-
-
[求助]请教这段代码的意义?
-
发表于: 2014-1-17 16:19 4619
-
loc_110A7505: var_8 = 11001248h
loc_110A757A: call __vbaAptOffset(110024B8h, edi, esi, ebx)
loc_110A7596: ecx = "DF8A1D79C7036E9664AA036DD61B7E1"
loc_110A75A6: ecx = "223B24711A5F846A41B1C67D2559A3DED638C64C83A5D074520B56F43D2A525"
loc_110A75B6: ecx = "B5AF2D59E54FD2D75D58AA8479B33466E38FA1229A94EE23785E87B2216D603D47D6E6FCBF5307C6086A6D679AE3F2C1504F44D6647D94DE2A2C27DA73687999"
loc_110A75C6: ecx = "18DF49404F807640B8A96DC7B992BB1"
loc_110A75D6: ecx = "A7A25A6449735B53C14489767462F83F1E726FFB19D2CD835C17E3854E3805"
loc_110A75E6: ecx = "97186B87F27C1325867D21BA7097C781B5C892427BFA559DEC11F999FBD0C1926B4B788DD083FCCE35FBE2EF98ED2254CBFE2EC45CC859AB2FE7653C1100F7ED"
loc_110A7611: Proc_110A9AB0(00010001h, {00000000-24B8-1100-FFFFFFFF00000000}.285917272, {00000000-24B8-1100-FFFFFFFF00000000}.285917272)
loc_110A761B: var_18 = Proc_110A9AB0(00010001h, {00000000-24B8-1100-FFFFFFFF00000000}.285917272, {00000000-24B8-1100-FFFFFFFF00000000}.285917272)
loc_110A7632: If (var_18 = 285222488) = 0 Then GoTo loc_110A785E
loc_110A764A: call InStr(esi, 11002FB8h, var_18, 00000001h)
loc_110A7651: InStr(esi, 11002FB8h, var_18, 00000001h) = InStr(esi, 11002FB8h, var_18, 00000001h) - 00000001h
loc_110A7661: var_38 = InStr(esi, 11002FB8h, var_18, 00000001h)
loc_110A7664: var_40 = 3
loc_110A766E: var_30 = 2
loc_110A7675: call InStr(esi, 11002FB8h, var_18, 00000001h)
loc_110A7677: InStr(esi, 11002FB8h, var_18, 00000001h) = InStr(esi, 11002FB8h, var_18, 00000001h) - 00000001h
loc_110A7685: var_C0 = 11
loc_110A7691: setl dl
loc_110A76BA: var_E8 = var_18
loc_110A76C0: var_F0 = &H4008
loc_110A76EC: var_128 = Len(var_18)
loc_110A76FE: var_130 = 3
loc_110A7708: call InStr(esi, 11002FB8h, var_18, 00000001h)
loc_110A7716: var_78 = InStr(esi, 11002FB8h, var_18, 00000001h)
loc_110A7719: var_80 = 3
loc_110A7723: var_70 = 2
loc_110A772A: call InStr(esi, 11002FB8h, var_18, 00000001h)
loc_110A7733: setl dl
loc_110A774A: var_100 = 11
loc_110A776B: var_138 = var_18
loc_110A7780: var_140 = &H4008
loc_110A77C3: var_20 = CStr(Right(var_18, CLng(Len(var_18) - IIf(, 0, InStr(esi, 11002FB8h, var_18, 00000001h)))))
loc_110A77D2: var_1C = CStr(Left(var_18, CLng(IIf(False, 0, InStr(esi, 11002FB8h, var_18, 00000001h)))))
loc_110A77DF: Unknown_VTable_Call[ecx+34h]
loc_110A784D: If var_144 = 0 Then GoTo loc_110A785E
loc_110A7858: ecx = var_18
loc_110A7866: GoTo loc_110A78B1
loc_110A78B0: Exit Sub
loc_110A78B1:
loc_110A78BA: Exit Sub
End Sub
是否能利用附件中的DLL文件做出字串解密呢?
loc_110A757A: call __vbaAptOffset(110024B8h, edi, esi, ebx)
loc_110A7596: ecx = "DF8A1D79C7036E9664AA036DD61B7E1"
loc_110A75A6: ecx = "223B24711A5F846A41B1C67D2559A3DED638C64C83A5D074520B56F43D2A525"
loc_110A75B6: ecx = "B5AF2D59E54FD2D75D58AA8479B33466E38FA1229A94EE23785E87B2216D603D47D6E6FCBF5307C6086A6D679AE3F2C1504F44D6647D94DE2A2C27DA73687999"
loc_110A75C6: ecx = "18DF49404F807640B8A96DC7B992BB1"
loc_110A75D6: ecx = "A7A25A6449735B53C14489767462F83F1E726FFB19D2CD835C17E3854E3805"
loc_110A75E6: ecx = "97186B87F27C1325867D21BA7097C781B5C892427BFA559DEC11F999FBD0C1926B4B788DD083FCCE35FBE2EF98ED2254CBFE2EC45CC859AB2FE7653C1100F7ED"
loc_110A7611: Proc_110A9AB0(00010001h, {00000000-24B8-1100-FFFFFFFF00000000}.285917272, {00000000-24B8-1100-FFFFFFFF00000000}.285917272)
loc_110A761B: var_18 = Proc_110A9AB0(00010001h, {00000000-24B8-1100-FFFFFFFF00000000}.285917272, {00000000-24B8-1100-FFFFFFFF00000000}.285917272)
loc_110A7632: If (var_18 = 285222488) = 0 Then GoTo loc_110A785E
loc_110A764A: call InStr(esi, 11002FB8h, var_18, 00000001h)
loc_110A7651: InStr(esi, 11002FB8h, var_18, 00000001h) = InStr(esi, 11002FB8h, var_18, 00000001h) - 00000001h
loc_110A7661: var_38 = InStr(esi, 11002FB8h, var_18, 00000001h)
loc_110A7664: var_40 = 3
loc_110A766E: var_30 = 2
loc_110A7675: call InStr(esi, 11002FB8h, var_18, 00000001h)
loc_110A7677: InStr(esi, 11002FB8h, var_18, 00000001h) = InStr(esi, 11002FB8h, var_18, 00000001h) - 00000001h
loc_110A7685: var_C0 = 11
loc_110A7691: setl dl
loc_110A76BA: var_E8 = var_18
loc_110A76C0: var_F0 = &H4008
loc_110A76EC: var_128 = Len(var_18)
loc_110A76FE: var_130 = 3
loc_110A7708: call InStr(esi, 11002FB8h, var_18, 00000001h)
loc_110A7716: var_78 = InStr(esi, 11002FB8h, var_18, 00000001h)
loc_110A7719: var_80 = 3
loc_110A7723: var_70 = 2
loc_110A772A: call InStr(esi, 11002FB8h, var_18, 00000001h)
loc_110A7733: setl dl
loc_110A774A: var_100 = 11
loc_110A776B: var_138 = var_18
loc_110A7780: var_140 = &H4008
loc_110A77C3: var_20 = CStr(Right(var_18, CLng(Len(var_18) - IIf(, 0, InStr(esi, 11002FB8h, var_18, 00000001h)))))
loc_110A77D2: var_1C = CStr(Left(var_18, CLng(IIf(False, 0, InStr(esi, 11002FB8h, var_18, 00000001h)))))
loc_110A77DF: Unknown_VTable_Call[ecx+34h]
loc_110A784D: If var_144 = 0 Then GoTo loc_110A785E
loc_110A7858: ecx = var_18
loc_110A7866: GoTo loc_110A78B1
loc_110A78B0: Exit Sub
loc_110A78B1:
loc_110A78BA: Exit Sub
End Sub
是否能利用附件中的DLL文件做出字串解密呢?
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
赞赏
他的文章
- [求助]请教这段代码的意义? 4620
- 求助高手山寨S4加密锁与正版锁的区别 4968
- [求助]朋友的一个软件加了狗~~~我也想用用~~有谁能去狗吗? 4568
- [求助]这个是用加壳什么软件提取的注册信息 4431
- [求助]这个是用什么软件提取的注册信息 3790
看原图
赞赏
雪币:
留言: