当前位置：首页 → 问答吧 → 请高手来看看

请高手来看看

时间：2011-12-19

来源：互联网

Private Sub Class_Initialize()
m_Interval = 0
m_lTimerProc = GetClassProcAddr(8)
End Sub

Private Function GetClassProcAddr(ByVal Index As Long, Optional ParamCount As Long = 4, Optional HasReturnValue As Boolean) As Long
Static lReturn As Long, pReturn As Long
Static AsmCode(50) As Byte
Dim i As Long, pThis As Long, pVtbl As Long, pFunc As Long

pThis = ObjPtr(Me)
CopyMemory pVtbl, ByVal pThis, 4
CopyMemory pFunc, ByVal pVtbl + (6 + Index) * 4, 4
pReturn = VarPtr(lReturn)

For i = 0 To UBound(AsmCode)
AsmCode(i) = &H90
Next
AsmCode(0) = &H55
AsmCode(1) = &H8B: AsmCode(2) = &HEC
AsmCode(3) = &H53
AsmCode(4) = &H56
AsmCode(5) = &H57
If HasReturnValue Then
AsmCode(6) = &HB8
CopyMemory AsmCode(7), pReturn, 4
AsmCode(11) = &H50
End If
For i = 0 To ParamCount - 1
AsmCode(12 + i * 3) = &HFF
AsmCode(13 + i * 3) = &H75
AsmCode(14 + i * 3) = (ParamCount - i) * 4 + 4
Next
i = i * 3 + 12
AsmCode(i) = &HB9
CopyMemory AsmCode(i + 1), pThis, 4
AsmCode(i + 5) = &H51
AsmCode(i + 6) = &HE8
CopyMemory AsmCode(i + 7), pFunc - VarPtr(AsmCode(i + 6)) - 5, 4
If HasReturnValue Then
AsmCode(i + 11) = &HB8
CopyMemory AsmCode(i + 12), pReturn, 4
AsmCode(i + 16) = &H8B
AsmCode(i + 17) = &H0
End If
AsmCode(i + 18) = &H5F
AsmCode(i + 19) = &H5E
AsmCode(i + 20) = &H5B
AsmCode(i + 21) = &H8B: AsmCode(i + 22) = &HE5
AsmCode(i + 23) = &H5D
AsmCode(i + 24) = &HC3
GetClassProcAddr = VarPtr(AsmCode(0))
End Function

Private Sub TimerProc(ByVal hwnd As Long, ByVal uMsg As Long, ByVal idEvent As Long, ByVal dwTime As Long)
RaiseEvent Timer
Trace "类模板中的计时器：uMsg=" & CStr(uMsg) & ",idEvnet=" & CStr(idEvent) & ",dwTime=" & dwTime
End Sub

===================================================================
由于VB6的函数指针只能传给API使用，自己的程序不能使用，以上类模块中，为了取得TimerProc的入口地址，写了，植入了一些二进制代码，不知道什么意思，有懂的人能解释一下吗？（只要是要搞清楚这个代码，怕植入了非正常代码（病毒））

作者: test2002 发布时间: 2011-12-19

lz发错版块了

作者: crazpro 发布时间: 2011-12-19

该回复于2011-12-19 13:34:17被管理员删除