关于密码的问题-软件逆向-看雪-安全社区|安全招聘|kanxue.com

最新回复 (18)
cnbragon 雪币： 3686 活跃值： (1036) 能力值： (RANK：760 ) 在线值：发帖 48 回帖 802 粉丝 9 关注私信	cnbragon 18 2 楼最初由 haojiu 发布关于密码的问题我现在有一个软件，他有个注册机是读硬盘号的，我要把硬盘号告诉他，他在给我一个号添上，软件才能用，我有几个硬盘，可每注册一个就要花一次钱，我现在有几个号，可怎么也没算明白他们之间的关系，大家帮帮忙，看看他们之间的关系，先谢谢注： 7Se59796Oe58-----硬盘SN号 2o641913R3121sG--注册号 ........ 兄弟,一般是需要对这个软件的注册算法进行分析的，这些信息显然不够，如果方便，请把告知软件名称...:D 2004-11-25 16:36 0
cnbragon 雪币： 3686 活跃值： (1036) 能力值： (RANK：760 ) 在线值：发帖 48 回帖 802 粉丝 9 关注私信	cnbragon 18 3 楼你也可以向软件作者说明情况让他多给你几个sn:D 2004-11-25 16:36 0
shoooo 雪币： 398 活跃值： (343) 能力值： (RANK：650 ) 在线值：发帖 91 回帖 2169 粉丝 5 关注私信	shoooo 16 4 楼有个东东可以改硬盘序列号的，不过要重启 2004-11-25 22:00 0
cnbragon 雪币： 3686 活跃值： (1036) 能力值： (RANK：760 ) 在线值：发帖 48 回帖 802 粉丝 9 关注私信	cnbragon 18 5 楼如果你的机器上有其它的软件也用硬盘序列号注册的话，那么你又要重新注册了:) 2004-11-25 22:17 0
haojiu 雪币： 202 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 27 粉丝 0 关注私信	haojiu 6 楼那么怎么找出他的算法,怎么看他是用什么方法加的密呢? 软件是专用的网上没有,他的用户不超过200个而且在本省 2004-12-1 11:50 0
cnbragon 雪币： 3686 活跃值： (1036) 能力值： (RANK：760 ) 在线值：发帖 48 回帖 802 粉丝 9 关注私信	cnbragon 18 7 楼动态跟踪，看看该软件是如何处理你输入的注册码的 2004-12-1 15:16 0
haojiu 雪币： 202 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 27 粉丝 0 关注私信	haojiu 8 楼我用W32和OLL,可他没什么变化啊 2004-12-4 23:18 0
haojiu 雪币： 202 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 27 粉丝 0 关注私信	haojiu 9 楼我发现他是一位一位的读,比较,不对反回,而且他和另一个软件对比,我改了几个跳转,可他就不能用了,好象加壳了,可用PEID等没发现, 2004-12-13 14:02 0
cnbragon 雪币： 3686 活跃值： (1036) 能力值： (RANK：760 ) 在线值：发帖 48 回帖 802 粉丝 9 关注私信	cnbragon 18 10 楼最初由 haojiu 发布我发现他是一位一位的读,比较,不对反回,而且他和另一个软件对比,我改了几个跳转,可他就不能用了,好象加壳了,可用PEID等没发现, 不能用了是什么意思？如果是自校验肯定有提示的, 一位一位的读比较和什么比较？怎么比较？这些你都分析了吗？和另一个软件对比是什么意思？ 2004-12-13 16:41 0
haojiu 雪币： 202 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 27 粉丝 0 关注私信	haojiu 11 楼 :00401000 56 push esi :00401001 A0386AF295 mov al, byte ptr [95F26A38] :00401006 37 aaa :00401007 6A44 push 00000044 :00401009 59 pop ecx :0040100A 36 BYTE 036h :0040100B 6AFC push FFFFFFFC :0040100D B137 mov cl, 37 :0040100F 6A8D push FFFFFF8D :00401011 69376A745936 imul esi, dword ptr [edi], 3659746A :00401017 6AF9 push FFFFFFF9 :00401019 9A386A9E10386A call 6A38:109E6A38 :00401020 CE into :00401021 49 dec ecx :00401022 2A6A0D sub ch, byte ptr [edx+0D] :00401025 54 push esp :00401026 2A6A73 sub ch, byte ptr [edx+73] :00401029 1038 adc byte ptr [eax], bh :0040102B 6A4E push 0000004E :0040102D 6237 bound esi, dword ptr [edi] :0040102F 6A8B push FFFFFF8B :00401031 B436 mov ah, 36 :00401033 6AD5 push FFFFFFD5 :00401035 68376A2754 push 54276A37 :0040103A 2A6A24 sub ch, byte ptr [edx+24] :0040103D 7335 jnb 00401074 :0040103F 6AE1 push FFFFFFE1 :00401041 4B dec ebx :00401042 2A6ABE sub ch, byte ptr [edx-42] :00401045 B136 mov cl, 36 :00401047 6A02 push 00000002 :00401049 6237 bound esi, dword ptr [edi] :0040104B 6AF5 push FFFFFFF5 :0040104D 1F pop ds :0040104E 36 BYTE 036h :0040104F 6AFC push FFFFFFFC :00401051 2A36 sub dh, byte ptr [esi] :00401053 6AA7 push FFFFFFA7 :00401055 662A6A31 sub ch, byte ptr [edx+31] :00401059 2B36 sub esi, dword ptr [esi] :0040105B 6A6B push 0000006B :0040105D 94 xchg eax,esp :0040105E 36 BYTE 036h :0040105F 6A29 push 00000029 :00401061 2F das :00401062 36 BYTE 036h :00401063 6AE3 push FFFFFFE3 :00401065 42 inc edx :00401066 2A6A2C sub ch, byte ptr [edx+2C] :00401069 45 inc ebp :0040106A 2A6A9A sub ch, byte ptr [edx-66] :0040106D 6237 bound esi, dword ptr [edi] :0040106F 6A98 push FFFFFF98 :00401071 45 inc ebp :00401072 2A6A9A sub ch, byte ptr [edx-66] :00401075 6337 arpl dword ptr [edi], esi :00401077 6A64 push 00000064 :00401079 B337 mov bl, 37 :0040107B 6A03 push 00000003 :0040107D B436 mov ah, 36 :0040107F 6AAF push FFFFFFAF :00401081 44 inc esp :00401082 2A6AF5 sub ch, byte ptr [edx-0B] :00401085 C0 BYTE 0d0h :00401086 36 BYTE 036h :00401087 6AD5 push FFFFFFD5 :00401089 632A arpl dword ptr [edx], ebp :0040108B 6A6F push 0000006F :0040108D D829 fsubr dword ptr [ecx] :0040108F 6A07 push 00000007 :00401091 2236 and dh, byte ptr [esi] :00401093 6A13 push 00000013 :00401095 48 dec eax :00401096 2A6AA5 sub ch, byte ptr [edx-5B] :00401099 2436 and al, 36 :0040109B 6AB4 push FFFFFFB4 :0040109D 9E sahf :0040109E 36 BYTE 036h :0040109F 6ADE push FFFFFFDE :004010A1 49 dec ecx :004010A2 2A6A78 sub ch, byte ptr [edx+78] :004010A5 B729 mov bh, 29 :004010A7 6A8A push FFFFFF8A :004010A9 69376A012136 imul esi, dword ptr [edi], 3621016A :004010AF 6A85 push FFFFFF85 :004010B1 E32A jcxz 004010DD :004010B3 6A09 push 00000009 :004010B5 B437 mov ah, 37 :004010B7 6A7C push 0000007C :004010B9 67356A266A36 xor eax, 366A266A :004010BF 6A5B push 0000005B :004010C1 4E dec esi :004010C2 2A6A07 sub ch, byte ptr [edx+07] :004010C5 6F outsd :004010C6 356AC4A837 xor eax, 37A8C46A :004010CB 6A1D push 0000001D :004010CD 6637 aaa :004010CF 6A4E push 0000004E :004010D1 6337 arpl dword ptr [edi], esi :004010D3 6A47 push 00000047 :004010D5 C2366A ret 6A36 :004010D8 016336 add dword ptr [ebx+36], esp :004010DB 6A7F push 0000007F :004010DD 9D popfd :004010DE 386A7C cmp byte ptr [edx+7C], ch :004010E1 69366AC5B036 imul esi, dword ptr [esi], 36B0C56A :004010E7 6AA1 push FFFFFFA1 :004010E9 B237 mov dl, 37 :004010EB 6AD2 push FFFFFFD2 :004010ED 90 nop :004010EE 356A82582A xor eax, 2A58826A :004010F3 6A99 push FFFFFF99 :004010F5 57 push edi :004010F6 2A6A95 sub ch, byte ptr [edx-6B] :004010F9 64 BYTE 064h :004010FA 36 BYTE 036h :004010FB 6AAC push FFFFFFAC :004010FD C7296ACE6237 mov dword ptr [ecx], 3762CE6A :00401103 6ACE push FFFFFFCE :00401105 6337 arpl dword ptr [edi], esi :00401107 6AF6 push FFFFFFF6 :00401109 44 inc esp :0040110A 2A6A09 sub ch, byte ptr [edx+09] :0040110D 64 BYTE 064h :0040110E 36 BYTE 036h :0040110F 6AB0 push FFFFFFB0 :00401111 48 dec eax :00401112 2A6A02 sub ch, byte ptr [edx+02] :00401115 6337 arpl dword ptr [edi], esi :00401117 6A3D push 0000003D :00401119 5D pop ebp :0040111A 37 aaa :0040111B 6A3E push 0000003E :0040111D DE28 fisubr word ptr [eax] :0040111F 6A77 push 00000077 :00401121 95 xchg eax,ebp :00401122 36 BYTE 036h :00401123 6A3C push 0000003C :00401125 94 xchg eax,esp :00401126 37 aaa :00401127 6ABF push FFFFFFBF :00401129 C7356A2DA0386A36B829 mov dword ptr [38A02D6A], 29B8366A :00401133 6ACA push FFFFFFCA :00401135 16 push ss :00401136 386ADC cmp byte ptr [edx-24], ch :00401139 9D popfd :0040113A 386AF1 cmp byte ptr [edx-0F], ch :0040113D 49 dec ecx :0040113E 2A6A36 sub ch, byte ptr [edx+36] :00401141 B137 mov cl, 37 :00401143 6AA1 push FFFFFFA1 :00401145 0F BYTE 0fh :00401146 386A5E cmp byte ptr [edx+5E], ch :00401149 47 inc edi :0040114A 2A6ABC sub ch, byte ptr [edx-44] :0040114D DA36 ffidiv dword ptr [esi] :0040114F 6A71 push 00000071 :00401151 B336 mov bl, 36 :00401153 6AEA push FFFFFFEA :00401155 2037 and byte ptr [edi], dh :00401157 6ABA push FFFFFFBA :00401159 B437 mov ah, 37 :0040115B 6A35 push 00000035 :0040115D 0F BYTE 0fh :0040115E 37 aaa :0040115F 6AD7 push FFFFFFD7 :00401161 50 push eax :00401162 2A6AFE sub ch, byte ptr [edx-02] :00401165 47 inc edi :00401166 2A6A70 sub ch, byte ptr [edx+70] :00401169 95 xchg eax,ebp :0040116A 36 BYTE 036h :0040116B 6A00 push 00000000 :0040116D 000000 BYTE 3 DUP(0) :00401170 05000800DC add eax, DC000800 :00401175 324000 xor al, byte ptr [eax+00] :00401178 00000000 BYTE 4 DUP(0) :0040117C E332 jcxz 004011B0 :0040117E 40 inc eax :0040117F 0007 add byte ptr [edi], al :00401181 0008 add byte ptr [eax], cl :00401183 0028 add byte ptr [eax], ch :00401185 36 BYTE 036h :00401186 40 inc eax :00401187 004236 add byte ptr [edx+36], al :0040118A 40 inc eax :0040118B 002F add byte ptr [edi], ch :0040118D 36 BYTE 036h :0040118E 40 inc eax :0040118F 00050008000D add byte ptr [0D000800], al :00401195 37 aaa :00401196 40 inc eax :00401197 0000000000 BYTE 5 DUP(0) :0040119C 1437 adc al, 37 :0040119E 40 inc eax :0040119F 0016 add byte ptr [esi], dl :004011A1 0010 add byte ptr [eax], dl :004011A3 0000000000 BYTE 5 DUP(0) :004011A8 953B4000 DWORD 00403B95 :004011AC 613B4000 DWORD 00403B61 :004011B0 B8114000 DWORD 004011B8 :004011B4 00000000 BYTE 4 DUP(0) :004011B8 0100 add dword ptr [eax], eax :004011BA 0000 add byte ptr [eax], al :004011BC 0100 add dword ptr [eax], eax :004011BE 0000 add byte ptr [eax], al :004011C0 54 push esp :004011C1 3B4000 cmp eax, dword ptr [eax+00] :004011C4 00000000 BYTE 4 DUP(0) :004011C8 0500080083 add eax, 83000800 :004011CD 3C40 cmp al, 40 :004011CF 0000000000 BYTE 5 DUP(0) :004011D4 8A3C40 mov bh, byte ptr [eax+2*eax] :004011D7 000F add byte ptr [edi], cl :004011D9 0008 add byte ptr [eax], cl :004011DB 00C9 add cl, cl :004011DD 3D4000F33D cmp eax, 3DF30040 :004011E2 40 inc eax :004011E3 00D0 add al, dl :004011E5 3D40000E00 cmp eax, 000E0040 :004011EA 0800 or byte ptr [eax], al :004011EC 00000000 BYTE 4 DUP(0) :004011F0 E0424000 DWORD 004042E0 :004011F4 A9424000 DWORD 004042A9 :004011F8 0500080035 add eax, 35000800 :004011FD 44 inc esp :004011FE 40 inc eax :004011FF 0000000000 BYTE 5 DUP(0) :00401204 3C44 cmp al, 44 :00401206 40 inc eax :00401207 000400 add byte ptr [eax+eax], al :0040120A 0400 add al, 00 :0040120C 0000000000000000 BYTE 8 DUP(0) :00401214 A145400016 mov eax, dword ptr [16004045] :00401219 0010 add byte ptr [eax], dl :0040121B 0000000000 BYTE 5 DUP(0) :00401220 E8464000 DWORD 004046E8 :00401224 D0464000 DWORD 004046D0 :00401228 30124000 DWORD 00401230 :0040122C 00000000 BYTE 4 DUP(0) :00401230 0100 add dword ptr [eax], eax :00401232 0000 add byte ptr [eax], al :00401234 0100 add dword ptr [eax], eax :00401236 0000 add byte ptr [eax], al :00401238 C3 ret :00401239 46 inc esi :0040123A 40 inc eax :0040123B 0000000000 BYTE 5 DUP(0) :00401240 0E push cs :00401241 0008 add byte ptr [eax], cl :00401243 0000000000 BYTE 5 DUP(0) :00401248 23484000 DWORD 00404823 :0040124C 01484000 DWORD 00404801 :00401250 0E push cs :00401251 0008 add byte ptr [eax], cl :00401253 0000000000 BYTE 5 DUP(0) :00401258 6C494000 DWORD 0040496C :0040125C 45494000 DWORD 00404945 :00401260 16 push ss :00401261 0010 add byte ptr [eax], dl :00401263 0000000000 BYTE 5 DUP(0) :00401268 6D4D4000 DWORD 00404D6D :0040126C 504D4000 DWORD 00404D50 :00401270 78124000 DWORD 00401278 :00401274 00000000 BYTE 4 DUP(0) :00401278 0100 add dword ptr [eax], eax :0040127A 0000 add byte ptr [eax], al :0040127C 0100 add dword ptr [eax], eax :0040127E 0000 add byte ptr [eax], al :00401280 42 inc edx :00401281 4D dec ebp :00401282 40 inc eax :00401283 000000 BYTE 3 DUP(0) :00401286 7B43 jpo 004012CB :00401288 000000000000 BYTE 6 DUP(0) :0040128E 1440 adc al, 40 :00401290 0E push cs :00401291 0008 add byte ptr [eax], cl :00401293 0000000000 BYTE 5 DUP(0) :00401298 71564000 DWORD 00405671 :0040129C 37564000 DWORD 00405637 :004012A0 0E push cs :004012A1 0008 add byte ptr [eax], cl :004012A3 0000000000 BYTE 5 DUP(0) :004012A8 05584000 DWORD 00405805 :004012AC D6574000 DWORD 004057D6 2004-12-13 23:00 0
haojiu 雪币： 202 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 27 粉丝 0 关注私信	haojiu 12 楼 * Reference To: MSVBVM60.__vbaChkstk, Ord:0000h \| :004012B0 FF2580104000 Jmp dword ptr [00401080] * Reference To: MSVBVM60.__vbaExceptHandler, Ord:0000h \| :004012B6 FF25C0104000 Jmp dword ptr [004010C0] * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: \|:00404DB5(U), :004056B8(U) \| * Reference To: MSVBVM60.__vbaFPException, Ord:0000h \| :004012BC FF25DC104000 Jmp dword ptr [004010DC] * Reference To: MSVBVM60._adj_fdiv_m16i, Ord:0000h \| :004012C2 FF256C104000 Jmp dword ptr [0040106C] * Reference To: MSVBVM60._adj_fdiv_m32, Ord:0000h \| :004012C8 FF2548104000 Jmp dword ptr [00401048] * Reference To: MSVBVM60._adj_fdiv_m32i, Ord:0000h \| :004012CE FF2500114000 Jmp dword ptr [00401100] * Referenced by a CALL at Address: \|:0040517A \| * Reference To: MSVBVM60._adj_fdiv_m64, Ord:0000h \| :004012D4 FF252C104000 Jmp dword ptr [0040102C] * Reference To: MSVBVM60._adj_fdiv_r, Ord:0000h \| :004012DA FF2518114000 Jmp dword ptr [00401118] * Reference To: MSVBVM60._adj_fdivr_m16i, Ord:0000h \| :004012E0 FF2574104000 Jmp dword ptr [00401074] * Reference To: MSVBVM60._adj_fdivr_m32, Ord:0000h \| :004012E6 FF2514114000 Jmp dword ptr [00401114] * Reference To: MSVBVM60._adj_fdivr_m32i, Ord:0000h \| :004012EC FF2504114000 Jmp dword ptr [00401104] * Reference To: MSVBVM60._adj_fdivr_m64, Ord:0000h \| :004012F2 FF25D0104000 Jmp dword ptr [004010D0] * Reference To: MSVBVM60._adj_fpatan, Ord:0000h \| :004012F8 FF25A8104000 Jmp dword ptr [004010A8] * Reference To: MSVBVM60._adj_fprem, Ord:0000h \| :004012FE FF25CC104000 Jmp dword ptr [004010CC] * Reference To: MSVBVM60._adj_fprem1, Ord:0000h \| :00401304 FF2534104000 Jmp dword ptr [00401034] * Reference To: MSVBVM60._adj_fptan, Ord:0000h \| :0040130A FF2510104000 Jmp dword ptr [00401010] * Reference To: MSVBVM60._CIatan, Ord:0000h \| :00401310 FF2540114000 Jmp dword ptr [00401140] * Reference To: MSVBVM60._CIcos, Ord:0000h \| :00401316 FF250C104000 Jmp dword ptr [0040100C] * Reference To: MSVBVM60._CIexp, Ord:0000h \| :0040131C FF255C114000 Jmp dword ptr [0040115C] * Reference To: MSVBVM60._CIlog, Ord:0000h \| :00401322 FF25E8104000 Jmp dword ptr [004010E8] * Reference To: MSVBVM60._CIsin, Ord:0000h \| :00401328 FF2578104000 Jmp dword ptr [00401078] * Reference To: MSVBVM60._CIsqrt, Ord:0000h \| :0040132E FF25B4104000 Jmp dword ptr [004010B4] * Reference To: MSVBVM60._CItan, Ord:0000h \| :00401334 FF2558114000 Jmp dword ptr [00401158] * Reference To: MSVBVM60._allmul, Ord:0000h \| :0040133A FF2554114000 Jmp dword ptr [00401154] * Reference To: MSVBVM60.DllFunctionCall, Ord:0000h \| :00401340 FF25A4104000 Jmp dword ptr [004010A4] * Reference To: MSVBVM60.__vbaStrCmp, Ord:0000h \| :00401346 FF2594104000 Jmp dword ptr [00401094] * Reference To: MSVBVM60.rtcAnsiValueBstr, Ord:0204h \| :0040134C FF2530104000 Jmp dword ptr [00401030] * Reference To: MSVBVM60.rtcVarBstrFromAnsi, Ord:0260h \| :00401352 FF25D8104000 Jmp dword ptr [004010D8] * Reference To: MSVBVM60.__vbaErrorOverflow, Ord:0000h \| :00401358 FF25EC104000 Jmp dword ptr [004010EC] * Reference To: MSVBVM60.__vbaExitProc, Ord:0000h \| :0040135E FF2554104000 Jmp dword ptr [00401054] * Reference To: MSVBVM60.__vbaI4ErrVar, Ord:0000h \| :00401364 FF2568114000 Jmp dword ptr [00401168] * Reference To: MSVBVM60.__vbaFreeVar, Ord:0000h \| :0040136A FF251C104000 Jmp dword ptr [0040101C] * Reference To: MSVBVM60.rtcLeftCharVar, Ord:0269h \| :00401370 FF253C114000 Jmp dword ptr [0040113C] * Reference To: MSVBVM60.__vbaStrCat, Ord:0000h \| :00401376 FF2538104000 Jmp dword ptr [00401038] * Reference To: MSVBVM60.__vbaI4Str, Ord:0000h \| :0040137C FF250C114000 Jmp dword ptr [0040110C] * Reference To: MSVBVM60.rtcMidCharVar, Ord:0278h \| :00401382 FF257C104000 Jmp dword ptr [0040107C] * Reference To: MSVBVM60.__vbaStrVarMove, Ord:0000h \| :00401388 FF2524104000 Jmp dword ptr [00401024] * Reference To: MSVBVM60.rtcReplace, Ord:02C8h \| :0040138E FF25C8104000 Jmp dword ptr [004010C8] * Reference To: MSVBVM60.__vbaStrI4, Ord:0000h \| :00401394 FF2514104000 Jmp dword ptr [00401014] * Reference To: MSVBVM60.__vbaStrMove, Ord:0000h \| :0040139A FF2548114000 Jmp dword ptr [00401148] * Reference To: MSVBVM60.__vbaCastObj, Ord:0000h \| :004013A0 FF2544114000 Jmp dword ptr [00401144] * Reference To: MSVBVM60.__vbaOnError, Ord:0000h \| :004013A6 FF2568104000 Jmp dword ptr [00401068] * Reference To: MSVBVM60.__vbaObjSetAddref, Ord:0000h \| :004013AC FF2570104000 Jmp dword ptr [00401070] * Reference To: MSVBVM60.__vbaNew2, Ord:0000h \| :004013B2 FF25FC104000 Jmp dword ptr [004010FC] * Reference To: MSVBVM60.__vbaFreeStr, Ord:0000h \| :004013B8 FF2564114000 Jmp dword ptr [00401164] * Reference To: MSVBVM60.__vbaStrCopy, Ord:0000h \| :004013BE FF2508114000 Jmp dword ptr [00401108] * Reference To: MSVBVM60.__vbaFreeObj, Ord:0000h \| :004013C4 FF2560114000 Jmp dword ptr [00401160] * Reference To: MSVBVM60.__vbaHresultCheckObj, Ord:0000h \| :004013CA FF2540104000 Jmp dword ptr [00401040] * Reference To: MSVBVM60.__vbaObjSet, Ord:0000h \| :004013D0 FF2564104000 Jmp dword ptr [00401064] * Reference To: MSVBVM60.__vbaLenBstr, Ord:0000h \| :004013D6 FF2520104000 Jmp dword ptr [00401020] * Reference To: MSVBVM60.__vbaFreeVarList, Ord:0000h \| :004013DC FF2528104000 Jmp dword ptr [00401028] * Reference To: MSVBVM60.__vbaVarDup, Ord:0000h \| :004013E2 FF2534114000 Jmp dword ptr [00401134] * Reference To: MSVBVM60.rtcMsgBox, Ord:0253h \| :004013E8 FF2560104000 Jmp dword ptr [00401060] * Reference To: MSVBVM60.__vbaLenVar, Ord:0000h \| :004013EE FF2544104000 Jmp dword ptr [00401044] * Reference To: MSVBVM60.__vbaVarSub, Ord:0000h \| :004013F4 FF2500104000 Jmp dword ptr [00401000] * Reference To: MSVBVM60.__vbaI4Var, Ord:0000h \| :004013FA FF2520114000 Jmp dword ptr [00401120] * Reference To: MSVBVM60.rtcStringVar, Ord:025Fh \| :00401400 FF25D4104000 Jmp dword ptr [004010D4] * Reference To: MSVBVM60.__vbaVarCat, Ord:0000h \| :00401406 FF25E4104000 Jmp dword ptr [004010E4] * Reference To: MSVBVM60.rtcRightCharVar, Ord:026Bh \| :0040140C FF2550114000 Jmp dword ptr [00401150] * Reference To: MSVBVM60.__vbaI4Abs, Ord:0000h \| :00401412 FF255C104000 Jmp dword ptr [0040105C] * Reference To: MSVBVM60.__vbaR8Str, Ord:0000h \| :00401418 FF25F8104000 Jmp dword ptr [004010F8] * Reference To: MSVBVM60.__vbaFpI4, Ord:0000h \| :0040141E FF2538114000 Jmp dword ptr [00401138] * Reference To: MSVBVM60.__vbaStrI2, Ord:0000h \| :00401424 FF2508104000 Jmp dword ptr [00401008] * Reference To: MSVBVM60.__vbaRedim, Ord:0000h \| :0040142A FF25AC104000 Jmp dword ptr [004010AC] * Reference To: MSVBVM60.__vbaAryDestruct, Ord:0000h \| :00401430 FF254C104000 Jmp dword ptr [0040104C] * Reference To: MSVBVM60.__vbaFileClose, Ord:0000h \| :00401436 FF2588104000 Jmp dword ptr [00401088] * Reference To: MSVBVM60.__vbaPutOwner3, Ord:0000h \| :0040143C FF259C104000 Jmp dword ptr [0040109C] * Reference To: MSVBVM60.__vbaFileOpen, Ord:0000h \| :00401442 FF25F0104000 Jmp dword ptr [004010F0] * Reference To: MSVBVM60.rtcFreeFile, Ord:0288h \| :00401448 FF25F4104000 Jmp dword ptr [004010F4] * Reference To: MSVBVM60.rtcGetDateVar, Ord:0262h \| :0040144E FF2528114000 Jmp dword ptr [00401128] * Reference To: MSVBVM60.__vbaVarAdd, Ord:0000h \| :00401454 FF252C114000 Jmp dword ptr [0040112C] * Reference To: MSVBVM60.__vbaUI1I4, Ord:0000h \| :0040145A FF25BC104000 Jmp dword ptr [004010BC] * Reference To: MSVBVM60.__vbaGenerateBoundsError, Ord:0000h \| :00401460 FF2590104000 Jmp dword ptr [00401090] * Reference To: MSVBVM60.__vbaR8IntI4, Ord:0000h \| :00401466 FF254C114000 Jmp dword ptr [0040114C] * Reference To: MSVBVM60.rtcRandomNext, Ord:0251h \| :0040146C FF2550104000 Jmp dword ptr [00401050] * Reference To: MSVBVM60.rtcRandomize, Ord:0252h \| :00401472 FF2558104000 Jmp dword ptr [00401058] * Reference To: MSVBVM60.__vbaAryConstruct2, Ord:0000h \| :00401478 FF2598104000 Jmp dword ptr [00401098] * Reference To: MSVBVM60.__vbaStrToUnicode, Ord:0000h \| :0040147E FF25C4104000 Jmp dword ptr [004010C4] * Reference To: MSVBVM60.__vbaSetSystemError, Ord:0000h \| :00401484 FF253C104000 Jmp dword ptr [0040103C] * Reference To: MSVBVM60.__vbaStrToAnsi, Ord:0000h \| :0040148A FF2530114000 Jmp dword ptr [00401130] * Reference To: MSVBVM60.__vbaI2I4, Ord:0000h \| :00401490 FF25A0104000 Jmp dword ptr [004010A0] * Reference To: MSVBVM60.rtcSpaceVar, Ord:020Eh \| :00401496 FF2584104000 Jmp dword ptr [00401084] * Reference To: MSVBVM60.__vbaStrVarVal, Ord:0000h \| :0040149C FF25E0104000 Jmp dword ptr [004010E0] * Reference To: MSVBVM60.__vbaVarVargNofree, Ord:0000h \| :004014A2 FF2518104000 Jmp dword ptr [00401018] * Reference To: MSVBVM60.rtcGetSetting, Ord:02B1h \| :004014A8 FF2524114000 Jmp dword ptr [00401124] * Reference To: MSVBVM60.rtcSaveSetting, Ord:02B2h \| :004014AE FF2504104000 Jmp dword ptr [00401004] * Reference To: MSVBVM60.__vbaFreeStrList, Ord:0000h \| :004014B4 FF2510114000 Jmp dword ptr [00401110] * Reference To: MSVBVM60.EVENT_SINK_QueryInterface, Ord:0000h \| :004014BA FF25B8104000 Jmp dword ptr [004010B8] * Reference To: MSVBVM60.EVENT_SINK_AddRef, Ord:0000h \| :004014C0 FF258C104000 Jmp dword ptr [0040108C] * Reference To: MSVBVM60.EVENT_SINK_Release, Ord:0000h \| :004014C6 FF25B0104000 Jmp dword ptr [004010B0] * Referenced by a CALL at Address: \|:004014D9 这些跳应该没什么用吧？ 2004-12-13 23:01 0
haojiu 雪币： 202 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 27 粉丝 0 关注私信	haojiu 13 楼 //****************** Program Entry Point ****** :004014D4 68C0154000 push 004015C0 * Reference To: MSVBVM60.ThunRTMain, Ord:0064h \| :004014D9 E8EEFFFFFF Call 004014CC :004014DE 000000000000 BYTE 6 DUP(0) :004014E4 3000 xor byte ptr [eax], al :004014E6 0000 add byte ptr [eax], al :004014E8 40 inc eax :004014E9 00000000000000 BYTE 7 DUP(0) :004014F0 45 inc ebp :004014F1 58 pop eax :004014F2 229B75E3F141 and bl, byte ptr [ebx+41F1E375] :004014F8 9E sahf :004014F9 BC6E0B4324 mov esp, 24430B6E :004014FE C3 ret :004014FF 0E push cs :00401500 000000000000 BYTE 6 DUP(0) :00401506 0100 add dword ptr [eax], eax :00401508 0000 add byte ptr [eax], al :0040150A 2D43303030 sub eax, 30303043 :0040150F 2D61747465 sub eax, 65747461 :00401514 7374 jnb 0040158A :00401516 61 popad :00401517 7469 je 00401582 :00401519 6F outsd :0040151A 6E outsb :0040151B 007D23 add byte ptr [ebp+23], bh :0040151E 322E xor ch, byte ptr [esi] :00401520 00000000 BYTE 4 DUP(0) :00401524 06 push es :00401525 000000 BYTE 3 DUP(0) :00401528 B424 mov ah, 24 :0040152A 40 inc eax :0040152B 0007 add byte ptr [edi], al :0040152D 000000 BYTE 3 DUP(0) :00401530 54 push esp :00401531 224000 and al, byte ptr [eax+00] :00401534 0100 add dword ptr [eax], eax :00401536 0100 add dword ptr [eax], eax :00401538 D41E aam (base30) :0040153A 40 inc eax :0040153B 0000000000 BYTE 5 DUP(0) :00401540 FFFFFFFFFFFFFFFF BYTE 8 DUP(0ffh) :00401548 00000000 BYTE 4 DUP(0) :0040154C 581F4000 DWORD 00401F58 :00401550 1C604000 DWORD 0040601C :00401554 0100 add dword ptr [eax], eax :00401556 0000 add byte ptr [eax], al :00401558 6C insb :00401559 1540000000 adc eax, 00000040 :0040155E 00000000000000000000 BYTE 10 DUP(0) :00401568 6C insb :00401569 1540000000 adc eax, 00000040 :0040156E 0000 add byte ptr [eax], al :00401570 50 push eax :00401571 000000 BYTE 3 DUP(0) :00401574 DF922A832FA6 fist word ptr [edx+A62F832A] :0040157A 384AB3 cmp byte ptr [edx-4D], cl :0040157D 62A8416006AB bound ebp, dword ptr [eax+AB066041] :00401583 1200 adc al, byte ptr [eax] :00401585 00000000000000000000 BYTE 10 DUP(0) :0040158F 00000000000000000000 BYTE 10 DUP(0) :00401599 0400 add al, 00 :0040159B 00000000000000000000 BYTE 10 DUP(0) :004015A5 00000000000000000000 BYTE 10 DUP(0) :004015AF 00 BYTE 0 :004015B0 BA08000000 mov edx, 00000008 :004015B5 000000 BYTE 3 DUP(0) :004015B8 2027 and byte ptr [edi], ah :004015BA 40 inc eax :004015BB 004C0000 add byte ptr [eax+eax], cl :004015BF 005642 add byte ptr [esi+42], dl :004015C2 35211C232A xor eax, 2A231C21 :004015C7 00000000000000000000 BYTE 10 DUP(0) :004015D1 000000 BYTE 3 DUP(0) :004015D4 7E00 jle 004015D6 * Referenced by a (U)nconditional or (C)onditional Jump at Address: \|:004015D4(C) \| :004015D6 00000000000000000000 BYTE 10 DUP(0) :004015E0 0000 BYTE 2 DUP(0) :004015E2 0A00 or al, byte ptr [eax] :004015E4 090400 or dword ptr [eax+eax], eax :004015E7 0000000000 BYTE 5 DUP(0) :004015EC 70444000 DWORD 00404470 :004015F0 60164000 DWORD 00401660 :004015F4 17 pop ss :004015F5 F0 lock :004015F6 3000 xor byte ptr [eax], al :004015F8 00FF add bh, bh :004015FA FFFF BYTE 2 DUP(0ffh) :004015FC 0800 or byte ptr [eax], al :004015FE 0000 add byte ptr [eax], al :00401600 0100 add dword ptr [eax], eax :00401602 0000 add byte ptr [eax], al :00401604 0100 add dword ptr [eax], eax :00401606 0000 add byte ptr [eax], al :00401608 E900000070 jmp 7040160D :0040160D 1540002415 adc eax, 15240040 :00401612 40 inc eax :00401613 00E0 add al, ah :00401615 1440 adc al, 40 :00401617 007800 add byte ptr [eax+00], bh :0040161A 0000 add byte ptr [eax], al :0040161C 8400 test byte ptr [eax], al :0040161E 0000 add byte ptr [eax], al :00401620 90 nop :00401621 000000 BYTE 3 DUP(0) :00401624 91 xchg eax,ecx :00401625 00000000000000000000 BYTE 10 DUP(0) :0040162F 000000000000000000 BYTE 9 DUP(0) :00401638 61 popad :00401639 7474 je 004016AF :0040163B 65 BYTE 065h :0040163C 7374 jnb 004016B2 :0040163E 61 popad :0040163F 7469 je 004016AA :00401641 6F outsd :00401642 6E outsb :00401643 006174 add byte ptr [ecx+74], ah :00401646 7465 je 004016AD :00401648 7374 jnb 004016BE :0040164A 61 popad :0040164B 7469 je 004016B6 :0040164D 6F outsd :0040164E 6E outsb :0040164F 0000 add byte ptr [eax], al :00401651 61 popad :00401652 7474 je 004016C8 :00401654 65 BYTE 065h :00401655 7374 jnb 004016CB :00401657 61 popad :00401658 7469 je 004016C3 :0040165A 6F outsd :0040165B 6E outsb :0040165C 00000000 BYTE 4 DUP(0) :00401660 F4 hlt :00401661 0100 add dword ptr [eax], eax :00401663 00D4 add ah, dl :00401665 1E push ds :00401666 40 inc eax :00401667 0000000000 BYTE 5 DUP(0) :0040166C 20314000 DWORD 00403120 :00401670 30584000 DWORD 00405830 :00401674 7C0A jl 00401680 :00401676 0000 add byte ptr [eax], al 这应该是密码 2004-12-13 23:05 0
haojiu 雪币： 202 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 27 粉丝 0 关注私信	haojiu 14 楼 :00401894 2415 and al, 15 :00401896 40 inc eax :00401897 0002 add byte ptr [edx], al :00401899 000000 BYTE 3 DUP(0) :0040189C 0100 add dword ptr [eax], eax :0040189E 0000 add byte ptr [eax], al :004018A0 D41E aam (base30) :004018A2 40 inc eax :004018A3 0000000000 BYTE 5 DUP(0) :004018A8 64304000 xor byte ptr fs:[eax+00], al :004018AC FFFFFFFF BYTE 4 DUP(0ffh) :004018B0 00000000 BYTE 4 DUP(0) :004018B4 281F4000 DWORD 00401F28 :004018B8 08604000 DWORD 00406008 :004018BC 00000000 BYTE 4 DUP(0) :004018C0 A085180000 mov al, byte ptr [00001885] :004018C5 00000000000000000000 BYTE 10 DUP(0) :004018CF 00 BYTE 0 :004018D0 1419 adc al, 19 :004018D2 40 inc eax :004018D3 0001 add byte ptr [ecx], al :004018D5 000000 BYTE 3 DUP(0) :004018D8 9C pushfd :004018D9 204000 and byte ptr [eax+00], al :004018DC 00000000 BYTE 4 DUP(0) :004018E0 1419 adc al, 19 :004018E2 40 inc eax :004018E3 0001 add byte ptr [ecx], al :004018E5 000000 BYTE 3 DUP(0) :004018E8 1C19 sbb al, 19 :004018EA 40 inc eax :004018EB 0000000000 BYTE 5 DUP(0) :004018F0 1819 sbb byte ptr [ecx], bl :004018F2 40 inc eax :004018F3 0009 add byte ptr [ecx], cl :004018F5 000000 BYTE 3 DUP(0) :004018F8 1C19 sbb al, 19 :004018FA 40 inc eax :004018FB 0008 add byte ptr [eax], cl :004018FD 00B70168006C add byte ptr [edi+6C006801], dh :00401903 00841A40006063 add byte ptr [edx+ebx+63600040], al :0040190A 40 inc eax :0040190B 0000000000 BYTE 5 DUP(0) :00401910 34B8 xor al, B8 :00401912 1A00 sbb al, byte ptr [eax] :00401914 AC204000 DWORD 004020AC :00401918 BC204000 DWORD 004020BC :0040191C 40 inc eax :0040191D 0012 add byte ptr [edx], dl :0040191F 0038 add byte ptr [eax], bh :00401921 000000 BYTE 3 DUP(0) :00401924 CC int 03 :00401925 204000 and byte ptr [eax+00], al :00401928 0400 add al, 00 :0040192A 0300 add eax, dword ptr [eax] :0040192C 0000000000000000 BYTE 8 DUP(0) :00401934 A4 movsb :00401935 1A4000 sbb al, byte ptr [eax+00] :00401938 88AB1C00DC20 mov byte ptr [ebx+20DC001C], ch :0040193E 40 inc eax :0040193F 000400 add byte ptr [eax+eax], al :00401942 0300 add eax, dword ptr [eax] :00401944 40 inc eax :00401945 0012 add byte ptr [edx], dl :00401947 003C00 add byte ptr [eax+eax], bh :0040194A 0000 add byte ptr [eax], al :0040194C CC int 03 :0040194D 204000 and byte ptr [eax+00], al :00401950 0800 or byte ptr [eax], al :00401952 0300 add eax, dword ptr [eax] :00401954 0000000000000000 BYTE 8 DUP(0) :0040195C 041B add al, 1B :0040195E 40 inc eax :0040195F 0088AB1C0058 add byte ptr [eax+58001CAB], cl :00401965 214000 and dword ptr [eax+00], eax :00401968 0800 or byte ptr [eax], al :0040196A 03004000 DWORD 00400003 :0040196E 11004000 DWORD 00400011 :00401972 0000 add byte ptr [eax], al :00401974 60 pushad :00401975 214000 and dword ptr [eax+00], eax :00401978 0200 add al, byte ptr [eax] :0040197A 0300 add eax, dword ptr [eax] :0040197C 0000000000000000 BYTE 8 DUP(0) :00401984 641B4000 sbb eax, dword ptr fs:[eax+00] :00401988 98 cwde :00401989 AB stosd :0040198A 1C00 sbb al, 00 :0040198C 7021 jo 004019AF :0040198E 40 inc eax :0040198F 0002 add byte ptr [edx], al :00401991 0003 add byte ptr [ebx], al :00401993 004000 add byte ptr [eax+00], al :00401996 1200 adc al, byte ptr [eax] :00401998 44 inc esp :00401999 000000 BYTE 3 DUP(0) :0040199C CC int 03 :0040199D 204000 and byte ptr [eax+00], al :004019A0 07 pop es :004019A1 0003 add byte ptr [ebx], al :004019A3 000000000000000000 BYTE 9 DUP(0) :004019AC C01B40 rcr byte ptr [ebx], 40 * Referenced by a (U)nconditional or (C)onditional Jump at Address: \|:0040198C(C) \| :004019AF 0088AB1C007C add byte ptr [eax+7C001CAB], cl :004019B5 214000 and dword ptr [eax+00], eax :004019B8 07 pop es :004019B9 0003 add byte ptr [ebx], al :004019BB 004000 add byte ptr [eax+00], al :004019BE 1200 adc al, byte ptr [eax] :004019C0 48 dec eax :004019C1 000000 BYTE 3 DUP(0) :004019C4 CC int 03 :004019C5 204000 and byte ptr [eax+00], al :004019C8 0500030000 add eax, 00000300 :004019CD 00000000000000 BYTE 7 DUP(0) :004019D4 201C40 and byte ptr [eax+2eax], bl :004019D7 0088AB1C0084 add byte ptr [eax+84001CAB], cl :004019DD 214000 and dword ptr [eax+00], eax :004019E0 0500030040 add eax, 40000300 :004019E5 001F add byte ptr [edi], bl :004019E7 004C0000 add byte ptr [eax+eax], cl :004019EB 008C214000FFFF add byte ptr [ecx-0000FFC0], cl :004019F2 FFFF BYTE 2 DUP(0ffh) :004019F4 0000000000000000 BYTE 8 DUP(0) :004019FC 801C4000 sbb byte ptr [eax+2eax], 00 :00401A00 A8AB test al, AB :00401A02 1C00 sbb al, 00 :00401A04 9C pushfd :00401A05 214000 and dword ptr [eax+00], eax :00401A08 FFFFFFFF BYTE 4 DUP(0ffh) :00401A0C 40 inc eax :00401A0D 0012 add byte ptr [edx], dl :00401A0F 005000 add byte ptr [eax+00], dl :00401A12 0000 add byte ptr [eax], al :00401A14 CC int 03 :00401A15 204000 and byte ptr [eax+00], al :00401A18 06 push es :00401A19 0003 add byte ptr [ebx], al :00401A1B 000000000000000000 BYTE 9 DUP(0) :00401A24 141D adc al, 1D :00401A26 40 inc eax :00401A27 0088AB1C00A4 add byte ptr [eax+A4001CAB], cl :00401A2D 214000 and dword ptr [eax+00], eax :00401A30 06 push es :00401A31 0003 add byte ptr [ebx], al :00401A33 004000 add byte ptr [eax+00], al :00401A36 1A00 sbb al, byte ptr [eax] :00401A38 54 push esp :00401A39 000000 BYTE 3 DUP(0) :00401A3C B021 mov al, 21 :00401A3E 40 inc eax :00401A3F 0001 add byte ptr [ecx], al :00401A41 0003 add byte ptr [ebx], al :00401A43 000000000000000000 BYTE 9 DUP(0) :00401A4C 741D je 00401A6B :00401A4E 40 inc eax :00401A4F 00B8AB1C00C0 add byte ptr [eax+C0001CAB], bh :00401A55 214000 and dword ptr [eax+00], eax :00401A58 0100 add dword ptr [eax], eax :00401A5A 0300 add eax, dword ptr [eax] :00401A5C 40 inc eax :00401A5D 0018 add byte ptr [eax], bl :00401A5F 005800 add byte ptr [eax+00], bl :00401A62 0000 add byte ptr [eax], al :00401A64 CC int 03 :00401A65 214000 and dword ptr [eax+00], eax :00401A68 0300 add eax, dword ptr [eax] :00401A6A 0300 add eax, dword ptr [eax] :00401A6C 0000000000000000 BYTE 8 DUP(0) :00401A74 F4 hlt :00401A75 1D4000C8AB sbb eax, ABC80040 :00401A7A 1C00 sbb al, 00 :00401A7C DC21 fsub qword ptr [ecx] :00401A7E 40 inc eax :00401A7F 0003 add byte ptr [ebx], al :00401A81 0003 add byte ptr [ebx], al :00401A83 00A81E4000B5 add byte ptr [eax+B500401E], ch :00401A89 1E push ds :00401A8A 40 inc eax :00401A8B 00741E40 add byte ptr [esi+ebx+40], dh :00401A8F 00811E40008E add byte ptr [ecx+8E00401E], al :00401A95 1E push ds :00401A96 40 inc eax :00401A97 009B1E4000C2 add byte ptr [ebx+C200401E], bl :00401A9D 1E push ds :00401A9E 40 inc eax :00401A9F 00CF add bh, cl :00401AA1 1E push ds :00401AA2 40 inc eax :00401AA3 0000000000 BYTE 5 DUP(0) 这又是什么？ 2004-12-13 23:10 0
haojiu 雪币： 202 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 27 粉丝 0 关注私信	haojiu 15 楼看不太懂,哪位高手给写点注解,谢谢 2004-12-16 12:34 0
haojiu 雪币： 202 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 27 粉丝 0 关注私信	haojiu 16 楼还是没弄明白 2005-1-7 11:58 0
Fpc 雪币： 598 活跃值： (282) 能力值： ( LV13，RANK：330 ) 在线值：发帖 26 回帖 169 粉丝 1 关注私信	Fpc 4 17 楼你这个可能是VB的pcode。。。 2005-1-10 10:54 0
sfbw 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 1 粉丝 0 关注私信	sfbw 18 楼是啊，比较难懂啊，是不是我笨，还是怎么回事。 2005-1-14 16:55 0
haojiu 雪币： 202 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 27 粉丝 0 关注私信	haojiu 19 楼最初由 Fpc 发布你这个可能是VB的pcode。。。能不能在细点 2005-1-14 23:38 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

cnbragon

雪币： 3686

活跃值： (1036)

能力值： (RANK：760 )

在线值：

发帖

48

回帖

802

粉丝

9

关注

私信

cnbragon 18: 2 楼

最初由 haojiu 发布
关于密码的问题
我现在有一个软件，他有个注册机是读硬盘号的，我要把硬盘号告诉他，他在给我一个号添上，软件才能用，我有几个硬盘，可每注册一个就要花一次钱，我现在有几个号，可怎么也没算明白他们之间的关系，大家帮帮忙，看看他们之间的关系，先谢谢
注：
7Se59796Oe58-----硬盘SN号
2o641913R3121sG--注册号
........

兄弟,一般是需要对这个软件的注册算法进行分析的，这些信息显然不够，如果方便，请把告知软件名称...:D

2004-11-25 16:36

0

cnbragon

雪币： 3686

活跃值： (1036)

能力值： (RANK：760 )

在线值：

发帖

48

回帖

802

粉丝

9

关注

私信

cnbragon 18: 3 楼

你也可以向软件作者说明情况让他多给你几个sn:D

2004-11-25 16:36

0

shoooo

雪币： 398

活跃值： (343)

能力值： (RANK：650 )

在线值：

发帖

91

回帖

2169

粉丝

5

关注

私信

shoooo 16: 4 楼

有个东东可以改硬盘序列号的，不过要重启

2004-11-25 22:00

0

cnbragon

雪币： 3686

活跃值： (1036)

能力值： (RANK：760 )

在线值：

发帖

48

回帖

802

粉丝

9

关注

私信

cnbragon 18: 5 楼

如果你的机器上有其它的软件也用硬盘序列号注册的话，那么你又要重新注册了:)

2004-11-25 22:17

0

haojiu

雪币： 202

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

2

回帖

27

粉丝

0

关注

私信

haojiu: 6 楼

那么怎么找出他的算法,怎么看他是用什么方法加的密呢?
软件是专用的网上没有,他的用户不超过200个而且在本省

2004-12-1 11:50

0

cnbragon

雪币： 3686

活跃值： (1036)

能力值： (RANK：760 )

在线值：

发帖

48

回帖

802

粉丝

9

关注

私信

cnbragon 18: 7 楼

动态跟踪，看看该软件是如何处理你输入的注册码的

2004-12-1 15:16

0

haojiu

雪币： 202

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

2

回帖

27

粉丝

0

关注

私信

haojiu: 8 楼

我用W32和OLL,可他没什么变化啊

2004-12-4 23:18

0

haojiu

雪币： 202

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

2

回帖

27

粉丝

0

关注

私信

haojiu: 9 楼

我发现他是一位一位的读,比较,不对反回,而且他和另一个软件对比,我改了几个跳转,可他就不能用了,好象加壳了,可用PEID等没发现,

2004-12-13 14:02

0

cnbragon

雪币： 3686

活跃值： (1036)

能力值： (RANK：760 )

在线值：

发帖

48

回帖

802

粉丝

9

关注

私信

cnbragon 18: 10 楼

最初由 haojiu 发布
我发现他是一位一位的读,比较,不对反回,而且他和另一个软件对比,我改了几个跳转,可他就不能用了,好象加壳了,可用PEID等没发现,

不能用了是什么意思？如果是自校验肯定有提示的,
一位一位的读比较和什么比较？怎么比较？这些你都分析了吗？
和另一个软件对比是什么意思？

2004-12-13 16:41

0

haojiu

雪币： 202

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

2

回帖

27

粉丝

0

关注

私信

haojiu: 11 楼

:00401000 56                   push esi
:00401001 A0386AF295             mov al, byte ptr [95F26A38]
:00401006 37                   aaa
:00401007 6A44                   push 00000044
:00401009 59                   pop ecx
:0040100A 36                   BYTE 036h

:0040100B 6AFC                   push FFFFFFFC
:0040100D B137                   mov cl, 37
:0040100F 6A8D                   push FFFFFF8D
:00401011 69376A745936          imul esi, dword ptr [edi], 3659746A
:00401017 6AF9                   push FFFFFFF9
:00401019 9A386A9E10386A       call 6A38:109E6A38
:00401020 CE                   into
:00401021 49                   dec ecx
:00401022 2A6A0D                sub ch, byte ptr [edx+0D]
:00401025 54                   push esp
:00401026 2A6A73                sub ch, byte ptr [edx+73]
:00401029 1038                   adc byte ptr [eax], bh
:0040102B 6A4E                   push 0000004E
:0040102D 6237                   bound esi, dword ptr [edi]
:0040102F 6A8B                   push FFFFFF8B
:00401031 B436                   mov ah, 36
:00401033 6AD5                   push FFFFFFD5
:00401035 68376A2754             push 54276A37
:0040103A 2A6A24                sub ch, byte ptr [edx+24]
:0040103D 7335                   jnb 00401074
:0040103F 6AE1                   push FFFFFFE1
:00401041 4B                   dec ebx
:00401042 2A6ABE                sub ch, byte ptr [edx-42]
:00401045 B136                   mov cl, 36
:00401047 6A02                   push 00000002
:00401049 6237                   bound esi, dword ptr [edi]
:0040104B 6AF5                   push FFFFFFF5
:0040104D 1F                   pop ds
:0040104E 36                   BYTE 036h

:0040104F 6AFC                   push FFFFFFFC
:00401051 2A36                   sub dh, byte ptr [esi]
:00401053 6AA7                   push FFFFFFA7
:00401055 662A6A31             sub ch, byte ptr [edx+31]
:00401059 2B36                   sub esi, dword ptr [esi]
:0040105B 6A6B                   push 0000006B
:0040105D 94                   xchg eax,esp
:0040105E 36                   BYTE 036h

:0040105F 6A29                   push 00000029
:00401061 2F                   das
:00401062 36                   BYTE 036h

:00401063 6AE3                   push FFFFFFE3
:00401065 42                   inc edx
:00401066 2A6A2C                sub ch, byte ptr [edx+2C]
:00401069 45                   inc ebp
:0040106A 2A6A9A                sub ch, byte ptr [edx-66]
:0040106D 6237                   bound esi, dword ptr [edi]
:0040106F 6A98                   push FFFFFF98
:00401071 45                   inc ebp
:00401072 2A6A9A                sub ch, byte ptr [edx-66]
:00401075 6337                   arpl dword ptr [edi], esi
:00401077 6A64                   push 00000064
:00401079 B337                   mov bl, 37
:0040107B 6A03                   push 00000003
:0040107D B436                   mov ah, 36
:0040107F 6AAF                   push FFFFFFAF
:00401081 44                   inc esp
:00401082 2A6AF5                sub ch, byte ptr [edx-0B]
:00401085 C0                   BYTE 0d0h
:00401086 36                   BYTE 036h

:00401087 6AD5                   push FFFFFFD5
:00401089 632A                   arpl dword ptr [edx], ebp
:0040108B 6A6F                   push 0000006F
:0040108D D829                   fsubr dword ptr [ecx]
:0040108F 6A07                   push 00000007
:00401091 2236                   and dh, byte ptr [esi]
:00401093 6A13                   push 00000013
:00401095 48                   dec eax
:00401096 2A6AA5                sub ch, byte ptr [edx-5B]
:00401099 2436                   and al, 36
:0040109B 6AB4                   push FFFFFFB4
:0040109D 9E                   sahf
:0040109E 36                   BYTE 036h

:0040109F 6ADE                   push FFFFFFDE
:004010A1 49                   dec ecx
:004010A2 2A6A78                sub ch, byte ptr [edx+78]
:004010A5 B729                   mov bh, 29
:004010A7 6A8A                   push FFFFFF8A
:004010A9 69376A012136          imul esi, dword ptr [edi], 3621016A
:004010AF 6A85                   push FFFFFF85
:004010B1 E32A                   jcxz 004010DD
:004010B3 6A09                   push 00000009
:004010B5 B437                   mov ah, 37
:004010B7 6A7C                   push 0000007C
:004010B9 67356A266A36          xor eax, 366A266A
:004010BF 6A5B                   push 0000005B
:004010C1 4E                   dec esi
:004010C2 2A6A07                sub ch, byte ptr [edx+07]
:004010C5 6F                   outsd
:004010C6 356AC4A837             xor eax, 37A8C46A
:004010CB 6A1D                   push 0000001D
:004010CD 6637                   aaa
:004010CF 6A4E                   push 0000004E
:004010D1 6337                   arpl dword ptr [edi], esi
:004010D3 6A47                   push 00000047
:004010D5 C2366A                ret 6A36

:004010D8 016336                add dword ptr [ebx+36], esp
:004010DB 6A7F                   push 0000007F
:004010DD 9D                   popfd
:004010DE 386A7C                cmp byte ptr [edx+7C], ch
:004010E1 69366AC5B036          imul esi, dword ptr [esi], 36B0C56A
:004010E7 6AA1                   push FFFFFFA1
:004010E9 B237                   mov dl, 37
:004010EB 6AD2                   push FFFFFFD2
:004010ED 90                   nop
:004010EE 356A82582A             xor eax, 2A58826A
:004010F3 6A99                   push FFFFFF99
:004010F5 57                   push edi
:004010F6 2A6A95                sub ch, byte ptr [edx-6B]
:004010F9 64                   BYTE 064h

:004010FA 36                   BYTE 036h

:004010FB 6AAC                   push FFFFFFAC
:004010FD C7296ACE6237          mov dword ptr [ecx], 3762CE6A
:00401103 6ACE                   push FFFFFFCE
:00401105 6337                   arpl dword ptr [edi], esi
:00401107 6AF6                   push FFFFFFF6
:00401109 44                   inc esp
:0040110A 2A6A09                sub ch, byte ptr [edx+09]
:0040110D 64                   BYTE 064h

:0040110E 36                   BYTE 036h

:0040110F 6AB0                   push FFFFFFB0
:00401111 48                   dec eax
:00401112 2A6A02                sub ch, byte ptr [edx+02]
:00401115 6337                   arpl dword ptr [edi], esi
:00401117 6A3D                   push 0000003D
:00401119 5D                   pop ebp
:0040111A 37                   aaa
:0040111B 6A3E                   push 0000003E
:0040111D DE28                   fisubr word ptr [eax]
:0040111F 6A77                   push 00000077
:00401121 95                   xchg eax,ebp
:00401122 36                   BYTE 036h

:00401123 6A3C                   push 0000003C
:00401125 94                   xchg eax,esp
:00401126 37                   aaa
:00401127 6ABF                   push FFFFFFBF
:00401129 C7356A2DA0386A36B829 mov dword ptr [38A02D6A], 29B8366A
:00401133 6ACA                   push FFFFFFCA
:00401135 16                   push ss
:00401136 386ADC                cmp byte ptr [edx-24], ch
:00401139 9D                   popfd
:0040113A 386AF1                cmp byte ptr [edx-0F], ch
:0040113D 49                   dec ecx
:0040113E 2A6A36                sub ch, byte ptr [edx+36]
:00401141 B137                   mov cl, 37
:00401143 6AA1                   push FFFFFFA1
:00401145 0F                   BYTE 0fh
:00401146 386A5E                cmp byte ptr [edx+5E], ch
:00401149 47                   inc edi
:0040114A 2A6ABC                sub ch, byte ptr [edx-44]
:0040114D DA36                   ffidiv dword ptr [esi]
:0040114F 6A71                   push 00000071
:00401151 B336                   mov bl, 36
:00401153 6AEA                   push FFFFFFEA
:00401155 2037                   and byte ptr [edi], dh
:00401157 6ABA                   push FFFFFFBA
:00401159 B437                   mov ah, 37
:0040115B 6A35                   push 00000035
:0040115D 0F                   BYTE 0fh
:0040115E 37                   aaa
:0040115F 6AD7                   push FFFFFFD7
:00401161 50                   push eax
:00401162 2A6AFE                sub ch, byte ptr [edx-02]
:00401165 47                   inc edi
:00401166 2A6A70                sub ch, byte ptr [edx+70]
:00401169 95                   xchg eax,ebp
:0040116A 36                   BYTE 036h

:0040116B 6A00                   push 00000000
:0040116D 000000                BYTE  3 DUP(0)

:00401170 05000800DC             add eax, DC000800
:00401175 324000                xor al, byte ptr [eax+00]
:00401178 00000000             BYTE  4 DUP(0)

:0040117C E332                   jcxz 004011B0
:0040117E 40                   inc eax
:0040117F 0007                   add byte ptr [edi], al
:00401181 0008                   add byte ptr [eax], cl
:00401183 0028                   add byte ptr [eax], ch
:00401185 36                   BYTE 036h

:00401186 40                   inc eax
:00401187 004236                add byte ptr [edx+36], al
:0040118A 40                   inc eax
:0040118B 002F                   add byte ptr [edi], ch
:0040118D 36                   BYTE 036h

:0040118E 40                   inc eax
:0040118F 00050008000D          add byte ptr [0D000800], al
:00401195 37                   aaa
:00401196 40                   inc eax
:00401197 0000000000             BYTE  5 DUP(0)

:0040119C 1437                   adc al, 37
:0040119E 40                   inc eax
:0040119F 0016                   add byte ptr [esi], dl
:004011A1 0010                   add byte ptr [eax], dl
:004011A3 0000000000             BYTE  5 DUP(0)

:004011A8 953B4000             DWORD 00403B95
:004011AC 613B4000             DWORD 00403B61
:004011B0 B8114000             DWORD 004011B8

:004011B4 00000000             BYTE  4 DUP(0)

:004011B8 0100                   add dword ptr [eax], eax
:004011BA 0000                   add byte ptr [eax], al
:004011BC 0100                   add dword ptr [eax], eax
:004011BE 0000                   add byte ptr [eax], al
:004011C0 54                   push esp
:004011C1 3B4000                cmp eax, dword ptr [eax+00]
:004011C4 00000000             BYTE  4 DUP(0)

:004011C8 0500080083             add eax, 83000800
:004011CD 3C40                   cmp al, 40
:004011CF 0000000000             BYTE  5 DUP(0)

:004011D4 8A3C40                mov bh, byte ptr [eax+2*eax]
:004011D7 000F                   add byte ptr [edi], cl
:004011D9 0008                   add byte ptr [eax], cl
:004011DB 00C9                   add cl, cl
:004011DD 3D4000F33D             cmp eax, 3DF30040
:004011E2 40                   inc eax
:004011E3 00D0                   add al, dl
:004011E5 3D40000E00             cmp eax, 000E0040
:004011EA 0800                   or byte ptr [eax], al
:004011EC 00000000             BYTE  4 DUP(0)

:004011F0 E0424000             DWORD 004042E0
:004011F4 A9424000             DWORD 004042A9

:004011F8 0500080035             add eax, 35000800
:004011FD 44                   inc esp
:004011FE 40                   inc eax
:004011FF 0000000000             BYTE  5 DUP(0)

:00401204 3C44                   cmp al, 44
:00401206 40                   inc eax
:00401207 000400                add byte ptr [eax+eax], al
:0040120A 0400                   add al, 00
:0040120C 0000000000000000       BYTE  8 DUP(0)

:00401214 A145400016             mov eax, dword ptr [16004045]
:00401219 0010                   add byte ptr [eax], dl
:0040121B 0000000000             BYTE  5 DUP(0)

:00401220 E8464000             DWORD 004046E8
:00401224 D0464000             DWORD 004046D0
:00401228 30124000             DWORD 00401230

:0040122C 00000000             BYTE  4 DUP(0)

:00401230 0100                   add dword ptr [eax], eax
:00401232 0000                   add byte ptr [eax], al
:00401234 0100                   add dword ptr [eax], eax
:00401236 0000                   add byte ptr [eax], al
:00401238 C3                   ret

:00401239 46                   inc esi
:0040123A 40                   inc eax
:0040123B 0000000000             BYTE  5 DUP(0)

:00401240 0E                   push cs
:00401241 0008                   add byte ptr [eax], cl
:00401243 0000000000             BYTE  5 DUP(0)

:00401248 23484000             DWORD 00404823
:0040124C 01484000             DWORD 00404801

:00401250 0E                   push cs
:00401251 0008                   add byte ptr [eax], cl
:00401253 0000000000             BYTE  5 DUP(0)

:00401258 6C494000             DWORD 0040496C
:0040125C 45494000             DWORD 00404945

:00401260 16                   push ss
:00401261 0010                   add byte ptr [eax], dl
:00401263 0000000000             BYTE  5 DUP(0)

:00401268 6D4D4000             DWORD 00404D6D
:0040126C 504D4000             DWORD 00404D50
:00401270 78124000             DWORD 00401278

:00401274 00000000             BYTE  4 DUP(0)

:00401278 0100                   add dword ptr [eax], eax
:0040127A 0000                   add byte ptr [eax], al
:0040127C 0100                   add dword ptr [eax], eax
:0040127E 0000                   add byte ptr [eax], al
:00401280 42                   inc edx
:00401281 4D                   dec ebp
:00401282 40                   inc eax
:00401283 000000                BYTE  3 DUP(0)

:00401286 7B43                   jpo 004012CB
:00401288 000000000000          BYTE  6 DUP(0)

:0040128E 1440                   adc al, 40
:00401290 0E                   push cs
:00401291 0008                   add byte ptr [eax], cl
:00401293 0000000000             BYTE  5 DUP(0)

:00401298 71564000             DWORD 00405671
:0040129C 37564000             DWORD 00405637

:004012A0 0E                   push cs
:004012A1 0008                   add byte ptr [eax], cl
:004012A3 0000000000             BYTE  5 DUP(0)

:004012A8 05584000             DWORD 00405805
:004012AC D6574000             DWORD 004057D6

2004-12-13 23:00

0

haojiu

雪币： 202

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

2

回帖

27

粉丝

0

关注

私信

haojiu: 12 楼

* Reference To: MSVBVM60.__vbaChkstk, Ord:0000h
                              |
:004012B0 FF2580104000          Jmp dword ptr [00401080]

* Reference To: MSVBVM60.__vbaExceptHandler, Ord:0000h
                              |
:004012B6 FF25C0104000          Jmp dword ptr [004010C0]

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00404DB5(U), :004056B8(U)
|

* Reference To: MSVBVM60.__vbaFPException, Ord:0000h
                              |
:004012BC FF25DC104000          Jmp dword ptr [004010DC]

* Reference To: MSVBVM60._adj_fdiv_m16i, Ord:0000h
                              |
:004012C2 FF256C104000          Jmp dword ptr [0040106C]

* Reference To: MSVBVM60._adj_fdiv_m32, Ord:0000h
                              |
:004012C8 FF2548104000          Jmp dword ptr [00401048]

* Reference To: MSVBVM60._adj_fdiv_m32i, Ord:0000h
                              |
:004012CE FF2500114000          Jmp dword ptr [00401100]

* Referenced by a CALL at Address:
|:0040517A
|

* Reference To: MSVBVM60._adj_fdiv_m64, Ord:0000h
                              |
:004012D4 FF252C104000          Jmp dword ptr [0040102C]

* Reference To: MSVBVM60._adj_fdiv_r, Ord:0000h
                              |
:004012DA FF2518114000          Jmp dword ptr [00401118]

* Reference To: MSVBVM60._adj_fdivr_m16i, Ord:0000h
                              |
:004012E0 FF2574104000          Jmp dword ptr [00401074]

* Reference To: MSVBVM60._adj_fdivr_m32, Ord:0000h
                              |
:004012E6 FF2514114000          Jmp dword ptr [00401114]

* Reference To: MSVBVM60._adj_fdivr_m32i, Ord:0000h
                              |
:004012EC FF2504114000          Jmp dword ptr [00401104]

* Reference To: MSVBVM60._adj_fdivr_m64, Ord:0000h
                              |
:004012F2 FF25D0104000          Jmp dword ptr [004010D0]

* Reference To: MSVBVM60._adj_fpatan, Ord:0000h
                              |
:004012F8 FF25A8104000          Jmp dword ptr [004010A8]

* Reference To: MSVBVM60._adj_fprem, Ord:0000h
                              |
:004012FE FF25CC104000          Jmp dword ptr [004010CC]

* Reference To: MSVBVM60._adj_fprem1, Ord:0000h
                              |
:00401304 FF2534104000          Jmp dword ptr [00401034]

* Reference To: MSVBVM60._adj_fptan, Ord:0000h
                              |
:0040130A FF2510104000          Jmp dword ptr [00401010]

* Reference To: MSVBVM60._CIatan, Ord:0000h
                              |
:00401310 FF2540114000          Jmp dword ptr [00401140]

* Reference To: MSVBVM60._CIcos, Ord:0000h
                              |
:00401316 FF250C104000          Jmp dword ptr [0040100C]

* Reference To: MSVBVM60._CIexp, Ord:0000h
                              |
:0040131C FF255C114000          Jmp dword ptr [0040115C]

* Reference To: MSVBVM60._CIlog, Ord:0000h
                              |
:00401322 FF25E8104000          Jmp dword ptr [004010E8]

* Reference To: MSVBVM60._CIsin, Ord:0000h
                              |
:00401328 FF2578104000          Jmp dword ptr [00401078]

* Reference To: MSVBVM60._CIsqrt, Ord:0000h
                              |
:0040132E FF25B4104000          Jmp dword ptr [004010B4]

* Reference To: MSVBVM60._CItan, Ord:0000h
                              |
:00401334 FF2558114000          Jmp dword ptr [00401158]

* Reference To: MSVBVM60._allmul, Ord:0000h
                              |
:0040133A FF2554114000          Jmp dword ptr [00401154]

* Reference To: MSVBVM60.DllFunctionCall, Ord:0000h
                              |
:00401340 FF25A4104000          Jmp dword ptr [004010A4]

* Reference To: MSVBVM60.__vbaStrCmp, Ord:0000h
                              |
:00401346 FF2594104000          Jmp dword ptr [00401094]

* Reference To: MSVBVM60.rtcAnsiValueBstr, Ord:0204h
                              |
:0040134C FF2530104000          Jmp dword ptr [00401030]

* Reference To: MSVBVM60.rtcVarBstrFromAnsi, Ord:0260h
                              |
:00401352 FF25D8104000          Jmp dword ptr [004010D8]

* Reference To: MSVBVM60.__vbaErrorOverflow, Ord:0000h
                              |
:00401358 FF25EC104000          Jmp dword ptr [004010EC]

* Reference To: MSVBVM60.__vbaExitProc, Ord:0000h
                              |
:0040135E FF2554104000          Jmp dword ptr [00401054]

* Reference To: MSVBVM60.__vbaI4ErrVar, Ord:0000h
                              |
:00401364 FF2568114000          Jmp dword ptr [00401168]

* Reference To: MSVBVM60.__vbaFreeVar, Ord:0000h
                              |
:0040136A FF251C104000          Jmp dword ptr [0040101C]

* Reference To: MSVBVM60.rtcLeftCharVar, Ord:0269h
                              |
:00401370 FF253C114000          Jmp dword ptr [0040113C]

* Reference To: MSVBVM60.__vbaStrCat, Ord:0000h
                              |
:00401376 FF2538104000          Jmp dword ptr [00401038]

* Reference To: MSVBVM60.__vbaI4Str, Ord:0000h
                              |
:0040137C FF250C114000          Jmp dword ptr [0040110C]

* Reference To: MSVBVM60.rtcMidCharVar, Ord:0278h
                              |
:00401382 FF257C104000          Jmp dword ptr [0040107C]

* Reference To: MSVBVM60.__vbaStrVarMove, Ord:0000h
                              |
:00401388 FF2524104000          Jmp dword ptr [00401024]

* Reference To: MSVBVM60.rtcReplace, Ord:02C8h
                              |
:0040138E FF25C8104000          Jmp dword ptr [004010C8]

* Reference To: MSVBVM60.__vbaStrI4, Ord:0000h
                              |
:00401394 FF2514104000          Jmp dword ptr [00401014]

* Reference To: MSVBVM60.__vbaStrMove, Ord:0000h
                              |
:0040139A FF2548114000          Jmp dword ptr [00401148]

* Reference To: MSVBVM60.__vbaCastObj, Ord:0000h
                              |
:004013A0 FF2544114000          Jmp dword ptr [00401144]

* Reference To: MSVBVM60.__vbaOnError, Ord:0000h
                              |
:004013A6 FF2568104000          Jmp dword ptr [00401068]

* Reference To: MSVBVM60.__vbaObjSetAddref, Ord:0000h
                              |
:004013AC FF2570104000          Jmp dword ptr [00401070]

* Reference To: MSVBVM60.__vbaNew2, Ord:0000h
                              |
:004013B2 FF25FC104000          Jmp dword ptr [004010FC]

* Reference To: MSVBVM60.__vbaFreeStr, Ord:0000h
                              |
:004013B8 FF2564114000          Jmp dword ptr [00401164]

* Reference To: MSVBVM60.__vbaStrCopy, Ord:0000h
                              |
:004013BE FF2508114000          Jmp dword ptr [00401108]

* Reference To: MSVBVM60.__vbaFreeObj, Ord:0000h
                              |
:004013C4 FF2560114000          Jmp dword ptr [00401160]

* Reference To: MSVBVM60.__vbaHresultCheckObj, Ord:0000h
                              |
:004013CA FF2540104000          Jmp dword ptr [00401040]

* Reference To: MSVBVM60.__vbaObjSet, Ord:0000h
                              |
:004013D0 FF2564104000          Jmp dword ptr [00401064]

* Reference To: MSVBVM60.__vbaLenBstr, Ord:0000h
                              |
:004013D6 FF2520104000          Jmp dword ptr [00401020]

* Reference To: MSVBVM60.__vbaFreeVarList, Ord:0000h
                              |
:004013DC FF2528104000          Jmp dword ptr [00401028]

* Reference To: MSVBVM60.__vbaVarDup, Ord:0000h
                              |
:004013E2 FF2534114000          Jmp dword ptr [00401134]

* Reference To: MSVBVM60.rtcMsgBox, Ord:0253h
                              |
:004013E8 FF2560104000          Jmp dword ptr [00401060]

* Reference To: MSVBVM60.__vbaLenVar, Ord:0000h
                              |
:004013EE FF2544104000          Jmp dword ptr [00401044]

* Reference To: MSVBVM60.__vbaVarSub, Ord:0000h
                              |
:004013F4 FF2500104000          Jmp dword ptr [00401000]

* Reference To: MSVBVM60.__vbaI4Var, Ord:0000h
                              |
:004013FA FF2520114000          Jmp dword ptr [00401120]

* Reference To: MSVBVM60.rtcStringVar, Ord:025Fh
                              |
:00401400 FF25D4104000          Jmp dword ptr [004010D4]

* Reference To: MSVBVM60.__vbaVarCat, Ord:0000h
                              |
:00401406 FF25E4104000          Jmp dword ptr [004010E4]

* Reference To: MSVBVM60.rtcRightCharVar, Ord:026Bh
                              |
:0040140C FF2550114000          Jmp dword ptr [00401150]

* Reference To: MSVBVM60.__vbaI4Abs, Ord:0000h
                              |
:00401412 FF255C104000          Jmp dword ptr [0040105C]

* Reference To: MSVBVM60.__vbaR8Str, Ord:0000h
                              |
:00401418 FF25F8104000          Jmp dword ptr [004010F8]

* Reference To: MSVBVM60.__vbaFpI4, Ord:0000h
                              |
:0040141E FF2538114000          Jmp dword ptr [00401138]

* Reference To: MSVBVM60.__vbaStrI2, Ord:0000h
                              |
:00401424 FF2508104000          Jmp dword ptr [00401008]

* Reference To: MSVBVM60.__vbaRedim, Ord:0000h
                              |
:0040142A FF25AC104000          Jmp dword ptr [004010AC]

* Reference To: MSVBVM60.__vbaAryDestruct, Ord:0000h
                              |
:00401430 FF254C104000          Jmp dword ptr [0040104C]

* Reference To: MSVBVM60.__vbaFileClose, Ord:0000h
                              |
:00401436 FF2588104000          Jmp dword ptr [00401088]

* Reference To: MSVBVM60.__vbaPutOwner3, Ord:0000h
                              |
:0040143C FF259C104000          Jmp dword ptr [0040109C]

* Reference To: MSVBVM60.__vbaFileOpen, Ord:0000h
                              |
:00401442 FF25F0104000          Jmp dword ptr [004010F0]

* Reference To: MSVBVM60.rtcFreeFile, Ord:0288h
                              |
:00401448 FF25F4104000          Jmp dword ptr [004010F4]

* Reference To: MSVBVM60.rtcGetDateVar, Ord:0262h
                              |
:0040144E FF2528114000          Jmp dword ptr [00401128]

* Reference To: MSVBVM60.__vbaVarAdd, Ord:0000h
                              |
:00401454 FF252C114000          Jmp dword ptr [0040112C]

* Reference To: MSVBVM60.__vbaUI1I4, Ord:0000h
                              |
:0040145A FF25BC104000          Jmp dword ptr [004010BC]

* Reference To: MSVBVM60.__vbaGenerateBoundsError, Ord:0000h
                              |
:00401460 FF2590104000          Jmp dword ptr [00401090]

* Reference To: MSVBVM60.__vbaR8IntI4, Ord:0000h
                              |
:00401466 FF254C114000          Jmp dword ptr [0040114C]

* Reference To: MSVBVM60.rtcRandomNext, Ord:0251h
                              |
:0040146C FF2550104000          Jmp dword ptr [00401050]

* Reference To: MSVBVM60.rtcRandomize, Ord:0252h
                              |
:00401472 FF2558104000          Jmp dword ptr [00401058]

* Reference To: MSVBVM60.__vbaAryConstruct2, Ord:0000h
                              |
:00401478 FF2598104000          Jmp dword ptr [00401098]

* Reference To: MSVBVM60.__vbaStrToUnicode, Ord:0000h
                              |
:0040147E FF25C4104000          Jmp dword ptr [004010C4]

* Reference To: MSVBVM60.__vbaSetSystemError, Ord:0000h
                              |
:00401484 FF253C104000          Jmp dword ptr [0040103C]

* Reference To: MSVBVM60.__vbaStrToAnsi, Ord:0000h
                              |
:0040148A FF2530114000          Jmp dword ptr [00401130]

* Reference To: MSVBVM60.__vbaI2I4, Ord:0000h
                              |
:00401490 FF25A0104000          Jmp dword ptr [004010A0]

* Reference To: MSVBVM60.rtcSpaceVar, Ord:020Eh
                              |
:00401496 FF2584104000          Jmp dword ptr [00401084]

* Reference To: MSVBVM60.__vbaStrVarVal, Ord:0000h
                              |
:0040149C FF25E0104000          Jmp dword ptr [004010E0]

* Reference To: MSVBVM60.__vbaVarVargNofree, Ord:0000h
                              |
:004014A2 FF2518104000          Jmp dword ptr [00401018]

* Reference To: MSVBVM60.rtcGetSetting, Ord:02B1h
                              |
:004014A8 FF2524114000          Jmp dword ptr [00401124]

* Reference To: MSVBVM60.rtcSaveSetting, Ord:02B2h
                              |
:004014AE FF2504104000          Jmp dword ptr [00401004]

* Reference To: MSVBVM60.__vbaFreeStrList, Ord:0000h
                              |
:004014B4 FF2510114000          Jmp dword ptr [00401110]

* Reference To: MSVBVM60.EVENT_SINK_QueryInterface, Ord:0000h
                              |
:004014BA FF25B8104000          Jmp dword ptr [004010B8]

* Reference To: MSVBVM60.EVENT_SINK_AddRef, Ord:0000h
                              |
:004014C0 FF258C104000          Jmp dword ptr [0040108C]

* Reference To: MSVBVM60.EVENT_SINK_Release, Ord:0000h
                              |
:004014C6 FF25B0104000          Jmp dword ptr [004010B0]

* Referenced by a CALL at Address:
|:004014D9
这些跳应该没什么用吧？

2004-12-13 23:01

0

haojiu

雪币： 202

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

2

回帖

27

粉丝

0

关注

私信

haojiu: 13 楼

//******************** Program Entry Point ********
:004014D4 68C0154000             push 004015C0

* Reference To: MSVBVM60.ThunRTMain, Ord:0064h
                              |
:004014D9 E8EEFFFFFF             Call 004014CC
:004014DE 000000000000          BYTE  6 DUP(0)

:004014E4 3000                   xor byte ptr [eax], al
:004014E6 0000                   add byte ptr [eax], al
:004014E8 40                   inc eax
:004014E9 00000000000000       BYTE  7 DUP(0)

:004014F0 45                   inc ebp
:004014F1 58                   pop eax
:004014F2 229B75E3F141          and bl, byte ptr [ebx+41F1E375]
:004014F8 9E                   sahf
:004014F9 BC6E0B4324             mov esp, 24430B6E
:004014FE C3                   ret

:004014FF 0E                   push cs
:00401500 000000000000          BYTE  6 DUP(0)

:00401506 0100                   add dword ptr [eax], eax
:00401508 0000                   add byte ptr [eax], al
:0040150A 2D43303030             sub eax, 30303043
:0040150F 2D61747465             sub eax, 65747461
:00401514 7374                   jnb 0040158A
:00401516 61                   popad
:00401517 7469                   je 00401582
:00401519 6F                   outsd
:0040151A 6E                   outsb
:0040151B 007D23                add byte ptr [ebp+23], bh
:0040151E 322E                   xor ch, byte ptr [esi]
:00401520 00000000             BYTE  4 DUP(0)

:00401524 06                   push es
:00401525 000000                BYTE  3 DUP(0)

:00401528 B424                   mov ah, 24
:0040152A 40                   inc eax
:0040152B 0007                   add byte ptr [edi], al
:0040152D 000000                BYTE  3 DUP(0)

:00401530 54                   push esp
:00401531 224000                and al, byte ptr [eax+00]
:00401534 0100                   add dword ptr [eax], eax
:00401536 0100                   add dword ptr [eax], eax
:00401538 D41E                   aam (base30)
:0040153A 40                   inc eax
:0040153B 0000000000             BYTE  5 DUP(0)

:00401540 FFFFFFFFFFFFFFFF       BYTE  8 DUP(0ffh)

:00401548 00000000             BYTE  4 DUP(0)

:0040154C 581F4000             DWORD 00401F58
:00401550 1C604000             DWORD 0040601C

:00401554 0100                   add dword ptr [eax], eax
:00401556 0000                   add byte ptr [eax], al
:00401558 6C                   insb
:00401559 1540000000             adc eax, 00000040
:0040155E 00000000000000000000 BYTE 10 DUP(0)

:00401568 6C                   insb
:00401569 1540000000             adc eax, 00000040
:0040156E 0000                   add byte ptr [eax], al
:00401570 50                   push eax
:00401571 000000                BYTE  3 DUP(0)

:00401574 DF922A832FA6          fist word ptr [edx+A62F832A]
:0040157A 384AB3                cmp byte ptr [edx-4D], cl
:0040157D 62A8416006AB          bound ebp, dword ptr [eax+AB066041]
:00401583 1200                   adc al, byte ptr [eax]
:00401585 00000000000000000000 BYTE 10 DUP(0)
:0040158F 00000000000000000000 BYTE 10 DUP(0)
:00401599 0400                   add al, 00
:0040159B 00000000000000000000 BYTE 10 DUP(0)
:004015A5 00000000000000000000 BYTE 10 DUP(0)

:004015AF 00                   BYTE 0

:004015B0 BA08000000             mov edx, 00000008
:004015B5 000000                BYTE  3 DUP(0)

:004015B8 2027                   and byte ptr [edi], ah
:004015BA 40                   inc eax
:004015BB 004C0000             add byte ptr [eax+eax], cl
:004015BF 005642                add byte ptr [esi+42], dl
:004015C2 35211C232A             xor eax, 2A231C21
:004015C7 00000000000000000000 BYTE 10 DUP(0)
:004015D1 000000                BYTE  3 DUP(0)

:004015D4 7E00                   jle 004015D6

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004015D4(C)
|
:004015D6 00000000000000000000 BYTE 10 DUP(0)
:004015E0 0000                   BYTE 2 DUP(0)

:004015E2 0A00                   or al, byte ptr [eax]
:004015E4 090400                or dword ptr [eax+eax], eax
:004015E7 0000000000             BYTE  5 DUP(0)

:004015EC 70444000             DWORD 00404470
:004015F0 60164000             DWORD 00401660

:004015F4 17                   pop ss
:004015F5 F0                   lock
:004015F6 3000                   xor byte ptr [eax], al
:004015F8 00FF                   add bh, bh
:004015FA FFFF                   BYTE  2 DUP(0ffh)

:004015FC 0800                   or byte ptr [eax], al
:004015FE 0000                   add byte ptr [eax], al
:00401600 0100                   add dword ptr [eax], eax
:00401602 0000                   add byte ptr [eax], al
:00401604 0100                   add dword ptr [eax], eax
:00401606 0000                   add byte ptr [eax], al
:00401608 E900000070             jmp 7040160D
:0040160D 1540002415             adc eax, 15240040
:00401612 40                   inc eax
:00401613 00E0                   add al, ah
:00401615 1440                   adc al, 40
:00401617 007800                add byte ptr [eax+00], bh
:0040161A 0000                   add byte ptr [eax], al
:0040161C 8400                   test byte ptr [eax], al
:0040161E 0000                   add byte ptr [eax], al
:00401620 90                   nop
:00401621 000000                BYTE  3 DUP(0)

:00401624 91                   xchg eax,ecx
:00401625 00000000000000000000 BYTE 10 DUP(0)
:0040162F 000000000000000000    BYTE  9 DUP(0)

:00401638 61                   popad
:00401639 7474                   je 004016AF
:0040163B 65                   BYTE 065h

:0040163C 7374                   jnb 004016B2
:0040163E 61                   popad
:0040163F 7469                   je 004016AA
:00401641 6F                   outsd
:00401642 6E                   outsb
:00401643 006174                add byte ptr [ecx+74], ah
:00401646 7465                   je 004016AD
:00401648 7374                   jnb 004016BE
:0040164A 61                   popad
:0040164B 7469                   je 004016B6
:0040164D 6F                   outsd
:0040164E 6E                   outsb
:0040164F 0000                   add byte ptr [eax], al
:00401651 61                   popad
:00401652 7474                   je 004016C8
:00401654 65                   BYTE 065h

:00401655 7374                   jnb 004016CB
:00401657 61                   popad
:00401658 7469                   je 004016C3
:0040165A 6F                   outsd
:0040165B 6E                   outsb
:0040165C 00000000             BYTE  4 DUP(0)

:00401660 F4                   hlt
:00401661 0100                   add dword ptr [eax], eax
:00401663 00D4                   add ah, dl
:00401665 1E                   push ds
:00401666 40                   inc eax
:00401667 0000000000             BYTE  5 DUP(0)

:0040166C 20314000             DWORD 00403120
:00401670 30584000             DWORD 00405830

:00401674 7C0A                   jl 00401680
:00401676 0000                   add byte ptr [eax], al
这应该是密码

2004-12-13 23:05

0

haojiu

雪币： 202

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

2

回帖

27

粉丝

0

关注

私信

haojiu: 14 楼

:00401894 2415                   and al, 15
:00401896 40                   inc eax
:00401897 0002                   add byte ptr [edx], al
:00401899 000000                BYTE  3 DUP(0)

:0040189C 0100                   add dword ptr [eax], eax
:0040189E 0000                   add byte ptr [eax], al
:004018A0 D41E                   aam (base30)
:004018A2 40                   inc eax
:004018A3 0000000000             BYTE  5 DUP(0)

:004018A8 64304000             xor byte ptr fs:[eax+00], al
:004018AC FFFFFFFF             BYTE  4 DUP(0ffh)

:004018B0 00000000             BYTE  4 DUP(0)

:004018B4 281F4000             DWORD 00401F28
:004018B8 08604000             DWORD 00406008

:004018BC 00000000             BYTE  4 DUP(0)

:004018C0 A085180000             mov al, byte ptr [00001885]
:004018C5 00000000000000000000 BYTE 10 DUP(0)

:004018CF 00                   BYTE 0

:004018D0 1419                   adc al, 19
:004018D2 40                   inc eax
:004018D3 0001                   add byte ptr [ecx], al
:004018D5 000000                BYTE  3 DUP(0)

:004018D8 9C                   pushfd
:004018D9 204000                and byte ptr [eax+00], al
:004018DC 00000000             BYTE  4 DUP(0)

:004018E0 1419                   adc al, 19
:004018E2 40                   inc eax
:004018E3 0001                   add byte ptr [ecx], al
:004018E5 000000                BYTE  3 DUP(0)

:004018E8 1C19                   sbb al, 19
:004018EA 40                   inc eax
:004018EB 0000000000             BYTE  5 DUP(0)

:004018F0 1819                   sbb byte ptr [ecx], bl
:004018F2 40                   inc eax
:004018F3 0009                   add byte ptr [ecx], cl
:004018F5 000000                BYTE  3 DUP(0)

:004018F8 1C19                   sbb al, 19
:004018FA 40                   inc eax
:004018FB 0008                   add byte ptr [eax], cl
:004018FD 00B70168006C          add byte ptr [edi+6C006801], dh
:00401903 00841A40006063       add byte ptr [edx+ebx+63600040], al
:0040190A 40                   inc eax
:0040190B 0000000000             BYTE  5 DUP(0)

:00401910 34B8                   xor al, B8
:00401912 1A00                   sbb al, byte ptr [eax]

:00401914 AC204000             DWORD 004020AC
:00401918 BC204000             DWORD 004020BC

:0040191C 40                   inc eax
:0040191D 0012                   add byte ptr [edx], dl
:0040191F 0038                   add byte ptr [eax], bh
:00401921 000000                BYTE  3 DUP(0)

:00401924 CC                   int 03
:00401925 204000                and byte ptr [eax+00], al
:00401928 0400                   add al, 00
:0040192A 0300                   add eax, dword ptr [eax]
:0040192C 0000000000000000       BYTE  8 DUP(0)

:00401934 A4                   movsb
:00401935 1A4000                sbb al, byte ptr [eax+00]
:00401938 88AB1C00DC20          mov byte ptr [ebx+20DC001C], ch
:0040193E 40                   inc eax
:0040193F 000400                add byte ptr [eax+eax], al
:00401942 0300                   add eax, dword ptr [eax]
:00401944 40                   inc eax
:00401945 0012                   add byte ptr [edx], dl
:00401947 003C00                add byte ptr [eax+eax], bh
:0040194A 0000                   add byte ptr [eax], al
:0040194C CC                   int 03
:0040194D 204000                and byte ptr [eax+00], al
:00401950 0800                   or byte ptr [eax], al
:00401952 0300                   add eax, dword ptr [eax]
:00401954 0000000000000000       BYTE  8 DUP(0)

:0040195C 041B                   add al, 1B
:0040195E 40                   inc eax
:0040195F 0088AB1C0058          add byte ptr [eax+58001CAB], cl
:00401965 214000                and dword ptr [eax+00], eax
:00401968 0800                   or byte ptr [eax], al

:0040196A 03004000             DWORD 00400003
:0040196E 11004000             DWORD 00400011

:00401972 0000                   add byte ptr [eax], al
:00401974 60                   pushad
:00401975 214000                and dword ptr [eax+00], eax
:00401978 0200                   add al, byte ptr [eax]
:0040197A 0300                   add eax, dword ptr [eax]
:0040197C 0000000000000000       BYTE  8 DUP(0)

:00401984 641B4000             sbb eax, dword ptr fs:[eax+00]
:00401988 98                   cwde
:00401989 AB                   stosd
:0040198A 1C00                   sbb al, 00
:0040198C 7021                   jo 004019AF
:0040198E 40                   inc eax
:0040198F 0002                   add byte ptr [edx], al
:00401991 0003                   add byte ptr [ebx], al
:00401993 004000                add byte ptr [eax+00], al
:00401996 1200                   adc al, byte ptr [eax]
:00401998 44                   inc esp
:00401999 000000                BYTE  3 DUP(0)

:0040199C CC                   int 03
:0040199D 204000                and byte ptr [eax+00], al
:004019A0 07                   pop es
:004019A1 0003                   add byte ptr [ebx], al
:004019A3 000000000000000000    BYTE  9 DUP(0)

:004019AC C01B40                rcr byte ptr [ebx], 40

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040198C(C)
|
:004019AF 0088AB1C007C          add byte ptr [eax+7C001CAB], cl
:004019B5 214000                and dword ptr [eax+00], eax
:004019B8 07                   pop es
:004019B9 0003                   add byte ptr [ebx], al
:004019BB 004000                add byte ptr [eax+00], al
:004019BE 1200                   adc al, byte ptr [eax]
:004019C0 48                   dec eax
:004019C1 000000                BYTE  3 DUP(0)

:004019C4 CC                   int 03
:004019C5 204000                and byte ptr [eax+00], al
:004019C8 0500030000             add eax, 00000300
:004019CD 00000000000000       BYTE  7 DUP(0)

:004019D4 201C40                and byte ptr [eax+2*eax], bl
:004019D7 0088AB1C0084          add byte ptr [eax+84001CAB], cl
:004019DD 214000                and dword ptr [eax+00], eax
:004019E0 0500030040             add eax, 40000300
:004019E5 001F                   add byte ptr [edi], bl
:004019E7 004C0000             add byte ptr [eax+eax], cl
:004019EB 008C214000FFFF       add byte ptr [ecx-0000FFC0], cl
:004019F2 FFFF                   BYTE  2 DUP(0ffh)

:004019F4 0000000000000000       BYTE  8 DUP(0)

:004019FC 801C4000             sbb byte ptr [eax+2*eax], 00
:00401A00 A8AB                   test al, AB
:00401A02 1C00                   sbb al, 00
:00401A04 9C                   pushfd
:00401A05 214000                and dword ptr [eax+00], eax
:00401A08 FFFFFFFF             BYTE  4 DUP(0ffh)

:00401A0C 40                   inc eax
:00401A0D 0012                   add byte ptr [edx], dl
:00401A0F 005000                add byte ptr [eax+00], dl
:00401A12 0000                   add byte ptr [eax], al
:00401A14 CC                   int 03
:00401A15 204000                and byte ptr [eax+00], al
:00401A18 06                   push es
:00401A19 0003                   add byte ptr [ebx], al
:00401A1B 000000000000000000    BYTE  9 DUP(0)

:00401A24 141D                   adc al, 1D
:00401A26 40                   inc eax
:00401A27 0088AB1C00A4          add byte ptr [eax+A4001CAB], cl
:00401A2D 214000                and dword ptr [eax+00], eax
:00401A30 06                   push es
:00401A31 0003                   add byte ptr [ebx], al
:00401A33 004000                add byte ptr [eax+00], al
:00401A36 1A00                   sbb al, byte ptr [eax]
:00401A38 54                   push esp
:00401A39 000000                BYTE  3 DUP(0)

:00401A3C B021                   mov al, 21
:00401A3E 40                   inc eax
:00401A3F 0001                   add byte ptr [ecx], al
:00401A41 0003                   add byte ptr [ebx], al
:00401A43 000000000000000000    BYTE  9 DUP(0)

:00401A4C 741D                   je 00401A6B
:00401A4E 40                   inc eax
:00401A4F 00B8AB1C00C0          add byte ptr [eax+C0001CAB], bh
:00401A55 214000                and dword ptr [eax+00], eax
:00401A58 0100                   add dword ptr [eax], eax
:00401A5A 0300                   add eax, dword ptr [eax]
:00401A5C 40                   inc eax
:00401A5D 0018                   add byte ptr [eax], bl
:00401A5F 005800                add byte ptr [eax+00], bl
:00401A62 0000                   add byte ptr [eax], al
:00401A64 CC                   int 03
:00401A65 214000                and dword ptr [eax+00], eax
:00401A68 0300                   add eax, dword ptr [eax]
:00401A6A 0300                   add eax, dword ptr [eax]
:00401A6C 0000000000000000       BYTE  8 DUP(0)

:00401A74 F4                   hlt
:00401A75 1D4000C8AB             sbb eax, ABC80040
:00401A7A 1C00                   sbb al, 00
:00401A7C DC21                   fsub qword ptr [ecx]
:00401A7E 40                   inc eax
:00401A7F 0003                   add byte ptr [ebx], al
:00401A81 0003                   add byte ptr [ebx], al
:00401A83 00A81E4000B5          add byte ptr [eax+B500401E], ch
:00401A89 1E                   push ds
:00401A8A 40                   inc eax
:00401A8B 00741E40             add byte ptr [esi+ebx+40], dh
:00401A8F 00811E40008E          add byte ptr [ecx+8E00401E], al
:00401A95 1E                   push ds
:00401A96 40                   inc eax
:00401A97 009B1E4000C2          add byte ptr [ebx+C200401E], bl
:00401A9D 1E                   push ds
:00401A9E 40                   inc eax
:00401A9F 00CF                   add bh, cl
:00401AA1 1E                   push ds
:00401AA2 40                   inc eax
:00401AA3 0000000000             BYTE  5 DUP(0)
这又是什么？

2004-12-13 23:10

0