-
-
[旧帖] [求助]一个VB加壳软件的和谐问题 0.00雪花
-
发表于: 2013-11-6 19:53
-
PEID查壳显示在帖子后面,这是软件的地址:5bfK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3q4%4K9U0W2^5k6s2c8W2y4$3I4Q4x3X3g2D9x3U0W2Q4x3X3g2&6N6h3&6H3j5h3&6Q4x3X3g2U0L8W2)9J5c8X3I4C8i4K6u0r3f1e0W2U0h3Y4R3K6d9@1I4y4f1$3g2p5M7#2!0q4c8W2!0n7b7#2)9^5b7#2!0q4y4W2)9&6z5q4!0m8c8V1g2j5c8g2!0q4y4W2!0m8x3q4!0n7b7#2!0q4y4g2!0n7b7#2)9^5c8W2!0q4c8W2!0n7b7#2)9^5b7#2!0q4y4g2)9^5z5q4)9&6b7g2!0q4z5q4!0m8x3#2)9^5y4g2!0q4y4g2!0m8c8g2)9^5b7#2!0q4y4W2)9&6b7#2)9^5z5g2!0q4z5q4!0m8c8W2)9&6y4g2!0q4y4#2)9&6y4q4!0m8z5q4!0q4y4W2)9&6y4#2!0n7y4W2!0q4z5g2)9&6y4#2!0n7y4q4!0q4x3#2)9^5x3q4)9^5x3R3`.`.
载入OD后查找不到有用的字符,采用先运行程序,在附加到OD方法,然后查找字符串,找到了注册提示字符,下面是这个区的代码,有一个JE可以跳过,改为JNZ后能显示注册 Thank you for registration!的提示,但单步走到0049602A E8 D19FB901 call 02030000这句OD就停住了,过不了。我就用樱花补丁修改这里,发现 可以显示注册,但点确定软件自动关闭,重新打开又是提示注册。求解决方法,谢谢
00495E30 55 push ebp
00495E31 8BEC mov ebp,esp
00495E33 83EC 0C sub esp,0xC
00495E36 68 962A4000 push BOMTool.00402A96 ; jmp 到 msvbvm60.__vbaExceptHandler
00495E3B 64:A1 00000000 mov eax,dword ptr fs:[0]
00495E41 50 push eax
00495E42 64:8925 0000000>mov dword ptr fs:[0],esp
00495E49 81EC C8000000 sub esp,0xC8
00495E4F 53 push ebx
00495E50 56 push esi
00495E51 57 push edi
00495E52 8965 F4 mov dword ptr ss:[ebp-0xC],esp
00495E55 C745 F8 E828400>mov dword ptr ss:[ebp-0x8],BOMTool.004028E8
00495E5C 8B75 08 mov esi,dword ptr ss:[ebp+0x8]
00495E5F 8BC6 mov eax,esi
00495E61 83E0 01 and eax,0x1
00495E64 8945 FC mov dword ptr ss:[ebp-0x4],eax
00495E67 83E6 FE and esi,0xFFFFFFFE
00495E6A 56 push esi
00495E6B 8975 08 mov dword ptr ss:[ebp+0x8],esi
00495E6E 8B0E mov ecx,dword ptr ds:[esi]
00495E70 FF51 04 call dword ptr ds:[ecx+0x4]
00495E73 8B16 mov edx,dword ptr ds:[esi]
00495E75 33FF xor edi,edi
00495E77 56 push esi
00495E78 897D E8 mov dword ptr ss:[ebp-0x18],edi
00495E7B 897D E4 mov dword ptr ss:[ebp-0x1C],edi
00495E7E 897D E0 mov dword ptr ss:[ebp-0x20],edi
00495E81 897D DC mov dword ptr ss:[ebp-0x24],edi
00495E84 897D D8 mov dword ptr ss:[ebp-0x28],edi
00495E87 897D D4 mov dword ptr ss:[ebp-0x2C],edi
00495E8A 897D D0 mov dword ptr ss:[ebp-0x30],edi
00495E8D 897D CC mov dword ptr ss:[ebp-0x34],edi
00495E90 897D BC mov dword ptr ss:[ebp-0x44],edi
00495E93 897D AC mov dword ptr ss:[ebp-0x54],edi
00495E96 897D 9C mov dword ptr ss:[ebp-0x64],edi
00495E99 897D 8C mov dword ptr ss:[ebp-0x74],edi
00495E9C 89BD 7CFFFFFF mov dword ptr ss:[ebp-0x84],edi
00495EA2 89BD 6CFFFFFF mov dword ptr ss:[ebp-0x94],edi
00495EA8 FF92 08030000 call dword ptr ds:[edx+0x308]
00495EAE 50 push eax
00495EAF 8D45 D0 lea eax,dword ptr ss:[ebp-0x30]
00495EB2 50 push eax
00495EB3 FF15 A0104000 call dword ptr ds:[0x4010A0] ; msvbvm60.__vbaObjSet
00495EB9 8BD8 mov ebx,eax
00495EBB 8D55 E8 lea edx,dword ptr ss:[ebp-0x18]
00495EBE 52 push edx
00495EBF 53 push ebx
00495EC0 8B0B mov ecx,dword ptr ds:[ebx]
00495EC2 FF91 A0000000 call dword ptr ds:[ecx+0xA0]
00495EC8 3BC7 cmp eax,edi
00495ECA DBE2 fclex
00495ECC 7D 12 jge XBOMTool.00495EE0
00495ECE 68 A0000000 push 0xA0
00495ED3 68 5C244200 push BOMTool.0042245C
00495ED8 53 push ebx
00495ED9 50 push eax
00495EDA E8 21A1B901 call 02030000
00495EDF B7 8B mov bh,0x8B
00495EE1 45 inc ebp
00495EE2 E8 8D4DAC89 call 89F5AC74
00495EE7 45 inc ebp
00495EE8 C48D 45BC5051 les ecx,fword ptr ss:[ebp+0x5150BC45]
00495EEE 897D E8 mov dword ptr ss:[ebp-0x18],edi
00495EF1 C745 BC 0800000>mov dword ptr ss:[ebp-0x44],0x8
00495EF8 FF15 B8104000 call dword ptr ds:[0x4010B8] ; msvbvm60.rtcTrimVar
00495EFE 8B16 mov edx,dword ptr ds:[esi]
00495F00 56 push esi
00495F01 FF92 FC020000 call dword ptr ds:[edx+0x2FC]
00495F07 50 push eax
00495F08 8D45 CC lea eax,dword ptr ss:[ebp-0x34]
00495F0B 50 push eax
00495F0C FF15 A0104000 call dword ptr ds:[0x4010A0] ; msvbvm60.__vbaObjSet
00495F12 8BD8 mov ebx,eax
00495F14 8D55 E4 lea edx,dword ptr ss:[ebp-0x1C]
00495F17 52 push edx
00495F18 53 push ebx
00495F19 8B0B mov ecx,dword ptr ds:[ebx]
00495F1B FF91 A0000000 call dword ptr ds:[ecx+0xA0]
00495F21 3BC7 cmp eax,edi
00495F23 DBE2 fclex
00495F25 7D 12 jge XBOMTool.00495F39
00495F27 68 A0000000 push 0xA0
00495F2C 68 5C244200 push BOMTool.0042245C
00495F31 53 push ebx
00495F32 50 push eax
00495F33 FF15 74104000 call dword ptr ds:[0x401074] ; msvbvm60.__vbaHresultCheckObj
00495F39 8B45 E4 mov eax,dword ptr ss:[ebp-0x1C]
00495F3C 8D4D 8C lea ecx,dword ptr ss:[ebp-0x74]
00495F3F 8945 A4 mov dword ptr ss:[ebp-0x5C],eax
00495F42 8D45 9C lea eax,dword ptr ss:[ebp-0x64]
00495F45 50 push eax
00495F46 51 push ecx
00495F47 897D E4 mov dword ptr ss:[ebp-0x1C],edi
00495F4A C745 9C 0800000>mov dword ptr ss:[ebp-0x64],0x8
00495F51 FF15 B8104000 call dword ptr ds:[0x4010B8] ; msvbvm60.rtcTrimVar
00495F57 8B1D AC114000 mov ebx,dword ptr ds:[0x4011AC] ; msvbvm60.__vbaStrVarVal
00495F5D 8D55 8C lea edx,dword ptr ss:[ebp-0x74]
00495F60 6A FF push -0x1
00495F62 8D45 D8 lea eax,dword ptr ss:[ebp-0x28]
00495F65 52 push edx
00495F66 50 push eax
00495F67 FFD3 call ebx
00495F69 8D4D D4 lea ecx,dword ptr ss:[ebp-0x2C]
00495F6C 50 push eax
00495F6D 51 push ecx
00495F6E FF15 28124000 call dword ptr ds:[0x401228] ; msvbvm60.__vbaStrToAnsi
00495F74 50 push eax
00495F75 8D55 AC lea edx,dword ptr ss:[ebp-0x54]
00495F78 8D45 E0 lea eax,dword ptr ss:[ebp-0x20]
00495F7B 52 push edx
00495F7C 50 push eax
00495F7D FFD3 call ebx
00495F7F 8D4D DC lea ecx,dword ptr ss:[ebp-0x24]
00495F82 50 push eax
00495F83 51 push ecx
00495F84 E8 7BA02B09 call 09750004
00495F89 E8 50E890E3 call E3DA47DE
00495F8E F8 clc
00495F8F FF8B D8E86DA0 dec dword ptr ds:[ebx+0xA06DE8D8]
00495F95 2D 093C33D2 sub eax,0xD2333C09
00495F9A 66:83FB FF cmp bx,0xFFFF
00495F9E 0F94C2 sete dl
00495FA1 F7DA neg edx
00495FA3 8D45 D4 lea eax,dword ptr ss:[ebp-0x2C]
00495FA6 8995 34FFFFFF mov dword ptr ss:[ebp-0xCC],edx
00495FAC 8D4D D8 lea ecx,dword ptr ss:[ebp-0x28]
00495FAF 50 push eax
00495FB0 8D55 DC lea edx,dword ptr ss:[ebp-0x24]
00495FB3 51 push ecx
00495FB4 8D45 E0 lea eax,dword ptr ss:[ebp-0x20]
00495FB7 52 push edx
00495FB8 50 push eax
00495FB9 6A 04 push 0x4
00495FBB FF15 F4114000 call dword ptr ds:[0x4011F4] ; msvbvm60.__vbaFreeStrList
00495FC1 8D4D CC lea ecx,dword ptr ss:[ebp-0x34]
00495FC4 8D55 D0 lea edx,dword ptr ss:[ebp-0x30]
00495FC7 51 push ecx
00495FC8 52 push edx
00495FC9 6A 02 push 0x2
00495FCB FF15 40104000 call dword ptr ds:[0x401040] ; msvbvm60.__vbaFreeObjList
00495FD1 8B1D 34104000 mov ebx,dword ptr ds:[0x401034] ; msvbvm60.__vbaFreeVarList
00495FD7 8D45 8C lea eax,dword ptr ss:[ebp-0x74]
00495FDA 8D4D AC lea ecx,dword ptr ss:[ebp-0x54]
00495FDD 50 push eax
00495FDE 8D55 9C lea edx,dword ptr ss:[ebp-0x64]
00495FE1 51 push ecx
00495FE2 8D45 BC lea eax,dword ptr ss:[ebp-0x44]
00495FE5 52 push edx
00495FE6 50 push eax
00495FE7 6A 04 push 0x4
00495FE9 FFD3 call ebx
00495FEB B9 04000280 mov ecx,0x80020004
00495FF0 83C4 34 add esp,0x34
00495FF3 66:39BD 34FFFFF>cmp word ptr ss:[ebp-0xCC],di
00495FFA B8 0A000000 mov eax,0xA
00495FFF 894D 94 mov dword ptr ss:[ebp-0x6C],ecx
00496002 894D A4 mov dword ptr ss:[ebp-0x5C],ecx
00496005 8945 8C mov dword ptr ss:[ebp-0x74],eax
00496008 8945 9C mov dword ptr ss:[ebp-0x64],eax
0049600B C785 74FFFFFF 2>mov dword ptr ss:[ebp-0x8C],BOMTool.00425020 ; Registration
00496015 C785 6CFFFFFF 0>mov dword ptr ss:[ebp-0x94],0x8
0049601F 8D95 6CFFFFFF lea edx,dword ptr ss:[ebp-0x94]
00496025 8D4D AC lea ecx,dword ptr ss:[ebp-0x54]
00496028 74 7E je XBOMTool.004960A8
0049602A E8 D19FB901 call 02030000
0049602F 48 dec eax
00496030 8D95 7CFFFFFF lea edx,dword ptr ss:[ebp-0x84]
00496036 8D4D BC lea ecx,dword ptr ss:[ebp-0x44]
00496039 C745 84 E44F420>mov dword ptr ss:[ebp-0x7C],BOMTool.00424FE4 ; Thank you for registration!
00496040 C785 7CFFFFFF 0>mov dword ptr ss:[ebp-0x84],0x8
0049604A FF15 2C124000 call dword ptr ds:[0x40122C] ; msvbvm60.__vbaVarDup
00496050 8D4D 8C lea ecx,dword ptr ss:[ebp-0x74]
00496053 8D55 9C lea edx,dword ptr ss:[ebp-0x64]
00496056 51 push ecx
00496057 8D45 AC lea eax,dword ptr ss:[ebp-0x54]
0049605A 52 push edx
0049605B 50 push eax
0049605C 8D4D BC lea ecx,dword ptr ss:[ebp-0x44]
0049605F 6A 40 push 0x40
00496061 51 push ecx
00496062 FF15 A4104000 call dword ptr ds:[0x4010A4] ; msvbvm60.rtcMsgBox
00496068 8D55 8C lea edx,dword ptr ss:[ebp-0x74]
0049606B 8D45 9C lea eax,dword ptr ss:[ebp-0x64]
0049606E 52 push edx
0049606F 8D4D AC lea ecx,dword ptr ss:[ebp-0x54]
00496072 50 push eax
00496073 8D55 BC lea edx,dword ptr ss:[ebp-0x44]
00496076 51 push ecx
00496077 52 push edx
00496078 6A 04 push 0x4
0049607A FFD3 call ebx
0049607C 8B06 mov eax,dword ptr ds:[esi]
0049607E 83C4 14 add esp,0x14
00496081 56 push esi
00496082 FF90 B4020000 call dword ptr ds:[eax+0x2B4]
00496088 3BC7 cmp eax,edi
0049608A DBE2 fclex
0049608C 7D 12 jge XBOMTool.004960A0
0049608E 68 B4020000 push 0x2B4
00496093 68 943D4200 push BOMTool.00423D94
00496098 56 push esi
00496099 50 push eax
0049609A FF15 74104000 call dword ptr ds:[0x401074] ; msvbvm60.__vbaHresultCheckObj
004960A0 FF15 38104000 call dword ptr ds:[0x401038] ; msvbvm60.__vbaEnd
004960A6 EB 53 jmp XBOMTool.004960FB
004960A8 8B35 2C124000 mov esi,dword ptr ds:[0x40122C] ; msvbvm60.__vbaVarDup
004960AE FFD6 call esi
004960B0 8D95 7CFFFFFF lea edx,dword ptr ss:[ebp-0x84]
004960B6 8D4D BC lea ecx,dword ptr ss:[ebp-0x44]
004960B9 C745 84 4050420>mov dword ptr ss:[ebp-0x7C],BOMTool.00425040 ; Key is not valid, please contact manufacture!
004960C0 C785 7CFFFFFF 0>mov dword ptr ss:[ebp-0x84],0x8
004960CA FFD6 call esi
004960CC 8D4D 8C lea ecx,dword ptr ss:[ebp-0x74]
004960CF 8D55 9C lea edx,dword ptr ss:[ebp-0x64]
004960D2 51 push ecx
004960D3 8D45 AC lea eax,dword ptr ss:[ebp-0x54]
004960D6 52 push edx
004960D7 50 push eax
004960D8 8D4D BC lea ecx,dword ptr ss:[ebp-0x44]
004960DB 6A 30 push 0x30
004960DD 51 push ecx
004960DE FF15 A4104000 call dword ptr ds:[0x4010A4] ; msvbvm60.rtcMsgBox
004960E4 8D55 8C lea edx,dword ptr ss:[ebp-0x74]
004960E7 8D45 9C lea eax,dword ptr ss:[ebp-0x64]
004960EA 52 push edx
004960EB 8D4D AC lea ecx,dword ptr ss:[ebp-0x54]
004960EE 50 push eax
004960EF 8D55 BC lea edx,dword ptr ss:[ebp-0x44]
004960F2 51 push ecx
004960F3 52 push edx
004960F4 6A 04 push 0x4
004960F6 FFD3 call ebx
004960F8 83C4 14 add esp,0x14
004960FB 897D FC mov dword ptr ss:[ebp-0x4],edi
004960FE 68 52614900 push BOMTool.00496152
00496103 EB 4C jmp XBOMTool.00496151
00496105 8D45 D4 lea eax,dword ptr ss:[ebp-0x2C]
00496108 8D4D D8 lea ecx,dword ptr ss:[ebp-0x28]
0049610B 50 push eax
0049610C 8D55 DC lea edx,dword ptr ss:[ebp-0x24]
0049610F 51 push ecx
00496110 8D45 E0 lea eax,dword ptr ss:[ebp-0x20]
00496113 52 push edx
00496114 8D4D E4 lea ecx,dword ptr ss:[ebp-0x1C]
00496117 50 push eax
00496118 8D55 E8 lea edx,dword ptr ss:[ebp-0x18]
0049611B 51 push ecx
0049611C 52 push edx
0049611D 6A 06 push 0x6
0049611F E8 DC9EB901 call 02030000
00496124 A3 8D45CC8D mov dword ptr ds:[0x8DCC458D],eax
00496129 4D dec ebp
0049612A D050 51 rcl byte ptr ds:[eax+0x51],1
0049612D 6A 02 push 0x2
0049612F FF15 40104000 call dword ptr ds:[0x401040] ; msvbvm60.__vbaFreeObjList
00496135 8D55 8C lea edx,dword ptr ss:[ebp-0x74]
00496138 8D45 9C lea eax,dword ptr ss:[ebp-0x64]
0049613B 52 push edx
0049613C 8D4D AC lea ecx,dword ptr ss:[ebp-0x54]
0049613F 50 push eax
00496140 8D55 BC lea edx,dword ptr ss:[ebp-0x44]
00496143 51 push ecx
00496144 52 push edx
00496145 6A 04 push 0x4
00496147 FF15 34104000 call dword ptr ds:[0x401034] ; msvbvm60.__vbaFreeVarList
0049614D 83C4 3C add esp,0x3C
00496150 C3 retn
00496151 C3 retn
载入OD后查找不到有用的字符,采用先运行程序,在附加到OD方法,然后查找字符串,找到了注册提示字符,下面是这个区的代码,有一个JE可以跳过,改为JNZ后能显示注册 Thank you for registration!的提示,但单步走到0049602A E8 D19FB901 call 02030000这句OD就停住了,过不了。我就用樱花补丁修改这里,发现 可以显示注册,但点确定软件自动关闭,重新打开又是提示注册。求解决方法,谢谢
00495E30 55 push ebp
00495E31 8BEC mov ebp,esp
00495E33 83EC 0C sub esp,0xC
00495E36 68 962A4000 push BOMTool.00402A96 ; jmp 到 msvbvm60.__vbaExceptHandler
00495E3B 64:A1 00000000 mov eax,dword ptr fs:[0]
00495E41 50 push eax
00495E42 64:8925 0000000>mov dword ptr fs:[0],esp
00495E49 81EC C8000000 sub esp,0xC8
00495E4F 53 push ebx
00495E50 56 push esi
00495E51 57 push edi
00495E52 8965 F4 mov dword ptr ss:[ebp-0xC],esp
00495E55 C745 F8 E828400>mov dword ptr ss:[ebp-0x8],BOMTool.004028E8
00495E5C 8B75 08 mov esi,dword ptr ss:[ebp+0x8]
00495E5F 8BC6 mov eax,esi
00495E61 83E0 01 and eax,0x1
00495E64 8945 FC mov dword ptr ss:[ebp-0x4],eax
00495E67 83E6 FE and esi,0xFFFFFFFE
00495E6A 56 push esi
00495E6B 8975 08 mov dword ptr ss:[ebp+0x8],esi
00495E6E 8B0E mov ecx,dword ptr ds:[esi]
00495E70 FF51 04 call dword ptr ds:[ecx+0x4]
00495E73 8B16 mov edx,dword ptr ds:[esi]
00495E75 33FF xor edi,edi
00495E77 56 push esi
00495E78 897D E8 mov dword ptr ss:[ebp-0x18],edi
00495E7B 897D E4 mov dword ptr ss:[ebp-0x1C],edi
00495E7E 897D E0 mov dword ptr ss:[ebp-0x20],edi
00495E81 897D DC mov dword ptr ss:[ebp-0x24],edi
00495E84 897D D8 mov dword ptr ss:[ebp-0x28],edi
00495E87 897D D4 mov dword ptr ss:[ebp-0x2C],edi
00495E8A 897D D0 mov dword ptr ss:[ebp-0x30],edi
00495E8D 897D CC mov dword ptr ss:[ebp-0x34],edi
00495E90 897D BC mov dword ptr ss:[ebp-0x44],edi
00495E93 897D AC mov dword ptr ss:[ebp-0x54],edi
00495E96 897D 9C mov dword ptr ss:[ebp-0x64],edi
00495E99 897D 8C mov dword ptr ss:[ebp-0x74],edi
00495E9C 89BD 7CFFFFFF mov dword ptr ss:[ebp-0x84],edi
00495EA2 89BD 6CFFFFFF mov dword ptr ss:[ebp-0x94],edi
00495EA8 FF92 08030000 call dword ptr ds:[edx+0x308]
00495EAE 50 push eax
00495EAF 8D45 D0 lea eax,dword ptr ss:[ebp-0x30]
00495EB2 50 push eax
00495EB3 FF15 A0104000 call dword ptr ds:[0x4010A0] ; msvbvm60.__vbaObjSet
00495EB9 8BD8 mov ebx,eax
00495EBB 8D55 E8 lea edx,dword ptr ss:[ebp-0x18]
00495EBE 52 push edx
00495EBF 53 push ebx
00495EC0 8B0B mov ecx,dword ptr ds:[ebx]
00495EC2 FF91 A0000000 call dword ptr ds:[ecx+0xA0]
00495EC8 3BC7 cmp eax,edi
00495ECA DBE2 fclex
00495ECC 7D 12 jge XBOMTool.00495EE0
00495ECE 68 A0000000 push 0xA0
00495ED3 68 5C244200 push BOMTool.0042245C
00495ED8 53 push ebx
00495ED9 50 push eax
00495EDA E8 21A1B901 call 02030000
00495EDF B7 8B mov bh,0x8B
00495EE1 45 inc ebp
00495EE2 E8 8D4DAC89 call 89F5AC74
00495EE7 45 inc ebp
00495EE8 C48D 45BC5051 les ecx,fword ptr ss:[ebp+0x5150BC45]
00495EEE 897D E8 mov dword ptr ss:[ebp-0x18],edi
00495EF1 C745 BC 0800000>mov dword ptr ss:[ebp-0x44],0x8
00495EF8 FF15 B8104000 call dword ptr ds:[0x4010B8] ; msvbvm60.rtcTrimVar
00495EFE 8B16 mov edx,dword ptr ds:[esi]
00495F00 56 push esi
00495F01 FF92 FC020000 call dword ptr ds:[edx+0x2FC]
00495F07 50 push eax
00495F08 8D45 CC lea eax,dword ptr ss:[ebp-0x34]
00495F0B 50 push eax
00495F0C FF15 A0104000 call dword ptr ds:[0x4010A0] ; msvbvm60.__vbaObjSet
00495F12 8BD8 mov ebx,eax
00495F14 8D55 E4 lea edx,dword ptr ss:[ebp-0x1C]
00495F17 52 push edx
00495F18 53 push ebx
00495F19 8B0B mov ecx,dword ptr ds:[ebx]
00495F1B FF91 A0000000 call dword ptr ds:[ecx+0xA0]
00495F21 3BC7 cmp eax,edi
00495F23 DBE2 fclex
00495F25 7D 12 jge XBOMTool.00495F39
00495F27 68 A0000000 push 0xA0
00495F2C 68 5C244200 push BOMTool.0042245C
00495F31 53 push ebx
00495F32 50 push eax
00495F33 FF15 74104000 call dword ptr ds:[0x401074] ; msvbvm60.__vbaHresultCheckObj
00495F39 8B45 E4 mov eax,dword ptr ss:[ebp-0x1C]
00495F3C 8D4D 8C lea ecx,dword ptr ss:[ebp-0x74]
00495F3F 8945 A4 mov dword ptr ss:[ebp-0x5C],eax
00495F42 8D45 9C lea eax,dword ptr ss:[ebp-0x64]
00495F45 50 push eax
00495F46 51 push ecx
00495F47 897D E4 mov dword ptr ss:[ebp-0x1C],edi
00495F4A C745 9C 0800000>mov dword ptr ss:[ebp-0x64],0x8
00495F51 FF15 B8104000 call dword ptr ds:[0x4010B8] ; msvbvm60.rtcTrimVar
00495F57 8B1D AC114000 mov ebx,dword ptr ds:[0x4011AC] ; msvbvm60.__vbaStrVarVal
00495F5D 8D55 8C lea edx,dword ptr ss:[ebp-0x74]
00495F60 6A FF push -0x1
00495F62 8D45 D8 lea eax,dword ptr ss:[ebp-0x28]
00495F65 52 push edx
00495F66 50 push eax
00495F67 FFD3 call ebx
00495F69 8D4D D4 lea ecx,dword ptr ss:[ebp-0x2C]
00495F6C 50 push eax
00495F6D 51 push ecx
00495F6E FF15 28124000 call dword ptr ds:[0x401228] ; msvbvm60.__vbaStrToAnsi
00495F74 50 push eax
00495F75 8D55 AC lea edx,dword ptr ss:[ebp-0x54]
00495F78 8D45 E0 lea eax,dword ptr ss:[ebp-0x20]
00495F7B 52 push edx
00495F7C 50 push eax
00495F7D FFD3 call ebx
00495F7F 8D4D DC lea ecx,dword ptr ss:[ebp-0x24]
00495F82 50 push eax
00495F83 51 push ecx
00495F84 E8 7BA02B09 call 09750004
00495F89 E8 50E890E3 call E3DA47DE
00495F8E F8 clc
00495F8F FF8B D8E86DA0 dec dword ptr ds:[ebx+0xA06DE8D8]
00495F95 2D 093C33D2 sub eax,0xD2333C09
00495F9A 66:83FB FF cmp bx,0xFFFF
00495F9E 0F94C2 sete dl
00495FA1 F7DA neg edx
00495FA3 8D45 D4 lea eax,dword ptr ss:[ebp-0x2C]
00495FA6 8995 34FFFFFF mov dword ptr ss:[ebp-0xCC],edx
00495FAC 8D4D D8 lea ecx,dword ptr ss:[ebp-0x28]
00495FAF 50 push eax
00495FB0 8D55 DC lea edx,dword ptr ss:[ebp-0x24]
00495FB3 51 push ecx
00495FB4 8D45 E0 lea eax,dword ptr ss:[ebp-0x20]
00495FB7 52 push edx
00495FB8 50 push eax
00495FB9 6A 04 push 0x4
00495FBB FF15 F4114000 call dword ptr ds:[0x4011F4] ; msvbvm60.__vbaFreeStrList
00495FC1 8D4D CC lea ecx,dword ptr ss:[ebp-0x34]
00495FC4 8D55 D0 lea edx,dword ptr ss:[ebp-0x30]
00495FC7 51 push ecx
00495FC8 52 push edx
00495FC9 6A 02 push 0x2
00495FCB FF15 40104000 call dword ptr ds:[0x401040] ; msvbvm60.__vbaFreeObjList
00495FD1 8B1D 34104000 mov ebx,dword ptr ds:[0x401034] ; msvbvm60.__vbaFreeVarList
00495FD7 8D45 8C lea eax,dword ptr ss:[ebp-0x74]
00495FDA 8D4D AC lea ecx,dword ptr ss:[ebp-0x54]
00495FDD 50 push eax
00495FDE 8D55 9C lea edx,dword ptr ss:[ebp-0x64]
00495FE1 51 push ecx
00495FE2 8D45 BC lea eax,dword ptr ss:[ebp-0x44]
00495FE5 52 push edx
00495FE6 50 push eax
00495FE7 6A 04 push 0x4
00495FE9 FFD3 call ebx
00495FEB B9 04000280 mov ecx,0x80020004
00495FF0 83C4 34 add esp,0x34
00495FF3 66:39BD 34FFFFF>cmp word ptr ss:[ebp-0xCC],di
00495FFA B8 0A000000 mov eax,0xA
00495FFF 894D 94 mov dword ptr ss:[ebp-0x6C],ecx
00496002 894D A4 mov dword ptr ss:[ebp-0x5C],ecx
00496005 8945 8C mov dword ptr ss:[ebp-0x74],eax
00496008 8945 9C mov dword ptr ss:[ebp-0x64],eax
0049600B C785 74FFFFFF 2>mov dword ptr ss:[ebp-0x8C],BOMTool.00425020 ; Registration
00496015 C785 6CFFFFFF 0>mov dword ptr ss:[ebp-0x94],0x8
0049601F 8D95 6CFFFFFF lea edx,dword ptr ss:[ebp-0x94]
00496025 8D4D AC lea ecx,dword ptr ss:[ebp-0x54]
00496028 74 7E je XBOMTool.004960A8
0049602A E8 D19FB901 call 02030000
0049602F 48 dec eax
00496030 8D95 7CFFFFFF lea edx,dword ptr ss:[ebp-0x84]
00496036 8D4D BC lea ecx,dword ptr ss:[ebp-0x44]
00496039 C745 84 E44F420>mov dword ptr ss:[ebp-0x7C],BOMTool.00424FE4 ; Thank you for registration!
00496040 C785 7CFFFFFF 0>mov dword ptr ss:[ebp-0x84],0x8
0049604A FF15 2C124000 call dword ptr ds:[0x40122C] ; msvbvm60.__vbaVarDup
00496050 8D4D 8C lea ecx,dword ptr ss:[ebp-0x74]
00496053 8D55 9C lea edx,dword ptr ss:[ebp-0x64]
00496056 51 push ecx
00496057 8D45 AC lea eax,dword ptr ss:[ebp-0x54]
0049605A 52 push edx
0049605B 50 push eax
0049605C 8D4D BC lea ecx,dword ptr ss:[ebp-0x44]
0049605F 6A 40 push 0x40
00496061 51 push ecx
00496062 FF15 A4104000 call dword ptr ds:[0x4010A4] ; msvbvm60.rtcMsgBox
00496068 8D55 8C lea edx,dword ptr ss:[ebp-0x74]
0049606B 8D45 9C lea eax,dword ptr ss:[ebp-0x64]
0049606E 52 push edx
0049606F 8D4D AC lea ecx,dword ptr ss:[ebp-0x54]
00496072 50 push eax
00496073 8D55 BC lea edx,dword ptr ss:[ebp-0x44]
00496076 51 push ecx
00496077 52 push edx
00496078 6A 04 push 0x4
0049607A FFD3 call ebx
0049607C 8B06 mov eax,dword ptr ds:[esi]
0049607E 83C4 14 add esp,0x14
00496081 56 push esi
00496082 FF90 B4020000 call dword ptr ds:[eax+0x2B4]
00496088 3BC7 cmp eax,edi
0049608A DBE2 fclex
0049608C 7D 12 jge XBOMTool.004960A0
0049608E 68 B4020000 push 0x2B4
00496093 68 943D4200 push BOMTool.00423D94
00496098 56 push esi
00496099 50 push eax
0049609A FF15 74104000 call dword ptr ds:[0x401074] ; msvbvm60.__vbaHresultCheckObj
004960A0 FF15 38104000 call dword ptr ds:[0x401038] ; msvbvm60.__vbaEnd
004960A6 EB 53 jmp XBOMTool.004960FB
004960A8 8B35 2C124000 mov esi,dword ptr ds:[0x40122C] ; msvbvm60.__vbaVarDup
004960AE FFD6 call esi
004960B0 8D95 7CFFFFFF lea edx,dword ptr ss:[ebp-0x84]
004960B6 8D4D BC lea ecx,dword ptr ss:[ebp-0x44]
004960B9 C745 84 4050420>mov dword ptr ss:[ebp-0x7C],BOMTool.00425040 ; Key is not valid, please contact manufacture!
004960C0 C785 7CFFFFFF 0>mov dword ptr ss:[ebp-0x84],0x8
004960CA FFD6 call esi
004960CC 8D4D 8C lea ecx,dword ptr ss:[ebp-0x74]
004960CF 8D55 9C lea edx,dword ptr ss:[ebp-0x64]
004960D2 51 push ecx
004960D3 8D45 AC lea eax,dword ptr ss:[ebp-0x54]
004960D6 52 push edx
004960D7 50 push eax
004960D8 8D4D BC lea ecx,dword ptr ss:[ebp-0x44]
004960DB 6A 30 push 0x30
004960DD 51 push ecx
004960DE FF15 A4104000 call dword ptr ds:[0x4010A4] ; msvbvm60.rtcMsgBox
004960E4 8D55 8C lea edx,dword ptr ss:[ebp-0x74]
004960E7 8D45 9C lea eax,dword ptr ss:[ebp-0x64]
004960EA 52 push edx
004960EB 8D4D AC lea ecx,dword ptr ss:[ebp-0x54]
004960EE 50 push eax
004960EF 8D55 BC lea edx,dword ptr ss:[ebp-0x44]
004960F2 51 push ecx
004960F3 52 push edx
004960F4 6A 04 push 0x4
004960F6 FFD3 call ebx
004960F8 83C4 14 add esp,0x14
004960FB 897D FC mov dword ptr ss:[ebp-0x4],edi
004960FE 68 52614900 push BOMTool.00496152
00496103 EB 4C jmp XBOMTool.00496151
00496105 8D45 D4 lea eax,dword ptr ss:[ebp-0x2C]
00496108 8D4D D8 lea ecx,dword ptr ss:[ebp-0x28]
0049610B 50 push eax
0049610C 8D55 DC lea edx,dword ptr ss:[ebp-0x24]
0049610F 51 push ecx
00496110 8D45 E0 lea eax,dword ptr ss:[ebp-0x20]
00496113 52 push edx
00496114 8D4D E4 lea ecx,dword ptr ss:[ebp-0x1C]
00496117 50 push eax
00496118 8D55 E8 lea edx,dword ptr ss:[ebp-0x18]
0049611B 51 push ecx
0049611C 52 push edx
0049611D 6A 06 push 0x6
0049611F E8 DC9EB901 call 02030000
00496124 A3 8D45CC8D mov dword ptr ds:[0x8DCC458D],eax
00496129 4D dec ebp
0049612A D050 51 rcl byte ptr ds:[eax+0x51],1
0049612D 6A 02 push 0x2
0049612F FF15 40104000 call dword ptr ds:[0x401040] ; msvbvm60.__vbaFreeObjList
00496135 8D55 8C lea edx,dword ptr ss:[ebp-0x74]
00496138 8D45 9C lea eax,dword ptr ss:[ebp-0x64]
0049613B 52 push edx
0049613C 8D4D AC lea ecx,dword ptr ss:[ebp-0x54]
0049613F 50 push eax
00496140 8D55 BC lea edx,dword ptr ss:[ebp-0x44]
00496143 51 push ecx
00496144 52 push edx
00496145 6A 04 push 0x4
00496147 FF15 34104000 call dword ptr ds:[0x401034] ; msvbvm60.__vbaFreeVarList
0049614D 83C4 3C add esp,0x3C
00496150 C3 retn
00496151 C3 retn
[培训]传播安全知识、拓宽行业人脉——看雪讲师团队等你加入!
