反编译PDK编译的perl程序脚本

sunbeat

这个是上一个动画的续
http://www.52pojie.cn/thread-440323-1-1.html

最近在学习脚本编写，把上次的过程用脚本实现了下



下载地址：

decompile_perl.txt (994 Bytes, 下载次数: 61)

2015-12-11 19:15 上传

点击文件名下载附件

代码如下：

[Asm] 纯文本查看 复制代码

//writen by sunbeat
//2015-12-11
//decompile the PDK exe back to perl script


var BPNAME
var BPDECODE
var MEMSTART
var MEMEND
var size
var plname
var filename
var scriptaddr 
findmem "script",401000  //use script as the key word to search in memory
mov scriptaddr,$RESULT
eval "push 0x{scriptaddr}"
findcmd 401000,$RESULT   //find in instruction , where to call "script" memory address
mov BPNAME,$RESULT
mov BPDECODE,$RESULT+F
bp BPNAME
erun  //break in EAX is the name of perl script
bc BPNAME
eval [eax]
mov plname, $RESULT
bp BPDECODE
erun
bc BPDECODE
mov MEMSTART,eax  //eax stores the perl script's dump begin address

findmem #00#,eax  //from EAX as begin , until find 0x0 as the end
mov MEMEND,$RESULT
sub MEMEND,MEMSTART
mov size,MEMEND
eval "{plname}"
mov filename,$RESULT
DM MEMSTART,size,filename

itoa $RESULT,10.
mov size,$RESULT

eval "file:{filename} was writen {size} bytes"
msg $RESULT
reset  //ctrl+f2 , reload programe
ret

iamlimeng

前辈，同是Perl爱好者，能不能把DZSoft Perl Editor搞定？

sky010r9

可以使用，牛皮， 多个perl打包，有什么思路，透露下？