PiaoYun's CrackMe 003 [简单得很,算法分析]
PiaoYun's CrackMe 003 [简单得很,算法分析]
目的:1.分析算法
2.KeyGen
爆破或者追码,就不要跟贴了,谢谢~~~ 沙发!谢谢~~~ Hard Code:
16552494952515167666666666666653310498990503033533333333333330
Serial:
559994242019800200000000000061
算法在分析中~ /:D
算法小结:(还没完成)
一、从机器码第五位起取30位设为A
二、机器码最后30位设为B
三、两个常数(600+800)的各(1400) 设为X《---正分析中~不知道是不是常数
三、A+B+X=注册码~
+++++++
0040F650 55 PUSH EBP
0040F651 8BEC MOV EBP,ESP
0040F653 83EC 0C SUB ESP,0C
0040F656 68 76174000 PUSH <JMP.&MSVBVM60.__vbaExcept>
0040F65B 64:A1 00000000 MOV EAX,DWORD PTR FS:
0040F661 50 PUSH EAX
0040F662 64:8925 00000000 MOV DWORD PTR FS:,ESP
0040F669 81EC D0000000 SUB ESP,0D0
0040F66F 53 PUSH EBX
0040F670 56 PUSH ESI
0040F671 57 PUSH EDI
0040F672 8965 F4 MOV DWORD PTR SS:,ESP
0040F675 C745 F8 18124000 MOV DWORD PTR SS:,1A58.0>
0040F67C 8B75 08 MOV ESI,DWORD PTR SS:
0040F67F 8BC6 MOV EAX,ESI
0040F681 83E0 01 AND EAX,1
0040F684 8945 FC MOV DWORD PTR SS:,EAX
0040F687 83E6 FE AND ESI,FFFFFFFE
0040F68A 56 PUSH ESI
0040F68B 8975 08 MOV DWORD PTR SS:,ESI
0040F68E 8B0E MOV ECX,DWORD PTR DS:
0040F690 FF51 04 CALL DWORD PTR DS:
0040F693 8B16 MOV EDX,DWORD PTR DS:
0040F695 33DB XOR EBX,EBX
0040F697 56 PUSH ESI
0040F698 895D E4 MOV DWORD PTR SS:,EBX
0040F69B 895D E0 MOV DWORD PTR SS:,EBX
0040F69E 895D DC MOV DWORD PTR SS:,EBX
0040F6A1 895D D8 MOV DWORD PTR SS:,EBX
0040F6A4 895D C8 MOV DWORD PTR SS:,EBX
0040F6A7 895D B8 MOV DWORD PTR SS:,EBX
0040F6AA 895D A8 MOV DWORD PTR SS:,EBX
0040F6AD 895D 98 MOV DWORD PTR SS:,EBX
0040F6B0 895D 88 MOV DWORD PTR SS:,EBX
0040F6B3 899D 78FFFFFF MOV DWORD PTR SS:,EBX
0040F6B9 899D 68FFFFFF MOV DWORD PTR SS:,EBX
0040F6BF 899D 58FFFFFF MOV DWORD PTR SS:,EBX
0040F6C5 895D E8 MOV DWORD PTR SS:,EBX
0040F6C8 FF92 00030000 CALL DWORD PTR DS:
0040F6CE 50 PUSH EAX
0040F6CF 8D45 D8 LEA EAX,DWORD PTR SS:
0040F6D2 50 PUSH EAX
0040F6D3 FF15 8C104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaObjSet
0040F6D9 8BF8 MOV EDI,EAX
0040F6DB 8D55 E0 LEA EDX,DWORD PTR SS:
0040F6DE 52 PUSH EDX
0040F6DF 57 PUSH EDI
0040F6E0 8B0F MOV ECX,DWORD PTR DS:
0040F6E2 FF91 A0000000 CALL DWORD PTR DS:
0040F6E8 3BC3 CMP EAX,EBX
0040F6EA DBE2 FCLEX
0040F6EC 7D 12 JGE SHORT 1A58.0040F700
0040F6EE 68 A0000000 PUSH 0A0
0040F6F3 68 743E4000 PUSH 1A58.00403E74
0040F6F8 57 PUSH EDI
0040F6F9 50 PUSH EAX
0040F6FA FF15 74104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaHresultCheckObj
0040F700 8B45 E0 MOV EAX,DWORD PTR SS: ; 机器码~
0040F703 8D4D C8 LEA ECX,DWORD PTR SS:
0040F706 8945 D0 MOV DWORD PTR SS:,EAX ; 放到位置
0040F709 8D45 B8 LEA EAX,DWORD PTR SS:
0040F70C 50 PUSH EAX
0040F70D 6A 05 PUSH 5
0040F70F 8D55 A8 LEA EDX,DWORD PTR SS:
0040F712 51 PUSH ECX
0040F713 52 PUSH EDX
0040F714 C745 C0 1E000000 MOV DWORD PTR SS:,1E
0040F71B C745 B8 02000000 MOV DWORD PTR SS:,2
0040F722 895D E0 MOV DWORD PTR SS:,EBX
0040F725 C745 C8 08000000 MOV DWORD PTR SS:,8
0040F72C FF15 AC104000 CALL DWORD PTR DS:[<&MSVBVM60.r>; MSVBVM60.rtcMidCharVar
0040F732 8D5E 34 LEA EBX,DWORD PTR DS:
0040F735 8D55 A8 LEA EDX,DWORD PTR SS:
0040F738 8BCB MOV ECX,EBX
0040F73A FF15 20104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaVarMove
0040F740 8D4D D8 LEA ECX,DWORD PTR SS:
0040F743 FF15 E8114000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaFreeObj
0040F749 8D45 A8 LEA EAX,DWORD PTR SS:
0040F74C 8D4D B8 LEA ECX,DWORD PTR SS:
0040F74F 50 PUSH EAX
0040F750 8D55 C8 LEA EDX,DWORD PTR SS:
0040F753 51 PUSH ECX
0040F754 52 PUSH EDX
0040F755 6A 03 PUSH 3
0040F757 FF15 38104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaFreeVarList
0040F75D 8B06 MOV EAX,DWORD PTR DS:
0040F75F 83C4 10 ADD ESP,10
0040F762 56 PUSH ESI
0040F763 FF90 00030000 CALL DWORD PTR DS:
0040F769 8D4D D8 LEA ECX,DWORD PTR SS:
0040F76C 50 PUSH EAX
0040F76D 51 PUSH ECX
0040F76E FF15 8C104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaObjSet
0040F774 8BF8 MOV EDI,EAX
0040F776 8D45 E0 LEA EAX,DWORD PTR SS:
0040F779 50 PUSH EAX
0040F77A 57 PUSH EDI
0040F77B 8B17 MOV EDX,DWORD PTR DS:
0040F77D FF92 A0000000 CALL DWORD PTR DS:
0040F783 85C0 TEST EAX,EAX
0040F785 DBE2 FCLEX
0040F787 7D 12 JGE SHORT 1A58.0040F79B
0040F789 68 A0000000 PUSH 0A0
0040F78E 68 743E4000 PUSH 1A58.00403E74
0040F793 57 PUSH EDI
0040F794 50 PUSH EAX
0040F795 FF15 74104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaHresultCheckObj
0040F79B 8B45 E0 MOV EAX,DWORD PTR SS: ; 机器码~
0040F79E 8D4D C8 LEA ECX,DWORD PTR SS:
0040F7A1 6A 1E PUSH 1E
0040F7A3 8D55 B8 LEA EDX,DWORD PTR SS:
0040F7A6 51 PUSH ECX
0040F7A7 52 PUSH EDX
0040F7A8 C745 E0 00000000 MOV DWORD PTR SS:,0
0040F7AF 8945 D0 MOV DWORD PTR SS:,EAX ; 机~
0040F7B2 C745 C8 08000000 MOV DWORD PTR SS:,8
0040F7B9 FF15 C8114000 CALL DWORD PTR DS:[<&MSVBVM60.r>; MSVBVM60.rtcRightCharVar
0040F7BF 8D7E 44 LEA EDI,DWORD PTR DS:
0040F7C2 8D55 B8 LEA EDX,DWORD PTR SS:
0040F7C5 8BCF MOV ECX,EDI
0040F7C7 FF15 20104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaVarMove
0040F7CD 8D4D D8 LEA ECX,DWORD PTR SS:
0040F7D0 FF15 E8114000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaFreeObj
0040F7D6 8D45 B8 LEA EAX,DWORD PTR SS:
0040F7D9 8D4D C8 LEA ECX,DWORD PTR SS:
0040F7DC 50 PUSH EAX
0040F7DD 51 PUSH ECX
0040F7DE 6A 02 PUSH 2
0040F7E0 FF15 38104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaFreeVarList
0040F7E6 83C4 0C ADD ESP,0C
0040F7E9 57 PUSH EDI
0040F7EA FF15 48104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaStrErrVarCopy
0040F7F0 8B3D C4114000 MOV EDI,DWORD PTR DS:[<&MSVBVM6>; MSVBVM60.__vbaStrMove
0040F7F6 8BD0 MOV EDX,EAX ; 从第五位起,取30位数放到EDX中~设为A
0040F7F8 8D4D DC LEA ECX,DWORD PTR SS:
0040F7FB FFD7 CALL EDI
0040F7FD 53 PUSH EBX
0040F7FE FF15 48104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaStrErrVarCopy
0040F804 8BD0 MOV EDX,EAX
0040F806 8D4D E0 LEA ECX,DWORD PTR SS:
0040F809 FFD7 CALL EDI
0040F80B 8B16 MOV EDX,DWORD PTR DS:
0040F80D 8D45 C8 LEA EAX,DWORD PTR SS:
0040F810 50 PUSH EAX
0040F811 8D4D DC LEA ECX,DWORD PTR SS:
0040F814 8D45 E0 LEA EAX,DWORD PTR SS:
0040F817 51 PUSH ECX
0040F818 50 PUSH EAX
0040F819 56 PUSH ESI
0040F81A FF92 00070000 CALL DWORD PTR DS: ; Call进运算!
0040F820 85C0 TEST EAX,EAX
0040F822 7D 12 JGE SHORT 1A58.0040F836 ; 跳~
0040F824 68 00070000 PUSH 700
0040F829 68 C43B4000 PUSH 1A58.00403BC4
0040F82E 56 PUSH ESI
0040F82F 50 PUSH EAX
0040F830 FF15 74104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaHresultCheckObj
0040F836 8D5E 54 LEA EBX,DWORD PTR DS:
0040F839 8D55 C8 LEA EDX,DWORD PTR SS:
0040F83C 8BCB MOV ECX,EBX
0040F83E FF15 20104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaVarMove
0040F844 8D4D DC LEA ECX,DWORD PTR SS:
0040F847 8D55 E0 LEA EDX,DWORD PTR SS:
0040F84A 51 PUSH ECX
0040F84B 52 PUSH EDX
0040F84C 6A 02 PUSH 2
0040F84E FF15 7C114000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaFreeStrList
0040F854 83C4 0C ADD ESP,0C
0040F857 8D4D C8 LEA ECX,DWORD PTR SS:
0040F85A FF15 24104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaFreeVar
0040F860 66:8B86 82000000 MOV AX,WORD PTR DS: ; 常数600
0040F867 66:0386 80000000 ADD AX,WORD PTR DS: ; 加上常数800
0040F86E 0F80 42040000 JO 1A58.0040FCB6
0040F874 50 PUSH EAX
0040F875 FF15 10104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaStrI2
0040F87B 8BD0 MOV EDX,EAX ; 转换成10进制~
0040F87D 8D4D E4 LEA ECX,DWORD PTR SS:
0040F880 FFD7 CALL EDI
0040F882 8B55 E4 MOV EDX,DWORD PTR SS:
0040F885 8D4D DC LEA ECX,DWORD PTR SS:
0040F888 FF15 74114000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaStrCopy
0040F88E 53 PUSH EBX
0040F88F FF15 48104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaStrErrVarCopy
0040F895 8BD0 MOV EDX,EAX ; 结果放到EDX中~
0040F897 8D4D E0 LEA ECX,DWORD PTR SS:
0040F89A FFD7 CALL EDI
0040F89C 8B0E MOV ECX,DWORD PTR DS:
0040F89E 8D55 C8 LEA EDX,DWORD PTR SS:
0040F8A1 52 PUSH EDX
0040F8A2 8D45 DC LEA EAX,DWORD PTR SS:
0040F8A5 8D55 E0 LEA EDX,DWORD PTR SS:
0040F8A8 50 PUSH EAX
0040F8A9 52 PUSH EDX
0040F8AA 56 PUSH ESI
0040F8AB FF91 00070000 CALL DWORD PTR DS: ; Call进相加~
0040F8B1 85C0 TEST EAX,EAX
0040F8B3 7D 12 JGE SHORT 1A58.0040F8C7 ; 跳~
0040F8B5 68 00070000 PUSH 700
0040F8BA 68 C43B4000 PUSH 1A58.00403BC4
0040F8BF 56 PUSH ESI
0040F8C0 50 PUSH EAX
0040F8C1 FF15 74104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaHresultCheckObj
0040F8C7 8D45 C8 LEA EAX,DWORD PTR SS:
0040F8CA 50 PUSH EAX
0040F8CB FF15 28104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaStrVarMove
0040F8D1 8BD0 MOV EDX,EAX ; 真码进EDX
0040F8D3 8D4D E4 LEA ECX,DWORD PTR SS:
0040F8D6 FFD7 CALL EDI
0040F8D8 8D4D DC LEA ECX,DWORD PTR SS:
0040F8DB 8D55 E0 LEA EDX,DWORD PTR SS:
0040F8DE 51 PUSH ECX
0040F8DF 52 PUSH EDX
0040F8E0 6A 02 PUSH 2
0040F8E2 FF15 7C114000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaFreeStrList
0040F8E8 83C4 0C ADD ESP,0C
0040F8EB 8D4D C8 LEA ECX,DWORD PTR SS:
0040F8EE FF15 24104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaFreeVar
0040F8F4 8B45 E4 MOV EAX,DWORD PTR SS: ; 真码~
0040F8F7 50 PUSH EAX
0040F8F8 FF15 2C104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaLenBstr
0040F8FE 8BC8 MOV ECX,EAX
0040F900 FF15 D8104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaI2I4
0040F906 8B1D 90114000 MOV EBX,DWORD PTR DS:[<&MSVBVM6>; MSVBVM60.__vbaVarTstNe
0040F90C 66:8946 68 MOV WORD PTR DS:,AX
0040F910 B8 01000000 MOV EAX,1 ; 进入循环~EAX=1
0040F915 66:3946 68 CMP WORD PTR DS:,AX ; 与AX比较!
0040F919 0F8C 10010000 JL 1A58.0040FA2F ; 小于跳出循环~
0040F91F 8B0E MOV ECX,DWORD PTR DS:
0040F921 56 PUSH ESI
0040F922 FF91 04030000 CALL DWORD PTR DS:
0040F928 8D55 D8 LEA EDX,DWORD PTR SS:
0040F92B 50 PUSH EAX
0040F92C 52 PUSH EDX
0040F92D FF15 8C104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaObjSet
0040F933 8BF8 MOV EDI,EAX
0040F935 8D4D E0 LEA ECX,DWORD PTR SS:
0040F938 51 PUSH ECX
0040F939 57 PUSH EDI
0040F93A 8B07 MOV EAX,DWORD PTR DS:
0040F93C FF90 A0000000 CALL DWORD PTR DS:
0040F942 85C0 TEST EAX,EAX
0040F944 DBE2 FCLEX
0040F946 7D 12 JGE SHORT 1A58.0040F95A ; 跳~
0040F948 68 A0000000 PUSH 0A0
0040F94D 68 743E4000 PUSH 1A58.00403E74
0040F952 57 PUSH EDI
0040F953 50 PUSH EAX
0040F954 FF15 74104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaHresultCheckObj
0040F95A 8B45 E0 MOV EAX,DWORD PTR SS: ; 取试练码~
0040F95D 8B3D AC104000 MOV EDI,DWORD PTR DS:[<&MSVBVM6>; MSVBVM60.rtcMidCharVar
0040F963 8945 D0 MOV DWORD PTR SS:,EAX
0040F966 8D55 B8 LEA EDX,DWORD PTR SS:
0040F969 0FBF46 68 MOVSX EAX,WORD PTR DS:
0040F96D 52 PUSH EDX
0040F96E 8D4D C8 LEA ECX,DWORD PTR SS:
0040F971 50 PUSH EAX
0040F972 8D55 A8 LEA EDX,DWORD PTR SS:
0040F975 51 PUSH ECX
0040F976 52 PUSH EDX
0040F977 C745 C0 01000000 MOV DWORD PTR SS:,1
0040F97E C745 B8 02000000 MOV DWORD PTR SS:,2
0040F985 C745 E0 00000000 MOV DWORD PTR SS:,0
0040F98C C745 C8 08000000 MOV DWORD PTR SS:,8
0040F993 FFD7 CALL EDI
0040F995 0FBF56 68 MOVSX EDX,WORD PTR DS:
0040F999 8D45 E4 LEA EAX,DWORD PTR SS:
0040F99C 8D4D 98 LEA ECX,DWORD PTR SS:
0040F99F 8985 60FFFFFF MOV DWORD PTR SS:,EAX
0040F9A5 51 PUSH ECX
0040F9A6 8D85 58FFFFFF LEA EAX,DWORD PTR SS:
0040F9AC 52 PUSH EDX
0040F9AD 8D4D 88 LEA ECX,DWORD PTR SS:
0040F9B0 50 PUSH EAX
0040F9B1 51 PUSH ECX
0040F9B2 C745 A0 01000000 MOV DWORD PTR SS:,1
0040F9B9 C745 98 02000000 MOV DWORD PTR SS:,2
0040F9C0 C785 58FFFFFF 08400000 MOV DWORD PTR SS:,4008
0040F9CA FFD7 CALL EDI
0040F9CC 8D55 A8 LEA EDX,DWORD PTR SS:
0040F9CF 8D45 88 LEA EAX,DWORD PTR SS:
0040F9D2 52 PUSH EDX
0040F9D3 50 PUSH EAX
0040F9D4 FFD3 CALL EBX
0040F9D6 8D4D D8 LEA ECX,DWORD PTR SS:
0040F9D9 8BF8 MOV EDI,EAX
0040F9DB FF15 E8114000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaFreeObj
0040F9E1 8D4D 88 LEA ECX,DWORD PTR SS:
0040F9E4 8D55 A8 LEA EDX,DWORD PTR SS:
0040F9E7 51 PUSH ECX
0040F9E8 8D45 98 LEA EAX,DWORD PTR SS:
0040F9EB 52 PUSH EDX
0040F9EC 8D4D B8 LEA ECX,DWORD PTR SS:
0040F9EF 50 PUSH EAX
0040F9F0 8D55 C8 LEA EDX,DWORD PTR SS:
0040F9F3 51 PUSH ECX
0040F9F4 52 PUSH EDX
0040F9F5 6A 05 PUSH 5
0040F9F7 FF15 38104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaFreeVarList
0040F9FD 83C4 18 ADD ESP,18
0040FA00 66:85FF TEST DI,DI
0040FA03 75 11 JNZ SHORT 1A58.0040FA16 ; 跳~
0040FA05 66:8B45 E8 MOV AX,WORD PTR SS:
0040FA09 66:05 0100 ADD AX,1
0040FA0D 0F80 A3020000 JO 1A58.0040FCB6
0040FA13 8945 E8 MOV DWORD PTR SS:,EAX
0040FA16 66:8B4E 68 MOV CX,WORD PTR DS:
0040FA1A 83C8 FF OR EAX,FFFFFFFF
0040FA1D 66:03C8 ADD CX,AX
0040FA20 0F80 90020000 JO 1A58.0040FCB6
0040FA26 66:894E 68 MOV WORD PTR DS:,CX
0040FA2A^ E9 E1FEFFFF JMP 1A58.0040F910 ; 往上循环~
0040FA2F 8B55 E4 MOV EDX,DWORD PTR SS: ; 真码进EDX
0040FA32 52 PUSH EDX
0040FA33 FF15 2C104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaLenBstr
0040FA39 8BC8 MOV ECX,EAX
0040FA3B FF15 D8104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaI2I4
0040FA41 8B4D E8 MOV ECX,DWORD PTR SS:
0040FA44 66:3BC8 CMP CX,AX ; CX与AX比较!
0040FA47 0F85 21010000 JNZ 1A58.0040FB6E
0040FA4D 8B06 MOV EAX,DWORD PTR DS:
0040FA4F 56 PUSH ESI
0040FA50 FF90 08030000 CALL DWORD PTR DS:
0040FA56 8B1D 8C104000 MOV EBX,DWORD PTR DS:[<&MSVBVM6>; MSVBVM60.__vbaObjSet
0040FA5C 8D4D D8 LEA ECX,DWORD PTR SS:
0040FA5F 50 PUSH EAX
0040FA60 51 PUSH ECX
0040FA61 FFD3 CALL EBX
0040FA63 8BF8 MOV EDI,EAX
0040FA65 68 883E4000 PUSH 1A58.00403E88 ; ^ok^
0040FA6A 57 PUSH EDI
0040FA6B 8B17 MOV EDX,DWORD PTR DS:
0040FA6D FF52 54 CALL DWORD PTR DS:
0040FA70 85C0 TEST EAX,EAX
0040FA72 DBE2 FCLEX
0040FA74 7D 0F JGE SHORT 1A58.0040FA85
0040FA76 6A 54 PUSH 54
0040FA78 68 943E4000 PUSH 1A58.00403E94
0040FA7D 57 PUSH EDI
0040FA7E 50 PUSH EAX
0040FA7F FF15 74104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaHresultCheckObj
0040FA85 8B3D E8114000 MOV EDI,DWORD PTR DS:[<&MSVBVM6>; MSVBVM60.__vbaFreeObj
0040FA8B 8D4D D8 LEA ECX,DWORD PTR SS:
0040FA8E FFD7 CALL EDI
0040FA90 8B06 MOV EAX,DWORD PTR DS:
0040FA92 56 PUSH ESI
0040FA93 FF90 08030000 CALL DWORD PTR DS:
0040FA99 8D4D D8 LEA ECX,DWORD PTR SS:
0040FA9C 50 PUSH EAX
0040FA9D 51 PUSH ECX
0040FA9E FFD3 CALL EBX
0040FAA0 8BF0 MOV ESI,EAX
0040FAA2 6A 00 PUSH 0
0040FAA4 56 PUSH ESI
0040FAA5 8B16 MOV EDX,DWORD PTR DS:
0040FAA7 FF92 8C000000 CALL DWORD PTR DS:
0040FAAD 85C0 TEST EAX,EAX
0040FAAF DBE2 FCLEX
0040FAB1 7D 12 JGE SHORT 1A58.0040FAC5
0040FAB3 68 8C000000 PUSH 8C
0040FAB8 68 943E4000 PUSH 1A58.00403E94
0040FABD 56 PUSH ESI
0040FABE 50 PUSH EAX
0040FABF FF15 74104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaHresultCheckObj
0040FAC5 8D4D D8 LEA ECX,DWORD PTR SS:
0040FAC8 FFD7 CALL EDI
0040FACA A1 24E04100 MOV EAX,DWORD PTR DS:
0040FACF 85C0 TEST EAX,EAX
0040FAD1 75 10 JNZ SHORT 1A58.0040FAE3
0040FAD3 68 24E04100 PUSH 1A58.0041E024
0040FAD8 68 981E4000 PUSH 1A58.00401E98
0040FADD FF15 68114000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaNew2
0040FAE3 83EC 10 SUB ESP,10
0040FAE6 B9 0A000000 MOV ECX,0A
0040FAEB 8BDC MOV EBX,ESP
0040FAED 898D 58FFFFFF MOV DWORD PTR SS:,ECX
0040FAF3 B8 04000280 MOV EAX,80020004
0040FAF8 83EC 10 SUB ESP,10
0040FAFB 890B MOV DWORD PTR DS:,ECX
0040FAFD 8B8D 5CFFFFFF MOV ECX,DWORD PTR SS:
0040FB03 8985 60FFFFFF MOV DWORD PTR SS:,EAX
0040FB09 8B35 24E04100 MOV ESI,DWORD PTR DS:
0040FB0F 894B 04 MOV DWORD PTR DS:,ECX
0040FB12 C785 68FFFFFF 02000000 MOV DWORD PTR SS:,2
0040FB1C 8BCC MOV ECX,ESP
0040FB1E 8B3E MOV EDI,DWORD PTR DS:
0040FB20 8943 08 MOV DWORD PTR DS:,EAX
0040FB23 8B85 64FFFFFF MOV EAX,DWORD PTR SS:
0040FB29 BA 01000000 MOV EDX,1
0040FB2E 56 PUSH ESI
0040FB2F 8943 0C MOV DWORD PTR DS:,EAX
0040FB32 8B85 68FFFFFF MOV EAX,DWORD PTR SS:
0040FB38 8901 MOV DWORD PTR DS:,EAX
0040FB3A 8B85 6CFFFFFF MOV EAX,DWORD PTR SS:
0040FB40 8941 04 MOV DWORD PTR DS:,EAX
0040FB43 8951 08 MOV DWORD PTR DS:,EDX
0040FB46 8B95 74FFFFFF MOV EDX,DWORD PTR SS:
0040FB4C 8951 0C MOV DWORD PTR DS:,EDX
0040FB4F FF97 B0020000 CALL DWORD PTR DS:
0040FB55 85C0 TEST EAX,EAX
0040FB57 DBE2 FCLEX
0040FB59 0F8D DD000000 JGE 1A58.0040FC3C
0040FB5F 68 B0020000 PUSH 2B0
0040FB64 68 A43E4000 PUSH 1A58.00403EA4
0040FB69 E9 C6000000 JMP 1A58.0040FC34
0040FB6E 66:83F9 0F CMP CX,0F
0040FB72 0F8D C4000000 JGE 1A58.0040FC3C
0040FB78 8B06 MOV EAX,DWORD PTR DS:
0040FB7A 56 PUSH ESI
0040FB7B FF90 B4020000 CALL DWORD PTR DS:
0040FB81 85C0 TEST EAX,EAX
0040FB83 DBE2 FCLEX
0040FB85 7D 12 JGE SHORT 1A58.0040FB99
0040FB87 68 B4020000 PUSH 2B4
0040FB8C 68 943B4000 PUSH 1A58.00403B94
0040FB91 56 PUSH ESI
0040FB92 50 PUSH EAX
0040FB93 FF15 74104000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaHresultCheckObj
0040FB99 A1 38E04100 MOV EAX,DWORD PTR DS:
0040FB9E 85C0 TEST EAX,EAX
0040FBA0 75 10 JNZ SHORT 1A58.0040FBB2
0040FBA2 68 38E04100 PUSH 1A58.0041E038
0040FBA7 68 C01C4000 PUSH 1A58.00401CC0
0040FBAC FF15 68114000 CALL DWORD PTR DS:[<&MSVBVM60._>; MSVBVM60.__vbaNew2
0040FBB2 83EC 10 SUB ESP,10
0040FBB5 B9 0A000000 MOV ECX,0A
0040FBBA 8BDC MOV EBX,ESP
0040FBBC 898D 58FFFFFF MOV DWORD PTR SS:,ECX
0040FBC2 B8 04000280 MOV EAX,80020004
0040FBC7 83EC 10 SUB ESP,10
0040FBCA 890B MOV DWORD PTR DS:,ECX
0040FBCC 8B8D 5CFFFFFF MOV ECX,DWORD PTR SS:
0040FBD2 8985 60FFFFFF MOV DWORD PTR SS:,EAX
0040FBD8 8B35 38E04100 MOV ESI,DWORD PTR DS:
0040FBDE 894B 04 MOV DWORD PTR DS:,ECX
0040FBE1 C785 68FFFFFF 02000000 MOV DWORD PTR SS:,2
0040FBEB 8BCC MOV ECX,ESP
0040FBED 8B3E MOV EDI,DWORD PTR DS:
0040FBEF 8943 08 MOV DWORD PTR DS:,EAX
0040FBF2 8B85 64FFFFFF MOV EAX,DWORD PTR SS:
0040FBF8 BA 01000000 MOV EDX,1
0040FBFD 56 PUSH ESI
0040FBFE 8943 0C MOV DWORD PTR DS:,EAX
0040FC01 8B85 68FFFFFF MOV EAX,DWORD PTR SS:
0040FC07 8901 MOV DWORD PTR DS:,EAX
0040FC09 8B85 6CFFFFFF MOV EAX,DWORD PTR SS:
0040FC0F 8941 04 MOV DWORD PTR DS:,EAX
0040FC12 8951 08 MOV DWORD PTR DS:,EDX
0040FC15 8B95 74FFFFFF MOV EDX,DWORD PTR SS:
0040FC1B 8951 0C MOV DWORD PTR DS:,EDX
0040FC1E FF97 B0020000 CALL DWORD PTR DS: ; OVER!
+++++下断代码为加法运算,分析得不好,呵呵++++++++++
00410570 55 PUSH EBP
00410571 8BEC MOV EBP,ESP
00410573 83EC 0C SUB ESP,0C
00410576 68 76174000 PUSH <JMP.&MSVBVM60.__vbaExceptH>
0041057B 64:A1 00000000MOV EAX,DWORD PTR FS:
00410581 50 PUSH EAX
00410582 64:8925 0000000>MOV DWORD PTR FS:,ESP
00410589 81EC 38010000 SUB ESP,138
0041058F 53 PUSH EBX
00410590 56 PUSH ESI
00410591 57 PUSH EDI
00410592 8965 F4 MOV DWORD PTR SS:,ESP
00410595 C745 F8 4012400>MOV DWORD PTR SS:,1A58.00>
0041059C 33F6 XOR ESI,ESI
0041059E 8975 FC MOV DWORD PTR SS:,ESI
004105A1 8B45 08 MOV EAX,DWORD PTR SS:
004105A4 50 PUSH EAX
004105A5 8B08 MOV ECX,DWORD PTR DS:
004105A7 FF51 04 CALL DWORD PTR DS:
004105AA 8B55 14 MOV EDX,DWORD PTR SS:
004105AD 8B7D 0C MOV EDI,DWORD PTR SS:
004105B0 8975 DC MOV DWORD PTR SS:,ESI
004105B3 8975 CC MOV DWORD PTR SS:,ESI
004105B6 8932 MOV DWORD PTR DS:,ESI
004105B8 8B07 MOV EAX,DWORD PTR DS: ; 机器码~从第四位起取30位,设为A
004105BA 8975 BC MOV DWORD PTR SS:,ESI
004105BD 8975 AC MOV DWORD PTR SS:,ESI
004105C0 8975 A8 MOV DWORD PTR SS:,ESI
004105C3 8975 98 MOV DWORD PTR SS:,ESI
004105C6 8975 88 MOV DWORD PTR SS:,ESI
004105C9 89B5 78FFFFFF MOV DWORD PTR SS:,ESI
004105CF 89B5 68FFFFFF MOV DWORD PTR SS:,ESI
004105D5 89B5 64FFFFFF MOV DWORD PTR SS:,ESI
004105DB 89B5 60FFFFFF MOV DWORD PTR SS:,ESI
004105E1 89B5 50FFFFFF MOV DWORD PTR SS:,ESI
004105E7 89B5 40FFFFFF MOV DWORD PTR SS:,ESI
004105ED 89B5 30FFFFFF MOV DWORD PTR SS:,ESI
004105F3 89B5 20FFFFFF MOV DWORD PTR SS:,ESI
004105F9 89B5 10FFFFFF MOV DWORD PTR SS:,ESI
004105FF 89B5 00FFFFFF MOV DWORD PTR SS:,ESI
00410605 89B5 E0FEFFFF MOV DWORD PTR SS:,ESI
0041060B 89B5 D0FEFFFF MOV DWORD PTR SS:,ESI
00410611 89B5 C0FEFFFF MOV DWORD PTR SS:,ESI
00410617 8B35 2C104000 MOV ESI,DWORD PTR DS:[<&MSVBVM60>; MSVBVM60.__vbaLenBstr
0041061D 50 PUSH EAX
0041061E FFD6 CALL ESI
00410620 8B1D 20104000 MOV EBX,DWORD PTR DS:[<&MSVBVM60>; MSVBVM60.__vbaVarMove
00410626 8D95 10FFFFFF LEA EDX,DWORD PTR SS: ; 取它的位数~
0041062C 8D4D CC LEA ECX,DWORD PTR SS:
0041062F 8985 18FFFFFF MOV DWORD PTR SS:,EAX
00410635 C785 10FFFFFF 0>MOV DWORD PTR SS:,3
0041063F FFD3 CALL EBX
00410641 8B4D 10 MOV ECX,DWORD PTR SS:
00410644 8B11 MOV EDX,DWORD PTR DS: ; 第一次为机器码后面的30位进EDX,设为B。
00410646 52 PUSH EDX ; 第二次的话就为常数"1400"
00410647 FFD6 CALL ESI
00410649 8D95 10FFFFFF LEA EDX,DWORD PTR SS:
0041064F 8D4D AC LEA ECX,DWORD PTR SS:
00410652 8985 18FFFFFF MOV DWORD PTR SS:,EAX
00410658 C785 10FFFFFF 0>MOV DWORD PTR SS:,3
00410662 FFD3 CALL EBX
00410664 8D45 CC LEA EAX,DWORD PTR SS:
00410667 8D4D AC LEA ECX,DWORD PTR SS:
0041066A 50 PUSH EAX
0041066B 51 PUSH ECX
0041066C FF15 08104000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaVarTstGt
00410672 66:85C0 TEST AX,AX
00410675 0F84 8C000000 JE 1A58.00410707 ; 跳~
0041067B 8D55 CC LEA EDX,DWORD PTR SS:
0041067E 8D4D BC LEA ECX,DWORD PTR SS:
00410681 FF15 B0114000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaVarCopy
00410687 8D55 CC LEA EDX,DWORD PTR SS:
0041068A 8D45 AC LEA EAX,DWORD PTR SS:
0041068D 52 PUSH EDX
0041068E 8D8D 50FFFFFF LEA ECX,DWORD PTR SS:
00410694 50 PUSH EAX
00410695 51 PUSH ECX
00410696 FF15 04104000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaVarSub
0041069C 50 PUSH EAX
0041069D FF15 94114000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaI4Var
004106A3 8D95 40FFFFFF LEA EDX,DWORD PTR SS:
004106A9 50 PUSH EAX
004106AA 52 PUSH EDX
004106AB FF15 BC104000 CALL DWORD PTR DS:[<&MSVBVM60.rt>; MSVBVM60.rtcSpaceVar
004106B1 8B7D 10 MOV EDI,DWORD PTR SS:
004106B4 8B35 A0114000 MOV ESI,DWORD PTR DS:[<&MSVBVM60>; MSVBVM60.__vbaVarAdd
004106BA 8D8D 40FFFFFF LEA ECX,DWORD PTR SS:
004106C0 8D95 10FFFFFF LEA EDX,DWORD PTR SS:
004106C6 8B07 MOV EAX,DWORD PTR DS:
004106C8 51 PUSH ECX
004106C9 8985 18FFFFFF MOV DWORD PTR SS:,EAX
004106CF 8D85 30FFFFFF LEA EAX,DWORD PTR SS:
004106D5 52 PUSH EDX
004106D6 50 PUSH EAX
004106D7 C785 10FFFFFF 0>MOV DWORD PTR SS:,8
004106E1 FFD6 CALL ESI
004106E3 50 PUSH EAX
004106E4 FF15 28104000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaStrVarMove
004106EA 8BD0 MOV EDX,EAX
004106EC 8BCF MOV ECX,EDI
004106EE FF15 C4114000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaStrMove
004106F4 8D8D 30FFFFFF LEA ECX,DWORD PTR SS:
004106FA 8D95 40FFFFFF LEA EDX,DWORD PTR SS:
00410700 51 PUSH ECX
00410701 52 PUSH EDX
00410702 E9 84000000 JMP 1A58.0041078B
00410707 8D55 AC LEA EDX,DWORD PTR SS: ; 跳来这~
0041070A 8D4D BC LEA ECX,DWORD PTR SS:
0041070D FF15 B0114000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaVarCopy
00410713 8D45 AC LEA EAX,DWORD PTR SS:
00410716 8D4D CC LEA ECX,DWORD PTR SS:
00410719 50 PUSH EAX
0041071A 8D95 50FFFFFF LEA EDX,DWORD PTR SS:
00410720 51 PUSH ECX
00410721 52 PUSH EDX
00410722 FF15 04104000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaVarSub
00410728 50 PUSH EAX
00410729 FF15 94114000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaI4Var
0041072F 50 PUSH EAX
00410730 8D85 40FFFFFF LEA EAX,DWORD PTR SS:
00410736 50 PUSH EAX
00410737 FF15 BC104000 CALL DWORD PTR DS:[<&MSVBVM60.rt>; MSVBVM60.rtcSpaceVar
0041073D 8B0F MOV ECX,DWORD PTR DS: ; A进ECX
0041073F 8B35 A0114000 MOV ESI,DWORD PTR DS:[<&MSVBVM60>; MSVBVM60.__vbaVarAdd
00410745 8D95 40FFFFFF LEA EDX,DWORD PTR SS:
0041074B 898D 18FFFFFF MOV DWORD PTR SS:,ECX ; 放到位置
00410751 8D85 10FFFFFF LEA EAX,DWORD PTR SS:
00410757 52 PUSH EDX
00410758 8D8D 30FFFFFF LEA ECX,DWORD PTR SS:
0041075E 50 PUSH EAX
0041075F 51 PUSH ECX
00410760 C785 10FFFFFF 0>MOV DWORD PTR SS:,8
0041076A FFD6 CALL ESI
0041076C 50 PUSH EAX
0041076D FF15 28104000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaStrVarMove
00410773 8BD0 MOV EDX,EAX ; 放到EDX中~
00410775 8BCF MOV ECX,EDI
00410777 FF15 C4114000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaStrMove
0041077D 8D95 30FFFFFF LEA EDX,DWORD PTR SS:
00410783 8D85 40FFFFFF LEA EAX,DWORD PTR SS:
00410789 52 PUSH EDX
0041078A 50 PUSH EAX
0041078B 8B3D 38104000 MOV EDI,DWORD PTR DS:[<&MSVBVM60>; MSVBVM60.__vbaFreeVarList
00410791 6A 02 PUSH 2
00410793 FFD7 CALL EDI
00410795 83C4 0C ADD ESP,0C
00410798 8D95 10FFFFFF LEA EDX,DWORD PTR SS:
0041079E 8D4D 98 LEA ECX,DWORD PTR SS:
004107A1 C785 18FFFFFF 0>MOV DWORD PTR SS:,0
004107AB C785 10FFFFFF 0>MOV DWORD PTR SS:,2
004107B5 FFD3 CALL EBX
004107B7 B9 01000000 MOV ECX,1
004107BC B8 02000000 MOV EAX,2
004107C1 898D 18FFFFFF MOV DWORD PTR SS:,ECX
004107C7 898D 08FFFFFF MOV DWORD PTR SS:,ECX
004107CD 8D8D 10FFFFFF LEA ECX,DWORD PTR SS:
004107D3 8985 10FFFFFF MOV DWORD PTR SS:,EAX
004107D9 8985 00FFFFFF MOV DWORD PTR SS:,EAX
004107DF 8D55 BC LEA EDX,DWORD PTR SS:
004107E2 51 PUSH ECX
004107E3 8D85 00FFFFFF LEA EAX,DWORD PTR SS:
004107E9 52 PUSH EDX
004107EA 8D8D C0FEFFFF LEA ECX,DWORD PTR SS:
004107F0 50 PUSH EAX
004107F1 8D95 D0FEFFFF LEA EDX,DWORD PTR SS:
004107F7 51 PUSH ECX
004107F8 8D45 DC LEA EAX,DWORD PTR SS:
004107FB 52 PUSH EDX
004107FC 50 PUSH EAX
004107FD FF15 84104000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaVarForInit
00410803 85C0 TEST EAX,EAX ; EAX=0测跳走~加法循环开始~
00410805 0F84 FB020000 JE 1A58.00410B06 ; 大跳~跳出循环~
0041080B B9 01000000 MOV ECX,1 ; ECX=1
00410810 B8 02000000 MOV EAX,2 ; EAX=2
00410815 898D 38FFFFFF MOV DWORD PTR SS:,ECX
0041081B 898D 18FFFFFF MOV DWORD PTR SS:,ECX
00410821 8B4D 0C MOV ECX,DWORD PTR SS:
00410824 8985 30FFFFFF MOV DWORD PTR SS:,EAX
0041082A 8985 10FFFFFF MOV DWORD PTR SS:,EAX
00410830 8D95 30FFFFFF LEA EDX,DWORD PTR SS:
00410836 898D 08FFFFFF MOV DWORD PTR SS:,ECX
0041083C 8D45 BC LEA EAX,DWORD PTR SS:
0041083F 52 PUSH EDX
00410840 8D4D DC LEA ECX,DWORD PTR SS:
00410843 50 PUSH EAX
00410844 8D95 50FFFFFF LEA EDX,DWORD PTR SS:
0041084A 51 PUSH ECX
0041084B 52 PUSH EDX
0041084C C785 00FFFFFF 0>MOV DWORD PTR SS:,4008
00410856 FF15 04104000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaVarSub
0041085C 50 PUSH EAX
0041085D 8D85 10FFFFFF LEA EAX,DWORD PTR SS:
00410863 8D8D 40FFFFFF LEA ECX,DWORD PTR SS:
00410869 50 PUSH EAX
0041086A 51 PUSH ECX
0041086B FFD6 CALL ESI
0041086D 50 PUSH EAX
0041086E FF15 94114000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaI4Var
00410874 50 PUSH EAX ; A位数~
00410875 8D95 00FFFFFF LEA EDX,DWORD PTR SS:
0041087B 8D85 20FFFFFF LEA EAX,DWORD PTR SS:
00410881 52 PUSH EDX
00410882 50 PUSH EAX
00410883 FF15 AC104000 CALL DWORD PTR DS:[<&MSVBVM60.rt>; MSVBVM60.rtcMidCharVar
00410889 8D8D 20FFFFFF LEA ECX,DWORD PTR SS:
0041088F 8D95 60FFFFFF LEA EDX,DWORD PTR SS:
00410895 51 PUSH ECX
00410896 52 PUSH EDX
00410897 FF15 4C114000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaStrVarVal
0041089D 50 PUSH EAX
0041089E FF15 EC114000 CALL DWORD PTR DS:[<&MSVBVM60.rt>; MSVBVM60.rtcR8ValFromBstr
004108A4 DD9D E8FEFFFF FSTP QWORD PTR SS: ; A与B从尾部加起~
004108AA 8D95 E0FEFFFF LEA EDX,DWORD PTR SS:
004108B0 8D4D 88 LEA ECX,DWORD PTR SS:
004108B3 C785 E0FEFFFF 0>MOV DWORD PTR SS:,5
004108BD FFD3 CALL EBX
004108BF 8D8D 60FFFFFF LEA ECX,DWORD PTR SS:
004108C5 FF15 E4114000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaFreeStr
004108CB 8D85 20FFFFFF LEA EAX,DWORD PTR SS:
004108D1 8D8D 30FFFFFF LEA ECX,DWORD PTR SS:
004108D7 50 PUSH EAX
004108D8 8D95 40FFFFFF LEA EDX,DWORD PTR SS:
004108DE 51 PUSH ECX
004108DF 52 PUSH EDX
004108E0 6A 03 PUSH 3
004108E2 FFD7 CALL EDI
004108E4 B8 02000000 MOV EAX,2 ; EAX=2
004108E9 B9 01000000 MOV ECX,1 ; ECX=1
004108EE 8985 30FFFFFF MOV DWORD PTR SS:,EAX
004108F4 8985 10FFFFFF MOV DWORD PTR SS:,EAX
004108FA 8B45 10 MOV EAX,DWORD PTR SS:
004108FD 83C4 10 ADD ESP,10
00410900 898D 38FFFFFF MOV DWORD PTR SS:,ECX
00410906 898D 18FFFFFF MOV DWORD PTR SS:,ECX
0041090C 8D8D 30FFFFFF LEA ECX,DWORD PTR SS:
00410912 8985 08FFFFFF MOV DWORD PTR SS:,EAX
00410918 8D55 BC LEA EDX,DWORD PTR SS:
0041091B 51 PUSH ECX
0041091C 8D45 DC LEA EAX,DWORD PTR SS:
0041091F 52 PUSH EDX
00410920 8D8D 50FFFFFF LEA ECX,DWORD PTR SS:
00410926 50 PUSH EAX
00410927 51 PUSH ECX
00410928 C785 00FFFFFF 0>MOV DWORD PTR SS:,4008
00410932 FF15 04104000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaVarSub
00410938 50 PUSH EAX
00410939 8D95 10FFFFFF LEA EDX,DWORD PTR SS:
0041093F 8D85 40FFFFFF LEA EAX,DWORD PTR SS:
00410945 52 PUSH EDX
00410946 50 PUSH EAX
00410947 FFD6 CALL ESI
00410949 50 PUSH EAX
0041094A FF15 94114000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaI4Var
00410950 8D8D 00FFFFFF LEA ECX,DWORD PTR SS:
00410956 50 PUSH EAX
00410957 8D95 20FFFFFF LEA EDX,DWORD PTR SS:
0041095D 51 PUSH ECX
0041095E 52 PUSH EDX
0041095F FF15 AC104000 CALL DWORD PTR DS:[<&MSVBVM60.rt>; MSVBVM60.rtcMidCharVar
00410965 8D85 20FFFFFF LEA EAX,DWORD PTR SS:
0041096B 8D8D 60FFFFFF LEA ECX,DWORD PTR SS:
00410971 50 PUSH EAX
00410972 51 PUSH ECX
00410973 FF15 4C114000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaStrVarVal
00410979 50 PUSH EAX
0041097A FF15 EC114000 CALL DWORD PTR DS:[<&MSVBVM60.rt>; MSVBVM60.rtcR8ValFromBstr
00410980 DD9D E8FEFFFF FSTP QWORD PTR SS:
00410986 8D95 E0FEFFFF LEA EDX,DWORD PTR SS:
0041098C 8D8D 68FFFFFF LEA ECX,DWORD PTR SS:
00410992 C785 E0FEFFFF 0>MOV DWORD PTR SS:,5
0041099C FFD3 CALL EBX
0041099E 8D8D 60FFFFFF LEA ECX,DWORD PTR SS:
004109A4 FF15 E4114000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaFreeStr
004109AA 8D95 20FFFFFF LEA EDX,DWORD PTR SS:
004109B0 8D85 30FFFFFF LEA EAX,DWORD PTR SS:
004109B6 52 PUSH EDX
004109B7 8D8D 40FFFFFF LEA ECX,DWORD PTR SS:
004109BD 50 PUSH EAX
004109BE 51 PUSH ECX
004109BF 6A 03 PUSH 3
004109C1 FFD7 CALL EDI
004109C3 83C4 10 ADD ESP,10
004109C6 8D55 88 LEA EDX,DWORD PTR SS:
004109C9 8D85 68FFFFFF LEA EAX,DWORD PTR SS:
004109CF 8D8D 50FFFFFF LEA ECX,DWORD PTR SS:
004109D5 52 PUSH EDX
004109D6 50 PUSH EAX
004109D7 51 PUSH ECX
004109D8 FFD6 CALL ESI
004109DA 50 PUSH EAX
004109DB 8D55 98 LEA EDX,DWORD PTR SS:
004109DE 8D85 40FFFFFF LEA EAX,DWORD PTR SS:
004109E4 52 PUSH EDX
004109E5 50 PUSH EAX
004109E6 FFD6 CALL ESI
004109E8 50 PUSH EAX
004109E9 FF15 58114000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaI2Var
004109EF 8D8D 40FFFFFF LEA ECX,DWORD PTR SS:
004109F5 8D95 50FFFFFF LEA EDX,DWORD PTR SS:
004109FB 51 PUSH ECX
004109FC 52 PUSH EDX
004109FD 6A 02 PUSH 2
004109FF 8985 64FFFFFF MOV DWORD PTR SS:,EAX
00410A05 FFD7 CALL EDI
00410A07 8B85 64FFFFFF MOV EAX,DWORD PTR SS:
00410A0D 83C4 0C ADD ESP,0C
00410A10 66:3D 0900 CMP AX,9
00410A14 7E 1C JLE SHORT 1A58.00410A32
00410A16 66:2D 0A00 SUB AX,0A
00410A1A C785 18FFFFFF 0>MOV DWORD PTR SS:,1
00410A24 0F80 86020000 JO 1A58.00410CB0
00410A2A 8985 64FFFFFF MOV DWORD PTR SS:,EAX
00410A30 EB 0A JMP SHORT 1A58.00410A3C
00410A32 C785 18FFFFFF 0>MOV DWORD PTR SS:,0
00410A3C 8D95 10FFFFFF LEA EDX,DWORD PTR SS:
00410A42 8D4D 98 LEA ECX,DWORD PTR SS:
00410A45 C785 10FFFFFF 0>MOV DWORD PTR SS:,2
00410A4F FFD3 CALL EBX
00410A51 8D8D 10FFFFFF LEA ECX,DWORD PTR SS:
00410A57 8D95 50FFFFFF LEA EDX,DWORD PTR SS:
00410A5D 8D85 64FFFFFF LEA EAX,DWORD PTR SS:
00410A63 51 PUSH ECX
00410A64 52 PUSH EDX
00410A65 8985 18FFFFFF MOV DWORD PTR SS:,EAX
00410A6B C785 10FFFFFF 0>MOV DWORD PTR SS:,4002
00410A75 FF15 A8114000 CALL DWORD PTR DS:[<&MSVBVM60.rt>; MSVBVM60.rtcVarStrFromVar
00410A7B 8D85 50FFFFFF LEA EAX,DWORD PTR SS:
00410A81 6A 01 PUSH 1
00410A83 8D8D 40FFFFFF LEA ECX,DWORD PTR SS:
00410A89 50 PUSH EAX
00410A8A 51 PUSH ECX
00410A8B FF15 C8114000 CALL DWORD PTR DS:[<&MSVBVM60.rt>; MSVBVM60.rtcRightCharVar
00410A91 8B55 A8 MOV EDX,DWORD PTR SS: ; 所加和放到EDX中~
00410A94 8D85 40FFFFFF LEA EAX,DWORD PTR SS:
00410A9A 8995 08FFFFFF MOV DWORD PTR SS:,EDX
00410AA0 8D8D 00FFFFFF LEA ECX,DWORD PTR SS:
00410AA6 50 PUSH EAX
00410AA7 8D95 30FFFFFF LEA EDX,DWORD PTR SS:
00410AAD 51 PUSH ECX
00410AAE 52 PUSH EDX
00410AAF C785 00FFFFFF 0>MOV DWORD PTR SS:,8
00410AB9 FFD6 CALL ESI
00410ABB 50 PUSH EAX
00410ABC FF15 28104000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaStrVarMove
00410AC2 8BD0 MOV EDX,EAX ; 结果累加放到EDX中~
00410AC4 8D4D A8 LEA ECX,DWORD PTR SS:
00410AC7 FF15 C4114000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaStrMove
00410ACD 8D85 30FFFFFF LEA EAX,DWORD PTR SS:
00410AD3 8D8D 40FFFFFF LEA ECX,DWORD PTR SS:
00410AD9 50 PUSH EAX
00410ADA 8D95 50FFFFFF LEA EDX,DWORD PTR SS:
00410AE0 51 PUSH ECX
00410AE1 52 PUSH EDX
00410AE2 6A 03 PUSH 3
00410AE4 FFD7 CALL EDI
00410AE6 83C4 10 ADD ESP,10
00410AE9 8D85 C0FEFFFF LEA EAX,DWORD PTR SS:
00410AEF 8D8D D0FEFFFF LEA ECX,DWORD PTR SS:
00410AF5 8D55 DC LEA EDX,DWORD PTR SS:
00410AF8 50 PUSH EAX
00410AF9 51 PUSH ECX
00410AFA 52 PUSH EDX
00410AFB FF15 DC114000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaVarForNext
00410B01^ E9 FDFCFFFF JMP 1A58.00410803 ; 循环~
00410B06 8D45 98 LEA EAX,DWORD PTR SS:
00410B09 8D8D 10FFFFFF LEA ECX,DWORD PTR SS:
00410B0F 50 PUSH EAX
00410B10 51 PUSH ECX
00410B11 C785 18FFFFFF 0>MOV DWORD PTR SS:,0
00410B1B C785 10FFFFFF 0>MOV DWORD PTR SS:,8002
00410B25 FF15 90114000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaVarTstNe
00410B2B 66:85C0 TEST AX,AX
00410B2E 74 7F JE SHORT 1A58.00410BAF ; 跳~
00410B30 8D55 98 LEA EDX,DWORD PTR SS:
00410B33 8D85 50FFFFFF LEA EAX,DWORD PTR SS:
00410B39 52 PUSH EDX
00410B3A 50 PUSH EAX
00410B3B FF15 A8114000 CALL DWORD PTR DS:[<&MSVBVM60.rt>; MSVBVM60.rtcVarStrFromVar
00410B41 8D8D 50FFFFFF LEA ECX,DWORD PTR SS:
00410B47 6A 01 PUSH 1
00410B49 8D95 40FFFFFF LEA EDX,DWORD PTR SS:
00410B4F 51 PUSH ECX
00410B50 52 PUSH EDX
00410B51 FF15 C8114000 CALL DWORD PTR DS:[<&MSVBVM60.rt>; MSVBVM60.rtcRightCharVar
00410B57 8B45 A8 MOV EAX,DWORD PTR SS:
00410B5A 8D8D 40FFFFFF LEA ECX,DWORD PTR SS:
00410B60 8985 18FFFFFF MOV DWORD PTR SS:,EAX
00410B66 8D95 10FFFFFF LEA EDX,DWORD PTR SS:
00410B6C 51 PUSH ECX
00410B6D 8D85 30FFFFFF LEA EAX,DWORD PTR SS:
00410B73 52 PUSH EDX
00410B74 50 PUSH EAX
00410B75 C785 10FFFFFF 0>MOV DWORD PTR SS:,8
00410B7F FFD6 CALL ESI
00410B81 50 PUSH EAX
00410B82 FF15 28104000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaStrVarMove
00410B88 8BD0 MOV EDX,EAX
00410B8A 8D4D A8 LEA ECX,DWORD PTR SS:
00410B8D FF15 C4114000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaStrMove
00410B93 8D8D 30FFFFFF LEA ECX,DWORD PTR SS:
00410B99 8D95 40FFFFFF LEA EDX,DWORD PTR SS:
00410B9F 51 PUSH ECX
00410BA0 8D85 50FFFFFF LEA EAX,DWORD PTR SS:
00410BA6 52 PUSH EDX
00410BA7 50 PUSH EAX
00410BA8 6A 03 PUSH 3
00410BAA FFD7 CALL EDI
00410BAC 83C4 10 ADD ESP,10
00410BAF 8B4D A8 MOV ECX,DWORD PTR SS: ; 跳来这~相加结果放到ECX
00410BB2 8D95 10FFFFFF LEA EDX,DWORD PTR SS:
00410BB8 898D 18FFFFFF MOV DWORD PTR SS:,ECX
00410BBE 8D8D 78FFFFFF LEA ECX,DWORD PTR SS:
00410BC4 C785 10FFFFFF 0>MOV DWORD PTR SS:,8
00410BCE FF15 B0114000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaVarCopy
00410BD4 9B WAIT
00410BD5 68 710C4100 PUSH 1A58.00410C71
00410BDA EB 46 JMP SHORT 1A58.00410C22 ; 跳~
00410BDC F645 FC 04 TEST BYTE PTR SS:,4
00410BE0 74 0C JE SHORT 1A58.00410BEE
00410BE2 8D8D 78FFFFFF LEA ECX,DWORD PTR SS:
00410BE8 FF15 24104000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaFreeVar
00410BEE 8D8D 60FFFFFF LEA ECX,DWORD PTR SS:
00410BF4 FF15 E4114000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaFreeStr
00410BFA 8D95 20FFFFFF LEA EDX,DWORD PTR SS:
00410C00 8D85 30FFFFFF LEA EAX,DWORD PTR SS:
00410C06 52 PUSH EDX
00410C07 8D8D 40FFFFFF LEA ECX,DWORD PTR SS:
00410C0D 50 PUSH EAX
00410C0E 8D95 50FFFFFF LEA EDX,DWORD PTR SS:
00410C14 51 PUSH ECX
00410C15 52 PUSH EDX
00410C16 6A 04 PUSH 4
00410C18 FF15 38104000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaFreeVarList
00410C1E 83C4 14 ADD ESP,14
00410C21 C3 RETN
00410C22 8D85 C0FEFFFF LEA EAX,DWORD PTR SS: ; 跳来这~
00410C28 8D8D D0FEFFFF LEA ECX,DWORD PTR SS:
00410C2E 50 PUSH EAX
00410C2F 51 PUSH ECX
00410C30 6A 02 PUSH 2
00410C32 FF15 38104000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaFreeVarList
00410C38 8B35 24104000 MOV ESI,DWORD PTR DS:[<&MSVBVM60>; MSVBVM60.__vbaFreeVar
00410C3E 83C4 0C ADD ESP,0C
00410C41 8D4D DC LEA ECX,DWORD PTR SS:
00410C44 FFD6 CALL ESI
00410C46 8D4D CC LEA ECX,DWORD PTR SS:
00410C49 FFD6 CALL ESI
00410C4B 8D4D BC LEA ECX,DWORD PTR SS:
00410C4E FFD6 CALL ESI
00410C50 8D4D AC LEA ECX,DWORD PTR SS:
00410C53 FFD6 CALL ESI
00410C55 8D4D A8 LEA ECX,DWORD PTR SS:
00410C58 FF15 E4114000 CALL DWORD PTR DS:[<&MSVBVM60.__>; MSVBVM60.__vbaFreeStr
00410C5E 8D4D 98 LEA ECX,DWORD PTR SS:
00410C61 FFD6 CALL ESI
00410C63 8D4D 88 LEA ECX,DWORD PTR SS:
00410C66 FFD6 CALL ESI
00410C68 8D8D 68FFFFFF LEA ECX,DWORD PTR SS:
00410C6E FFD6 CALL ESI
00410C70 C3 RETN
00410C71 8B45 08 MOV EAX,DWORD PTR SS:
00410C74 50 PUSH EAX
00410C75 8B10 MOV EDX,DWORD PTR DS:
00410C77 FF52 08 CALL DWORD PTR DS:
00410C7A 8B45 14 MOV EAX,DWORD PTR SS:
00410C7D 8B8D 78FFFFFF MOV ECX,DWORD PTR SS:
00410C83 8B95 7CFFFFFF MOV EDX,DWORD PTR SS:
00410C89 8908 MOV DWORD PTR DS:,ECX
00410C8B 8B4D 80 MOV ECX,DWORD PTR SS: ; 结果放到ECX中~
00410C8E 8950 04 MOV DWORD PTR DS:,EDX
00410C91 8B55 84 MOV EDX,DWORD PTR SS:
00410C94 8948 08 MOV DWORD PTR DS:,ECX
00410C97 8950 0C MOV DWORD PTR DS:,EDX
00410C9A 8B45 FC MOV EAX,DWORD PTR SS:
00410C9D 8B4D EC MOV ECX,DWORD PTR SS:
00410CA0 5F POP EDI
00410CA1 5E POP ESI
00410CA2 64:890D 0000000>MOV DWORD PTR FS:,ECX
00410CA9 5B POP EBX
00410CAA 8BE5 MOV ESP,EBP
00410CAC 5D POP EBP
00410CAD C2 1000 RETN 10 ; 返回~
+++++++++++++++++++++++++++++++
易语言算法注册机:
.版本 2
.程序集 窗口程序集1
.子程序 __启动窗口_创建完毕
标题 = “KeyGen FoR PiaoYun's CrackMe 003”
.子程序 _按钮1_被单击
.局部变量 A, 文本型
.局部变量 b, 文本型
.局部变量 x, 整数型
A = 取文本中间 (编辑框1.内容, 5, 30)
b = 取文本中间 (编辑框1.内容, 35, 30)
x = 600 + 800
编辑框2.内容 = 到文本 (到数值 (A) + 到数值 (b) + x)
[ 本帖最后由 野猫III 于 2006-7-7 15:52 编辑 ]
页:
[1]