-
-
[旧帖] [求助][求助]一个VB多重验证的破解 0.00雪花
-
发表于: 2009-2-16 22:01 2807
-
一个星期前我下了一个摇钱树软件,PEID查为VB程序。OD载入,到注册处下断
......
......
00BFE380 . FF15 34104000 call dword ptr [<&MSVBVM60.__vbaStrVa>; MSVBVM60.__vbaStrVarMove
00BFE386 . 8945 A8 mov dword ptr [ebp-58], eax ; 显示假码
00BFE389 . C745 A0 08000>mov dword ptr [ebp-60], 8
00BFE390 . 8D55 A0 lea edx, dword ptr [ebp-60]
00BFE393 . 52 push edx
00BFE394 . 8D45 90 lea eax, dword ptr [ebp-70]
00BFE397 . 50 push eax
00BFE398 . FF15 40114000 call dword ptr [<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar
00BFE39E . 8B0D 047CE500 mov ecx, dword ptr [E57C04] ; 显示机器码
00BFE3A4 . 51 push ecx
00BFE3A5 . E8 1690EFFF call 00AF73C0
00BFE3AA . 8BD0 mov edx, eax ; 应该是注册码,不然下面会跳到注册失败的页面
00BFE3AC . 8D4D D8 lea ecx, dword ptr [ebp-28]
00BFE3AF . FF15 C0134000 call dword ptr [<&MSVBVM60.__vbaStrMo>; MSVBVM60.__vbaStrMove
00BFE3B5 . 50 push eax ; /String
00BFE3B6 . FF15 30104000 call dword ptr [<&MSVBVM60.__vbaLenBs>; \__vbaLenBstr
00BFE3BC . 8945 88 mov dword ptr [ebp-78], eax
00BFE3BF . C745 80 03000>mov dword ptr [ebp-80], 3
00BFE3C6 . 8D55 80 lea edx, dword ptr [ebp-80]
00BFE3C9 . 52 push edx ; /Length8
00BFE3CA . 6A 01 push 1 ; |Start = 1
00BFE3CC . 8D45 90 lea eax, dword ptr [ebp-70] ; |
00BFE3CF . 50 push eax ; |dString8
00BFE3D0 . 8D8D 70FFFFFF lea ecx, dword ptr [ebp-90] ; |
00BFE3D6 . 51 push ecx ; |RetBUFFER
00BFE3D7 . FF15 6C114000 call dword ptr [<&MSVBVM60.#632>] ; \rtcMidCharVar
00BFE3DD . 8B15 047CE500 mov edx, dword ptr [E57C04]
00BFE3E3 . 52 push edx
00BFE3E4 . E8 D78FEFFF call 00AF73C0
00BFE3E9 . 8985 68FFFFFF mov dword ptr [ebp-98], eax
00BFE3EF . C785 60FFFFFF>mov dword ptr [ebp-A0], 8008
00BFE3F9 . 8D85 70FFFFFF lea eax, dword ptr [ebp-90]
00BFE3FF . 50 push eax ; /var18
00BFE400 . 8D8D 60FFFFFF lea ecx, dword ptr [ebp-A0] ; |
00BFE406 . 51 push ecx ; |var28
00BFE407 . FF15 44134000 call dword ptr [<&MSVBVM60.__vbaVarTs>; \__vbaVarTstNe
00BFE40D . 66:8BF8 mov di, ax
00BFE410 . 8D4D D8 lea ecx, dword ptr [ebp-28]
00BFE413 . FF15 20144000 call dword ptr [<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr
00BFE419 . 8D4D C8 lea ecx, dword ptr [ebp-38]
00BFE41C . FF15 24144000 call dword ptr [<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObj
00BFE422 . 8D95 60FFFFFF lea edx, dword ptr [ebp-A0]
00BFE428 . 52 push edx
00BFE429 . 8D85 70FFFFFF lea eax, dword ptr [ebp-90]
00BFE42F . 50 push eax
00BFE430 . 8D4D 80 lea ecx, dword ptr [ebp-80]
00BFE433 . 51 push ecx
00BFE434 . 8D55 90 lea edx, dword ptr [ebp-70]
00BFE437 . 52 push edx
00BFE438 . 8D45 A0 lea eax, dword ptr [ebp-60]
00BFE43B . 50 push eax
00BFE43C . 8D4D B0 lea ecx, dword ptr [ebp-50]
00BFE43F . 51 push ecx
00BFE440 . 6A 06 push 6
00BFE442 . FF15 44104000 call dword ptr [<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
00BFE448 . 83C4 1C add esp, 1C
00BFE44B . 66:85FF test di, di
00BFE44E . 0F84 BC000000 je 00BFE510 ; 关键跳,否则跳出注册码不正确
00BFE454 . B8 04000280 mov eax, 80020004
00BFE459 . 8945 88 mov dword ptr [ebp-78], eax
00BFE45C . B9 0A000000 mov ecx, 0A
00BFE461 . 894D 80 mov dword ptr [ebp-80], ecx
00BFE464 . 8945 98 mov dword ptr [ebp-68], eax
00BFE467 . 894D 90 mov dword ptr [ebp-70], ecx
00BFE46A . C785 38FFFFFF>mov dword ptr [ebp-C8], 00485034 ; ASCII "衏:y"
......
......
然后我输入上面正确的注册码,关键跳跳过去了,下面应该是比较注册码长度,和其它,我不知道怎么分析了
00BFE510 > \6A 00 push 0
00BFE512 . 6A 00 push 0
00BFE514 . 8B0E mov ecx, dword ptr [esi] ;
00BFE516 . 56 push esi
00BFE517 . FF91 48030000 call dword ptr [ecx+348] ;
00BFE51D . 50 push eax ;
00BFE51E . 8D55 C8 lea edx, dword ptr [ebp-38] ;
00BFE521 . 52 push edx ;
00BFE522 . FFD3 call ebx
00BFE524 . 50 push eax
00BFE525 . 8D45 B0 lea eax, dword ptr [ebp-50] ;
00BFE528 . 50 push eax
00BFE529 . FF15 F4114000 call dword ptr [<&MSVBVM60.__vbaLateIdCallLd>; MSVBVM60.__vbaLateIdCallLd
00BFE52F . 83C4 10 add esp, 10
00BFE532 . 50 push eax
00BFE533 . FF15 34104000 call dword ptr [<&MSVBVM60.__vbaStrVarMove>] ; MSVBVM60.__vbaStrVarMove
00BFE539 . 8945 A8 mov dword ptr [ebp-58], eax ; 调出输入注册码
00BFE53C . C745 A0 08000>mov dword ptr [ebp-60], 8
00BFE543 . 8D4D A0 lea ecx, dword ptr [ebp-60]
00BFE546 . 51 push ecx
00BFE547 . 8D55 90 lea edx, dword ptr [ebp-70]
00BFE54A . 52 push edx
00BFE54B . FF15 40114000 call dword ptr [<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar
00BFE551 . A1 047CE500 mov eax, dword ptr [E57C04]
00BFE556 . 50 push eax ; 机器码
00BFE557 . E8 648EEFFF call 00AF73C0
00BFE55C . 8BD0 mov edx, eax
00BFE55E . 8D4D D0 lea ecx, dword ptr [ebp-30]
00BFE561 . 8B3D C0134000 mov edi, dword ptr [<&MSVBVM60.__vbaStrMove>; MSVBVM60.__vbaStrMove
00BFE567 . FFD7 call edi ; <&MSVBVM60.__vbaStrMove>
00BFE569 . C745 88 04000>mov dword ptr [ebp-78], 80020004
00BFE570 . C745 80 0A000>mov dword ptr [ebp-80], 0A
00BFE577 . 8B55 D0 mov edx, dword ptr [ebp-30] ; 显示前上面注册码
00BFE57A . C745 D0 00000>mov dword ptr [ebp-30], 0
00BFE581 . 8D4D 80 lea ecx, dword ptr [ebp-80]
00BFE584 . 51 push ecx
00BFE585 . 8D4D D8 lea ecx, dword ptr [ebp-28]
00BFE588 . FFD7 call edi
00BFE58A . 50 push eax ; |/String
00BFE58B . FF15 30104000 call dword ptr [<&MSVBVM60.__vbaLenBstr>] ;
00BFE591 83C0 01 add eax, 1
00BFE594 . 0F80 E3210000 jo 00C0077D ;
00BFE594 . /0F80 E3210000 jo 00C0077D ; |长跳
00BFE59A . |50 push eax ; |Start
00BFE59B . |8D55 90 lea edx, dword ptr [ebp-70] ; |
00BFE59E . |52 push edx ; |dString8
00BFE59F . |8D85 70FFFFFF lea eax, dword ptr [ebp-90] ; |
00BFE5A5 . |50 push eax ; |RetBUFFER
00BFE5A6 . |FF15 6C114000 call dword ptr [<&MSVBVM60.#632>] ; \rtcMidCharVar
00BFE5AC . |8D8D 70FFFFFF lea ecx, dword ptr [ebp-90]
00BFE5B2 . |51 push ecx ; /String8
00BFE5B3 . |8D55 D4 lea edx, dword ptr [ebp-2C] ; |
00BFE5B6 . |52 push edx ; |ARG2
00BFE5B7 . |FF15 B0124000 call dword ptr [<&MSVBVM60.__vbaStrVarVal>] ; \__vbaStrVarVal
00BFE5BD . |50 push eax
00BFE5BE . |E8 BD94EFFF call 00AF7A80
00BFE5C3 . |8985 68FFFFFF mov dword ptr [ebp-98], eax
00BFE5C9 . |C785 60FFFFFF>mov dword ptr [ebp-A0], 8
00BFE5D3 . |8D85 60FFFFFF lea eax, dword ptr [ebp-A0]
00BFE5D9 . |50 push eax
00BFE5DA . |8D8D 50FFFFFF lea ecx, dword ptr [ebp-B0]
00BFE5E0 . |51 push ecx
00BFE5E1 . |FF15 40114000 call dword ptr [<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar
00BFE5E7 . |8D95 50FFFFFF lea edx, dword ptr [ebp-B0]
00BFE5ED . |52 push edx
00BFE5EE . |FF15 4C134000 call dword ptr [<&MSVBVM60.__vbaI4Var>] ; 提示注册码不正确
00BFE5F4 . |8D45 D0 lea eax, dword ptr [ebp-30]
00BFE5F7 . |50 push eax
00BFE5F8 . |8D4D D4 lea ecx, dword ptr [ebp-2C]
00BFE5FB . |51 push ecx
00BFE5FC . |8D55 D8 lea edx, dword ptr [ebp-28]
00BFE5FF . |52 push edx
00BFE600 . |6A 03 push 3
00BFE602 . |FF15 20134000 call dword ptr [<&MSVBVM60.__vbaFreeStrList>>; MSVBVM60.__vbaFreeStrList
00BFE608 . |83C4 10 add esp, 10
00BFE60B . |8D4D C8 lea ecx, dword ptr [ebp-38]
00BFE60E . |FF15 24144000 call dword ptr [<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
00BFE614 . |8D85 50FFFFFF lea eax, dword ptr [ebp-B0]
00BFE61A . |50 push eax
00BFE61B . |8D8D 60FFFFFF lea ecx, dword ptr [ebp-A0]
00BFE621 . |51 push ecx
00BFE622 . |8D95 70FFFFFF lea edx, dword ptr [ebp-90]
00BFE628 . |52 push edx
00BFE629 . |8D45 80 lea eax, dword ptr [ebp-80]
00BFE62C . |50 push eax
00BFE62D . |8D4D 90 lea ecx, dword ptr [ebp-70]
00BFE630 . |51 push ecx
00BFE631 . |8D55 A0 lea edx, dword ptr [ebp-60]
00BFE634 . |52 push edx
00BFE635 . |8D45 B0 lea eax, dword ptr [ebp-50]
00BFE638 . |50 push eax
00BFE639 . |6A 07 push 7
00BFE63B . |FF15 44104000 call dword ptr [<&MSVBVM60.__vbaFreeVarList>>; MSVBVM60.__vbaFreeVarList
00BFE641 . |83C4 20 add esp, 20
00BFE644 . |8B45 DC mov eax, dword ptr [ebp-24]
00BFE647 . |85C0 test eax, eax
00BFE649 . |75 12 jnz short 00BFE65D
00BFE64B . |8D4D DC lea ecx, dword ptr [ebp-24]
00BFE64E . |51 push ecx
00BFE64F . |68 00364800 push 00483600
00BFE654 . |FF15 E8124000 call dword ptr [<&MSVBVM60.__vbaNew2>] ; MSVBVM60.__vbaNew2
00BFE65A . |8B45 DC mov eax, dword ptr [ebp-24]
00BFE65D > |8BF8 mov edi, eax
00BFE65F . |8B10 mov edx, dword ptr [eax]
00BFE661 . |8D8D 08FFFFFF lea ecx, dword ptr [ebp-F8]
00BFE667 . |51 push ecx
00BFE668 . |50 push eax
00BFE669 . |FF92 DC000000 call dword ptr [edx+DC]
00BFE66F . |DBE2 fclex
00BFE671 . |85C0 test eax, eax
00BFE673 . |7D 12 jge short 00BFE687
00BFE675 . |68 DC000000 push 0DC
00BFE67A . |68 10364800 push 00483610
00BFE67F . |57 push edi
00BFE680 . |50 push eax
00BFE681 . |FF15 C0104000 call dword ptr [<&MSVBVM60.__vbaHresultCheck>; MSVBVM60.__vbaHresultCheckObj
00BFE687 > |83BD 08FFFFFF>cmp dword ptr [ebp-F8], 1
00BFE68E . |75 3C jnz short 00BFE6CC
00BFE690 . |8B45 DC mov eax, dword ptr [ebp-24]
00BFE693 . |85C0 test eax, eax
00BFE695 . |75 12 jnz short 00BFE6A9
00BFE697 . |8D55 DC lea edx, dword ptr [ebp-24]
00BFE69A . |52 push edx
00BFE69B . |68 00364800 push 00483600
00BFE6A0 . |FF15 E8124000 call dword ptr [<&MSVBVM60.__vbaNew2>] ; MSVBVM60.__vbaNew2
00BFE6A6 . |8B45 DC mov eax, dword ptr [ebp-24]
00BFE6A9 > |8BF8 mov edi, eax
00BFE6AB . |8B08 mov ecx, dword ptr [eax]
00BFE6AD . |50 push eax
00BFE6AE . |FF91 80000000 call dword ptr [ecx+80]
00BFE6B4 . |DBE2 fclex
00BFE6B6 . |85C0 test eax, eax
00BFE6B8 . |7D 12 jge short 00BFE6CC
00BFE6BA . |68 80000000 push 80
00BFE6BF . |68 10364800 push 00483610
00BFE6C4 . |57 push edi
00BFE6C5 . |50 push eax
00BFE6C6 . |FF15 C0104000 call dword ptr [<&MSVBVM60.__vbaHresultCheck>; MSVBVM60.__vbaHresultCheckObj
00BFE6CC > |8B45 DC mov eax, dword ptr [ebp-24]
00BFE6CF . |85C0 test eax, eax
00BFE6D1 . |75 0F jnz short 00BFE6E2
00BFE6D3 . |8D55 DC lea edx, dword ptr [ebp-24]
00BFE6D6 . |52 push edx
00BFE6D7 . |68 00364800 push 00483600
00BFE6DC . |FF15 E8124000 call dword ptr [<&MSVBVM60.__vbaNew2>] ; MSVBVM60.__vbaNew2
00BFE6E2 > |8B7D DC mov edi, dword ptr [ebp-24]
00BFE6E5 . |A1 D47AE500 mov eax, dword ptr [E57AD4]
00BFE6EA . |85C0 test eax, eax
00BFE6EC . |75 10 jnz short 00BFE6FE
00BFE6EE . |68 D47AE500 push 00E57AD4
00BFE6F3 . |68 844B4800 push 00484B84
00BFE6F8 . |FF15 E8124000 call dword ptr [<&MSVBVM60.__vbaNew2>] ; MSVBVM60.__vbaNew2
00BFE6FE > |A1 D47AE500 mov eax, dword ptr [E57AD4]
00BFE703 . |8985 38FFFFFF mov dword ptr [ebp-C8], eax
00BFE709 . |B8 09000000 mov eax, 9
00BFE70E . |8985 30FFFFFF mov dword ptr [ebp-D0], eax
这个怎么分析啊?
......
......
00BFE380 . FF15 34104000 call dword ptr [<&MSVBVM60.__vbaStrVa>; MSVBVM60.__vbaStrVarMove
00BFE386 . 8945 A8 mov dword ptr [ebp-58], eax ; 显示假码
00BFE389 . C745 A0 08000>mov dword ptr [ebp-60], 8
00BFE390 . 8D55 A0 lea edx, dword ptr [ebp-60]
00BFE393 . 52 push edx
00BFE394 . 8D45 90 lea eax, dword ptr [ebp-70]
00BFE397 . 50 push eax
00BFE398 . FF15 40114000 call dword ptr [<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar
00BFE39E . 8B0D 047CE500 mov ecx, dword ptr [E57C04] ; 显示机器码
00BFE3A4 . 51 push ecx
00BFE3A5 . E8 1690EFFF call 00AF73C0
00BFE3AA . 8BD0 mov edx, eax ; 应该是注册码,不然下面会跳到注册失败的页面
00BFE3AC . 8D4D D8 lea ecx, dword ptr [ebp-28]
00BFE3AF . FF15 C0134000 call dword ptr [<&MSVBVM60.__vbaStrMo>; MSVBVM60.__vbaStrMove
00BFE3B5 . 50 push eax ; /String
00BFE3B6 . FF15 30104000 call dword ptr [<&MSVBVM60.__vbaLenBs>; \__vbaLenBstr
00BFE3BC . 8945 88 mov dword ptr [ebp-78], eax
00BFE3BF . C745 80 03000>mov dword ptr [ebp-80], 3
00BFE3C6 . 8D55 80 lea edx, dword ptr [ebp-80]
00BFE3C9 . 52 push edx ; /Length8
00BFE3CA . 6A 01 push 1 ; |Start = 1
00BFE3CC . 8D45 90 lea eax, dword ptr [ebp-70] ; |
00BFE3CF . 50 push eax ; |dString8
00BFE3D0 . 8D8D 70FFFFFF lea ecx, dword ptr [ebp-90] ; |
00BFE3D6 . 51 push ecx ; |RetBUFFER
00BFE3D7 . FF15 6C114000 call dword ptr [<&MSVBVM60.#632>] ; \rtcMidCharVar
00BFE3DD . 8B15 047CE500 mov edx, dword ptr [E57C04]
00BFE3E3 . 52 push edx
00BFE3E4 . E8 D78FEFFF call 00AF73C0
00BFE3E9 . 8985 68FFFFFF mov dword ptr [ebp-98], eax
00BFE3EF . C785 60FFFFFF>mov dword ptr [ebp-A0], 8008
00BFE3F9 . 8D85 70FFFFFF lea eax, dword ptr [ebp-90]
00BFE3FF . 50 push eax ; /var18
00BFE400 . 8D8D 60FFFFFF lea ecx, dword ptr [ebp-A0] ; |
00BFE406 . 51 push ecx ; |var28
00BFE407 . FF15 44134000 call dword ptr [<&MSVBVM60.__vbaVarTs>; \__vbaVarTstNe
00BFE40D . 66:8BF8 mov di, ax
00BFE410 . 8D4D D8 lea ecx, dword ptr [ebp-28]
00BFE413 . FF15 20144000 call dword ptr [<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStr
00BFE419 . 8D4D C8 lea ecx, dword ptr [ebp-38]
00BFE41C . FF15 24144000 call dword ptr [<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObj
00BFE422 . 8D95 60FFFFFF lea edx, dword ptr [ebp-A0]
00BFE428 . 52 push edx
00BFE429 . 8D85 70FFFFFF lea eax, dword ptr [ebp-90]
00BFE42F . 50 push eax
00BFE430 . 8D4D 80 lea ecx, dword ptr [ebp-80]
00BFE433 . 51 push ecx
00BFE434 . 8D55 90 lea edx, dword ptr [ebp-70]
00BFE437 . 52 push edx
00BFE438 . 8D45 A0 lea eax, dword ptr [ebp-60]
00BFE43B . 50 push eax
00BFE43C . 8D4D B0 lea ecx, dword ptr [ebp-50]
00BFE43F . 51 push ecx
00BFE440 . 6A 06 push 6
00BFE442 . FF15 44104000 call dword ptr [<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
00BFE448 . 83C4 1C add esp, 1C
00BFE44B . 66:85FF test di, di
00BFE44E . 0F84 BC000000 je 00BFE510 ; 关键跳,否则跳出注册码不正确
00BFE454 . B8 04000280 mov eax, 80020004
00BFE459 . 8945 88 mov dword ptr [ebp-78], eax
00BFE45C . B9 0A000000 mov ecx, 0A
00BFE461 . 894D 80 mov dword ptr [ebp-80], ecx
00BFE464 . 8945 98 mov dword ptr [ebp-68], eax
00BFE467 . 894D 90 mov dword ptr [ebp-70], ecx
00BFE46A . C785 38FFFFFF>mov dword ptr [ebp-C8], 00485034 ; ASCII "衏:y"
......
......
然后我输入上面正确的注册码,关键跳跳过去了,下面应该是比较注册码长度,和其它,我不知道怎么分析了
00BFE510 > \6A 00 push 0
00BFE512 . 6A 00 push 0
00BFE514 . 8B0E mov ecx, dword ptr [esi] ;
00BFE516 . 56 push esi
00BFE517 . FF91 48030000 call dword ptr [ecx+348] ;
00BFE51D . 50 push eax ;
00BFE51E . 8D55 C8 lea edx, dword ptr [ebp-38] ;
00BFE521 . 52 push edx ;
00BFE522 . FFD3 call ebx
00BFE524 . 50 push eax
00BFE525 . 8D45 B0 lea eax, dword ptr [ebp-50] ;
00BFE528 . 50 push eax
00BFE529 . FF15 F4114000 call dword ptr [<&MSVBVM60.__vbaLateIdCallLd>; MSVBVM60.__vbaLateIdCallLd
00BFE52F . 83C4 10 add esp, 10
00BFE532 . 50 push eax
00BFE533 . FF15 34104000 call dword ptr [<&MSVBVM60.__vbaStrVarMove>] ; MSVBVM60.__vbaStrVarMove
00BFE539 . 8945 A8 mov dword ptr [ebp-58], eax ; 调出输入注册码
00BFE53C . C745 A0 08000>mov dword ptr [ebp-60], 8
00BFE543 . 8D4D A0 lea ecx, dword ptr [ebp-60]
00BFE546 . 51 push ecx
00BFE547 . 8D55 90 lea edx, dword ptr [ebp-70]
00BFE54A . 52 push edx
00BFE54B . FF15 40114000 call dword ptr [<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar
00BFE551 . A1 047CE500 mov eax, dword ptr [E57C04]
00BFE556 . 50 push eax ; 机器码
00BFE557 . E8 648EEFFF call 00AF73C0
00BFE55C . 8BD0 mov edx, eax
00BFE55E . 8D4D D0 lea ecx, dword ptr [ebp-30]
00BFE561 . 8B3D C0134000 mov edi, dword ptr [<&MSVBVM60.__vbaStrMove>; MSVBVM60.__vbaStrMove
00BFE567 . FFD7 call edi ; <&MSVBVM60.__vbaStrMove>
00BFE569 . C745 88 04000>mov dword ptr [ebp-78], 80020004
00BFE570 . C745 80 0A000>mov dword ptr [ebp-80], 0A
00BFE577 . 8B55 D0 mov edx, dword ptr [ebp-30] ; 显示前上面注册码
00BFE57A . C745 D0 00000>mov dword ptr [ebp-30], 0
00BFE581 . 8D4D 80 lea ecx, dword ptr [ebp-80]
00BFE584 . 51 push ecx
00BFE585 . 8D4D D8 lea ecx, dword ptr [ebp-28]
00BFE588 . FFD7 call edi
00BFE58A . 50 push eax ; |/String
00BFE58B . FF15 30104000 call dword ptr [<&MSVBVM60.__vbaLenBstr>] ;
00BFE591 83C0 01 add eax, 1
00BFE594 . 0F80 E3210000 jo 00C0077D ;
00BFE594 . /0F80 E3210000 jo 00C0077D ; |长跳
00BFE59A . |50 push eax ; |Start
00BFE59B . |8D55 90 lea edx, dword ptr [ebp-70] ; |
00BFE59E . |52 push edx ; |dString8
00BFE59F . |8D85 70FFFFFF lea eax, dword ptr [ebp-90] ; |
00BFE5A5 . |50 push eax ; |RetBUFFER
00BFE5A6 . |FF15 6C114000 call dword ptr [<&MSVBVM60.#632>] ; \rtcMidCharVar
00BFE5AC . |8D8D 70FFFFFF lea ecx, dword ptr [ebp-90]
00BFE5B2 . |51 push ecx ; /String8
00BFE5B3 . |8D55 D4 lea edx, dword ptr [ebp-2C] ; |
00BFE5B6 . |52 push edx ; |ARG2
00BFE5B7 . |FF15 B0124000 call dword ptr [<&MSVBVM60.__vbaStrVarVal>] ; \__vbaStrVarVal
00BFE5BD . |50 push eax
00BFE5BE . |E8 BD94EFFF call 00AF7A80
00BFE5C3 . |8985 68FFFFFF mov dword ptr [ebp-98], eax
00BFE5C9 . |C785 60FFFFFF>mov dword ptr [ebp-A0], 8
00BFE5D3 . |8D85 60FFFFFF lea eax, dword ptr [ebp-A0]
00BFE5D9 . |50 push eax
00BFE5DA . |8D8D 50FFFFFF lea ecx, dword ptr [ebp-B0]
00BFE5E0 . |51 push ecx
00BFE5E1 . |FF15 40114000 call dword ptr [<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar
00BFE5E7 . |8D95 50FFFFFF lea edx, dword ptr [ebp-B0]
00BFE5ED . |52 push edx
00BFE5EE . |FF15 4C134000 call dword ptr [<&MSVBVM60.__vbaI4Var>] ; 提示注册码不正确
00BFE5F4 . |8D45 D0 lea eax, dword ptr [ebp-30]
00BFE5F7 . |50 push eax
00BFE5F8 . |8D4D D4 lea ecx, dword ptr [ebp-2C]
00BFE5FB . |51 push ecx
00BFE5FC . |8D55 D8 lea edx, dword ptr [ebp-28]
00BFE5FF . |52 push edx
00BFE600 . |6A 03 push 3
00BFE602 . |FF15 20134000 call dword ptr [<&MSVBVM60.__vbaFreeStrList>>; MSVBVM60.__vbaFreeStrList
00BFE608 . |83C4 10 add esp, 10
00BFE60B . |8D4D C8 lea ecx, dword ptr [ebp-38]
00BFE60E . |FF15 24144000 call dword ptr [<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
00BFE614 . |8D85 50FFFFFF lea eax, dword ptr [ebp-B0]
00BFE61A . |50 push eax
00BFE61B . |8D8D 60FFFFFF lea ecx, dword ptr [ebp-A0]
00BFE621 . |51 push ecx
00BFE622 . |8D95 70FFFFFF lea edx, dword ptr [ebp-90]
00BFE628 . |52 push edx
00BFE629 . |8D45 80 lea eax, dword ptr [ebp-80]
00BFE62C . |50 push eax
00BFE62D . |8D4D 90 lea ecx, dword ptr [ebp-70]
00BFE630 . |51 push ecx
00BFE631 . |8D55 A0 lea edx, dword ptr [ebp-60]
00BFE634 . |52 push edx
00BFE635 . |8D45 B0 lea eax, dword ptr [ebp-50]
00BFE638 . |50 push eax
00BFE639 . |6A 07 push 7
00BFE63B . |FF15 44104000 call dword ptr [<&MSVBVM60.__vbaFreeVarList>>; MSVBVM60.__vbaFreeVarList
00BFE641 . |83C4 20 add esp, 20
00BFE644 . |8B45 DC mov eax, dword ptr [ebp-24]
00BFE647 . |85C0 test eax, eax
00BFE649 . |75 12 jnz short 00BFE65D
00BFE64B . |8D4D DC lea ecx, dword ptr [ebp-24]
00BFE64E . |51 push ecx
00BFE64F . |68 00364800 push 00483600
00BFE654 . |FF15 E8124000 call dword ptr [<&MSVBVM60.__vbaNew2>] ; MSVBVM60.__vbaNew2
00BFE65A . |8B45 DC mov eax, dword ptr [ebp-24]
00BFE65D > |8BF8 mov edi, eax
00BFE65F . |8B10 mov edx, dword ptr [eax]
00BFE661 . |8D8D 08FFFFFF lea ecx, dword ptr [ebp-F8]
00BFE667 . |51 push ecx
00BFE668 . |50 push eax
00BFE669 . |FF92 DC000000 call dword ptr [edx+DC]
00BFE66F . |DBE2 fclex
00BFE671 . |85C0 test eax, eax
00BFE673 . |7D 12 jge short 00BFE687
00BFE675 . |68 DC000000 push 0DC
00BFE67A . |68 10364800 push 00483610
00BFE67F . |57 push edi
00BFE680 . |50 push eax
00BFE681 . |FF15 C0104000 call dword ptr [<&MSVBVM60.__vbaHresultCheck>; MSVBVM60.__vbaHresultCheckObj
00BFE687 > |83BD 08FFFFFF>cmp dword ptr [ebp-F8], 1
00BFE68E . |75 3C jnz short 00BFE6CC
00BFE690 . |8B45 DC mov eax, dword ptr [ebp-24]
00BFE693 . |85C0 test eax, eax
00BFE695 . |75 12 jnz short 00BFE6A9
00BFE697 . |8D55 DC lea edx, dword ptr [ebp-24]
00BFE69A . |52 push edx
00BFE69B . |68 00364800 push 00483600
00BFE6A0 . |FF15 E8124000 call dword ptr [<&MSVBVM60.__vbaNew2>] ; MSVBVM60.__vbaNew2
00BFE6A6 . |8B45 DC mov eax, dword ptr [ebp-24]
00BFE6A9 > |8BF8 mov edi, eax
00BFE6AB . |8B08 mov ecx, dword ptr [eax]
00BFE6AD . |50 push eax
00BFE6AE . |FF91 80000000 call dword ptr [ecx+80]
00BFE6B4 . |DBE2 fclex
00BFE6B6 . |85C0 test eax, eax
00BFE6B8 . |7D 12 jge short 00BFE6CC
00BFE6BA . |68 80000000 push 80
00BFE6BF . |68 10364800 push 00483610
00BFE6C4 . |57 push edi
00BFE6C5 . |50 push eax
00BFE6C6 . |FF15 C0104000 call dword ptr [<&MSVBVM60.__vbaHresultCheck>; MSVBVM60.__vbaHresultCheckObj
00BFE6CC > |8B45 DC mov eax, dword ptr [ebp-24]
00BFE6CF . |85C0 test eax, eax
00BFE6D1 . |75 0F jnz short 00BFE6E2
00BFE6D3 . |8D55 DC lea edx, dword ptr [ebp-24]
00BFE6D6 . |52 push edx
00BFE6D7 . |68 00364800 push 00483600
00BFE6DC . |FF15 E8124000 call dword ptr [<&MSVBVM60.__vbaNew2>] ; MSVBVM60.__vbaNew2
00BFE6E2 > |8B7D DC mov edi, dword ptr [ebp-24]
00BFE6E5 . |A1 D47AE500 mov eax, dword ptr [E57AD4]
00BFE6EA . |85C0 test eax, eax
00BFE6EC . |75 10 jnz short 00BFE6FE
00BFE6EE . |68 D47AE500 push 00E57AD4
00BFE6F3 . |68 844B4800 push 00484B84
00BFE6F8 . |FF15 E8124000 call dword ptr [<&MSVBVM60.__vbaNew2>] ; MSVBVM60.__vbaNew2
00BFE6FE > |A1 D47AE500 mov eax, dword ptr [E57AD4]
00BFE703 . |8985 38FFFFFF mov dword ptr [ebp-C8], eax
00BFE709 . |B8 09000000 mov eax, 9
00BFE70E . |8985 30FFFFFF mov dword ptr [ebp-D0], eax
这个怎么分析啊?
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
赞赏
|
|
|---|---|
|
|
赞赏
雪币:
留言:
