用VBParser分析了一个VB程序,是一个去NAG的crackme,我找到如下两处NOP了,但保存运行出错了,应该如何成功去掉这个弹出窗口呢?
00401DFE: 04 5C FF FLdRfVar Push local_A4
00401E01: 0A 01 00 14 00 ImpAdCallFPR4 CallPtr_00401020; check stack 0014 (no return value)
全部代码如下:
-----=====-----=====-----=====--Crackme--=====-----=====-----=====-----
[CommandButton]
Private Sub Command1_Click()
'-=-=-=-=-=-=-= ProcAddr Range: [00401DE8 - 00401E30] , ProcSize: 48 =-=-=-=-=-=-=-
00401DE8: 27 FC FE LitVar_Missing PushVarError 80020004 (missing) VT_ERROR signifies an optional argument that is missing
00401DEB: 27 1C FF LitVar_Missing PushVarError 80020004 (missing) VT_ERROR signifies an optional argument that is missing
00401DEE: 27 3C FF LitVar_Missing PushVarError 80020004 (missing) VT_ERROR signifies an optional argument that is missing
00401DF1: F5 00 00 00 00 LitI4: Push 00000000
*********** Referent String: "Another NAG" ***********
|
00401DF6: 3A 6C FF 00 00 LitVarStr PushVarString Ptr_00401904
00401DFB: 4E 5C FF FStVarCopyObj [local_A4]=vbaVarDup(Pop)
00401DFE: 04 5C FF FLdRfVar Push local_A4
00401E01: 0A 01 00 14 00 ImpAdCallFPR4 Call Ptr_00401020; check stack 0014 (no return value)
00401E06: 36 08 00 5C FF 3C FFreeVar Free 0008 variants : 5C FF 3C FF 1C FF FC FE
FF 1C FF FC FE
00401E11: 08 08 00 FLdPr [SR]=[stack_08]
00401E14: 0D B4 02 02 00 VCallHresult
00401E19: 27 4C FF LitVar_Missing PushVarError 80020004 (missing) VT_ERROR signifies an optional argument that is missing
00401E1C: 25 PopAdLdVar
00401E1D: 27 6C FF LitVar_Missing PushVarError 80020004 (missing) VT_ERROR signifies an optional argument that is missing
00401E20: 25 PopAdLdVar
00401E21: 05 03 00 ImpAdLdRf Push Ptr_0040201C
00401E24: 24 04 00 NewIfNullPr [Pop] [SR]
00401E27: 0D B0 02 05 00 VCallHresult
00401E2C: 13 ExitProcHresult
00401E2D: 48 C0 0F ILdPr [SR]=[[stack_FC0]]
-----=====-----=====-----=====--------------------=====-----=====-----=====-----
Email ME: ljtt@yeah.net
-----=====-----=====-----=====--Done--=====-----=====-----=====-----
[CommandButton]
Private Sub Command1_Click()
'-=-=-=-=-=-=-= ProcAddr Range: [00401CE8 - 00401CEC] , ProcSize: 4 =-=-=-=-=-=-=-
00401CE8: FC C8 13 End
00401CEB: 00 04 LargeBos IDE beginning of line with 04 byte codes
-----=====-----=====-----=====--------------------=====-----=====-----=====-----
Email ME: ljtt@yeah.net
[课程]Android-CTF解题方法汇总!
上传的附件: