[原创] TimeRecorder V4.17.3简单算法分析-软件逆向-看雪-安全社区|安全招聘|kanxue.com

[原创] TimeRecorder V4.17.3简单算法分析

发表于: 2005-8-19 15:21 8531

[原创] TimeRecorder V4.17.3简单算法分析

lnn1123

2005-8-19 15:21

8531

TimeRecorder V4.17.3简单算法分析

　　　　　日期：2005年8月19日　　　破解人：lnn1123[BCG]
―――――――――――――――――――――――――――――――――――――――――――

【软件名称】：TimeRecorder 　　　软件版本：V4.17.3
【软件大小】： 1912KB
【下载地址】：天空软件
【软件简介】：TimeRecorder is a timer and reminder software.  It provides the
following functions: as a reminder, can show tips about scheduled
and important tasks at the prearranged time; as a recorder, to
keep track of time and record everything we do in a whole day,
a week or even a month; as a memo, what we write or paste into
will be saved automatically for future reference. Also, it can
shut down computer automatically at the specified time.
TimeRecorder (copyright 2001-2004 by SunShine Software Inc.) is
a shareware application.  If, after a reasonable period, you decide
that you find TimeRecorder useful and plan to continue to use it,
please register with SunShine Software Inc.

There is a convenient way to register.  For more details on
registration, see "Help/Documentation/How To Buy" from within
TimeRecorder or visit web site http://timerecorder.51.net .
【软件限制】：次数限制，只能够用40次
【破解声明】：初学Crack，只是感兴趣，没有其它目的。失误之处敬请诸位大侠赐教！
【破解工具】：OLLYDBG，PEID

―――――――――――――――――――――――――――――――――――――――――――
　
【破解过程】：

======================================================================================
                                 分析过程
======================================================================================
OD载入，PEID查看无壳，VB的好怕怕啊，注册有错误提示，无反跟踪，BP MsgBoxA,可以找到下面下断处
004748F0 > 55          PUSH EBP                               ;  下断处
004748F1 . 8BEC          MOV EBP,ESP
004748F3 . 83EC 0C       SUB ESP,0C
004748F6 . 68 561E4000 PUSH <JMP.&MSVBVM50.__vbaExceptHandler>  ;  SE handler installation
004748FB . 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
00474901 . 50          PUSH EAX
00474902 . 64:8925 000000>MOV DWORD PTR FS:[0],ESP
00474909 . 81EC F0000000  SUB ESP,0F0
0047490F . 53          PUSH EBX
00474910 . 8B5D 08       MOV EBX,DWORD PTR SS:[EBP+8]
00474913 . 8BC3          MOV EAX,EBX
00474915 . 56          PUSH ESI
00474916 . 83E3 FE       AND EBX,FFFFFFFE
00474919 . 57          PUSH EDI
0047491A . 8965 F4       MOV DWORD PTR SS:[EBP-C],ESP
0047491D . 83E0 01       AND EAX,1
00474920 . 8B33          MOV ESI,DWORD PTR DS:[EBX]
00474922 . C745 F8 401640>MOV DWORD PTR SS:[EBP-8],TimeReco.004016>
00474929 . 53          PUSH EBX
0047492A . 8945 FC       MOV DWORD PTR SS:[EBP-4],EAX
0047492D . 895D 08       MOV DWORD PTR SS:[EBP+8],EBX
00474930 . 89B5 0CFFFFFF  MOV DWORD PTR SS:[EBP-F4],ESI
00474936 . FF56 04       CALL DWORD PTR DS:[ESI+4]
00474939 . 8BB6 10030000  MOV ESI,DWORD PTR DS:[ESI+310]
0047493F . 33FF          XOR EDI,EDI
00474941 . 53          PUSH EBX
00474942 . 897D E0       MOV DWORD PTR SS:[EBP-20],EDI
00474945 . 897D DC       MOV DWORD PTR SS:[EBP-24],EDI
00474948 . 897D D8       MOV DWORD PTR SS:[EBP-28],EDI
0047494B . 897D D4       MOV DWORD PTR SS:[EBP-2C],EDI
0047494E . 897D D0       MOV DWORD PTR SS:[EBP-30],EDI
00474951 . 897D CC       MOV DWORD PTR SS:[EBP-34],EDI
00474954 . 897D C8       MOV DWORD PTR SS:[EBP-38],EDI
00474957 . 897D C4       MOV DWORD PTR SS:[EBP-3C],EDI
0047495A . 897D C0       MOV DWORD PTR SS:[EBP-40],EDI
0047495D . 897D B0       MOV DWORD PTR SS:[EBP-50],EDI
00474960 . 897D A0       MOV DWORD PTR SS:[EBP-60],EDI
00474963 . 897D 90       MOV DWORD PTR SS:[EBP-70],EDI
00474966 . 897D 80       MOV DWORD PTR SS:[EBP-80],EDI
00474969 . 89BD 70FFFFFF  MOV DWORD PTR SS:[EBP-90],EDI
0047496F . 89BD 60FFFFFF  MOV DWORD PTR SS:[EBP-A0],EDI
00474975 . 89BD 3CFFFFFF  MOV DWORD PTR SS:[EBP-C4],EDI
0047497B . 89B5 08FFFFFF  MOV DWORD PTR SS:[EBP-F8],ESI
00474981 . FFD6          CALL ESI
00474983 . 8D4D C8       LEA ECX,DWORD PTR SS:[EBP-38]
00474986 . 50          PUSH EAX
00474987 . 51          PUSH ECX
00474988 . FF15 80834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>;  MSVBVM50.__vbaObjSet
0047498E . 8B10          MOV EDX,DWORD PTR DS:[EAX]
00474990 . 8D4D E0       LEA ECX,DWORD PTR SS:[EBP-20]
00474993 . 51          PUSH ECX
00474994 . 50          PUSH EAX
00474995 . 8985 38FFFFFF  MOV DWORD PTR SS:[EBP-C8],EAX
0047499B . FF92 A0000000  CALL DWORD PTR DS:[EDX+A0]
004749A1 . 3BC7          CMP EAX,EDI
004749A3 . 7D 18       JGE SHORT TimeReco.004749BD
004749A5 . 8B95 38FFFFFF  MOV EDX,DWORD PTR SS:[EBP-C8]
004749AB . 68 A0000000 PUSH 0A0
004749B0 . 68 C8664100 PUSH TimeReco.004166C8
004749B5 . 52          PUSH EDX
004749B6 . 50          PUSH EAX
004749B7 . FF15 4C834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;  MSVBVM50.__vbaHresultCheckObj
004749BD > 8B45 E0       MOV EAX,DWORD PTR SS:[EBP-20]          ;  注册名
004749C0 . 50          PUSH EAX                               ;  比较参数1
004749C1 . 68 0C654100 PUSH TimeReco.0041650C                ;  比较参数2
004749C6 . FF15 F0834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrCm>;  MSVBVM50.__vbaStrCmp
004749CC . F7D8          NEG EAX                               ;  比较注册名是否为空
004749CE . 1BC0          SBB EAX,EAX
004749D0 . 8D4D E0       LEA ECX,DWORD PTR SS:[EBP-20]
004749D3 . F7D8          NEG EAX
004749D5 . F7D8          NEG EAX
004749D7 . 8985 30FFFFFF  MOV DWORD PTR SS:[EBP-D0],EAX          ;  保存
004749DD . FF15 80854900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>;  MSVBVM50.__vbaFreeStr
004749E3 . 8D4D C8       LEA ECX,DWORD PTR SS:[EBP-38]
004749E6 . FF15 7C854900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>;  MSVBVM50.__vbaFreeObj
004749EC . 66:39BD 30FFFF>CMP WORD PTR SS:[EBP-D0],DI             ;  是否输入了
004749F3 . 0F84 310B0000  JE TimeReco.0047552A                   ;  不能够跳
004749F9 . 53          PUSH EBX
004749FA . FF95 08FFFFFF  CALL DWORD PTR SS:[EBP-F8]
00474A00 . 8D4D C8       LEA ECX,DWORD PTR SS:[EBP-38]
00474A03 . 50          PUSH EAX
00474A04 . 51          PUSH ECX
00474A05 . FF15 80834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>;  MSVBVM50.__vbaObjSet
00474A0B . 8B10          MOV EDX,DWORD PTR DS:[EAX]
00474A0D . 8D4D E0       LEA ECX,DWORD PTR SS:[EBP-20]
00474A10 . 51          PUSH ECX
00474A11 . 50          PUSH EAX
00474A12 . 8985 38FFFFFF  MOV DWORD PTR SS:[EBP-C8],EAX
00474A18 . FF92 A0000000  CALL DWORD PTR DS:[EDX+A0]
00474A1E . 3BC7          CMP EAX,EDI
00474A20 . 7D 18       JGE SHORT TimeReco.00474A3A
00474A22 . 8B95 38FFFFFF  MOV EDX,DWORD PTR SS:[EBP-C8]
00474A28 . 68 A0000000 PUSH 0A0
00474A2D . 68 C8664100 PUSH TimeReco.004166C8
00474A32 . 52          PUSH EDX
00474A33 . 50          PUSH EAX
00474A34 . FF15 4C834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;  MSVBVM50.__vbaHresultCheckObj
00474A3A > 8B45 E0       MOV EAX,DWORD PTR SS:[EBP-20]          ;  注册名
00474A3D . 50          PUSH EAX                               ;  参数
00474A3E . FF15 08834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaLenBs>;  MSVBVM50.__vbaLenBstr
00474A44 . 8D4D E0       LEA ECX,DWORD PTR SS:[EBP-20]          ;  长度值在EAX
00474A47 . 8985 1CFFFFFF  MOV DWORD PTR SS:[EBP-E4],EAX          ;  保存
00474A4D . BE 01000000 MOV ESI,1
00474A52 . FF15 80854900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>;  MSVBVM50.__vbaFreeStr
00474A58 . 8D4D C8       LEA ECX,DWORD PTR SS:[EBP-38]
00474A5B . FF15 7C854900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>;  MSVBVM50.__vbaFreeObj
00474A61 > 3BB5 1CFFFFFF  CMP ESI,DWORD PTR SS:[EBP-E4]          ;  循环得到注册名ASC和
00474A67 . 0F8F A6000000  JG TimeReco.00474B13
00474A6D . 53          PUSH EBX
00474A6E . FF95 08FFFFFF  CALL DWORD PTR SS:[EBP-F8]
00474A74 . 8D4D C8       LEA ECX,DWORD PTR SS:[EBP-38]
00474A77 . 50          PUSH EAX
00474A78 . 51          PUSH ECX
00474A79 . FF15 80834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>;  MSVBVM50.__vbaObjSet
00474A7F . 8B45 C8       MOV EAX,DWORD PTR SS:[EBP-38]
00474A82 . 8D55 A0       LEA EDX,DWORD PTR SS:[EBP-60]
00474A85 . 8945 B8       MOV DWORD PTR SS:[EBP-48],EAX
00474A88 . 52          PUSH EDX
00474A89 . 8D45 B0       LEA EAX,DWORD PTR SS:[EBP-50]
00474A8C . 56          PUSH ESI
00474A8D . 8D4D 90       LEA ECX,DWORD PTR SS:[EBP-70]
00474A90 . 50          PUSH EAX
00474A91 . 51          PUSH ECX
00474A92 . C745 A8 010000>MOV DWORD PTR SS:[EBP-58],1
00474A99 . C745 A0 020000>MOV DWORD PTR SS:[EBP-60],2
00474AA0 . C745 C8 000000>MOV DWORD PTR SS:[EBP-38],0
00474AA7 . C745 B0 090000>MOV DWORD PTR SS:[EBP-50],9
00474AAE . FF15 D4834900  CALL DWORD PTR DS:[<&MSVBVM50.#632>]    ;  MSVBVM50.rtcMidCharVar
00474AB4 . 8D55 90       LEA EDX,DWORD PTR SS:[EBP-70]          ;  上面的是VB中的取字符函数
00474AB7 . 8D45 E0       LEA EAX,DWORD PTR SS:[EBP-20]
00474ABA . 52          PUSH EDX
00474ABB . 50          PUSH EAX
00474ABC . FF15 80844900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrVa>;  MSVBVM50.__vbaStrVarVal
00474AC2 . 50          PUSH EAX                               ;  转化为变量型
00474AC3 . FF15 20834900  CALL DWORD PTR DS:[<&MSVBVM50.#516>]    ;  MSVBVM50.rtcAnsiValueBstr
00474AC9 . 0FBFC8       MOVSX ECX,AX                            ;  AX为注册名某位ASC
00474ACC . 03CF          ADD ECX,EDI                            ;  累加到ECX
00474ACE . 0F80 6A0B0000  JO TimeReco.0047563E
00474AD4 . 8BF9          MOV EDI,ECX                            ;  转移
00474AD6 . 8D4D E0       LEA ECX,DWORD PTR SS:[EBP-20]
00474AD9 . FF15 80854900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>;  MSVBVM50.__vbaFreeStr
00474ADF . 8D4D C8       LEA ECX,DWORD PTR SS:[EBP-38]
00474AE2 . FF15 7C854900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>;  MSVBVM50.__vbaFreeObj
00474AE8 . 8D55 90       LEA EDX,DWORD PTR SS:[EBP-70]
00474AEB . 8D45 A0       LEA EAX,DWORD PTR SS:[EBP-60]
00474AEE . 52          PUSH EDX
00474AEF . 8D4D B0       LEA ECX,DWORD PTR SS:[EBP-50]
00474AF2 . 50          PUSH EAX
00474AF3 . 51          PUSH ECX
00474AF4 . 6A 03       PUSH 3
00474AF6 . FF15 10834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeV>;  MSVBVM50.__vbaFreeVarList
00474AFC . B8 01000000 MOV EAX,1
00474B01 . 83C4 10       ADD ESP,10
00474B04 . 03C6          ADD EAX,ESI                            ;  EAX=EAX+ESI
00474B06 . 0F80 320B0000  JO TimeReco.0047563E
00474B0C . 8BF0          MOV ESI,EAX
00474B0E .^E9 4EFFFFFF JMP TimeReco.00474A61                   ;  循环到00474A61
00474B13 > A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474B18 . 85C0          TEST EAX,EAX
00474B1A . 75 19       JNZ SHORT TimeReco.00474B35
00474B1C . 8B1D AC844900  MOV EBX,DWORD PTR DS:[<&MSVBVM50.__vbaNe>;  MSVBVM50.__vbaNew2
00474B22 . 68 80204900 PUSH TimeReco.00492080
00474B27 . 68 94044100 PUSH TimeReco.00410494
00474B2C . FFD3          CALL EBX                               ;  <&MSVBVM50.__vbaNew2>
00474B2E . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474B33 . EB 06       JMP SHORT TimeReco.00474B3B
00474B35 > 8B1D AC844900  MOV EBX,DWORD PTR DS:[<&MSVBVM50.__vbaNe>;  MSVBVM50.__vbaNew2
00474B3B > 85C0          TEST EAX,EAX
00474B3D . 8985 28FFFFFF  MOV DWORD PTR SS:[EBP-D8],EAX
00474B43 . 75 11       JNZ SHORT TimeReco.00474B56
00474B45 . 68 80204900 PUSH TimeReco.00492080
00474B4A . 68 94044100 PUSH TimeReco.00410494
00474B4F . FFD3          CALL EBX
00474B51 . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474B56 > 8B10          MOV EDX,DWORD PTR DS:[EAX]
00474B58 . 50          PUSH EAX
00474B59 . FF92 D4030000  CALL DWORD PTR DS:[EDX+3D4]
00474B5F . 50          PUSH EAX
00474B60 . 8D45 C8       LEA EAX,DWORD PTR SS:[EBP-38]
00474B63 . 50          PUSH EAX
00474B64 . FF15 80834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>;  MSVBVM50.__vbaObjSet
00474B6A . 8BF0          MOV ESI,EAX
00474B6C . 8D55 E0       LEA EDX,DWORD PTR SS:[EBP-20]
00474B6F . 52          PUSH EDX
00474B70 . 56          PUSH ESI
00474B71 . 8B0E          MOV ECX,DWORD PTR DS:[ESI]
00474B73 . FF91 A0000000  CALL DWORD PTR DS:[ECX+A0]
00474B79 . 85C0          TEST EAX,EAX
00474B7B . 7D 12       JGE SHORT TimeReco.00474B8F
00474B7D . 68 A0000000 PUSH 0A0
00474B82 . 68 C8664100 PUSH TimeReco.004166C8
00474B87 . 56          PUSH ESI
00474B88 . 50          PUSH EAX
00474B89 . FF15 4C834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;  MSVBVM50.__vbaHresultCheckObj
00474B8F > A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474B94 . 85C0          TEST EAX,EAX
00474B96 . 75 11       JNZ SHORT TimeReco.00474BA9
00474B98 . 68 80204900 PUSH TimeReco.00492080
00474B9D . 68 94044100 PUSH TimeReco.00410494
00474BA2 . FFD3          CALL EBX
00474BA4 . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474BA9 > 8B08          MOV ECX,DWORD PTR DS:[EAX]
00474BAB . 50          PUSH EAX
00474BAC . FF91 D4030000  CALL DWORD PTR DS:[ECX+3D4]
00474BB2 . 8D55 C4       LEA EDX,DWORD PTR SS:[EBP-3C]
00474BB5 . 50          PUSH EAX
00474BB6 . 52          PUSH EDX
00474BB7 . FF15 80834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>;  MSVBVM50.__vbaObjSet
00474BBD . 8BF0          MOV ESI,EAX
00474BBF . 8D4D DC       LEA ECX,DWORD PTR SS:[EBP-24]
00474BC2 . 51          PUSH ECX
00474BC3 . 56          PUSH ESI
00474BC4 . 8B06          MOV EAX,DWORD PTR DS:[ESI]
00474BC6 . FF90 A0000000  CALL DWORD PTR DS:[EAX+A0]
00474BCC . 85C0          TEST EAX,EAX
00474BCE . 7D 12       JGE SHORT TimeReco.00474BE2
00474BD0 . 68 A0000000 PUSH 0A0
00474BD5 . 68 C8664100 PUSH TimeReco.004166C8
00474BDA . 56          PUSH ESI
00474BDB . 50          PUSH EAX
00474BDC . FF15 4C834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;  MSVBVM50.__vbaHresultCheckObj
00474BE2 > 8B95 28FFFFFF  MOV EDX,DWORD PTR SS:[EBP-D8]
00474BE8 . 8B45 E0       MOV EAX,DWORD PTR SS:[EBP-20]          ;  1123
00474BEB > . 50          PUSH EAX                               ;  参数
00474BEC . 8B1A          MOV EBX,DWORD PTR DS:[EDX]             ;  下面是浮点转换
00474BEE . FF15 88854900  CALL DWORD PTR DS:[<&MSVBVM50.#581>]    ;  MSVBVM50.rtcR8ValFromBstr
00474BF4 . FF15 1C854900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaFpI4>>;  MSVBVM50.__vbaFpI4
00474BFA . 99          CDQ                                     ;  双字扩展，为下面除运算做准备
00474BFB . B9 E8030000 MOV ECX,3E8                            ;  被除常数
00474C00 . F7F9          IDIV ECX                               ;  除法运算，余数在EDX
00474C02 . 8BF2          MOV ESI,EDX                            ;  余数在EDX
00474C04 . 8B55 DC       MOV EDX,DWORD PTR SS:[EBP-24]
00474C07 . 52          PUSH EDX                               ;  参数
00474C08 . FF15 88854900  CALL DWORD PTR DS:[<&MSVBVM50.#581>]    ;  MSVBVM50.rtcR8ValFromBstr
00474C0E . FF15 1C854900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaFpI4>>;  MSVBVM50.__vbaFpI4
00474C14 . 99          CDQ                                     ;  双字扩展，为下面除运算做准备
00474C15 . B9 E8030000 MOV ECX,3E8                            ;  被除常数
00474C1A . F7F9          IDIV ECX
00474C1C . 0FAFF2       IMUL ESI,EDX                            ;  乘法运算，ESI=ESI*EDX
00474C1F . 0F80 190A0000  JO TimeReco.0047563E                   ;  益出跳转
00474C25 . 03F7          ADD ESI,EDI                            ;  加上注册名ASC和
00474C27 . 0F80 110A0000  JO TimeReco.0047563E                   ;  益出跳转
00474C2D . 83C6 02       ADD ESI,2                               ;  加2
00474C30 . 0F80 080A0000  JO TimeReco.0047563E                   ;  益出跳转
00474C36 . 46          INC ESI                               ;  加1
00474C37 . 0F80 010A0000  JO TimeReco.0047563E                   ;  益出跳转
00474C3D . 56          PUSH ESI                               ;  压键，现在的ESI记为SN
00474C3E . 8BB5 28FFFFFF  MOV ESI,DWORD PTR SS:[EBP-D8]
00474C44 . 56          PUSH ESI
00474C45 . FF93 E8070000  CALL DWORD PTR DS:[EBX+7E8]
00474C4B . 85C0          TEST EAX,EAX
00474C4D . 7D 12       JGE SHORT TimeReco.00474C61
00474C4F . 68 E8070000 PUSH 7E8
00474C54 . 68 94524100 PUSH TimeReco.00415294
00474C59 . 56          PUSH ESI
00474C5A . 50          PUSH EAX
00474C5B . FF15 4C834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;  MSVBVM50.__vbaHresultCheckObj
00474C61 > 8D55 DC       LEA EDX,DWORD PTR SS:[EBP-24]
00474C64 . 8D45 E0       LEA EAX,DWORD PTR SS:[EBP-20]
00474C67 . 52          PUSH EDX
00474C68 . 50          PUSH EAX
00474C69 . 6A 02       PUSH 2
00474C6B . FF15 D0844900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>;  MSVBVM50.__vbaFreeStrList
00474C71 . 83C4 0C       ADD ESP,0C
00474C74 . 8D4D C4       LEA ECX,DWORD PTR SS:[EBP-3C]
00474C77 . 8D55 C8       LEA EDX,DWORD PTR SS:[EBP-38]
00474C7A . 51          PUSH ECX
00474C7B . 52          PUSH EDX
00474C7C . 6A 02       PUSH 2
00474C7E . FF15 18834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>;  MSVBVM50.__vbaFreeObjList
00474C84 . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474C89 . 83C4 0C       ADD ESP,0C
00474C8C . 85C0          TEST EAX,EAX
00474C8E . 75 10       JNZ SHORT TimeReco.00474CA0
00474C90 . 68 80204900 PUSH TimeReco.00492080
00474C95 . 68 94044100 PUSH TimeReco.00410494
00474C9A . FF15 AC844900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>;  MSVBVM50.__vbaNew2
00474CA0 > 8B35 80204900  MOV ESI,DWORD PTR DS:[492080]
00474CA6 . 8D8D 3CFFFFFF  LEA ECX,DWORD PTR SS:[EBP-C4]
00474CAC . 51          PUSH ECX
00474CAD . 56          PUSH ESI
00474CAE . 8B06          MOV EAX,DWORD PTR DS:[ESI]
00474CB0 . FF90 E4070000  CALL DWORD PTR DS:[EAX+7E4]
00474CB6 . 85C0          TEST EAX,EAX
00474CB8 . 7D 12       JGE SHORT TimeReco.00474CCC
00474CBA . 68 E4070000 PUSH 7E4
00474CBF . 68 94524100 PUSH TimeReco.00415294
00474CC4 . 56          PUSH ESI
00474CC5 . 50          PUSH EAX
00474CC6 . FF15 4C834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;  MSVBVM50.__vbaHresultCheckObj
00474CCC > 8B5D 08       MOV EBX,DWORD PTR SS:[EBP+8]
00474CCF . 8BBD 0CFFFFFF  MOV EDI,DWORD PTR SS:[EBP-F4]
00474CD5 . 53          PUSH EBX
00474CD6 . FF97 00030000  CALL DWORD PTR DS:[EDI+300]
00474CDC . 8D55 C8       LEA EDX,DWORD PTR SS:[EBP-38]
00474CDF . 50          PUSH EAX
00474CE0 . 52          PUSH EDX
00474CE1 . FF15 80834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>;  MSVBVM50.__vbaObjSet
00474CE7 . 8BF0          MOV ESI,EAX
00474CE9 . 8D4D E0       LEA ECX,DWORD PTR SS:[EBP-20]
00474CEC . 51          PUSH ECX
00474CED . 56          PUSH ESI
00474CEE . 8B06          MOV EAX,DWORD PTR DS:[ESI]
00474CF0 . FF90 A0000000  CALL DWORD PTR DS:[EAX+A0]
00474CF6 . 85C0          TEST EAX,EAX
00474CF8 . 7D 12       JGE SHORT TimeReco.00474D0C
00474CFA . 68 A0000000 PUSH 0A0
00474CFF . 68 C8664100 PUSH TimeReco.004166C8
00474D04 . 56          PUSH ESI
00474D05 . 50          PUSH EAX
00474D06 . FF15 4C834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;  MSVBVM50.__vbaHresultCheckObj
00474D0C > 8B55 E0       MOV EDX,DWORD PTR SS:[EBP-20]          ;  注册码
00474D0F . 52          PUSH EDX
00474D10 . FF15 88854900  CALL DWORD PTR DS:[<&MSVBVM50.#581>]    ;  MSVBVM50.rtcR8ValFromBstr
00474D16 . FF15 C4834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaFpR8>>;  MSVBVM50.__vbaFpR8
00474D1C . DB85 3CFFFFFF  FILD DWORD PTR SS:[EBP-C4]             ;  装入SN
00474D22 . DD9D 00FFFFFF  FSTP QWORD PTR SS:[EBP-100]
00474D28 . DC9D 00FFFFFF  FCOMP QWORD PTR SS:[EBP-100]          ;  浮点比较,这里看到注册码
00474D2E . DFE0          FSTSW AX
00474D30 . F6C4 40       TEST AH,40                            ;  是否是40
00474D33 . 74 07       JE SHORT TimeReco.00474D3C
00474D35 . BE 01000000 MOV ESI,1
00474D3A . EB 02       JMP SHORT TimeReco.00474D3E
00474D3C > 33F6          XOR ESI,ESI
00474D3E > 8D4D E0       LEA ECX,DWORD PTR SS:[EBP-20]
00474D41 . FF15 80854900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>;  MSVBVM50.__vbaFreeStr
00474D47 . 8D4D C8       LEA ECX,DWORD PTR SS:[EBP-38]
00474D4A . FF15 7C854900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>;  MSVBVM50.__vbaFreeObj
00474D50 . F7DE          NEG ESI
00474D52 . 66:85F6       TEST SI,SI
00474D55 . 0F84 70040000  JE TimeReco.004751CB                   ;  关键跳转，不跳就注册成功
00474D5B . A1 80204900 MOV EAX,DWORD PTR DS:[492080]          ；下面就是建立一个Iotmrd.sys文件，里面有注册信息
00474D60 . 85C0          TEST EAX,EAX
00474D62 . 75 15       JNZ SHORT TimeReco.00474D79
00474D64 . 68 80204900 PUSH TimeReco.00492080
00474D69 . 68 94044100 PUSH TimeReco.00410494
00474D6E . FF15 AC844900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>;  MSVBVM50.__vbaNew2
00474D74 . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474D79 > 8B08          MOV ECX,DWORD PTR DS:[EAX]
00474D7B . 50          PUSH EAX
00474D7C . FF91 DC030000  CALL DWORD PTR DS:[ECX+3DC]
00474D82 . 8D55 C8       LEA EDX,DWORD PTR SS:[EBP-38]
00474D85 . 50          PUSH EAX
00474D86 . 52          PUSH EDX
00474D87 . FF15 80834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>;  MSVBVM50.__vbaObjSet
00474D8D . 8BF8          MOV EDI,EAX
00474D8F . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474D94 . 85C0          TEST EAX,EAX
00474D96 . 75 10       JNZ SHORT TimeReco.00474DA8
00474D98 . 68 80204900 PUSH TimeReco.00492080
00474D9D . 68 94044100 PUSH TimeReco.00410494
00474DA2 . FF15 AC844900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>;  MSVBVM50.__vbaNew2
00474DA8 > 8B35 80204900  MOV ESI,DWORD PTR DS:[492080]
00474DAE . 8D8D 3CFFFFFF  LEA ECX,DWORD PTR SS:[EBP-C4]
00474DB4 . 51          PUSH ECX
00474DB5 . 56          PUSH ESI
00474DB6 . 8B06          MOV EAX,DWORD PTR DS:[ESI]
00474DB8 . FF90 E4070000  CALL DWORD PTR DS:[EAX+7E4]
00474DBE . 85C0          TEST EAX,EAX
00474DC0 . 7D 12       JGE SHORT TimeReco.00474DD4
00474DC2 . 68 E4070000 PUSH 7E4
00474DC7 . 68 94524100 PUSH TimeReco.00415294
00474DCC . 56          PUSH ESI
00474DCD . 50          PUSH EAX
00474DCE . FF15 4C834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;  MSVBVM50.__vbaHresultCheckObj
00474DD4 > 8B95 3CFFFFFF  MOV EDX,DWORD PTR SS:[EBP-C4]
00474DDA . 8B37          MOV ESI,DWORD PTR DS:[EDI]
00474DDC . 52          PUSH EDX
00474DDD . FF15 F4824900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrI4>;  MSVBVM50.__vbaStrI4
00474DE3 . 8BD0          MOV EDX,EAX
00474DE5 . 8D4D E0       LEA ECX,DWORD PTR SS:[EBP-20]
00474DE8 . FF15 38854900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrMo>;  MSVBVM50.__vbaStrMove
00474DEE . 50          PUSH EAX
00474DEF . 57          PUSH EDI
00474DF0 . FF96 A4000000  CALL DWORD PTR DS:[ESI+A4]
00474DF6 . 85C0          TEST EAX,EAX
00474DF8 . 7D 12       JGE SHORT TimeReco.00474E0C
00474DFA . 68 A4000000 PUSH 0A4
00474DFF . 68 C8664100 PUSH TimeReco.004166C8
00474E04 . 57          PUSH EDI
00474E05 . 50          PUSH EAX
00474E06 . FF15 4C834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;  MSVBVM50.__vbaHresultCheckObj
00474E0C > 8D4D E0       LEA ECX,DWORD PTR SS:[EBP-20]
00474E0F . FF15 80854900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>;  MSVBVM50.__vbaFreeStr
00474E15 . 8D4D C8       LEA ECX,DWORD PTR SS:[EBP-38]
00474E18 . FF15 7C854900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>;  MSVBVM50.__vbaFreeObj
00474E1E . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474E23 . 85C0          TEST EAX,EAX
00474E25 . 75 15       JNZ SHORT TimeReco.00474E3C
00474E27 . 68 80204900 PUSH TimeReco.00492080
00474E2C . 68 94044100 PUSH TimeReco.00410494
00474E31 . FF15 AC844900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>;  MSVBVM50.__vbaNew2
00474E37 . A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474E3C > 8B08          MOV ECX,DWORD PTR DS:[EAX]
00474E3E . 50          PUSH EAX
00474E3F . FF91 DC030000  CALL DWORD PTR DS:[ECX+3DC]
00474E45 . 8D55 C8       LEA EDX,DWORD PTR SS:[EBP-38]
00474E48 . 50          PUSH EAX
00474E49 . 52          PUSH EDX
00474E4A . FF15 80834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>;  MSVBVM50.__vbaObjSet
00474E50 . 8BF0          MOV ESI,EAX
00474E52 . 8D4D E0       LEA ECX,DWORD PTR SS:[EBP-20]
00474E55 . 51          PUSH ECX
00474E56 . 56          PUSH ESI
00474E57 . 8B06          MOV EAX,DWORD PTR DS:[ESI]
00474E59 . FF90 A0000000  CALL DWORD PTR DS:[EAX+A0]
00474E5F . 85C0          TEST EAX,EAX
00474E61 . 7D 12       JGE SHORT TimeReco.00474E75
00474E63 . 68 A0000000 PUSH 0A0
00474E68 . 68 C8664100 PUSH TimeReco.004166C8
00474E6D . 56          PUSH ESI
00474E6E . 50          PUSH EAX
00474E6F . FF15 4C834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;  MSVBVM50.__vbaHresultCheckObj
00474E75 > A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474E7A . 85C0          TEST EAX,EAX
00474E7C . 75 10       JNZ SHORT TimeReco.00474E8E
00474E7E . 68 80204900 PUSH TimeReco.00492080
00474E83 . 68 94044100 PUSH TimeReco.00410494
00474E88 . FF15 AC844900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>;  MSVBVM50.__vbaNew2
00474E8E > 8B35 80204900  MOV ESI,DWORD PTR DS:[492080]
00474E94 . 8D45 DC       LEA EAX,DWORD PTR SS:[EBP-24]
00474E97 . 50          PUSH EAX
00474E98 . 56          PUSH ESI
00474E99 . 8B16          MOV EDX,DWORD PTR DS:[ESI]
00474E9B . FF92 70070000  CALL DWORD PTR DS:[EDX+770]
00474EA1 . 85C0          TEST EAX,EAX
00474EA3 . 7D 12       JGE SHORT TimeReco.00474EB7
00474EA5 . 68 70070000 PUSH 770
00474EAA . 68 94524100 PUSH TimeReco.00415294
00474EAF . 56          PUSH ESI
00474EB0 . 50          PUSH EAX
00474EB1 . FF15 4C834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;  MSVBVM50.__vbaHresultCheckObj
00474EB7 > 8B4D DC       MOV ECX,DWORD PTR SS:[EBP-24]
00474EBA . 8B35 04854900  MOV ESI,DWORD PTR DS:[<&MSVBVM50.__vbaSt>;  MSVBVM50.__vbaStrToAnsi
00474EC0 . 8D55 CC       LEA EDX,DWORD PTR SS:[EBP-34]
00474EC3 . 51          PUSH ECX
00474EC4 . 52          PUSH EDX
00474EC5 . FFD6          CALL ESI                               ;  <&MSVBVM50.__vbaStrToAnsi>
00474EC7 . 50          PUSH EAX
00474EC8 . 8B45 E0       MOV EAX,DWORD PTR SS:[EBP-20]
00474ECB . 8D4D D0       LEA ECX,DWORD PTR SS:[EBP-30]
00474ECE . 50          PUSH EAX
00474ECF . 51          PUSH ECX
00474ED0 . FFD6          CALL ESI
00474ED2 . 50          PUSH EAX
00474ED3 . 8D55 D4       LEA EDX,DWORD PTR SS:[EBP-2C]
00474ED6 . 68 08754100 PUSH TimeReco.00417508                ;  UNICODE "pt3"
00474EDB . 52          PUSH EDX
00474EDC . FFD6          CALL ESI
00474EDE . 50          PUSH EAX
00474EDF . 8D45 D8       LEA EAX,DWORD PTR SS:[EBP-28]
00474EE2 . 68 B0664100 PUSH TimeReco.004166B0                ;  UNICODE "MyApp"
00474EE7 . 50          PUSH EAX
00474EE8 . FFD6          CALL ESI
00474EEA . 50          PUSH EAX
00474EEB . E8 840EFAFF CALL TimeReco.00415D74
00474EF0 . 8985 3CFFFFFF  MOV DWORD PTR SS:[EBP-C4],EAX
00474EF6 . FF15 44834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaSetSy>;  MSVBVM50.__vbaSetSystemError
00474EFC . 8B8D 3CFFFFFF  MOV ECX,DWORD PTR SS:[EBP-C4]
00474F02 . 8D55 CC       LEA EDX,DWORD PTR SS:[EBP-34]
00474F05 . 894B 38       MOV DWORD PTR DS:[EBX+38],ECX
00474F08 . 8D45 DC       LEA EAX,DWORD PTR SS:[EBP-24]
00474F0B . 52          PUSH EDX
00474F0C . 8D4D D0       LEA ECX,DWORD PTR SS:[EBP-30]
00474F0F . 50          PUSH EAX
00474F10 . 8D55 E0       LEA EDX,DWORD PTR SS:[EBP-20]
00474F13 . 51          PUSH ECX
00474F14 . 8D45 D4       LEA EAX,DWORD PTR SS:[EBP-2C]
00474F17 . 52          PUSH EDX
00474F18 . 8D4D D8       LEA ECX,DWORD PTR SS:[EBP-28]
00474F1B . 50          PUSH EAX
00474F1C . 51          PUSH ECX
00474F1D . 6A 06       PUSH 6
00474F1F . FF15 D0844900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>;  MSVBVM50.__vbaFreeStrList
00474F25 . 83C4 1C       ADD ESP,1C
00474F28 . 8D4D C8       LEA ECX,DWORD PTR SS:[EBP-38]
00474F2B . FF15 7C854900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>;  MSVBVM50.__vbaFreeObj
00474F31 . 53          PUSH EBX
00474F32 . FF95 08FFFFFF  CALL DWORD PTR SS:[EBP-F8]
00474F38 . 8D55 C8       LEA EDX,DWORD PTR SS:[EBP-38]
00474F3B . 50          PUSH EAX
00474F3C . 52          PUSH EDX
00474F3D . FF15 80834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>;  MSVBVM50.__vbaObjSet
00474F43 . 8BF8          MOV EDI,EAX
00474F45 . 8D4D E0       LEA ECX,DWORD PTR SS:[EBP-20]
00474F48 . 51          PUSH ECX
00474F49 . 57          PUSH EDI
00474F4A . 8B07          MOV EAX,DWORD PTR DS:[EDI]
00474F4C . FF90 A0000000  CALL DWORD PTR DS:[EAX+A0]
00474F52 . 85C0          TEST EAX,EAX
00474F54 . 7D 12       JGE SHORT TimeReco.00474F68
00474F56 . 68 A0000000 PUSH 0A0
00474F5B . 68 C8664100 PUSH TimeReco.004166C8
00474F60 . 57          PUSH EDI
00474F61 . 50          PUSH EAX
00474F62 . FF15 4C834900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;  MSVBVM50.__vbaHresultCheckObj
00474F68 > A1 80204900 MOV EAX,DWORD PTR DS:[492080]
00474F6D . 85C0          TEST EAX,EAX
00474F6F . 75 10       JNZ SHORT TimeReco.00474F81
00474F71 . 68 80204900 PUSH TimeReco.00492080
00474F76 . 68 94044100 PUSH TimeReco.00410494
00474F7B . FF15 AC844900  CALL DWORD PTR DS:[<&MSVBVM50.__vbaNew2>>;  MSVBVM50.__vbaNew2
00474F81 > 8B3D 80204900  MOV EDI,DWORD PTR DS:[492080]
00474F87 . 8D45 DC       LEA EAX,DWORD PTR SS:[EBP-24]
00474F8A . 50          PUSH EAX
00474F8B . 57          PUSH EDI
00474F8C . 8B17          MOV EDX,DWORD PTR DS:[EDI]
00474F8E . FF92 70070000  CALL DWORD PTR DS:[EDX+770]
00474F94 . 85C0          TEST EAX,EAX
00474F96 . 7D 16       JGE SHORT TimeReco.00474FAE
00474F98 . 68 70070000 PUSH 770
00474F9D . 68 94524100 PUSH TimeReco.00415294
00474FA2 . 57          PUSH EDI
00474FA3 . 8B3D 4C834900  MOV EDI,DWORD PTR DS:[<&MSVB

―――――――――――――――――――――――――――――――――――――――――――

【Crack＿总结】：

用到了浮点算法，但是几乎没有作用，就是比较的时候用了一下，大概注册是这样的，取注册名ASC和记为NH，取机器码运算得到的值记JY，然后就是SN=（JY%0X3EB）*（JY%0X3EB）+NH+3的十进制，算法比较简单，但是感觉到VB的繁杂，这么多垃圾代码，而且如果你VB的函数不懂的话破解VB软件也是满难的，这也体现了编程的重要性

登录后可查看完整内容

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入！

收藏・0

免费・7

支持

最新回复 (12)
hbqjxhw 雪币： 313 活跃值： (250) 能力值： ( LV9，RANK：650 ) 在线值：发帖 44 回帖 311 粉丝 0 关注私信	hbqjxhw 16 2 楼非常好,向你学习,VB是有一点难 2005-8-19 18:16 0
ljy3282393 雪币： 214 活跃值： (15) 能力值： ( LV4，RANK：50 ) 在线值：发帖 2 回帖 426 粉丝 1 关注私信	ljy3282393 1 3 楼支持一下楼主 2005-8-19 18:30 0
killl 雪币： 300 活跃值： (412) 能力值： ( LV9，RANK：410 ) 在线值：发帖 24 回帖 381 粉丝 0 关注私信	killl 10 4 楼支持一下！ 2005-8-19 20:11 0
Phoenix 雪币： 133 活跃值： (22) 能力值： ( LV2，RANK：10 ) 在线值：发帖 14 回帖 413 粉丝 1 关注私信	Phoenix 5 楼支持一下 2005-8-19 20:13 0
水豆腐雪币： 201 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 103 粉丝 0 关注私信	水豆腐 6 楼支持一下！ 2005-8-19 20:16 0
lnn1123 雪币： 234 活跃值： (370) 能力值： ( LV9，RANK：530 ) 在线值：发帖 39 回帖 765 粉丝 0 关注私信	lnn1123 13 7 楼多谢各位支持， 2005-8-19 20:45 0
hrbx 雪币： 267 活跃值： (44) 能力值： ( LV9，RANK：330 ) 在线值：发帖 11 回帖 195 粉丝 1 关注私信	hrbx 8 8 楼支持一下！！！ 2005-8-19 22:01 0
linhanshi 雪币： 97697 活跃值： (200829) 能力值： (RANK：10 ) 在线值：发帖 9249 回帖 27947 粉丝 453 关注私信	linhanshi 9 楼 2005-8-19 23:42 0
lidazixun 雪币： 214 活跃值： (86) 能力值： ( LV6，RANK：90 ) 在线值：发帖 11 回帖 206 粉丝 0 关注私信	lidazixun 2 10 楼最初由 linhanshi 发布林版，这样有灌水嫌疑～～ 2005-8-19 23:44 0
dfui 雪币： 1263 活跃值： (607) 能力值： ( LV2，RANK：10 ) 在线值：发帖 32 回帖 218 粉丝 4 关注私信	dfui 11 楼 VB的精评。 2005-8-20 00:43 0
pendan2001 雪币： 61 活跃值： (160) 能力值： ( LV9，RANK：170 ) 在线值：发帖 25 回帖 1180 粉丝 0 关注私信	pendan2001 4 12 楼 2005-8-20 11:48 0
阿杰雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 16 粉丝 0 关注私信	阿杰 13 楼学习中！谢谢分享！ 2005-8-20 23:04 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

lnn1123

发帖

765

回帖

530

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (12)
hbqjxhw 雪币： 313 活跃值： (250) 能力值： ( LV9，RANK：650 ) 在线值：发帖 44 回帖 311 粉丝 0 关注私信	hbqjxhw 16 2 楼非常好,向你学习,VB是有一点难 2005-8-19 18:16 0
ljy3282393 雪币： 214 活跃值： (15) 能力值： ( LV4，RANK：50 ) 在线值：发帖 2 回帖 426 粉丝 1 关注私信	ljy3282393 1 3 楼支持一下楼主 2005-8-19 18:30 0
killl 雪币： 300 活跃值： (412) 能力值： ( LV9，RANK：410 ) 在线值：发帖 24 回帖 381 粉丝 0 关注私信	killl 10 4 楼支持一下！ 2005-8-19 20:11 0
Phoenix 雪币： 133 活跃值： (22) 能力值： ( LV2，RANK：10 ) 在线值：发帖 14 回帖 413 粉丝 1 关注私信	Phoenix 5 楼支持一下 2005-8-19 20:13 0
水豆腐雪币： 201 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 103 粉丝 0 关注私信	水豆腐 6 楼支持一下！ 2005-8-19 20:16 0
lnn1123 雪币： 234 活跃值： (370) 能力值： ( LV9，RANK：530 ) 在线值：发帖 39 回帖 765 粉丝 0 关注私信	lnn1123 13 7 楼多谢各位支持， 2005-8-19 20:45 0
hrbx 雪币： 267 活跃值： (44) 能力值： ( LV9，RANK：330 ) 在线值：发帖 11 回帖 195 粉丝 1 关注私信	hrbx 8 8 楼支持一下！！！ 2005-8-19 22:01 0
linhanshi 雪币： 97697 活跃值： (200829) 能力值： (RANK：10 ) 在线值：发帖 9249 回帖 27947 粉丝 453 关注私信	linhanshi 9 楼 2005-8-19 23:42 0
lidazixun 雪币： 214 活跃值： (86) 能力值： ( LV6，RANK：90 ) 在线值：发帖 11 回帖 206 粉丝 0 关注私信	lidazixun 2 10 楼最初由 linhanshi 发布林版，这样有灌水嫌疑～～ 2005-8-19 23:44 0
dfui 雪币： 1263 活跃值： (607) 能力值： ( LV2，RANK：10 ) 在线值：发帖 32 回帖 218 粉丝 4 关注私信	dfui 11 楼 VB的精评。 2005-8-20 00:43 0
pendan2001 雪币： 61 活跃值： (160) 能力值： ( LV9，RANK：170 ) 在线值：发帖 25 回帖 1180 粉丝 0 关注私信	pendan2001 4 12 楼 2005-8-20 11:48 0
阿杰雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 16 粉丝 0 关注私信	阿杰 13 楼学习中！谢谢分享！ 2005-8-20 23:04 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复