最近弄一个软件,VB的,求助VB函数的解释
最近弄一个软件,VB的,明码比较求助里面的msvbvm60.__vbaVarIndexLoadRef 和 msvbvm60.__vbaVarIndexLoad两个函数的解释。
软件先把 一个固定字符串和机器码及固定字符串连接,然后算出32位MD5值。再通过运算得出一个32位的数字。取数字前8位为注册码。
如MD5值:158bf6da6e6abf470656486d398bcf2f 算出为 24511602536023448531953420525694。
我已经弄出了内存注册机,现在学着分析算法,分析了一部分,被难住了,在下初学,请各位指点:
EDX中为MD5值,压入堆栈后调用 00430540,下面是我截取的关键部分。
00422E93 .E8 A8D60000 call 软件.00430540 ;得出注册码的最后算法,注册码返回在EAX中
00431DC7 .BE 01000000 mov esi,1 ;SI作为计数器,从1到32
00431DCC >66:3BB5 9CF8F>cmp si,word ptr ss: ;比较 SI 是否为32
00431DD3 .0F8F E7010000 jg 软件.00431FC0 ;比较 SI 是否为32,是就跳
00431DD9 .0FBFC6 movsx eax,si ;当前计数送 EAX
00431DDC .8D55 B0 lea edx,dword ptr ss:
00431DDF .8D4D A0 lea ecx,dword ptr ss:
00431DE2 .52 push edx ; /Length8 为0
00431DE3 .50 push eax ; |Start 为SI的数值
00431DE4 .8D85 D4FEFFFF lea eax,dword ptr ss: ; | 值:00004002是什么意思?
00431DEA .C745 B8 01000>mov dword ptr ss:,1 ; |
00431DF1 .50 push eax ; |dString8
00431DF2 .51 push ecx ; |RetBUFFER 值:0
00431DF3 .895D B0 mov dword ptr ss:,ebx ; |
00431DF6 .89BD DCFEFFFF mov dword ptr ss:,edi ; |
00431DFC .C785 D4FEFFFF>mov dword ptr ss:,4008 ; |
00431E06 .FF15 E8104000 call dword ptr ds:[<&MSVBVM60.#632>] ; \rtcMidCharVar
00431E0C .8D55 A0 lea edx,dword ptr ss:
00431E0F .52 push edx
00431E10 .FF15 28104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVa>;msvbvm60.__vbaStrVarMove
00431E16 .8BD0 mov edx,eax
00431E18 .8D4D C0 lea ecx,dword ptr ss:
00431E1B .FF15 70124000 call dword ptr ds:[<&MSVBVM60.__vbaStrMo>;msvbvm60.__vbaStrMove
00431E21 .8D45 C0 lea eax,dword ptr ss:
00431E24 .50 push eax 得到ASCLL码,在EAX中内存地址中
00431E25 .E8 C6020000 call 软件.004320F0
00431E2A .8D4D C0 lea ecx,dword ptr ss:
00431E2D .8945 E0 mov dword ptr ss:,eax
00431E30 .FF15 AC124000 call dword ptr ds:[<&MSVBVM60.__vbaFreeS>;msvbvm60.__vbaFreeStr
00431E36 .8D4D A0 lea ecx,dword ptr ss:
00431E39 .8D55 B0 lea edx,dword ptr ss:
00431E3C .51 push ecx
00431E3D .52 push edx
00431E3E .53 push ebx
00431E3F .FF15 34104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>;msvbvm60.__vbaFreeVarList
00431E45 .8B0F mov ecx,dword ptr ds:
00431E47 .83C4 0C add esp,0C
00431E4A .8D45 B0 lea eax,dword ptr ss:
00431E4D .C745 B8 01000>mov dword ptr ss:,1
00431E54 .50 push eax ; /Length8
00431E55 .51 push ecx ; |/String
00431E56 .895D B0 mov dword ptr ss:,ebx ; ||
00431E59 .89BD DCFEFFFF mov dword ptr ss:,edi ; ||
00431E5F .C785 D4FEFFFF>mov dword ptr ss:,4008 ; ||
00431E69 .FF15 2C104000 call dword ptr ds:[<&MSVBVM60.__vbaLenBs>; |\__vbaLenBstr
00431E6F .8BD0 mov edx,eax ; |
00431E71 .8D4D A0 lea ecx,dword ptr ss: ; |
00431E74 .0FBFC6 movsx eax,si ; |
00431E77 .2BD0 sub edx,eax ; |
00431E79 .8D85 D4FEFFFF lea eax,dword ptr ss: ; |
00431E7F .0F80 5C020000 jo 软件.004320E1 ; |
00431E85 .83C2 01 add edx,1 ; |
00431E88 .0F80 53020000 jo 软件.004320E1 ; |
00431E8E .52 push edx ; |Start
00431E8F .50 push eax ; |dString8
00431E90 .51 push ecx ; |RetBUFFER
00431E91 .FF15 E8104000 call dword ptr ds:[<&MSVBVM60.#632>] ; \rtcMidCharVar
00431E97 .8D55 A0 lea edx,dword ptr ss:
00431E9A .52 push edx
00431E9B .FF15 28104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVa>;msvbvm60.__vbaStrVarMove
00431EA1 .8BD0 mov edx,eax
00431EA3 .8D4D C0 lea ecx,dword ptr ss:
00431EA6 .FF15 70124000 call dword ptr ds:[<&MSVBVM60.__vbaStrMo>;msvbvm60.__vbaStrMove
00431EAC .8D45 C0 lea eax,dword ptr ss:
00431EAF .50 push eax
00431EB0 .E8 3B020000 call 软件.004320F0
00431EB5 .8D4D C0 lea ecx,dword ptr ss:
00431EB8 .8945 E4 mov dword ptr ss:,eax
00431EBB .FF15 AC124000 call dword ptr ds:[<&MSVBVM60.__vbaFreeS>;msvbvm60.__vbaFreeStr
00431EC1 .8D4D A0 lea ecx,dword ptr ss:
00431EC4 .8D55 B0 lea edx,dword ptr ss:
00431EC7 .51 push ecx
00431EC8 .52 push edx
00431EC9 .53 push ebx
00431ECA .FF15 34104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>;msvbvm60.__vbaFreeVarList
00431ED0 .8B45 D4 mov eax,dword ptr ss:
00431ED3 .B9 02400000 mov ecx,4002
00431ED8 .8985 BCFEFFFF mov dword ptr ss:,eax
00431EDE .8D45 E4 lea eax,dword ptr ss:
00431EE1 .8D55 E0 lea edx,dword ptr ss:
00431EE4 .83C4 0C add esp,0C
00431EE7 .C785 B4FEFFFF>mov dword ptr ss:,8
00431EF1 .8985 CCFEFFFF mov dword ptr ss:,eax
00431EF7 .898D C4FEFFFF mov dword ptr ss:,ecx
00431EFD .8995 DCFEFFFF mov dword ptr ss:,edx
00431F03 .8D95 B4FEFFFF lea edx,dword ptr ss:
00431F09 .898D D4FEFFFF mov dword ptr ss:,ecx
00431F0F .52 push edx
00431F10 .83EC 10 sub esp,10
00431F13 .8BD4 mov edx,esp
00431F15 .6A 01 push 1
00431F17 .890A mov dword ptr ds:,ecx
00431F19 .8B8D C8FEFFFF mov ecx,dword ptr ss:
00431F1F .83EC 10 sub esp,10
00431F22 .894A 04 mov dword ptr ds:,ecx
00431F25 .8BCC mov ecx,esp
00431F27 .6A 01 push 1
00431F29 .8942 08 mov dword ptr ds:,eax
00431F2C .8B85 D0FEFFFF mov eax,dword ptr ss:
00431F32 .8942 0C mov dword ptr ds:,eax
00431F35 .8B95 D4FEFFFF mov edx,dword ptr ss:
00431F3B .8B85 D8FEFFFF mov eax,dword ptr ss:
00431F41 .8911 mov dword ptr ds:,edx
00431F43 .8B95 DCFEFFFF mov edx,dword ptr ss:
00431F49 .8941 04 mov dword ptr ds:,eax
00431F4C .8B85 E0FEFFFF mov eax,dword ptr ss:
00431F52 .8951 08 mov dword ptr ds:,edx
00431F55 .8D55 B0 lea edx,dword ptr ss:
00431F58 .8941 0C mov dword ptr ds:,eax
00431F5B .8D4D C4 lea ecx,dword ptr ss:
00431F5E .51 push ecx
00431F5F .52 push edx
00431F60 .FF15 4C104000 call dword ptr ds:[<&MSVBVM60.__vbaVarIn>;msvbvm60.__vbaVarIndexLoadRef
00431F66 .83C4 1C add esp,1C
00431F69 .50 push eax
00431F6A .8D45 A0 lea eax,dword ptr ss:
00431F6D .50 push eax
00431F6E .FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaVarIn>;msvbvm60.__vbaVarIndexLoad
00431F74 .83C4 1C add esp,1C
00431F77 .8D4D 90 lea ecx,dword ptr ss:
00431F7A .50 push eax
00431F7B .51 push ecx
00431F7C .FF15 BC114000 call dword ptr ds:[<&MSVBVM60.__vbaVarCa>;msvbvm60.__vbaVarCat
00431F82 .50 push eax
00431F83 .FF15 28104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVa>;msvbvm60.__vbaStrVarMove
00431F89 .8BD0 mov edx,eax
00431F8B .8D4D D4 lea ecx,dword ptr ss:
00431F8E .FF15 70124000 call dword ptr ds:[<&MSVBVM60.__vbaStrMo>;msvbvm60.__vbaStrMove
00431F94 .8D55 90 lea edx,dword ptr ss:
00431F97 .8D45 A0 lea eax,dword ptr ss:
00431F9A .52 push edx
00431F9B .8D4D B0 lea ecx,dword ptr ss:
00431F9E .50 push eax
00431F9F .51 push ecx
00431FA0 .6A 03 push 3
00431FA2 .FF15 34104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>;msvbvm60.__vbaFreeVarList
00431FA8 .B8 01000000 mov eax,1
00431FAD .83C4 10 add esp,10
00431FB0 .66:03C6 add ax,si
00431FB3 .0F80 28010000 jo 软件.004320E1
00431FB9 .8BF0 mov esi,eax
00431FBB .^ E9 0CFEFFFF jmp 软件.00431DCC
00431FC0 >8B55 D4 mov edx,dword ptr ss: ;得出注册码 https://www.chinapyg.com/viewthread.php?tid=6293&highlight=VB%BA%AF%CA%FD 太好了,我是学VB出身的/:06
页:
[1]