📄 findingclasses.html
字号:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
"http://www.w3.org/TR/html4/frameset.dtd">
<HTML>
<HEAD>
<TITLE>Puthoon Finding Classes</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" text="#000000" link="#0000FF" vlink="#0000CC" alink="#6666FF">
<h1><img alt="" src="findClasses.gif" width="32" height="32">Finding Classes.</h1>
<h3><A HREF="index.html"><img alt="" src="revendepro.gif" width="16" height="16" border="0">Revendepro page.</A></h3>
<p>For knowing how to find a class in a program, you first need to known. A class exist only of a
Virtual Method Table (VMT), this
table contains except the virtual methods also information about the class (for more information
search for VMT in the Delphi help file). Including a pointer
to itself at offset vmtSelfPtr, so if you search for addresses with at vmtSelfPtr a pointer back
to the address it most likely is a class.
<PRE>
I := Code - vmtSelfPtr;
while I < Code + CodeSize do
begin
// vmtSelfPtr must point to itself.
if PPChar(I + vmtSelfPtr)^ = I then
begin
if PPChar(I + vmtParent)^ = nil then
try
// If no classParent then class can be object
if (not UsePackages) and (TClass(I).ClassName = 'TObject') then
// if class if object add it to classes.
Add(TClass(I))
except
on EAccessViolation do
end
else
// className must be in the code section.
// classParent must be in the code section or the import section (when it is imported).
if (PPChar(I + vmtClassName)^ <= Code + CodeSize) and
(PPChar(I + vmtClassName)^ >= Code) and
(((PPChar(I + vmtParent)^ <= Code + CodeSize) and
(PPChar(I + vmtParent)^ >= Code)) or
((PPChar(I + vmtParent)^ <= ImportStart + ImportSize) and
(PPChar(I + vmtParent)^ >= ImportStart))) then
// Add possible class to possible class list.
PossClasses.Add(I);
end;
Inc(I, 4);
end;
// Can't be more then 1 TObject.
if (not TPEFileClass(PEFileClass).UsePackages) and (Count > 1) then
raise EDecompilerError.Create('There can only be one TObject.');
</PRE>
To filter out real classes search for a class named TObject from the list of possible classes,
<PRE>
// If no classParent then class can be object
if TClass(I).ClassName = 'TObject' then
// if class if object add it to classes.
Add(TClass(I))
</PRE>
After finding TObject, search the list of possible classes with a already found class as parent,
continue this search until no new class is found.
<PRE>
// Add Classes to the list which parent is in the list.
repeat
Added := False;
for J := PossClasses.Count -1 downto 0 do
begin
// Try to find parent class in classList
if FindClass(TClass(PossClasses[J]).ClassParent) <> nil then
begin
// Class in class list
Add(PossClasses[J]);
PossClasses.Delete(J);
Added := True;
end;
// Try to find parent class in a other package.
for K := 0 to High(PEFiles) do
if PEFiles[K].Classes.FindClass(TClass(PossClasses[J]).ClassParent) <> nil then
begin
// Class in class list
Add(PossClasses[J]);
PossClasses.Delete(J);
Added := True;
Break;
end;
end;
until not Added;
</PRE>
</p>
<hr>
<a href="http://www.puthoon.com" target="_top"><img alt="" src="puthoonMini.gif" width=20 height=20 border=0></A><FONT Face="Symbol,fantasy">Puqwn</FONT><BR>
E-mail: <a href="MAILTO:puthoon@puthoon.com">puthoon@puthoon.com</a>
<HR>
Copyright © 1999, 2000 Puthoon. All rights reserved
</BODY>
</HTML>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -