注册按钮为灰色的CRACKME的算法分析
1、用PEID查是VB写的。2、用OD载入,随便输用户名和注册码,注册按钮为灰色不能用。
3、下断点,试了几个断点都不能断下,猜测是用户名与注册码对了才能用,接下来下BP __vbaVarTstEq,断下了。往上找到PUSH EBP在这下断
00405090 > \55 PUSH EBP
00405091 .8BEC MOV EBP,ESP
00405093 .83EC 0C SUB ESP,0C
00405096 .68 76104000 PUSH <JMP.&MSVBVM50.__vbaExceptHandler>;SE 处理程序安装
0040509B .64:A1 0000000>MOV EAX,DWORD PTR FS:
004050A1 .50 PUSH EAX
004050A2 .64:8925 00000>MOV DWORD PTR FS:,ESP
004050A9 .81EC FC000000 SUB ESP,0FC
004050AF .53 PUSH EBX
004050B0 .56 PUSH ESI
004050B1 .57 PUSH EDI
004050B2 .8B7D 08 MOV EDI,DWORD PTR SS:
004050B5 .8BC7 MOV EAX,EDI
004050B7 .83E7 FE AND EDI,FFFFFFFE
004050BA .8965 F4 MOV DWORD PTR SS:,ESP
004050BD .83E0 01 AND EAX,1
004050C0 .8B1F MOV EBX,DWORD PTR DS:
004050C2 .C745 F8 50104>MOV DWORD PTR SS:,Volatili.004010>
004050C9 .57 PUSH EDI
004050CA .8945 FC MOV DWORD PTR SS:,EAX
004050CD .897D 08 MOV DWORD PTR SS:,EDI
004050D0 .FF53 04 CALL DWORD PTR DS:
004050D3 .8B9B 2C030000 MOV EBX,DWORD PTR DS:
004050D9 .33F6 XOR ESI,ESI
004050DB .57 PUSH EDI
004050DC .8975 DC MOV DWORD PTR SS:,ESI
004050DF .8975 CC MOV DWORD PTR SS:,ESI
004050E2 .8975 BC MOV DWORD PTR SS:,ESI
004050E5 .8975 AC MOV DWORD PTR SS:,ESI
004050E8 .8975 9C MOV DWORD PTR SS:,ESI
004050EB .8975 8C MOV DWORD PTR SS:,ESI
004050EE .8975 88 MOV DWORD PTR SS:,ESI
004050F1 .8975 84 MOV DWORD PTR SS:,ESI
004050F4 .8975 80 MOV DWORD PTR SS:,ESI
004050F7 .89B5 70FFFFFF MOV DWORD PTR SS:,ESI
004050FD .89B5 60FFFFFF MOV DWORD PTR SS:,ESI
00405103 .89B5 50FFFFFF MOV DWORD PTR SS:,ESI
00405109 .89B5 40FFFFFF MOV DWORD PTR SS:,ESI
0040510F .89B5 30FFFFFF MOV DWORD PTR SS:,ESI
00405115 .89B5 20FFFFFF MOV DWORD PTR SS:,ESI
0040511B .899D F0FEFFFF MOV DWORD PTR SS:,EBX
00405121 .FFD3 CALL EBX
00405123 .8D4D 80 LEA ECX,DWORD PTR SS:
00405126 .50 PUSH EAX
00405127 .51 PUSH ECX
00405128 .FF15 60814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>;MSVBVM50.__vbaObjSet
0040512E .8BD8 MOV EBX,EAX
00405130 .8D45 88 LEA EAX,DWORD PTR SS:
00405133 .50 PUSH EAX
00405134 .53 PUSH EBX
00405135 .8B13 MOV EDX,DWORD PTR DS:
00405137 .FF92 A0000000 CALL DWORD PTR DS:
0040513D .3BC6 CMP EAX,ESI
0040513F .7D 12 JGE SHORT Volatili.00405153
00405141 .68 A0000000 PUSH 0A0
00405146 .68 301E4000 PUSH Volatili.00401E30
0040514B .53 PUSH EBX
0040514C .50 PUSH EAX
0040514D .FF15 50814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;MSVBVM50.__vbaHresultCheckObj
00405153 >8B45 88 MOV EAX,DWORD PTR SS: ;用户名出现
00405156 .8D8D 70FFFFFF LEA ECX,DWORD PTR SS:
0040515C .6A 01 PUSH 1
0040515E .8D95 60FFFFFF LEA EDX,DWORD PTR SS:
00405164 .51 PUSH ECX
00405165 .52 PUSH EDX
00405166 .8975 88 MOV DWORD PTR SS:,ESI
00405169 .8985 78FFFFFF MOV DWORD PTR SS:,EAX
0040516F .C785 70FFFFFF>MOV DWORD PTR SS:,8
00405179 .FF15 00824000 CALL DWORD PTR DS:[<&MSVBVM50.#617>] ;MSVBVM50.rtcLeftCharVar
0040517F .8D85 60FFFFFF LEA EAX,DWORD PTR SS:
00405185 .8D4D 84 LEA ECX,DWORD PTR SS:
00405188 .50 PUSH EAX
00405189 .51 PUSH ECX
0040518A .FF15 C4814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrVa>;MSVBVM50.__vbaStrVarVal
00405190 .50 PUSH EAX
00405191 .FF15 48814000 CALL DWORD PTR DS:[<&MSVBVM50.#516>] ;取用户名第一位
00405197 .8B35 30814000 MOV ESI,DWORD PTR DS:[<&MSVBVM50.__vbaVa>;MSVBVM50.__vbaVarMove
0040519D .8D95 30FFFFFF LEA EDX,DWORD PTR SS:
004051A3 .8D4D CC LEA ECX,DWORD PTR SS:
004051A6 .66:8985 38FFF>MOV WORD PTR SS:,AX
004051AD .C785 30FFFFFF>MOV DWORD PTR SS:,2
004051B7 .FFD6 CALL ESI ;<&MSVBVM50.__vbaVarMove>
004051B9 .8D4D 84 LEA ECX,DWORD PTR SS:
004051BC .FF15 14824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>;MSVBVM50.__vbaFreeStr
004051C2 .8D4D 80 LEA ECX,DWORD PTR SS:
004051C5 .FF15 18824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>;MSVBVM50.__vbaFreeObj
004051CB .8B1D 3C814000 MOV EBX,DWORD PTR DS:[<&MSVBVM50.__vbaFr>;MSVBVM50.__vbaFreeVarList
004051D1 .8D95 60FFFFFF LEA EDX,DWORD PTR SS:
004051D7 .8D85 70FFFFFF LEA EAX,DWORD PTR SS:
004051DD .52 PUSH EDX
004051DE .50 PUSH EAX
004051DF .6A 02 PUSH 2
004051E1 .FFD3 CALL EBX ;<&MSVBVM50.__vbaFreeVarList>
004051E3 .83C4 0C ADD ESP,0C
004051E6 .57 PUSH EDI
004051E7 .FF95 F0FEFFFF CALL DWORD PTR SS:
004051ED .8D4D 80 LEA ECX,DWORD PTR SS:
004051F0 .50 PUSH EAX
004051F1 .51 PUSH ECX
004051F2 .FF15 60814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>;MSVBVM50.__vbaObjSet
004051F8 .8B10 MOV EDX,DWORD PTR DS:
004051FA .8D4D 88 LEA ECX,DWORD PTR SS:
004051FD .51 PUSH ECX
004051FE .50 PUSH EAX
004051FF .8985 1CFFFFFF MOV DWORD PTR SS:,EAX
00405205 .FF92 A0000000 CALL DWORD PTR DS:
0040520B .85C0 TEST EAX,EAX
0040520D .7D 18 JGE SHORT Volatili.00405227
0040520F .8B95 1CFFFFFF MOV EDX,DWORD PTR SS:
00405215 .68 A0000000 PUSH 0A0
0040521A .68 301E4000 PUSH Volatili.00401E30
0040521F .52 PUSH EDX
00405220 .50 PUSH EAX
00405221 .FF15 50814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;MSVBVM50.__vbaHresultCheckObj
00405227 >8B45 88 MOV EAX,DWORD PTR SS:
0040522A .8D8D 70FFFFFF LEA ECX,DWORD PTR SS:
00405230 .8985 78FFFFFF MOV DWORD PTR SS:,EAX
00405236 .8D85 60FFFFFF LEA EAX,DWORD PTR SS:
0040523C .50 PUSH EAX
0040523D .6A 02 PUSH 2
0040523F .8D95 50FFFFFF LEA EDX,DWORD PTR SS:
00405245 .51 PUSH ECX
00405246 .52 PUSH EDX
00405247 .C785 68FFFFFF>MOV DWORD PTR SS:,1
00405251 .C785 60FFFFFF>MOV DWORD PTR SS:,2
0040525B .C745 88 00000>MOV DWORD PTR SS:,0
00405262 .C785 70FFFFFF>MOV DWORD PTR SS:,8
0040526C .FF15 88814000 CALL DWORD PTR DS:[<&MSVBVM50.#632>] ;取用户名第二位
00405272 .8D85 50FFFFFF LEA EAX,DWORD PTR SS:
00405278 .8D4D 84 LEA ECX,DWORD PTR SS:
0040527B .50 PUSH EAX
0040527C .51 PUSH ECX
0040527D .FF15 C4814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrVa>;MSVBVM50.__vbaStrVarVal
00405283 .50 PUSH EAX
00405284 .FF15 48814000 CALL DWORD PTR DS:[<&MSVBVM50.#516>] ;MSVBVM50.rtcAnsiValueBstr
0040528A .8D95 20FFFFFF LEA EDX,DWORD PTR SS:
00405290 .8D4D BC LEA ECX,DWORD PTR SS:
00405293 .66:8985 28FFF>MOV WORD PTR SS:,AX
0040529A .C785 20FFFFFF>MOV DWORD PTR SS:,2
004052A4 .FFD6 CALL ESI
004052A6 .8D4D 84 LEA ECX,DWORD PTR SS:
004052A9 .FF15 14824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>;MSVBVM50.__vbaFreeStr
004052AF .8D4D 80 LEA ECX,DWORD PTR SS:
004052B2 .FF15 18824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>;MSVBVM50.__vbaFreeObj
004052B8 .8D95 50FFFFFF LEA EDX,DWORD PTR SS:
004052BE .8D85 60FFFFFF LEA EAX,DWORD PTR SS:
004052C4 .52 PUSH EDX
004052C5 .8D8D 70FFFFFF LEA ECX,DWORD PTR SS:
004052CB .50 PUSH EAX
004052CC .51 PUSH ECX
004052CD .6A 03 PUSH 3
004052CF .FFD3 CALL EBX
004052D1 .83C4 10 ADD ESP,10
004052D4 .57 PUSH EDI
004052D5 .FF95 F0FEFFFF CALL DWORD PTR SS:
004052DB .8D55 80 LEA EDX,DWORD PTR SS:
004052DE .50 PUSH EAX
004052DF .52 PUSH EDX
004052E0 .FF15 60814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>;MSVBVM50.__vbaObjSet
004052E6 .8B08 MOV ECX,DWORD PTR DS:
004052E8 .8D55 88 LEA EDX,DWORD PTR SS:
004052EB .52 PUSH EDX
004052EC .50 PUSH EAX
004052ED .8985 1CFFFFFF MOV DWORD PTR SS:,EAX
004052F3 .FF91 A0000000 CALL DWORD PTR DS:
004052F9 .85C0 TEST EAX,EAX
004052FB .7D 18 JGE SHORT Volatili.00405315
004052FD .8B8D 1CFFFFFF MOV ECX,DWORD PTR SS:
00405303 .68 A0000000 PUSH 0A0
00405308 .68 301E4000 PUSH Volatili.00401E30
0040530D .51 PUSH ECX
0040530E .50 PUSH EAX
0040530F .FF15 50814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;MSVBVM50.__vbaHresultCheckObj
00405315 >8B45 88 MOV EAX,DWORD PTR SS:
00405318 .8D95 60FFFFFF LEA EDX,DWORD PTR SS:
0040531E .8985 78FFFFFF MOV DWORD PTR SS:,EAX
00405324 .52 PUSH EDX
00405325 .8D85 70FFFFFF LEA EAX,DWORD PTR SS:
0040532B .6A 03 PUSH 3
0040532D .8D8D 50FFFFFF LEA ECX,DWORD PTR SS:
00405333 .50 PUSH EAX
00405334 .51 PUSH ECX
00405335 .C785 68FFFFFF>MOV DWORD PTR SS:,1
0040533F .C785 60FFFFFF>MOV DWORD PTR SS:,2
00405349 .C745 88 00000>MOV DWORD PTR SS:,0
00405350 .C785 70FFFFFF>MOV DWORD PTR SS:,8
0040535A .FF15 88814000 CALL DWORD PTR DS:[<&MSVBVM50.#632>] ;取用户名第三位
00405360 .8D95 50FFFFFF LEA EDX,DWORD PTR SS:
00405366 .8D45 84 LEA EAX,DWORD PTR SS:
00405369 .52 PUSH EDX
0040536A .50 PUSH EAX
0040536B .FF15 C4814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrVa>;MSVBVM50.__vbaStrVarVal
00405371 .50 PUSH EAX
00405372 .FF15 48814000 CALL DWORD PTR DS:[<&MSVBVM50.#516>] ;MSVBVM50.rtcAnsiValueBstr
00405378 .8D95 20FFFFFF LEA EDX,DWORD PTR SS:
0040537E .8D4D AC LEA ECX,DWORD PTR SS:
00405381 .66:8985 28FFF>MOV WORD PTR SS:,AX
00405388 .C785 20FFFFFF>MOV DWORD PTR SS:,2
00405392 .FFD6 CALL ESI
00405394 .8D4D 84 LEA ECX,DWORD PTR SS:
00405397 .FF15 14824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>;MSVBVM50.__vbaFreeStr
0040539D .8D4D 80 LEA ECX,DWORD PTR SS:
004053A0 .FF15 18824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>;MSVBVM50.__vbaFreeObj
004053A6 .8D8D 50FFFFFF LEA ECX,DWORD PTR SS:
004053AC .8D95 60FFFFFF LEA EDX,DWORD PTR SS:
004053B2 .51 PUSH ECX
004053B3 .8D85 70FFFFFF LEA EAX,DWORD PTR SS:
004053B9 .52 PUSH EDX
004053BA .50 PUSH EAX
004053BB .6A 03 PUSH 3
004053BD .FFD3 CALL EBX
004053BF .83C4 10 ADD ESP,10
004053C2 .57 PUSH EDI
004053C3 .FF95 F0FEFFFF CALL DWORD PTR SS:
004053C9 .8D4D 80 LEA ECX,DWORD PTR SS:
004053CC .50 PUSH EAX
004053CD .51 PUSH ECX
004053CE .FF15 60814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>;MSVBVM50.__vbaObjSet
004053D4 .8B10 MOV EDX,DWORD PTR DS:
004053D6 .8D4D 88 LEA ECX,DWORD PTR SS:
004053D9 .51 PUSH ECX
004053DA .50 PUSH EAX
004053DB .8985 1CFFFFFF MOV DWORD PTR SS:,EAX
004053E1 .FF92 A0000000 CALL DWORD PTR DS:
004053E7 .85C0 TEST EAX,EAX
004053E9 .7D 18 JGE SHORT Volatili.00405403
004053EB .8B95 1CFFFFFF MOV EDX,DWORD PTR SS:
004053F1 .68 A0000000 PUSH 0A0
004053F6 .68 301E4000 PUSH Volatili.00401E30
004053FB .52 PUSH EDX
004053FC .50 PUSH EAX
004053FD .FF15 50814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;MSVBVM50.__vbaHresultCheckObj
00405403 >8B45 88 MOV EAX,DWORD PTR SS:
00405406 .8D8D 70FFFFFF LEA ECX,DWORD PTR SS:
0040540C .8985 78FFFFFF MOV DWORD PTR SS:,EAX
00405412 .8D85 60FFFFFF LEA EAX,DWORD PTR SS:
00405418 .50 PUSH EAX
00405419 .6A 04 PUSH 4
0040541B .8D95 50FFFFFF LEA EDX,DWORD PTR SS:
00405421 .51 PUSH ECX
00405422 .52 PUSH EDX
00405423 .C785 68FFFFFF>MOV DWORD PTR SS:,1
0040542D .C785 60FFFFFF>MOV DWORD PTR SS:,2
00405437 .C745 88 00000>MOV DWORD PTR SS:,0
0040543E .C785 70FFFFFF>MOV DWORD PTR SS:,8
00405448 .FF15 88814000 CALL DWORD PTR DS:[<&MSVBVM50.#632>] ;取用户名第四位
0040544E .8D85 50FFFFFF LEA EAX,DWORD PTR SS:
00405454 .8D4D 84 LEA ECX,DWORD PTR SS:
00405457 .50 PUSH EAX
00405458 .51 PUSH ECX
00405459 .FF15 C4814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrVa>;MSVBVM50.__vbaStrVarVal
0040545F .50 PUSH EAX
00405460 .FF15 48814000 CALL DWORD PTR DS:[<&MSVBVM50.#516>] ;MSVBVM50.rtcAnsiValueBstr
00405466 .8D95 20FFFFFF LEA EDX,DWORD PTR SS:
0040546C .8D4D 9C LEA ECX,DWORD PTR SS:
0040546F .66:8985 28FFF>MOV WORD PTR SS:,AX
00405476 .C785 20FFFFFF>MOV DWORD PTR SS:,2
00405480 .FFD6 CALL ESI
00405482 .8D4D 84 LEA ECX,DWORD PTR SS:
00405485 .FF15 14824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>;MSVBVM50.__vbaFreeStr
0040548B .8D4D 80 LEA ECX,DWORD PTR SS:
0040548E .FF15 18824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>;MSVBVM50.__vbaFreeObj
00405494 .8D95 50FFFFFF LEA EDX,DWORD PTR SS:
0040549A .8D85 60FFFFFF LEA EAX,DWORD PTR SS:
004054A0 .52 PUSH EDX
004054A1 .8D8D 70FFFFFF LEA ECX,DWORD PTR SS:
004054A7 .50 PUSH EAX
004054A8 .51 PUSH ECX
004054A9 .6A 03 PUSH 3
004054AB .FFD3 CALL EBX
004054AD .83C4 10 ADD ESP,10
004054B0 .57 PUSH EDI
004054B1 .FF95 F0FEFFFF CALL DWORD PTR SS:
004054B7 .8D55 80 LEA EDX,DWORD PTR SS:
004054BA .50 PUSH EAX
004054BB .52 PUSH EDX
004054BC .FF15 60814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>;MSVBVM50.__vbaObjSet
004054C2 .8B08 MOV ECX,DWORD PTR DS:
004054C4 .8D55 88 LEA EDX,DWORD PTR SS:
004054C7 .52 PUSH EDX
004054C8 .50 PUSH EAX
004054C9 .8985 1CFFFFFF MOV DWORD PTR SS:,EAX
004054CF .FF91 A0000000 CALL DWORD PTR DS:
004054D5 .85C0 TEST EAX,EAX
004054D7 .7D 18 JGE SHORT Volatili.004054F1
004054D9 .8B8D 1CFFFFFF MOV ECX,DWORD PTR SS:
004054DF .68 A0000000 PUSH 0A0
004054E4 .68 301E4000 PUSH Volatili.00401E30
004054E9 .51 PUSH ECX
004054EA .50 PUSH EAX
004054EB .FF15 50814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;MSVBVM50.__vbaHresultCheckObj
004054F1 >8B45 88 MOV EAX,DWORD PTR SS:
004054F4 .8D95 60FFFFFF LEA EDX,DWORD PTR SS:
004054FA .8985 78FFFFFF MOV DWORD PTR SS:,EAX
00405500 .52 PUSH EDX
00405501 .8D85 70FFFFFF LEA EAX,DWORD PTR SS:
00405507 .6A 05 PUSH 5
00405509 .8D8D 50FFFFFF LEA ECX,DWORD PTR SS:
0040550F .50 PUSH EAX
00405510 .51 PUSH ECX
00405511 .C785 68FFFFFF>MOV DWORD PTR SS:,1
0040551B .C785 60FFFFFF>MOV DWORD PTR SS:,2
00405525 .C745 88 00000>MOV DWORD PTR SS:,0
0040552C .C785 70FFFFFF>MOV DWORD PTR SS:,8
00405536 .FF15 88814000 CALL DWORD PTR DS:[<&MSVBVM50.#632>] ;取用户名第五位
0040553C .8D95 50FFFFFF LEA EDX,DWORD PTR SS:
00405542 .8D45 84 LEA EAX,DWORD PTR SS:
00405545 .52 PUSH EDX
00405546 .50 PUSH EAX
00405547 .FF15 C4814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrVa>;MSVBVM50.__vbaStrVarVal
0040554D .50 PUSH EAX
0040554E .FF15 48814000 CALL DWORD PTR DS:[<&MSVBVM50.#516>] ;MSVBVM50.rtcAnsiValueBstr
00405554 .8D95 20FFFFFF LEA EDX,DWORD PTR SS:
0040555A .8D4D 8C LEA ECX,DWORD PTR SS:
0040555D .66:8985 28FFF>MOV WORD PTR SS:,AX
00405564 .C785 20FFFFFF>MOV DWORD PTR SS:,2
0040556E .FFD6 CALL ESI
00405570 .8D4D 84 LEA ECX,DWORD PTR SS:
00405573 .FF15 14824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>;MSVBVM50.__vbaFreeStr
00405579 .8D4D 80 LEA ECX,DWORD PTR SS:
0040557C .FF15 18824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>;MSVBVM50.__vbaFreeObj
00405582 .8D8D 50FFFFFF LEA ECX,DWORD PTR SS:
00405588 .8D95 60FFFFFF LEA EDX,DWORD PTR SS:
0040558E .51 PUSH ECX
0040558F .8D85 70FFFFFF LEA EAX,DWORD PTR SS:
00405595 .52 PUSH EDX
00405596 .50 PUSH EAX
00405597 .6A 03 PUSH 3
00405599 .FFD3 CALL EBX
0040559B .83C4 10 ADD ESP,10
0040559E .8D4D CC LEA ECX,DWORD PTR SS:
004055A1 .8D55 BC LEA EDX,DWORD PTR SS:
004055A4 .8D85 70FFFFFF LEA EAX,DWORD PTR SS:
004055AA .51 PUSH ECX
004055AB .52 PUSH EDX
004055AC .50 PUSH EAX
004055AD .FF15 C8814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaVarCa>;MSVBVM50.__vbaVarCat
004055B3 .8D4D AC LEA ECX,DWORD PTR SS:
004055B6 .50 PUSH EAX
004055B7 .8D95 60FFFFFF LEA EDX,DWORD PTR SS:
004055BD .51 PUSH ECX
004055BE .52 PUSH EDX
004055BF .FF15 C8814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaVarCa>;MSVBVM50.__vbaVarCat
004055C5 .50 PUSH EAX
004055C6 .8D45 9C LEA EAX,DWORD PTR SS:
004055C9 .8D8D 50FFFFFF LEA ECX,DWORD PTR SS:
004055CF .50 PUSH EAX
004055D0 .51 PUSH ECX
004055D1 .FF15 C8814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaVarCa>;MSVBVM50.__vbaVarCat
004055D7 .50 PUSH EAX
004055D8 .8D55 8C LEA EDX,DWORD PTR SS:
004055DB .8D85 40FFFFFF LEA EAX,DWORD PTR SS:
004055E1 .52 PUSH EDX
004055E2 .50 PUSH EAX
004055E3 .FF15 C8814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaVarCa>;MSVBVM50.__vbaVarCat
004055E9 .8BD0 MOV EDX,EAX
004055EB .8D4D DC LEA ECX,DWORD PTR SS:
004055EE .FFD6 CALL ESI
004055F0 > .8D8D 50FFFFFF LEA ECX,DWORD PTR SS: ;把用户名所有字符的ASCⅡ码十进制连起来
004055F6 .8D95 60FFFFFF LEA EDX,DWORD PTR SS:
004055FC .51 PUSH ECX
004055FD .8D85 70FFFFFF LEA EAX,DWORD PTR SS:
00405603 .52 PUSH EDX
00405604 .50 PUSH EAX
00405605 .6A 03 PUSH 3
00405607 .FFD3 CALL EBX
00405609 .83C4 10 ADD ESP,10
0040560C .8D8D 70FFFFFF LEA ECX,DWORD PTR SS:
00405612 .C785 78FFFFFF>MOV DWORD PTR SS:,0A
0040561C .C785 70FFFFFF>MOV DWORD PTR SS:,2
00405626 .51 PUSH ECX
00405627 .6A 02 PUSH 2
00405629 .8D55 DC LEA EDX,DWORD PTR SS:
0040562C .8D85 60FFFFFF LEA EAX,DWORD PTR SS:
00405632 .52 PUSH EDX
00405633 .50 PUSH EAX
00405634 .FF15 88814000 CALL DWORD PTR DS:[<&MSVBVM50.#632>] ;MSVBVM50.rtcMidCharVar
0040563A .8D95 60FFFFFF LEA EDX,DWORD PTR SS:
00405640 .8D4D DC LEA ECX,DWORD PTR SS:
00405643 .FFD6 CALL ESI
00405645 .8D8D 70FFFFFF LEA ECX,DWORD PTR SS: ;取ASCⅡ码十进制的第二位到第十一位为注册码
0040564B .FF15 34814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeV>;MSVBVM50.__vbaFreeVar
00405651 .8B1F MOV EBX,DWORD PTR DS:
00405653 .57 PUSH EDI
00405654 .FF93 20030000 CALL DWORD PTR DS:
0040565A .8D4D 80 LEA ECX,DWORD PTR SS:
0040565D .50 PUSH EAX
0040565E .51 PUSH ECX
0040565F .FF15 60814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>;MSVBVM50.__vbaObjSet
00405665 .8BF0 MOV ESI,EAX
00405667 .8D45 88 LEA EAX,DWORD PTR SS:
0040566A .50 PUSH EAX
0040566B .56 PUSH ESI
0040566C .8B16 MOV EDX,DWORD PTR DS:
0040566E .FF92 A0000000 CALL DWORD PTR DS:
00405674 .85C0 TEST EAX,EAX
00405676 .7D 12 JGE SHORT Volatili.0040568A
00405678 .68 A0000000 PUSH 0A0
0040567D .68 301E4000 PUSH Volatili.00401E30
00405682 .56 PUSH ESI
00405683 .50 PUSH EAX
00405684 .FF15 50814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;MSVBVM50.__vbaHresultCheckObj
0040568A >8B45 88 MOV EAX,DWORD PTR SS:
0040568D .33C9 XOR ECX,ECX
0040568F .894D 88 MOV DWORD PTR SS:,ECX
00405692 .898D 38FFFFFF MOV DWORD PTR SS:,ECX
00405698 .8D8D 70FFFFFF LEA ECX,DWORD PTR SS:
0040569E .8985 78FFFFFF MOV DWORD PTR SS:,EAX
004056A4 .8D55 DC LEA EDX,DWORD PTR SS:
004056A7 .51 PUSH ECX
004056A8 .8D85 60FFFFFF LEA EAX,DWORD PTR SS:
004056AE .52 PUSH EDX
004056AF .50 PUSH EAX
004056B0 .C785 70FFFFFF>MOV DWORD PTR SS:,8
004056BA .C785 30FFFFFF>MOV DWORD PTR SS:,8002
004056C4 .FF15 24814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaVarSu>;MSVBVM50.__vbaVarSub
004056CA .8D8D 30FFFFFF LEA ECX,DWORD PTR SS:
004056D0 .50 PUSH EAX
004056D1 .51 PUSH ECX
004056D2 .FF15 98814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaVarTs>;MSVBVM50.__vbaVarTstEq
004056D8 .8D4D 80 LEA ECX,DWORD PTR SS: ;断在这
004056DB .8BF0 MOV ESI,EAX
004056DD .FF15 18824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>;MSVBVM50.__vbaFreeObj
004056E3 .8D8D 70FFFFFF LEA ECX,DWORD PTR SS:
004056E9 .FF15 34814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeV>;MSVBVM50.__vbaFreeVar
004056EF .66:85F6 TEST SI,SI
004056F2 .74 3E JE SHORT Volatili.00405732 ;爆破点
004056F4 .57 PUSH EDI
004056F5 .FF93 10030000 CALL DWORD PTR DS:
004056FB .8D55 80 LEA EDX,DWORD PTR SS:
004056FE .50 PUSH EAX
004056FF .52 PUSH EDX
00405700 .FF15 60814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>;MSVBVM50.__vbaObjSet
00405706 .8BF8 MOV EDI,EAX
00405708 .6A FF PUSH -1
0040570A .57 PUSH EDI
0040570B .8B07 MOV EAX,DWORD PTR DS:
0040570D .FF90 8C000000 CALL DWORD PTR DS:
00405713 .85C0 TEST EAX,EAX
00405715 .7D 12 JGE SHORT Volatili.00405729
00405717 .68 8C000000 PUSH 8C
0040571C .68 481E4000 PUSH Volatili.00401E48
00405721 .57 PUSH EDI
00405722 .50 PUSH EAX
00405723 .FF15 50814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>;MSVBVM50.__vbaHresultCheckObj
00405729 >8D4D 80 LEA ECX,DWORD PTR SS:
0040572C .FF15 18824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>;MSVBVM50.__vbaFreeObj
00405732 >C745 FC 00000>MOV DWORD PTR SS:,0
00405739 .68 A9574000 PUSH Volatili.004057A9
0040573E .EB 44 JMP SHORT Volatili.00405784
00405740 .8D4D 84 LEA ECX,DWORD PTR SS:
00405743 .8D55 88 LEA EDX,DWORD PTR SS:
00405746 .51 PUSH ECX
00405747 .52 PUSH EDX
00405748 .6A 02 PUSH 2
0040574A .FF15 EC814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>;MSVBVM50.__vbaFreeStrList
00405750 .83C4 0C ADD ESP,0C
00405753 .8D4D 80 LEA ECX,DWORD PTR SS:
00405756 .FF15 18824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>;MSVBVM50.__vbaFreeObj
0040575C .8D85 40FFFFFF LEA EAX,DWORD PTR SS:
00405762 .8D8D 50FFFFFF LEA ECX,DWORD PTR SS:
00405768 .50 PUSH EAX
00405769 .8D95 60FFFFFF LEA EDX,DWORD PTR SS:
0040576F .51 PUSH ECX
00405770 .8D85 70FFFFFF LEA EAX,DWORD PTR SS:
00405776 .52 PUSH EDX
00405777 .50 PUSH EAX
00405778 .6A 04 PUSH 4
0040577A .FF15 3C814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeV>;MSVBVM50.__vbaFreeVarList
00405780 .83C4 14 ADD ESP,14
00405783 .C3 RETN
总结:
1、用户名不能小于5位。
2、注册码是用户名的ASCⅡ码十进制的第二位到第十一位。这样灰色按钮就可用了。
[ 本帖最后由 lhl8730 于 2006-5-11 20:04 编辑 ] 这么牛的帖帖,怎么没有顶呀?谢谢兄弟! 学习,试试 学习了!!~~ 我顶,真乃强人也 厉害呀
学习了 学习,收藏!!支持!!!! 全靠静态分析啊???高手啊! 我顶,真乃强人也 最需要这东西,顶上去,大家分享
页:
[1]
2