-
-
[原创]RpcView移植vs2013项目,去除rpcrt4.dll文件版本验证
-
发表于: 2019-1-17 10:36
-
软件介绍
RpcView是一款DcomRpc协议接口反编译工具,可以反编译运行中程序的所有DcomRpc协议接口定义.
已移植至Visual Studio 2013项目,去除rpcrt4.dll文件版本验证,支持win7x64和2008r2x64操作系统,采用qt5.6版本,已发布64位release版本
运行环境
1.编译平台Visual Studio 2013
2.操作系统默认win7x64和2008r2x64,其他版本请自行编译
编译教程
- 下载qt安装包 528K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3W2K6L8#2)9J5k6h3#2A6M7Y4u0G2M7Y4y4Q4x3X3g2#2M7%4c8U0i4K6u0W2k6h3c8#2i4K6u0W2j5$3&6Q4x3V1k6I4N6s2m8J5L8$3A6W2j5%4c8Q4x3V1k6S2M7X3y4Z5K9i4k6W2i4K6u0r3M7i4c8Q4x3V1j5#2i4K6u0W2y4W2)9J5c8U0g2Q4x3X3f1$3i4K6u0W2x3q4)9J5c8Y4q4@1i4K6u0V1L8%4m8W2L8Y4y4G2N6i4u0U0k6g2)9J5k6s2N6A6L8X3c8G2N6%4y4Q4x3X3c8^5z5o6k6Q4x3X3c8E0M7%4k6U0x3U0l9I4x3#2)9#2k6U0j5@1i4K6u0V1y4g2)9J5k6e0k6Q4x3X3f1H3i4K6u0W2k6i4S2W2
- 下载qtvs插件 9c5K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3#2A6M7Y4u0G2M7Y4y4Q4x3X3g2#2M7%4c8U0i4K6u0W2k6h3c8#2i4K6u0W2j5$3&6Q4x3V1k6I4N6s2m8J5L8$3A6W2j5%4c8Q4x3V1k6S2M7X3y4Z5K9i4k6W2i4K6u0r3N6Y4y4S2k6r3c8A6L8W2)9J5c8Y4q4@1i4K6u0V1N6Y4y4S2k6r3c8A6L8W2)9J5k6r3#2K6N6X3x3J5x3o6p5K6i4K6u0V1x3W2)9J5k6e0u0Q4x3X3f1J5i4K6u0W2N6Y4y4A6P5l9`.`.
- 打开vs菜单栏QTVSTool->QTOption添加变量msvc2013_64值C:\Qt\Qt5.6.0\5.6\msvc2013_64
- 添加环境变量C:\Qt\Qt5.6.0\5.6\msvc2013_64\bin和C:\Qt\Qt5.6.0\Tools\QtCreator\bin
- 编译MyRpcView项目
- 运行Build\MyRpcView.exe
使用说明
根据不同操作操作系统版本,替换项目RpcCore和RpcCoreNative的RpcInternals.h为以下文件,分别为64和32版本,并更新引用路径
MyRpcView\MyRpcView\RpcViewMain\RpcCore\RpcCore1_32bits\RpcInternals.h for Windows XP MyRpcView\MyRpcView\RpcViewMain\RpcCore\RpcCore2_32bits\RpcInternals.h for Windows 7 x86 MyRpcView\MyRpcView\RpcViewMain\RpcCore\RpcCore2_64bits\RpcInternals.h for Windows 7 x64 MyRpcView\MyRpcView\RpcViewMain\RpcCore\RpcCore3_32bits\RpcInternals.h for Windows 8 x86 MyRpcView\MyRpcView\RpcViewMain\RpcCore\RpcCore3_64bits\RpcInternals.h for Windows 8 x64 MyRpcView\MyRpcView\RpcViewMain\RpcCore\RpcCore4_32bits\RpcInternals.h for Windows 8.1 and 10 x86 MyRpcView\MyRpcView\RpcViewMain\RpcCore\RpcCore4_64bits\RpcInternals.h for Windows 8.1 and 10 x64
高级用法
1.安装windbg,添加windbg目录至环境变量
2.symchk /s srvc:\symbolcb0K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6E0M7$3c8D9i4K6u0W2L8h3W2U0M7X3!0K6L8$3k6@1i4K6u0W2j5$3!0E0i4K6u0r3k6r3!0%4L8X3I4G2j5h3c8Q4x3V1k6K6P5h3#2T1L8$3I4K6 c:\windows\System32*.dll
3.symchk /s srvc:\symbol8e5K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6E0M7$3c8D9i4K6u0W2L8h3W2U0M7X3!0K6L8$3k6@1i4K6u0W2j5$3!0E0i4K6u0r3k6r3!0%4L8X3I4G2j5h3c8Q4x3V1k6K6P5h3#2T1L8$3I4K6 c:\windows\SysWOW64*.dll
4.在MyRpcView菜单中选择Option->Config Symbol->输入srv*c:\symbol
5.点击任意Interface->Decompile可在反编译结果中看到可以显示正确的函数名称
引用
|
|
|---|---|
