如何检测由 vb6 生成的 .exe 文件并识别不同的 vb6 文件?
我正在编写一个程序来检测哪个“.exe”文件是由“Visual Basic6”生成的。我发现在每个vb文件的“入口点”处,有一个距“入口点”偏移1的地址,该地址指向包含字符串:“vb5!”的位置,这是某个签名吗?我可以确定在每个 vb 文件中都存在该字符串吗? 然后,我想找到代码开头的特定地址,以便我可以从另一个vb文件中识别每个vb文件。
I'm writing a program to detect which ".exe" file is generated by "Visual Basic6". I found that at the "entry point" of each vb file, there is an address at offset 1 from "entry point" which points to a location that contains the string: "vb5!", is that a certain signature? Can I be sure that in every vb files this string is exist?
Then, I want to find the certain address of the beginning of the code, so that I can recognize every vb file from an other vb file.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
不太确定您想要完成什么,但每个 VB6 exe、DLL 或 OCX 都将包含 MSVBVM60.dll 的导入。如果它包含该内容,您可以非常确定它是一个 VB6 exe。
关于这个
VB6 不像 .net 在 exe 中嵌入相同类型的元数据,因此不可能从可执行文件中提取任何“VB 代码”。根据编译方式,您可能能够检索函数名称等,但前提是 PDB(程序数据库)嵌入到 exe 中并且未编译成单独的 PDB 文件。
更糟糕的是,有很多工具可以压缩 exe(任何 exe),如果这样做了,你几乎无法知道 exe 来自哪里,至少不能通过简单地查看 exe 的内容来判断。 exe 文件。
Not exactly sure what you're trying to accomplish, but every VB6 exe, DLL or OCX will contain an import to MSVBVM60.dll. If it contains that, you can be pretty sure it's a VB6 exe.
About this
VB6 doesn't embed the same kind of metadata in the exe that .net does, so it'll be impossible to extract any "VB Code" from the executable. Depending on how it was compiled, you MIGHT be able to retrieve functionnames and such, but that's only if the PDB (program database) was embedded into the exe and not compiled into a seperate PDB file.
Worse, there are plenty of tools out there to compress an exe (any exe), and if that's done, there's almost no way you'll be able to tell where the exe came from, at least not from simply looking at the contents of the exe file.