DeDe SDK v1.0 I. Description of DeDe functions function GetByte(dwVirtOffset : DWORD) : Byte; Description: Returns the byte at virtual offset dwVirtOffset of the target file. ---------------------------------------------------------------------------------------- function GetWord(dwVirtOffset : DWORD) : Word; Description: Returns the word at virtual offset dwVirtOffset of the target file. ---------------------------------------------------------------------------------------- function GetDWORD(dwVirtOffset : DWORD) : DWORD; Description: Returns the dword at virtual offset dwVirtOffset of the target file. ---------------------------------------------------------------------------------------- function GetPascalString(dwVirtOffset : DWORD) : String; Description: Returns the pascal string at virtual offset dwVirtOffset of the target file. ---------------------------------------------------------------------------------------- procedure GetBinaryData(var buffer : Array of Byte; size : Integer; dwVirtOffset : DWORD); Description: Returns size bytes in buffer starting from dwVirtOffset of the target file. The size of the buffer must be set before calling this function. ---------------------------------------------------------------------------------------- function Disassemble(dwVirtOffset : DWORD) : TDasmData; Description: Disassembles the instruction at dwVirtOffset of the target file. The result is return in TDasmData structure: Type TDasmData = record btSize : Byte; sInstruction : String; end; sInstruction is the instruction and btSize is the number of opcodes in it. The next instruction starts at VirtOffset Size, where VirtOffset is passed address and Size is returned number of opcodes. Remarks: If ptFixRelativeOffsets has been specified for the plugin flags Disassemble() had been called from, the relative offsets in the resulting instruction are fixed as absolute. The format they are returned is the same as in DeDe's disassembler listing. All numbers are in hex and starts with '$': mov eax, [ebp-$04] mov eax, dword ptr [$4417C8] The offsets of jump and call instruction are fixed and are given in hex without '$' before the values: call 00402E20 jz 0043A8B9 When this flag is not specified call and jump instructions are returned as: call -$0003BBCD jmp $0000001D Instructions can be parsed getting the first 8 chars for the instruction itself and the rest for the operands (if any) ---------------------------------------------------------------------------------------- The following function are still not implemented: ------------------------------------------------- function GetCallReference(dwVirtOffset : DWORD; var sReference : String; var btRefType : Byte; btMode : Byte = 0) : Boolean; Description: This function checks the procedure starting from dwVirtOffset of the target file. It returns sReference - the name(s) if the procedure has been recognized. If the procedure at dwVirtOffset has been recognized btRefType is the type of the returned reference - REF_TYPE_DSF, REF_TYPE_PUBLISHED or REF_TYPE_IDATA. The first value is set when the pattern for the tested procedure has been found in any of the loaded dsf files in DeDe when the function is called from the plugin. The second value is set when the tested procedure appears to be published method of some of the forms and the third value is set when the tested procedure is imported function. Value REF_TYPE_PROTECTED can not be set as a result of calling GetCallReference(). If reference has not been found the return value of btRefType is undefined. The last parameter btMode (default 0) specifies how the name should be returned. Its value can be any of the REF_MODE_ constants or their binary OR: REF_MODE_INCLUDE_UNIT = $00000001; REF_MODE_INCLUDE_PARENS = $00000002; REF_MODE_INCLUDE_PARAMS = $00000004; REF_MODE_ALL_REFS = $00000008; When REF_MODE_INCLUDE_UNIT is specified DeDe adds the unit/dll name and dot ('.') before the procedure name ('kernel32.GetProcAddress','SysUtils.MessageBox()', etc.). When this value is not specified the unit/dll name is removed ('GetProcAddress','MessageBox()', etc.). If REF_MODE_INCLUDE_PARENS is specified then '(' and ')' not including parameters are returned. If the flag is not specified no '('/')' and no parameters are returned (REF_MODE_INCLUDE_PARAMS is ignored if REF_MODE_INCLUDE_PARENS is not specified.). When REF_MODE_INCLUDE_PARENS and REF_MODE_INCLUDE_PARENS are specified then parameters names/types are returned. REF_MODE_ALL_REFS is ignored if the reference is not dsf. When this flag is specified then all reference names are returned if there are more than one. The names are separated by 'enter' (#13, ASCII 13). When this flag is not specified dsf references are returned only if there is only one found! ---------------------------------------------------------------------------------------- function GetObjectName(dwVirtOffset : DWORD; var sObjName : String) : Boolean; Description: ---------------------------------------------------------------------------------------- function GetFieldReference(dwVirtOffset : DWORD; var sReference : String) : Boolean; Description: ---------------------------------------------------------------------------------------- 請教有網友人知道這寫甚麼嗎?

------
**********************************************************
哈哈&兵燹
最會的2大絕招 這個不會與那個也不會 哈哈哈 粉好

Delphi K.Top的K.Top分兩個字解釋Top代表尖端的意思,希望本討論區能提供Delphi的尖端新知
K.表Knowlege 知識,就是本站的標語:Open our mind

j sir: 請問 DeDe軟體反編譯 sdk  要如何使用?    需要那些檔案?    

------
︿︿