声明为Sub.那么调用就是这样:dim byteStr() as bytebytestr()=strconv("11222334455",vbfromunicode)
redim preserve byteStr(1024)call Dll_EncIn(varptr(bytestr(0)),len("11222334455"))debug.print strcomv(bytestr(),vbunicode)玩玩看吧.
假如加密数据位"123123",当od跟踪到这个地址的时候,
发现传入的地址内存数据十六进制这样的
06 31 32 33 31 32 33
长度 1 2 3 1 2 306是怎么来的?
传入的参数顺序是从右往左的,这个是在od跟踪vb编译的exe时候出现的用老马的方式,修改参数顺序,程序崩溃在加密dll里面,用西西的方法,则崩溃在调用dll之后系统dll里面在图中有注释od里面跟踪的参数
长度 1 2 3 1 2 3
--
和BSTR貌似一样的。ByVal lpszSoundName As String以这样的方式传参。
第一个参数里面集成了2个需要传递的值
刚重试了西西的方法,也是在加密dll里面崩溃的假设加密字符串为"123123"
传第一个参数的时候,怎么出现了06 31 32 33 31 32 33
在dll里面读取长度到值是第一个参数的首地址,也就是06,以上的 06 31 32 33 31 32 33都是在内存中发现的十六进制...如果传的时候,照老马的方式,字符串长度却成了 31,加密字符串过长,溢出,dll崩溃
06是ANSI字符串的长度0x31是字符1的ANSI编码
0x32是字符2的ANSI编码
0x33是字符3的ANSI编码所以可以确定这个DLL用的是ANSI字符串。
ByVal Length As Long) As Long
ByVal lpstrOutput As Long) As LongPublic Sub Test_Encode()
Dim strInput As String
Dim strOutput As String
On Error GoTo Err_Encode
'假设1:第二个参数是返回的密文字符串'
'假设2:DLL使用的字符串是ANSI编码的'
strInput = "123123"
strInput = StrConv(strInput, vbFromUnicode)
strOutput = String$("\0", 1024)
Call Dll_EncIn(StrPtr(strInput), StrPtr(strOutput))
strOutput = Left(strOutput, InStr(1, strOutput, "\0") - 1)
strOutput = StrConv(strOutput, vbUnicode)
Debug.Print strOutput
Err_Encode:
Stop
Resume '这里单步'
End Sub
请你做以下实验:
1)传“123123123”,第一个是09么?
2)传“123西西”,第一个是07么?
3)再这么写:
strInput = "123" & "\0" & "123"
然后把这个strInput传进去,第一个是03还是07?
下载不了,说是HTTP/1.1 404 Not Found。你把.rar文件上传到CSDN下载频道吧:http://u.download.csdn.net/upfile/
你的意思是说,在Delphi里调用时06,如果用VB代码调用就变成了36 00了么?这也没错啊,0x36是6的ANSI编码,呵呵。你用的哪种VB代码调用变成36的啊?另外,你倒底有没有在Delphi里正确调用过这个函数、得到过正确结果啊?还是从来就不知道这个函数正确运行过后是嘛感觉?
ByVal lpstrOutput As Long)Public Sub Test_Encode()
Dim strInput As String, strOutput As String
Dim bytInput() As Byte, bytOutput() As Byte
Dim i As Long
On Error GoTo Err_Encode
'假设1:第二个参数是返回的密文字符串'
'假设2:DLL使用的字符串形式是:长度+ANSI编码'
'直接按猜想的格式传字节数组进去'
'转成ANSI字符串'
strInput = StrConv("123", vbFromUnicode)
bytInput = strInput
'加上长度字节'
ReDim Preserve bytInput(UBound(bytInput) + 1)
For i = UBound(bytInput) To 1 Step -1
bytInput(i) = bytInput(i - 1)
Next i
bytInput(0) = LenB(strInput)
bytOutput = String$("\0", 1024)
Call Dll_EncIn(bytInput, bytOutput) '把长度字节去掉
For i = 1 To UBound(bytOutput)
bytOutput(i - 1) = bytOutput(i)
Next i
ReDim bytOutput(UBound(bytOutput) - 1)
strOutput = bytOutput
Erase bytOutput
strOutput = StrConv(strOutput, vbUnicode)
'把VbNullChar去掉'
strOutput = Left(strOutput, InStr(1, strOutput, vbNullChar) - 1)
Debug.Print strOutput
Erase bytInput
Err_Encode:
Stop
Resume '这里单步'
End Sub
这一句要改成: ReDim Preserve bytOutput(1024)这样改过之后,我试过了,VB挂掉。不知道你能不能跟进去,看看参数传得对不对?现在怀疑,咱们对参数的猜测可能不正确。
bytInput(0) = 3
bytInput(1) = 1
bytInput(2) = 2
bytInput(3) = 3
Temp(0) = &H6 '长度
For i = 1 To Len(strInputA)
Temp(i) = (Hex(Asc(Mid(strInputA, i, 1))))
Next Call Dll_EncIn(StrPtr(Temp), StrPtr(strOutput))如果是这样传递第一个参数,OD中跟踪到传递的参数是06 1F 20 21 1F 20 21 '十六进制,这是OD种跟踪的
其中
1F 20 21 1F 20 21
31 32 33 31 32 33 '这是对应十进制-----------------------------------------------------如果是这样ReDim Temp(Len(strInputA) + 1)
strInputA="123123" '暂时只考虑数字
Temp(0) = &H6
For i = 1 To Len(strInputA)
Temp(i) = (Hex(Asc(Mid(strInputA, i, 1))) - Hex(Asc(0))) '所以减去&H30
Next Call Dll_EncIn(StrPtr(Temp), StrPtr(strOutput))od跟踪发现...06 01 02 03 01 02 03始终没有出现06 31 32 33 31 32 33为啥....
再往下走几步,就崩溃了(vb编译的exe)
bytInput(0) = &H3
bytInput(1) = &H1F
bytInput(2) = &H20
bytInput(3) = &H21
ReDim Preserve bytOutput(1024)
Call Dll_EncIn(bytInput, bytOutput)
bytInput(0) = 3
bytInput(1) = 1
bytInput(2) = 2
bytInput(3) = 3如果是这样,传进去的是
03 01 02 03--------------------------------
Dim bytInput(4) As Byte
bytInput(0) = 3
bytInput(1) = 31
bytInput(2) = 32
bytInput(3) = 33如果是这样
传进去的是
06 1F 20 21 1F 20 21
---------------------------------
Dim bytInput(4) As Byte
bytInput(0) = 3
bytInput(1) = &h31
bytInput(2) = &h32
bytInput(3) = &h33这样传递成功,模拟加密成功,但是不知道怎么获取到加密结果到text2中程序走到下面就崩溃
wLength: WORD;
szBuf: array of Char;
end;
这种类型的字符串长度不能超过255的,而且不带NULL字符做结尾。密文用这种类型可能就够呛了吧?感觉密文很长,容易超过255的,是不是?
00402502 . 50 push eax ; 第二个参数,都正常
00402503 . E8 D4F8FFFF call 00401DDC ;加密函数
00402508 FF15 34104000 call dword ptr [<&MSVBVM60.__vbaSetSy>; MSVBVM60.__vbaSetSystemError
0040250E 8D4D D4 lea ecx, dword ptr [ebp-2C]
00402511 FF15 F8104000 call dword ptr [<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr
00402517 8B3D 10104000 mov edi, dword ptr [<&MSVBVM60.__vba>; MSVBVM60.__vbaFreeVar
走到这些这些函数,程序会崩溃,直接跳过去正常,上面3个是编译exe的时候自动添加进去的.
可能是编译器优化什么产生的代码吧....???获取..不知道0040251D . 8D4D C0 lea ecx, dword ptr [ebp-40] ; 解密结果存这里,也就是第二个参数里面
00402520 . FFD7 call edi ; <&MSVBVM60.__vbaFreeVar>
00402522 . 6A 00 push 0
00402524 . 8D55 B0 lea edx, dword ptr [ebp-50]
00402527 . 6A 40 push 40
00402529 . 8D45 C0 lea eax, dword ptr [ebp-40]
0040252C . 8D4D DC lea ecx, dword ptr [ebp-24]
0040252F . 52 push edx
00402530 . 50 push eax
00402531 . 894D B8 mov dword ptr [ebp-48], ecx
00402534 . C745 B0 08400>mov dword ptr [ebp-50], 4008
0040253B FF15 9C104000 call dword ptr [<&MSVBVM60.#717>] ; MSVBVM60.rtcStrConvVar2
这个也会死00402541 . 8D4D C0 lea ecx, dword ptr [ebp-40]
00402544 . 51 push ecx
00402545 FF15 18104000 call dword ptr [<&MSVBVM60.__vbaStrVa>; MSVBVM60.__vbaStrVarMove
还有这个0040254B . 8BD0 mov edx, eax
0040254D . 8D4D DC lea ecx, dword ptr [ebp-24]
00402550 FF15 E0104000 call dword ptr [<&MSVBVM60.__vbaStrMo>; MSVBVM60.__vbaStrMove这个也会下面好多这种系统函数
40,也就是&h28
应该没有益处.
Private Declare Function Dll_EncIn Lib "EncryptionA.dll" (ByVal lpstrInput As Long, _
ByVal lpstrOutput As Long) Dim strInputA As String
Dim strInput As String
Dim strOutput As String
'假设1:第二个参数是返回的密文字符串'
'假设2:DLL使用的字符串是ANSI编码的'
strInputA = "123123"
strInput = StrConv(strInputA, vbFromUnicode)
strOutput = ""
For i = 1 To 1024
strOutput = strOutput & &H0
Next
Dim Temp() As Byte
ReDim Temp(Len(strInputA) + 1)
Temp(0) = &H6
Temp(1) = &H31
Temp(2) = &H32
Temp(3) = &H33
Temp(4) = &H31
Temp(5) = &H32
Temp(6) = &H33
Call Dll_EncIn(StrPtr(Temp), StrPtr(strOutput))
strOutput = StrConv(strOutput, vbUnicode)
Text2.Text = strOutput
一支西西,用的是这种
Private Declare Function Dll_EncIn Lib "EncryptionA.dll" (ByVal lpstrInput As Long, _
ByVal lpstrOutput As Long) Public Sub Main()
Dim bytInput(3) As Byte, bytOutput() As Byte
'直接按猜想的格式传字节数组进去'
bytInput(0) = &H3
bytInput(1) = &H1F
bytInput(2) = &H20
bytInput(3) = &H21
ReDim Preserve bytOutput(255)
Call Dll_EncIn(bytInput, bytOutput)
End Sub
bytInput(1) = &H31
bytInput(2) = &H32
bytInput(3) = &H33
其实要传进去的结构应该是这样的Private Type StringType
Length As Byte
Buffer() as Byte
end Type两个参数都是这个结构
Private Declare Function Dll_EncOut Lib "d:\EncryptionA.dll" (ByVal lpstrInput As Long, ByVal lpstrOutput As Long) As LongPrivate Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long)Private Type STRING_TYPE
Length As Byte
Buffer(127) As Byte
End TypePublic Sub Test_Encode()
Dim p As STRING_TYPE
Dim pp As STRING_TYPE
p.Length = 6
CopyMemory p.Buffer(0), ByVal "123123", 6
'p.Buffer = "123123" Call Dll_EncIn(VarPtr(pp), VarPtr(p))
Call Dll_EncOut(VarPtr(pp), VarPtr(pp))End SubPrivate Sub Form_Load()
Test_Encode
End Sub
Private Declare Function Dll_EncOut Lib "d:\EncryptionA.dll" (ByVal lpstrInput As Long, ByVal lpstrOutput As Long) As LongPrivate Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long)Private Type STRING_TYPE
Length As Byte
Buffer(511) As Byte
End TypePublic Sub Test_Encode()
Dim p As STRING_TYPE
Dim pp As STRING_TYPE
Dim strTmp As String
p.Length = 6
CopyMemory p.Buffer(0), ByVal "123123", 6 Call Dll_EncIn(VarPtr(pp), VarPtr(p))
strTmp = StrConv(pp.Buffer, vbUnicode)
strTmp = Left(strTmp, pp.Length)
Debug.Print strTmp
Call Dll_EncOut(VarPtr(pp), VarPtr(pp)) strTmp = StrConv(pp.Buffer, vbUnicode)
strTmp = Left(strTmp, pp.Length)
Debug.Print strTmp
End SubPrivate Sub Form_Load()
Test_Encode
End Sub
Length As Byte
Buffer(511) As Byte
End Type改成Private Type STRING_TYPE
Length As Byte
Buffer(127) As Byte
End Type
06 41 42 43 41 42 43 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
06 A B C A B C ............ 第一个为长度,然后就是字符的十六进制 xixixixi 对应的
08 78 69 78 69 78 69 78 69 00 00 00 00 00 00 00
长度x i x i x i x i ----------------------------------------------------------
内存密码表堆栈地址=0012F30C
eax=00383740 (Encrypti.00383740), ASCII "rFY0vXe1QzL6S2RnC5KsG9qkB7TfJVNaZDxUWuPj8pbAyoMIdil3hmHcgEt4wO"不变的
然后根据我们输入的,循环加密,可能有点像那个密码筒...然后来这里面取值,取的值叠加
Call Dll_EncIn(VarPtr(pp), VarPtr(p))
strTmp = StrConv(pp.Buffer, vbUnicode)
strTmp = Left(strTmp, pp.Length)
Debug.Print strTmp
Call Dll_EncOut(VarPtr(pp), VarPtr(pp)) strTmp = StrConv(pp.Buffer, vbUnicode)
strTmp = Left(strTmp, pp.Length)
Debug.Print strTmp
CODE:004037CD lea edi, [ebp+var_104]
CODE:004037D3 xor ecx, ecx
CODE:004037D5 mov cl, [esi]
CODE:004037D7 inc ecx
CODE:004037D8 rep movsb
ByVal lpstrInput As Long)
Private Declare Sub Dll_EncOut Lib "C:\Documents and Settings\anna\桌面\Tree\Projects\EncodeQingye\EncryptionA.dll" (ByVal lpstrOutput As Long, _
ByVal lpstrInput As Long)
qingye,你要把函数声明写成这样才比较符合它们真实的含义。