-
-
[原创]VB P-code粗略分析(4)
-
发表于:
2005-2-18 18:14
8235
-
VB P-code粗略分析-CrackMe2005 #2 by KuNgBiM
用这个Crackme来做了一下分析,作者提供了两个加壳的版本,也没客气直接用PEID把UPX的托了继续分析。
下载:http://bbs.pediy.com/upload/file/2005/1/2005CrackMe2.rar_061.rar
用OD下bp VarBstrCmp可直接到注册码,看来程序里变量比较比较多。
[cmdReg.Click]
:00402980 04E4FC FLdRfVar ;Push LOCAL_031C // 开辟内存空间[文本内容]
:00402983 21 FLdPrThis ;[SR]=[stack2] \
:00402984 0F1403 VCallAd ;Return the control index 07 / 获得窗体句柄
:00402987 19E8FC FStAdFunc ;// 取propget过程地址
:0040298A 08E8FC FLdPr ;[SR]=[LOCAL_0318] //加载过程
***********Reference To:[propget]TextBox.Text
|
:0040298D 0DA0000000 VCallHresult ;Call ptr_004020FC // 获得文本框中的内容
:00402992 3EE4FC FLdZeroAd ;Push DWORD [LOCAL_031C]; [LOCAL_031C]=0 // 将字符释放
:00402995 46D4FC CVarStr ;// 字符串-〉变量
:00402998 FCF66CFF FStVar ;
:0040299C 1AE8FC FFree1Ad ;Push [LOCAL_0318]; Call [[[LOCAL_0318]]+8]; [[LOCAL_0318]]=0
******Possible String Ref To->""
|
:0040299F 3AC4FC0100 LitVarStr ;PushVarString ptr_00402110 // 装入字符串变量
:004029A4 FD005CFF FStVarCopy ;[LOCAL_00A4]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"你"
|
:004029A8 3AC4FC0200 LitVarStr ;PushVarString ptr_00402118 // 装入字符串变量
:004029AD FD004CFF FStVarCopy ;[LOCAL_00B4]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"成"
|
:004029B1 3AC4FC0300 LitVarStr ;PushVarString ptr_00402120 // 装入字符串变量
:004029B6 FD003CFF FStVarCopy ;[LOCAL_00C4]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"失"
|
:004029BA 3AC4FC0400 LitVarStr ;PushVarString ptr_00402128 // 装入字符串变量
:004029BF FD002CFF FStVarCopy ;[LOCAL_00D4]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"功"
|
:004029C3 3AC4FC0500 LitVarStr ;PushVarString ptr_00402130 // 装入字符串变量
:004029C8 FD001CFF FStVarCopy ;[LOCAL_00E4]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"败"
|
:004029CC 3AC4FC0600 LitVarStr ;PushVarString ptr_00402138 // 装入字符串变量
:004029D1 FD000CFF FStVarCopy ;[LOCAL_00F4]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"么"
|
:004029D5 3AC4FC0700 LitVarStr ;PushVarString ptr_00402140 // 装入字符串变量
:004029DA FD007CFD FStVarCopy ;[LOCAL_0284]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"了"
|
:004029DE 3AC4FC0800 LitVarStr ;PushVarString ptr_00402148 // 装入字符串变量
:004029E3 FD00FCFE FStVarCopy ;[LOCAL_0104]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"!!"
|
:004029E7 3AC4FC0900 LitVarStr ;PushVarString ptr_00402150 // 装入字符串变量
:004029EC FD00ECFE FStVarCopy ;[LOCAL_0114]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"已"
|
:004029F0 3AC4FC0A00 LitVarStr ;PushVarString ptr_0040215C // 装入字符串变量
:004029F5 FD001CFE FStVarCopy ;[LOCAL_01E4]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"不"
|
:004029F9 3AC4FC0B00 LitVarStr ;PushVarString ptr_00402164 // 装入字符串变量
:004029FE FD00DCFE FStVarCopy ;[LOCAL_0124]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"加"
|
:00402A02 3AC4FC0C00 LitVarStr ;PushVarString ptr_0040216C // 装入字符串变量
:00402A07 FD00CCFE FStVarCopy ;[LOCAL_0134]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"手"
|
:00402A0B 3AC4FC0D00 LitVarStr ;PushVarString ptr_00402174 // 装入字符串变量
:00402A10 FD00BCFE FStVarCopy ;[LOCAL_0144]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"懒"
|
:00402A14 3AC4FC0E00 LitVarStr ;PushVarString ptr_0040217C // 装入字符串变量
:00402A19 FD00FCFC FStVarCopy ;[LOCAL_0304]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"输"
|
:00402A1D 3AC4FC0F00 LitVarStr ;PushVarString ptr_00402184 // 装入字符串变量
:00402A22 FD00ECFD FStVarCopy ;[LOCAL_0214]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"油"
|
:00402A26 3AC4FC1000 LitVarStr ;PushVarString ptr_0040218C // 装入字符串变量
:00402A2B FD00ACFE FStVarCopy ;[LOCAL_0154]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->","
|
:00402A2F 3AC4FC1100 LitVarStr ;PushVarString ptr_00402194 // 装入字符串变量
:00402A34 FD009CFE FStVarCopy ;[LOCAL_0164]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"吸"
|
:00402A38 3AC4FC1200 LitVarStr ;PushVarString ptr_0040219C // 装入字符串变量
:00402A3D FD008CFE FStVarCopy ;[LOCAL_0174]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"册"
|
:00402A41 3AC4FC1300 LitVarStr ;PushVarString ptr_004021A4 // 装入字符串变量
:00402A46 FD000CFE FStVarCopy ;[LOCAL_01F4]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"要"
|
:00402A4A 3AC4FC1400 LitVarStr ;PushVarString ptr_004021AC // 装入字符串变量
:00402A4F FD007CFE FStVarCopy ;[LOCAL_0184]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"哈"
|
:00402A53 3AC4FC1500 LitVarStr ;PushVarString ptr_004021B4 // 装入字符串变量
:00402A58 FD002CFD FStVarCopy ;[LOCAL_02D4]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"都"
|
:00402A5C 3AC4FC1600 LitVarStr ;PushVarString ptr_004021BC // 装入字符串变量
:00402A61 FD00DCFD FStVarCopy ;[LOCAL_0224]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"次"
|
:00402A65 3AC4FC1700 LitVarStr ;PushVarString ptr_004021C4 // 装入字符串变量
:00402A6A FD006CFE FStVarCopy ;[LOCAL_0194]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"玖"
|
:00402A6E 3AC4FC1800 LitVarStr ;PushVarString ptr_004021CC // 装入字符串变量
:00402A73 FD00CCFD FStVarCopy ;[LOCAL_0234]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"那"
|
:00402A77 3AC4FC1900 LitVarStr ;PushVarString ptr_004021D4 // 装入字符串变量
:00402A7C FD00BCFD FStVarCopy ;[LOCAL_0244]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"?"
|
:00402A80 3AC4FC1A00 LitVarStr ;PushVarString ptr_004021DC // 装入字符串变量
:00402A85 FD002CFE FStVarCopy ;[LOCAL_01D4]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"告"
|
:00402A89 3AC4FC1B00 LitVarStr ;PushVarString ptr_004021E4 // 装入字符串变量
:00402A8E FD00ACFD FStVarCopy ;[LOCAL_0254]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"?"
|
:00402A92 3AC4FC1C00 LitVarStr ;PushVarString ptr_004021EC // 装入字符串变量
:00402A97 FD009CFD FStVarCopy ;[LOCAL_0264]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"这"
|
:00402A9B 3AC4FC1D00 LitVarStr ;PushVarString ptr_004021F4 // 装入字符串变量
:00402AA0 FD005CFE FStVarCopy ;[LOCAL_01A4]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"诅"
|
:00402AA4 3AC4FC1E00 LitVarStr ;PushVarString ptr_004021FC // 装入字符串变量
:00402AA9 FD00FCFD FStVarCopy ;[LOCAL_0204]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"属"
|
:00402AAD 3AC4FC1F00 LitVarStr ;PushVarString ptr_00402204 // 装入字符串变量
:00402AB2 FD008CFD FStVarCopy ;[LOCAL_0274]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"弥"
|
:00402AB6 3AC4FC2000 LitVarStr ;PushVarString ptr_0040220C // 装入字符串变量
:00402ABB FD006CFD FStVarCopy ;[LOCAL_0294]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"托"
|
:00402ABF 3AC4FC2100 LitVarStr ;PushVarString ptr_00402214 // 装入字符串变量
:00402AC4 FD005CFD FStVarCopy ;[LOCAL_02A4]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"?"
|
:00402AC8 3AC4FC2200 LitVarStr ;PushVarString ptr_0040221C // 装入字符串变量
:00402ACD FD004CFD FStVarCopy ;[LOCAL_02B4]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"?"
|
:00402AD1 3AC4FC2300 LitVarStr ;PushVarString ptr_00402224 // 装入字符串变量
:00402AD6 FD003CFD FStVarCopy ;[LOCAL_02C4]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"?"
|
:00402ADA 3AC4FC2400 LitVarStr ;PushVarString ptr_0040222C // 装入字符串变量
:00402ADF FD001CFD FStVarCopy ;[LOCAL_02E4]=vbaVarCopy(Pop) // 复制到内存
******Possible String Ref To->"吧"
|
:00402AE3 3AC4FC2500 LitVarStr ;PushVarString ptr_00402234 // 装入字符串变量
:00402AE8 FD000CFD FStVarCopy ;[LOCAL_02F4]=vbaVarCopy(Pop)
:00402AEC 04E4FC FLdRfVar ;Push LOCAL_031C // 开辟内存空间
:00402AEF 21 FLdPrThis ;[SR]=[stack2] \
:00402AF0 0F1403 VCallAd ;Return the control index 07 / 获得窗体句柄
:00402AF3 19E8FC FStAdFunc ;// 取propget过程地址
:00402AF6 08E8FC FLdPr ;[SR]=[LOCAL_0318] // 加载过程
***********Reference To:[propget]TextBox.Text
|
:00402AF9 0DA0000000 VCallHresult ;Call ptr_004020FC // 获得文本框中的内容
:00402AFE 6CE4FC ILdRf ;Push DWORD [LOCAL_031C] // 字符串入栈
:00402B01 4A FnLenStr ;vbaLenBstr //计算长度
:00402B02 FD69C4FC CVarI4 ;
:00402B06 FCF63CFE FStVar ;
:00402B0A 2FE4FC FFree1Str ;SysFreeString [LOCAL_031C]; [LOCAL_031C]=0
:00402B0D 1AE8FC FFree1Ad ;Push [LOCAL_0318]; Call [[[LOCAL_0318]]+8]; [[LOCAL_0318]]=0
:00402B10 28B4FC0100 LitVarI2 ;PushVarInteger 0001 // 0001入栈
:00402B15 04ECFC FLdRfVar ;Push LOCAL_0314 // 开辟内存空间i
:00402B18 043CFE FLdRfVar ;Push LOCAL_01C4 // 开辟内存空间
:00402B1B FE6894FC0602 ForVar ;// FOR 运算
:00402B21 04E4FC FLdRfVar ;Push LOCAL_031C // 开辟内存空间[文本内容]
:00402B24 21 FLdPrThis ;[SR]=[stack2] \
:00402B25 0F1403 VCallAd ;Return the control index 07 / 获得窗体句柄
:00402B28 19E8FC FStAdFunc ;// 取propget过程地址
:00402B2B 08E8FC FLdPr ;[SR]=[LOCAL_0318] // 加载过程
***********Reference To:[propget]TextBox.Text
|
:00402B2E 0DA0000000 VCallHresult ;Call ptr_004020FC // 获得文本框中的内容
:00402B33 28D4FC0100 LitVarI2 ;PushVarInteger 0001 \ 取长度
:00402B38 04ECFC FLdRfVar ;Push LOCAL_0314 | 变量i的值
:00402B3B FC22 CI4Var ;vbaI4Var | // MID函数参数入栈
:00402B3D 6CE4FC ILdRf ;Push DWORD [LOCAL_031C] / 文本内容
**********Reference To->msvbvm60.rtcMidCharBstr
|
:00402B40 0B26000C00 ImpAdCallI2 ;Call ptr_00401030; check stack 000C; Push EAX // MID操作
:00402B45 2390FC FStStrNoPop ;SysFreeString [LOCAL_0370]; [LOCAL_0370]=[stack]
**********Reference To->msvbvm60.rtcAnsiValueBstr
|
:00402B48 0B27000400 ImpAdCallI2 ;Call ptr_00401036; check stack 0004; Push EAX // ASC操作
:00402B4D 44B4FC CVarI2 ;// 将整形转换为变量
:00402B50 04ECFC FLdRfVar ;Push LOCAL_0314 // 变量i的值
:00402B53 FBB480FC MulVar ;// 相乘:asc(mid(name,i,1))*i
:00402B57 2870FC1A00 LitVarI2 ;PushVarInteger 001A //装立即数&H1A
:00402B5C FBA460FC ModVar ;// 取模 asc(mid(name,i,1)) * i mod &H1A
:00402B60 FEC150FC3766EC04 LitVarI4 ;// &H4EC6637
:00402B68 FBB440FC MulVar ;// 相乘:asc(mid(name,i,1)) * i mod &H1A * &H4EC6637
:00402B6C FCF65CFF FStVar ;// 感谢MengLong兄的帮助才找到这个I4
:00402B70 320400E4FC90FC FFreeStr ;Do SysFreeString [arg_n]; [arg_n]=0 0004/2 times ~ arg
:00402B77 1AE8FC FFree1Ad ;Push [LOCAL_0318]; Call [[[LOCAL_0318]]+8]; [[LOCAL_0318]]=0
:00402B7A 35D4FC FFree1Var ;Free LOCAL_032C
:00402B7D 04ECFC FLdRfVar ;Push LOCAL_0314
:00402B80 FE7E94FCA101 NextStepVar ;// NEXT
:00402B86 045CFF FLdRfVar ;Push LOCAL_00A4 // ""字符入栈
:00402B89 FD004CFE FStVarCopy ;[LOCAL_01B4]=vbaVarCopy(Pop)
:00402B8D 043CFE FLdRfVar ;Push LOCAL_01C4 // 用户名入栈
:00402B90 28C4FC0000 LitVarI2 ;PushVarInteger 0000
:00402B95 5D HardType ;
:00402B96 FB33 EqVarBool ;// 用户名是否等于""
:00402B98 1C0903 BranchF ;If Pop=0 then ESI=00402C89 //不等于则跳
:00402B9B 27F0FA LitVar ;PushVar LOCAL_0510 \
:00402B9E 2700FB LitVar ;PushVar LOCAL_0500 | Msgbox函数参数
:00402BA1 04CCFD FLdRfVar ;Push LOCAL_0234 // 加载字符 |
:00402BA4 04ACFD FLdRfVar ;Push LOCAL_0254 // 加载字符 |
:00402BA7 FB9410FB AddVar ;// 字符叠加
:00402BAB F530000000 LitI4 ;Push 00000030
:00402BB0 044CFF FLdRfVar ;Push LOCAL_00B4 // 加载字符 |
:00402BB3 041CFD FLdRfVar ;Push LOCAL_02E4 // 加载字符 |
:00402BB6 FB94D4FC AddVar ;// 字符叠加
:00402BBA 04FCFC FLdRfVar ;Push LOCAL_0304 // 加载字符 |
:00402BBD FB9480FC AddVar ;// 字符叠加
:00402BC1 04FCFE FLdRfVar ;Push LOCAL_0104 // 加载字符 |
:00402BC4 FB9460FC AddVar ;// 字符叠加
:00402BC8 040CFD FLdRfVar ;Push LOCAL_02F4 // 加载字符 |
:00402BCB FB9440FC AddVar ;// 字符叠加
:00402BCF 04ECFE FLdRfVar ;Push LOCAL_0114 // 加载字符 |
:00402BD2 FB9430FC AddVar ;// 字符叠加
:00402BD6 048CFD FLdRfVar ;Push LOCAL_0274 // 加载字符 |
:00402BD9 FB9420FC AddVar ;// 字符叠加
:00402BDD 047CFD FLdRfVar ;Push LOCAL_0284 // 加载字符 |
:00402BE0 FB9410FC AddVar ;// 字符叠加
:00402BE4 04DCFD FLdRfVar ;Push LOCAL_0224 // 加载字符 |
:00402BE7 FB9400FC AddVar ;// 字符叠加
:00402BEB 04DCFE FLdRfVar ;Push LOCAL_0124 // 加载字符 |
:00402BEE FB94F0FB AddVar ;// 字符叠加
:00402BF2 04ECFD FLdRfVar ;Push LOCAL_0214 // 加载字符 |
:00402BF5 FB94E0FB AddVar ;// 字符叠加
:00402BF9 049CFE FLdRfVar ;Push LOCAL_0164 // 加载字符 |
:00402BFC FB94D0FB AddVar ;// 字符叠加
:00402C00 04BCFD FLdRfVar ;Push LOCAL_0244 // 加载字符 |
:00402C03 FB94C0FB AddVar ;// 字符叠加
:00402C07 049CFD FLdRfVar ;Push LOCAL_0264 // 加载字符 |
:00402C0A FB94B0FB AddVar ;// 字符叠加
:00402C0E 046CFD FLdRfVar ;Push LOCAL_0294 // 加载字符 |
:00402C11 FB94A0FB AddVar ;// 字符叠加
:00402C15 044CFD FLdRfVar ;Push LOCAL_02B4 // 加载字符 |
:00402C18 FB9490FB AddVar ;// 字符叠加
:00402C1C 045CFD FLdRfVar ;Push LOCAL_02A4 // 加载字符 |
:00402C1F FB9480FB AddVar ;// 字符叠加
:00402C23 043CFD FLdRfVar ;Push LOCAL_02C4 // 加载字符 |
:00402C26 FB9470FB AddVar ;// 字符叠加
:00402C2A 04ECFE FLdRfVar ;Push LOCAL_0114 // 加载字符 |
:00402C2D FB9460FB AddVar ;// 字符叠加
:00402C31 042CFD FLdRfVar ;Push LOCAL_02D4 // 加载字符 |
:00402C34 FB9450FB AddVar ;// 字符叠加
:00402C38 042CFD FLdRfVar ;Push LOCAL_02D4 // 加载字符 |
:00402C3B FB9440FB AddVar ;// 字符叠加
:00402C3F 042CFD FLdRfVar ;Push LOCAL_02D4 // 加载字符 |
:00402C42 FB9430FB AddVar ;// 字符叠加
:00402C46 04ECFE FLdRfVar ;Push LOCAL_0114 // 加载字符 |
:00402C49 FB9420FB AddVar ;// 字符叠加 /
**********Reference To->msvbvm60.rtcMsgBox
|
:00402C4D 0A28001400 ImpAdCallFPR4 ;Call ptr_0040103C; check stack 0014; Push EAX
:00402C52 363200D4FC80FC60 FFreeVar ;Free 0032/2 variants
:00402C87 FCC804 End ;// 结束程序
:00402C8A 4C FnLBound ;vbaLBound
:00402C8B FE04E4FC ThisVCallR8 ;
:00402C8F 21 FLdPrThis ;[SR]=[stack2] \
:00402C90 0F0403 VCallAd ;Return the control index 03 / 获得窗体句柄
:00402C93 19E8FC FStAdFunc ;// 取propget过程地址
:00402C96 08E8FC FLdPr ;[SR]=[LOCAL_0318] // 加载过程
***********Reference To:[propget]TextBox.Text
|
:00402C99 0DA0000000 VCallHresult ;Call ptr_004020FC // 获得文本框中的内容[假码]
:00402C9E 3EE4FC FLdZeroAd ;Push DWORD [LOCAL_031C]; [LOCAL_031C]=0
:00402CA1 46D4FC CVarStr ;// 将字符串类型改为变量
:00402CA4 5D HardType ;
:00402CA5 FB33 EqVarBool ;// 比较真码假码
:00402CA7 1AE8FC FFree1Ad ;Push [LOCAL_0318]; Call [[[LOCAL_0318]]+8]; [[LOCAL_0318]]=0
:00402CAA 35D4FC FFree1Var ;Free LOCAL_032C
:00402CAD 1CDD03 BranchF ;If Pop=0 then ESI=00402D5D //不等则跳 00402D5D -〉1CDD03改为10DD03
:00402CB0 27E0FB LitVar ;PushVar LOCAL_0420 \ 即可以爆破!
:00402CB3 27F0FB LitVar ;PushVar LOCAL_0410 | Msgbox函数参数
:00402CB6 043CFF FLdRfVar ;Push LOCAL_00C4 // 加载字符 |
:00402CB9 041CFF FLdRfVar ;Push LOCAL_00E4 // 加载字符 |
:00402CBC FB9400FC AddVar ;// 字符叠加
:00402CC0 F540000000 LitI4 ;Push 00000040
:00402CC5 042CFE FLdRfVar ;Push LOCAL_01D4 // 加载字符 |
:00402CC8 04BCFE FLdRfVar ;Push LOCAL_0144 // 加载字符 |
:00402CCB FB94D4FC AddVar ;// 字符叠加
:00402CCF 04ECFE FLdRfVar ;Push LOCAL_0114 // 加载字符 |
:00402CD2 FB9480FC AddVar ;// 字符叠加
:00402CD6 044CFF FLdRfVar ;Push LOCAL_00B4 // 加载字符 |
:00402CD9 FB9460FC AddVar ;// 字符叠加
:00402CDD 043CFF FLdRfVar ;Push LOCAL_00C4 // 加载字符 |
:00402CE0 FB9440FC AddVar ;// 字符叠加
:00402CE4 041CFF FLdRfVar ;Push LOCAL_00E4 // 加载字符 |
:00402CE7 FB9430FC AddVar ;// 字符叠加
:00402CEB 04FCFE FLdRfVar ;Push LOCAL_0104 // 加载字符 |
:00402CEE FB9420FC AddVar ;// 字符叠加
:00402CF2 04ECFE FLdRfVar ;Push LOCAL_0114 // 加载字符 |
:00402CF5 FB9410FC AddVar ;// 字符叠加 /
**********Reference To->msvbvm60.rtcMsgBox
|
:00402CF9 0A28001400 ImpAdCallFPR4 ;Call ptr_0040103C; check stack 0014; Push EAX
:00402CFE 361400D4FC80FC60 FFreeVar ;Free 0014/2 variants
:00402D15 041CFE FLdRfVar ;Push LOCAL_01E4 // 加载字符
:00402D18 04FCFD FLdRfVar ;Push LOCAL_0204 // 加载字符
:00402D1B FB94D4FC AddVar ;// 字符叠加
:00402D1F 040CFE FLdRfVar ;Push LOCAL_01F4 // 加载字符
:00402D22 FB9480FC AddVar ;// 字符叠加
:00402D26 FDFEE4FC CStrVarVal ;
:00402D2A 21 FLdPrThis ;[SR]=[stack2] \
:00402D2B 0F0003 VCallAd ;Return the control index 02 / 获得窗体句柄
:00402D2E 19E8FC FStAdFunc ;// 取propget[CommandButton.Caption]过程地址
:00402D31 08E8FC FLdPr ;[SR]=[LOCAL_0318] // 加载过程
***********Reference To:[propput]CommandButton.Caption
|
:00402D34 0D54002900 VCallHresult ;Call ptr_00402238 // 改变Button.Caption
:00402D39 2FE4FC FFree1Str ;SysFreeString [LOCAL_031C]; [LOCAL_031C]=0
:00402D3C 1AE8FC FFree1Ad ;Push [LOCAL_0318]; Call [[[LOCAL_0318]]+8]; [[LOCAL_0318]]=0
:00402D3F 360400D4FC80FC FFreeVar ;Free 0004/2 variants
:00402D46 F400 LitI2_Byte ;Push 00 \
:00402D48 21 FLdPrThis ;[SR]=[stack2] | Enabled参数入栈
:00402D49 0F0003 VCallAd ;Return the control index 02 |
:00402D4C 19E8FC FStAdFunc ; |
:00402D4F 08E8FC FLdPr ;[SR]=[LOCAL_0318] /
***********Reference To:[propput]CommandButton.Enabled
|
:00402D52 0D8C002900 VCallHresult ;Call ptr_00402238 // 改变Button.Enabled
:00402D57 1AE8FC FFree1Ad ;Push [LOCAL_0318]; Call [[[LOCAL_0318]]+8]; [[LOCAL_0318]]=0
:00402D5A 1E9904 Branch ;ESI=00402E19 //程序跳转
:00402D5D 2790FB LitVar ;PushVar LOCAL_0470 \
:00402D60 27A0FB LitVar ;PushVar LOCAL_0460 | Msgbox函数参数
:00402D63 042CFF FLdRfVar ;Push LOCAL_00D4 // 加载字符 |
:00402D66 040CFF FLdRfVar ;Push LOCAL_00F4 // 加载字符 |
:00402D69 FB94B0FB AddVar ;// 字符叠加
:00402D6D F530000000 LitI4 ;Push 00000030
:00402D72 044CFF FLdRfVar ;Push LOCAL_00B4 // 加载字符 |
:00402D75 047CFE FLdRfVar ;Push LOCAL_0184 // 加载字符 |
:00402D78 FB94D4FC AddVar ;// 字符叠加
:00402D7C 04CCFE FLdRfVar ;Push LOCAL_0134 // 加载字符 |
:00402D7F FB9480FC AddVar ;// 字符叠加
:00402D83 04ACFE FLdRfVar ;Push LOCAL_0154 // 加载字符 |
:00402D86 FB9460FC AddVar ;// 字符叠加
:00402D8A 048CFE FLdRfVar ;Push LOCAL_0174 // 加载字符 |
:00402D8D FB9440FC AddVar ;// 字符叠加
:00402D91 049CFE FLdRfVar ;Push LOCAL_0164 // 加载字符 |
:00402D94 FB9430FC AddVar ;// 字符叠加
:00402D98 045CFE FLdRfVar ;Push LOCAL_01A4 // 加载字符 |
:00402D9B FB9420FC AddVar ;// 字符叠加
:00402D9F 046CFE FLdRfVar ;Push LOCAL_0194 // 加载字符 |
:00402DA2 FB9410FC AddVar ;// 字符叠加
:00402DA6 044CFF FLdRfVar ;Push LOCAL_00B4 // 加载字符 |
:00402DA9 FB9400FC AddVar ;// 字符叠加
:00402DAD 042CFF FLdRfVar ;Push LOCAL_00D4 // 加载字符 |
:00402DB0 FB94F0FB AddVar ;// 字符叠加
:00402DB4 040CFF FLdRfVar ;Push LOCAL_00F4 // 加载字符 |
:00402DB7 FB94E0FB AddVar ;// 字符叠加
:00402DBB 04FCFE FLdRfVar ;Push LOCAL_0104 // 加载字符 |
:00402DBE FB94D0FB AddVar ;// 字符叠加
:00402DC2 04ECFE FLdRfVar ;Push LOCAL_0114 // 加载字符 |
:00402DC5 FB94C0FB AddVar ;// 字符叠加 /
**********Reference To->msvbvm60.rtcMsgBox
|
:00402DC9 0A28001400 ImpAdCallFPR4 ;Call ptr_0040103C; check stack 0014; Push EAX
:00402DCE 361E00D4FC80FC60 FFreeVar ;Free 001E/2 variants
******Possible String Ref To->""
|
:00402DEF 1B0100 LitStr ;Push ptr_00402110 // 装入字符串变量
:00402DF2 21 FLdPrThis ;[SR]=[stack2] \
:00402DF3 0F1403 VCallAd ;Return the control index 07 / 获得窗体句柄
:00402DF6 19E8FC FStAdFunc ;// 取propput过程地址
:00402DF9 08E8FC FLdPr ;[SR]=[LOCAL_0318] //加载过程
***********Reference To:[propput]TextBox.Text
|
:00402DFC 0DA4000000 VCallHresult ;Call ptr_004020FC // 写入
:00402E01 1AE8FC FFree1Ad ;Push [LOCAL_0318]; Call [[[LOCAL_0318]]+8]; [[LOCAL_0318]]=0
******Possible String Ref To->""
|
:00402E04 1B0100 LitStr ;Push ptr_00402110 // 装入字符串变量
:00402E07 21 FLdPrThis ;[SR]=[stack2] \
:00402E08 0F0403 VCallAd ;Return the control index 03 / 获得窗体句柄
:00402E0B 19E8FC FStAdFunc ;// 取propput过程地址
:00402E0E 08E8FC FLdPr ;[SR]=[LOCAL_0318] //加载过程
***********Reference To:[propput]TextBox.Text
|
:00402E11 0DA4000000 VCallHresult ;Call ptr_004020FC // 写入
:00402E16 1AE8FC FFree1Ad ;Push [LOCAL_0318]; Call [[[LOCAL_0318]]+8]; [[LOCAL_0318]]=0
:00402E19 13 ExitProcHresult ;// 退出过程
:00402E1A 0000 LargeBos ;IDE beginning of line with 00 byte codes
[cmdExit.Click]
:004028A8 FCC813 End ;// 结束程序
算法:asc(mid(name,i,1)) * i mod &H1A * &H4EC6637
再次感谢MengLong兄弟的帮助!
Moodsky[DFCG]
2005.02.18
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
