VB 多功能日历 v6.3 注册算法分析
【软件介绍】:国产软件, 简体中文
【软件下载】:自己找吧
【保护方式】:注册码 + 功能限制
【破解工具】:Win2000, PEiD, Ollydbg
【破解目的】:研究算法分析, 了解VB的数据类型
【作者声明】:初学Crack,只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
【破解过程】:
用PEiD查壳,UPX-Scrambler RC1.x -> ┫nT?L
用 OLLYDBG 手动脱壳, 再用PEiD查, 是 Microsoft Visual Basic 5.0 / 6.0
但是脱壳后的程序不能正常运行, 随便调了一下, 没搞定. 还是用OLLYDBG 调原程序了.
OLLYDBG OPEN yutingcal.exe, F9 运行, 好慢, 要 3 分钟才开始运行, 也不知道是为什么, 但是运行起来还正常.
下断 rtcMsgBox, 然后输入注册信息:
RegName: SOFTR12345
RegCode: 1234567-89ABDEC-F012345
说明: RegName 最多 10 位, RegCode 每框 7 位, RegName 必须以"SOFTR"开头, 看后面的分析就知道了.
点 "立即完成注册", 断在rtcMsgBox, Ctrl+F9 返回, 出现 错误对话框, OK 回到程序空间.
00491899 8D8D 38FFFFFF LEA ECX,DWORD PTR SS:[EBP-C8]
0049189F 51 PUSH ECX
004918A0 FF15 90104000 CALL DWORD PTR DS:[401090] ; MSVBVM60.rtcMsgBox
004918A6 8D95 08FFFFFF LEA EDX,DWORD PTR SS:[EBP-F8] ; // 返回到这
004918AC 52 PUSH EDX
往上找, 看哪个跳转可跳过这段代码, 往上找啊..找啊..找啊.., 00490E0B 的 跳转值得怀疑, 这儿一跳就肯定会出错误对话框
这个跳的可真远, 我都有点不相信了
00490DF7 6A 04 PUSH 4
00490DF9 FF15 34104000 CALL DWORD PTR DS:[401034] ; MSVBVM60.__vbaFreeVarList
00490DFF 83C4 14 ADD ESP,14
00490E02 0FBF8D F8FCFFFF MOVSX ECX,WORD PTR SS:[EBP-308]
00490E09 85C9 TEST ECX,ECX ; [EBP-308]==0?
00490E0B 0F84 080A0000 JE yutingca.00491819 ; 一跳就回出错误对话框!!!!!!!
00490E11 C745 FC 2C00000>MOV DWORD PTR SS:[EBP-4],2C ;
00490E18 C785 10FFFFFF 0>MOV DWORD PTR SS:[EBP-F0],80020004
00490E22 C785 08FFFFFF 0>MOV DWORD PTR SS:[EBP-F8],0A
00490E2C C785 20FFFFFF 0>MOV DWORD PTR SS:[EBP-E0],80020004
00490E36 C785 18FFFFFF 0>MOV DWORD PTR SS:[EBP-E8],0A
再往上应该就是注册码计算和判断了, 找到 Function 入口点, F2 下断, 重新点 "立即完成注册", 断下, 然后F8一步一步的开始跟,
0048F610 55 PUSH EBP
0048F611 8BEC MOV EBP,ESP
0048F613 83EC 18 SUB ESP,18
0048F616 68 B62A4000 PUSH yutingca.00402AB6 ; JMP to MSVBVM60.__vbaExceptHandler
0048F61B 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
0048F621 50 PUSH EAX
0048F622 64:8925 0000000>MOV DWORD PTR FS:[0],ESP
0048F629 B8 78040000 MOV EAX,478
0048F62E E8 7D34F7FF CALL yutingca.00402AB0 ; JMP to MSVBVM60.__vbaChkstk
0048F633 53 PUSH EBX
0048F634 56 PUSH ESI
0048F635 57 PUSH EDI
0048F636 8965 E8 MOV DWORD PTR SS:[EBP-18],ESP
0048F639 C745 EC 881C400>MOV DWORD PTR SS:[EBP-14],yutingca.00401C88
0048F640 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0048F643 83E0 01 AND EAX,1
0048F646 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX
0048F649 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
0048F64C 83E1 FE AND ECX,FFFFFFFE
0048F64F 894D 08 MOV DWORD PTR SS:[EBP+8],ECX
0048F652 C745 F4 0000000>MOV DWORD PTR SS:[EBP-C],0
0048F659 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
0048F65C 8B02 MOV EAX,DWORD PTR DS:[EDX]
0048F65E 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
0048F661 51 PUSH ECX
0048F662 FF50 04 CALL DWORD PTR DS:[EAX+4]
0048F665 C745 FC 0100000>MOV DWORD PTR SS:[EBP-4],1
0048F66C 6A 02 PUSH 2
0048F66E 68 98674100 PUSH yutingca.00416798
0048F673 8D55 88 LEA EDX,DWORD PTR SS:[EBP-78]
0048F676 52 PUSH EDX
0048F677 FF15 F8104000 CALL DWORD PTR DS:[4010F8] ; MSVBVM60.__vbaAryConstruct2
0048F67D C745 FC 0200000>MOV DWORD PTR SS:[EBP-4],2
0048F684 6A FF PUSH -1
0048F686 FF15 98104000 CALL DWORD PTR DS:[401098] ; MSVBVM60.__vbaOnError
0048F68C C745 FC 0300000>MOV DWORD PTR SS:[EBP-4],3
0048F693 66:C785 70FFFFF>MOV WORD PTR SS:[EBP-90],0
0048F69C C745 FC 0400000>MOV DWORD PTR SS:[EBP-4],4
0048F6A3 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0048F6A6 8B08 MOV ECX,DWORD PTR DS:[EAX]
0048F6A8 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
0048F6AB 52 PUSH EDX
0048F6AC FF91 10030000 CALL DWORD PTR DS:[ECX+310]
0048F6B2 50 PUSH EAX
0048F6B3 8D85 48FFFFFF LEA EAX,DWORD PTR SS:[EBP-B8]
0048F6B9 50 PUSH EAX
0048F6BA FF15 94104000 CALL DWORD PTR DS:[401094] ; MSVBVM60.__vbaObjSet
0048F6C0 8985 00FDFFFF MOV DWORD PTR SS:[EBP-300],EAX
0048F6C6 8D8D 5CFFFFFF LEA ECX,DWORD PTR SS:[EBP-A4]
0048F6CC 51 PUSH ECX
0048F6CD 8B95 00FDFFFF MOV EDX,DWORD PTR SS:[EBP-300]
0048F6D3 8B02 MOV EAX,DWORD PTR DS:[EDX]
0048F6D5 8B8D 00FDFFFF MOV ECX,DWORD PTR SS:[EBP-300]
0048F6DB 51 PUSH ECX
0048F6DC FF90 A0000000 CALL DWORD PTR DS:[EAX+A0] ; 读 RegCode3 ==> [EBP-A4]
0048F6E2 DBE2 FCLEX
0048F6E4 8985 FCFCFFFF MOV DWORD PTR SS:[EBP-304],EAX
0048F6EA 83BD FCFCFFFF 0>CMP DWORD PTR SS:[EBP-304],0
0048F6F1 7D 26 JGE SHORT yutingca.0048F719
0048F6F3 68 A0000000 PUSH 0A0
0048F6F8 68 3C4D4100 PUSH yutingca.00414D3C
0048F6FD 8B95 00FDFFFF MOV EDX,DWORD PTR SS:[EBP-300]
0048F703 52 PUSH EDX
0048F704 8B85 FCFCFFFF MOV EAX,DWORD PTR SS:[EBP-304]
0048F70A 50 PUSH EAX
0048F70B FF15 68104000 CALL DWORD PTR DS:[401068] ; MSVBVM60.__vbaHresultCheckObj
0048F711 8985 D8FBFFFF MOV DWORD PTR SS:[EBP-428],EAX
0048F717 EB 0A JMP SHORT yutingca.0048F723
0048F719 C785 D8FBFFFF 0>MOV DWORD PTR SS:[EBP-428],0
0048F723 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
0048F726 8B11 MOV EDX,DWORD PTR DS:[ECX]
0048F728 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0048F72B 50 PUSH EAX
0048F72C FF92 08030000 CALL DWORD PTR DS:[EDX+308]
0048F732 50 PUSH EAX
0048F733 8D8D 50FFFFFF LEA ECX,DWORD PTR SS:[EBP-B0]
0048F739 51 PUSH ECX
0048F73A FF15 94104000 CALL DWORD PTR DS:[401094] ; MSVBVM60.__vbaObjSet
0048F740 8985 F8FCFFFF MOV DWORD PTR SS:[EBP-308],EAX
0048F746 8D95 64FFFFFF LEA EDX,DWORD PTR SS:[EBP-9C]
0048F74C 52 PUSH EDX
0048F74D 8B85 F8FCFFFF MOV EAX,DWORD PTR SS:[EBP-308]
0048F753 8B08 MOV ECX,DWORD PTR DS:[EAX]
0048F755 8B95 F8FCFFFF MOV EDX,DWORD PTR SS:[EBP-308]
0048F75B 52 PUSH EDX
0048F75C FF91 A0000000 CALL DWORD PTR DS:[ECX+A0] ; 读 RegCode1 ==> [EBP-9C]
0048F762 DBE2 FCLEX
0048F764 8985 F4FCFFFF MOV DWORD PTR SS:[EBP-30C],EAX
0048F76A 83BD F4FCFFFF 0>CMP DWORD PTR SS:[EBP-30C],0
0048F771 7D 26 JGE SHORT yutingca.0048F799
0048F773 68 A0000000 PUSH 0A0
0048F778 68 3C4D4100 PUSH yutingca.00414D3C
0048F77D 8B85 F8FCFFFF MOV EAX,DWORD PTR SS:[EBP-308]
0048F783 50 PUSH EAX
0048F784 8B8D F4FCFFFF MOV ECX,DWORD PTR SS:[EBP-30C]
0048F78A 51 PUSH ECX
0048F78B FF15 68104000 CALL DWORD PTR DS:[401068] ; MSVBVM60.__vbaHresultCheckObj
0048F791 8985 D4FBFFFF MOV DWORD PTR SS:[EBP-42C],EAX
0048F797 EB 0A JMP SHORT yutingca.0048F7A3
0048F799 C785 D4FBFFFF 0>MOV DWORD PTR SS:[EBP-42C],0
0048F7A3 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
0048F7A6 8B02 MOV EAX,DWORD PTR DS:[EDX]
0048F7A8 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
0048F7AB 51 PUSH ECX
0048F7AC FF90 0C030000 CALL DWORD PTR DS:[EAX+30C]
0048F7B2 50 PUSH EAX
0048F7B3 8D95 4CFFFFFF LEA EDX,DWORD PTR SS:[EBP-B4]
0048F7B9 52 PUSH EDX
0048F7BA FF15 94104000 CALL DWORD PTR DS:[401094] ; MSVBVM60.__vbaObjSet
0048F7C0 8985 F0FCFFFF MOV DWORD PTR SS:[EBP-310],EAX
0048F7C6 8D85 60FFFFFF LEA EAX,DWORD PTR SS:[EBP-A0]
0048F7CC 50 PUSH EAX
0048F7CD 8B8D F0FCFFFF MOV ECX,DWORD PTR SS:[EBP-310]
0048F7D3 8B11 MOV EDX,DWORD PTR DS:[ECX]
0048F7D5 8B85 F0FCFFFF MOV EAX,DWORD PTR SS:[EBP-310]
0048F7DB 50 PUSH EAX
0048F7DC FF92 A0000000 CALL DWORD PTR DS:[EDX+A0] ; 读 Get RegCode2 ==> [EBP-A0]
0048F7E2 DBE2 FCLEX
0048F7E4 8985 ECFCFFFF MOV DWORD PTR SS:[EBP-314],EAX
0048F7EA 83BD ECFCFFFF 0>CMP DWORD PTR SS:[EBP-314],0
0048F7F1 7D 26 JGE SHORT yutingca.0048F819
0048F7F3 68 A0000000 PUSH 0A0
0048F7F8 68 3C4D4100 PUSH yutingca.00414D3C
0048F7FD 8B8D F0FCFFFF MOV ECX,DWORD PTR SS:[EBP-310]
0048F803 51 PUSH ECX
0048F804 8B95 ECFCFFFF MOV EDX,DWORD PTR SS:[EBP-314]
0048F80A 52 PUSH EDX
0048F80B FF15 68104000 CALL DWORD PTR DS:[401068] ; MSVBVM60.__vbaHresultCheckObj
0048F811 8985 D0FBFFFF MOV DWORD PTR SS:[EBP-430],EAX
0048F817 EB 0A JMP SHORT yutingca.0048F823
0048F819 C785 D0FBFFFF 0>MOV DWORD PTR SS:[EBP-430],0
0048F823 8B85 64FFFFFF MOV EAX,DWORD PTR SS:[EBP-9C] ; // RegCode1 "1234567"
0048F829 50 PUSH EAX
0048F82A 8B8D 60FFFFFF MOV ECX,DWORD PTR SS:[EBP-A0] ; // RegCode2 "89ABCDE"
0048F830 51 PUSH ECX
0048F831 FF15 54104000 CALL DWORD PTR DS:[401054] ; MSVBVM60.__vbaStrCat
0048F837 8985 20FFFFFF MOV DWORD PTR SS:[EBP-E0],EAX ; // "123456789ABCDE" ==> [EBP-E0], RegCode_1_2
0048F83D C785 18FFFFFF 0>MOV DWORD PTR SS:[EBP-E8],8 ; // 8 表示 vbString
0048F847 8B95 5CFFFFFF MOV EDX,DWORD PTR SS:[EBP-A4] ; // RegCode3 "F012345"
0048F84D 8995 04FCFFFF MOV DWORD PTR SS:[EBP-3FC],EDX
0048F853 C785 5CFFFFFF 0>MOV DWORD PTR SS:[EBP-A4],0
0048F85D 8B85 04FCFFFF MOV EAX,DWORD PTR SS:[EBP-3FC]
0048F863 8985 40FFFFFF MOV DWORD PTR SS:[EBP-C0],EAX ; [EBP-C8] = vbString "F012345";
0048F869 C785 38FFFFFF 0>MOV DWORD PTR SS:[EBP-C8],8
0048F873 6A 01 PUSH 1 ; 1
0048F875 8D8D 38FFFFFF LEA ECX,DWORD PTR SS:[EBP-C8]
0048F87B 51 PUSH ECX
0048F87C 8D95 28FFFFFF LEA EDX,DWORD PTR SS:[EBP-D8] ; // 结果进[EBP-D8]
0048F882 52 PUSH EDX
0048F883 FF15 1C124000 CALL DWORD PTR DS:[40121C] ; MSVBVM60.rtcLeftCharVar // 从RegCode3 左边取 1 Char
0048F889 8D85 18FFFFFF LEA EAX,DWORD PTR SS:[EBP-E8] ; // RegCode_1_2
0048F88F 50 PUSH EAX
0048F890 8D8D 28FFFFFF LEA ECX,DWORD PTR SS:[EBP-D8] ; // RegCode3的左边 1 Char, "F"
0048F896 51 PUSH ECX
0048F897 8D95 08FFFFFF LEA EDX,DWORD PTR SS:[EBP-F8] ; // 结果进 [EBP-F8]
0048F89D 52 PUSH EDX
0048F89E FF15 F4114000 CALL DWORD PTR DS:[4011F4] ; MSVBVM60.__vbaVarAdd // RegCode_1_2 + "F"
0048F8A4 8BD0 MOV EDX,EAX ; // "123456789ABCDEF"
0048F8A6 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40] ;
0048F8A9 FF15 18104000 CALL DWORD PTR DS:[401018] ; MSVBVM60.__vbaVarMove // Move to [EBP-40], RegCode_1_2_3
0048F8AF 8D85 60FFFFFF LEA EAX,DWORD PTR SS:[EBP-A0]
0048F8B5 50 PUSH EAX
0048F8B6 8D8D 64FFFFFF LEA ECX,DWORD PTR SS:[EBP-9C]
0048F8BC 51 PUSH ECX
0048F8BD 6A 02 PUSH 2
0048F8BF FF15 CC114000 CALL DWORD PTR DS:[4011CC] ; MSVBVM60.__vbaFreeStrList
0048F8C5 83C4 0C ADD ESP,0C
0048F8C8 8D95 48FFFFFF LEA EDX,DWORD PTR SS:[EBP-B8]
0048F8CE 52 PUSH EDX
0048F8CF 8D85 4CFFFFFF LEA EAX,DWORD PTR SS:[EBP-B4]
0048F8D5 50 PUSH EAX
0048F8D6 8D8D 50FFFFFF LEA ECX,DWORD PTR SS:[EBP-B0]
0048F8DC 51 PUSH ECX
0048F8DD 6A 03 PUSH 3
0048F8DF FF15 40104000 CALL DWORD PTR DS:[401040] ; MSVBVM60.__vbaFreeObjList
0048F8E5 83C4 10 ADD ESP,10
0048F8E8 8D95 28FFFFFF LEA EDX,DWORD PTR SS:[EBP-D8]
0048F8EE 52 PUSH EDX
0048F8EF 8D85 18FFFFFF LEA EAX,DWORD PTR SS:[EBP-E8]
0048F8F5 50 PUSH EAX
0048F8F6 8D8D 38FFFFFF LEA ECX,DWORD PTR SS:[EBP-C8]
0048F8FC 51 PUSH ECX
0048F8FD 6A 03 PUSH 3
0048F8FF FF15 34104000 CALL DWORD PTR DS:[401034] ; MSVBVM60.__vbaFreeVarList
0048F905 83C4 10 ADD ESP,10
0048F908 C745 FC 0500000>MOV DWORD PTR SS:[EBP-4],5
0048F90F 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
0048F912 8B02 MOV EAX,DWORD PTR DS:[EDX]
0048F914 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
0048F917 51 PUSH ECX
0048F918 FF90 04030000 CALL DWORD PTR DS:[EAX+304]
0048F91E 50 PUSH EAX
0048F91F 8D95 50FFFFFF LEA EDX,DWORD PTR SS:[EBP-B0]
0048F925 52 PUSH EDX
0048F926 FF15 94104000 CALL DWORD PTR DS:[401094] ; MSVBVM60.__vbaObjSet
0048F92C 8985 00FDFFFF MOV DWORD PTR SS:[EBP-300],EAX
0048F932 8D85 64FFFFFF LEA EAX,DWORD PTR SS:[EBP-9C]
0048F938 50 PUSH EAX
0048F939 8B8D 00FDFFFF MOV ECX,DWORD PTR SS:[EBP-300]
0048F93F 8B11 MOV EDX,DWORD PTR DS:[ECX]
0048F941 8B85 00FDFFFF MOV EAX,DWORD PTR SS:[EBP-300]
0048F947 50 PUSH EAX
0048F948 FF92 A0000000 CALL DWORD PTR DS:[EDX+A0] ; // Get RegName ==> [EBP-9C]
0048F94E DBE2 FCLEX
0048F950 8985 FCFCFFFF MOV DWORD PTR SS:[EBP-304],EAX
0048F956 83BD FCFCFFFF 0>CMP DWORD PTR SS:[EBP-304],0
0048F95D 7D 26 JGE SHORT yutingca.0048F985
0048F95F 68 A0000000 PUSH 0A0
0048F964 68 3C4D4100 PUSH yutingca.00414D3C
0048F969 8B8D 00FDFFFF MOV ECX,DWORD PTR SS:[EBP-300]
0048F96F 51 PUSH ECX
0048F970 8B95 FCFCFFFF MOV EDX,DWORD PTR SS:[EBP-304]
0048F976 52 PUSH EDX
0048F977 FF15 68104000 CALL DWORD PTR DS:[401068] ; MSVBVM60.__vbaHresultCheckObj
0048F97D 8985 CCFBFFFF MOV DWORD PTR SS:[EBP-434],EAX
0048F983 EB 0A JMP SHORT yutingca.0048F98F
0048F985 C785 CCFBFFFF 0>MOV DWORD PTR SS:[EBP-434],0
0048F98F 8B85 64FFFFFF MOV EAX,DWORD PTR SS:[EBP-9C] ; // RegName, "SOFTR12345"
0048F995 8985 00FCFFFF MOV DWORD PTR SS:[EBP-400],EAX ; // ==> [EBP-400]
0048F99B C785 64FFFFFF 0>MOV DWORD PTR SS:[EBP-9C],0
0048F9A5 8B8D 00FCFFFF MOV ECX,DWORD PTR SS:[EBP-400]
0048F9AB 898D 40FFFFFF MOV DWORD PTR SS:[EBP-C0],ECX ; // ==> [EBP-C0]
0048F9B1 C785 38FFFFFF 0>MOV DWORD PTR SS:[EBP-C8],8 ; // vbString
0048F9BB 8D95 38FFFFFF LEA EDX,DWORD PTR SS:[EBP-C8]
0048F9C1 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50] ; // ==> [EBP-50]
0048F9C4 FF15 18104000 CALL DWORD PTR DS:[401018] ; MSVBVM60.__vbaVarMove
0048F9CA 8D8D 50FFFFFF LEA ECX,DWORD PTR SS:[EBP-B0]
0048F9D0 FF15 70124000 CALL DWORD PTR DS:[401270] ; MSVBVM60.__vbaFreeObj
0048F9D6 C745 FC 0600000>MOV DWORD PTR SS:[EBP-4],6
0048F9DD C785 A0FDFFFF 0>MOV DWORD PTR SS:[EBP-260],0A ; // len=10
0048F9E7 C785 98FDFFFF 0>MOV DWORD PTR SS:[EBP-268],8002 ; // 02 表示 vbInteger, 80 表示?
0048F9F1 8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50] ; // RegName
0048F9F4 52 PUSH EDX
0048F9F5 8D85 38FFFFFF LEA EAX,DWORD PTR SS:[EBP-C8] ; // 结果 ==> [EBP-C8]
0048F9FB 50 PUSH EAX
0048F9FC FF15 6C104000 CALL DWORD PTR DS:[40106C] ; MSVBVM60.__vbaLenVar // 求RegName 的长度
0048FA02 50 PUSH EAX ; // vbaLenVar(RegName)
0048FA03 8D8D 98FDFFFF LEA ECX,DWORD PTR SS:[EBP-268]
0048FA09 51 PUSH ECX
0048FA0A FF15 C4104000 CALL DWORD PTR DS:[4010C4] ; MSVBVM60.__vbaVarTstLt // 小与 10 吗?
0048FA10 0FBFD0 MOVSX EDX,AX
0048FA13 85D2 TEST EDX,EDX
0048FA15 0F84 04010000 JE yutingca.0048FB1F ; 0 表示 No, JUMP
0048FA1B C745 FC 0700000>MOV DWORD PTR SS:[EBP-4],7 ; Yes,
0048FA22 C785 90FDFFFF 0>MOV DWORD PTR SS:[EBP-270],1
0048FA2C C785 88FDFFFF 0>MOV DWORD PTR SS:[EBP-278],2
0048FA36 C785 A0FDFFFF 0>MOV DWORD PTR SS:[EBP-260],0A
0048FA40 C785 98FDFFFF 0>MOV DWORD PTR SS:[EBP-268],2
0048FA4A C785 80FDFFFF 0>MOV DWORD PTR SS:[EBP-280],1
0048FA54 C785 78FDFFFF 0>MOV DWORD PTR SS:[EBP-288],2
0048FA5E 8D85 88FDFFFF LEA EAX,DWORD PTR SS:[EBP-278]
0048FA64 50 PUSH EAX
0048FA65 8D8D 98FDFFFF LEA ECX,DWORD PTR SS:[EBP-268]
0048FA6B 51 PUSH ECX
0048FA6C 8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50]
0048FA6F 52 PUSH EDX
0048FA70 8D85 38FFFFFF LEA EAX,DWORD PTR SS:[EBP-C8]
0048FA76 50 PUSH EAX
0048FA77 FF15 6C104000 CALL DWORD PTR DS:[40106C] ; MSVBVM60.__vbaLenVar
0048FA7D 50 PUSH EAX
0048FA7E 8D8D 28FFFFFF LEA ECX,DWORD PTR SS:[EBP-D8]
0048FA84 51 PUSH ECX
0048FA85 FF15 04104000 CALL DWORD PTR DS:[401004] ; MSVBVM60.__vbaVarSub
0048FA8B 50 PUSH EAX
0048FA8C 8D95 78FDFFFF LEA EDX,DWORD PTR SS:[EBP-288]
0048FA92 52 PUSH EDX
0048FA93 8D85 BCFCFFFF LEA EAX,DWORD PTR SS:[EBP-344]
0048FA99 50 PUSH EAX
0048FA9A 8D8D CCFCFFFF LEA ECX,DWORD PTR SS:[EBP-334]
0048FAA0 51 PUSH ECX
0048FAA1 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
0048FAA4 52 PUSH EDX
0048FAA5 FF15 84104000 CALL DWORD PTR DS:[401084] ; MSVBVM60.__vbaVarForInit
0048FAAB 8985 FCFBFFFF MOV DWORD PTR SS:[EBP-404],EAX
0048FAB1 EB 63 JMP SHORT yutingca.0048FB16
0048FAB3 C745 FC 0800000>MOV DWORD PTR SS:[EBP-4],8 ; LOOP1_begin
0048FABA C785 A0FDFFFF 1>MOV DWORD PTR SS:[EBP-260],yutingca.00416618 ; // UNICODE "j"
0048FAC4 C785 98FDFFFF 0>MOV DWORD PTR SS:[EBP-268],8 ; // vbString
0048FACE 8D45 B0 LEA EAX,DWORD PTR SS:[EBP-50] ; // RegName
0048FAD1 50 PUSH EAX
0048FAD2 8D8D 98FDFFFF LEA ECX,DWORD PTR SS:[EBP-268] ; // vbString "j"
0048FAD8 51 PUSH ECX
0048FAD9 8D95 38FFFFFF LEA EDX,DWORD PTR SS:[EBP-C8] ; 结果 ==> [EBP-C8]
0048FADF 52 PUSH EDX
0048FAE0 FF15 F4114000 CALL DWORD PTR DS:[4011F4] ; MSVBVM60.__vbaVarAdd // RegName + "j"
0048FAE6 8BD0 MOV EDX,EAX
0048FAE8 8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50] ;
0048FAEB FF15 18104000 CALL DWORD PTR DS:[401018] ; MSVBVM60.__vbaVarMove // move to [EBP-50]
0048FAF1 C745 FC 0900000>MOV DWORD PTR SS:[EBP-4],9
0048FAF8 8D85 BCFCFFFF LEA EAX,DWORD PTR SS:[EBP-344]
0048FAFE 50 PUSH EAX
0048FAFF 8D8D CCFCFFFF LEA ECX,DWORD PTR SS:[EBP-334]
0048FB05 51 PUSH ECX
0048FB06 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
0048FB09 52 PUSH EDX
0048FB0A FF15 64124000 CALL DWORD PTR DS:[401264] ; MSVBVM60.__vbaVarForNext
0048FB10 8985 FCFBFFFF MOV DWORD PTR SS:[EBP-404],EAX
0048FB16 83BD FCFBFFFF 0>CMP DWORD PTR SS:[EBP-404],0
0048FB1D ^ 75 94 JNZ SHORT yutingca.0048FAB3 ; // LOOP1_end
0048FB1F C745 FC 0B00000>MOV DWORD PTR SS:[EBP-4],0B
0048FB26 C785 A0FDFFFF 0>MOV DWORD PTR SS:[EBP-260],1
0048FB30 C785 98FDFFFF 0>MOV DWORD PTR SS:[EBP-268],2
0048FB3A C785 90FDFFFF 0>MOV DWORD PTR SS:[EBP-270],0A
0048FB44 C785 88FDFFFF 0>MOV DWORD PTR SS:[EBP-278],2
0048FB4E C785 80FDFFFF 0>MOV DWORD PTR SS:[EBP-280],1
0048FB58 C785 78FDFFFF 0>MOV DWORD PTR SS:[EBP-288],2
0048FB62 8D85 98FDFFFF LEA EAX,DWORD PTR SS:[EBP-268]
0048FB68 50 PUSH EAX
0048FB69 8D8D 88FDFFFF LEA ECX,DWORD PTR SS:[EBP-278]
0048FB6F 51 PUSH ECX
0048FB70 8D95 78FDFFFF LEA EDX,DWORD PTR SS:[EBP-288]
0048FB76 52 PUSH EDX
0048FB77 8D85 9CFCFFFF LEA EAX,DWORD PTR SS:[EBP-364]
0048FB7D 50 PUSH EAX
0048FB7E 8D8D ACFCFFFF LEA ECX,DWORD PTR SS:[EBP-354]
0048FB84 51 PUSH ECX
0048FB85 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
0048FB88 52 PUSH EDX
0048FB89 FF15 84104000 CALL DWORD PTR DS:[401084] ; MSVBVM60.__vbaVarForInit
0048FB8F 8985 F8FBFFFF MOV DWORD PTR SS:[EBP-408],EAX
0048FB95 E9 E1000000 JMP yutingca.0048FC7B
0048FB9A C745 FC 0C00000>MOV DWORD PTR SS:[EBP-4],0C ; // LOOP2_begin
0048FBA1 C785 40FFFFFF 0>MOV DWORD PTR SS:[EBP-C0],1 ; // vbInteger data1=1;
0048FBAB C785 38FFFFFF 0>MOV DWORD PTR SS:[EBP-C8],2 ; // vbInteger
0048FBB5 8D85 38FFFFFF LEA EAX,DWORD PTR SS:[EBP-C8]
0048FBBB 50 PUSH EAX
0048FBBC 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30] ; // 结果 ==> [EBP-30]
0048FBBF 51 PUSH ECX
0048FBC0 FF15 E0114000 CALL DWORD PTR DS:[4011E0] ; MSVBVM60.__vbaI4Var // 把 Variant 转成 I4 ?
0048FBC6 50 PUSH EAX ; // index = 1, 2, 3, ...
0048FBC7 8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50] ; // RegName
0048FBCA 52 PUSH EDX
0048FBCB 8D85 28FFFFFF LEA EAX,DWORD PTR SS:[EBP-D8] ; // ==> [EBP-D8]
0048FBD1 50 PUSH EAX
0048FBD2 FF15 D8104000 CALL DWORD PTR DS:[4010D8] ; MSVBVM60.rtcMidCharVar // 取 RegName 的第1,2,3,... Char
0048FBD8 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
0048FBDB 51 PUSH ECX
0048FBDC FF15 E0114000 CALL DWORD PTR DS:[4011E0] ; MSVBVM60.__vbaI4Var
0048FBE2 8985 00FDFFFF MOV DWORD PTR SS:[EBP-300],EAX ; // index = 1, 2, 3, ...
0048FBE8 83BD 00FDFFFF 0>CMP DWORD PTR SS:[EBP-300],0B ; // index < 11 ?
0048FBEF 73 0C JNB SHORT yutingca.0048FBFD
0048FBF1 C785 C8FBFFFF 0>MOV DWORD PTR SS:[EBP-438],0
0048FBFB EB 0C JMP SHORT yutingca.0048FC09
0048FBFD FF15 F0104000 CALL DWORD PTR DS:[4010F0] ; MSVBVM60.__vbaGenerateBoundsError
0048FC03 8985 C8FBFFFF MOV DWORD PTR SS:[EBP-438],EAX
0048FC09 8D95 28FFFFFF LEA EDX,DWORD PTR SS:[EBP-D8] ; // RegName[index]
0048FC0F 52 PUSH EDX
0048FC10 8D85 64FFFFFF LEA EAX,DWORD PTR SS:[EBP-9C]
0048FC16 50 PUSH EAX
0048FC17 FF15 7C114000 CALL DWORD PTR DS:[40117C] ; MSVBVM60.__vbaStrVarVal
0048FC1D 50 PUSH EAX
0048FC1E FF15 44104000 CALL DWORD PTR DS:[401044] ; MSVBVM60.rtcAnsiValueBstr
0048FC24 8B8D 00FDFFFF MOV ECX,DWORD PTR SS:[EBP-300] ; // index
0048FC2A 8B55 94 MOV EDX,DWORD PTR SS:[EBP-6C] ; // short NameValue[10] 的首地址?
0048FC2D 66:89044A MOV WORD PTR DS:[EDX+ECX*2],AX ; // NameValue[index] = RegName[index];
0048FC31 8D8D 64FFFFFF LEA ECX,DWORD PTR SS:[EBP-9C]
0048FC37 FF15 6C124000 CALL DWORD PTR DS:[40126C] ; MSVBVM60.__vbaFreeStr
0048FC3D 8D85 28FFFFFF LEA EAX,DWORD PTR SS:[EBP-D8]
0048FC43 50 PUSH EAX
0048FC44 8D8D 38FFFFFF LEA ECX,DWORD PTR SS:[EBP-C8]
0048FC4A 51 PUSH ECX
0048FC4B 6A 02 PUSH 2
0048FC4D FF15 34104000 CALL DWORD PTR DS:[401034] ; MSVBVM60.__vbaFreeVarList
0048FC53 83C4 0C ADD ESP,0C
0048FC56 C745 FC 0D00000>MOV DWORD PTR SS:[EBP-4],0D
0048FC5D 8D95 9CFCFFFF LEA EDX,DWORD PTR SS:[EBP-364]
0048FC63 52 PUSH EDX
0048FC64 8D85 ACFCFFFF LEA EAX,DWORD PTR SS:[EBP-354]
0048FC6A 50 PUSH EAX
0048FC6B 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
0048FC6E 51 PUSH ECX
0048FC6F FF15 64124000 CALL DWORD PTR DS:[401264] ; MSVBVM60.__vbaVarForNext
0048FC75 8985 F8FBFFFF MOV DWORD PTR SS:[EBP-408],EAX
0048FC7B 83BD F8FBFFFF 0>CMP DWORD PTR SS:[EBP-408],0 ; // LOOP2_end
0048FC82 ^ 0F85 12FFFFFF JNZ yutingca.0048FB9A
0048FC88 C745 FC 0E00000>MOV DWORD PTR SS:[EBP-4],0E
0048FC8F C785 A0FDFFFF 0>MOV DWORD PTR SS:[EBP-260],1 ; // vbInteger data1=1
0048FC99 C785 98FDFFFF 0>MOV DWORD PTR SS:[EBP-268],2 ; // vbInteger
0048FCA3 8D95 98FDFFFF LEA EDX,DWORD PTR SS:[EBP-268]
0048FCA9 8D8D 74FFFFFF LEA ECX,DWORD PTR SS:[EBP-8C] ; // ==> [EBP-8C]
0048FCAF FF15 18104000 CALL DWORD PTR DS:[401018] ; MSVBVM60.__vbaVarMove
0048FCB5 C745 FC 0F00000>MOV DWORD PTR SS:[EBP-4],0F
0048FCBC C785 A0FDFFFF 0>MOV DWORD PTR SS:[EBP-260],1 ; // vbInteger xx=1
0048FCC6 C785 98FDFFFF 0>MOV DWORD PTR SS:[EBP-268],2
0048FCD0 C785 90FDFFFF 0>MOV DWORD PTR SS:[EBP-270],0A ; // vbInteger xxx= 10, loop times
0048FCDA C785 88FDFFFF 0>MOV DWORD PTR SS:[EBP-278],2
0048FCE4 C785 80FDFFFF 0>MOV DWORD PTR SS:[EBP-280],1
0048FCEE C785 78FDFFFF 0>MOV DWORD PTR SS:[EBP-288],2
0048FCF8 8D95 98FDFFFF LEA EDX,DWORD PTR SS:[EBP-268]
0048FCFE 52 PUSH EDX
0048FCFF 8D85 88FDFFFF LEA EAX,DWORD PTR SS:[EBP-278]
0048FD05 50 PUSH EAX
0048FD06 8D8D 78FDFFFF LEA ECX,DWORD PTR SS:[EBP-288]
0048FD0C 51 PUSH ECX
0048FD0D 8D95 7CFCFFFF LEA EDX,DWORD PTR SS:[EBP-384]
0048FD13 52 PUSH EDX
0048FD14 8D85 8CFCFFFF LEA EAX,DWORD PTR SS:[EBP-374]
0048FD1A 50 PUSH EAX
0048FD1B 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
0048FD1E 51 PUSH ECX
0048FD1F FF15 84104000 CALL DWORD PTR DS:[401084] ; MSVBVM60.__vbaVarForInit
0048FD25 8985 F4FBFFFF MOV DWORD PTR SS:[EBP-40C],EAX
0048FD2B E9 CD000000 JMP yutingca.0048FDFD
0048FD30 C745 FC 1000000>MOV DWORD PTR SS:[EBP-4],10 ; // LOOP3_begin
0048FD37 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
0048FD3A 52 PUSH EDX
0048FD3B FF15 E0114000 CALL DWORD PTR DS:[4011E0] ; MSVBVM60.__vbaI4Var
0048FD41 8985 00FDFFFF MOV DWORD PTR SS:[EBP-300],EAX
0048FD47 83BD 00FDFFFF 0>CMP DWORD PTR SS:[EBP-300],0B
0048FD4E 73 0C JNB SHORT yutingca.0048FD5C
0048FD50 C785 C4FBFFFF 0>MOV DWORD PTR SS:[EBP-43C],0
0048FD5A EB 0C JMP SHORT yutingca.0048FD68
0048FD5C FF15 F0104000 CALL DWORD PTR DS:[4010F0] ; MSVBVM60.__vbaGenerateBoundsError
0048FD62 8985 C4FBFFFF MOV DWORD PTR SS:[EBP-43C],EAX
0048FD68 8B85 00FDFFFF MOV EAX,DWORD PTR SS:[EBP-300] ; // 1, 2, 3, ...
0048FD6E 8B4D 94 MOV ECX,DWORD PTR SS:[EBP-6C]
0048FD71 66:8B1441 MOV DX,WORD PTR DS:[ECX+EAX*2] ; // NameValue[i] ==> DX
0048FD75 66:8995 A0FDFFF>MOV WORD PTR SS:[EBP-260],DX ; // [EBP-260] ,vbInteger Data2 = NameValue[i];
0048FD7C C785 98FDFFFF 0>MOV DWORD PTR SS:[EBP-268],2
0048FD86 C785 90FDFFFF 1>MOV DWORD PTR SS:[EBP-270],15 ; // vbInteger Data3 = 21
0048FD90 C785 88FDFFFF 0>MOV DWORD PTR SS:[EBP-278],2
0048FD9A 8D85 74FFFFFF LEA EAX,DWORD PTR SS:[EBP-8C] ; // Data1
0048FDA0 50 PUSH EAX
0048FDA1 8D8D 98FDFFFF LEA ECX,DWORD PTR SS:[EBP-268] ; // Data2
0048FDA7 51 PUSH ECX
0048FDA8 8D95 38FFFFFF LEA EDX,DWORD PTR SS:[EBP-C8] ; // ==>[EBP-C8]
0048FDAE 52 PUSH EDX ;
0048FDAF FF15 44114000 CALL DWORD PTR DS:[401144] ; MSVBVM60.__vbaVarMul // [EBP-C8] = Data1 * Data2
0048FDB5 50 PUSH EAX ; // Data1 * Data2 的结果
0048FDB6 8D85 88FDFFFF LEA EAX,DWORD PTR SS:[EBP-278] ; // Data3
0048FDBC 50 PUSH EAX
0048FDBD 8D8D 28FFFFFF LEA ECX,DWORD PTR SS:[EBP-D8] ; // ==> [EBP-D8]
0048FDC3 51 PUSH ECX ;
0048FDC4 FF15 64114000 CALL DWORD PTR DS:[401164] ; MSVBVM60.__vbaVarDiv // [EBP-D8] = (Data1 * Data2)/Data3
0048FDCA 8BD0 MOV EDX,EAX
0048FDCC 8D8D 74FFFFFF LEA ECX,DWORD PTR SS:[EBP-8C] ; // ==> [EBP-8C]
0048FDD2 FF15 18104000 CALL DWORD PTR DS:[401018] ; MSVBVM60.__vbaVarMove
0048FDD8 C745 FC 1100000>MOV DWORD PTR SS:[EBP-4],11
0048FDDF 8D95 7CFCFFFF LEA EDX,DWORD PTR SS:[EBP-384]
0048FDE5 52 PUSH EDX
0048FDE6 8D85 8CFCFFFF LEA EAX,DWORD PTR SS:[EBP-374]
0048FDEC 50 PUSH EAX
0048FDED 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
0048FDF0 51 PUSH ECX
0048FDF1 FF15 64124000 CALL DWORD PTR DS:[401264] ; MSVBVM60.__vbaVarForNext
0048FDF7 8985 F4FBFFFF MOV DWORD PTR SS:[EBP-40C],EAX
0048FDFD 83BD F4FBFFFF 0>CMP DWORD PTR SS:[EBP-40C],0
0048FE04 ^ 0F85 26FFFFFF JNZ yutingca.0048FD30 ; // LOOP3_end
0048FE0A C745 FC 1200000>MOV DWORD PTR SS:[EBP-4],12
0048FE11 C785 A0FDFFFF 8>MOV DWORD PTR SS:[EBP-260],B851EB85 ; // vbDouble xxx=0.43 ?
0048FE1B C785 A4FDFFFF 1>MOV DWORD PTR SS:[EBP-25C],3FDB851E
0048FE25 C785 98FDFFFF 0>MOV DWORD PTR SS:[EBP-268],5 ; // vbDouble
0048FE2F C785 90FDFFFF 0>MOV DWORD PTR SS:[EBP-270],3 ; // vbInteger xxx=3
0048FE39 C785 88FDFFFF 0>MOV DWORD PTR SS:[EBP-278],2
0048FE43 C785 80FDFFFF 0>MOV DWORD PTR SS:[EBP-280],4 ; // vbInteger xxx=4
0048FE4D C785 78FDFFFF 0>MOV DWORD PTR SS:[EBP-288],2
0048FE57 8D95 74FFFFFF LEA EDX,DWORD PTR SS:[EBP-8C] ; // Data1
0048FE5D 52 PUSH EDX
0048FE5E 8D85 98FDFFFF LEA EAX,DWORD PTR SS:[EBP-268] ; // 0.43
0048FE64 50 PUSH EAX
0048FE65 8D8D 38FFFFFF LEA ECX,DWORD PTR SS:[EBP-C8] ; // ==>[EBP-C8]
0048FE6B 51 PUSH ECX
0048FE6C FF15 F4114000 CALL DWORD PTR DS:[4011F4] ; MSVBVM60.__vbaVarAdd // Data1 + 0.43
0048FE72 50 PUSH EAX
0048FE73 8D95 88FDFFFF LEA EDX,DWORD PTR SS:[EBP-278] ; // vbInteger xxx=3
0048FE79 52 PUSH EDX
0048FE7A 8D85 28FFFFFF LEA EAX,DWORD PTR SS:[EBP-D8] ; // ==> [EBP-D8]
0048FE80 50 PUSH EAX
0048FE81 FF15 64114000 CALL DWORD PTR DS:[401164] ; MSVBVM60.__vbaVarDiv
0048FE87 50 PUSH EAX ; // (Data1+0.43)/3
0048FE88 8D8D 78FDFFFF LEA ECX,DWORD PTR SS:[EBP-288] ; // vbInteger xxx=4
0048FE8E 51 PUSH ECX
0048FE8F 8D95 18FFFFFF LEA EDX,DWORD PTR SS:[EBP-E8] ; // ==> [EBP-288]
0048FE95 52 PUSH EDX
0048FE96 FF15 44114000 CALL DWORD PTR DS:[401144] ; MSVBVM60.__vbaVarMul
0048FE9C 50 PUSH EAX ; // (Data1+0.43)/3*4
0048FE9D FF15 E0114000 CALL DWORD PTR DS:[4011E0] ; MSVBVM60.__vbaI4Var // Variant 转成 I4, 用C语言将, 就是取整
0048FEA3 8985 6CFFFFFF MOV DWORD PTR SS:[EBP-94],EAX ; // integer result ==> [EBP-94]
0048FEA9 8D8D 38FFFFFF LEA ECX,DWORD PTR SS:[EBP-C8]
0048FEAF FF15 1C104000 CALL DWORD PTR DS:[40101C] ; MSVBVM60.__vbaFreeVar
0048FEB5 C745 FC 1300000>MOV DWORD PTR SS:[EBP-4],13
0048FEBC 8D85 6CFFFFFF LEA EAX,DWORD PTR SS:[EBP-94]
0048FEC2 8985 A0FDFFFF MOV DWORD PTR SS:[EBP-260],EAX ; vbLong xxx=[EBP-94]
0048FEC8 C785 98FDFFFF 0>MOV DWORD PTR SS:[EBP-268],4003
0048FED2 8D8D 98FDFFFF LEA ECX,DWORD PTR SS:[EBP-268]
0048FED8 51 PUSH ECX
0048FED9 8D95 38FFFFFF LEA EDX,DWORD PTR SS:[EBP-C8] ; // 结果 ==> [EBP-C8], strNum
0048FEDF 52 PUSH EDX
0048FEE0 FF15 00124000 CALL DWORD PTR DS:[401200] ; MSVBVB60.rtcVarStrFromVar, // 可能相当与C语言的 sprintf(strNum, "%u", [EBP-94]);
0048FEE6 8D85 6CFFFFFF LEA EAX,DWORD PTR SS:[EBP-94]
0048FEEC 8985 90FDFFFF MOV DWORD PTR SS:[EBP-270],EAX
0048FEF2 C785 88FDFFFF 0>MOV DWORD PTR SS:[EBP-278],4003
0048FEFC 8D8D 88FDFFFF LEA ECX,DWORD PTR SS:[EBP-278]
0048FF02 51 PUSH ECX
0048FF03 8D95 28FFFFFF LEA EDX,DWORD PTR SS:[EBP-D8]
0048FF09 52 PUSH EDX
0048FF0A FF15 00124000 CALL DWORD PTR DS:[401200] ; MSVBVM60.rtcVarStrFromVar
0048FF10 C785 80FDFFFF 0>MOV DWORD PTR SS:[EBP-280],1 ; vbInteger xxx=1
0048FF1A C785 78FDFFFF 0>MOV DWORD PTR SS:[EBP-288],2
0048FF24 8D85 28FFFFFF LEA EAX,DWORD PTR SS:[EBP-D8]
0048FF2A 50 PUSH EAX
0048FF2B 8D8D 18FFFFFF LEA ECX,DWORD PTR SS:[EBP-E8]
0048FF31 51 PUSH ECX
0048FF32 FF15 6C104000 CALL DWORD PTR DS:[40106C] ; MSVBVM60.__vbaLenVar
0048FF38 50 PUSH EAX ; // vbaLenVar(strNum)
0048FF39 8D95 78FDFFFF LEA EDX,DWORD PTR SS:[EBP-288]
0048FF3F 52 PUSH EDX
0048FF40 8D85 08FFFFFF LEA EAX,DWORD PTR SS:[EBP-F8] ; // vbalenVar(strNum)-1 ==> [EBP-F8]
0048FF46 50 PUSH EAX
0048FF47 FF15 04104000 CALL DWORD PTR DS:[401004] ; MSVBVM60.__vbaVarSub
0048FF4D 50 PUSH EAX
0048FF4E FF15 E0114000 CALL DWORD PTR DS:[4011E0] ; MSVBVM60.__vbaI4Var
0048FF54 50 PUSH EAX ; EAX=(int) (vbaLenVar(strNum)-1);
0048FF55 8D8D 38FFFFFF LEA ECX,DWORD PTR SS:[EBP-C8] ; // strNum
0048FF5B 51 PUSH ECX
0048FF5C 8D95 F8FEFFFF LEA EDX,DWORD PTR SS:[EBP-108]
0048FF62 52 PUSH EDX
0048FF63 FF15 30124000 CALL DWORD PTR DS:[401230] ; MSVBVM60.rtcRightCharVar
0048FF69 8D95 F8FEFFFF LEA EDX,DWORD PTR SS:[EBP-108]
0048FF6F 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60] ; // move to ==> [EBP-60]
0048FF72 FF15 18104000 CALL DWORD PTR DS:[401018] ; MSVBVM60.__vbaVarMove
0048FF78 8D85 38FFFFFF LEA EAX,DWORD PTR SS:[EBP-C8]
0048FF7E 50 PUSH EAX
0048FF7F 8D8D 28FFFFFF LEA ECX,DWORD PTR SS:[EBP-D8]
0048FF85 51 PUSH ECX
0048FF86 6A 02 PUSH 2
0048FF88 FF15 34104000 CALL DWORD PTR DS:[401034] ; MSVBVM60.__vbaFreeVarList
0048FF8E 83C4 0C ADD ESP,0C
0048FF91 C745 FC 1400000>MOV DWORD PTR SS:[EBP-4],14
0048FF98 C785 A0FDFFFF 0>MOV DWORD PTR SS:[EBP-260],0A ; // vbInteger xxx=10
0048FFA2 C785 98FDFFFF 0>MOV DWORD PTR SS:[EBP-268],8002
0048FFAC 8D55 A0 LEA EDX,DWORD PTR SS:[EBP-60] ; // strNum
0048FFAF 52 PUSH EDX
0048FFB0 8D85 38FFFFFF LEA EAX,DWORD PTR SS:[EBP-C8] ; // vbaLenVar()==>[EBP-C8]
0048FFB6 50 PUSH EAX
0048FFB7 FF15 6C104000 CALL DWORD PTR DS:[40106C] ; MSVBVM60.__vbaLenVar
0048FFBD 50 PUSH EAX
0048FFBE 8D8D 98FDFFFF LEA ECX,DWORD PTR SS:[EBP-268] ; // vbInteger=10
0048FFC4 51 PUSH ECX
0048FFC5 FF15 00104000 CALL DWORD PTR DS:[401000] ; MSVBVM60.__vbaVarTstGt // 大于 10 吗?
0048FFCB 0FBFD0 MOVSX EDX,AX
0048FFCE 85D2 TEST EDX,EDX ; // No, JUMP to 0048FFFB
0048FFD0 74 29 JE SHORT yutingca.0048FFFB ;
0048FFD2 C745 FC 1500000>MOV DWORD PTR SS:[EBP-4],15
0048FFD9 6A 0A PUSH 0A ; // Yes, 取左边10 Char
0048FFDB 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60]
0048FFDE 50 PUSH EAX
0048FFDF 8D8D 38FFFFFF LEA ECX,DWORD PTR SS:[EBP-C8]
0048FFE5 51 PUSH ECX
0048FFE6 FF15 1C124000 CALL DWORD PTR DS:[40121C] ; MSVBVM60.rtcLeftCharVar
0048FFEC 8D95 38FFFFFF LEA EDX,DWORD PTR SS:[EBP-C8]
0048FFF2 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
0048FFF5 FF15 18104000 CALL DWORD PTR DS:[401018] ; MSVBVM60.__vbaVarMove
0048FFFB C745 FC 1700000>MOV DWORD PTR SS:[EBP-4],17
00490002 C785 A0FDFFFF 0>MOV DWORD PTR SS:[EBP-260],0A ; // xxx=10
0049000C C785 98FDFFFF 0>MOV DWORD PTR SS:[EBP-268],8002
00490016 8D55 A0 LEA EDX,DWORD PTR SS:[EBP-60]
00490019 52 PUSH EDX
0049001A 8D85 38FFFFFF LEA EAX,DWORD PTR SS:[EBP-C8]
00490020 50 PUSH EAX
00490021 FF15 6C104000 CALL DWORD PTR DS:[40106C] ; MSVBVM60.__vbaLenVar
00490027 50 PUSH EAX
00490028 8D8D 98FDFFFF LEA ECX,DWORD PTR SS:[EBP-268]
0049002E 51 PUSH ECX
0049002F FF15 C4104000 CALL DWORD PTR DS:[4010C4] ; MSVBVM60.__vbaVarTstLt
00490035 0FBFD0 MOVSX EDX,AX
00490038 85D2 TEST EDX,EDX
0049003A 0F84 04010000 JE yutingca.00490144
00490040 C745 FC 1800000>MOV DWORD PTR SS:[EBP-4],18
00490047 C785 90FDFFFF 0>MOV DWORD PTR SS:[EBP-270],1
00490051 C785 88FDFFFF 0>MOV DWORD PTR SS:[EBP-278],2
0049005B C785 A0FDFFFF 0>MOV DWORD PTR SS:[EBP-260],0A
00490065 C785 98FDFFFF 0>MOV DWORD PTR SS:[EBP-268],2
0049006F C785 80FDFFFF 0>MOV DWORD PTR SS:[EBP-280],1
00490079 C785 78FDFFFF 0>MOV DWORD PTR SS:[EBP-288],2
00490083 8D85 88FDFFFF LEA EAX,DWORD PTR SS:[EBP-278]
00490089 50 PUSH EAX
0049008A 8D8D 98FDFFFF LEA ECX,DWORD PTR SS:[EBP-268]
00490090 51 PUSH ECX
00490091 8D55 A0 LEA EDX,DWORD PTR SS:[EBP-60]
00490094 52 PUSH EDX
00490095 8D85 38FFFFFF LEA EAX,DWORD PTR SS:[EBP-C8]
0049009B 50 PUSH EAX
0049009C FF15 6C104000 CALL DWORD PTR DS:[40106C] ; MSVBVM60.__vbaLenVar
004900A2 50 PUSH EAX
004900A3 8D8D 28FFFFFF LEA ECX,DWORD PTR SS:[EBP-D8]
004900A9 51 PUSH ECX
004900AA FF15 04104000 CALL DWORD PTR DS:[401004] ; MSVBVM60.__vbaVarSub
004900B0 50 PUSH EAX
004900B1 8D95 78FDFFFF LEA EDX,DWORD PTR SS:[EBP-288]
004900B7 52 PUSH EDX
004900B8 8D85 5CFCFFFF LEA EAX,DWORD PTR SS:[EBP-3A4]
004900BE 50 PUSH EAX
004900BF 8D8D 6CFCFFFF LEA ECX,DWORD PTR SS:[EBP-394]
004900C5 51 PUSH ECX
004900C6 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
004900C9 52 PUSH EDX
004900CA FF15 84104000 CALL DWORD PTR DS:[401084] ; MSVBVM60.__vbaVarForInit
004900D0 8985 F0FBFFFF MOV DWORD PTR SS:[EBP-410],EAX
004900D6 EB 63 JMP SHORT yutingca.0049013B
004900D8 C745 FC 1900000>MOV DWORD PTR SS:[EBP-4],19 ; // LOOP4_begin
004900DF C785 A0FDFFFF 2>MOV DWORD PTR SS:[EBP-260],yutingca.00416620 ; // UNICODE "2"
004900E9 C785 98FDFFFF 0>MOV DWORD PTR SS:[EBP-268],8
004900F3 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60] ; // strNum
004900F6 50 PUSH EAX
004900F7 8D8D 98FDFFFF LEA ECX,DWORD PTR SS:[EBP-268]
004900FD 51 PUSH ECX
004900FE 8D95 38FFFFFF LEA EDX,DWORD PTR SS:[EBP-C8]
00490104 52 PUSH EDX ; // 结果 ==>
00490105 FF15 F4114000 CALL DWORD PTR DS:[4011F4] ; MSVBVM60.__vbaVarAdd // strNum+"2"
0049010B 8BD0 MOV EDX,EAX
0049010D 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
00490110 FF15 18104000 CALL DWORD PTR DS:[401018] ; MSVBVM60.__vbaVarMove
00490116 C745 FC 1A00000>MOV DWORD PTR SS:[EBP-4],1A
0049011D 8D85 5CFCFFFF LEA EAX,DWORD PTR SS:[EBP-3A4]
00490123 50 PUSH EAX
00490124 8D8D 6CFCFFFF LEA ECX,DWORD PTR SS:[EBP-394]
0049012A 51 PUSH ECX
0049012B 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
0049012E 52 PUSH EDX
0049012F FF15 64124000 CALL DWORD PTR DS:[401264] ; MSVBVM60.__vbaVarForNext
00490135 8985 F0FBFFFF MOV DWORD PTR SS:[EBP-410],EAX
0049013B 83BD F0FBFFFF 0>CMP DWORD PTR SS:[EBP-410],0
00490142 ^ 75 94 JNZ SHORT yutingca.004900D8 ; // LOOP4_end
00490144 C745 FC 1C00000>MOV DWORD PTR SS:[EBP-4],1C
0049014B C785 40FFFFFF 0>MOV DWORD PTR SS:[EBP-C0],1 ; // len=1
00490155 C785 38FFFFFF 0>MOV DWORD PTR SS:[EBP-C8],2
0049015F 8D85 38FFFFFF LEA EAX,DWORD PTR SS:[EBP-C8]
00490165 50 PUSH EAX
00490166 6A 05 PUSH 5 ; // index=5
00490168 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60] ; // strNum
0049016B 51 PUSH ECX
0049016C 8D95 28FFFFFF LEA EDX,DWORD PTR SS:[EBP-D8]
00490172 52 PUSH EDX
00490173 FF15 D8104000 CALL DWORD PTR DS:[4010D8] ; MSVBVM60.rtcMidCharVar
00490179 C785 20FFFFFF 0>MOV DWORD PTR SS:[EBP-E0],1
00490183 C785 18FFFFFF 0>MOV DWORD PTR SS:[EBP-E8],2
0049018D 8D85 18FFFFFF LEA EAX,DWORD PTR SS:[EBP-E8]
00490193 50 PUSH EAX
00490194 6A 07 PUSH 7 ; // index=7
00490196 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
00490199 51 PUSH ECX
0049019A 8D95 08FFFFFF LEA EDX,DWORD PTR SS:[EBP-F8]
004901A0 52 PUSH EDX
004901A1 FF15 D8104000 CALL DWORD PTR DS:[4010D8] ; MSVBVM60.rtcMidCharVar
004901A7 C785 F0FEFFFF 0>MOV DWORD PTR SS:[EBP-110],1
004901B1 C785 E8FEFFFF 0>MOV DWORD PTR SS:[EBP-118],2
004901BB 8D85 E8FEFFFF LEA EAX,DWORD PTR SS:[EBP-118]
004901C1 50 PUSH EAX
004901C2 6A 06 PUSH 6 ; // index=6
004901C4 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
004901C7 51 PUSH ECX
004901C8 8D95 D8FEFFFF LEA EDX,DWORD PTR SS:[EBP-128]
004901CE 52 PUSH EDX
004901CF FF15 D8104000 CALL DWORD PTR DS:[4010D8] ; MSVBVM60.rtcMidCharVar
004901D5 C785 C0FEFFFF 0>MOV DWORD PTR SS:[EBP-140],1
004901DF C785 B8FEFFFF 0>MOV DWORD PTR SS:[EBP-148],2
004901E9 8D85 B8FEFFFF LEA EAX,DWORD PTR SS:[EBP-148]
004901EF 50 PUSH EAX
004901F0 6A 03 PUSH 3 ; // index=3
004901F2 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
004901F5 51 PUSH ECX
004901F6 8D95 A8FEFFFF LEA EDX,DWORD PTR SS:[EBP-158]
004901FC 52 PUSH EDX
004901FD FF15 D8104000 CALL DWORD PTR DS:[4010D8] ; MSVBVM60.rtcMidCharVar
00490203 C785 90FEFFFF 0>MOV DWORD PTR SS:[EBP-170],1
0049020D C785 88FEFFFF 0>MOV DWORD PTR SS:[EBP-178],2
00490217 8D85 88FEFFFF LEA EAX,DWORD PTR SS:[EBP-178]
0049021D 50 PUSH EAX
0049021E 6A 02 PUSH 2 ; // index=2
00490220 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
00490223 51 PUSH ECX
00490224 8D95 78FEFFFF LEA EDX,DWORD PTR SS:[EBP-188]
0049022A 52 PUSH EDX
0049022B FF15 D8104000 CALL DWORD PTR DS:[4010D8] ; MSVBVM60.rtcMidCharVar
00490231 C785 60FEFFFF 0>MOV DWORD PTR SS:[EBP-1A0],1
0049023B C785 58FEFFFF 0>MOV DWORD PTR SS:[EBP-1A8],2
00490245 8D85 58FEFFFF LEA EAX,DWORD PTR SS:[EBP-1A8]
0049024B 50 PUSH EAX
0049024C 6A 01 PUSH 1 ; // index=1
0049024E 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
00490251 51 PUSH ECX
00490252 8D95 48FEFFFF LEA EDX,DWORD PTR SS:[EBP-1B8]
00490258 52 PUSH EDX
00490259 FF15 D8104000 CALL DWORD PTR DS:[4010D8] ; MSVBVM60.rtcMidCharVar
0049025F C785 30FEFFFF 0>MOV DWORD PTR SS:[EBP-1D0],1
00490269 C785 28FEFFFF 0>MOV DWORD PTR SS:[EBP-1D8],2
00490273 8D85 28FEFFFF LEA EAX,DWORD PTR SS:[EBP-1D8]
00490279 50 PUSH EAX
0049027A 6A 04 PUSH 4 ; // index=4
0049027C 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
0049027F 51 PUSH ECX
00490280 8D95 18FEFFFF LEA EDX,DWORD PTR SS:[EBP-1E8]
00490286 52 PUSH EDX
00490287 FF15 D8104000 CALL DWORD PTR DS:[4010D8] ; MSVBVM60.rtcMidCharVar
0049028D C785 00FEFFFF 0>MOV DWORD PTR SS:[EBP-200],1
00490297 C785 F8FDFFFF 0>MOV DWORD PTR SS:[EBP-208],2
004902A1 8D85 F8FDFFFF LEA EAX,DWORD PTR SS:[EBP-208]
004902A7 50 PUSH EAX
004902A8 6A 0A PUSH 0A ; // index = 10
004902AA 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
004902AD 51 PUSH ECX
004902AE 8D95 E8FDFFFF LEA EDX,DWORD PTR SS:[EBP-218]
004902B4 52 PUSH EDX
004902B5 FF15 D8104000 CALL DWORD PTR DS:[4010D8] ; MSVBVM60.rtcMidCharVar
004902BB C785 D0FDFFFF 0>MOV DWORD PTR SS:[EBP-230],2 ; // len=2
004902C5 C785 C8FDFFFF 0>MOV DWORD PTR SS:[EBP-238],2
004902CF 8D85 C8FDFFFF LEA EAX,DWORD PTR SS:[EBP-238]
004902D5 50 PUSH EAX
004902D6 6A 08 PUSH 8 ; // index=8
004902D8 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
004902DB 51 PUSH ECX
004902DC 8D95 B8FDFFFF LEA EDX,DWORD PTR SS:[EBP-248]
004902E2 52 PUSH EDX
004902E3 FF15 D8104000 CALL DWORD PTR DS:[4010D8] ; MSVBVM60.rtcMidCharVar
004902E9 8D85 28FFFFFF LEA EAX,DWORD PTR SS:[EBP-D8]
004902EF 50 PUSH EAX
004902F0 8D8D 08FFFFFF LEA ECX,DWORD PTR SS:[EBP-F8]
004902F6 51 PUSH ECX
004902F7 8D95 F8FEFFFF LEA EDX,DWORD PTR SS:[EBP-108]
004902FD 52 PUSH EDX
004902FE FF15 F4114000 CALL DWORD PTR DS:[4011F4] ; MSVBVM60.__vbaVarAdd
00490304 50 PUSH EAX
00490305 8D85 D8FEFFFF LEA EAX,DWORD PTR SS:[EBP-128]
0049030B 50 PUSH EAX
0049030C 8D8D C8FEFFFF LEA ECX,DWORD PTR SS:[EBP-138]
00490312 51 PUSH ECX
00490313 FF15 F4114000 CALL DWORD PTR DS:[4011F4] ; MSVBVM60.__vbaVarAdd
00490319 50 PUSH EAX
0049031A 8D95 A8FEFFFF LEA EDX,DWORD PTR SS:[EBP-158]
00490320 52 PUSH EDX
00490321 8D85 98FEFFFF LEA EAX,DWORD PTR SS:[EBP-168]
00490327 50 PUSH EAX
00490328 FF15 F4114000 CALL DWORD PTR DS:[4011F4] ; MSVBVM60.__vbaVarAdd
0049032E 50 PUSH EAX
0049032F 8D8D 78FEFFFF LEA ECX,DWORD PTR SS:[EBP-188]
00490335 51 PUSH ECX
00490336 8D95 68FEFFFF LEA EDX,DWORD PTR SS:[EBP-198]
0049033C 52 PUSH EDX
0049033D FF15 F4114000 CALL DWORD PTR DS:[4011F4] ; MSVBVM60.__vbaVarAdd
00490343 50 PUSH EAX
00490344 8D85 48FEFFFF LEA EAX,DWORD PTR SS:[EBP-1B8]
0049034A 50 PUSH EAX
0049034B 8D8D 38FEFFFF LEA ECX,DWORD PTR SS:[EBP-1C8]
00490351 51 PUSH ECX
00490352 FF15 F4114000 CALL DWORD PTR DS:[4011F4] ; MSVBVM60.__vbaVarAdd
00490358 50 PUSH EAX
00490359 8D95 18FEFFFF LEA EDX,DWORD PTR SS:[EBP-1E8]
0049035F 52 PUSH EDX
00490360 8D85 08FEFFFF LEA EAX,DWORD PTR SS:[EBP-1F8]
00490366 50 PUSH EAX
00490367 FF15 F4114000 CALL DWORD PTR DS:[4011F4] ; MSVBVM60.__vbaVarAdd
0049036D 50 PUSH EAX
0049036E 8D8D E8FDFFFF LEA ECX,DWORD PTR SS:[EBP-218]
00490374 51 PUSH ECX
00490375 8D95 D8FDFFFF LEA EDX,DWORD PTR SS:[EBP-228]
0049037B 52 PUSH EDX
0049037C FF15 F4114000 CALL DWORD PTR DS:[4011F4] ; MSVBVM60.__vbaVarAdd
00490382 50 PUSH EAX
00490383 8D85 B8FDFFFF LEA EAX,DWORD PTR SS:[EBP-248]
00490389 50 PUSH EAX
0049038A 8D8D A8FDFFFF LEA ECX,DWORD PTR SS:[EBP-258]
00490390 51 PUSH ECX ; strNum1[] = strNum[5,7,6,3,2,1,4,10,8,9];
00490391 FF15 F4114000 CALL DWORD PTR DS:[4011F4] ; MSVBVM60.__vbaVarAdd
00490397 8BD0 MOV EDX,EAX
00490399 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60] ; // ==>[EBP-60]
0049039C FF15 18104000 CALL DWORD PTR DS:[401018] ; MSVBVM60.__vbaVarMove
004903A2 8D95 B8FDFFFF LEA EDX,DWORD PTR SS:[EBP-248]
004903A8 52 PUSH EDX
004903A9 8D85 D8FDFFFF LEA EAX,DWORD PTR SS:[EBP-228]
004903AF 50 PUSH EAX
004903B0 8D8D C8FDFFFF LEA ECX,DWORD PTR SS:[EBP-238]
004903B6 51 PUSH ECX
004903B7 8D95 E8FDFFFF LEA EDX,DWORD PTR SS:[EBP-218]
004903BD 52 PUSH EDX
004903BE 8D85 08FEFFFF LEA EAX,DWORD PTR SS:[EBP-1F8]
004903C4 50 PUSH EAX
004903C5 8D8D F8FDFFFF LEA ECX,DWORD PTR SS:[EBP-208]
004903CB 51 PUSH ECX
004903CC 8D95 18FEFFFF LEA EDX,DWORD PTR SS:[EBP-1E8]
004903D2 52 PUSH EDX
004903D3 8D85 38FEFFFF LEA EAX,DWORD PTR SS:[EBP-1C8]
004903D9 50 PUSH EAX
004903DA 8D8D 28FEFFFF LEA ECX,DWORD PTR SS:[EBP-1D8]
004903E0 51 PUSH ECX
004903E1 8D95 48FEFFFF LEA EDX,DWORD PTR SS:[EBP-1B8]
004903E7 52 PUSH EDX
004903E8 8D85 68FEFFFF LEA EAX,DWORD PTR SS:[EBP-198]
004903EE 50 PUSH EAX
004903EF 8D8D 58FEFFFF LEA ECX,DWORD PTR SS:[EBP-1A8]
004903F5 51 PUSH ECX
004903F6 8D95 78FEFFFF LEA EDX,DWORD PTR SS:[EBP-188]
004903FC 52 PUSH EDX
004903FD 8D85 98FEFFFF LEA EAX,DWORD PTR SS:[EBP-168]
00490403 50 PUSH EAX
00490404 8D8D 88FEFFFF LEA ECX,DWORD PTR SS:[EBP-178]
0049040A 51 PUSH ECX
0049040B 8D95 A8FEFFFF LEA EDX,DWORD PTR SS:[EBP-158]
00490411 52 PUSH EDX
00490412 8D85 C8FEFFFF LEA EAX,DWORD PTR SS:[EBP-138]
00490418 50 PUSH EAX
00490419 8D8D B8FEFFFF LEA ECX,DWORD PTR SS:[EBP-148]
0049041F 51 PUSH ECX
00490420 8D95 D8FEFFFF LEA EDX,DWORD PTR SS:[EBP-128]
00490426 52 PUSH EDX
00490427 8D85 F8FEFFFF LEA EAX,DWORD PTR SS:[EBP-108]
0049042D 50 PUSH EAX
0049042E 8D8D E8FEFFFF LEA ECX,DWORD PTR SS:[EBP-118]
00490434 51 PUSH ECX
00490435 8D95 08FFFFFF LEA EDX,DWORD PTR SS:[EBP-F8]
0049043B 52 PUSH EDX
0049043C 8D85 28FFFFFF LEA EAX,DWORD PTR SS:[EBP-D8]
00490442 50 PUSH EAX
00490443 8D8D 18FFFFFF LEA ECX,DWORD PTR SS:[EBP-E8]
00490449 51 PUSH ECX
0049044A 8D95 38FFFFFF LEA EDX,DWORD PTR SS:[EBP-C8]
00490450 52 PUSH EDX
00490451 6A 19 PUSH 19
00490453 FF15 34104000 CALL DWORD PTR DS:[401034] ; MSVBVM60.__vbaFreeVarList
00490459 83C4 68 ADD ESP,68
0049045C C745 FC 1D00000>MOV DWORD PTR SS:[EBP-4],1D
00490463 C785 A0FDFFFF 0>MOV DWORD PTR SS:[EBP-260],1 ; // xx=1
0049046D C785 98FDFFFF 0>MOV DWORD PTR SS:[EBP-268],2
00490477 C785 90FDFFFF 0>MOV DWORD PTR SS:[EBP-270],5 ; // xx=5
00490481 C785 88FDFFFF 0>MOV DWORD PTR SS:[EBP-278],2
0049048B C785 80FDFFFF 0>MOV DWORD PTR SS:[EBP-280],1
00490495 C785 78FDFFFF 0>MOV DWORD PTR SS:[EBP-288],2
0049049F 8D85 98FDFFFF LEA EAX,DWORD PTR SS:[EBP-268]
004904A5 50 PUSH EAX
004904A6 8D8D 88FDFFFF LEA ECX,DWORD PTR SS:[EBP-278]
004904AC 51 PUSH ECX
004904AD 8D95 78FDFFFF LEA EDX,DWORD PTR SS:[EBP-288]
004904B3 52 PUSH EDX
004904B4 8D85 3CFCFFFF LEA EAX,DWORD PTR SS:[EBP-3C4]
004904BA 50 PUSH EAX
004904BB 8D8D 4CFCFFFF LEA ECX,DWORD PTR SS:[EBP-3B4]
004904C1 51 PUSH ECX
004904C2 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
004904C5 52 PUSH EDX
004904C6 FF15 84104000 CALL DWORD PTR DS:[401084] ; MSVBVM60.__vbaVarForInit
004904CC 8985 ECFBFFFF MOV DWORD PTR SS:[EBP-414],EAX
004904D2 E9 57010000 JMP yutingca.0049062E
004904D7 C745 FC 1E00000>MOV DWORD PTR SS:[EBP-4],1E
004904DE C785 30FFFFFF 0>MOV DWORD PTR SS:[EBP-D0],1 ; // xx=1
004904E8 C785 28FFFFFF 0>MOV DWORD PTR SS:[EBP-D8],2
004904F2 C785 A0FDFFFF 0>MOV DWORD PTR SS:[EBP-260],4 ; // xx=4
004904FC C785 98FDFFFF 0>MOV DWORD PTR SS:[EBP-268],2
00490506 8D85 28FFFFFF LEA EAX,DWORD PTR SS:[EBP-D8]
0049050C 50 PUSH EAX
0049050D 8D8D 98FDFFFF LEA ECX,DWORD PTR SS:[EBP-268]
00490513 51 PUSH ECX
00490514 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
00490517 52 PUSH EDX
00490518 8D85 38FFFFFF LEA EAX,DWORD PTR SS:[EBP-C8] ; // [EBP-C8] = 1 + 4
0049051E 50 PUSH EAX
0049051F FF15 F4114000 CALL DWORD PTR DS:[4011F4] ; MSVBVM60.__vbaVarAdd
00490525 50 PUSH EAX
00490526 FF15 E0114000 CALL DWORD PTR DS:[4011E0] ; MSVBVM60.__vbaI4Var
0049052C 50 PUSH EAX ; index=5,6,...
0049052D 8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60] ; // strNum1
00490530 51 PUSH ECX
00490531 8D95 18FFFFFF LEA EDX,DWORD PTR SS:[EBP-E8] ; // ==> [EBP-E8]
00490537 52 PUSH EDX
00490538 FF15 D8104000 CALL DWORD PTR DS:[4010D8] ; MSVBVM60.rtcMidCharVar
0049053E 8D85 18FFFFFF LEA EAX,DWORD PTR SS:[EBP-E8] ; strNum[index]
00490544 50 PUSH EAX
00490545 8D8D 64FFFFFF LEA ECX,DWORD PTR SS:[EBP-9C]
0049054B 51 PUSH ECX
0049054C FF15 7C114000 CALL DWORD PTR DS:[40117C] ; MSVBVM60.__vbaStrVarVal
00490552 50 PUSH EAX
00490553 FF15 74124000 CALL DWORD PTR DS:[401274] ; MSVBVM60.rtcR8ValFromBstr // 用C语言, 可能相当于atof(strNum[index])
00490559 DD9D 04FDFFFF FSTP QWORD PTR SS:[EBP-2FC] ; // ST0 = atof(strNum[index]) ==>[EBP-2FC]
0049055F 8B95 68FFFFFF MOV EDX,DWORD PTR SS:[EBP-98] ; // RegResult, 计算出的注册码放在[EBP-98], 刚开始为空
00490565 8995 80FDFFFF MOV DWORD PTR SS:[EBP-280],EDX
0049056B C785 78FDFFFF 0>MOV DWORD PTR SS:[EBP-288],8
00490575 DD05 48194000 FLD QWORD PTR DS:[401948] ; // float 67, (ascii "C") ==> ST0
0049057B DC85 04FDFFFF FADD QWORD PTR SS:[EBP-2FC] ; // ST0 += atof(strNum[index])
00490581 DFE0 FSTSW AX
00490583 A8 0D TEST AL,0D
00490585 0F85 3A150000 JNZ yutingca.00491AC5
0049058B FF15 10124000 CALL DWORD PTR DS:[401210] ; MSVBVM60.__vbaFpI4
00490591 50 PUSH EAX ; EAX="C"+atoi(strNum[index]) // 求得 1 位注册码
00490592 8D85 08FFFFFF LEA EAX,DWORD PTR SS:[EBP-F8]
00490598 50 PUSH EAX
00490599 FF15 6C114000 CALL DWORD PTR DS:[40116C] ; MSVBVM60.rtcVarBstrFromAnsi
0049059F 8D8D 78FDFFFF LEA ECX,DWORD PTR SS:[EBP-288]
004905A5 51 PUSH ECX
004905A6 8D95 08FFFFFF LEA EDX,DWORD PTR SS:[EBP-F8]
004905AC 52 PUSH EDX
004905AD 8D85 F8FEFFFF LEA EAX,DWORD PTR SS:[EBP-108]
004905B3 50 PUSH EAX
004905B4 FF15 F4114000 CALL DWORD PTR DS:[4011F4] ; MSVBVM60.__vbaVarAdd // 加一位注册码
004905BA 50 PUSH EAX
004905BB FF15 24104000 CALL DWORD PTR DS:[401024] ; MSVBVM60.__vbaStrVarMove
004905C1 8BD0 MOV EDX,EAX
004905C3 8D8D 68FFFFFF LEA ECX,DWORD PTR SS:[EBP-98] ; // ==> [EBP-98], RegResult
004905C9 FF15 28124000 CALL DWORD PTR DS:[401228] ; MSVBVM60.__vbaStrMove // 保存
004905CF 8D8D 64FFFFFF LEA ECX,DWORD PTR SS:[EBP-9C]
004905D5 FF15 6C124000 CALL DWORD PTR DS:[40126C] ; MSVBVM60.__vbaFreeStr
004905DB 8D8D F8FEFFFF LEA ECX,DWORD PTR SS:[EBP-108]
004905E1 51 PUSH ECX
004905E2 8D95 08FFFFFF LEA EDX,DWORD PTR SS:[EBP-F8]
004905E8 52 PUSH EDX
004905E9 8D85 18FFFFFF LEA EAX,DWORD PTR SS:[EBP-E8]
004905EF 50 PUSH EAX
004905F0 8D8D 28FFFFFF LEA ECX,DWORD PTR SS:[EBP-D8]
004905F6 51 PUSH ECX
004905F7 8D95 38FFFFFF LEA EDX,DWORD PTR SS:[EBP-C8]
004905FD 52 PUSH EDX
004905FE 6A 05 PUSH 5
00490600 FF15 34104000 CALL DWORD PTR DS:[401034] ; MSVBVM60.__vbaFreeVarList
00490606 83C4 18 ADD ESP,18
00490609 C745 FC 1F00000>MOV DWORD PTR SS:[EBP-4],1F
00490610 8D85 3CFCFFFF LEA EAX,DWORD PTR SS:[EBP-3C4]
00490616 50 PUSH EAX
00490617 8D8D 4CFCFFFF LEA ECX,DWORD PTR SS:[EBP-3B4]
0049061D 51 PUSH ECX
0049061E 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
00490621 52 PUSH EDX
00490622 FF15 64124000 CALL DWORD PTR DS:[401264] ; MSVBVM60.__vbaVarForNext
00490628 8985 ECFBFFFF MOV DWORD PTR SS:[EBP-414],EAX
0049062E 83BD ECFBFFFF 0>CMP DWORD PTR SS:[EBP-414],0
00490635 ^ 0F85 9CFEFFFF JNZ yutingca.004904D7 ; // 循环 5 次
0049063B C745 FC 2000000>MOV DWORD PTR SS:[EBP-4],20
00490642 8B85 68FFFFFF MOV EAX,DWORD PTR SS:[EBP-98] ; // RegResult
00490648 8985 90FDFFFF MOV DWORD PTR SS:[EBP-270],EAX ; // RegResult => [EBP-270]
0049064E C785 88FDFFFF 0>MOV DWORD PTR SS:[EBP-278],8 ; // vbString
00490658 C785 40FFFFFF 0>MOV DWORD PTR SS:[EBP-C0],5 ; // vbInteger len=5
00490662 C785 38FFFFFF 0>MOV DWORD PTR SS:[EBP-C8],2
0049066C 8D8D 38FFFFFF LEA ECX,DWORD PTR SS:[EBP-C8]
00490672 51 PUSH ECX
00490673 6A 01 PUSH 1 ; // index=1, 从第1位取
00490675 8D55 A0 LEA EDX,DWORD PTR SS:[EBP-60] ; strNum1
00490678 52 PUSH EDX
00490679 8D85 28FFFFFF LEA EAX,DWORD PTR SS:[EBP-D8] ; 结果 ==> [EBP-D8]
0049067F 50 PUSH EAX
00490680 FF15 D8104000 CALL DWORD PTR DS:[4010D8] ; MSVBVM60.rtcMidCharVar // strNum1[1-5]
00490686 8D8D 88FDFFFF LEA ECX,DWORD PTR SS:[EBP-278] ; // RegResult
0049068C 51 PUSH ECX
0049068D 8D95 28FFFFFF LEA EDX,DWORD PTR SS:[EBP-D8]
00490693 52 PUSH EDX
00490694 8D85 18FFFFFF LEA EAX,DWORD PTR SS:[EBP-E8]
0049069A 50 PUSH EAX
0049069B FF15 F4114000 CALL DWORD PTR DS:[4011F4] ; MSVBVM60.__vbaVarAdd // RegResult + strNum1[1-5]
004906A1 50 PUSH EAX
004906A2 FF15 24104000 CALL DWORD PTR DS:[401024] ; MSVBVM60.__vbaStrVarMove
004906A8 8BD0 MOV EDX,EAX
004906AA 8D8D 68FFFFFF LEA ECX,DWORD PTR SS:[EBP-98]
004906B0 FF15 28124000 CALL DWORD PTR DS:[401228] ; MSVBVM60.__vbaStrMove
004906B6 8D8D 18FFFFFF LEA ECX,DWORD PTR SS:[EBP-E8]
004906BC 51 PUSH ECX
004906BD 8D95 28FFFFFF LEA EDX,DWORD PTR SS:[EBP-D8]
004906C3 52 PUSH EDX
004906C4 8D85 38FFFFFF LEA EAX,DWORD PTR SS:[EBP-C8]
004906CA 50 PUSH EAX
004906CB 6A 03 PUSH 3
004906CD FF15 34104000 CALL DWORD PTR DS:[401034] ; MSVBVM60.__vbaFreeVarList
004906D3 83C4 10 ADD ESP,10
004906D6 C745 FC 2100000>MOV DWORD PTR SS:[EBP-4],21
004906DD C785 A0FDFFFF 0>MOV DWORD PTR SS:[EBP-260],1
004906E7 C785 98FDFFFF 0>MOV DWORD PTR SS:[EBP-268],2
004906F1 C785 90FDFFFF 0>MOV DWORD PTR SS:[EBP-270],5
004906FB C785 88FDFFFF 0>MOV DWORD PTR SS:[EBP-278],2
00490705 C785 80FDFFFF 0>MOV DWORD PTR SS:[EBP-280],1
0049070F C785 78FDFFFF 0>MOV DWORD PTR SS:[EBP-288],2
00490719 8D8D 98FDFFFF LEA ECX,DWORD PTR SS:[EBP-268]
0049071F 51 PUSH ECX
00490720 8D95 88FDFFFF LEA EDX,DWORD PTR SS:[EBP-278]
00490726 52 PUSH EDX
00490727 8D85 78FDFFFF LEA EAX,DWORD PTR SS:[EBP-288]
0049072D 50 PUSH EAX
0049072E 8D8D 1CFCFFFF LEA ECX,DWORD PTR SS:[EBP-3E4]
00490734 51 PUSH ECX
00490735 8D95 2CFCFFFF LEA EDX,DWORD PTR SS:[EBP-3D4]
0049073B 52 PUSH EDX
0049073C 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30]
0049073F 50 PUSH EAX
00490740 FF15 84104000 CALL DWORD PTR DS:[401084] ; MSVBVM60.__vbaVarForInit
00490746 8985 E8FBFFFF MOV DWORD PTR SS:[EBP-418],EAX
0049074C E9 27010000 JMP yutingca.00490878
00490751 C745 FC 2200000>MOV DWORD PTR SS:[EBP-4],22
00490758 C785 40FFFFFF 0>MOV DWORD PTR SS:[EBP-C0],1
00490762 C785 38FFFFFF 0>MOV DWORD PTR SS:[EBP-C8],2
0049076C 8D8D 38FFFFFF LEA ECX,DWORD PTR SS:[EBP-C8]
00490772 51 PUSH ECX
00490773 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
00490776 52 PUSH EDX
00490777 FF15 E0114000 CALL DWORD PTR DS:[4011E0] ; MSVBVM60.__vbaI4Var
0049077D 50 PUSH EAX ; index=1,2,...
0049077E 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60]
00490781 50 PUSH EAX
00490782 8D8D 28FFFFFF LEA ECX,DWORD PTR SS:[EBP-D8]
00490788 51 PUSH ECX
00490789 FF15 D8104000 CALL DWORD PTR DS:[4010D8] ; MSVBVM60.rtcMidCharVar // strNum1[index]
0049078F 8D95 28FFFFFF LEA EDX,DWORD PTR SS:[EBP-D8]
00490795 52 PUSH EDX
00490796 8D85 64FFFFFF LEA EAX,DWORD PTR SS:[EBP-9C]
0049079C 50 PUSH EAX
0049079D FF15 7C114000 CALL DWORD PTR DS:[40117C] ; MSVBVM60.__vbaStrVarVal
004907A3 50 PUSH EAX
004907A4 FF15 74124000 CALL DWORD PTR DS:[401274] ; MSVBVM60.rtcR8ValFromBstr // atof(strNum1[index])
004907AA DD9D 04FDFFFF FSTP QWORD PTR SS:[EBP-2FC]
004907B0 8B8D 68FFFFFF MOV ECX,DWORD PTR SS:[EBP-98]
004907B6 898D 90FDFFFF MOV DWORD PTR SS:[EBP-270],ECX
004907BC C785 88FDFFFF 0>MOV DWORD PTR SS:[EBP-278],8
004907C6 DD05 40194000 FLD QWORD PTR DS:[401940] ; // float 73.0 (ASCII "I") ==> ST0
004907CC DC85 04FDFFFF FADD QWORD PTR SS:[EBP-2FC] ; ST0 += atof(strNum1[index])
004907D2 DFE0 FSTSW AX
004907D4 A8 0D TEST AL,0D
004907D6 0F85 E9120000 JNZ yutingca.00491AC5
004907DC FF15 10124000 CALL DWORD PTR DS:[401210] ; MSVBVM60.__vbaFpI4
004907E2 50 PUSH EAX ; EAX="I"+atof(strNum1[index]) // 求得 1 位注册码
004907E3 8D95 18FFFFFF LEA EDX,DWORD PTR SS:[EBP-E8]
004907E9 52 PUSH EDX
004907EA FF15 6C114000 CALL DWORD PTR DS:[40116C] ; MSVBVM60.rtcVarBstrFromAnsi
004907F0 8D85 88FDFFFF LEA EAX,DWORD PTR SS:[EBP-278]
004907F6 50 PUSH EAX
004907F7 8D8D 18FFFFFF LEA ECX,DWORD PTR SS:[EBP-E8]
004907FD 51 PUSH ECX
004907FE 8D95 08FFFFFF LEA EDX,DWORD PTR SS:[EBP-F8]
00490804 52 PUSH EDX
00490805 FF15 F4114000 CALL DWORD PTR DS:[4011F4] ; MSVBVM60.__vbaVarAdd
0049080B 50 PUSH EAX
0049080C FF15 24104000 CALL DWORD PTR DS:[401024] ; MSVBVM60.__vbaStrVarMove
00490812 8BD0 MOV EDX,EAX
00490814 8D8D 68FFFFFF LEA ECX,DWORD PTR SS:[EBP-98] ; // ==> [EBP-98]
0049081A FF15 28124000 CALL DWORD PTR DS:[401228] ; MSVBVM60.__vbaStrMove
00490820 8D8D 64FFFFFF LEA ECX,DWORD PTR SS:[EBP-9C]
00490826 FF15 6C124000 CALL DWORD PTR DS:[40126C] ; MSVBVM60.__vbaFreeStr
0049082C 8D85 08FFFFFF LEA EAX,DWORD PTR SS:[EBP-F8]
00490832 50 PUSH EAX
00490833 8D8D 18FFFFFF LEA ECX,DWORD PTR SS:[EBP-E8]
00490839 51 PUSH ECX
0049083A 8D95 28FFFFFF LEA EDX,DWORD PTR SS:[EBP-D8]
00490840 52 PUSH EDX
00490841 8D85 38FFFFFF LEA EAX,DWORD PTR SS:[EBP-C8]
00490847 50 PUSH EAX
00490848 6A 04 PUSH 4
0049084A FF15 34104000 CALL DWORD PTR DS:[401034] ; MSVBVM60.__vbaFreeVarList
00490850 83C4 14 ADD ESP,14
00490853 C745 FC 2300000>MOV DWORD PTR SS:[EBP-4],23
0049085A 8D8D 1CFCFFFF LEA ECX,DWORD PTR SS:[EBP-3E4]
00490860 51 PUSH ECX
00490861 8D95 2CFCFFFF LEA EDX,DWORD PTR SS:[EBP-3D4]
00490867 52 PUSH EDX
00490868 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30]
0049086B 50 PUSH EAX
0049086C FF15 64124000 CALL DWORD PTR DS:[401264] ; MSVBVM60.__vbaVarForNext
00490872 8985 E8FBFFFF MOV DWORD PTR SS:[EBP-418],EAX
00490878 83BD E8FBFFFF 0>CMP DWORD PTR SS:[EBP-418],0
0049087F ^ 0F85 CCFEFFFF JNZ yutingca.00490751 ; // 循环 5 次
00490885 C745 FC 2400000>MOV DWORD PTR SS:[EBP-4],24
0049088C 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
0049088F 8B11 MOV EDX,DWORD PTR DS:[ECX]
00490891 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00490894 50 PUSH EAX
00490895 FF92 04030000 CALL DWORD PTR DS:[EDX+304]
0049089B 50 PUSH EAX
0049089C 8D8D 50FFFFFF LEA ECX,DWORD PTR SS:[EBP-B0]
004908A2 51 PUSH ECX
004908A3 FF15 94104000 CALL DWORD PTR DS:[401094] ; MSVBVM60.__vbaObjSet
004908A9 8985 00FDFFFF MOV DWORD PTR SS:[EBP-300],EAX
004908AF 8D95 64FFFFFF LEA EDX,DWORD PTR SS:[EBP-9C]
004908B5 52 PUSH EDX
004908B6 8B85 00FDFFFF MOV EAX,DWORD PTR SS:[EBP-300]
004908BC 8B08 MOV ECX,DWORD PTR DS:[EAX]
004908BE 8B95 00FDFFFF MOV EDX,DWORD PTR SS:[EBP-300]
004908C4 52 PUSH EDX
004908C5 FF91 A0000000 CALL DWORD PTR DS:[ECX+A0] ; // get RegName ==> [EBP-9C]
004908CB DBE2 FCLEX
004908CD 8985 FCFCFFFF MOV DWORD PTR SS:[EBP-304],EAX
004908D3 83BD FCFCFFFF 0>CMP DWORD PTR SS:[EBP-304],0
004908DA 7D 26 JGE SHORT yutingca.00490902
004908DC 68 A0000000 PUSH 0A0
004908E1 68 3C4D4100 PUSH yutingca.00414D3C
004908E6 8B85 00FDFFFF MOV EAX,DWORD PTR SS:[EBP-300]
004908EC 50 PUSH EAX
004908ED 8B8D FCFCFFFF MOV ECX,DWORD PTR SS:[EBP-304]
004908F3 51 PUSH ECX
004908F4 FF15 68104000 CALL DWORD PTR DS:[401068] ; MSVBVM60.__vbaHresultCheckObj
004908FA 8985 C0FBFFFF MOV DWORD PTR SS:[EBP-440],EAX
00490900 EB 0A JMP SHORT yutingca.0049090C
00490902 C785 C0FBFFFF 0>MOV DWORD PTR SS:[EBP-440],0
0049090C 8B95 64FFFFFF MOV EDX,DWORD PTR SS:[EBP-9C]
00490912 8995 E4FBFFFF MOV DWORD PTR SS:[EBP-41C],EDX
00490918 C785 64FFFFFF 0>MOV DWORD PTR SS:[EBP-9C],0
00490922 8B85 E4FBFFFF MOV EAX,DWORD PTR SS:[EBP-41C]
00490928 8985 40FFFFFF MOV DWORD PTR SS:[EBP-C0],EAX
0049092E C785 38FFFFFF 0>MOV DWORD PTR SS:[EBP-C8],8
00490938 8D8D 38FFFFFF LEA ECX,DWORD PTR SS:[EBP-C8]
0049093E 51 PUSH ECX
0049093F 8D95 28FFFFFF LEA EDX,DWORD PTR SS:[EBP-D8] ; // [EBP-8C]= UpperCaseVar(RegName)
00490945 52 PUSH EDX
00490946 FF15 EC104000 CALL DWORD PTR DS:[4010EC] ; MSVBVM60.rtcUpperCaseVar
0049094C 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0049094F 8B08 MOV ECX,DWORD PTR DS:[EAX]
00490951 8B55 08 MOV EDX,DWORD PTR SS:[EBP+8]
00490954 52 PUSH EDX
00490955 FF91 04030000 CALL DWORD PTR DS:[ECX+304]
0049095B 50 PUSH EAX
0049095C 8D85 4CFFFFFF LEA EAX,DWORD PTR SS:[EBP-B4]
00490962 50 PUSH EAX
00490963 FF15 94104000 CALL DWORD PTR DS:[401094] ; MSVBVM60.__vbaObjSet
00490969 8985 F8FCFFFF MOV DWORD PTR SS:[EBP-308],EAX
0049096F 8D8D 60FFFFFF LEA ECX,DWORD PTR SS:[EBP-A0]
00490975 51 PUSH ECX
00490976 8B95 F8FCFFFF MOV EDX,DWORD PTR SS:[EBP-308]
0049097C 8B02 MOV EAX,DWORD PTR DS:[EDX]
0049097E 8B8D F8FCFFFF MOV ECX,DWORD PTR SS:[EBP-308]
00490984 51 PUSH ECX
00490985 FF90 A0000000 CALL DWORD PTR DS:[EAX+A0]
0049098B DBE2 FCLEX
0049098D 8985 F4FCFFFF MOV DWORD PTR SS:[EBP-30C],EAX
00490993 83BD F4FCFFFF 0>CMP DWORD PTR SS:[EBP-30C],0
0049099A 7D 26 JGE SHORT yutingca.004909C2
0049099C 68 A0000000 PUSH 0A0
004909A1 68 3C4D4100 PUSH yutingca.00414D3C
004909A6 8B95 F8FCFFFF MOV EDX,DWORD PTR SS:[EBP-308]
004909AC 52 PUSH EDX
004909AD 8B85 F4FCFFFF MOV EAX,DWORD PTR SS:[EBP-30C]
004909B3 50 PUSH EAX
004909B4 FF15 68104000 CALL DWORD PTR DS:[401068] ; MSVBVM60.__vbaHresultCheckObj
004909BA 8985 BCFBFFFF MOV DWORD PTR SS:[EBP-444],EAX
004909C0 EB 0A JMP SHORT yutingca.004909CC
004909C2 C785 BCFBFFFF 0>MOV DWORD PTR SS:[EBP-444],0
004909CC 8B8D 60FFFFFF MOV ECX,DWORD PTR SS:[EBP-A0] ; // RegName
004909D2 898D E0FBFFFF MOV DWORD PTR SS:[EBP-420],ECX
004909D8 C785 60FFFFFF 0>MOV DWORD PTR SS:[EBP-A0],0
004909E2 8B95 E0FBFFFF MOV EDX,DWORD PTR SS:[EBP-420]
004909E8 8995 00FFFFFF MOV DWORD PTR SS:[EBP-100],EDX
004909EE C785 F8FEFFFF 0>MOV DWORD PTR SS:[EBP-108],8
004909F8 8D85 F8FEFFFF LEA EAX,DWORD PTR SS:[EBP-108]
004909FE 50 PUSH EAX
004909FF 8D8D E8FEFFFF LEA ECX,DWORD PTR SS:[EBP-118]
00490A05 51 PUSH ECX
00490A06 FF15 EC104000 CALL DWORD PTR DS:[4010EC] ; MSVBVM60.rtcUpperCaseVar
00490A0C 6A 04 PUSH 4 ; // len=4
00490A0E 8D95 28FFFFFF LEA EDX,DWORD PTR SS:[EBP-D8]
00490A14 52 PUSH EDX
00490A15 8D85 18FFFFFF LEA EAX,DWORD PTR SS:[EBP-E8] ; [EBP-E8] = LeftCharVar(RegName, 4)
00490A1B 50 PUSH EAX
00490A1C FF15 1C124000 CALL DWORD PTR DS:[40121C] ; MSVBVM60.rtcLeftCharVar // 取 RegName 的左 4 Char
00490A22 C785 A0FDFFFF 3>MOV DWORD PTR SS:[EBP-260],yutingca.00416638 ; UNICODE "SOFT"
00490A2C C785 98FDFFFF 0>MOV DWORD PTR SS:[EBP-268],8008
00490A36 C785 E0FEFFFF 0>MOV DWORD PTR SS:[EBP-120],1 ; // len=1
00490A40 C785 D8FEFFFF 0>MOV DWORD PTR SS:[EBP-128],2
00490A4A 8D8D D8FEFFFF LEA ECX,DWORD PTR SS:[EBP-128]
00490A50 51 PUSH ECX
00490A51 6A 05 PUSH 5 ; // index=5
00490A53 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
00490A59 52 PUSH EDX
00490A5A 8D85 C8FEFFFF LEA EAX,DWORD PTR SS:[EBP-138] ; // [EBP-138]=MidChar(RegName, 5, 1)
00490A60 50 PUSH EAX
00490A61 FF15 D8104000 CALL DWORD PTR DS:[4010D8] ; MSVBVM60.rtcMidCharVar // RegName 的第 5 个 Char
00490A67 C785 80FDFFFF 4>MOV DWORD PTR SS:[EBP-280],yutingca.00416648 ; // UNICODE "R"
00490A71 C785 78FDFFFF 0>MOV DWORD PTR SS:[EBP-288],8008 ; // vbString
00490A7B 8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40] ; // RegCode_1_2_3
00490A7E 51 PUSH ECX
00490A7F 8D95 98FEFFFF LEA EDX,DWORD PTR SS:[EBP-168]
00490A85 52 PUSH EDX
00490A86 FF15 EC104000 CALL DWORD PTR DS:[4010EC] ; MSVBVM60.rtcUpperCaseVar
00490A8C 8B85 68FFFFFF MOV EAX,DWORD PTR SS:[EBP-98] ; // RegResult
00490A92 8985 70FDFFFF MOV DWORD PTR SS:[EBP-290],EAX
00490A98 C785 68FDFFFF 0>MOV DWORD PTR SS:[EBP-298],8008
00490AA2 8D8D 18FFFFFF LEA ECX,DWORD PTR SS:[EBP-E8]
00490AA8 51 PUSH ECX
00490AA9 8D95 98FDFFFF LEA EDX,DWORD PTR SS:[EBP-268]
00490AAF 52 PUSH EDX
00490AB0 8D85 08FFFFFF LEA EAX,DWORD PTR SS:[EBP-F8] ; // vbBool b1 = (LeftCharVar(RegName,4) != "SOFT")
00490AB6 50 PUSH EAX
00490AB7 FF15 50104000 CALL DWORD PTR DS:[401050] ; MSVBVM60.__vbaVarCmpNe
00490ABD 50 PUSH EAX
00490ABE 8D8D C8FEFFFF LEA ECX,DWORD PTR SS:[EBP-138] ; // MidChar(Regname,5,1)
00490AC4 51 PUSH ECX
00490AC5 8D95 78FDFFFF LEA EDX,DWORD PTR SS:[EBP-288] ; // "R"
00490ACB 52 PUSH EDX
00490ACC 8D85 B8FEFFFF LEA EAX,DWORD PTR SS:[EBP-148] ; // vbBool b2 = (MidChar(Regname,5,1) != "R")
00490AD2 50 PUSH EAX
00490AD3 FF15 50104000 CALL DWORD PTR DS:[401050] ; MSVBVM60.__vbaVarCmpNe
00490AD9 50 PUSH EAX
00490ADA 8D8D A8FEFFFF LEA ECX,DWORD PTR SS:[EBP-158] ; vbBool b3 = b1 or b2
00490AE0 51 PUSH ECX
00490AE1 FF15 10114000 CALL DWORD PTR DS:[401110] ; MSVBVM60.__vbaVarOr
00490AE7 50 PUSH EAX ; // b3
00490AE8 8D95 98FEFFFF LEA EDX,DWORD PTR SS:[EBP-168] ; // RegCode_1_2_3
00490AEE 52 PUSH EDX
00490AEF 8D85 68FDFFFF LEA EAX,DWORD PTR SS:[EBP-298] ; // RegResult
00490AF5 50 PUSH EAX
00490AF6 8D8D 88FEFFFF LEA ECX,DWORD PTR SS:[EBP-178] ; vbBool b4 = (RegCode_1_2_3 == RegResult)
00490AFC 51 PUSH ECX
00490AFD FF15 E8114000 CALL DWORD PTR DS:[4011E8] ; MSVBVM60.__vbaVarCmpEq
00490B03 50 PUSH EAX
00490B04 8D95 78FEFFFF LEA EDX,DWORD PTR SS:[EBP-188] ; vbBool b5 = (b3 and b4)
00490B0A 52 PUSH EDX
00490B0B FF15 3C114000 CALL DWORD PTR DS:[40113C] ; MSVBVM60.__vbaVarAnd
00490B11 50 PUSH EAX
00490B12 FF15 C8104000 CALL DWORD PTR DS:[4010C8] ; MSVBVM60.__vbaBoolVarNull
00490B18 66:8985 F0FCFFF>MOV WORD PTR SS:[EBP-310],AX ; // BoolVarNull(b5) ==> [EBP-310]
00490B1F 8D85 4CFFFFFF LEA EAX,DWORD PTR SS:[EBP-B4]
00490B25 50 PUSH EAX
00490B26 8D8D 50FFFFFF LEA ECX,DWORD PTR SS:[EBP-B0]
00490B2C 51 PUSH ECX
00490B2D 6A 02 PUSH 2
00490B2F FF15 40104000 CALL DWORD PTR DS:[401040] ; MSVBVM60.__vbaFreeObjList
00490B35 83C4 0C ADD ESP,0C
00490B38 8D95 98FEFFFF LEA EDX,DWORD PTR SS:[EBP-168]
00490B3E 52 PUSH EDX
00490B3F 8D85 C8FEFFFF LEA EAX,DWORD PTR SS:[EBP-138]
00490B45 50 PUSH EAX
00490B46 8D8D D8FEFFFF LEA ECX,DWORD PTR SS:[EBP-128]
00490B4C 51 PUSH ECX
00490B4D 8D95 E8FEFFFF LEA EDX,DWORD PTR SS:[EBP-118]
00490B53 52 PUSH EDX
00490B54 8D85 F8FEFFFF LEA EAX,DWORD PTR SS:[EBP-108]
00490B5A 50 PUSH EAX
00490B5B 8D8D 18FFFFFF LEA ECX,DWORD PTR SS:[EBP-E8]
00490B61 51 PUSH ECX
00490B62 8D95 28FFFFFF LEA EDX,DWORD PTR SS:[EBP-D8]
00490B68 52 PUSH EDX
00490B69 8D85 38FFFFFF LEA EAX,DWORD PTR SS:[EBP-C8]
00490B6F 50 PUSH EAX
00490B70 6A 08 PUSH 8
00490B72 FF15 34104000 CALL DWORD PTR DS:[401034] ; MSVBVM60.__vbaFreeVarList
00490B78 83C4 24 ADD ESP,24
00490B7B 0FBF8D F0FCFFFF MOVSX ECX,WORD PTR SS:[EBP-310] ; // [EBP0310]
00490B82 85C9 TEST ECX,ECX
00490B84 74 10 JE SHORT yutingca.00490B96 ; // 必须跳 !!!!
00490B86 C745 FC 2500000>MOV DWORD PTR SS:[EBP-4],25
00490B8D 66:C785 70FFFFF>MOV WORD PTR SS:[EBP-90],0FFFF ; // :-(
00490B96 C745 FC 2700000>MOV DWORD PTR SS:[EBP-4],27
00490B9D 66:83BD 70FFFFF>CMP WORD PTR SS:[EBP-90],0FFFF
00490BA5 0F85 B9000000 JNZ yutingca.00490C64 ; // 跳 !!!
00490BAB C745 FC 2800000>MOV DWORD PTR SS:[EBP-4],28
00490BB2 C785 10FFFFFF 0>MOV DWORD PTR SS:[EBP-F0],80020004
00490BBC C785 08FFFFFF 0>MOV DWORD PTR SS:[EBP-F8],0A
00490BC6 C785 20FFFFFF 0>MOV DWORD PTR SS:[EBP-E0],80020004
00490BD0 C785 18FFFFFF 0>MOV DWORD PTR SS:[EBP-E8],0A
00490BDA C785 30FFFFFF 0>MOV DWORD PTR SS:[EBP-D0],80020004
00490BE4 C785 28FFFFFF 0>MOV DWORD PTR SS:[EBP-D8],0A
00490BEE C785 A0FDFFFF 7>MOV DWORD PTR SS:[EBP-260],yutingca.00417C78
00490BF8 C785 98FDFFFF 0>MOV DWORD PTR SS:[EBP-268],8
00490C02 8D95 98FDFFFF LEA EDX,DWORD PTR SS:[EBP-268]
00490C08 8D8D 38FFFFFF LEA ECX,DWORD PTR SS:[EBP-C8]
00490C0E FF15 F8114000 CALL DWORD PTR DS:[4011F8] ; MSVBVM60.__vbaVarDup
00490C14 8D95 08FFFFFF LEA EDX,DWORD PTR SS:[EBP-F8]
00490C1A 52 PUSH EDX
00490C1B 8D85 18FFFFFF LEA EAX,DWORD PTR SS:[EBP-E8]
00490C21 50 PUSH EAX
00490C22 8D8D 28FFFFFF LEA ECX,DWORD PTR SS:[EBP-D8]
00490C28 51 PUSH ECX
00490C29 6A 10 PUSH 10
00490C2B 8D95 38FFFFFF LEA EDX,DWORD PTR SS:[EBP-C8]
00490C31 52 PUSH EDX ;
00490C32 FF15 90104000 CALL DWORD PTR DS:[401090] ; MSVBVM60.rtcMsgBox
00490C38 8D85 08FFFFFF LEA EAX,DWORD PTR SS:[EBP-F8]
00490C3E 50 PUSH EAX
00490C3F 8D8D 18FFFFFF LEA ECX,DWORD PTR SS:[EBP-E8]
00490C45 51 PUSH ECX
00490C46 8D95 28FFFFFF LEA EDX,DWORD PTR SS:[EBP-D8]
00490C4C 52 PUSH EDX
00490C4D 8D85 38FFFFFF LEA EAX,DWORD PTR SS:[EBP-C8]
00490C53 50 PUSH EAX
00490C54 6A 04 PUSH 4
00490C56 FF15 34104000 CALL DWORD PTR DS:[401034] ; MSVBVM60.__vbaFreeVarList
00490C5C 83C4 14 ADD ESP,14
00490C5F E9 690C0000 JMP yutingca.004918CD
00490C64 C745 FC 2B00000>MOV DWORD PTR SS:[EBP-4],2B
00490C6B 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00490C6E 8B11 MOV EDX,DWORD PTR DS:[ECX]
00490C70 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00490C73 50 PUSH EAX
00490C74 FF92 10030000 CALL DWORD PTR DS:[EDX+310]
00490C7A 50 PUSH EAX
00490C7B 8D8D 50FFFFFF LEA ECX,DWORD PTR SS:[EBP-B0]
00490C81 51 PUSH ECX
00490C82 FF15 94104000 CALL DWORD PTR DS:[401094] ; MSVBVM60.__vbaObjSet
00490C88 8985 00FDFFFF MOV DWORD PTR SS:[EBP-300],EAX
00490C8E 8D95 64FFFFFF LEA EDX,DWORD PTR SS:[EBP-9C]
00490C94 52 PUSH EDX
00490C95 8B85 00FDFFFF MOV EAX,DWORD PTR SS:[EBP-300]
00490C9B 8B08 MOV ECX,DWORD PTR DS:[EAX]
00490C9D 8B95 00FDFFFF MOV EDX,DWORD PTR SS:[EBP-300]
00490CA3 52 PUSH EDX
00490CA4 FF91 A0000000 CALL DWORD PTR DS:[ECX+A0] ; // get RegCode3 ==> [EBP-9C]
00490CAA DBE2 FCLEX
00490CAC 8985 FCFCFFFF MOV DWORD PTR SS:[EBP-304],EAX
00490CB2 83BD FCFCFFFF 0>CMP DWORD PTR SS:[EBP-304],0
00490CB9 7D 26 JGE SHORT yutingca.00490CE1
00490CBB 68 A0000000 PUSH 0A0
00490CC0 68 3C4D4100 PUSH yutingca.00414D3C
00490CC5 8B85 00FDFFFF MOV EAX,DWORD PTR SS:[EBP-300]
00490CCB 50 PUSH EAX
00490CCC 8B8D FCFCFFFF MOV ECX,DWORD PTR SS:[EBP-304]
00490CD2 51 PUSH ECX
00490CD3 FF15 68104000 CALL DWORD PTR DS:[401068] ; MSVBVM60.__vbaHresultCheckObj
00490CD9 8985 B8FBFFFF MOV DWORD PTR SS:[EBP-448],EAX
00490CDF EB 0A JMP SHORT yutingca.00490CEB
00490CE1 C785 B8FBFFFF 0>MOV DWORD PTR SS:[EBP-448],0
00490CEB 8D55 C0 LEA EDX,DWORD PTR SS:[EBP-40] ; // RegCode_1_2_3
00490CEE 52 PUSH EDX
00490CEF 8D85 38FFFFFF LEA EAX,DWORD PTR SS:[EBP-C8]
00490CF5 50 PUSH EAX
00490CF6 FF15 EC104000 CALL DWORD PTR DS:[4010EC] ; MSVBVM60.rtcUpperCaseVar
00490CFC 8B8D 68FFFFFF MOV ECX,DWORD PTR SS:[EBP-98] ; // RegResult
00490D02 898D A0FDFFFF MOV DWORD PTR SS:[EBP-260],ECX
00490D08 C785 98FDFFFF 0>MOV DWORD PTR SS:[EBP-268],8008
00490D12 8B95 64FFFFFF MOV EDX,DWORD PTR SS:[EBP-9C]
00490D18 8995 DCFBFFFF MOV DWORD PTR SS:[EBP-424],EDX
00490D1E C785 64FFFFFF 0>MOV DWORD PTR SS:[EBP-9C],0
00490D28 8B85 DCFBFFFF MOV EAX,DWORD PTR SS:[EBP-424]
00490D2E 8985 20FFFFFF MOV DWORD PTR SS:[EBP-E0],EAX
00490D34 C785 18FFFFFF 0>MOV DWORD PTR SS:[EBP-E8],8
00490D3E 6A 06 PUSH 6 ; // len=6
00490D40 8D8D 18FFFFFF LEA ECX,DWORD PTR SS:[EBP-E8]
00490D46 51 PUSH ECX
00490D47 8D95 08FFFFFF LEA EDX,DWORD PTR SS:[EBP-F8]
00490D4D 52 PUSH EDX
00490D4E FF15 30124000 CALL DWORD PTR DS:[401230] ; MSVBVM60.rtcRightCharVar
00490D54 8D85 08FFFFFF LEA EAX,DWORD PTR SS:[EBP-F8] ; // RightCharVar(RegCode3,6)
00490D5A 50 PUSH EAX
00490D5B 8D8D F8FEFFFF LEA ECX,DWORD PTR SS:[EBP-108]
00490D61 51 PUSH ECX
00490D62 FF15 EC104000 CALL DWORD PTR DS:[4010EC] ; MSVBVM60.rtcUpperCaseVar
00490D68 C785 90FDFFFF 4>MOV DWORD PTR SS:[EBP-270],yutingca.00416348 ; UNICODE "YTSCAL"
00490D72 C785 88FDFFFF 0>MOV DWORD PTR SS:[EBP-278],8008
00490D7C 8D95 38FFFFFF LEA EDX,DWORD PTR SS:[EBP-C8] ; // RegCode_1_2_3
00490D82 52 PUSH EDX
00490D83 8D85 98FDFFFF LEA EAX,DWORD PTR SS:[EBP-268] ; // RegResult
00490D89 50 PUSH EAX
00490D8A 8D8D 28FFFFFF LEA ECX,DWORD PTR SS:[EBP-D8] ; // b1 = RegCode_1_2_3 == RegResult
00490D90 51 PUSH ECX
00490D91 FF15 E8114000 CALL DWORD PTR DS:[4011E8] ; MSVBVM60.__vbaVarCmpEq
00490D97 50 PUSH EAX
00490D98 8D95 F8FEFFFF LEA EDX,DWORD PTR SS:[EBP-108] ; // RightCharVar(RegCode,6)
00490D9E 52 PUSH EDX
00490D9F 8D85 88FDFFFF LEA EAX,DWORD PTR SS:[EBP-278] ; // "YTSCAL"
00490DA5 50 PUSH EAX
00490DA6 8D8D E8FEFFFF LEA ECX,DWORD PTR SS:[EBP-118] ; // b2 = (RightCharVar(RegCode,6) == "YTSCAL")
00490DAC 51 PUSH ECX
00490DAD FF15 E8114000 CALL DWORD PTR DS:[4011E8] ; MSVBVM60.__vbaVarCmpEq
00490DB3 50 PUSH EAX
00490DB4 8D95 D8FEFFFF LEA EDX,DWORD PTR SS:[EBP-128] ; b3 = b1 and b2
00490DBA 52 PUSH EDX
00490DBB FF15 3C114000 CALL DWORD PTR DS:[40113C] ; MSVBVM60.__vbaVarAnd
00490DC1 50 PUSH EAX
00490DC2 FF15 C8104000 CALL DWORD PTR DS:[4010C8] ; MSVBVM60.__vbaBoolVarNull
00490DC8 66:8985 F8FCFFF>MOV WORD PTR SS:[EBP-308],AX ; [EBP-308] = vbaBoolVarNull(b3)
00490DCF 8D8D 50FFFFFF LEA ECX,DWORD PTR SS:[EBP-B0]
00490DD5 FF15 70124000 CALL DWORD PTR DS:[401270] ; MSVBVM60.__vbaFreeObj
00490DDB 8D85 F8FEFFFF LEA EAX,DWORD PTR SS:[EBP-108]
00490DE1 50 PUSH EAX
00490DE2 8D8D 08FFFFFF LEA ECX,DWORD PTR SS:[EBP-F8]
00490DE8 51 PUSH ECX
00490DE9 8D95 18FFFFFF LEA EDX,DWORD PTR SS:[EBP-E8]
00490DEF 52 PUSH EDX
00490DF0 8D85 38FFFFFF LEA EAX,DWORD PTR SS:[EBP-C8]
00490DF6 50 PUSH EAX
00490DF7 6A 04 PUSH 4
00490DF9 FF15 34104000 CALL DWORD PTR DS:[401034] ; MSVBVM60.__vbaFreeVarList
00490DFF 83C4 14 ADD ESP,14
00490E02 0FBF8D F8FCFFFF MOVSX ECX,WORD PTR SS:[EBP-308]
00490E09 85C9 TEST ECX,ECX ; [EBP-308]==0?
00490E0B 0F84 080A0000 JE yutingca.00491819 ; // 不能跳!!!
00490E11 C745 FC 2C00000>MOV DWORD PTR SS:[EBP-4],2C ; // 到这儿就对了 !!!
00490E18 C785 10FFFFFF 0>MOV DWORD PTR SS:[EBP-F0],80020004
00490E22 C785 08FFFFFF 0>MOV DWORD PTR SS:[EBP-F8],0A
00490E2C C785 20FFFFFF 0>MOV DWORD PTR SS:[EBP-E0],80020004
00490E36 C785 18FFFFFF 0>MOV DWORD PTR SS:[EBP-E8],0A
00490E40 C785 30FFFFFF 0>MOV DWORD PTR SS:[EBP-D0],80020004
00490E4A C785 28FFFFFF 0>MOV DWORD PTR SS:[EBP-D8],0A
00490E54 C785 A0FDFFFF 9>MOV DWORD PTR SS:[EBP-260],yutingca.00417C98
00490E5E C785 98FDFFFF 0>MOV DWORD PTR SS:[EBP-268],8
00490E68 8D95 98FDFFFF LEA EDX,DWORD PTR SS:[EBP-268]
00490E6E 8D8D 38FFFFFF LEA ECX,DWORD PTR SS:[EBP-C8]
00490E74 FF15 F8114000 CALL DWORD PTR DS:[4011F8] ; MSVBVM60.__vbaVarDup
00490E7A 8D95 08FFFFFF LEA EDX,DWORD PTR SS:[EBP-F8]
00490E80 52 PUSH EDX
00490E81 8D85 18FFFFFF LEA EAX,DWORD PTR SS:[EBP-E8]
00490E87 50 PUSH EAX
00490E88 8D8D 28FFFFFF LEA ECX,DWORD PTR SS:[EBP-D8]
00490E8E 51 PUSH ECX
00490E8F 6A 40 PUSH 40
00490E91 8D95 38FFFFFF LEA EDX,DWORD PTR SS:[EBP-C8]
00490E97 52 PUSH EDX ; // 对话框: 谢谢...
00490E98 FF15 90104000 CALL DWORD PTR DS:[401090] ; MSVBVM60.rtcMsgBox
00490E9E 8D85 08FFFFFF LEA EAX,DWORD PTR SS:[EBP-F8]
00490EA4 50 PUSH EAX
00490EA5 8D8D 18FFFFFF LEA ECX,DWORD PTR SS:[EBP-E8]
00490EAB 51 PUSH ECX
00490EAC 8D95 28FFFFFF LEA EDX,DWORD PTR SS:[EBP-D8]
00490EB2 52 PUSH EDX
00490EB3 8D85 38FFFFFF LEA EAX,DWORD PTR SS:[EBP-C8]
00490EB9 50 PUSH EAX
注册算法总结:
1. RegName, 最多10位,
2. RegCode, 共3段, 每段7位,
3. RegName 如果长度 < 10, 则一直补"j", 直到10位,
4. Data1 = 1.0
5. Data1 与 RegName的每一位的ASCII码相乘, 再除21, 总共乘除10次
6. Data1 加0.43, 再除以3, 再乘以4
6. Data1取整, 变成String strNum
7. 若strNum的长度>10, 则取左10位, 若<10, 则右边补"2", 总之, 要变成10位
8. 把 strNum 按 5,7,6,3,2,1,4,10,8,9 的顺序重新构成strNum1
9. 从strNum1的第5位取起, 共5次, 得注册码的1-5位, 变换关系: "0"->"9" ==> "C"->"L"
10. 取strNum1的1-5位, 得注册码的6-10位
11. 取strNum1的1-5位, 得注册码的11-15位, 变换关系: "0"->"9" ==> "I"->"R"
12. 注册码的最后6位必须是YTSCAL
13. RegName的前5位大写后必须是"SOFTR"
破解总结
1, VB的东西在汇编级来看, 很不直观, 幸好可参考 RoBa 的 "VB中数据的存储格式和寻址方式",
省了不少的事, 在这先表示感谢.
2, VB的效率真差, 这么一点CODE, 用C写, 再编译,应该没多少, 用VB编译的结果则 6 ~ 7 K
3, 在OLLYDBG 中 F8 单步的时候, 注意看堆盏窗口及CPU的信息窗口, 浮点寄存器
4, VB的CODE, 堆盏用的巨多, 可在堆盏窗口右点 ==> "Lock stack" 锁住堆盏窗口的自动滚动显示,
F8单步的时候, 可把堆盏PgUp/PgDown到适当的位置, 这样F8步过一些VB的FUNCTION, 可看到VB的FUNCTION
都干了些什么.
=============
注册机
#include <stdio.h>
#include <string.h>
#include <math.h>
const char NameTail='j';
const char Ch1='C';
const char Ch2='I';
const char NumTail='2';
const char *RegTail="YTSCAL";
void main(void)
{
char name[100];
char Reg[100], Regx[10];
double d1,d2,d3,d4;
int i,index,len;
long num;
char num_str0[100];
char num_str1[100];
int seq[10] = {5,7,6,3,2,1,4,10,8,9};
again:
printf("input name:");
gets(name);
if (strnicmp(name, "SOFTR", 5))
{
printf("name should begine with SOFTR\n");
goto again;
}
len = strlen(name);
for(i=len;i<10;i++)
{
name[i]=NameTail;
}
name[10] = '\0';
d1 = 1.0;
d3 = (double)21;
for(i=0;i<10;i++)
{
d2 = name[i];
d1 = d1 * d2;
d1 = d1 / d3;
}
d4 = 0.43;
d1 = (d1+d4)/3.0 * 4.0;
num = (long)d1;
sprintf(num_str0, "%ld", num);
len = strlen(num_str0);
for(i=len;i<10;i++)
{
num_str0[i] = NumTail;
}
num_str0[10] = '\0';
for(i=0;i<10;i++)
{
num_str1[i] = num_str0[seq[i]-1];
}
num_str1[10] = '\0';
memset(Reg, 0, sizeof(Reg));
index = 5-1;
for(i=0; i<5; i++,index++)
{
Reg[i] = Ch1 + (num_str1[index]-'0');
}
index = 0;
for(i=5;i<10;i++,index++)
{
Reg[i] = num_str1[index];
}
index = 0;
for(i=10;i<15;i++,index++)
{
Reg[i] = Ch2 + (num_str1[index]-'0');
}
strcat(Reg, RegTail);
printf("UserName:%s\n", name);
for(i=0;i<3;i++)
{
memset(Regx, 0, sizeof(Regx));
memcpy(Regx, Reg+7*i, 7);
printf("Reg%d:%s\n",i+1,Regx);
}
printf("Done\n");
}
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课