能力值:
( LV2,RANK:10 )
|
-
-
4 楼
P-CODE是的 我已经拿别的查到了字符串,因为VB不是 ASC2码 帮我弄下,我就是找不到计算输入的密码拿段
斑斑来了 好啊
|
能力值:
![]()
(RANK:260 )
|
-
-
5 楼
刚看了一下,不是P-CODE,是本机代码。
VB的东西用VB Decompiler来处理,可以看到接近源码的东西,剩下分析就方便多了。
按钮事件函数是402470,需要动态分析的直接在这里下断点即可。
贴上VB Decompiler的结果,参考之。
Private Sub CmdLoad_Click() '402470
loc_00402495: var_10 = &H401148
loc_00402529: call MSVBVM60.DLL.__vbaAryConstruct2(var_34, 00401D60h, 00000003h, arg_8, esi, ebx)
loc_00402531: call On Error ...(00000001h)
loc_00402576: call MSVBVM60.DLL.__vbaR8Str(Text1.Text, "", arg_8, arg_8)
loc_0040257C: call MSVBVM60.DLL.__vbaFPInt
loc_00402582: call MSVBVM60.DLL.__vbaFpR8
loc_00402588: fcomp real8 ptr [00401170h] ;
loc_0040258E: fstsw ax
If MSVBVM60.DLL.__vbaFpR8 <> 0 Then
loc_0040259A: GoTo loc_0040259E
End If
loc_0040259E: 'Referenced from 0040259A
loc_0040259E: neg eax
If ax <> esi Then
loc_004025BF: var_8C = 80020004h
loc_004025CA: var_94 = 10
loc_004025D0: var_7C = 80020004h
loc_004025D3: var_84 = 10
loc_004025D9: var_6C = 80020004h
loc_004025DC: var_74 = 10
loc_004025DF: var_9C = "WRONG"
loc_004025E9: var_A4 = 8
loc_004025FC: var_64 = 10
loc_00402615: GoTo loc_00402CAB
End If
loc_0040261A: var_9C = 1
loc_0040262F: var_AC = &H14
loc_0040263F: var_BC = 1
For var_48 = 1 To &H14 Step 1
If "" <> esi Then
loc_00402684: var_48 = @CLng("")
If var_48 >= 101 Then
loc_00402691: call MSVBVM60.DLL.__vbaGenerateBoundsError("", 2, 2, 2, var_74, ""4, var_94, var_94, var_94)
End If
Next var_48
loc_004026BE: GoTo loc_0040267C
End If
loc_004026C0: var_9C = 1
loc_004026CA: var_A4 = 2
loc_004026D0: var_AC = &H13
For var_48 = "" To &H13 Step 1
loc_0040271B: var_9C = 1
loc_00402725: var_A4 = 2
If "" <> esi Then
loc_00402746: var_64 = var_48 & var_A4
If @CLng("") >= 101 Then
loc_00402758: call MSVBVM60.DLL.__vbaGenerateBoundsError("", 2, 2, var_A4, "", "", "", "", "")
End If
loc_0040275E: var_AC = 1
loc_00402781: var_74 = var_48 & 2
loc_00402784: var_74 = @CLng(%x2)
If var_74 >= 101 Then
loc_0040278D: call MSVBVM60.DLL.__vbaGenerateBoundsError
End If
loc_00402797: var_48 = @CLng(%x2)
If var_48 >= 101 Then
loc_004027A0: call MSVBVM60.DLL.__vbaGenerateBoundsError
End If
loc_004027A9: fild dword ptr [eax]
loc_004027AB: fstp real8 ptr var_190
loc_004027B1: fild dword ptr [eax+edi*4]
loc_004027B4: fstp real8 ptr var_198
loc_004027BA: fld real8 ptr var_190
If var_405000 = 0 Then
loc_004027C9: fdiv real8 ptr var_198
loc_004027CF: GoTo loc_004027E2
End If
loc_004027DD: call MSVBVM60.DLL._adj_fdiv_m64(var_198, var_194)
loc_004027E2: 'Referenced from 004027CF
loc_004027E2: fstsw ax
If MSVBVM60.DLL._adj_fdiv_m64(var_198, var_194) = 0 Then
loc_004027EC: call MSVBVM60.DLL.__vbaFpI4
Next var_48
loc_00402832: GoTo loc_00402719
End If
loc_00402837: var_AC = &H28
loc_00402841: var_B4 = 2
loc_00402847: var_BC = &H14
loc_00402851: var_C4 = 2
For var_48 = &H14 To &H28 Step 1
If var_48 <> esi Then
loc_0040288C: var_9C = &H14
loc_00402896: var_A4 = 2
loc_004028B1: call MSVBVM60.DLL.__vbaVarSub("", var_A4, var_48, "", ""8, var_C4, var_B4, var_A4, "")
loc_004028BA: MSVBVM60.DLL.__vbaVarSub("", var_A4, var_48, "", ""8, var_C4, var_B4, var_A4, "") = @CLng(%x2)
loc_004028BC: var_E0 = MSVBVM60.DLL.__vbaVarSub("", var_A4, var_48, "", ""8, var_C4, var_B4, var_A4, "")
If MSVBVM60.DLL.__vbaVarSub("", var_A4, var_48, "", ""8, var_C4, var_B4, var_A4, "") >= 101 Then
loc_004028C7: call MSVBVM60.DLL.__vbaGenerateBoundsError
End If
loc_004028CD: var_AC = &H13
loc_004028D7: var_B4 = 2
loc_004028F0: call MSVBVM60.DLL.__vbaVarSub(var_74, var_B4, var_48)
loc_004028F3: MSVBVM60.DLL.__vbaVarSub(var_74, var_B4, var_48) = @CLng(%x2)
If MSVBVM60.DLL.__vbaVarSub(var_74, var_B4, var_48) >= 101 Then
loc_004028FC: call MSVBVM60.DLL.__vbaGenerateBoundsError
End If
loc_00402907: var_BC = 2
loc_0040290D: var_C4 = 2
loc_00402925: call MSVBVM60.DLL.__vbaVarSub(""4, var_C4, var_48)
loc_00402928: MSVBVM60.DLL.__vbaVarSub(""4, var_C4, var_48) = @CLng(%x2)
If MSVBVM60.DLL.__vbaVarSub(""4, var_C4, var_48) >= 101 Then
loc_00402931: call MSVBVM60.DLL.__vbaGenerateBoundsError
End If
loc_0040293B: var_48 = @CLng(%x2)
If var_48 >= 101 Then
loc_00402944: call MSVBVM60.DLL.__vbaGenerateBoundsError
End If
loc_00402953: fild dword ptr [eax+edx*4]
loc_00402956: fstp real8 ptr var_1A0
loc_0040295C: fild dword ptr [eax+edi*4]
loc_0040295F: fstp real8 ptr var_1A8
loc_00402965: fld real8 ptr var_1A0
If var_405000 = 0 Then
loc_00402974: fdiv real8 ptr var_1A8
loc_0040297A: GoTo loc_0040298D
End If
loc_00402988: call MSVBVM60.DLL._adj_fdiv_m64(var_1A8, var_1A4)
loc_0040298D: 'Referenced from 0040297A
loc_0040298D: fstsw ax
If MSVBVM60.DLL._adj_fdiv_m64(var_1A8, var_1A4) = 0 Then
loc_00402997: call MSVBVM60.DLL.__vbaFpI4
Next var_48
loc_004029CA: GoTo loc_00402884
End If
loc_004029CF: var_9C = 1
loc_004029D9: var_A4 = 2
loc_004029DF: var_AC = &H64
loc_004029E9: var_B4 = 2
loc_004029F5: var_C4 = 2
For var_48 = "" To &H64 Step 1
If "" <> esi Then
loc_00402A4D: var_50 = Text1.Text
loc_00402A6F: var_48 = @CLng("")
If var_48 >= 101 Then
loc_00402A7C: call MSVBVM60.DLL.__vbaGenerateBoundsError("", arg_8, "", "", "", "", "", "", "")
End If
loc_00402A85: fild dword ptr [ecx+esi*4]
loc_00402A88: fstp real8 ptr var_1B0
loc_00402A92: call MSVBVM60.DLL.__vbaR8Str(var_50)
loc_00402A98: fcomp real8 ptr var_1B0
loc_00402A9E: fstsw ax
If MSVBVM60.DLL.__vbaR8Str(var_50) <> 0 Then
loc_00402AAA: GoTo loc_00402AAE
End If
loc_00402AAE: 'Referenced from 00402AAA
loc_00402AC0: neg esi
If esi <> 0 Then
loc_00402ACA: var_4C = var_4C + 00000001h
If Err.Number <> 0 Then GoTo loc_00402DA1
loc_00402AD3: var_4C = var_4C
End If
Next var_48
loc_00402AF3: GoTo loc_00402A28
End If
loc_00402AF8: var_5C = 1
loc_00402B0C: fmul real4 ptr [0040116Ch] ;
loc_00402B12: fstsw ax
If Rnd(2) = 0 Then
If CLng("") >= 101 Then
loc_00402B29: call MSVBVM60.DLL.__vbaGenerateBoundsError
End If
If var_4C > esi Then
loc_00402B51: var_8C = 80020004h
loc_00402B62: var_7C = 80020004h
loc_00402B6B: var_6C = 80020004h
loc_00402B71: var_9C = "WRONG!!!"
loc_00402B7B: var_A4 = 8
loc_00402BAB: MsgBox(10, esi, 10, ""4, 10)
loc_00402BC7: GoTo loc_00402CCB
End If
If Not Asm.z_flag Then
loc_00402BD7: var_8C = 80020004h
loc_00402BE8: var_7C = 80020004h
loc_00402BF1: var_6C = 80020004h
loc_00402BF7: var_9C = "WRONG!!!"
loc_00402C01: var_A4 = 8
loc_00402C31: MsgBox(10, esi, 10, ""4, 10)
loc_00402C4D: GoTo loc_00402CCB
loc_00402C54: var_8C = 80020004h
loc_00402C65: var_7C = 80020004h
loc_00402C6E: var_6C = 80020004h
loc_00402C74: var_9C = "WRONG"
loc_00402C7E: var_A4 = 8
loc_00402CAB: 'Referenced from 00402615
loc_00402CAF: MsgBox(10, 00000000h, 10, ""4, 10)
loc_00402CCB: 'Referenced from 00402BC7
End If
loc_00402CD6: call Exit Sub("", ""4, "", "")
loc_00402CE2: GoTo loc_00402D18
loc_00402D17: Exit Sub
loc_00402D18: 'Referenced from 00402CE2
loc_00402D6D: call MSVBVM60.DLL.__vbaAryDestruct(00000000h, var_34)
loc_00402D7C: Exit Sub
loc_00402D99: Exit Sub
End If
End If
End If
loc_00402D9C: GoTo loc_MSVBVM60.DLL.__vbaFPException
loc_00402DA1: 'Referenced from 0402ACD
loc_00402DA1: call MSVBVM60.DLL.__vbaErrorOverflow
End Sub
|
能力值:
( LV2,RANK:10 )
|
-
-
6 楼
VB Decompiler果然很强大!
以前总是OD手跟VB,很是痛苦,但是手跟VB有很大的益处。。。。至少培养耐心啊
|
能力值:
( LV2,RANK:10 )
|
-
-
7 楼
早上起来,很期待,先谢谢斑竹的指点,正在按你说的试 激动啊。。。
|
能力值:
( LV2,RANK:10 )
|
-
-
8 楼
我动态跟踪了,差点没晕死,跟了1个小时都还在里面 CALL 和RET
其实这个程序前面就3个大分支
00401B3C 00 db 00
00401B3D 00 db 00
00401B3E 00 db 00
00401B3F 00 db 00
00401B40 . 816C24 04 3F0>sub dword ptr [esp+4], 3F
00401B48 . E9 23090000 jmp 00402470 跳往CmdLoad_Click()
00401B4D . 816C24 04 FFF>sub dword ptr [esp+4], 0FFFF
00401B55 . E9 56120000 jmp 00402DB0 跳往注册后主程序PRO
00401B5A . 816C24 04 FFF>sub dword ptr [esp+4], 0FFFF
00401B62 . E9 59260000 jmp 004041C0 跳往GetFileName()
00401B67 00 db 00
00401B68 00 db 00
00401B69 00 db 00
00401B6A 00 db 00
00401B6B 00 db 00
但是我搞不定,沉沦了。。。。。帮我指明方向吧 谢谢
|
能力值:
![]()
(RANK:260 )
|
-
-
12 楼
不知道你在干什么。VB Decompiler已经告诉你了,按钮响应函数是402470,你直接bp 402470,F9,按确定,中断,分析,OK。
哪里什么call和ret。
不知道你在干什么。
|
能力值:
( LV7,RANK:110 )
|
-
-
13 楼
00402576 . FF15 DC104000 call dword ptr [<&MSVBVM60.__vbaR8Str>; MSVBVM60.__vbaR8Str<=========注册码变成浮点数在ST1中
0040257C . FF15 30114000 call dword ptr [<&MSVBVM60.__vbaFPInt>; MSVBVM60.__vbaFPInt
00402582 . FF15 64104000 call dword ptr [<&MSVBVM60.__vbaFpR8>>; MSVBVM60.__vbaFpR8
00402588 . DC1D 70114000 fcomp qword ptr [401170]
0040258E . DFE0 fstsw ax<======请问是什么意思??
00402590 . F6C4 40 test ah, 40
|
能力值:
( LV2,RANK:10 )
|
-
-
15 楼
不知道你在干什么。[/QUOTE]
我拿od跟了啊 在断点处是找不到我输入的试验密码,觉得里面把输入给处理了. 在跟踪时我很细心和耐心 遇到的call我都按F7跟进去 所以才很多的 谢谢版主的关注
FSTSW AX
保存状态字的值到AX
AX<- MSW
FSTSW dest
保存状态字的值到dest
dest<-MSW (mem16)
|
能力值:
( LV2,RANK:10 )
|
-
-
16 楼
0040257C . FF15 30...[/QUOTE]
谢谢柳州小林 你跟到了变成浮点?下面可不可能看看od里面找到后面算法.
|
能力值:
( LV2,RANK:10 )
|
-
-
17 楼
[QUOTE=柳州小林;576230]00402576 . FF15 DC104000 call dword ptr [<&MSVBVM60.__vbaR8Str>; MSVBVM60.__vbaR8Str<=========注册码变成浮点数在ST1中
0040257C . FF15 30...[/QUOTE]
FSTSW AX
保存状态字的值到AX
AX<- MSW
FSTSW dest
保存状态字的值到dest
dest<-MSW (mem16)
|
