能力值:
( LV2,RANK:10 )
|
-
-
2 楼
VB程序。就两行代码,谁都认识。可是神仙都没办法说告诉你怎么回事。哈哈。
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
00401000 > 842A test byte ptr [edx], ch
00401002 36:6A EE push -12
00401005 15 386A8BB4 adc eax, B48B6A38
0040100A 36:6A 3D push 3D
0040100D B9 366A74B9 mov ecx, B9746A36
00401012 36:6A 37 push 37
00401015 0236 add dh, byte ptr [esi]
00401017 6A 7A push 7A
00401019 47 inc edi
0040101A 2A6A 2B sub ch, byte ptr [edx+2B]
0040101D 8337 6A xor dword ptr [edi], 6A
00401020 > 1D C0356A67 sbb eax, 676A35C0
00401025 7D 37 jge short 0040105E
00401027 6A 7A push 7A
00401029 7D 37 jge short 00401062
0040102B 6A 29 push 29
0040102D 2F das
0040102E 36:6A DF push -21
00401031 7E 2A jle short 0040105D
00401033 6A AE push -52
00401035 7D 35 jge short <&MSVBVM60.rtcShell>
00401037 6A A0 push -60
00401039 7E 37 jle short 00401072
0040103B 6A D5 push -2B
0040103D B9 366AB17E mov ecx, 7EB16A36
00401042 37 aaa
00401043 6A DF push -21
00401045 48 dec eax
00401046 2A6A 03 sub ch, byte ptr [edx+3]
00401049 B4 36 mov ah, 36
0040104B 6A 6F push 6F
0040104D D829 fsubr dword ptr [ecx]
0040104F 6A 84 push -7C
00401051 C2 366A retn 6A36
00401054 > A4 movs byte ptr es:[edi], byte ptr [esi>
00401055 C2 366A retn 6A36
00401058 > 49 dec ecx
00401059 54 push esp
0040105A 2A6A AB sub ch, byte ptr [edx-55]
0040105D 27 daa
0040105E 36:6A 78 push 78
00401061 B7 29 mov bh, 29
00401063 6A E8 push -18
00401065 45 inc ebp
00401066 2A6A 85 sub ch, byte ptr [edx-7B]
00401069 E3 2A jecxz short 00401095
0040106B 6A 33 push 33
0040106D 7C 35 jl short <&MSVBVM60.rtcBstrFromAnsi>
0040106F 6A 7C push 7C
00401071 67:35 6A5B4E2A xor eax, 2A4E5B6A
00401077 6A DB push -25
00401079 9C pushfd
0040107A 37 aaa
0040107B 6A C4 push -3C
0040107D A8 37 test al, 37
0040107F 6A 20 push 20
00401081 C136 6A sal dword ptr [esi], 6A
00401084 > 47 inc edi
00401085 C2 366A retn 6A36
00401088 > 0163 36 add dword ptr [ebx+36], esp
0040108B 6A C4 push -3C
0040108D E5 35 in eax, 35
0040108F 6A D5 push -2B
00401091 E5 35 in eax, 35
00401093 6A E3 push -1D
00401095 D236 sal byte ptr [esi], cl
00401097 6A 5D push 5D
00401099 F0:37 lock aaa ; 不允许锁定前缀
0040109B 6A B8 push -48
0040109D 5B pop ebx
0040109E 36:6A BD push -43
004010A1 3B36 cmp esi, dword ptr [esi]
004010A3 6A 69 push 69
004010A5 6236 bound esi, qword ptr [esi]
004010A7 6A 6E push 6E
004010A9 822A 6A sub byte ptr [edx], 6A
004010AC > 60 pushad
004010AD 9D popfd
004010AE 36:6A A1 push -5F
004010B1 D6 salc
004010B2 2A6A 3B sub ch, byte ptr [edx+3B]
004010B5 66:36:6A 9E push 0FF9E
004010B9 3836 cmp byte ptr [esi], dh
004010BB 6A 7C push 7C
004010BD E6 35 out 35, al
004010BF 6A 67 push 67
004010C1 - E9 356A4451 jmp 51847AFB
004010C6 2A6A 3E sub ch, byte ptr [edx+3E]
004010C9 DE28 fisubr word ptr [eax]
004010CB 6A 93 push -6D
004010CD - E9 356ABFC7 jmp C7FF7B07
004010D2 35 6A01C835 xor eax, 35C8016A
004010D7 6A 53 push 53
004010D9 48 dec eax
004010DA 2A6A F1 sub ch, byte ptr [edx-F]
004010DD 49 dec ecx
004010DE 2A6A 71 sub ch, byte ptr [edx+71]
004010E1 B3 36 mov bl, 36
004010E3 6A A3 push -5D
004010E5 C035 6A56C135 6>sal byte ptr [35C1566A], 6A
004010EC > 99 cdq
004010ED C135 6A60C035 6>sal dword ptr [35C0606A], 6A
004010F4 > 1F pop ds
004010F5 C2 356A retn 6A35
004010F8 > DCC1 fadd st(1), st
004010FA 35 6ABCE935 xor eax, 35E9BC6A
004010FF 6A 6D push 6D
00401101 D6 salc
00401102 35 6A000000 xor eax, 6A
00401107 0000 add byte ptr [eax], al
00401109 0000 add byte ptr [eax], al
0040110B 0000 add byte ptr [eax], al
0040110D 0000 add byte ptr [eax], al
0040110F 00FF add bh, bh
00401111 25 60104000 and eax, 401060
00401116 - FF25 2C104000 jmp dword ptr [<&MSVBVM60.rtcMsgBox>>; MSVBVM60.rtcMsgBox
0040111C - FF25 44104000 jmp dword ptr [<&MSVBVM60.rtcMidChar>; MSVBVM60.rtcMidCharBstr
00401122 - FF25 3C104000 jmp dword ptr [<&MSVBVM60.rtcTrimVar>; MSVBVM60.rtcTrimVar
00401128 - FF25 18104000 jmp dword ptr [<&MSVBVM60.rtcTrimBst>; MSVBVM60.rtcTrimBstr
0040112E - FF25 00114000 jmp dword ptr [<&MSVBVM60.rtcR8ValFr>; MSVBVM60.rtcR8ValFromBstr
00401134 - FF25 A8104000 jmp dword ptr [<&MSVBVM60.rtcDir>] ; MSVBVM60.rtcDir
0040113A - FF25 B0104000 jmp dword ptr [<&MSVBVM60.rtcEndOfFi>; MSVBVM60.rtcEndOfFile
00401140 - FF25 64104000 jmp dword ptr [<&MSVBVM60.rtcCommand>; MSVBVM60.rtcCommandVar
00401146 - FF25 D8104000 jmp dword ptr [<&MSVBVM60.rtcLeftCha>; MSVBVM60.rtcLeftCharBstr
0040114C - FF25 50104000 jmp dword ptr [<&MSVBVM60.rtcUpperCa>; MSVBVM60.rtcUpperCaseBstr
00401152 - FF25 D0104000 jmp dword ptr [<&MSVBVM60.rtcGetDate>; MSVBVM60.rtcGetDateVar
00401158 - FF25 20104000 jmp dword ptr [<&MSVBVM60.rtcGetYear>; MSVBVM60.rtcGetYear
0040115E - FF25 F0104000 jmp dword ptr [<&MSVBVM60.rtcGetMont>; MSVBVM60.rtcGetMonthOfYear
00401164 - FF25 E4104000 jmp dword ptr [<&MSVBVM60.rtcGetDayO>; MSVBVM60.rtcGetDayOfMonth
0040116A - FF25 D4104000 jmp dword ptr [<&MSVBVM60.rtcGetTime>; MSVBVM60.rtcGetTimeVar
00401170 - FF25 E8104000 jmp dword ptr [<&MSVBVM60.rtcGetHour>; MSVBVM60.rtcGetHourOfDay
00401176 - FF25 EC104000 jmp dword ptr [<&MSVBVM60.rtcGetMinu>; MSVBVM60.rtcGetMinuteOfHour
0040117C - FF25 F8104000 jmp dword ptr [<&MSVBVM60.rtcGetSeco>; MSVBVM60.rtcGetSecondOfMinute
00401182 - FF25 0C104000 jmp dword ptr [<&MSVBVM60.rtcLowerCa>; MSVBVM60.rtcLowerCaseBstr
00401188 - FF25 00104000 jmp dword ptr [<&MSVBVM60.rtcRgb>] ; MSVBVM60.rtcRgb
0040118E - FF25 48104000 jmp dword ptr [<&MSVBVM60.rtcMidChar>; MSVBVM60.rtcMidCharVar
00401194 - FF25 C4104000 jmp dword ptr [<&MSVBVM60.rtcErrObj>>; MSVBVM60.rtcErrObj
0040119A - FF25 6C104000 jmp dword ptr [<&MSVBVM60.rtcShell>] ; MSVBVM60.rtcShell
004011A0 - FF25 FC104000 jmp dword ptr [<&MSVBVM60.rtcSetFile>; MSVBVM60.rtcSetFileAttr
004011A6 - FF25 94104000 jmp dword ptr [<&MSVBVM60.rtcStrConv>; MSVBVM60.rtcStrConvVar2
004011AC - FF25 30104000 jmp dword ptr [<&MSVBVM60.rtcDoEvent>; MSVBVM60.rtcDoEvents
004011B2 - FF25 DC104000 jmp dword ptr [<&MSVBVM60.rtcLeftCha>; MSVBVM60.rtcLeftCharVar
004011B8 - FF25 E0104000 jmp dword ptr [<&MSVBVM60.rtcRightCh>; MSVBVM60.rtcRightCharVar
004011BE - FF25 BC104000 jmp dword ptr [<&MSVBVM60.rtcFileCop>; MSVBVM60.rtcFileCopy
004011C4 - FF25 8C104000 jmp dword ptr [<&MSVBVM60.rtcMakeDir>; MSVBVM60.rtcMakeDir
004011CA - FF25 10104000 jmp dword ptr [<&MSVBVM60.rtcLowerCa>; MSVBVM60.rtcLowerCaseVar
004011D0 - FF25 B8104000 jmp dword ptr [<&MSVBVM60.rtcImmedia>; MSVBVM60.rtcImmediateIf
004011D6 - FF25 58104000 jmp dword ptr [<&MSVBVM60.rtcKillFil>; MSVBVM60.rtcKillFiles
004011DC - FF25 CC104000 jmp dword ptr [<&MSVBVM60.rtcGetFile>; MSVBVM60.rtcGetFileAttr
004011E2 - FF25 90104000 jmp dword ptr [<&MSVBVM60.rtcRemoveD>; MSVBVM60.rtcRemoveDir
004011E8 - FF25 AC104000 jmp dword ptr [<&MSVBVM60.rtcFileLen>; MSVBVM60.rtcFileLength
004011EE - FF25 B4104000 jmp dword ptr [<&MSVBVM60.rtcHexVarF>; MSVBVM60.rtcHexVarFromVar
004011F4 - FF25 88104000 jmp dword ptr [<&MSVBVM60.rtcVarBstr>; MSVBVM60.rtcVarBstrFromAnsi
004011FA - FF25 80104000 jmp dword ptr [<&MSVBVM60.rtcStringB>; MSVBVM60.rtcStringBstr
00401200 - FF25 54104000 jmp dword ptr [<&MSVBVM60.rtcUpperCa>; MSVBVM60.rtcUpperCaseVar
00401206 - FF25 84104000 jmp dword ptr [<&MSVBVM60.rtcStringV>; MSVBVM60.rtcStringVar
0040120C - FF25 78104000 jmp dword ptr [<&MSVBVM60.rtcSplit>] ; MSVBVM60.rtcSplit
00401212 - FF25 5C104000 jmp dword ptr [<&MSVBVM60.rtcIsNull>>; MSVBVM60.rtcIsNull
00401218 - FF25 14104000 jmp dword ptr [<&MSVBVM60.rtcGetObje>; MSVBVM60.rtcGetObject
0040121E - FF25 A4104000 jmp dword ptr [<&MSVBVM60.rtcBstrFro>; MSVBVM60.rtcBstrFromAnsi
00401224 - FF25 9C104000 jmp dword ptr [<&MSVBVM60.rtcStrFrom>; MSVBVM60.rtcStrFromVar
0040122A - FF25 C0104000 jmp dword ptr [<&MSVBVM60.rtcFileLen>; MSVBVM60.rtcFileLen
00401230 - FF25 7C104000 jmp dword ptr [<&MSVBVM60.rtcReplace>; MSVBVM60.rtcReplace
00401236 - FF25 08104000 jmp dword ptr [<&MSVBVM60.rtcAnsiVal>; MSVBVM60.rtcAnsiValueBstr
0040123C - FF25 A0104000 jmp dword ptr [<&MSVBVM60.VarPtr>] ; MSVBVM60.VarPtr
00401242 - FF25 F4104000 jmp dword ptr [<&MSVBVM60.rtcGetPres>; MSVBVM60.rtcGetPresentDate
00401248 - FF25 1C104000 jmp dword ptr [<&MSVBVM60.rtcVarFrom>; MSVBVM60.rtcVarFromFormatVar
0040124E - FF25 34104000 jmp dword ptr [<&MSVBVM60.rtcSendKey>; MSVBVM60.rtcSendKeys
00401254 - FF25 74104000 jmp dword ptr [<&MSVBVM60.__vbaExcep>; MSVBVM60.__vbaExceptHandler
0040125A - FF25 70104000 jmp dword ptr [<&MSVBVM60.EVENT_SINK>; MSVBVM60.EVENT_SINK_QueryInterface
00401260 - FF25 4C104000 jmp dword ptr [<&MSVBVM60.EVENT_SINK>; MSVBVM60.EVENT_SINK_AddRef
00401266 - FF25 68104000 jmp dword ptr [<&MSVBVM60.EVENT_SINK>; MSVBVM60.EVENT_SINK_Release
0040126C - FF25 04104000 jmp dword ptr [<&MSVBVM60.MethCallEn>; MSVBVM60.MethCallEngine
00401272 - FF25 98104000 jmp dword ptr [<&MSVBVM60.ProcCallEn>; MSVBVM60.ProcCallEngine
00401278 - FF25 28104000 jmp dword ptr [<&MSVBVM60.GetMem4>] ; MSVBVM60.GetMem4
0040127E - FF25 40104000 jmp dword ptr [<&MSVBVM60.PutMem4>] ; MSVBVM60.PutMem4
00401284 - FF25 24104000 jmp dword ptr [<&MSVBVM60.GetMem2>] ; MSVBVM60.GetMem2
0040128A - FF25 38104000 jmp dword ptr [<&MSVBVM60.PutMem2>] ; MSVBVM60.PutMem2
00401290 - FF25 C8104000 jmp dword ptr [<&MSVBVM60.ThunRTMain>; MSVBVM60.ThunRTMain
00401296 0000 add byte ptr [eax], al
00401298 > 68 1C1A4000 push 00401A1C ; ASCII "VB5!6&*"
0040129D E8 EEFFFFFF call <jmp.&MSVBVM60.ThunRTMain>
|
能力值:
( LV2,RANK:10 )
|
-
-
4 楼
不知上面的代码能否看出问题?
|
能力值:
( LV2,RANK:10 )
|
-
-
5 楼
帖出的代码无用
|
能力值:
( LV2,RANK:10 )
|
-
-
6 楼
一般可以断rtcfilelen
|
能力值:
( LV8,RANK:130 )
|
-
-
7 楼
用隐藏插件,把OD隐藏起来调试,
你说的开始两句只是VB程序的入口代码,还需要深入的去调试
|
能力值:
(RANK:350 )
|
-
-
8 楼
试试】PhantOm plugin 1.20http://bbs.pediy.com/showthread.php?t=55099
|
能力值:
( LV2,RANK:10 )
|
-
-
9 楼
看不懂,我也是菜鸟
|
能力值:
( LV4,RANK:50 )
|
-
-
10 楼
有自校验,你要想搞定的话,可能要重起N次,新手就先别碰它................
|
能力值:
( LV2,RANK:10 )
|
-
-
11 楼
偶一个什么壳都没加的VB6写的程序还没搞定,慢慢学吧!
|
能力值:
( LV2,RANK:10 )
|
-
-
12 楼
谢谢各位了,本想找个简单的试试,没想到找了个这么麻烦的 
|
