-
-
[旧帖]
一个小记牌器,求给思路
0.00雪花
-
发表于:
2013-1-10 12:59
3136
-
软件非常小巧,只有一个单独的exe文件,VB编写,无壳
折腾了半天文字去掉了,但是遮挡的两个框去不掉
::0041DFF1:: FF15 18104000 CALL NEAR DWORD PTR [401018] >>>: MSVBVM60.DLL:__vbaFreeVarList
::0041DFF7:: 8B16 MOV EDX, DWORD PTR [ESI]
::0041DFF9:: 83C4 2C ADD ESP, 2C
::0041DFFC:: 56 PUSH ESI
::0041DFFD:: FF92 1C030000 CALL NEAR DWORD PTR [EDX+31C]
::0041E003:: 8B1D 48104000 MOV EBX, DWORD PTR [401048]
::0041E009:: 50 PUSH EAX
::0041E00A:: 8D45 E4 LEA EAX, DWORD PTR [EBP-1C]
::0041E00D:: 50 PUSH EAX
::0041E00E:: FFD3 CALL NEAR EBX
::0041E010:: 8BF8 MOV EDI, EAX
::0041E012:: 68 EC0F4100 PUSH 410FEC \->: 不注册免费试用,有遮挡。收费注册消除遮挡 46827027
::0041E017:: 57 PUSH EDI
::0041E018:: 8B0F MOV ECX, DWORD PTR [EDI]
::0041E01A:: FF51 54 CALL NEAR DWORD PTR [ECX+54]
::0041E01D:: 85C0 TEST EAX, EAX
::0041E01F:: DBE2 FCLEX
::0041E021:: 7D 0F JGE SHORT 0041E032 \:JMPDOWN
::0041DE8E:: E8 5930FFFF CALL 00410EEC \:JMPUP
::0041DE93:: FF15 38104000 CALL NEAR DWORD PTR [401038] >>>: MSVBVM60.DLL:__vbaSetSystemError
::0041DE99:: 8B16 MOV EDX, DWORD PTR [ESI]
::0041DE9B:: 56 PUSH ESI
::0041DE9C:: FF92 00030000 CALL NEAR DWORD PTR [EDX+300]
::0041DEA2:: 50 PUSH EAX
::0041DEA3:: 8D45 E4 LEA EAX, DWORD PTR [EBP-1C]
::0041DEA6:: 50 PUSH EAX
::0041DEA7:: FFD3 CALL NEAR EBX
::0041DEA9:: 8B3D AC104000 MOV EDI, DWORD PTR [4010AC]
::0041DEAF:: 8D4D D4 LEA ECX, DWORD PTR [EBP-2C]
::0041DEB2:: 8BD8 MOV EBX, EAX
::0041DEB4:: 6A 0D PUSH D
::0041DEB6:: 51 PUSH ECX
::0041DEB7:: 899D 08FFFFFF MOV DWORD PTR [EBP-F8], EBX
::0041DEBD:: C785 3CFFFFFF 900F4100 MOV DWORD PTR [EBP-C4], 410F90 \->: 点击这里
::0041DEC7:: C785 34FFFFFF 08000000 MOV DWORD PTR [EBP-CC], 8
::0041DED1:: FFD7 CALL NEAR EDI
::0041DED3:: 8D55 B4 LEA EDX, DWORD PTR [EBP-4C]
::0041DED6:: 6A 0A PUSH A
::0041DED8:: 52 PUSH EDX
::0041DED9:: FFD7 CALL NEAR EDI
::0041DEDB:: 8D45 84 LEA EAX, DWORD PTR [EBP-7C]
::0041DEDE:: 6A 0D PUSH D
::0041DEE0:: 50 PUSH EAX
::0041DEE1:: C785 2CFFFFFF A00F4100 MOV DWORD PTR [EBP-D4], 410FA0 \->: 收费注册
::0041DEEB:: C785 24FFFFFF 08000000 MOV DWORD PTR [EBP-DC], 8
::0041DEF5:: FFD7 CALL NEAR EDI
::0041DEF7:: 8D8D 64FFFFFF LEA ECX, DWORD PTR [EBP-9C]
::0041DEFD:: 6A 0A PUSH A
::0041DEFF:: 51 PUSH ECX
::0041DF00:: FFD7 CALL NEAR EDI
::0041DF02:: 8B3D B8104000 MOV EDI, DWORD PTR [4010B8]
::0041DF08:: 8D95 34FFFFFF LEA EDX, DWORD PTR [EBP-CC]
::0041DF0E:: 8D45 D4 LEA EAX, DWORD PTR [EBP-2C]
::0041DF11:: 52 PUSH EDX
::0041DF12:: 8D4D C4 LEA ECX, DWORD PTR [EBP-3C]
::0041DF15:: 50 PUSH EAX
::0041DF16:: C785 1CFFFFFF B00F4100 MOV DWORD PTR [EBP-E4], 410FB0 \->: 消除遮挡
::0041DF20:: C785 14FFFFFF 08000000 MOV DWORD PTR [EBP-EC], 8
::0041DF2A:: 8B1B MOV EBX, DWORD PTR [EBX]
::0041DF2C:: 51 PUSH ECX
::0041DF2D:: FFD7 CALL NEAR EDI
::0041DF2F:: 50 PUSH EAX
::0041DF30:: 8D55 B4 LEA EDX, DWORD PTR [EBP-4C]
::0041DF33:: 8D45 A4 LEA EAX, DWORD PTR [EBP-5C]
::0041DF36:: 52 PUSH EDX
::0041DF37:: 50 PUSH EAX
::0041DF38:: FFD7 CALL NEAR EDI
::0041DF3A:: 8D8D 24FFFFFF LEA ECX, DWORD PTR [EBP-DC]
::0041DF40:: 50 PUSH EAX
::0041DF41:: 8D55 94 LEA EDX, DWORD PTR [EBP-6C]
::0041DF44:: 51 PUSH ECX
::0041DF45:: 52 PUSH EDX
::0041DF46:: FFD7 CALL NEAR EDI
::0041DF48:: 50 PUSH EAX
::0041DF49:: 8D45 84 LEA EAX, DWORD PTR [EBP-7C]
::0041DF4C:: 8D8D 74FFFFFF LEA ECX, DWORD PTR [EBP-8C]
::0041DF52:: 50 PUSH EAX
::0041DF53:: 51 PUSH ECX
::0041DF54:: FFD7 CALL NEAR EDI
::0041DF56:: 50 PUSH EAX
::0041DF57:: 8D95 64FFFFFF LEA EDX, DWORD PTR [EBP-9C]
::0041DF5D:: 8D85 54FFFFFF LEA EAX, DWORD PTR [EBP-AC]
::0041DF63:: 52 PUSH EDX
::0041DF64:: 50 PUSH EAX
::0041DF65:: FFD7 CALL NEAR EDI
::0041DF67:: 50 PUSH EAX
::0041DF68:: 8D8D 14FFFFFF LEA ECX, DWORD PTR [EBP-EC]
::0041DF6E:: 8D95 44FFFFFF LEA EDX, DWORD PTR [EBP-BC]
::0041DF74:: 51 PUSH ECX
::0041DF75:: 52 PUSH EDX
::0041DF76:: FFD7 CALL NEAR EDI
::0041DF78:: 50 PUSH EAX
::0041DF79:: 8D45 E8 LEA EAX, DWORD PTR [EBP-18]
::0041DF7C:: 50 PUSH EAX
::0041DF7D:: FF15 B4104000 CALL NEAR DWORD PTR [4010B4] >>>: MSVBVM60.DLL:__vbaStrVarVal
遮挡部分去掉就可以使用了,每5次关闭倒是关系不大
根据他的注册说明
我怀疑现在的版本是demo版,交钱后作者给正常版本,但是现在的版本如果把遮挡去掉后基本可以正常使用 其它限制无关紧要
[课程]FART 脱壳王!加量不加价!FART作者讲授!
