标志位爆破关键点?-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] 标志位爆破关键点? 0.00雪花

发表于: 2009-11-20 12:12 3487

[旧帖] 标志位爆破关键点? 0.00雪花

qwertfg

2009-11-20 12:12

3487

请教代码的标志位在哪边
爆破关键

调适了下改改跳转就可以爆破
但是这样有注册没功能

0040E4F6 51             push ecx
0040E4F7 6A 01          push 1
0040E4F9 FF15 54114000 call dword ptr ds:[<&MSVBVM60.__vbaUboun>; MSVBVM60.__vbaUbound
0040E4FF 8BC8          mov ecx,eax
0040E501 FF15 E0104000 call dword ptr ds:[<&MSVBVM60.__vbaI2I4>>; MSVBVM60.__vbaI2I4
0040E507 8985 A4FEFFFF mov dword ptr ss:[ebp-15C],eax
0040E50D B8 01000000    mov eax,1
0040E512 66:3B85 A4FEFFF>cmp ax,word ptr ss:[ebp-15C]
0040E519 8945 E4       mov dword ptr ss:[ebp-1C],eax
0040E51C 0F8F 4A030000 jg LinToolB.0040E86C
0040E522 8B4E 4C       mov ecx,dword ptr ds:[esi+4C]
0040E525 85C9          test ecx,ecx
0040E527 74 24          je short LinToolB.0040E54D
0040E529 66:8339 01    cmp word ptr ds:[ecx],1
0040E52D 75 1E          jnz short LinToolB.0040E54D
0040E52F 8B51 14       mov edx,dword ptr ds:[ecx+14]
0040E532 0FBFD8       movsx ebx,ax
0040E535 8B41 10       mov eax,dword ptr ds:[ecx+10]
0040E538 2BDA          sub ebx,edx
0040E53A 3BD8          cmp ebx,eax
0040E53C 72 06          jb short LinToolB.0040E544
0040E53E FF15 C8104000 call dword ptr ds:[<&MSVBVM60.__vbaGener>; MSVBVM60.__vbaGenerateBoundsError
0040E544 8D04DD 00000000 lea eax,dword ptr ds:[ebx*8]
0040E54B EB 06          jmp short LinToolB.0040E553
0040E54D FF15 C8104000 call dword ptr ds:[<&MSVBVM60.__vbaGener>; MSVBVM60.__vbaGenerateBoundsError
0040E553 8B56 4C       mov edx,dword ptr ds:[esi+4C]
0040E556 8B4A 0C       mov ecx,dword ptr ds:[edx+C]
0040E559 8B1401       mov edx,dword ptr ds:[ecx+eax]
0040E55C 52             push edx
0040E55D 68 78A14000    push LinToolB.0040A178
0040E562 FF15 CC104000 call dword ptr ds:[<&MSVBVM60.__vbaStrCm>; MSVBVM60.__vbaStrCmp
0040E568 85C0          test eax,eax
0040E56A 0F84 FC020000 je LinToolB.0040E86C
0040E570 8B46 4C       mov eax,dword ptr ds:[esi+4C]
0040E573 85C0          test eax,eax
0040E575 74 25          je short LinToolB.0040E59C
0040E577 66:8338 01    cmp word ptr ds:[eax],1
0040E57B 75 1F          jnz short LinToolB.0040E59C
0040E57D 0FBF5D E4    movsx ebx,word ptr ss:[ebp-1C]
0040E581 8B50 14       mov edx,dword ptr ds:[eax+14]
0040E584 8B48 10       mov ecx,dword ptr ds:[eax+10]
0040E587 2BDA          sub ebx,edx
0040E589 3BD9          cmp ebx,ecx
0040E58B 72 06          jb short LinToolB.0040E593
0040E58D FF15 C8104000 call dword ptr ds:[<&MSVBVM60.__vbaGener>; MSVBVM60.__vbaGenerateBoundsError
0040E593 8D04DD 00000000 lea eax,dword ptr ds:[ebx*8]
0040E59A EB 06          jmp short LinToolB.0040E5A2
0040E59C FF15 C8104000 call dword ptr ds:[<&MSVBVM60.__vbaGener>; MSVBVM60.__vbaGenerateBoundsError
0040E5A2 8B4E 4C       mov ecx,dword ptr ds:[esi+4C]
0040E5A5 8B51 0C       mov edx,dword ptr ds:[ecx+C]
0040E5A8 8B0402       mov eax,dword ptr ds:[edx+eax]
0040E5AB 50             push eax
0040E5AC FF15 24104000 call dword ptr ds:[<&MSVBVM60.__vbaLenBs>; MSVBVM60.__vbaLenBstr
0040E5B2 83F8 41       cmp eax,41
0040E5B5 0F8E 9D020000 jle LinToolB.0040E858
0040E5BB 8B46 4C       mov eax,dword ptr ds:[esi+4C]
0040E5BE C785 68FFFFFF 0>mov dword ptr ss:[ebp-98],80020004
0040E5C8 85C0          test eax,eax
0040E5CA C785 60FFFFFF 0>mov dword ptr ss:[ebp-A0],0A
0040E5D4 74 21          je short LinToolB.0040E5F7
0040E5D6 66:8338 01    cmp word ptr ds:[eax],1
0040E5DA 75 1B          jnz short LinToolB.0040E5F7
0040E5DC 0FBF5D E4    movsx ebx,word ptr ss:[ebp-1C]
0040E5E0 8B50 14       mov edx,dword ptr ds:[eax+14]
0040E5E3 8B48 10       mov ecx,dword ptr ds:[eax+10]
0040E5E6 2BDA          sub ebx,edx
0040E5E8 3BD9          cmp ebx,ecx
0040E5EA 72 06          jb short LinToolB.0040E5F2
0040E5EC FF15 C8104000 call dword ptr ds:[<&MSVBVM60.__vbaGener>; MSVBVM60.__vbaGenerateBoundsError
0040E5F2 C1E3 03       shl ebx,3
0040E5F5 EB 08          jmp short LinToolB.0040E5FF
0040E5F7 FF15 C8104000 call dword ptr ds:[<&MSVBVM60.__vbaGener>; MSVBVM60.__vbaGenerateBoundsError
0040E5FD 8BD8          mov ebx,eax
0040E5FF 8B4E 4C       mov ecx,dword ptr ds:[esi+4C]
0040E602 8D55 94       lea edx,dword ptr ss:[ebp-6C]
0040E605 51             push ecx
0040E606 52             push edx
0040E607 FF15 B0114000 call dword ptr ds:[<&MSVBVM60.__vbaAryLo>; MSVBVM60.__vbaAryLock
0040E60D 8B4D 94       mov ecx,dword ptr ss:[ebp-6C]
0040E610 85C9          test ecx,ecx
0040E612 74 2E          je short LinToolB.0040E642
0040E614 66:8339 01    cmp word ptr ds:[ecx],1
0040E618 75 28          jnz short LinToolB.0040E642
0040E61A 0FBF7D E4    movsx edi,word ptr ss:[ebp-1C]
0040E61E 8B51 14       mov edx,dword ptr ds:[ecx+14]
0040E621 8B41 10       mov eax,dword ptr ds:[ecx+10]
0040E624 2BFA          sub edi,edx
0040E626 3BF8          cmp edi,eax
0040E628 72 09          jb short LinToolB.0040E633
0040E62A FF15 C8104000 call dword ptr ds:[<&MSVBVM60.__vbaGener>; MSVBVM60.__vbaGenerateBoundsError
0040E630 8B4D 94       mov ecx,dword ptr ss:[ebp-6C]
0040E633 8D04FD 00000000 lea eax,dword ptr ds:[edi*8]
0040E63A 8B3D 14124000 mov edi,dword ptr ds:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeObj
0040E640 EB 09          jmp short LinToolB.0040E64B
0040E642 FF15 C8104000 call dword ptr ds:[<&MSVBVM60.__vbaGener>; MSVBVM60.__vbaGenerateBoundsError
0040E648 8B4D 94       mov ecx,dword ptr ss:[ebp-6C]
0040E64B 8B49 0C       mov ecx,dword ptr ds:[ecx+C]
0040E64E C785 20FFFFFF 0>mov dword ptr ss:[ebp-E0],4008
0040E658 03C8          add ecx,eax
0040E65A 8B46 4C       mov eax,dword ptr ds:[esi+4C]
0040E65D 898D 28FFFFFF mov dword ptr ss:[ebp-D8],ecx
0040E663 8D95 60FFFFFF lea edx,dword ptr ss:[ebp-A0]
0040E669 8B48 0C       mov ecx,dword ptr ds:[eax+C]
0040E66C 52             push edx
0040E66D 6A 01          push 1
0040E66F 8B1419       mov edx,dword ptr ds:[ecx+ebx]
0040E672 52             push edx
0040E673 68 B89F4000    push LinToolB.00409FB8
0040E678 6A 00          push 0
0040E67A FF15 78114000 call dword ptr ds:[<&MSVBVM60.__vbaInStr>; MSVBVM60.__vbaInStr
0040E680 83C0 01       add eax,1
0040E683 8D8D 50FFFFFF lea ecx,dword ptr ss:[ebp-B0]
0040E689 0F80 2A170000 jo LinToolB.0040FDB9
0040E68F 50             push eax
0040E690 8D85 20FFFFFF lea eax,dword ptr ss:[ebp-E0]
0040E696 50             push eax
0040E697 51             push ecx
0040E698 FF15 BC104000 call dword ptr ds:[<&MSVBVM60.#632>]    ; MSVBVM60.rtcMidCharVar
0040E69E 8D55 94       lea edx,dword ptr ss:[ebp-6C]
0040E6A1 52             push edx
0040E6A2 FF15 00124000 call dword ptr ds:[<&MSVBVM60.__vbaAryUn>; MSVBVM60.__vbaAryUnlock
0040E6A8 8D85 50FFFFFF lea eax,dword ptr ss:[ebp-B0]
0040E6AE 50             push eax
0040E6AF FF15 20104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVa>; MSVBVM60.__vbaStrVarMove
0040E6B5 8BD0          mov edx,eax
0040E6B7 8D4D B0       lea ecx,dword ptr ss:[ebp-50]
0040E6BA FF15 E0114000 call dword ptr ds:[<&MSVBVM60.__vbaStrMo>; MSVBVM60.__vbaStrMove
0040E6C0 8D8D 50FFFFFF lea ecx,dword ptr ss:[ebp-B0]
0040E6C6 8D95 60FFFFFF lea edx,dword ptr ss:[ebp-A0]
0040E6CC 51             push ecx
0040E6CD 52             push edx
0040E6CE 6A 02          push 2
0040E6D0 FF15 28104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
0040E6D6 8B46 4C       mov eax,dword ptr ds:[esi+4C]
0040E6D9 83C4 0C       add esp,0C
0040E6DC 85C0          test eax,eax
0040E6DE 74 25          je short LinToolB.0040E705
0040E6E0 66:8338 01    cmp word ptr ds:[eax],1
0040E6E4 75 1F          jnz short LinToolB.0040E705
0040E6E6 0FBF5D E4    movsx ebx,word ptr ss:[ebp-1C]
0040E6EA 8B50 14       mov edx,dword ptr ds:[eax+14]
0040E6ED 8B48 10       mov ecx,dword ptr ds:[eax+10]
0040E6F0 2BDA          sub ebx,edx
0040E6F2 3BD9          cmp ebx,ecx
0040E6F4 72 06          jb short LinToolB.0040E6FC
0040E6F6 FF15 C8104000 call dword ptr ds:[<&MSVBVM60.__vbaGener>; MSVBVM60.__vbaGenerateBoundsError
0040E6FC 8D04DD 00000000 lea eax,dword ptr ds:[ebx*8]
0040E703 EB 06          jmp short LinToolB.0040E70B
0040E705 FF15 C8104000 call dword ptr ds:[<&MSVBVM60.__vbaGener>; MSVBVM60.__vbaGenerateBoundsError
0040E70B 8B4E 4C       mov ecx,dword ptr ds:[esi+4C]
0040E70E 8B51 0C       mov edx,dword ptr ds:[ecx+C]
0040E711 8B0402       mov eax,dword ptr ds:[edx+eax]
0040E714 50             push eax
0040E715 FF15 1C124000 call dword ptr ds:[<&MSVBVM60.#581>]    ; MSVBVM60.rtcR8ValFromBstr
0040E71B FF15 F0104000 call dword ptr ds:[<&MSVBVM60.__vbaFpUI1>; MSVBVM60.__vbaFpUI1
0040E721 8B4D B0       mov ecx,dword ptr ss:[ebp-50]
0040E724 8AD8          mov bl,al
0040E726 51             push ecx
0040E727 885D 9C       mov byte ptr ss:[ebp-64],bl
0040E72A FF15 24104000 call dword ptr ds:[<&MSVBVM60.__vbaLenBs>; MSVBVM60.__vbaLenBstr
0040E730 33D2          xor edx,edx
0040E732 83F8 66       cmp eax,66
0040E735 0F95C2       setne dl
0040E738 33C0          xor eax,eax
0040E73A 80FB 06       cmp bl,6
0040E73D 8B4D B0       mov ecx,dword ptr ss:[ebp-50]
0040E740 0F95C0       setne al
0040E743 0BD0          or edx,eax
0040E745 51             push ecx
0040E746 F7DA          neg edx
0040E748 1BD2          sbb edx,edx
0040E74A F7DA          neg edx
0040E74C 8995 6CFEFFFF mov dword ptr ss:[ebp-194],edx
0040E752 FF15 24104000 call dword ptr ds:[<&MSVBVM60.__vbaLenBs>; MSVBVM60.__vbaLenBstr
0040E758 33D2          xor edx,edx
0040E75A 83F8 40       cmp eax,40
0040E75D 0F95C2       setne dl
0040E760 33C0          xor eax,eax
0040E762 80FB 02       cmp bl,2
0040E765 0F95C0       setne al
0040E768 8B8D 6CFEFFFF mov ecx,dword ptr ss:[ebp-194]
0040E76E 0BD0          or edx,eax
0040E770 F7DA          neg edx
0040E772 1BD2          sbb edx,edx
0040E774 F7DA          neg edx
0040E776 85CA          test edx,ecx
0040E778 0F85 DA000000 jnz LinToolB.0040E858
0040E77E 8B56 60       mov edx,dword ptr ds:[esi+60]
0040E781 8D5E 60       lea ebx,dword ptr ds:[esi+60]
0040E784 6A 00          push 0
0040E786 52             push edx
0040E787 6A 01          push 1
0040E789 FF15 54114000 call dword ptr ds:[<&MSVBVM60.__vbaUboun>; MSVBVM60.__vbaUbound
0040E78F 83C0 01       add eax,1
0040E792 0F80 21160000 jo LinToolB.0040FDB9
0040E798 50             push eax
0040E799 6A 01          push 1
0040E79B 68 88944000    push LinToolB.00409488
0040E7A0 53             push ebx
0040E7A1 6A 08          push 8
0040E7A3 6A 00          push 0
0040E7A5 FF15 F4104000 call dword ptr ds:[<&MSVBVM60.__vbaRedim>; MSVBVM60.__vbaRedimPreserve
0040E7AB 8B03          mov eax,dword ptr ds:[ebx]
0040E7AD 83C4 1C       add esp,1C
0040E7B0 85C0          test eax,eax
0040E7B2 74 38          je short LinToolB.0040E7EC
0040E7B4 66:8338 01    cmp word ptr ds:[eax],1
0040E7B8 75 32          jnz short LinToolB.0040E7EC
0040E7BA 50             push eax
0040E7BB 6A 01          push 1
0040E7BD 8985 68FEFFFF mov dword ptr ss:[ebp-198],eax
0040E7C3 FF15 54114000 call dword ptr ds:[<&MSVBVM60.__vbaUboun>; MSVBVM60.__vbaUbound
0040E7C9 8BF8          mov edi,eax
0040E7CB 8B85 68FEFFFF mov eax,dword ptr ss:[ebp-198]
0040E7D1 8B50 14       mov edx,dword ptr ds:[eax+14]
0040E7D4 8B48 10       mov ecx,dword ptr ds:[eax+10]
0040E7D7 2BFA          sub edi,edx
0040E7D9 3BF9          cmp edi,ecx
0040E7DB 72 06          jb short LinToolB.0040E7E3
0040E7DD FF15 C8104000 call dword ptr ds:[<&MSVBVM60.__vbaGener>; MSVBVM60.__vbaGenerateBoundsError
0040E7E3 8D04FD 00000000 lea eax,dword ptr ds:[edi*8]
0040E7EA EB 06          jmp short LinToolB.0040E7F2
0040E7EC FF15 C8104000 call dword ptr ds:[<&MSVBVM60.__vbaGener>; MSVBVM60.__vbaGenerateBoundsError
0040E7F2 8B0B          mov ecx,dword ptr ds:[ebx]
0040E7F4 8B55 B0       mov edx,dword ptr ss:[ebp-50]
0040E7F7 8B49 0C       mov ecx,dword ptr ds:[ecx+C]
0040E7FA 03C8          add ecx,eax
0040E7FC FF15 90114000 call dword ptr ds:[<&MSVBVM60.__vbaStrCo>; MSVBVM60.__vbaStrCopy
0040E802 8B03          mov eax,dword ptr ds:[ebx]
0040E804 85C0          test eax,eax
0040E806 74 38          je short LinToolB.0040E840
0040E808 66:8338 01    cmp word ptr ds:[eax],1
0040E80C 75 32          jnz short LinToolB.0040E840
0040E80E 50             push eax
0040E80F 6A 01          push 1
0040E811 8985 68FEFFFF mov dword ptr ss:[ebp-198],eax
0040E817 FF15 54114000 call dword ptr ds:[<&MSVBVM60.__vbaUboun>; MSVBVM60.__vbaUbound
0040E81D 8BF8          mov edi,eax
0040E81F 8B85 68FEFFFF mov eax,dword ptr ss:[ebp-198]
0040E825 8B50 14       mov edx,dword ptr ds:[eax+14]
0040E828 8B48 10       mov ecx,dword ptr ds:[eax+10]
0040E82B 2BFA          sub edi,edx
0040E82D 3BF9          cmp edi,ecx
0040E82F 72 06          jb short LinToolB.0040E837
0040E831 FF15 C8104000 call dword ptr ds:[<&MSVBVM60.__vbaGener>; MSVBVM60.__vbaGenerateBoundsError
0040E837 8D04FD 00000000 lea eax,dword ptr ds:[edi*8]
0040E83E EB 06          jmp short LinToolB.0040E846
0040E840 FF15 C8104000 call dword ptr ds:[<&MSVBVM60.__vbaGener>; MSVBVM60.__vbaGenerateBoundsError
0040E846 8B13          mov edx,dword ptr ds:[ebx]
0040E848 8B3D 14124000 mov edi,dword ptr ds:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeObj
0040E84E 8B4A 0C       mov ecx,dword ptr ds:[edx+C]
0040E851 8A55 9C       mov dl,byte ptr ss:[ebp-64]
0040E854 885401 04    mov byte ptr ds:[ecx+eax+4],dl
0040E858 B8 01000000    mov eax,1
0040E85D 66:0345 E4    add ax,word ptr ss:[ebp-1C]
0040E861 0F80 52150000 jo LinToolB.0040FDB9
0040E867  ^ E9 A6FCFFFF    jmp LinToolB.0040E512
0040E86C 8B46 60       mov eax,dword ptr ds:[esi+60]
0040E86F 50             push eax
0040E870 6A 01          push 1
0040E872 FF15 54114000 call dword ptr ds:[<&MSVBVM60.__vbaUboun>; MSVBVM60.__vbaUbound
0040E878 85C0          test eax,eax
0040E87A 0F85 F0000000 jnz LinToolB.0040E970
0040E880 B9 0A000000    mov ecx,0A
0040E885 B8 04000280    mov eax,80020004
0040E88A 898D 30FFFFFF mov dword ptr ss:[ebp-D0],ecx
0040E890 898D 40FFFFFF mov dword ptr ss:[ebp-C0],ecx
0040E896 898D 50FFFFFF mov dword ptr ss:[ebp-B0],ecx
0040E89C 8D95 20FFFFFF lea edx,dword ptr ss:[ebp-E0]
0040E8A2 8D8D 60FFFFFF lea ecx,dword ptr ss:[ebp-A0]
0040E8A8 8985 38FFFFFF mov dword ptr ss:[ebp-C8],eax
0040E8AE 8985 48FFFFFF mov dword ptr ss:[ebp-B8],eax
0040E8B4 8985 58FFFFFF mov dword ptr ss:[ebp-A8],eax
0040E8BA C785 28FFFFFF F>mov dword ptr ss:[ebp-D8],LinToolB.00409>  //未注册-程序关闭
0040E8C4 C785 20FFFFFF 0>mov dword ptr ss:[ebp-E0],8
0040E8CE FF15 BC114000 call dword ptr ds:[<&MSVBVM60.__vbaVarDu>; MSVBVM60.__vbaVarDup
0040E8D4 8D8D 30FFFFFF lea ecx,dword ptr ss:[ebp-D0]
0040E8DA 8D95 40FFFFFF lea edx,dword ptr ss:[ebp-C0]
0040E8E0 51             push ecx
0040E8E1 8D85 50FFFFFF lea eax,dword ptr ss:[ebp-B0]
0040E8E7 52             push edx
0040E8E8 50             push eax
0040E8E9 8D8D 60FFFFFF lea ecx,dword ptr ss:[ebp-A0]
0040E8EF 6A 10          push 10
0040E8F1 51             push ecx
0040E8F2 FF15 8C104000 call dword ptr ds:[<&MSVBVM60.#595>]    ; MSVBVM60.rtcMsgBox
0040E8F8 8D95 30FFFFFF lea edx,dword ptr ss:[ebp-D0]
0040E8FE 8D85 40FFFFFF lea eax,dword ptr ss:[ebp-C0]
0040E904 52             push edx
0040E905 8D8D 50FFFFFF lea ecx,dword ptr ss:[ebp-B0]
0040E90B 50             push eax
0040E90C 8D95 60FFFFFF lea edx,dword ptr ss:[ebp-A0]
0040E912 51             push ecx
0040E913 52             push edx
0040E914 6A 04          push 4
0040E916 FF15 28104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
0040E91C A1 D4E54100    mov eax,dword ptr ds:[41E5D4]
0040E921 83C4 14       add esp,14
0040E924 85C0          test eax,eax
0040E926 75 10          jnz short LinToolB.0040E938
0040E928 68 D4E54100    push LinToolB.0041E5D4
0040E92D 68 5CA24000    push LinToolB.0040A25C
0040E932 FF15 80114000 call dword ptr ds:[<&MSVBVM60.__vbaNew2>>; MSVBVM60.__vbaNew2
0040E938 8B1D D4E54100 mov ebx,dword ptr ds:[41E5D4]
0040E93E 8D45 84       lea eax,dword ptr ss:[ebp-7C]
0040E941 56             push esi
0040E942 50             push eax
0040E943 8B3B          mov edi,dword ptr ds:[ebx]
-------------------------------------------------------------------------------------------------------------------------------------
004105E0 55             push ebp
004105E1 8BEC          mov ebp,esp
004105E3 83EC 0C       sub esp,0C
004105E6 68 A6154000    push <jmp.&MSVBVM60.__vbaExceptHandler>
004105EB 64:A1 00000000  mov eax,dword ptr fs:[0]
004105F1 50             push eax
004105F2 64:8925 0000000>mov dword ptr fs:[0],esp
004105F9 81EC D4000000 sub esp,0D4
004105FF 53             push ebx
00410600 56             push esi
00410601 57             push edi
00410602 8965 F4       mov dword ptr ss:[ebp-C],esp
00410605 C745 F8 C012400>mov dword ptr ss:[ebp-8],LinToolB.004012>
0041060C 8B75 08       mov esi,dword ptr ss:[ebp+8]
0041060F 8BC6          mov eax,esi
00410611 83E0 01       and eax,1
00410614 8945 FC       mov dword ptr ss:[ebp-4],eax
00410617 83E6 FE       and esi,FFFFFFFE
0041061A 56             push esi
0041061B 8975 08       mov dword ptr ss:[ebp+8],esi
0041061E 8B0E          mov ecx,dword ptr ds:[esi]
00410620 FF51 04       call dword ptr ds:[ecx+4]
00410623 8B55 0C       mov edx,dword ptr ss:[ebp+C]
00410626 33FF          xor edi,edi
00410628 897D E0       mov dword ptr ss:[ebp-20],edi
0041062B 897D E4       mov dword ptr ss:[ebp-1C],edi
0041062E DD02          fld qword ptr ds:[edx]
00410630 DC1D B8124000 fcomp qword ptr ds:[4012B8]
00410636 897D DC       mov dword ptr ss:[ebp-24],edi
00410639 897D D8       mov dword ptr ss:[ebp-28],edi
0041063C 897D D4       mov dword ptr ss:[ebp-2C],edi
0041063F 897D D0       mov dword ptr ss:[ebp-30],edi
00410642 897D CC       mov dword ptr ss:[ebp-34],edi
00410645 897D BC       mov dword ptr ss:[ebp-44],edi
00410648 DFE0          fstsw ax
0041064A 897D AC       mov dword ptr ss:[ebp-54],edi
0041064D 897D 9C       mov dword ptr ss:[ebp-64],edi
00410650 F6C4 40       test ah,40
00410653 897D 8C       mov dword ptr ss:[ebp-74],edi
00410656 89BD 7CFFFFFF mov dword ptr ss:[ebp-84],edi
0041065C C685 48FFFFFF 0>mov byte ptr ss:[ebp-B8],0
00410663 C685 44FFFFFF 0>mov byte ptr ss:[ebp-BC],0
0041066A C685 40FFFFFF 0>mov byte ptr ss:[ebp-C0],0
00410671 0F85 20040000 jnz LinToolB.00410A97
00410677 8B86 9C000000 mov eax,dword ptr ds:[esi+9C]
0041067D 8038 00       cmp byte ptr ds:[eax],0
00410680 0F85 6C040000 jnz LinToolB.00410AF2
00410686 B9 01000000    mov ecx,1
0041068B FF15 0C114000 call dword ptr ds:[<&MSVBVM60.__vbaUI1I2>; MSVBVM60.__vbaUI1I2
00410691 8B8E 9C000000 mov ecx,dword ptr ds:[esi+9C]
00410697 8801          mov byte ptr ds:[ecx],al
00410699 8B56 60       mov edx,dword ptr ds:[esi+60]
0041069C 52             push edx
0041069D 6A 01          push 1
0041069F FF15 54114000 call dword ptr ds:[<&MSVBVM60.__vbaUboun>; MSVBVM60.__vbaUbound
004106A5 8BC8          mov ecx,eax
004106A7 FF15 E0104000 call dword ptr ds:[<&MSVBVM60.__vbaI2I4>>; MSVBVM60.__vbaI2I4
004106AD BB 01000000    mov ebx,1
004106B2 8985 28FFFFFF mov dword ptr ss:[ebp-D8],eax
004106B8 895D E8       mov dword ptr ss:[ebp-18],ebx
004106BB 66:3B9D 28FFFFF>cmp bx,word ptr ss:[ebp-D8]
004106C2 0F8F 2A040000 jg LinToolB.00410AF2
004106C8 8B46 60       mov eax,dword ptr ds:[esi+60]
004106CB 3BC7          cmp eax,edi
004106CD 74 2A          je short LinToolB.004106F9
004106CF 66:8338 01    cmp word ptr ds:[eax],1
004106D3 75 24          jnz short LinToolB.004106F9
004106D5 8B50 14       mov edx,dword ptr ds:[eax+14]
004106D8 8B48 10       mov ecx,dword ptr ds:[eax+10]
004106DB 0FBFFB       movsx edi,bx
004106DE 2BFA          sub edi,edx
004106E0 3BF9          cmp edi,ecx
004106E2 72 06          jb short LinToolB.004106EA
004106E4 FF15 C8104000 call dword ptr ds:[<&MSVBVM60.__vbaGener>; MSVBVM60.__vbaGenerateBoundsError
004106EA 8D04FD 00000000 lea eax,dword ptr ds:[edi*8]
004106F1 8B3D C8104000 mov edi,dword ptr ds:[<&MSVBVM60.__vbaGe>; MSVBVM60.__vbaGenerateBoundsError
004106F7 EB 08          jmp short LinToolB.00410701
004106F9 8B3D C8104000 mov edi,dword ptr ds:[<&MSVBVM60.__vbaGe>; MSVBVM60.__vbaGenerateBoundsError
004106FF FFD7          call edi
00410701 8B4E 60       mov ecx,dword ptr ds:[esi+60]
00410704 8B51 0C       mov edx,dword ptr ds:[ecx+C]
00410707 807C02 04 02 cmp byte ptr ds:[edx+eax+4],2
0041070C 75 7F          jnz short LinToolB.0041078D
0041070E 68 10A74000    push LinToolB.0040A710                ; UNICODE "2011/04/01"
00410713 FF15 2C114000 call dword ptr ds:[<&MSVBVM60.__vbaDateS>; MSVBVM60.__vbaDateStr
00410719 DD5D E0       fstp qword ptr ss:[ebp-20]
0041071C B9 25000000    mov ecx,25
00410721 FF15 0C114000 call dword ptr ds:[<&MSVBVM60.__vbaUI1I2>; MSVBVM60.__vbaUI1I2
00410727 8885 48FFFFFF mov byte ptr ss:[ebp-B8],al
0041072D 8B46 60       mov eax,dword ptr ds:[esi+60]
00410730 8D4D D8       lea ecx,dword ptr ss:[ebp-28]
00410733 50             push eax
00410734 51             push ecx
00410735 FF15 B0114000 call dword ptr ds:[<&MSVBVM60.__vbaAryLo>; MSVBVM60.__vbaAryLock
0041073B 8B4D D8       mov ecx,dword ptr ss:[ebp-28]
0041073E 85C9          test ecx,ecx
00410740 74 27          je short LinToolB.00410769
00410742 66:8339 01    cmp word ptr ds:[ecx],1
00410746 75 21          jnz short LinToolB.00410769
00410748 8B51 14       mov edx,dword ptr ds:[ecx+14]
0041074B 8B41 10       mov eax,dword ptr ds:[ecx+10]
0041074E 0FBFFB       movsx edi,bx
00410751 2BFA          sub edi,edx
00410753 3BF8          cmp edi,eax
00410755 72 09          jb short LinToolB.00410760
00410757 FF15 C8104000 call dword ptr ds:[<&MSVBVM60.__vbaGener>; MSVBVM60.__vbaGenerateBoundsError
0041075D 8B4D D8       mov ecx,dword ptr ss:[ebp-28]
00410760 8D04FD 00000000 lea eax,dword ptr ds:[edi*8]
00410767 EB 05          jmp short LinToolB.0041076E
00410769 FFD7          call edi
0041076B 8B4D D8       mov ecx,dword ptr ss:[ebp-28]
0041076E 8B49 0C       mov ecx,dword ptr ds:[ecx+C]
00410771 8B16          mov edx,dword ptr ds:[esi]
00410773 8D7D D4       lea edi,dword ptr ss:[ebp-2C]
00410776 03C8          add ecx,eax
00410778 57             push edi
00410779 8DBD 48FFFFFF lea edi,dword ptr ss:[ebp-B8]
0041077F 57             push edi
00410780 51             push ecx
00410781 56             push esi
00410782 FF92 4C070000 call dword ptr ds:[edx+74C]
00410788 E9 E1000000    jmp LinToolB.0041086E
0041078D 85C9          test ecx,ecx
0041078F 74 2A          je short LinToolB.004107BB
00410791 66:8339 01    cmp word ptr ds:[ecx],1
00410795 75 24          jnz short LinToolB.004107BB
00410797 8B51 14       mov edx,dword ptr ds:[ecx+14]
0041079A 8B41 10       mov eax,dword ptr ds:[ecx+10]
0041079D 0FBFFB       movsx edi,bx
004107A0 2BFA          sub edi,edx
004107A2 3BF8          cmp edi,eax
004107A4 72 06          jb short LinToolB.004107AC
004107A6 FF15 C8104000 call dword ptr ds:[<&MSVBVM60.__vbaGener>; MSVBVM60.__vbaGenerateBoundsError
004107AC 8D04FD 00000000 lea eax,dword ptr ds:[edi*8]
004107B3 8B3D C8104000 mov edi,dword ptr ds:[<&MSVBVM60.__vbaGe>; MSVBVM60.__vbaGenerateBoundsError
004107B9 EB 02          jmp short LinToolB.004107BD
004107BB FFD7          call edi
004107BD 8B4E 60       mov ecx,dword ptr ds:[esi+60]
004107C0 8B51 0C       mov edx,dword ptr ds:[ecx+C]
004107C3 807C02 04 06 cmp byte ptr ds:[edx+eax+4],6
004107C8 0F85 BD000000 jnz LinToolB.0041088B
004107CE B9 34000000    mov ecx,34
004107D3 FF15 0C114000 call dword ptr ds:[<&MSVBVM60.__vbaUI1I2>; MSVBVM60.__vbaUI1I2
004107D9 B9 CC000000    mov ecx,0CC
004107DE 8885 40FFFFFF mov byte ptr ss:[ebp-C0],al
004107E4 FF15 0C114000 call dword ptr ds:[<&MSVBVM60.__vbaUI1I2>; MSVBVM60.__vbaUI1I2
004107EA B9 7E000000    mov ecx,7E
004107EF 8885 44FFFFFF mov byte ptr ss:[ebp-BC],al
004107F5 FF15 0C114000 call dword ptr ds:[<&MSVBVM60.__vbaUI1I2>; MSVBVM60.__vbaUI1I2
004107FB 8885 48FFFFFF mov byte ptr ss:[ebp-B8],al
00410801 8B46 60       mov eax,dword ptr ds:[esi+60]
00410804 8D4D D8       lea ecx,dword ptr ss:[ebp-28]
00410807 50             push eax
00410808 51             push ecx
00410809 FF15 B0114000 call dword ptr ds:[<&MSVBVM60.__vbaAryLo>; MSVBVM60.__vbaAryLock
0041080F 8B4D D8       mov ecx,dword ptr ss:[ebp-28]
00410812 85C9          test ecx,ecx
00410814 74 27          je short LinToolB.0041083D
00410816 66:8339 01    cmp word ptr ds:[ecx],1
0041081A 75 21          jnz short LinToolB.0041083D
0041081C 8B51 14       mov edx,dword ptr ds:[ecx+14]
0041081F 8B41 10       mov eax,dword ptr ds:[ecx+10]
00410822 0FBFFB       movsx edi,bx
00410825 2BFA          sub edi,edx
00410827 3BF8          cmp edi,eax
00410829 72 09          jb short LinToolB.00410834
0041082B FF15 C8104000 call dword ptr ds:[<&MSVBVM60.__vbaGener>; MSVBVM60.__vbaGenerateBoundsError
00410831 8B4D D8       mov ecx,dword ptr ss:[ebp-28]
00410834 8D04FD 00000000 lea eax,dword ptr ds:[edi*8]
0041083B EB 05          jmp short LinToolB.00410842
0041083D FFD7          call edi
0041083F 8B4D D8       mov ecx,dword ptr ss:[ebp-28]
00410842 8D7D D4       lea edi,dword ptr ss:[ebp-2C]
00410845 8B49 0C       mov ecx,dword ptr ds:[ecx+C]
00410848 57             push edi
00410849 8DBD 40FFFFFF lea edi,dword ptr ss:[ebp-C0]
0041084F 57             push edi
00410850 8DBD 44FFFFFF lea edi,dword ptr ss:[ebp-BC]
00410856 8B16          mov edx,dword ptr ds:[esi]
00410858 57             push edi
00410859 8DBD 48FFFFFF lea edi,dword ptr ss:[ebp-B8]
0041085F 03C8          add ecx,eax
00410861 57             push edi
00410862 8D7D E0       lea edi,dword ptr ss:[ebp-20]
00410865 57             push edi
00410866 51             push ecx
00410867 56             push esi
00410868 FF92 04070000 call dword ptr ds:[edx+704]
0041086E 8D55 D8       lea edx,dword ptr ss:[ebp-28]
00410871 52             push edx
00410872 FF15 00124000 call dword ptr ds:[<&MSVBVM60.__vbaAryUn>; MSVBVM60.__vbaAryUnlock
00410878 8B55 D4       mov edx,dword ptr ss:[ebp-2C]
0041087B 8D4D DC       lea ecx,dword ptr ss:[ebp-24]
0041087E C745 D4 0000000>mov dword ptr ss:[ebp-2C],0
00410885 FF15 E0114000 call dword ptr ds:[<&MSVBVM60.__vbaStrMo>; MSVBVM60.__vbaStrMove
0041088B 8B46 64       mov eax,dword ptr ds:[esi+64]
0041088E 8B4D DC       mov ecx,dword ptr ss:[ebp-24]
00410891 50             push eax
00410892 51             push ecx
00410893 FF15 CC104000 call dword ptr ds:[<&MSVBVM60.__vbaStrCm>; MSVBVM60.__vbaStrCmp
00410899 85C0          test eax,eax
0041089B 75 13          jnz short LinToolB.004108B0
0041089D 8B4D 0C       mov ecx,dword ptr ss:[ebp+C]
004108A0 DD45 E0       fld qword ptr ss:[ebp-20]
004108A3 DC19          fcomp qword ptr ds:[ecx]
004108A5 DFE0          fstsw ax
004108A7 F6C4 41       test ah,41
004108AA 0F84 EF000000 je LinToolB.0041099F
004108B0 DD46 68       fld qword ptr ds:[esi+68]
004108B3 DC1D B8124000 fcomp qword ptr ds:[4012B8]
004108B9 DFE0          fstsw ax
004108BB F6C4 40       test ah,40
004108BE 0F84 C1000000 je LinToolB.00410985
004108C4 B9 0A000000    mov ecx,0A
004108C9 B8 04000280    mov eax,80020004
004108CE 894D 8C       mov dword ptr ss:[ebp-74],ecx
004108D1 894D 9C       mov dword ptr ss:[ebp-64],ecx
004108D4 894D AC       mov dword ptr ss:[ebp-54],ecx
004108D7 8D95 7CFFFFFF lea edx,dword ptr ss:[ebp-84]
004108DD 8D4D BC       lea ecx,dword ptr ss:[ebp-44]
004108E0 8945 94       mov dword ptr ss:[ebp-6C],eax
004108E3 8945 A4       mov dword ptr ss:[ebp-5C],eax
004108E6 8945 B4       mov dword ptr ss:[ebp-4C],eax
004108E9 C745 84 3CA7400>mov dword ptr ss:[ebp-7C],LinToolB.0040A> //未注册程式或过期-程式关闭
004108F0 C785 7CFFFFFF 0>mov dword ptr ss:[ebp-84],8
004108FA FF15 BC114000 call dword ptr ds:[<&MSVBVM60.__vbaVarDu>; MSVBVM60.__vbaVarDup
00410900 8D55 8C       lea edx,dword ptr ss:[ebp-74]
00410903 8D45 9C       lea eax,dword ptr ss:[ebp-64]
00410906 52             push edx
00410907 8D4D AC       lea ecx,dword ptr ss:[ebp-54]
0041090A 50             push eax
0041090B 51             push ecx
0041090C 8D55 BC       lea edx,dword ptr ss:[ebp-44]
0041090F 6A 10          push 10
00410911 52             push edx
00410912 FF15 8C104000 call dword ptr ds:[<&MSVBVM60.#595>]    ; MSVBVM60.rtcMsgBox
00410918 8D45 8C       lea eax,dword ptr ss:[ebp-74]
0041091B 8D4D 9C       lea ecx,dword ptr ss:[ebp-64]
0041091E 50             push eax
0041091F 8D55 AC       lea edx,dword ptr ss:[ebp-54]
00410922 51             push ecx
00410923 8D45 BC       lea eax,dword ptr ss:[ebp-44]
00410926 52             push edx
00410927 50             push eax
00410928 6A 04          push 4
0041092A FF15 28104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
00410930 A1 D4E54100    mov eax,dword ptr ds:[41E5D4]
00410935 83C4 14       add esp,14
00410938 85C0          test eax,eax
0041093A 75 10          jnz short LinToolB.0041094C
0041093C 68 D4E54100    push LinToolB.0041E5D4
00410941 68 5CA24000    push LinToolB.0040A25C

[课程]Linux pwn 探索篇！

收藏・0

免费・0

支持

最新回复 (6)
qwertfg 雪币： 9 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 10 回帖 56 粉丝 0 关注私信	qwertfg 2 楼推下推下推下 2009-11-20 23:13 0
qwertfg 雪币： 9 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 10 回帖 56 粉丝 0 关注私信	qwertfg 3 楼 0044B5C6 74 7C je short ExpAvg.0044B644 弄了很久才发现仅仅改这边关键跳只是讯息显示注册注册功能还是不能使用 2009-11-21 00:50 0
flfd 雪币： 18 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 21 粉丝 0 关注私信	flfd 4 楼 0044B5C0 8886 E3020000 mov byte ptr ds:[esi+2E3],al 找个能正常注册的码跟到这看看al是多少；实在找不到就把01~0FFh逐个给al试看哪个能正常用 2009-11-21 16:41 0
topcookie 雪币： 161 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 9 回帖 50 粉丝 0 关注私信	topcookie 5 楼直接把这个CALL给NOP掉不就行了 2009-11-22 13:37 0
qwertfg 雪币： 9 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 10 回帖 56 粉丝 0 关注私信	qwertfg 6 楼新问题求解答 2009-12-26 13:38 0
达文西雪币： 1632 活跃值： (13) 能力值： ( LV2，RANK：10 ) 在线值：发帖 18 回帖 1328 粉丝 0 关注私信	达文西 7 楼我来顶帖，搞不定，楼主给点分我。 2009-12-26 13:44 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

qwertfg

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (6)
qwertfg 雪币： 9 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 10 回帖 56 粉丝 0 关注私信	qwertfg 2 楼推下推下推下 2009-11-20 23:13 0
qwertfg 雪币： 9 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 10 回帖 56 粉丝 0 关注私信	qwertfg 3 楼 0044B5C6 74 7C je short ExpAvg.0044B644 弄了很久才发现仅仅改这边关键跳只是讯息显示注册注册功能还是不能使用 2009-11-21 00:50 0
flfd 雪币： 18 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 21 粉丝 0 关注私信	flfd 4 楼 0044B5C0 8886 E3020000 mov byte ptr ds:[esi+2E3],al 找个能正常注册的码跟到这看看al是多少；实在找不到就把01~0FFh逐个给al试看哪个能正常用 2009-11-21 16:41 0
topcookie 雪币： 161 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 9 回帖 50 粉丝 0 关注私信	topcookie 5 楼直接把这个CALL给NOP掉不就行了 2009-11-22 13:37 0
qwertfg 雪币： 9 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 10 回帖 56 粉丝 0 关注私信	qwertfg 6 楼新问题求解答 2009-12-26 13:38 0
达文西雪币： 1632 活跃值： (13) 能力值： ( LV2，RANK：10 ) 在线值：发帖 18 回帖 1328 粉丝 0 关注私信	达文西 7 楼我来顶帖，搞不定，楼主给点分我。 2009-12-26 13:44 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复