-
-
[原创]VB P-code粗略分析(3)
-
发表于: 2005-2-5 18:17 8857
-
'在理解前两节知识的前提下,我们这里引入一个我自己写的LYSA算法和一个简单的CrackmeONEII作为分析的目标。
'作为除夕的礼物送给大家,小鸟一只让向各位献丑了!
'CrackmeONEII
'为了和前面衔接,CrackmeONEII是在Pcode(2-2)基础上写的
'下面是源代码,里面用的是一种查表法
***********Reference CrackmeONEII's Sound code
Private Sub Command1_Click()
Dim name As String, code As String, strCode As String, T As String, F As String
Dim i As Integer, j As Integer
T = "CrackmeONEII+LYSA-II True code!"
F = "CrackmeONEII+LYSA-II False code!"
name = "": code = "": strCode = ""
name = Text1.Text
If name = "" Then
Text1.Text = ""
Exit Sub
End If
If Asc(name) < 0 Then
Text1.Text = ""
Exit Sub
End If
For i = 1 To Len(name)
If Asc(Mid(name, i, 1)) >= 48 And Asc(Mid(name, i, 1)) <= 57 Then '0-9
Select Case Mid(name, i, 1)
Case "1"
strCode = strCode & "da"
Case "2"
strCode = strCode & "fa"
Case "3"
strCode = strCode & "fc"
Case "4"
strCode = strCode & "dc"
Case "5"
strCode = strCode & "eb"
Case "6"
strCode = strCode & "fb"
Case "7"
strCode = strCode & "ea"
Case "8"
strCode = strCode & "ec"
Case "9"
strCode = strCode & "db"
Case "0"
strCode = strCode & "ab"
End Select
End If
If Asc(Mid(name, i, 1)) >= 65 And Asc(Mid(name, i, 1)) <= 90 Then 'A-Z
Select Case Mid(name, i, 1)
Case "A"
strCode = strCode & "01"
Case "B"
strCode = strCode & "62"
Case "C"
strCode = strCode & "81"
Case "D"
strCode = strCode & "84"
Case "E"
strCode = strCode & "63"
Case "F"
strCode = strCode & "71"
Case "G"
strCode = strCode & "72"
Case "H"
strCode = strCode & "91"
Case "I"
strCode = strCode & "74"
Case "J"
strCode = strCode & "93"
Case "K"
strCode = strCode & "03"
Case "L"
strCode = strCode & "82"
Case "M"
strCode = strCode & "61"
Case "N"
strCode = strCode & "02"
Case "O"
strCode = strCode & "65"
Case "P"
strCode = strCode & "8a"
Case "Q"
strCode = strCode & "92"
Case "R"
strCode = strCode & "75"
Case "S"
strCode = strCode & "05"
Case "T"
strCode = strCode & "95"
Case "U"
strCode = strCode & "83"
Case "V"
strCode = strCode & "64"
Case "W"
strCode = strCode & "85"
Case "X"
strCode = strCode & "04"
Case "Y"
strCode = strCode & "94"
Case "Z"
strCode = strCode & "73"
End Select
End If
If Asc(Mid(name, i, 1)) >= 97 And Asc(Mid(name, i, 1)) <= 122 Then 'a-z
Select Case Mid(name, i, 1)
Case "a"
strCode = strCode & "10"
Case "b"
strCode = strCode & "26"
Case "c"
strCode = strCode & "18"
Case "d"
strCode = strCode & "48"
Case "e"
strCode = strCode & "36"
Case "f"
strCode = strCode & "17"
Case "g"
strCode = strCode & "27"
Case "h"
strCode = strCode & "19"
Case "i"
strCode = strCode & "47"
Case "j"
strCode = strCode & "39"
Case "k"
strCode = strCode & "30"
Case "l"
strCode = strCode & "28"
Case "m"
strCode = strCode & "16"
Case "n"
strCode = strCode & "20"
Case "o"
strCode = strCode & "56"
Case "p"
strCode = strCode & "3f"
Case "q"
strCode = strCode & "29"
Case "r"
strCode = strCode & "57"
Case "s"
strCode = strCode & "50"
Case "t"
strCode = strCode & "59"
Case "u"
strCode = strCode & "38"
Case "v"
strCode = strCode & "46"
Case "w"
strCode = strCode & "58"
Case "x"
strCode = strCode & "40"
Case "y"
strCode = strCode & "94"
Case "z"
strCode = strCode & "37"
End Select
End If
If Asc(Mid(name, i, 1)) >= 0 And Asc(Mid(name, i, 1)) <= 47 Then
Text1.Text = ""
Exit Sub
End If
If Asc(Mid(name, i, 1)) >= 58 And Asc(Mid(name, i, 1)) <= 64 Then
Text1.Text = ""
Exit Sub
End If
If Asc(Mid(name, i, 1)) >= 91 And Asc(Mid(name, i, 1)) <= 96 Then
Text1.Text = ""
Exit Sub
End If
If Asc(Mid(name, i, 1)) >= 123 And Asc(Mid(name, i, 1)) <= 255 Then
Text1.Text = ""
Exit Sub
End If
Next i
'MsgBox strCode
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "f" Then code = code & "f"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "e" Then code = code & "e"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "d" Then code = code & "d"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "c" Then code = code & "c"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "b" Then code = code & "b"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "a" Then code = code & "a"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "9" Then code = code & "9"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "8" Then code = code & "8"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "7" Then code = code & "7"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "6" Then code = code & "6"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "5" Then code = code & "5"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "4" Then code = code & "4"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "3" Then code = code & "3"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "2" Then code = code & "2"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "1" Then code = code & "1"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "0" Then code = code & "0"
Next j
'MsgBox code
If Text2.Text = code Then
MsgBox T, vbOKOnly, "CrackmeONEII+LYSA-II"
Else
Text1.Text = ""
Text2.Text = ""
MsgBox F, vbOKOnly, "CrackmeONEII+LYSA-II"
End If
End Sub
***********Reference VB P-code
[Command1.Click]
******Possible String Ref To->"CrackmeONEII+LYSA-II True code!"
|
:004027E4 1B0000 LitStr ;Push ptr_0040219C // 装入字符串
:004027E7 436CFF FStStrCopy ;[LOCAL_0094]=SysAllocStringByteLen(Pop, [Pop-4]); SysFreeString Pop // 复制到内存0094
******Possible String Ref To->"CrackmeONEII+LYSA-II False code!"
|
:004027EA 1B0100 LitStr ;Push ptr_004021E0 // 装入字符串
:004027ED 4368FF FStStrCopy ;[LOCAL_0098]=SysAllocStringByteLen(Pop, [Pop-4]); SysFreeString Pop // 复制到内存0098
******Possible String Ref To->""
|
:004027F0 1B0200 LitStr ;Push ptr_00402228 // 装入字符串
:004027F3 4378FF FStStrCopy ;[LOCAL_0088]=SysAllocStringByteLen(Pop, [Pop-4]); SysFreeString Pop // 复制到内存0088
******Possible String Ref To->""
|
:004027F6 1B0200 LitStr ;Push ptr_00402228 // 装入字符串
:004027F9 4374FF FStStrCopy ;[LOCAL_008C]=SysAllocStringByteLen(Pop, [Pop-4]); SysFreeString Pop // 复制到内存008C
******Possible String Ref To->""
|
:004027FC 1B0200 LitStr ;Push ptr_00402228 // 装入字符串
:004027FF 4370FF FStStrCopy ;[LOCAL_0090]=SysAllocStringByteLen(Pop, [Pop-4]); SysFreeString Pop // 复制到内存0090
****************************************
T = "CrackmeONEII+LYSA-II True code!"
F = "CrackmeONEII+LYSA-II False code!"
name = "": code = "": strCode = ""
****************************************
:00402802 045CFF FLdRfVar ;Push LOCAL_00A4 // 开辟内存空间
:00402805 21 FLdPrThis ;[SR]=[stack2] \
:00402806 0F0403 VCallAd ;Return the control index 03 / // 获得窗体句柄
:00402809 1960FF FStAdFunc ;// 取propget过程地址
:0040280C 0860FF FLdPr ;[SR]=[LOCAL_00A0] // 加载过程
***********Reference To:[propget]TextBox.Text // propget,TextBox.Text的取过程
|
:0040280F 0DA0000300 VCallHresult ;Call ptr_0040222C // 获得文本框中的内容
:00402814 3E5CFF FLdZeroAd ;Push DWORD [LOCAL_00A4]; [LOCAL_00A4]=0 // 将内容入栈
:00402817 3178FF FStStr ;SysFreeString [LOCAL_0088]; [LOCAL_0088]=Pop // 将字符释放到0088
:0040281A 1A60FF FFree1Ad ;Push [LOCAL_00A0]; Call [[[LOCAL_00A0]]+8]; [[LOCAL_00A0]]=0 // 调用后释放空间
****************************************
name = Text1.Text
****************************************
:0040281D 6C78FF ILdRf ;Push DWORD [LOCAL_0088] // 装载获取的文本内容,作为参数
******Possible String Ref To->""
|
:00402820 1B0200 LitStr ;Push ptr_00402228 // NULL字符入栈
:00402823 FB30 EqStr ;//字符串比较
:00402825 1C5A00 BranchF ;If Pop=0 then ESI=0040283E // 不相等则跳(F->条件为假)0040283E
******Possible String Ref To->""
|
:00402828 1B0200 LitStr ;Push ptr_00402228 // NULL字符入栈
:0040282B 21 FLdPrThis ;[SR]=[stack2] \
:0040282C 0F0403 VCallAd ;Return the control index 03 / // 获得窗体句柄
:0040282F 1960FF FStAdFunc ;// 取propput过程地址
:00402832 0860FF FLdPr ;[SR]=[LOCAL_00A0] // 加载过程
***********Reference To:[propput]TextBox.Text // propput,TextBox.Text的赋值过程
|
:00402835 0DA4000300 VCallHresult ;Call ptr_0040222C // 将文本框赋值为NULL字符
:0040283A 1A60FF FFree1Ad ;Push [LOCAL_00A0]; Call [[[LOCAL_00A0]]+8]; [[LOCAL_00A0]]=0 // 调用后释放空间
:0040283D 13 ExitProcHresult ;// 退出过程
****************************************
If name = "" Then
Text1.Text = ""
Exit Sub
End If
****************************************
:0040283E 6C78FF ILdRf ;Push DWORD [LOCAL_0088] // 装载获取的文本内容,作为参数
**********Reference To->msvbvm60.rtcAnsiValueBstr //ASC()
|
:00402841 0B04000400 ImpAdCallI2 ;Call ptr_00401030; check stack 0004; Push EAX // ASC([LOCAL_0088])
:00402846 F400 LitI2_Byte ;Push 00 // 0入栈
:00402848 D0 LtI2 ;// 整数的小于判断(less than)
:00402849 1C7E00 BranchF ;If Pop=0 then ESI=00402862 // 不小于则跳00402862
******Possible String Ref To->""
|
:0040284C 1B0200 LitStr ;Push ptr_00402228 // NULL字符入栈
:0040284F 21 FLdPrThis ;[SR]=[stack2] \
:00402850 0F0403 VCallAd ;Return the control index 03 / // 获得窗体句柄
:00402853 1960FF FStAdFunc ;// 取propput过程地址
:00402856 0860FF FLdPr ;[SR]=[LOCAL_00A0] // 加载过程
***********Reference To:[propput]TextBox.Text // propput,TextBox.Text的赋值过程
|
:00402859 0DA4000300 VCallHresult ;Call ptr_0040222C // 将文本框赋值为NULL字符
:0040285E 1A60FF FFree1Ad ;Push [LOCAL_00A0]; Call [[[LOCAL_00A0]]+8]; [[LOCAL_00A0]]=0 // 调用后释放空间
:00402861 13 ExitProcHresult ;// 退出过程
****************************************
If Asc(name) < 0 Then
Text1.Text = ""
Exit Sub
End If
****************************************
:00402862 F401 LitI2_Byte ;Push 01 // 01入栈
:00402864 0466FF FLdRfVar ;Push LOCAL_009A // 加载变量i
:00402867 6C78FF ILdRf ;Push DWORD [LOCAL_0088] // 装载获取的文本内容,作为参数
:0040286A 4A FnLenStr ;vbaLenBstr // 计算name长度
:0040286B E4 CI2I4 ;Verify [stack] high word is 0000, ECX=[ECX]
:0040286C FE6358FFA30A ForI2 ;// FOR
****************************************
For i = 1 To Len(name)
****************************************
:00402872 2828FF0100 LitVarI2 ;PushVarInteger 0001 \ 取长度
:00402877 6B66FF FLdI2 ;Push WORD [LOCAL_009A] | 变量i的值
:0040287A E7 CI4UI1 ; | // MID函数参数入栈
:0040287B 0478FF FLdRfVar ;Push LOCAL_0088 / 文本内容
:0040287E 4D48FF0840 CVarRef ;// 创建临时变量
:00402883 0418FF FLdRfVar ;Push LOCAL_00E8 // 加载临时变量
**********Reference To->msvbvm60.rtcMidCharVar
|
:00402886 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX // MID操作
:0040288B 0418FF FLdRfVar ;Push LOCAL_00E8 \
:0040288E FDFE5CFF CStrVarVal ; / // ASC函数参数入栈
**********Reference To->msvbvm60.rtcAnsiValueBstr
|
:00402892 0B04000400 ImpAdCallI2 ;Call ptr_00401030; check stack 0004; Push EAX // ASC操作
:00402897 F430 LitI2_Byte ;Push 30 // 48入栈
:00402899 DF GeI2 ;// 大于等于比较操作
:0040289A 28E8FE0100 LitVarI2 ;PushVarInteger 0001 \ 取长度
:0040289F 6B66FF FLdI2 ;Push WORD [LOCAL_009A] | 变量i的值
:004028A2 E7 CI4UI1 ; | // MID函数参数入栈
:004028A3 0478FF FLdRfVar ;Push LOCAL_0088 / 文本内容
:004028A6 4D08FF0840 CVarRef ;// 创建临时变量
:004028AB 04D8FE FLdRfVar ;Push LOCAL_0128 // 加载临时变量
**********Reference To->msvbvm60.rtcMidCharVar
|
:004028AE 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX //MID操作
:004028B3 04D8FE FLdRfVar ;Push LOCAL_0128 \
:004028B6 FDFED4FE CStrVarVal ; / // ASC函数参数入栈
**********Reference To->msvbvm60.rtcAnsiValueBstr
|
:004028BA 0B04000400 ImpAdCallI2 ;Call ptr_00401030; check stack 0004; Push EAX //ASC操作
:004028BF F439 LitI2_Byte ;Push 39 // 57入栈
:004028C1 D5 LeI2 ;// 小于等于比较操作
:004028C2 C4 AndI4 ;// AND
:004028C3 3204005CFFD4FE FFreeStr ;Do SysFreeString [arg_n]; [arg_n]=0 0004/2 times ~ arg
:004028CA 36080028FF18FFE8 FFreeVar ;Free 0008/2 variants // 释放临时变量
:004028D5 1C2202 BranchF ;If Pop=0 then ESI=00402A06 // 条件为假则跳00402A06
****************************************
If Asc(Mid(name, i, 1)) >= 48 And Asc(Mid(name, i, 1)) <= 57 Then '0-9
****************************************
:004028D8 2828FF0100 LitVarI2 ;PushVarInteger 0001 \ 取长度
:004028DD 6B66FF FLdI2 ;Push WORD [LOCAL_009A] | 变量i的值
:004028E0 E7 CI4UI1 ; | // MID函数参数入栈
:004028E1 0478FF FLdRfVar ;Push LOCAL_0088 / 文本内容
:004028E4 4D48FF0840 CVarRef ;// 创建临时变量
:004028E9 0418FF FLdRfVar ;Push LOCAL_00E8 // 加载临时变量
**********Reference To->msvbvm60.rtcMidCharVar
|
:004028EC 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX // MID操作
****************************************
Mid(name, i, 1)
****************************************
:004028F1 0418FF FLdRfVar ;Push LOCAL_00E8 // Mid(name, i, 1)的内容入栈
:004028F4 FCF6C4FE FStVar ;
:004028F8 3528FF FFree1Var ;Free LOCAL_00D8
:004028FB 04C4FE FLdRfVar ;Push LOCAL_013C // 加载临时变量,用来保存"1"
******Possible String Ref To->"1"
|
:004028FE 3A48FF0600 LitVarStr ;PushVarString ptr_00402240 // "1"入栈
:00402903 5D HardType ;
:00402904 FB33 EqVarBool ;// 判断变量是否相等
:00402906 1C3201 BranchF ;If Pop=0 then ESI=00402916 // 条件为假跳00402916
:00402909 6C70FF ILdRf ;Push DWORD [LOCAL_0090] // 加载strCode
******Possible String Ref To->"da"
|
:0040290C 1B0700 LitStr ;Push ptr_00402248 // "da"入栈
:0040290F 2A ConcatStr ;vbaStrCat // 连接字符串
****************************************
Case "1"
strCode = strCode & "da"
****************************************
:00402910 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop // 将字符释放到0090
:00402913 1E2202 Branch ;ESI=00402A06 // 跳出CASE
:00402916 04C4FE FLdRfVar ;Push LOCAL_013C // 加载临时变量
******Possible String Ref To->"2"
|
:00402919 3A48FF0800 LitVarStr ;PushVarString ptr_00402254 // "2"入栈
:0040291E 5D HardType ;
:0040291F FB33 EqVarBool ;// 判断变量是否相等
:00402921 1C4D01 BranchF ;If Pop=0 then ESI=00402931 // 条件为假跳00402931
:00402924 6C70FF ILdRf ;Push DWORD [LOCAL_0090] // 加载strCode
******Possible String Ref To->"fa"
|
:00402927 1B0900 LitStr ;Push ptr_0040225C // "fa"入栈
:0040292A 2A ConcatStr ;vbaStrCat // 连接字符串
****************************************
Case "2"
strCode = strCode & "fa"
****************************************
:0040292B 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop // 将字符释放到0090
:0040292E 1E2202 Branch ;ESI=00402A06 // 跳出CASE
:00402931 04C4FE FLdRfVar ;Push LOCAL_013C // 加载临时变量
******Possible String Ref To->"3"
|
:00402934 3A48FF0A00 LitVarStr ;PushVarString ptr_00402268 // "3"入栈
:00402939 5D HardType ;
:0040293A FB33 EqVarBool ;// 判断变量是否相等
:0040293C 1C6801 BranchF ;If Pop=0 then ESI=0040294C // 条件为假跳0040294C
:0040293F 6C70FF ILdRf ;Push DWORD [LOCAL_0090] // 加载strCode
******Possible String Ref To->"fc"
|
:00402942 1B0B00 LitStr ;Push ptr_00402270 // "fc"入栈
:00402945 2A ConcatStr ;vbaStrCat // 连接字符串
****************************************
Case "3"
strCode = strCode & "fc"
****************************************
:00402946 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop // 将字符释放到0090
:00402949 1E2202 Branch ;ESI=00402A06 // 跳出CASE
:0040294C 04C4FE FLdRfVar ;Push LOCAL_013C // 加载临时变量
******Possible String Ref To->"4"
|
:0040294F 3A48FF0C00 LitVarStr ;PushVarString ptr_0040227C // "4"入栈
:00402954 5D HardType ;
:00402955 FB33 EqVarBool ;// 判断变量是否相等
:00402957 1C8301 BranchF ;If Pop=0 then ESI=00402967 // 条件为假跳00402967
:0040295A 6C70FF ILdRf ;Push DWORD [LOCAL_0090] // 加载strCode
******Possible String Ref To->"dc"
|
:0040295D 1B0D00 LitStr ;Push ptr_00402284 // "dc"入栈
:00402960 2A ConcatStr ;vbaStrCat // 连接字符串
****************************************
Case "4"
strCode = strCode & "dc"
****************************************
:00402961 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop // 将字符释放到0090
:00402964 1E2202 Branch ;ESI=00402A06 // 跳出CASE
:00402967 04C4FE FLdRfVar ;Push LOCAL_013C // 加载临时变量
******Possible String Ref To->"5"
|
:0040296A 3A48FF0E00 LitVarStr ;PushVarString ptr_00402290 // "5"入栈
:0040296F 5D HardType ;
:00402970 FB33 EqVarBool ;// 判断变量是否相等
:00402972 1C9E01 BranchF ;If Pop=0 then ESI=00402982 // 条件为假跳00402982
:00402975 6C70FF ILdRf ;Push DWORD [LOCAL_0090] // 加载strCode
******Possible String Ref To->"eb"
|
:00402978 1B0F00 LitStr ;Push ptr_00402298 // "eb"入栈
:0040297B 2A ConcatStr ;vbaStrCat // 连接字符串
****************************************
Case "5"
strCode = strCode & "eb"
****************************************
:0040297C 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop // 将字符释放到0090
:0040297F 1E2202 Branch ;ESI=00402A06 // 跳出CASE
:00402982 04C4FE FLdRfVar ;Push LOCAL_013C // 加载临时变量
******Possible String Ref To->"6"
|
:00402985 3A48FF1000 LitVarStr ;PushVarString ptr_004022A4 // "6"入栈
:0040298A 5D HardType ;
:0040298B FB33 EqVarBool ;// 判断变量是否相等
:0040298D 1CB901 BranchF ;If Pop=0 then ESI=0040299D // 条件为假跳0040299D
:00402990 6C70FF ILdRf ;Push DWORD [LOCAL_0090] // 加载strCode
******Possible String Ref To->"fb"
|
:00402993 1B1100 LitStr ;Push ptr_004022AC // "fb"入栈
:00402996 2A ConcatStr ;vbaStrCat // 连接字符串
****************************************
Case "6"
strCode = strCode & "fb"
****************************************
:00402997 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop // 将字符释放到0090
:0040299A 1E2202 Branch ;ESI=00402A06 // 跳出CASE
:0040299D 04C4FE FLdRfVar ;Push LOCAL_013C // 加载临时变量
******Possible String Ref To->"7"
|
:004029A0 3A48FF1200 LitVarStr ;PushVarString ptr_004022B8 // "7"入栈
:004029A5 5D HardType ;
:004029A6 FB33 EqVarBool ;// 判断变量是否相等
:004029A8 1CD401 BranchF ;If Pop=0 then ESI=004029B8 // 条件为假跳004029B8
:004029AB 6C70FF ILdRf ;Push DWORD [LOCAL_0090] // 加载strCode
******Possible String Ref To->"ea"
|
:004029AE 1B1300 LitStr ;Push ptr_004022C0 // "ea"入栈
:004029B1 2A ConcatStr ;vbaStrCat // 连接字符串
****************************************
Case "7"
strCode = strCode & "ea"
****************************************
:004029B2 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop // 将字符释放到0090
:004029B5 1E2202 Branch ;ESI=00402A06 // 跳出CASE
:004029B8 04C4FE FLdRfVar ;Push LOCAL_013C // 加载临时变量
******Possible String Ref To->"8"
|
:004029BB 3A48FF1400 LitVarStr ;PushVarString ptr_004022CC // "8"入栈
:004029C0 5D HardType ;
:004029C1 FB33 EqVarBool ;// 判断变量是否相等
:004029C3 1CEF01 BranchF ;If Pop=0 then ESI=004029D3 // 条件为假跳004029D3
:004029C6 6C70FF ILdRf ;Push DWORD [LOCAL_0090] // 加载strCode
******Possible String Ref To->"ec"
|
:004029C9 1B1500 LitStr ;Push ptr_004022D4 // "ec"入栈
:004029CC 2A ConcatStr ;vbaStrCat // 连接字符串
****************************************
Case "8"
strCode = strCode & "ec"
****************************************
:004029CD 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop // 将字符释放到0090
:004029D0 1E2202 Branch ;ESI=00402A06 // 跳出CASE
:004029D3 04C4FE FLdRfVar ;Push LOCAL_013C // 加载临时变量
******Possible String Ref To->"9"
|
:004029D6 3A48FF1600 LitVarStr ;PushVarString ptr_004022E0 // "9"入栈
:004029DB 5D HardType ;
:004029DC FB33 EqVarBool ;// 判断变量是否相等
:004029DE 1C0A02 BranchF ;If Pop=0 then ESI=004029EE // 条件为假跳004029EE
:004029E1 6C70FF ILdRf ;Push DWORD [LOCAL_0090] // 加载strCode
******Possible String Ref To->"db"
|
:004029E4 1B1700 LitStr ;Push ptr_004022E8 // "db"入栈
:004029E7 2A ConcatStr ;vbaStrCat // 连接字符串
****************************************
Case "9"
strCode = strCode & "db"
****************************************
:004029E8 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop // 将字符释放到0090
:004029EB 1E2202 Branch ;ESI=00402A06 // 跳出CASE
:004029EE 04C4FE FLdRfVar ;Push LOCAL_013C // 加载临时变量
******Possible String Ref To->"0"
|
:004029F1 3A48FF1800 LitVarStr ;PushVarString ptr_004022F4 // "0"入栈
:004029F6 5D HardType ;
:004029F7 FB33 EqVarBool ;// 判断变量是否相等
:004029F9 1C2202 BranchF ;If Pop=0 then ESI=00402A06 // 条件为假跳00402A06,正好为CASE结束
:004029FC 6C70FF ILdRf ;Push DWORD [LOCAL_0090] // 加载strCode
******Possible String Ref To->"ab"
|
:004029FF 1B1900 LitStr ;Push ptr_004022FC // "ab"入栈
:00402A02 2A ConcatStr ;vbaStrCat // 连接字符串
****************************************
Case "0"
strCode = strCode & "da"
****************************************
:00402A03 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop // 将字符释放到0090
****************************************
End Select
****************************************
:00402A06 2828FF0100 LitVarI2 ;PushVarInteger 0001 \ 取长度
:00402A0B 6B66FF FLdI2 ;Push WORD [LOCAL_009A] | 变量i的值
:00402A0E E7 CI4UI1 ; | // MID函数参数入栈
:00402A0F 0478FF FLdRfVar ;Push LOCAL_0088 / 文本内容
:00402A12 4D48FF0840 CVarRef ;// 创建临时变量
:00402A17 0418FF FLdRfVar ;Push LOCAL_00E8 // 加载临时变量
**********Reference To->msvbvm60.rtcMidCharVar
|
:00402A1A 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX // MID()操作
:00402A1F 0418FF FLdRfVar ;Push LOCAL_00E8 \
:00402A22 FDFE5CFF CStrVarVal ; / // ASC函数参数入栈
**********Reference To->msvbvm60.rtcAnsiValueBstr
|
:00402A26 0B04000400 ImpAdCallI2 ;Call ptr_00401030; check stack 0004; Push EAX // ASC()操作
:00402A2B F441 LitI2_Byte ;Push 41 // 65入栈
:00402A2D DF GeI2 ;// 大于等于比较操作
:00402A2E 28E8FE0100 LitVarI2 ;PushVarInteger 0001 \ 取长度
:00402A33 6B66FF FLdI2 ;Push WORD [LOCAL_009A] | 变量i的值
:00402A36 E7 CI4UI1 ; | // MID函数参数入栈
:00402A37 0478FF FLdRfVar ;Push LOCAL_0088 / 文本内容
:00402A3A 4D08FF0840 CVarRef ;// 创建临时变量
:00402A3F 04D8FE FLdRfVar ;Push LOCAL_0128 // 加载临时变量
**********Reference To->msvbvm60.rtcMidCharVar
|
:00402A42 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX // MID()操作
:00402A47 04D8FE FLdRfVar ;Push LOCAL_0128 \
:00402A4A FDFED4FE CStrVarVal ; / // ASC函数参数入栈
**********Reference To->msvbvm60.rtcAnsiValueBstr
|
:00402A4E 0B04000400 ImpAdCallI2 ;Call ptr_00401030; check stack 0004; Push EAX // ASC()操作
:00402A53 F45A LitI2_Byte ;Push 5A // 90入栈
:00402A55 D5 LeI2 ;// 小于等于比较操作
:00402A56 C4 AndI4 ;// AND
:00402A57 3204005CFFD4FE FFreeStr ;Do SysFreeString [arg_n]; [arg_n]=0 0004/2 times ~ arg
:00402A5E 36080028FF18FFE8 FFreeVar ;Free 0008/2 variants // 释放临时变量
:00402A69 1C6605 BranchF ;If Pop=0 then ESI=00402D4A // 条件为假则跳00402D4A
****************************************
If Asc(Mid(name, i, 1)) >= 65 And Asc(Mid(name, i, 1)) <= 90 Then 'A-Z
****************************************
:00402A6C 2828FF0100 LitVarI2 ;PushVarInteger 0001 \
:00402A71 6B66FF FLdI2 ;Push WORD [LOCAL_009A] | // MID函数参数入栈
:00402A74 E7 CI4UI1 ; | 具体操作如上
:00402A75 0478FF FLdRfVar ;Push LOCAL_0088 /
:00402A78 4D48FF0840 CVarRef ;// 创建临时变量
:00402A7D 0418FF FLdRfVar ;Push LOCAL_00E8 // 加载临时变量
**********Reference To->msvbvm60.rtcMidCharVar
|
:00402A80 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX //MID
:00402A85 0418FF FLdRfVar ;Push LOCAL_00E8 // Mid(name, i, 1)的内容入栈
:00402A88 FCF6B4FE FStVar ;
:00402A8C 3528FF FFree1Var ;Free LOCAL_00D8
:00402A8F 04B4FE FLdRfVar ;Push LOCAL_014C // 加载临时变量,用来保存"A"
################################下面是判断字符是大写、小写字母时的操作和上面的数字是一样的!################################
____________________________________________________________________________________________________________________________
******Possible String Ref To->"A"
|
:00402A92 3A48FF1A00 LitVarStr ;PushVarString ptr_00402308
:00402A97 5D HardType ;
:00402A98 FB33 EqVarBool ;
:00402A9A 1CC602 BranchF ;If Pop=0 then ESI=00402AAA
:00402A9D 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"01"
|
:00402AA0 1B1B00 LitStr ;Push ptr_00402310
:00402AA3 2A ConcatStr ;vbaStrCat
****************************************
Case "A"
strCode = strCode & "01"
****************************************
:00402AA4 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402AA7 1E6605 Branch ;ESI=00402D4A
:00402AAA 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"B"
|
:00402AAD 3A48FF1C00 LitVarStr ;PushVarString ptr_0040231C
:00402AB2 5D HardType ;
:00402AB3 FB33 EqVarBool ;
:00402AB5 1CE102 BranchF ;If Pop=0 then ESI=00402AC5
:00402AB8 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"62"
|
:00402ABB 1B1D00 LitStr ;Push ptr_00402324
:00402ABE 2A ConcatStr ;vbaStrCat
****************************************
Case "B"
strCode = strCode & "62"
****************************************
:00402ABF 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402AC2 1E6605 Branch ;ESI=00402D4A
:00402AC5 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"C"
|
:00402AC8 3A48FF1E00 LitVarStr ;PushVarString ptr_00402330
:00402ACD 5D HardType ;
:00402ACE FB33 EqVarBool ;
:00402AD0 1CFC02 BranchF ;If Pop=0 then ESI=00402AE0
:00402AD3 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"81"
|
:00402AD6 1B1F00 LitStr ;Push ptr_00402338
:00402AD9 2A ConcatStr ;vbaStrCat
****************************************
Case "C"
strCode = strCode & "81"
****************************************
:00402ADA 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402ADD 1E6605 Branch ;ESI=00402D4A
:00402AE0 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"D"
|
:00402AE3 3A48FF2000 LitVarStr ;PushVarString ptr_00402344
:00402AE8 5D HardType ;
:00402AE9 FB33 EqVarBool ;
:00402AEB 1C1703 BranchF ;If Pop=0 then ESI=00402AFB
:00402AEE 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"84"
|
:00402AF1 1B2100 LitStr ;Push ptr_0040234C
:00402AF4 2A ConcatStr ;vbaStrCat
****************************************
Case "D"
strCode = strCode & "84"
****************************************
:00402AF5 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402AF8 1E6605 Branch ;ESI=00402D4A
:00402AFB 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"E"
|
:00402AFE 3A48FF2200 LitVarStr ;PushVarString ptr_00402358
:00402B03 5D HardType ;
:00402B04 FB33 EqVarBool ;
:00402B06 1C3203 BranchF ;If Pop=0 then ESI=00402B16
:00402B09 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"63"
|
:00402B0C 1B2300 LitStr ;Push ptr_00402360
:00402B0F 2A ConcatStr ;vbaStrCat
****************************************
Case "E"
strCode = strCode & "63"
****************************************
:00402B10 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402B13 1E6605 Branch ;ESI=00402D4A
:00402B16 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"F"
|
:00402B19 3A48FF2400 LitVarStr ;PushVarString ptr_0040236C
:00402B1E 5D HardType ;
:00402B1F FB33 EqVarBool ;
:00402B21 1C4D03 BranchF ;If Pop=0 then ESI=00402B31
:00402B24 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"71"
|
:00402B27 1B2500 LitStr ;Push ptr_00402374
:00402B2A 2A ConcatStr ;vbaStrCat
****************************************
Case "F"
strCode = strCode & "71"
****************************************
:00402B2B 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402B2E 1E6605 Branch ;ESI=00402D4A
:00402B31 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"G"
|
:00402B34 3A48FF2600 LitVarStr ;PushVarString ptr_00402380
:00402B39 5D HardType ;
:00402B3A FB33 EqVarBool ;
:00402B3C 1C6803 BranchF ;If Pop=0 then ESI=00402B4C
:00402B3F 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"72"
|
:00402B42 1B2700 LitStr ;Push ptr_00402388
:00402B45 2A ConcatStr ;vbaStrCat
****************************************
Case "G"
strCode = strCode & "72"
****************************************
:00402B46 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402B49 1E6605 Branch ;ESI=00402D4A
:00402B4C 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"H"
|
:00402B4F 3A48FF2800 LitVarStr ;PushVarString ptr_00402394
:00402B54 5D HardType ;
:00402B55 FB33 EqVarBool ;
:00402B57 1C8303 BranchF ;If Pop=0 then ESI=00402B67
:00402B5A 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"91"
|
:00402B5D 1B2900 LitStr ;Push ptr_0040239C
:00402B60 2A ConcatStr ;vbaStrCat
****************************************
Case "H"
strCode = strCode & "91"
****************************************
:00402B61 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402B64 1E6605 Branch ;ESI=00402D4A
:00402B67 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"I"
|
:00402B6A 3A48FF2A00 LitVarStr ;PushVarString ptr_004023A8
:00402B6F 5D HardType ;
:00402B70 FB33 EqVarBool ;
:00402B72 1C9E03 BranchF ;If Pop=0 then ESI=00402B82
:00402B75 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"74"
|
:00402B78 1B2B00 LitStr ;Push ptr_004023B0
:00402B7B 2A ConcatStr ;vbaStrCat
****************************************
Case "I"
strCode = strCode & "74"
****************************************
:00402B7C 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402B7F 1E6605 Branch ;ESI=00402D4A
:00402B82 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"J"
|
:00402B85 3A48FF2C00 LitVarStr ;PushVarString ptr_004023BC
:00402B8A 5D HardType ;
:00402B8B FB33 EqVarBool ;
:00402B8D 1CB903 BranchF ;If Pop=0 then ESI=00402B9D
:00402B90 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"93"
|
:00402B93 1B2D00 LitStr ;Push ptr_004023C4
:00402B96 2A ConcatStr ;vbaStrCat
****************************************
Case "J"
strCode = strCode & "93"
****************************************
:00402B97 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402B9A 1E6605 Branch ;ESI=00402D4A
:00402B9D 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"K"
|
:00402BA0 3A48FF2E00 LitVarStr ;PushVarString ptr_004023D0
:00402BA5 5D HardType ;
:00402BA6 FB33 EqVarBool ;
:00402BA8 1CD403 BranchF ;If Pop=0 then ESI=00402BB8
:00402BAB 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"03"
|
:00402BAE 1B2F00 LitStr ;Push ptr_004023D8
:00402BB1 2A ConcatStr ;vbaStrCat
****************************************
Case "K"
strCode = strCode & "03"
****************************************
:00402BB2 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402BB5 1E6605 Branch ;ESI=00402D4A
:00402BB8 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"L"
|
:00402BBB 3A48FF3000 LitVarStr ;PushVarString ptr_004023E4
:00402BC0 5D HardType ;
:00402BC1 FB33 EqVarBool ;
:00402BC3 1CEF03 BranchF ;If Pop=0 then ESI=00402BD3
:00402BC6 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"82"
|
:00402BC9 1B3100 LitStr ;Push ptr_004023EC
:00402BCC 2A ConcatStr ;vbaStrCat
****************************************
Case "L"
strCode = strCode & "82"
****************************************
:00402BCD 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402BD0 1E6605 Branch ;ESI=00402D4A
:00402BD3 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"M"
|
:00402BD6 3A48FF3200 LitVarStr ;PushVarString ptr_004023F8
:00402BDB 5D HardType ;
:00402BDC FB33 EqVarBool ;
:00402BDE 1C0A04 BranchF ;If Pop=0 then ESI=00402BEE
:00402BE1 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"61"
|
:00402BE4 1B3300 LitStr ;Push ptr_00402400
:00402BE7 2A ConcatStr ;vbaStrCat
****************************************
Case "M"
strCode = strCode & "61"
****************************************
:00402BE8 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402BEB 1E6605 Branch ;ESI=00402D4A
:00402BEE 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"N"
|
:00402BF1 3A48FF3400 LitVarStr ;PushVarString ptr_0040240C
:00402BF6 5D HardType ;
:00402BF7 FB33 EqVarBool ;
:00402BF9 1C2504 BranchF ;If Pop=0 then ESI=00402C09
:00402BFC 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"02"
|
:00402BFF 1B3500 LitStr ;Push ptr_00402414
:00402C02 2A ConcatStr ;vbaStrCat
****************************************
Case "N"
strCode = strCode & "02"
****************************************
:00402C03 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402C06 1E6605 Branch ;ESI=00402D4A
:00402C09 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"O"
|
:00402C0C 3A48FF3600 LitVarStr ;PushVarString ptr_00402420
:00402C11 5D HardType ;
:00402C12 FB33 EqVarBool ;
:00402C14 1C4004 BranchF ;If Pop=0 then ESI=00402C24
:00402C17 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"65"
|
:00402C1A 1B3700 LitStr ;Push ptr_00402428
:00402C1D 2A ConcatStr ;vbaStrCat
****************************************
Case "O"
strCode = strCode & "65"
****************************************
:00402C1E 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402C21 1E6605 Branch ;ESI=00402D4A
:00402C24 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"P"
|
:00402C27 3A48FF3800 LitVarStr ;PushVarString ptr_00402434
:00402C2C 5D HardType ;
:00402C2D FB33 EqVarBool ;
:00402C2F 1C5B04 BranchF ;If Pop=0 then ESI=00402C3F
:00402C32 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"8a"
|
:00402C35 1B3900 LitStr ;Push ptr_0040243C
:00402C38 2A ConcatStr ;vbaStrCat
****************************************
Case "P"
strCode = strCode & "8a"
****************************************
:00402C39 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402C3C 1E6605 Branch ;ESI=00402D4A
:00402C3F 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"Q"
|
:00402C42 3A48FF3A00 LitVarStr ;PushVarString ptr_00402448
:00402C47 5D HardType ;
:00402C48 FB33 EqVarBool ;
:00402C4A 1C7604 BranchF ;If Pop=0 then ESI=00402C5A
:00402C4D 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"92"
|
:00402C50 1B3B00 LitStr ;Push ptr_00402450
:00402C53 2A ConcatStr ;vbaStrCat
****************************************
Case "Q"
strCode = strCode & "92"
****************************************
:00402C54 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402C57 1E6605 Branch ;ESI=00402D4A
:00402C5A 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"R"
|
:00402C5D 3A48FF3C00 LitVarStr ;PushVarString ptr_0040245C
:00402C62 5D HardType ;
:00402C63 FB33 EqVarBool ;
:00402C65 1C9104 BranchF ;If Pop=0 then ESI=00402C75
:00402C68 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"75"
|
:00402C6B 1B3D00 LitStr ;Push ptr_00402464
:00402C6E 2A ConcatStr ;vbaStrCat
****************************************
Case "R"
strCode = strCode & "75"
****************************************
:00402C6F 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402C72 1E6605 Branch ;ESI=00402D4A
:00402C75 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"S"
|
:00402C78 3A48FF3E00 LitVarStr ;PushVarString ptr_00402470
:00402C7D 5D HardType ;
:00402C7E FB33 EqVarBool ;
:00402C80 1CAC04 BranchF ;If Pop=0 then ESI=00402C90
:00402C83 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"05"
|
:00402C86 1B3F00 LitStr ;Push ptr_00402478
:00402C89 2A ConcatStr ;vbaStrCat
****************************************
Case "S"
strCode = strCode & "05"
****************************************
:00402C8A 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402C8D 1E6605 Branch ;ESI=00402D4A
:00402C90 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"T"
|
:00402C93 3A48FF4000 LitVarStr ;PushVarString ptr_00402484
:00402C98 5D HardType ;
:00402C99 FB33 EqVarBool ;
:00402C9B 1CC704 BranchF ;If Pop=0 then ESI=00402CAB
:00402C9E 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"95"
|
:00402CA1 1B4100 LitStr ;Push ptr_0040248C
:00402CA4 2A ConcatStr ;vbaStrCat
****************************************
Case "T"
strCode = strCode & "95"
****************************************
:00402CA5 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402CA8 1E6605 Branch ;ESI=00402D4A
:00402CAB 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"U"
|
:00402CAE 3A48FF4200 LitVarStr ;PushVarString ptr_00402498
:00402CB3 5D HardType ;
:00402CB4 FB33 EqVarBool ;
:00402CB6 1CE204 BranchF ;If Pop=0 then ESI=00402CC6
:00402CB9 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"83"
|
:00402CBC 1B4300 LitStr ;Push ptr_004024A0
:00402CBF 2A ConcatStr ;vbaStrCat
****************************************
Case "U"
strCode = strCode & "83"
****************************************
:00402CC0 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402CC3 1E6605 Branch ;ESI=00402D4A
:00402CC6 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"V"
|
:00402CC9 3A48FF4400 LitVarStr ;PushVarString ptr_004024AC
:00402CCE 5D HardType ;
:00402CCF FB33 EqVarBool ;
:00402CD1 1CFD04 BranchF ;If Pop=0 then ESI=00402CE1
:00402CD4 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"64"
|
:00402CD7 1B4500 LitStr ;Push ptr_004024B4
:00402CDA 2A ConcatStr ;vbaStrCat
****************************************
Case "V"
strCode = strCode & "64"
****************************************
:00402CDB 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402CDE 1E6605 Branch ;ESI=00402D4A
:00402CE1 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"W"
|
:00402CE4 3A48FF4600 LitVarStr ;PushVarString ptr_004024C0
:00402CE9 5D HardType ;
:00402CEA FB33 EqVarBool ;
:00402CEC 1C1805 BranchF ;If Pop=0 then ESI=00402CFC
:00402CEF 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"85"
|
:00402CF2 1B4700 LitStr ;Push ptr_004024C8
:00402CF5 2A ConcatStr ;vbaStrCat
****************************************
Case "W"
strCode = strCode & "85"
****************************************
:00402CF6 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402CF9 1E6605 Branch ;ESI=00402D4A
:00402CFC 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"X"
|
:00402CFF 3A48FF4800 LitVarStr ;PushVarString ptr_004024D4
:00402D04 5D HardType ;
:00402D05 FB33 EqVarBool ;
:00402D07 1C3305 BranchF ;If Pop=0 then ESI=00402D17
:00402D0A 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"04"
|
:00402D0D 1B4900 LitStr ;Push ptr_004024DC
:00402D10 2A ConcatStr ;vbaStrCat
****************************************
Case "X"
strCode = strCode & "04"
****************************************
:00402D11 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402D14 1E6605 Branch ;ESI=00402D4A
:00402D17 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"Y"
|
:00402D1A 3A48FF4A00 LitVarStr ;PushVarString ptr_004024E8
:00402D1F 5D HardType ;
:00402D20 FB33 EqVarBool ;
:00402D22 1C4E05 BranchF ;If Pop=0 then ESI=00402D32
:00402D25 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"94"
|
:00402D28 1B4B00 LitStr ;Push ptr_004024F0
:00402D2B 2A ConcatStr ;vbaStrCat
****************************************
Case "Y"
strCode = strCode & "94"
****************************************
:00402D2C 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402D2F 1E6605 Branch ;ESI=00402D4A
:00402D32 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"Z"
|
:00402D35 3A48FF4C00 LitVarStr ;PushVarString ptr_004024FC
:00402D3A 5D HardType ;
:00402D3B FB33 EqVarBool ;
:00402D3D 1C6605 BranchF ;If Pop=0 then ESI=00402D4A
:00402D40 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"73"
|
:00402D43 1B4D00 LitStr ;Push ptr_00402504
:00402D46 2A ConcatStr ;vbaStrCat
****************************************
Case "Z"
strCode = strCode & "73"
****************************************
:00402D47 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
****************************************
小写字符处理
****************************************
:00402D4A 2828FF0100 LitVarI2 ;PushVarInteger 0001
:00402D4F 6B66FF FLdI2 ;Push WORD [LOCAL_009A]
:00402D52 E7 CI4UI1 ;
:00402D53 0478FF FLdRfVar ;Push LOCAL_0088
:00402D56 4D48FF0840 CVarRef ;
:00402D5B 0418FF FLdRfVar ;Push LOCAL_00E8
**********Reference To->msvbvm60.rtcMidCharVar
|
:00402D5E 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX
:00402D63 0418FF FLdRfVar ;Push LOCAL_00E8
:00402D66 FDFE5CFF CStrVarVal ;
**********Reference To->msvbvm60.rtcAnsiValueBstr
|
:00402D6A 0B04000400 ImpAdCallI2 ;Call ptr_00401030; check stack 0004; Push EAX
:00402D6F F461 LitI2_Byte ;Push 61
:00402D71 DF GeI2 ;
:00402D72 28E8FE0100 LitVarI2 ;PushVarInteger 0001
:00402D77 6B66FF FLdI2 ;Push WORD [LOCAL_009A]
:00402D7A E7 CI4UI1 ;
:00402D7B 0478FF FLdRfVar ;Push LOCAL_0088
:00402D7E 4D08FF0840 CVarRef ;
:00402D83 04D8FE FLdRfVar ;Push LOCAL_0128
**********Reference To->msvbvm60.rtcMidCharVar
|
:00402D86 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX
:00402D8B 04D8FE FLdRfVar ;Push LOCAL_0128
:00402D8E FDFED4FE CStrVarVal ;
**********Reference To->msvbvm60.rtcAnsiValueBstr
|
:00402D92 0B04000400 ImpAdCallI2 ;Call ptr_00401030; check stack 0004; Push EAX
:00402D97 F47A LitI2_Byte ;Push 7A
:00402D99 D5 LeI2 ;
:00402D9A C4 AndI4 ;
:00402D9B 3204005CFFD4FE FFreeStr ;Do SysFreeString [arg_n]; [arg_n]=0 0004/2 times ~ arg
:00402DA2 36080028FF18FFE8 FFreeVar ;Free 0008/2 variants
:00402DAD 1CAA08 BranchF ;If Pop=0 then ESI=0040308E
:00402DB0 2828FF0100 LitVarI2 ;PushVarInteger 0001
:00402DB5 6B66FF FLdI2 ;Push WORD [LOCAL_009A]
:00402DB8 E7 CI4UI1 ;
:00402DB9 0478FF FLdRfVar ;Push LOCAL_0088
:00402DBC 4D48FF0840 CVarRef ;
:00402DC1 0418FF FLdRfVar ;Push LOCAL_00E8
**********Reference To->msvbvm60.rtcMidCharVar
|
:00402DC4 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX
:00402DC9 0418FF FLdRfVar ;Push LOCAL_00E8
:00402DCC FCF6A4FE FStVar ;
:00402DD0 3528FF FFree1Var ;Free LOCAL_00D8
:00402DD3 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"a"
|
:00402DD6 3A48FF4E00 LitVarStr ;PushVarString ptr_00402510
:00402DDB 5D HardType ;
:00402DDC FB33 EqVarBool ;
:00402DDE 1C0A06 BranchF ;If Pop=0 then ESI=00402DEE
:00402DE1 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"10"
|
:00402DE4 1B4F00 LitStr ;Push ptr_00402518
:00402DE7 2A ConcatStr ;vbaStrCat
****************************************
Case "a"
strCode = strCode & "10"
****************************************
:00402DE8 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402DEB 1EAA08 Branch ;ESI=0040308E
:00402DEE 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"b"
|
:00402DF1 3A48FF5000 LitVarStr ;PushVarString ptr_00402524
:00402DF6 5D HardType ;
:00402DF7 FB33 EqVarBool ;
:00402DF9 1C2506 BranchF ;If Pop=0 then ESI=00402E09
:00402DFC 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"26"
|
:00402DFF 1B5100 LitStr ;Push ptr_0040252C
:00402E02 2A ConcatStr ;vbaStrCat
****************************************
Case "b"
strCode = strCode & "26"
****************************************
:00402E03 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402E06 1EAA08 Branch ;ESI=0040308E
:00402E09 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"c"
|
:00402E0C 3A48FF5200 LitVarStr ;PushVarString ptr_00402538
:00402E11 5D HardType ;
:00402E12 FB33 EqVarBool ;
:00402E14 1C4006 BranchF ;If Pop=0 then ESI=00402E24
:00402E17 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"18"
|
:00402E1A 1B5300 LitStr ;Push ptr_00402540
:00402E1D 2A ConcatStr ;vbaStrCat
****************************************
Case "c"
strCode = strCode & "18"
****************************************
:00402E1E 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402E21 1EAA08 Branch ;ESI=0040308E
:00402E24 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"d"
|
:00402E27 3A48FF5400 LitVarStr ;PushVarString ptr_0040254C
:00402E2C 5D HardType ;
:00402E2D FB33 EqVarBool ;
:00402E2F 1C5B06 BranchF ;If Pop=0 then ESI=00402E3F
:00402E32 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"48"
|
:00402E35 1B5500 LitStr ;Push ptr_00402554
:00402E38 2A ConcatStr ;vbaStrCat
****************************************
Case "d"
strCode = strCode & "48"
****************************************
:00402E39 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402E3C 1EAA08 Branch ;ESI=0040308E
:00402E3F 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"e"
|
:00402E42 3A48FF5600 LitVarStr ;PushVarString ptr_00402560
:00402E47 5D HardType ;
:00402E48 FB33 EqVarBool ;
:00402E4A 1C7606 BranchF ;If Pop=0 then ESI=00402E5A
:00402E4D 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"36"
|
:00402E50 1B5700 LitStr ;Push ptr_00402568
:00402E53 2A ConcatStr ;vbaStrCat
****************************************
Case "e"
strCode = strCode & "36"
****************************************
:00402E54 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402E57 1EAA08 Branch ;ESI=0040308E
:00402E5A 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"f"
|
:00402E5D 3A48FF5800 LitVarStr ;PushVarString ptr_00402574
:00402E62 5D HardType ;
:00402E63 FB33 EqVarBool ;
:00402E65 1C9106 BranchF ;If Pop=0 then ESI=00402E75
:00402E68 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"17"
|
:00402E6B 1B5900 LitStr ;Push ptr_0040257C
:00402E6E 2A ConcatStr ;vbaStrCat
****************************************
Case "f"
strCode = strCode & "17"
****************************************
:00402E6F 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402E72 1EAA08 Branch ;ESI=0040308E
:00402E75 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"g"
|
:00402E78 3A48FF5A00 LitVarStr ;PushVarString ptr_00402588
:00402E7D 5D HardType ;
:00402E7E FB33 EqVarBool ;
:00402E80 1CAC06 BranchF ;If Pop=0 then ESI=00402E90
:00402E83 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"27"
|
:00402E86 1B5B00 LitStr ;Push ptr_00402590
:00402E89 2A ConcatStr ;vbaStrCat
****************************************
Case "g"
strCode = strCode & "27"
****************************************
:00402E8A 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402E8D 1EAA08 Branch ;ESI=0040308E
:00402E90 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"h"
|
:00402E93 3A48FF5C00 LitVarStr ;PushVarString ptr_0040259C
:00402E98 5D HardType ;
:00402E99 FB33 EqVarBool ;
:00402E9B 1CC706 BranchF ;If Pop=0 then ESI=00402EAB
:00402E9E 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"19"
|
:00402EA1 1B5D00 LitStr ;Push ptr_004025A4
:00402EA4 2A ConcatStr ;vbaStrCat
****************************************
Case "h"
strCode = strCode & "19"
****************************************
:00402EA5 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402EA8 1EAA08 Branch ;ESI=0040308E
:00402EAB 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"i"
|
:00402EAE 3A48FF5E00 LitVarStr ;PushVarString ptr_004025B0
:00402EB3 5D HardType ;
:00402EB4 FB33 EqVarBool ;
:00402EB6 1CE206 BranchF ;If Pop=0 then ESI=00402EC6
:00402EB9 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"47"
|
:00402EBC 1B5F00 LitStr ;Push ptr_004025B8
:00402EBF 2A ConcatStr ;vbaStrCat
****************************************
Case "i"
strCode = strCode & "47"
****************************************
:00402EC0 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402EC3 1EAA08 Branch ;ESI=0040308E
:00402EC6 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"j"
|
:00402EC9 3A48FF6000 LitVarStr ;PushVarString ptr_004025C4
:00402ECE 5D HardType ;
:00402ECF FB33 EqVarBool ;
:00402ED1 1CFD06 BranchF ;If Pop=0 then ESI=00402EE1
:00402ED4 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"39"
|
:00402ED7 1B6100 LitStr ;Push ptr_004025CC
:00402EDA 2A ConcatStr ;vbaStrCat
****************************************
Case "j"
strCode = strCode & "39"
****************************************
:00402EDB 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402EDE 1EAA08 Branch ;ESI=0040308E
:00402EE1 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"k"
|
:00402EE4 3A48FF6200 LitVarStr ;PushVarString ptr_004025D8
:00402EE9 5D HardType ;
:00402EEA FB33 EqVarBool ;
:00402EEC 1C1807 BranchF ;If Pop=0 then ESI=00402EFC
:00402EEF 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"30"
|
:00402EF2 1B6300 LitStr ;Push ptr_004025E0
:00402EF5 2A ConcatStr ;vbaStrCat
****************************************
Case "k"
strCode = strCode & "30"
****************************************
:00402EF6 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402EF9 1EAA08 Branch ;ESI=0040308E
:00402EFC 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"l"
|
:00402EFF 3A48FF6400 LitVarStr ;PushVarString ptr_004025EC
:00402F04 5D HardType ;
:00402F05 FB33 EqVarBool ;
:00402F07 1C3307 BranchF ;If Pop=0 then ESI=00402F17
:00402F0A 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"28"
|
:00402F0D 1B6500 LitStr ;Push ptr_004025F4
:00402F10 2A ConcatStr ;vbaStrCat
****************************************
Case "l"
strCode = strCode & "28"
****************************************
:00402F11 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402F14 1EAA08 Branch ;ESI=0040308E
:00402F17 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"m"
|
:00402F1A 3A48FF6600 LitVarStr ;PushVarString ptr_00402600
:00402F1F 5D HardType ;
:00402F20 FB33 EqVarBool ;
:00402F22 1C4E07 BranchF ;If Pop=0 then ESI=00402F32
:00402F25 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"16"
|
:00402F28 1B6700 LitStr ;Push ptr_00402608
:00402F2B 2A ConcatStr ;vbaStrCat
****************************************
Case "m"
strCode = strCode & "16"
****************************************
:00402F2C 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402F2F 1EAA08 Branch ;ESI=0040308E
:00402F32 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"n"
|
:00402F35 3A48FF6800 LitVarStr ;PushVarString ptr_00402614
:00402F3A 5D HardType ;
:00402F3B FB33 EqVarBool ;
:00402F3D 1C6907 BranchF ;If Pop=0 then ESI=00402F4D
:00402F40 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"20"
|
:00402F43 1B6900 LitStr ;Push ptr_0040261C
:00402F46 2A ConcatStr ;vbaStrCat
****************************************
Case "n"
strCode = strCode & "20"
****************************************
:00402F47 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402F4A 1EAA08 Branch ;ESI=0040308E
:00402F4D 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"o"
|
:00402F50 3A48FF6A00 LitVarStr ;PushVarString ptr_00402628
:00402F55 5D HardType ;
:00402F56 FB33 EqVarBool ;
:00402F58 1C8407 BranchF ;If Pop=0 then ESI=00402F68
:00402F5B 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"56"
|
:00402F5E 1B6B00 LitStr ;Push ptr_00402630
:00402F61 2A ConcatStr ;vbaStrCat
****************************************
Case "o"
strCode = strCode & "56"
****************************************
:00402F62 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402F65 1EAA08 Branch ;ESI=0040308E
:00402F68 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"p"
|
:00402F6B 3A48FF6C00 LitVarStr ;PushVarString ptr_0040263C
:00402F70 5D HardType ;
:00402F71 FB33 EqVarBool ;
:00402F73 1C9F07 BranchF ;If Pop=0 then ESI=00402F83
:00402F76 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"3f"
|
:00402F79 1B6D00 LitStr ;Push ptr_00402644
:00402F7C 2A ConcatStr ;vbaStrCat
****************************************
Case "p"
strCode = strCode & "3f"
****************************************
:00402F7D 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402F80 1EAA08 Branch ;ESI=0040308E
:00402F83 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"q"
|
:00402F86 3A48FF6E00 LitVarStr ;PushVarString ptr_00402650
:00402F8B 5D HardType ;
:00402F8C FB33 EqVarBool ;
:00402F8E 1CBA07 BranchF ;If Pop=0 then ESI=00402F9E
:00402F91 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"29"
|
:00402F94 1B6F00 LitStr ;Push ptr_00402658
:00402F97 2A ConcatStr ;vbaStrCat
****************************************
Case "q"
strCode = strCode & "29"
****************************************
:00402F98 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402F9B 1EAA08 Branch ;ESI=0040308E
:00402F9E 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"r"
|
:00402FA1 3A48FF7000 LitVarStr ;PushVarString ptr_00402664
:00402FA6 5D HardType ;
:00402FA7 FB33 EqVarBool ;
:00402FA9 1CD507 BranchF ;If Pop=0 then ESI=00402FB9
:00402FAC 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"57"
|
:00402FAF 1B7100 LitStr ;Push ptr_0040266C
:00402FB2 2A ConcatStr ;vbaStrCat
****************************************
Case "r"
strCode = strCode & "57"
****************************************
:00402FB3 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402FB6 1EAA08 Branch ;ESI=0040308E
:00402FB9 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"s"
|
:00402FBC 3A48FF7200 LitVarStr ;PushVarString ptr_00402678
:00402FC1 5D HardType ;
:00402FC2 FB33 EqVarBool ;
:00402FC4 1CF007 BranchF ;If Pop=0 then ESI=00402FD4
:00402FC7 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"50"
|
:00402FCA 1B7300 LitStr ;Push ptr_00402680
:00402FCD 2A ConcatStr ;vbaStrCat
****************************************
Case "s"
strCode = strCode & "50"
****************************************
:00402FCE 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402FD1 1EAA08 Branch ;ESI=0040308E
:00402FD4 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"t"
|
:00402FD7 3A48FF7400 LitVarStr ;PushVarString ptr_0040268C
:00402FDC 5D HardType ;
:00402FDD FB33 EqVarBool ;
:00402FDF 1C0B08 BranchF ;If Pop=0 then ESI=00402FEF
:00402FE2 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"59"
|
:00402FE5 1B7500 LitStr ;Push ptr_00402694
:00402FE8 2A ConcatStr ;vbaStrCat
****************************************
Case "t"
strCode = strCode & "59"
****************************************
:00402FE9 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402FEC 1EAA08 Branch ;ESI=0040308E
:00402FEF 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"u"
|
:00402FF2 3A48FF7600 LitVarStr ;PushVarString ptr_004026A0
:00402FF7 5D HardType ;
:00402FF8 FB33 EqVarBool ;
:00402FFA 1C2608 BranchF ;If Pop=0 then ESI=0040300A
:00402FFD 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"38"
|
:00403000 1B7700 LitStr ;Push ptr_004026A8
:00403003 2A ConcatStr ;vbaStrCat
****************************************
Case "u"
strCode = strCode & "38"
****************************************
:00403004 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00403007 1EAA08 Branch ;ESI=0040308E
:0040300A 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"v"
|
:0040300D 3A48FF7800 LitVarStr ;PushVarString ptr_004026B4
:00403012 5D HardType ;
:00403013 FB33 EqVarBool ;
:00403015 1C4108 BranchF ;If Pop=0 then ESI=00403025
:00403018 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"46"
|
:0040301B 1B7900 LitStr ;Push ptr_004026BC
:0040301E 2A ConcatStr ;vbaStrCat
****************************************
Case "v"
strCode = strCode & "46"
****************************************
:0040301F 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00403022 1EAA08 Branch ;ESI=0040308E
:00403025 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"w"
|
:00403028 3A48FF7A00 LitVarStr ;PushVarString ptr_004026C8
:0040302D 5D HardType ;
:0040302E FB33 EqVarBool ;
:00403030 1C5C08 BranchF ;If Pop=0 then ESI=00403040
:00403033 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"58"
|
:00403036 1B7B00 LitStr ;Push ptr_004026D0
:00403039 2A ConcatStr ;vbaStrCat
****************************************
Case "w"
strCode = strCode & "58"
****************************************
:0040303A 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:0040303D 1EAA08 Branch ;ESI=0040308E
:00403040 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"x"
|
:00403043 3A48FF7C00 LitVarStr ;PushVarString ptr_004026DC
:00403048 5D HardType ;
:00403049 FB33 EqVarBool ;
:0040304B 1C7708 BranchF ;If Pop=0 then ESI=0040305B
:0040304E 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"40"
|
:00403051 1B7D00 LitStr ;Push ptr_004026E4
:00403054 2A ConcatStr ;vbaStrCat
****************************************
Case "x"
strCode = strCode & "40"
****************************************
:00403055 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00403058 1EAA08 Branch ;ESI=0040308E
:0040305B 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"y"
|
:0040305E 3A48FF7E00 LitVarStr ;PushVarString ptr_004026F0
:00403063 5D HardType ;
:00403064 FB33 EqVarBool ;
:00403066 1C9208 BranchF ;If Pop=0 then ESI=00403076
:00403069 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"94"
|
:0040306C 1B4B00 LitStr ;Push ptr_004024F0
:0040306F 2A ConcatStr ;vbaStrCat
****************************************
Case "y"
strCode = strCode & "94"
****************************************
:00403070 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00403073 1EAA08 Branch ;ESI=0040308E
:00403076 04A4FE FLdRfVar ;Push LOCAL_015C
******Possible String Ref To->"z"
|
:00403079 3A48FF7F00 LitVarStr ;PushVarString ptr_004026F8
:0040307E 5D HardType ;
:0040307F FB33 EqVarBool ;
:00403081 1CAA08 BranchF ;If Pop=0 then ESI=0040308E
:00403084 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"37"
|
:00403087 1B8000 LitStr ;Push ptr_00402700
:0040308A 2A ConcatStr ;vbaStrCat
****************************************
Case "z"
strCode = strCode & "37"
****************************************
:0040308B 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
##################################################################################################################
// 以上操作就是用NAME长度来循环,分别取每一个NAME字符,判断是数字或大小写字符,查表替换。
__________________________________________________________________________________________________________________
:0040308E 2828FF0100 LitVarI2 ;PushVarInteger 0001 \ 取长度
:00403093 6B66FF FLdI2 ;Push WORD [LOCAL_009A] | 变量i的值
:00403096 E7 CI4UI1 ; | // MID函数参数入栈
:00403097 0478FF FLdRfVar ;Push LOCAL_0088 / 文本内容
:0040309A 4D48FF0840 CVarRef ;// 创建临时变量
:0040309F 0418FF FLdRfVar ;Push LOCAL_00E8 // 加载临时变量
**********Reference To->msvbvm60.rtcMidCharVar
|
:004030A2 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX // MID()
:004030A7 0418FF FLdRfVar ;Push LOCAL_00E8 \
:004030AA FDFE5CFF CStrVarVal ; / // ASC函数参数入栈
**********Reference To->msvbvm60.rtcAnsiValueBstr
|
:004030AE 0B04000400 ImpAdCallI2 ;Call ptr_00401030; check stack 0004; Push EAX // ASC()
:004030B3 F400 LitI2_Byte ;Push 00 // 00入栈
:004030B5 DF GeI2 ;// 大于等于比较操作
:004030B6 28E8FE0100 LitVarI2 ;PushVarInteger 0001 \
:004030BB 6B66FF FLdI2 ;Push WORD [LOCAL_009A] | // MID函数参数入栈
:004030BE E7 CI4UI1 ; |
:004030BF 0478FF FLdRfVar ;Push LOCAL_0088 /
:004030C2 4D08FF0840 CVarRef ;// 创建临时变量
:004030C7 04D8FE FLdRfVar ;Push LOCAL_0128 // 加载临时变量
**********Reference To->msvbvm60.rtcMidCharVar
|
:004030CA 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX //MID()
:004030CF 04D8FE FLdRfVar ;Push LOCAL_0128 \
:004030D2 FDFED4FE CStrVarVal ; / // ASC函数参数入栈
**********Reference To->msvbvm60.rtcAnsiValueBstr
|
:004030D6 0B04000400 ImpAdCallI2 ;Call ptr_00401030; check stack 0004; Push EAX //ASC()
:004030DB F42F LitI2_Byte ;Push 2F // 47入栈
:004030DD D5 LeI2 ;// 小于等于比较操作
:004030DE C4 AndI4 ;// AND
:004030DF 3204005CFFD4FE FFreeStr ;Do SysFreeString [arg_n]; [arg_n]=0 0004/2 times ~ arg
:004030E6 36080028FF18FFE8 FFreeVar ;Free 0008/2 variants// 释放临时变量
:004030F1 1C2609 BranchF ;If Pop=0 then ESI=0040310A //条件为假则跳0040310A
******Possible String Ref To->""
|
:004030F4 1B0200 LitStr ;Push ptr_00402228 // NULL字符入栈
:004030F7 21 FLdPrThis ;[SR]=[stack2] \
:004030F8 0F0403 VCallAd ;Return the control index 03 / // 获得窗体句柄
:004030FB 1960FF FStAdFunc ;// 取propput过程地址
:004030FE 0860FF FLdPr ;[SR]=[LOCAL_00A0] //加载过程
***********Reference To:[propput]TextBox.Text // propput,TextBox.Text的赋值过程
|
:00403101 0DA4000300 VCallHresult ;Call ptr_0040222C // 给TextBox.Text赋值
:00403106 1A60FF FFree1Ad ;Push [LOCAL_00A0]; Call [[[LOCAL_00A0]]+8]; [[LOCAL_00A0]]=0 // 释放加载过程空间
:00403109 13 ExitProcHresult ;// 退出过程
****************************************
If Asc(Mid(name, i, 1)) >= 0 And Asc(Mid(name, i, 1)) <= 47 Then
Text1.Text = ""
Exit Sub
End If
****************************************
:0040310A 2828FF0100 LitVarI2 ;PushVarInteger 0001 \
:0040310F 6B66FF FLdI2 ;Push WORD [LOCAL_009A] | // MID函数参数入栈
:00403112 E7 CI4UI1 ; |
:00403113 0478FF FLdRfVar ;Push LOCAL_0088 /
:00403116 4D48FF0840 CVarRef ;// 创建临时变量
:0040311B 0418FF FLdRfVar ;Push LOCAL_00E8 // 加载临时变量
**********Reference To->msvbvm60.rtcMidCharVar
|
:0040311E 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX // MID()
:00403123 0418FF FLdRfVar ;Push LOCAL_00E8 \
:00403126 FDFE5CFF CStrVarVal ; / // ASC函数参数入栈
**********Reference To->msvbvm60.rtcAnsiValueBstr
|
:0040312A 0B04000400 ImpAdCallI2 ;Call ptr_00401030; check stack 0004; Push EAX // ASC()
:0040312F F43A LitI2_Byte ;Push 3A // 58入栈
:00403131 DF GeI2 ;// 大于等于比较操作
:00403132 28E8FE0100 LitVarI2 ;PushVarInteger 0001 \
:00403137 6B66FF FLdI2 ;Push WORD [LOCAL_009A] | // MID函数参数入栈
:0040313A E7 CI4UI1 ; |
:0040313B 0478FF FLdRfVar ;Push LOCAL_0088 /
:0040313E 4D08FF0840 CVarRef ;// 创建临时变量
:00403143 04D8FE FLdRfVar ;Push LOCAL_0128 // 加载临时变量
**********Reference To->msvbvm60.rtcMidCharVar
|
:00403146 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX //MID()
:0040314B 04D8FE FLdRfVar ;Push LOCAL_0128 \
:0040314E FDFED4FE CStrVarVal ; / // ASC函数参数入栈
**********Reference To->msvbvm60.rtcAnsiValueBstr
|
:00403152 0B04000400 ImpAdCallI2 ;Call ptr_00401030; check stack 0004; Push EAX //ASC()
:00403157 F440 LitI2_Byte ;Push 40 // 64入栈
:00403159 D5 LeI2 ;// 小于等于比较操作
:0040315A C4 AndI4 ;// AND
:0040315B 3204005CFFD4FE FFreeStr ;Do SysFreeString [arg_n]; [arg_n]=0 0004/2 times ~ arg
:00403162 36080028FF18FFE8 FFreeVar ;Free 0008/2 variants // 释放临时变量
:0040316D 1CA209 BranchF ;If Pop=0 then ESI=00403186 //条件为假则跳00403186
******Possible String Ref To->""
|
:00403170 1B0200 LitStr ;Push ptr_00402228 // NULL字符入栈
:00403173 21 FLdPrThis ;[SR]=[stack2] \
:00403174 0F0403 VCallAd ;Return the control index 03 / // 获得窗体句柄
:00403177 1960FF FStAdFunc ;// 取propput过程地址
:0040317A 0860FF FLdPr ;[SR]=[LOCAL_00A0] //加载过程
***********Reference To:[propput]TextBox.Text // propput,TextBox.Text的赋值过程
|
:0040317D 0DA4000300 VCallHresult ;Call ptr_0040222C // 给TextBox.Text赋值
:00403182 1A60FF FFree1Ad ;Push [LOCAL_00A0]; Call [[[LOCAL_00A0]]+8]; [[LOCAL_00A0]]=0 // 释放加载过程空间
:00403185 13 ExitProcHresult ;// 退出过程
****************************************
If Asc(Mid(name, i, 1)) >= 58 And Asc(Mid(name, i, 1)) <= 64 Then
Text1.Text = ""
Exit Sub
End If
****************************************
######################下面和上面的两个过程是一样的判断NAME中是否是字母或字符不是则给TEXT赋空值退出过程######################
____________________________________________________________________________________________________________________________
:00403186 2828FF0100 LitVarI2 ;PushVarInteger 0001
:0040318B 6B66FF FLdI2 ;Push WORD [LOCAL_009A]
:0040318E E7 CI4UI1 ;
:0040318F 0478FF FLdRfVar ;Push LOCAL_0088
:00403192 4D48FF0840 CVarRef ;
:00403197 0418FF FLdRfVar ;Push LOCAL_00E8
**********Reference To->msvbvm60.rtcMidCharVar
|
:0040319A 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX
:0040319F 0418FF FLdRfVar ;Push LOCAL_00E8
:004031A2 FDFE5CFF CStrVarVal ;
**********Reference To->msvbvm60.rtcAnsiValueBstr
|
:004031A6 0B04000400 ImpAdCallI2 ;Call ptr_00401030; check stack 0004; Push EAX
:004031AB F45B LitI2_Byte ;Push 5B
:004031AD DF GeI2 ;
:004031AE 28E8FE0100 LitVarI2 ;PushVarInteger 0001
:004031B3 6B66FF FLdI2 ;Push WORD [LOCAL_009A]
:004031B6 E7 CI4UI1 ;
:004031B7 0478FF FLdRfVar ;Push LOCAL_0088
:004031BA 4D08FF0840 CVarRef ;
:004031BF 04D8FE FLdRfVar ;Push LOCAL_0128
**********Reference To->msvbvm60.rtcMidCharVar
|
:004031C2 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX
:004031C7 04D8FE FLdRfVar ;Push LOCAL_0128
:004031CA FDFED4FE CStrVarVal ;
**********Reference To->msvbvm60.rtcAnsiValueBstr
|
:004031CE 0B04000400 ImpAdCallI2 ;Call ptr_00401030; check stack 0004; Push EAX
:004031D3 F460 LitI2_Byte ;Push 60
:004031D5 D5 LeI2 ;
:004031D6 C4 AndI4 ;
:004031D7 3204005CFFD4FE FFreeStr ;Do SysFreeString [arg_n]; [arg_n]=0 0004/2 times ~ arg
:004031DE 36080028FF18FFE8 FFreeVar ;Free 0008/2 variants
:004031E9 1C1E0A BranchF ;If Pop=0 then ESI=00403202
******Possible String Ref To->""
|
:004031EC 1B0200 LitStr ;Push ptr_00402228
:004031EF 21 FLdPrThis ;[SR]=[stack2]
:004031F0 0F0403 VCallAd ;Return the control index 03
:004031F3 1960FF FStAdFunc ;
:004031F6 0860FF FLdPr ;[SR]=[LOCAL_00A0]
***********Reference To:[propput]TextBox.Text
|
:004031F9 0DA4000300 VCallHresult ;Call ptr_0040222C
:004031FE 1A60FF FFree1Ad ;Push [LOCAL_00A0]; Call [[[LOCAL_00A0]]+8]; [[LOCAL_00A0]]=0
:00403201 13 ExitProcHresult ;
****************************************
If Asc(Mid(name, i, 1)) >= 91 And Asc(Mid(name, i, 1)) <= 96 Then
Text1.Text = ""
Exit Sub
End If
****************************************
:00403202 2828FF0100 LitVarI2 ;PushVarInteger 0001
:00403207 6B66FF FLdI2 ;Push WORD [LOCAL_009A]
:0040320A E7 CI4UI1 ;
:0040320B 0478FF FLdRfVar ;Push LOCAL_0088
:0040320E 4D48FF0840 CVarRef ;
:00403213 0418FF FLdRfVar ;Push LOCAL_00E8
**********Reference To->msvbvm60.rtcMidCharVar
|
:00403216 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX
:0040321B 0418FF FLdRfVar ;Push LOCAL_00E8
:0040321E FDFE5CFF CStrVarVal ;
**********Reference To->msvbvm60.rtcAnsiValueBstr
|
:00403222 0B04000400 ImpAdCallI2 ;Call ptr_00401030; check stack 0004; Push EAX
:00403227 F47B LitI2_Byte ;Push 7B
:00403229 DF GeI2 ;
:0040322A 28E8FE0100 LitVarI2 ;PushVarInteger 0001
:0040322F 6B66FF FLdI2 ;Push WORD [LOCAL_009A]
:00403232 E7 CI4UI1 ;
:00403233 0478FF FLdRfVar ;Push LOCAL_0088
:00403236 4D08FF0840 CVarRef ;
:0040323B 04D8FE FLdRfVar ;Push LOCAL_0128
**********Reference To->msvbvm60.rtcMidCharVar
|
:0040323E 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX
:00403243 04D8FE FLdRfVar ;Push LOCAL_0128
:00403246 FDFED4FE CStrVarVal ;
**********Reference To->msvbvm60.rtcAnsiValueBstr
|
:0040324A 0B04000400 ImpAdCallI2 ;Call ptr_00401030; check stack 0004; Push EAX
:0040324F F3FF00 LitI2 ;Push 00FF
:00403252 D5 LeI2 ;
:00403253 C4 AndI4 ;
:00403254 3204005CFFD4FE FFreeStr ;Do SysFreeString [arg_n]; [arg_n]=0 0004/2 times ~ arg
:0040325B 36080028FF18FFE8 FFreeVar ;Free 0008/2 variants
:00403266 1C9B0A BranchF ;If Pop=0 then ESI=0040327F
******Possible String Ref To->""
|
:00403269 1B0200 LitStr ;Push ptr_00402228
:0040326C 21 FLdPrThis ;[SR]=[stack2]
:0040326D 0F0403 VCallAd ;Return the control index 03
:00403270 1960FF FStAdFunc ;
:00403273 0860FF FLdPr ;[SR]=[LOCAL_00A0]
***********Reference To:[propput]TextBox.Text
|
:00403276 0DA4000300 VCallHresult ;Call ptr_0040222C
:0040327B 1A60FF FFree1Ad ;Push [LOCAL_00A0]; Call [[[LOCAL_00A0]]+8]; [[LOCAL_00A0]]=0
:0040327E 13 ExitProcHresult ;
****************************************
If Asc(Mid(name, i, 1)) >= 123 And Asc(Mid(name, i, 1)) <= 255 Then
Text1.Text = ""
Exit Sub
End If
****************************************
############################################################################################################################
____________________________________________________________________________________________________________________________
:0040327F 0466FF FLdRfVar ;Push LOCAL_009A
:00403282 6458FF8E00 NextI2 ;// i循环到这里结束
:00403287 F401 LitI2_Byte ;Push 01
:00403289 0464FF FLdRfVar ;Push LOCAL_009C
:0040328C 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
:0040328F 4A FnLenStr ;vbaLenBstr
:00403290 E4 CI2I4 ;Verify [stack] high word is 0000, ECX=[ECX]
:00403291 FE63A0FEF30A ForI2 ;// FOR J 循环
:00403297 2828FF0100 LitVarI2 ;PushVarInteger 0001 \ 取长度
:0040329C 6B64FF FLdI2 ;Push WORD [LOCAL_009C] | 变量j的值
:0040329F E7 CI4UI1 ; | // MID函数参数入栈
:004032A0 0470FF FLdRfVar ;Push LOCAL_0090 / 文本内容
:004032A3 4D48FF0840 CVarRef ;// 创建临时变量
:004032A8 0418FF FLdRfVar ;Push LOCAL_00E8 // 加载临时变量
**********Reference To->msvbvm60.rtcMidCharVar
|
:004032AB 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX // MID()
:004032B0 0418FF FLdRfVar ;Push LOCAL_00E8 // 将MID()的字符入栈
******Possible String Ref To->"f"
|
:004032B3 3A08FF5800 LitVarStr ;PushVarString ptr_00402574 // "f"入栈
:004032B8 5D HardType ;
:004032B9 FB33 EqVarBool ;比较字符是否相等
:004032BB 36040028FF18FF FFreeVar ;Free 0004/2 variants
:004032C2 1CEB0A BranchF ;If Pop=0 then ESI=004032CF // 不相等则跳004032CF \ 到下面也就是不做字符连接
:004032C5 6C74FF ILdRf ;Push DWORD [LOCAL_008C] // 加载code变量 |
******Possible String Ref To->"f"
|
:004032C8 1B5800 LitStr ;Push ptr_00402574 // "f"入栈 |
:004032CB 2A ConcatStr ;vbaStrCat //连接字符串 |
:004032CC 3174FF FStStr ;SysFreeString [LOCAL_008C]; [LOCAL_008C]=Pop //释放空间 |
:004032CF 0464FF FLdRfVar ;Push LOCAL_009C /
:004032D2 64A0FEB30A NextI2 ;// 循环结束
****************************************
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "f" Then code = code & "f"
Next j
********************************************************往下看看下面分别是edcba9876543210的判断结构
********************************************************如果mid到的字符等于判断的字符则作连接
********************************************************作完这些后我们到最后看看,记住[LOCAL_008C]=code变量
:004032D7 F401 LitI2_Byte ;Push 01
:004032D9 0464FF FLdRfVar ;Push LOCAL_009C
:004032DC 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
:004032DF 4A FnLenStr ;vbaLenBstr
:004032E0 E4 CI2I4 ;Verify [stack] high word is 0000, ECX=[ECX]
:004032E1 FE639CFE430B ForI2 ;
:004032E7 2828FF0100 LitVarI2 ;PushVarInteger 0001
:004032EC 6B64FF FLdI2 ;Push WORD [LOCAL_009C]
:004032EF E7 CI4UI1 ;
:004032F0 0470FF FLdRfVar ;Push LOCAL_0090
:004032F3 4D48FF0840 CVarRef ;
:004032F8 0418FF FLdRfVar ;Push LOCAL_00E8
**********Reference To->msvbvm60.rtcMidCharVar
|
:004032FB 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX
:00403300 0418FF FLdRfVar ;Push LOCAL_00E8
******Possible String Ref To->"e"
|
:00403303 3A08FF5600 LitVarStr ;PushVarString ptr_00402560
:00403308 5D HardType ;
:00403309 FB33 EqVarBool ;
:0040330B 36040028FF18FF FFreeVar ;Free 0004/2 variants
:00403312 1C3B0B BranchF ;If Pop=0 then ESI=0040331F
:00403315 6C74FF ILdRf ;Push DWORD [LOCAL_008C]
******Possible String Ref To->"e"
|
:00403318 1B5600 LitStr ;Push ptr_00402560
:0040331B 2A ConcatStr ;vbaStrCat
:0040331C 3174FF FStStr ;SysFreeString [LOCAL_008C]; [LOCAL_008C]=Pop
:0040331F 0464FF FLdRfVar ;Push LOCAL_009C
:00403322 649CFE030B NextI2
****************************************
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "e" Then code = code & "e"
Next j
****************************************
:00403327 F401 LitI2_Byte ;Push 01
:00403329 0464FF FLdRfVar ;Push LOCAL_009C
:0040332C 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
:0040332F 4A FnLenStr ;vbaLenBstr
:00403330 E4 CI2I4 ;Verify [stack] high word is 0000, ECX=[ECX]
:00403331 FE6398FE930B ForI2 ;
:00403337 2828FF0100 LitVarI2 ;PushVarInteger 0001
:0040333C 6B64FF FLdI2 ;Push WORD [LOCAL_009C]
:0040333F E7 CI4UI1 ;
:00403340 0470FF FLdRfVar ;Push LOCAL_0090
:00403343 4D48FF0840 CVarRef ;
:00403348 0418FF FLdRfVar ;Push LOCAL_00E8
**********Reference To->msvbvm60.rtcMidCharVar
|
:0040334B 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX
:00403350 0418FF FLdRfVar ;Push LOCAL_00E8
******Possible String Ref To->"d"
|
:00403353 3A08FF5400 LitVarStr ;PushVarString ptr_0040254C
:00403358 5D HardType ;
:00403359 FB33 EqVarBool ;
:0040335B 36040028FF18FF FFreeVar ;Free 0004/2 variants
:00403362 1C8B0B BranchF ;If Pop=0 then ESI=0040336F
:00403365 6C74FF ILdRf ;Push DWORD [LOCAL_008C]
******Possible String Ref To->"d"
|
:00403368 1B5400 LitStr ;Push ptr_0040254C
:0040336B 2A ConcatStr ;vbaStrCat
:0040336C 3174FF FStStr ;SysFreeString [LOCAL_008C]; [LOCAL_008C]=Pop
:0040336F 0464FF FLdRfVar ;Push LOCAL_009C
:00403372 6498FE530B NextI2 ;
****************************************
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "d" Then code = code & "d"
Next j
****************************************
:00403377 F401 LitI2_Byte ;Push 01
:00403379 0464FF FLdRfVar ;Push LOCAL_009C
:0040337C 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
:0040337F 4A FnLenStr ;vbaLenBstr
:00403380 E4 CI2I4 ;Verify [stack] high word is 0000, ECX=[ECX]
:00403381 FE6394FEE30B ForI2 ;
:00403387 2828FF0100 LitVarI2 ;PushVarInteger 0001
:0040338C 6B64FF FLdI2 ;Push WORD [LOCAL_009C]
:0040338F E7 CI4UI1 ;
:00403390 0470FF FLdRfVar ;Push LOCAL_0090
:00403393 4D48FF0840 CVarRef ;
:00403398 0418FF FLdRfVar ;Push LOCAL_00E8
**********Reference To->msvbvm60.rtcMidCharVar
|
:0040339B 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX
:004033A0 0418FF FLdRfVar ;Push LOCAL_00E8
******Possible String Ref To->"c"
|
:004033A3 3A08FF5200 LitVarStr ;PushVarString ptr_00402538
:004033A8 5D HardType ;
:004033A9 FB33 EqVarBool ;
:004033AB 36040028FF18FF FFreeVar ;Free 0004/2 variants
:004033B2 1CDB0B BranchF ;If Pop=0 then ESI=004033BF
:004033B5 6C74FF ILdRf ;Push DWORD [LOCAL_008C]
******Possible String Ref To->"c"
|
:004033B8 1B5200 LitStr ;Push ptr_00402538
:004033BB 2A ConcatStr ;vbaStrCat
:004033BC 3174FF FStStr ;SysFreeString [LOCAL_008C]; [LOCAL_008C]=Pop
:004033BF 0464FF FLdRfVar ;Push LOCAL_009C
:004033C2 6494FEA30B NextI2 ;
****************************************
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "c" Then code = code & "c"
Next j
****************************************
:004033C7 F401 LitI2_Byte ;Push 01
:004033C9 0464FF FLdRfVar ;Push LOCAL_009C
:004033CC 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
:004033CF 4A FnLenStr ;vbaLenBstr
:004033D0 E4 CI2I4 ;Verify [stack] high word is 0000, ECX=[ECX]
:004033D1 FE6390FE330C ForI2 ;
:004033D7 2828FF0100 LitVarI2 ;PushVarInteger 0001
:004033DC 6B64FF FLdI2 ;Push WORD [LOCAL_009C]
:004033DF E7 CI4UI1 ;
:004033E0 0470FF FLdRfVar ;Push LOCAL_0090
:004033E3 4D48FF0840 CVarRef ;
:004033E8 0418FF FLdRfVar ;Push LOCAL_00E8
**********Reference To->msvbvm60.rtcMidCharVar
|
:004033EB 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX
:004033F0 0418FF FLdRfVar ;Push LOCAL_00E8
******Possible String Ref To->"b"
|
:004033F3 3A08FF5000 LitVarStr ;PushVarString ptr_00402524
:004033F8 5D HardType ;
:004033F9 FB33 EqVarBool ;
:004033FB 36040028FF18FF FFreeVar ;Free 0004/2 variants
:00403402 1C2B0C BranchF ;If Pop=0 then ESI=0040340F
:00403405 6C74FF ILdRf ;Push DWORD [LOCAL_008C]
******Possible String Ref To->"b"
|
:00403408 1B5000 LitStr ;Push ptr_00402524
:0040340B 2A ConcatStr ;vbaStrCat
:0040340C 3174FF FStStr ;SysFreeString [LOCAL_008C]; [LOCAL_008C]=Pop
:0040340F 0464FF FLdRfVar ;Push LOCAL_009C
:00403412 6490FEF30B NextI2 ;
****************************************
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "b" Then code = code & "b"
Next j
****************************************
:00403417 F401 LitI2_Byte ;Push 01
:00403419 0464FF FLdRfVar ;Push LOCAL_009C
:0040341C 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
:0040341F 4A FnLenStr ;vbaLenBstr
:00403420 E4 CI2I4 ;Verify [stack] high word is 0000, ECX=[ECX]
:00403421 FE638CFE830C ForI2 ;
:00403427 2828FF0100 LitVarI2 ;PushVarInteger 0001
:0040342C 6B64FF FLdI2 ;Push WORD [LOCAL_009C]
:0040342F E7 CI4UI1 ;
:00403430 0470FF FLdRfVar ;Push LOCAL_0090
:00403433 4D48FF0840 CVarRef ;
:00403438 0418FF FLdRfVar ;Push LOCAL_00E8
**********Reference To->msvbvm60.rtcMidCharVar
|
:0040343B 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX
:00403440 0418FF FLdRfVar ;Push LOCAL_00E8
******Possible String Ref To->"a"
|
:00403443 3A08FF4E00 LitVarStr ;PushVarString ptr_00402510
:00403448 5D HardType ;
:00403449 FB33 EqVarBool ;
:0040344B 36040028FF18FF FFreeVar ;Free 0004/2 variants
:00403452 1C7B0C BranchF ;If Pop=0 then ESI=0040345F
:00403455 6C74FF ILdRf ;Push DWORD [LOCAL_008C]
******Possible String Ref To->"a"
|
:00403458 1B4E00 LitStr ;Push ptr_00402510
:0040345B 2A ConcatStr ;vbaStrCat
:0040345C 3174FF FStStr ;SysFreeString [LOCAL_008C]; [LOCAL_008C]=Pop
:0040345F 0464FF FLdRfVar ;Push LOCAL_009C
:00403462 648CFE430C NextI2 ;
****************************************
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "a" Then code = code & "a"
Next j
****************************************
:00403467 F401 LitI2_Byte ;Push 01
:00403469 0464FF FLdRfVar ;Push LOCAL_009C
:0040346C 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
:0040346F 4A FnLenStr ;vbaLenBstr
:00403470 E4 CI2I4 ;Verify [stack] high word is 0000, ECX=[ECX]
:00403471 FE6388FED30C ForI2 ;
:00403477 2828FF0100 LitVarI2 ;PushVarInteger 0001
:0040347C 6B64FF FLdI2 ;Push WORD [LOCAL_009C]
:0040347F E7 CI4UI1 ;
:00403480 0470FF FLdRfVar ;Push LOCAL_0090
:00403483 4D48FF0840 CVarRef ;
:00403488 0418FF FLdRfVar ;Push LOCAL_00E8
**********Reference To->msvbvm60.rtcMidCharVar
|
:0040348B 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX
:00403490 0418FF FLdRfVar ;Push LOCAL_00E8
******Possible String Ref To->"9"
|
:00403493 3A08FF1600 LitVarStr ;PushVarString ptr_004022E0
:00403498 5D HardType ;
:00403499 FB33 EqVarBool ;
:0040349B 36040028FF18FF FFreeVar ;Free 0004/2 variants
:004034A2 1CCB0C BranchF ;If Pop=0 then ESI=004034AF
:004034A5 6C74FF ILdRf ;Push DWORD [LOCAL_008C]
******Possible String Ref To->"9"
|
:004034A8 1B1600 LitStr ;Push ptr_004022E0
:004034AB 2A ConcatStr ;vbaStrCat
:004034AC 3174FF FStStr ;SysFreeString [LOCAL_008C]; [LOCAL_008C]=Pop
:004034AF 0464FF FLdRfVar ;Push LOCAL_009C
:004034B2 6488FE930C NextI2 ;
****************************************
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "9" Then code = code & "9"
Next j
****************************************
:004034B7 F401 LitI2_Byte ;Push 01
:004034B9 0464FF FLdRfVar ;Push LOCAL_009C
:004034BC 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
:004034BF 4A FnLenStr ;vbaLenBstr
:004034C0 E4 CI2I4 ;Verify [stack] high word is 0000, ECX=[ECX]
:004034C1 FE6384FE230D ForI2 ;
:004034C7 2828FF0100 LitVarI2 ;PushVarInteger 0001
:004034CC 6B64FF FLdI2 ;Push WORD [LOCAL_009C]
:004034CF E7 CI4UI1 ;
:004034D0 0470FF FLdRfVar ;Push LOCAL_0090
:004034D3 4D48FF0840 CVarRef ;
:004034D8 0418FF FLdRfVar ;Push LOCAL_00E8
**********Reference To->msvbvm60.rtcMidCharVar
|
:004034DB 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX
:004034E0 0418FF FLdRfVar ;Push LOCAL_00E8
******Possible String Ref To->"8"
|
:004034E3 3A08FF1400 LitVarStr ;PushVarString ptr_004022CC
:004034E8 5D HardType ;
:004034E9 FB33 EqVarBool ;
:004034EB 36040028FF18FF FFreeVar ;Free 0004/2 variants
:004034F2 1C1B0D BranchF ;If Pop=0 then ESI=004034FF
:004034F5 6C74FF ILdRf ;Push DWORD [LOCAL_008C]
******Possible String Ref To->"8"
|
:004034F8 1B1400 LitStr ;Push ptr_004022CC
:004034FB 2A ConcatStr ;vbaStrCat
:004034FC 3174FF FStStr ;SysFreeString [LOCAL_008C]; [LOCAL_008C]=Pop
:004034FF 0464FF FLdRfVar ;Push LOCAL_009C
:00403502 6484FEE30C NextI2 ;
****************************************
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "8" Then code = code & "8"
Next j
****************************************
:00403507 F401 LitI2_Byte ;Push 01
:00403509 0464FF FLdRfVar ;Push LOCAL_009C
:0040350C 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
:0040350F 4A FnLenStr ;vbaLenBstr
:00403510 E4 CI2I4 ;Verify [stack] high word is 0000, ECX=[ECX]
:00403511 FE6380FE730D ForI2 ;
:00403517 2828FF0100 LitVarI2 ;PushVarInteger 0001
:0040351C 6B64FF FLdI2 ;Push WORD [LOCAL_009C]
:0040351F E7 CI4UI1 ;
:00403520 0470FF FLdRfVar ;Push LOCAL_0090
:00403523 4D48FF0840 CVarRef ;
:00403528 0418FF FLdRfVar ;Push LOCAL_00E8
**********Reference To->msvbvm60.rtcMidCharVar
|
:0040352B 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX
:00403530 0418FF FLdRfVar ;Push LOCAL_00E8
******Possible String Ref To->"7"
|
:00403533 3A08FF1200 LitVarStr ;PushVarString ptr_004022B8
:00403538 5D HardType ;
:00403539 FB33 EqVarBool ;
:0040353B 36040028FF18FF FFreeVar ;Free 0004/2 variants
:00403542 1C6B0D BranchF ;If Pop=0 then ESI=0040354F
:00403545 6C74FF ILdRf ;Push DWORD [LOCAL_008C]
******Possible String Ref To->"7"
|
:00403548 1B1200 LitStr ;Push ptr_004022B8
:0040354B 2A ConcatStr ;vbaStrCat
:0040354C 3174FF FStStr ;SysFreeString [LOCAL_008C]; [LOCAL_008C]=Pop
:0040354F 0464FF FLdRfVar ;Push LOCAL_009C
:00403552 6480FE330D NextI2 ;
****************************************
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "7" Then code = code & "7"
Next j
****************************************
:00403557 F401 LitI2_Byte ;Push 01
:00403559 0464FF FLdRfVar ;Push LOCAL_009C
:0040355C 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
:0040355F 4A FnLenStr ;vbaLenBstr
:00403560 E4 CI2I4 ;Verify [stack] high word is 0000, ECX=[ECX]
:00403561 FE637CFEC30D ForI2 ;
:00403567 2828FF0100 LitVarI2 ;PushVarInteger 0001
:0040356C 6B64FF FLdI2 ;Push WORD [LOCAL_009C]
:0040356F E7 CI4UI1 ;
:00403570 0470FF FLdRfVar ;Push LOCAL_0090
:00403573 4D48FF0840 CVarRef ;
:00403578 0418FF FLdRfVar ;Push LOCAL_00E8
**********Reference To->msvbvm60.rtcMidCharVar
|
:0040357B 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX
:00403580 0418FF FLdRfVar ;Push LOCAL_00E8
******Possible String Ref To->"6"
|
:00403583 3A08FF1000 LitVarStr ;PushVarString ptr_004022A4
:00403588 5D HardType ;
:00403589 FB33 EqVarBool ;
:0040358B 36040028FF18FF FFreeVar ;Free 0004/2 variants
:00403592 1CBB0D BranchF ;If Pop=0 then ESI=0040359F
:00403595 6C74FF ILdRf ;Push DWORD [LOCAL_008C]
******Possible String Ref To->"6"
|
:00403598 1B1000 LitStr ;Push ptr_004022A4
:0040359B 2A ConcatStr ;vbaStrCat
:0040359C 3174FF FStStr ;SysFreeString [LOCAL_008C]; [LOCAL_008C]=Pop
:0040359F 0464FF FLdRfVar ;Push LOCAL_009C
:004035A2 647CFE830D NextI2 ;
****************************************
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "6" Then code = code & "6"
Next j
****************************************
:004035A7 F401 LitI2_Byte ;Push 01
:004035A9 0464FF FLdRfVar ;Push LOCAL_009C
:004035AC 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
:004035AF 4A FnLenStr ;vbaLenBstr
:004035B0 E4 CI2I4 ;Verify [stack] high word is 0000, ECX=[ECX]
:004035B1 FE6378FE130E ForI2 ;
:004035B7 2828FF0100 LitVarI2 ;PushVarInteger 0001
:004035BC 6B64FF FLdI2 ;Push WORD [LOCAL_009C]
:004035BF E7 CI4UI1 ;
:004035C0 0470FF FLdRfVar ;Push LOCAL_0090
:004035C3 4D48FF0840 CVarRef ;
:004035C8 0418FF FLdRfVar ;Push LOCAL_00E8
**********Reference To->msvbvm60.rtcMidCharVar
|
:004035CB 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX
:004035D0 0418FF FLdRfVar ;Push LOCAL_00E8
******Possible String Ref To->"5"
|
:004035D3 3A08FF0E00 LitVarStr ;PushVarString ptr_00402290
:004035D8 5D HardType ;
:004035D9 FB33 EqVarBool ;
:004035DB 36040028FF18FF FFreeVar ;Free 0004/2 variants
:004035E2 1C0B0E BranchF ;If Pop=0 then ESI=004035EF
:004035E5 6C74FF ILdRf ;Push DWORD [LOCAL_008C]
******Possible String Ref To->"5"
|
:004035E8 1B0E00 LitStr ;Push ptr_00402290
:004035EB 2A ConcatStr ;vbaStrCat
:004035EC 3174FF FStStr ;SysFreeString [LOCAL_008C]; [LOCAL_008C]=Pop
:004035EF 0464FF FLdRfVar ;Push LOCAL_009C
:004035F2 6478FED30D NextI2 ;
****************************************
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "5" Then code = code & "5"
Next j
****************************************
:004035F7 F401 LitI2_Byte ;Push 01
:004035F9 0464FF FLdRfVar ;Push LOCAL_009C
:004035FC 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
:004035FF 4A FnLenStr ;vbaLenBstr
:00403600 E4 CI2I4 ;Verify [stack] high word is 0000, ECX=[ECX]
:00403601 FE6374FE630E ForI2 ;
:00403607 2828FF0100 LitVarI2 ;PushVarInteger 0001
:0040360C 6B64FF FLdI2 ;Push WORD [LOCAL_009C]
:0040360F E7 CI4UI1 ;
:00403610 0470FF FLdRfVar ;Push LOCAL_0090
:00403613 4D48FF0840 CVarRef ;
:00403618 0418FF FLdRfVar ;Push LOCAL_00E8
**********Reference To->msvbvm60.rtcMidCharVar
|
:0040361B 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX
:00403620 0418FF FLdRfVar ;Push LOCAL_00E8
******Possible String Ref To->"4"
|
:00403623 3A08FF0C00 LitVarStr ;PushVarString ptr_0040227C
:00403628 5D HardType ;
:00403629 FB33 EqVarBool ;
:0040362B 36040028FF18FF FFreeVar ;Free 0004/2 variants
:00403632 1C5B0E BranchF ;If Pop=0 then ESI=0040363F
:00403635 6C74FF ILdRf ;Push DWORD [LOCAL_008C]
******Possible String Ref To->"4"
|
:00403638 1B0C00 LitStr ;Push ptr_0040227C
:0040363B 2A ConcatStr ;vbaStrCat
:0040363C 3174FF FStStr ;SysFreeString [LOCAL_008C]; [LOCAL_008C]=Pop
:0040363F 0464FF FLdRfVar ;Push LOCAL_009C
:00403642 6474FE230E NextI2 ;
****************************************
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "4" Then code = code & "4"
Next j
****************************************
:00403647 F401 LitI2_Byte ;Push 01
:00403649 0464FF FLdRfVar ;Push LOCAL_009C
:0040364C 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
:0040364F 4A FnLenStr ;vbaLenBstr
:00403650 E4 CI2I4 ;Verify [stack] high word is 0000, ECX=[ECX]
:00403651 FE6370FEB30E ForI2 ;
:00403657 2828FF0100 LitVarI2 ;PushVarInteger 0001
:0040365C 6B64FF FLdI2 ;Push WORD [LOCAL_009C]
:0040365F E7 CI4UI1 ;
:00403660 0470FF FLdRfVar ;Push LOCAL_0090
:00403663 4D48FF0840 CVarRef ;
:00403668 0418FF FLdRfVar ;Push LOCAL_00E8
**********Reference To->msvbvm60.rtcMidCharVar
|
:0040366B 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX
:00403670 0418FF FLdRfVar ;Push LOCAL_00E8
******Possible String Ref To->"3"
|
:00403673 3A08FF0A00 LitVarStr ;PushVarString ptr_00402268
:00403678 5D HardType ;
:00403679 FB33 EqVarBool ;
:0040367B 36040028FF18FF FFreeVar ;Free 0004/2 variants
:00403682 1CAB0E BranchF ;If Pop=0 then ESI=0040368F
:00403685 6C74FF ILdRf ;Push DWORD [LOCAL_008C]
******Possible String Ref To->"3"
|
:00403688 1B0A00 LitStr ;Push ptr_00402268
:0040368B 2A ConcatStr ;vbaStrCat
:0040368C 3174FF FStStr ;SysFreeString [LOCAL_008C]; [LOCAL_008C]=Pop
:0040368F 0464FF FLdRfVar ;Push LOCAL_009C
:00403692 6470FE730E NextI2 ;
****************************************
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "3" Then code = code & "3"
Next j
****************************************
:00403697 F401 LitI2_Byte ;Push 01
:00403699 0464FF FLdRfVar ;Push LOCAL_009C
:0040369C 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
:0040369F 4A FnLenStr ;vbaLenBstr
:004036A0 E4 CI2I4 ;Verify [stack] high word is 0000, ECX=[ECX]
:004036A1 FE636CFE030F ForI2 ;
:004036A7 2828FF0100 LitVarI2 ;PushVarInteger 0001
:004036AC 6B64FF FLdI2 ;Push WORD [LOCAL_009C]
:004036AF E7 CI4UI1 ;
:004036B0 0470FF FLdRfVar ;Push LOCAL_0090
:004036B3 4D48FF0840 CVarRef ;
:004036B8 0418FF FLdRfVar ;Push LOCAL_00E8
**********Reference To->msvbvm60.rtcMidCharVar
|
:004036BB 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX
:004036C0 0418FF FLdRfVar ;Push LOCAL_00E8
******Possible String Ref To->"2"
|
:004036C3 3A08FF0800 LitVarStr ;PushVarString ptr_00402254
:004036C8 5D HardType ;
:004036C9 FB33 EqVarBool ;
:004036CB 36040028FF18FF FFreeVar ;Free 0004/2 variants
:004036D2 1CFB0E BranchF ;If Pop=0 then ESI=004036DF
:004036D5 6C74FF ILdRf ;Push DWORD [LOCAL_008C]
******Possible String Ref To->"2"
|
:004036D8 1B0800 LitStr ;Push ptr_00402254
:004036DB 2A ConcatStr ;vbaStrCat
:004036DC 3174FF FStStr ;SysFreeString [LOCAL_008C]; [LOCAL_008C]=Pop
:004036DF 0464FF FLdRfVar ;Push LOCAL_009C
:004036E2 646CFEC30E NextI2 ;
****************************************
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "2" Then code = code & "2"
Next j
****************************************
:004036E7 F401 LitI2_Byte ;Push 01
:004036E9 0464FF FLdRfVar ;Push LOCAL_009C
:004036EC 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
:004036EF 4A FnLenStr ;vbaLenBstr
:004036F0 E4 CI2I4 ;Verify [stack] high word is 0000, ECX=[ECX]
:004036F1 FE6368FE530F ForI2 ;
:004036F7 2828FF0100 LitVarI2 ;PushVarInteger 0001
:004036FC 6B64FF FLdI2 ;Push WORD [LOCAL_009C]
:004036FF E7 CI4UI1 ;
:00403700 0470FF FLdRfVar ;Push LOCAL_0090
:00403703 4D48FF0840 CVarRef ;
:00403708 0418FF FLdRfVar ;Push LOCAL_00E8
**********Reference To->msvbvm60.rtcMidCharVar
|
:0040370B 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX
:00403710 0418FF FLdRfVar ;Push LOCAL_00E8
******Possible String Ref To->"1"
|
:00403713 3A08FF0600 LitVarStr ;PushVarString ptr_00402240
:00403718 5D HardType ;
:00403719 FB33 EqVarBool ;
:0040371B 36040028FF18FF FFreeVar ;Free 0004/2 variants
:00403722 1C4B0F BranchF ;If Pop=0 then ESI=0040372F
:00403725 6C74FF ILdRf ;Push DWORD [LOCAL_008C]
******Possible String Ref To->"1"
|
:00403728 1B0600 LitStr ;Push ptr_00402240
:0040372B 2A ConcatStr ;vbaStrCat
:0040372C 3174FF FStStr ;SysFreeString [LOCAL_008C]; [LOCAL_008C]=Pop
:0040372F 0464FF FLdRfVar ;Push LOCAL_009C
:00403732 6468FE130F NextI2 ;
****************************************
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "1" Then code = code & "1"
Next j
****************************************
:00403737 F401 LitI2_Byte ;Push 01
:00403739 0464FF FLdRfVar ;Push LOCAL_009C
:0040373C 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
:0040373F 4A FnLenStr ;vbaLenBstr
:00403740 E4 CI2I4 ;Verify [stack] high word is 0000, ECX=[ECX]
:00403741 FE6364FEA30F ForI2 ;
:00403747 2828FF0100 LitVarI2 ;PushVarInteger 0001
:0040374C 6B64FF FLdI2 ;Push WORD [LOCAL_009C]
:0040374F E7 CI4UI1 ;
:00403750 0470FF FLdRfVar ;Push LOCAL_0090
:00403753 4D48FF0840 CVarRef ;
:00403758 0418FF FLdRfVar ;Push LOCAL_00E8
**********Reference To->msvbvm60.rtcMidCharVar
|
:0040375B 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX
:00403760 0418FF FLdRfVar ;Push LOCAL_00E8
******Possible String Ref To->"0"
|
:00403763 3A08FF1800 LitVarStr ;PushVarString ptr_004022F4
:00403768 5D HardType ;
:00403769 FB33 EqVarBool ;
:0040376B 36040028FF18FF FFreeVar ;Free 0004/2 variants
:00403772 1C9B0F BranchF ;If Pop=0 then ESI=0040377F
:00403775 6C74FF ILdRf ;Push DWORD [LOCAL_008C] //*********到这里code已经形成*********
******Possible String Ref To->"0"
|
:00403778 1B1800 LitStr ;Push ptr_004022F4
:0040377B 2A ConcatStr ;vbaStrCat
:0040377C 3174FF FStStr ;SysFreeString [LOCAL_008C]; [LOCAL_008C]=Pop
:0040377F 0464FF FLdRfVar ;Push LOCAL_009C
:00403782 6464FE630F NextI2 ;
****************************************
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "0" Then code = code & "0"
Next j
****************************************
:00403787 045CFF FLdRfVar ;Push LOCAL_00A4 // 开辟内存空间
:0040378A 21 FLdPrThis ;[SR]=[stack2] \
:0040378B 0F0003 VCallAd ;Return the control index 02 / // 获得窗体句柄
:0040378E 1960FF FStAdFunc ;// 取propget过程地址
:00403791 0860FF FLdPr ;[SR]=[LOCAL_00A0] // 加载过程
***********Reference To:[propget]TextBox.Text
|
:00403794 0DA0000300 VCallHresult ;Call ptr_0040222C // 获得文本框中的内容(假码)
:00403799 6C5CFF ILdRf ;Push DWORD [LOCAL_00A4] // (假码)
:0040379C 6C74FF ILdRf ;Push DWORD [LOCAL_008C] // code
:0040379F FB30 EqStr ;// 字符串比较
:004037A1 2F5CFF FFree1Str ;SysFreeString [LOCAL_00A4]; [LOCAL_00A4]=0 //释放空间
:004037A4 1A60FF FFree1Ad ;Push [LOCAL_00A0]; Call [[[LOCAL_00A0]]+8]; [[LOCAL_00A0]]=0
:004037A7 1CF50F BranchF ;If Pop=0 then ESI=004037D9 // 不相等则跳004037D9
:004037AA 27E8FE LitVar ;PushVar LOCAL_0118 \
:004037AD 2718FF LitVar ;PushVar LOCAL_00E8 |
******Possible String Ref To->"CrackmeONEII+LYSA-II"
|
:004037B0 3A38FF8100 LitVarStr ;PushVarString ptr_0040270C |
:004037B5 4E28FF FStVarCopyObj ;[LOCAL_00D8]=vbaVarDup(Pop) | // MsgBox函数参数入栈
:004037B8 0428FF FLdRfVar ;Push LOCAL_00D8 |
:004037BB F500000000 LitI4 ;Push 00000000 |
:004037C0 046CFF FLdRfVar ;Push LOCAL_0094 /
:004037C3 4D48FF0840 CVarRef ;
**********Reference To->msvbvm60.rtcMsgBox
|
:004037C8 0A82001400 ImpAdCallFPR4 ;Call ptr_0040103C; check stack 0014; Push EAX // MsgBox()
:004037CD 36060028FF18FFE8 FFreeVar ;Free 0006/2 variants
:004037D6 1E4B10 Branch ;ESI=0040382F //探出正确注册后跳到结束过程0040382F
******Possible String Ref To->""
|
:004037D9 1B0200 LitStr ;Push ptr_00402228 // 不正确跳到这里,NULL字符入栈
:004037DC 21 FLdPrThis ;[SR]=[stack2] \
:004037DD 0F0403 VCallAd ;Return the control index 03 / //取窗体句柄
:004037E0 1960FF FStAdFunc ;// 取propput过程地址
:004037E3 0860FF FLdPr ;[SR]=[LOCAL_00A0] // 加载过程
***********Reference To:[propput]TextBox.Text
|
:004037E6 0DA4000300 VCallHresult ;Call ptr_0040222C // 给TextBox.Text赋值
:004037EB 1A60FF FFree1Ad ;Push [LOCAL_00A0]; Call [[[LOCAL_00A0]]+8]; [[LOCAL_00A0]]=0
******Possible String Ref To->""
|
:004037EE 1B0200 LitStr ;Push ptr_00402228 // NULL字符入栈
:004037F1 21 FLdPrThis ;[SR]=[stack2] \
:004037F2 0F0003 VCallAd ;Return the control index 02 / //取窗体句柄
:004037F5 1960FF FStAdFunc ;// 取propput过程地址
:004037F8 0860FF FLdPr ;[SR]=[LOCAL_00A0] // 加载过程
***********Reference To:[propput]TextBox.Text
|
:004037FB 0DA4000300 VCallHresult ;Call ptr_0040222C // 给TextBox.Text赋值
:00403800 1A60FF FFree1Ad ;Push [LOCAL_00A0]; Call [[[LOCAL_00A0]]+8]; [[LOCAL_00A0]]=0
:00403803 27E8FE LitVar ;PushVar LOCAL_0118 \
:00403806 2718FF LitVar ;PushVar LOCAL_00E8 |
******Possible String Ref To->"CrackmeONEII+LYSA-II"
|
:00403809 3A38FF8100 LitVarStr ;PushVarString ptr_0040270C |
:0040380E 4E28FF FStVarCopyObj ;[LOCAL_00D8]=vbaVarDup(Pop) | // MsgBox函数参数入栈
:00403811 0428FF FLdRfVar ;Push LOCAL_00D8 |
:00403814 F500000000 LitI4 ;Push 00000000 |
:00403819 0468FF FLdRfVar ;Push LOCAL_0098 /
:0040381C 4D48FF0840 CVarRef ;
**********Reference To->msvbvm60.rtcMsgBox
|
:00403821 0A82001400 ImpAdCallFPR4 ;Call ptr_0040103C; check stack 0014; Push EAX //MsgBox,探出错误码
:00403826 36060028FF18FFE8 FFreeVar ;Free 0006/2 variants
:0040382F 13 ExitProcHresult ;// 退出过程
感谢大家对我的支持,看完这篇文章,还是老话,小鸟一只请大家不要见笑,如有错误还希望大家批评指正
Moodsky[DFCG]
2005.02.05
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
赞赏
|
|
|---|---|
|
|
附件在这里:
http://bbs.pediy.com/upload/2005/37/files/CrackmeONEII.rar |
|
|
太厉害了,看不过来了。
|
|
|
辛苦了...
|
|
|
不错,学习。。。。
|
|
|
谢谢大家支持!
|
|
|
