VB 程序,用OD跟踪后发现
0040342C S> 68 B05C4000 push Setting.00405CB0
00403431 E8 EEFFFFFF call <jmp.&MSVBVM60.#100> ---->如果按F8就提示找不到硬件锁
00403436 0000 add byte ptr ds:[eax],al
00403438 0000 add byte ptr ds:[eax],al
0040343A 0000 add byte ptr ds:[eax],al
0040343C 3000 xor byte ptr ds:[eax],al
0040343E 0000 add byte ptr ds:[eax],al
00403440 40 inc eax
F7跟进后来后这里:
6A28DE3E M> 55 push ebp
6A28DE3F 8BEC mov ebp,esp
6A28DE41 6A FF push -1
6A28DE43 68 809D296A push MSVBVM60.6A299D80
6A28DE48 68 34FD366A push MSVBVM60.6A36FD34
6A28DE4D 64:A1 00000000 mov eax,dword ptr fs:[0]
6A28DE53 50 push eax
6A28DE54 64:8925 0000000>mov dword ptr fs:[0],esp
6A28DE5B 51 push ecx
6A28DE5C 51 push ecx
6A28DE5D 83EC 4C sub esp,4C
6A28DE60 53 push ebx
6A28DE61 56 push esi
6A28DE62 57 push edi
6A28DE63 8965 E8 mov dword ptr ss:[ebp-18],esp
6A28DE66 8B75 08 mov esi,dword ptr ss:[ebp+8]
6A28DE69 8935 DC07396A mov dword ptr ds:[6A3907DC],esi
6A28DE6F 8365 FC 00 and dword ptr ss:[ebp-4],0
6A28DE73 8D45 A0 lea eax,dword ptr ss:[ebp-60]
6A28DE76 50 push eax
6A28DE77 FF15 1811286A call dword ptr ds:[<&KERNEL32.GetStartupInf>; KERNEL32.GetStartupInfoA
6A28DE7D 0FB745 D0 movzx eax,word ptr ss:[ebp-30]
6A28DE81 A3 D807396A mov dword ptr ds:[6A3907D8],eax
6A28DE86 FF35 D406396A push dword ptr ds:[6A3906D4] ; Setting.00400000
6A28DE8C 56 push esi
6A28DE8D BE 7004396A mov esi,MSVBVM60.6A390470
6A28DE92 8BCE mov ecx,esi
6A28DE94 E8 60000000 call MSVBVM60.6A28DEF9 ------>此处按F8又调用对话框
6A28DE99 8945 E4 mov dword ptr ss:[ebp-1C],eax
6A28DE9C 85C0 test eax,eax
6A28DE9E 7C 51 jl short MSVBVM60.6A28DEF1
再次F7跟进后来这里:
6A28DEF9 55 push ebp
6A28DEFA 8BEC mov ebp,esp
6A28DEFC 51 push ecx
6A28DEFD 8B45 0C mov eax,dword ptr ss:[ebp+C]
6A28DF00 53 push ebx
6A28DF01 56 push esi
6A28DF02 57 push edi
6A28DF03 8B7D 08 mov edi,dword ptr ss:[ebp+8]
6A28DF06 8BF1 mov esi,ecx
6A28DF08 8B1D C806396A mov ebx,dword ptr ds:[6A3906C8]
6A28DF0E 8065 FF 00 and byte ptr ss:[ebp-1],0
6A28DF12 8986 1C010000 mov dword ptr ds:[esi+11C],eax
6A28DF18 8B47 3C mov eax,dword ptr ds:[edi+3C]
6A28DF1B 8026 00 and byte ptr ds:[esi],0
6A28DF1E 68 04010000 push 104
6A28DF23 F7D0 not eax
6A28DF25 C1E8 03 shr eax,3
6A28DF28 24 01 and al,1
6A28DF2A 6A 08 push 8
6A28DF2C 53 push ebx
6A28DF2D 89BE 20010000 mov dword ptr ds:[esi+120],edi
6A28DF33 8846 01 mov byte ptr ds:[esi+1],al
6A28DF36 FF15 D010286A call dword ptr ds:[<&KERNEL32.HeapAlloc>] ; ntdll.RtlAllocateHeap
6A28DF3C 85C0 test eax,eax
6A28DF3E 0F84 08DB0200 je MSVBVM60.6A2BBA4C
6A28DF44 8918 mov dword ptr ds:[eax],ebx
6A28DF46 83C0 04 add eax,4
6A28DF49 85C0 test eax,eax
6A28DF4B 0F84 FBDA0200 je MSVBVM60.6A2BBA4C
6A28DF51 6A 01 push 1
6A28DF53 8BC8 mov ecx,eax
6A28DF55 E8 8C000000 call MSVBVM60.6A28DFE6
6A28DF5A 8BD8 mov ebx,eax
6A28DF5C 85DB test ebx,ebx
6A28DF5E 0F84 EFDA0200 je MSVBVM60.6A2BBA53
6A28DF64 FF15 C810286A call dword ptr ds:[<&KERNEL32.GetCurrentThr>; KERNEL32.GetCurrentThreadId
6A28DF6A 56 push esi
6A28DF6B 8BCB mov ecx,ebx
6A28DF6D 8946 24 mov dword ptr ds:[esi+24],eax
6A28DF70 E8 27010000 call MSVBVM60.6A28E09C
6A28DF75 85C0 test eax,eax
6A28DF77 8945 08 mov dword ptr ss:[ebp+8],eax
6A28DF7A 7C 31 jl short MSVBVM60.6A28DFAD
6A28DF7C 53 push ebx
6A28DF7D 8BCE mov ecx,esi
6A28DF7F E8 82010000 call MSVBVM60.6A28E106
6A28DF84 FF75 0C push dword ptr ss:[ebp+C]
6A28DF87 8BCB mov ecx,ebx
6A28DF89 C645 FF 01 mov byte ptr ss:[ebp-1],1
6A28DF8D 57 push edi
6A28DF8E E8 D0010000 call MSVBVM60.6A28E163 ---->此处再次出现对话框,程序OVER
6A28DF93 85C0 test eax,eax
请高手指点一下,软件狗是深思的
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!