本来已经删了这个软件的,见兄弟找了这么多解决方法,再下玩一下吧,是时间格式问题
写一下我整个分析过程出来,给不懂的兄弟做个参考吧,没什么时间,暴破的```呵```好像与主题不一致哦,我这里没有找到注册码,可能不是明码吧我没详细去跟,勉强来个暴破的分析好了
注册错误是以信息框的形式显示,故下断 BP rtcMsgBox 分析,输入注册信息中断后返回
0043A000 55 push ebp //返回后向上来到开始处下断分析
0043A001 8BEC mov ebp,esp
………………省略部分单步跟踪过程代码……………………
0043A1D6 68 30F84000 push unpacked.0040F830 ; 固定字符串zxcyuizhou
0043A1DB FF15 6C104000 call dword ptr ds:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrCat
0043A1E1 8BD0 mov edx,eax ; 连接为(UNICODE "风球zxcyuizhou")
0043A1E3 8D4D E0 lea ecx,dword ptr ss:
0043A1E6 FF15 7C124000 call dword ptr ds:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrMove
0043A1EC 50 push eax
0043A1ED FF15 20114000 call dword ptr ds:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrCmp
0043A1F3 8BF8 mov edi,eax
0043A1F5 F7DF neg edi
0043A1F7 8D55 E0 lea edx,dword ptr ss:
0043A1FA 52 push edx
0043A1FB 1BFF sbb edi,edi
0043A1FD 8D45 E4 lea eax,dword ptr ss:
0043A200 50 push eax
0043A201 F7DF neg edi
0043A203 6A 02 push 2
0043A205 F7DF neg edi
0043A207 FF15 20124000 call dword ptr ds:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeStrList
0043A20D 83C4 0C add esp,0C
0043A210 8D4D D0 lea ecx,dword ptr ss:
0043A213 FF15 C0124000 call dword ptr ds:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeObj
0043A219 66:3BFB cmp di,bx ; 比较
0043A21C B8 04000280 mov eax,80020004
0043A221 BB 0A000000 mov ebx,0A
0043A226 BF 08000000 mov edi,8
0043A22B 8945 98 mov dword ptr ss:,eax
0043A22E 895D 90 mov dword ptr ss:,ebx
0043A231 8945 A8 mov dword ptr ss:,eax
0043A234 895D A0 mov dword ptr ss:,ebx
0043A237 C785 78FFFFFF 58F94000 mov dword ptr ss:,unpacked.00>
0043A241 89BD 70FFFFFF mov dword ptr ss:,edi
0043A247 8D95 70FFFFFF lea edx,dword ptr ss:
0043A24D 8D4D B0 lea ecx,dword ptr ss:
0043A250 0F84 C6000000 je unpacked.0043A31C ; 实时比较,暴破 NOP 或 JNE
注册成功后,信息写入config.ini,发现是重启验证,暴了等于没暴```但经上面的分析我们看到固定字符串zxcyuizhou
因此我们查找字符串“zxcyuizhou”来到启动比较部分,好```暴破吧
00439592 68 30F84000 push unpacked.0040F830 ; zxcyuizhou//找到这里
00439597 FF15 6C104000 call dword ptr ds:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrCat
0043959D 8BD0 mov edx,eax
0043959F 8D4D CC lea ecx,dword ptr ss:
004395A2 FF15 7C124000 call dword ptr ds:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrMove
004395A8 50 push eax
004395A9 FF15 20114000 call dword ptr ds:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrCmp
004395AF 8BF8 mov edi,eax ; 比较
004395B1 F7DF neg edi
004395B3 8D55 CC lea edx,dword ptr ss:
004395B6 52 push edx
004395B7 1BFF sbb edi,edi
004395B9 8D45 D0 lea eax,dword ptr ss:
004395BC 50 push eax
004395BD 47 inc edi
004395BE 6A 02 push 2
004395C0 F7DF neg edi
004395C2 FF15 20124000 call dword ptr ds:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeStrList
004395C8 83C4 0C add esp,0C
004395CB 8D4D C0 lea ecx,dword ptr ss:
004395CE FF15 C0124000 call dword ptr ds:[<&MSVBVM60.__vbaFr>; MSVBVM60.__vbaFreeObj
004395D4 66:3BFB cmp di,bx
004395D7 0F84 EB000000 je unpacked.004396C8 ; 启动时比较,暴破修改为 nop 或 jne
至此暴破成功!!!
破解总结:
004395D7 0F84 EB000000 je unpacked.004396C8 //NOP 或者 JNE
但只改此处的话,添加个人注册信息可以在config.ini写入如如下内容即可
registry=1882731487
reg=www.chinapyg.com
username=风球
至于软件的其它功能有没有限制,没去测试不用此软件的,这里只是给出一种暴破参考,希望对初学者所收获吧!
有时间有兴趣的可以去看它的算法。。。
[ 本帖最后由 风球 于 2006-5-13 12:26 编辑 ]
原帖由 风球 于 2006-5-13 12:11 发表
注册成功后,信息写入config.ini,发现是重启验证,暴了等于没暴```但经上面的分析我们看到固定字符串zxcyuizhou
因此我们查找字符串“zxcyuizhou”来到启动比较部分,好```暴破吧
晕!这是猫没想到的,猫只想找找那个config.ini进行搞掉它的重启验证。晕啦!!!:L
0043A000 > \55 PUSH EBP
0043A001 .8BEC MOV EBP,ESP
0043A003 .83EC 0C SUB ESP,0C
0043A006 .68 16244000 PUSH <JMP.&msvbvm60.__vbaExceptHandler>;SE 处理程序安装
0043A00B .64:A1 00000000 MOV EAX,DWORD PTR FS:
0043A011 .50 PUSH EAX
0043A012 .64:8925 00000000 MOV DWORD PTR FS:,ESP
0043A019 .81EC B4000000 SUB ESP,0B4
0043A01F .53 PUSH EBX
0043A020 .56 PUSH ESI
0043A021 .57 PUSH EDI
0043A022 .8965 F4 MOV DWORD PTR SS:[EBP-C],ESP
0043A025 .C745 F8 E01A4000 MOV DWORD PTR SS:[EBP-8],1_.00401AE0
0043A02C .8B75 08 MOV ESI,DWORD PTR SS:[EBP+8]
0043A02F .8BC6 MOV EAX,ESI
0043A031 .83E0 01 AND EAX,1
0043A034 .8945 FC MOV DWORD PTR SS:[EBP-4],EAX
0043A037 .83E6 FE AND ESI,FFFFFFFE
0043A03A .8B0E MOV ECX,DWORD PTR DS:[ESI]
0043A03C .56 PUSH ESI
0043A03D .8975 08 MOV DWORD PTR SS:[EBP+8],ESI
0043A040 .FF51 04 CALL DWORD PTR DS:[ECX+4]
0043A043 .33DB XOR EBX,EBX
0043A045 .66:395E 34 CMP WORD PTR DS:[ESI+34],BX
0043A049 .895D E8 MOV DWORD PTR SS:[EBP-18],EBX
0043A04C .895D E4 MOV DWORD PTR SS:[EBP-1C],EBX
0043A04F .895D E0 MOV DWORD PTR SS:[EBP-20],EBX
0043A052 .895D DC MOV DWORD PTR SS:[EBP-24],EBX
0043A055 .895D D8 MOV DWORD PTR SS:[EBP-28],EBX
0043A058 .895D D4 MOV DWORD PTR SS:[EBP-2C],EBX
0043A05B .895D D0 MOV DWORD PTR SS:[EBP-30],EBX
0043A05E .895D C0 MOV DWORD PTR SS:[EBP-40],EBX
0043A061 .895D B0 MOV DWORD PTR SS:[EBP-50],EBX
0043A064 .895D A0 MOV DWORD PTR SS:[EBP-60],EBX
0043A067 .895D 90 MOV DWORD PTR SS:[EBP-70],EBX
0043A06A .895D 80 MOV DWORD PTR SS:[EBP-80],EBX
0043A06D .899D 70FFFFFF MOV DWORD PTR SS:[EBP-90],EBX
0043A073 .899D 4CFFFFFF MOV DWORD PTR SS:[EBP-B4],EBX
0043A079 .0F85 6C040000 JNZ 1_.0043A4EB
0043A07F .8B16 MOV EDX,DWORD PTR DS:[ESI]
0043A081 .8D85 4CFFFFFF LEA EAX,DWORD PTR SS:[EBP-B4]
0043A087 .50 PUSH EAX
0043A088 .56 PUSH ESI
0043A089 .899D 4CFFFFFF MOV DWORD PTR SS:[EBP-B4],EBX
0043A08F .FF92 14070000 CALL DWORD PTR DS:[EDX+714]
0043A095 .8B0E MOV ECX,DWORD PTR DS:[ESI]
0043A097 .56 PUSH ESI
0043A098 .FF91 00030000 CALL DWORD PTR DS:[ECX+300]
0043A09E .50 PUSH EAX
0043A09F .8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30]
0043A0A2 .52 PUSH EDX
0043A0A3 .FF15 B0104000 CALL DWORD PTR DS:[<&msvbvm60.__vbaObjSe>;msvbvm60.__vbaObjSet
0043A0A9 .8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
0043A0AC .8BF8 MOV EDI,EAX
0043A0AE .8B07 MOV EAX,DWORD PTR DS:[EDI]
0043A0B0 .51 PUSH ECX
0043A0B1 .57 PUSH EDI
0043A0B2 .FF90 A0000000 CALL DWORD PTR DS:[EAX+A0]
0043A0B8 .DBE2 FCLEX
0043A0BA .3BC3 CMP EAX,EBX
0043A0BC .7D 12 JGE SHORT 1_.0043A0D0
0043A0BE .68 A0000000 PUSH 0A0
0043A0C3 .68 5CD24000 PUSH 1_.0040D25C
0043A0C8 .57 PUSH EDI
0043A0C9 .50 PUSH EAX
0043A0CA .FF15 78104000 CALL DWORD PTR DS:[<&msvbvm60.__vbaHresu>;msvbvm60.__vbaHresultCheckObj
0043A0D0 >8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C]
0043A0D3 .52 PUSH EDX
0043A0D4 .68 30D94000 PUSH 1_.0040D930
0043A0D9 .FF15 20114000 CALL DWORD PTR DS:[<&msvbvm60.__vbaStrCm>;msvbvm60.__vbaStrCmp
0043A0DF .8BF8 MOV EDI,EAX
0043A0E1 .F7DF NEG EDI
0043A0E3 .1BFF SBB EDI,EDI
0043A0E5 .47 INC EDI
0043A0E6 .8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
0043A0E9 .F7DF NEG EDI
0043A0EB .FF15 C4124000 CALL DWORD PTR DS:[<&msvbvm60.__vbaFreeS>;msvbvm60.__vbaFreeStr
0043A0F1 .8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
0043A0F4 .FF15 C0124000 CALL DWORD PTR DS:[<&msvbvm60.__vbaFreeO>;msvbvm60.__vbaFreeObj
0043A0FA .66:3BFB CMP DI,BX
0043A0FD .0F84 90000000 JE 1_.0043A193
0043A103 .8B35 58124000 MOV ESI,DWORD PTR DS:[<&msvbvm60.__vbaVa>;msvbvm60.__vbaVarDup
0043A109 .B8 04000280 MOV EAX,80020004
0043A10E .BB 0A000000 MOV EBX,0A
0043A113 .BF 08000000 MOV EDI,8
0043A118 .8D95 70FFFFFF LEA EDX,DWORD PTR SS:[EBP-90]
0043A11E .8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0043A121 .8945 98 MOV DWORD PTR SS:[EBP-68],EAX
0043A124 .895D 90 MOV DWORD PTR SS:[EBP-70],EBX
0043A127 .8945 A8 MOV DWORD PTR SS:[EBP-58],EAX
0043A12A .895D A0 MOV DWORD PTR SS:[EBP-60],EBX
0043A12D .C785 78FFFFFF 58F94000 MOV DWORD PTR SS:[EBP-88],1_.0040F958
0043A137 .89BD 70FFFFFF MOV DWORD PTR SS:[EBP-90],EDI
0043A13D .FFD6 CALL ESI ;<&msvbvm60.__vbaVarDup>
0043A13F .8D55 80 LEA EDX,DWORD PTR SS:[EBP-80]
0043A142 .8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0043A145 .C745 88 40F94000 MOV DWORD PTR SS:[EBP-78],1_.0040F940
0043A14C .897D 80 MOV DWORD PTR SS:[EBP-80],EDI
0043A14F .FFD6 CALL ESI
0043A151 .8D45 90 LEA EAX,DWORD PTR SS:[EBP-70]
0043A154 .50 PUSH EAX
0043A155 .8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
0043A158 .51 PUSH ECX
0043A159 .8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50]
0043A15C .52 PUSH EDX
0043A15D .6A 00 PUSH 0
0043A15F .8D45 C0 LEA EAX,DWORD PTR SS:[EBP-40]
0043A162 .50 PUSH EAX
0043A163 .FF15 B4104000 CALL DWORD PTR DS:[<&msvbvm60.rtcMsgBox>>;msvbvm60.rtcMsgBox
0043A169 .8D4D 90 LEA ECX,DWORD PTR SS:[EBP-70]
0043A16C .51 PUSH ECX
0043A16D .8D55 A0 LEA EDX,DWORD PTR SS:[EBP-60]
0043A170 .52 PUSH EDX
0043A171 .8D45 B0 LEA EAX,DWORD PTR SS:[EBP-50]
0043A174 .50 PUSH EAX
0043A175 .8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0043A178 .51 PUSH ECX
0043A179 .6A 04 PUSH 4
0043A17B .FF15 3C104000 CALL DWORD PTR DS:[<&msvbvm60.__vbaFreeV>;msvbvm60.__vbaFreeVarList
0043A181 .83C4 14 ADD ESP,14
0043A184 >33DB XOR EBX,EBX
0043A186 >895D FC MOV DWORD PTR SS:[EBP-4],EBX
0043A189 .68 47A54300 PUSH 1_.0043A547
0043A18E .E9 AA030000 JMP 1_.0043A53D
0043A193 >8B16 MOV EDX,DWORD PTR DS:[ESI]
0043A195 .56 PUSH ESI
0043A196 .FF92 00030000 CALL DWORD PTR DS:[EDX+300]
0043A19C .50 PUSH EAX
0043A19D .8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30]
0043A1A0 .50 PUSH EAX
0043A1A1 .FF15 B0104000 CALL DWORD PTR DS:[<&msvbvm60.__vbaObjSe>;msvbvm60.__vbaObjSet
0043A1A7 .8D55 E4 LEA EDX,DWORD PTR SS:[EBP-1C]
0043A1AA .8BF8 MOV EDI,EAX
0043A1AC .8B0F MOV ECX,DWORD PTR DS:[EDI]
0043A1AE .52 PUSH EDX
0043A1AF .57 PUSH EDI
0043A1B0 .FF91 A0000000 CALL DWORD PTR DS:[ECX+A0]
0043A1B6 .DBE2 FCLEX
0043A1B8 .3BC3 CMP EAX,EBX
0043A1BA .7D 12 JGE SHORT 1_.0043A1CE
0043A1BC .68 A0000000 PUSH 0A0
0043A1C1 .68 5CD24000 PUSH 1_.0040D25C
0043A1C6 .57 PUSH EDI
0043A1C7 .50 PUSH EAX
0043A1C8 .FF15 78104000 CALL DWORD PTR DS:[<&msvbvm60.__vbaHresu>;msvbvm60.__vbaHresultCheckObj
0043A1CE >8B46 40 MOV EAX,DWORD PTR DS:[ESI+40]
0043A1D1 .8B4D E4 MOV ECX,DWORD PTR SS:[EBP-1C]
0043A1D4 .50 PUSH EAX
0043A1D5 .51 PUSH ECX
0043A1D6 .68 30F84000 PUSH 1_.0040F830 ;zxcyuizhou
0043A1DB .FF15 6C104000 CALL DWORD PTR DS:[<&msvbvm60.__vbaStrCa>;msvbvm60.__vbaStrCat
0043A1E1 .8BD0 MOV EDX,EAX ;用户名与上组ASCII码组合
0043A1E3 .8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
0043A1E6 .FF15 7C124000 CALL DWORD PTR DS:[<&msvbvm60.__vbaStrMo>;msvbvm60.__vbaStrMove
0043A1EC .50 PUSH EAX
0043A1ED .FF15 20114000 CALL DWORD PTR DS:[<&msvbvm60.__vbaStrCm>;msvbvm60.__vbaStrCmp
0043A1F3 .8BF8 MOV EDI,EAX ;返回!
0043A1F5 .F7DF NEG EDI
0043A1F7 .8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20] ;组合码
0043A1FA .52 PUSH EDX
0043A1FB .1BFF SBB EDI,EDI
0043A1FD .8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
0043A200 .50 PUSH EAX
0043A201 .F7DF NEG EDI
0043A203 .6A 02 PUSH 2
0043A205 .F7DF NEG EDI
0043A207 .FF15 20124000 CALL DWORD PTR DS:[<&msvbvm60.__vbaFreeS>;msvbvm60.__vbaFreeStrList
0043A20D .83C4 0C ADD ESP,0C
0043A210 .8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
0043A213 .FF15 C0124000 CALL DWORD PTR DS:[<&msvbvm60.__vbaFreeO>;msvbvm60.__vbaFreeObj
0043A219 .66:3BFB CMP DI,BX
0043A21C .B8 04000280 MOV EAX,80020004
0043A221 .BB 0A000000 MOV EBX,0A
0043A226 .BF 08000000 MOV EDI,8
0043A22B .8945 98 MOV DWORD PTR SS:[EBP-68],EAX
0043A22E .895D 90 MOV DWORD PTR SS:[EBP-70],EBX
0043A231 .8945 A8 MOV DWORD PTR SS:[EBP-58],EAX
0043A234 .895D A0 MOV DWORD PTR SS:[EBP-60],EBX
0043A237 .C785 78FFFFFF 58F94000 MOV DWORD PTR SS:[EBP-88],1_.0040F958
0043A241 .89BD 70FFFFFF MOV DWORD PTR SS:[EBP-90],EDI
0043A247 .8D95 70FFFFFF LEA EDX,DWORD PTR SS:[EBP-90]
0043A24D .8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0043A250 .0F84 C6000000 JE 1_.0043A31C ;关键跳转
0043A256 .FF15 58124000 CALL DWORD PTR DS:[<&msvbvm60.__vbaVarDu>;msvbvm60.__vbaVarDup
0043A25C .8D55 80 LEA EDX,DWORD PTR SS:[EBP-80]
0043A25F .8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0043A262 .C745 88 64F94000 MOV DWORD PTR SS:[EBP-78],1_.0040F964
0043A269 .897D 80 MOV DWORD PTR SS:[EBP-80],EDI
0043A26C .FF15 58124000 CALL DWORD PTR DS:[<&msvbvm60.__vbaVarDu>;msvbvm60.__vbaVarDup
0043A272 .8D4D 90 LEA ECX,DWORD PTR SS:[EBP-70]
0043A275 .51 PUSH ECX
0043A276 .8D55 A0 LEA EDX,DWORD PTR SS:[EBP-60]
0043A279 .52 PUSH EDX
0043A27A .8D45 B0 LEA EAX,DWORD PTR SS:[EBP-50]
0043A27D .50 PUSH EAX
0043A27E .6A 00 PUSH 0
0043A280 .8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0043A283 .51 PUSH ECX
0043A284 .FF15 B4104000 CALL DWORD PTR DS:[<&msvbvm60.rtcMsgBox>>;msvbvm60.rtcMsgBox
0043A28A .8D55 90 LEA EDX,DWORD PTR SS:[EBP-70] ;上面的为注册错误提示!
0043A28D .52 PUSH EDX
0043A28E .8D45 A0 LEA EAX,DWORD PTR SS:[EBP-60]
0043A291 .50 PUSH EAX
0043A292 .8D4D B0 LEA ECX,DWORD PTR SS:[EBP-50]
0043A295 .51 PUSH ECX
0043A296 .8D55 C0 LEA EDX,DWORD PTR SS:[EBP-40]
0043A299 .52 PUSH EDX
0043A29A .6A 04 PUSH 4
0043A29C .FF15 3C104000 CALL DWORD PTR DS:[<&msvbvm60.__vbaFreeV>;msvbvm60.__vbaFreeVarList
0043A2A2 .8B3E MOV EDI,DWORD PTR DS:[ESI]
0043A2A4 .8BCB MOV ECX,EBX
0043A2A6 .895D 80 MOV DWORD PTR SS:[EBP-80],EBX
0043A2A9 .83C4 04 ADD ESP,4
0043A2AC .898D 70FFFFFF MOV DWORD PTR SS:[EBP-90],ECX
0043A2B2 .8BDC MOV EBX,ESP
0043A2B4 .890B MOV DWORD PTR DS:[EBX],ECX
0043A2B6 .8B8D 74FFFFFF MOV ECX,DWORD PTR SS:[EBP-8C]
0043A2BC .894B 04 MOV DWORD PTR DS:[EBX+4],ECX
0043A2BF .B8 04000280 MOV EAX,80020004
0043A2C4 .8943 08 MOV DWORD PTR DS:[EBX+8],EAX
0043A2C7 .8BD0 MOV EDX,EAX
0043A2C9 .8985 78FFFFFF MOV DWORD PTR SS:[EBP-88],EAX
0043A2CF .8B85 7CFFFFFF MOV EAX,DWORD PTR SS:[EBP-84]
0043A2D5 .8943 0C MOV DWORD PTR DS:[EBX+C],EAX
0043A2D8 .8B45 80 MOV EAX,DWORD PTR SS:[EBP-80]
0043A2DB .83EC 10 SUB ESP,10
0043A2DE .8BCC MOV ECX,ESP
0043A2E0 .8901 MOV DWORD PTR DS:[ECX],EAX
0043A2E2 .8B45 84 MOV EAX,DWORD PTR SS:[EBP-7C]
0043A2E5 .8941 04 MOV DWORD PTR DS:[ECX+4],EAX
0043A2E8 .8951 08 MOV DWORD PTR DS:[ECX+8],EDX
0043A2EB .8955 88 MOV DWORD PTR SS:[EBP-78],EDX
0043A2EE .8B55 8C MOV EDX,DWORD PTR SS:[EBP-74]
0043A2F1 .56 PUSH ESI
0043A2F2 .8951 0C MOV DWORD PTR DS:[ECX+C],EDX
0043A2F5 .FF97 B0020000 CALL DWORD PTR DS:[EDI+2B0]
0043A2FB .DBE2 FCLEX
0043A2FD .85C0 TEST EAX,EAX
0043A2FF .^ 0F8D 7FFEFFFF JGE 1_.0043A184
0043A305 .68 B0020000 PUSH 2B0
0043A30A .68 5CE54000 PUSH 1_.0040E55C
0043A30F .56 PUSH ESI
0043A310 .50 PUSH EAX
0043A311 .FF15 78104000 CALL DWORD PTR DS:[<&msvbvm60.__vbaHresu>;msvbvm60.__vbaHresultCheckObj
0043A317 .^ E9 68FEFFFF JMP 1_.0043A184
0043A31C >8B1D 58124000 MOV EBX,DWORD PTR DS:[<&msvbvm60.__vbaVa>;msvbvm60.__vbaVarDup
0043A322 .FFD3 CALL EBX ;<&msvbvm60.__vbaVarDup>
0043A324 .8D55 80 LEA EDX,DWORD PTR SS:[EBP-80]
0043A327 .8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0043A32A .C745 88 7CF94000 MOV DWORD PTR SS:[EBP-78],1_.0040F97C
0043A331 .897D 80 MOV DWORD PTR SS:[EBP-80],EDI
0043A334 .FFD3 CALL EBX
0043A336 .8D45 90 LEA EAX,DWORD PTR SS:[EBP-70]
0043A339 .50 PUSH EAX
0043A33A .8D4D A0 LEA ECX,DWORD PTR SS:[EBP-60]
0043A33D .51 PUSH ECX
0043A33E .8D55 B0 LEA EDX,DWORD PTR SS:[EBP-50]
0043A341 .52 PUSH EDX
0043A342 .6A 00 PUSH 0
0043A344 .8D45 C0 LEA EAX,DWORD PTR SS:[EBP-40]
0043A347 .50 PUSH EAX
0043A348 .FF15 B4104000 CALL DWORD PTR DS:[<&msvbvm60.rtcMsgBox>>;(初始 cpu 选择)
0043A34E .8D4D 90 LEA ECX,DWORD PTR SS:[EBP-70]
0043A351 .51 PUSH ECX
0043A352 .8D55 A0 LEA EDX,DWORD PTR SS:[EBP-60]
0043A355 .52 PUSH EDX
0043A356 .8D45 B0 LEA EAX,DWORD PTR SS:[EBP-50]
0043A359 .50 PUSH EAX
0043A35A .8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0043A35D .51 PUSH ECX
0043A35E .6A 04 PUSH 4
0043A360 .FF15 3C104000 CALL DWORD PTR DS:[<&msvbvm60.__vbaFreeV>;msvbvm60.__vbaFreeVarList
0043A366 .83C4 14 ADD ESP,14
0043A369 .BA 94F94000 MOV EDX,1_.0040F994 ;tttt
0043A36E .8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18]
0043A371 .66:C746 34 FFFF MOV WORD PTR DS:[ESI+34],0FFFF
0043A377 .FF15 18124000 CALL DWORD PTR DS:[<&msvbvm60.__vbaStrCo>;msvbvm60.__vbaStrCopy
0043A37D .8B16 MOV EDX,DWORD PTR DS:[ESI]
0043A37F .56 PUSH ESI
0043A380 .FF92 04030000 CALL DWORD PTR DS:[EDX+304]
0043A386 .50 PUSH EAX
0043A387 .8D45 D0 LEA EAX,DWORD PTR SS:[EBP-30]
0043A38A .50 PUSH EAX
0043A38B .FF15 B0104000 CALL DWORD PTR DS:[<&msvbvm60.__vbaObjSe>;msvbvm60.__vbaObjSet
0043A391 .8D55 E4 LEA EDX,DWORD PTR SS:[EBP-1C]
0043A394 .8BF8 MOV EDI,EAX
0043A396 .8B0F MOV ECX,DWORD PTR DS:[EDI]
0043A398 .52 PUSH EDX
0043A399 .57 PUSH EDI
0043A39A .FF91 A0000000 CALL DWORD PTR DS:[ECX+A0]
0043A3A0 .DBE2 FCLEX
0043A3A2 .85C0 TEST EAX,EAX
0043A3A4 .7D 12 JGE SHORT 1_.0043A3B8
0043A3A6 .68 A0000000 PUSH 0A0
0043A3AB .68 5CD24000 PUSH 1_.0040D25C
0043A3B0 .57 PUSH EDI
0043A3B1 .50 PUSH EAX
0043A3B2 .FF15 78104000 CALL DWORD PTR DS:[<&msvbvm60.__vbaHresu>;msvbvm60.__vbaHresultCheckObj
0043A3B8 >8B46 3C MOV EAX,DWORD PTR DS:[ESI+3C]
0043A3BB .8B3D 5C124000 MOV EDI,DWORD PTR DS:[<&msvbvm60.__vbaSt>;msvbvm60.__vbaStrToAnsi
0043A3C1 .8D5E 3C LEA EBX,DWORD PTR DS:[ESI+3C]
0043A3C4 .50 PUSH EAX
0043A3C5 .8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
0043A3C8 .51 PUSH ECX
0043A3C9 .FFD7 CALL EDI ;<&msvbvm60.__vbaStrToAnsi>
0043A3CB .8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C]
0043A3CE .50 PUSH EAX
0043A3CF .52 PUSH EDX
0043A3D0 .8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
0043A3D3 .50 PUSH EAX
0043A3D4 .FFD7 CALL EDI
0043A3D6 .50 PUSH EAX
0043A3D7 .68 0CF74000 PUSH 1_.0040F70C ;reg
0043A3DC .8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
0043A3DF .51 PUSH ECX
0043A3E0 .FFD7 CALL EDI
0043A3E2 .50 PUSH EAX
0043A3E3 .68 DCF64000 PUSH 1_.0040F6DC ;alexdict
0043A3E8 .8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
0043A3EB .52 PUSH EDX
0043A3EC .FFD7 CALL EDI
0043A3EE .50 PUSH EAX
0043A3EF .E8 FC44FDFF CALL 1_.0040E8F0
0043A3F4 .FF15 74104000 CALL DWORD PTR DS:[<&msvbvm60.__vbaSetSy>;msvbvm60.__vbaSetSystemError
0043A3FA .8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C]
0043A3FD .50 PUSH EAX
0043A3FE .53 PUSH EBX
0043A3FF .FF15 98114000 CALL DWORD PTR DS:[<&msvbvm60.__vbaStrTo>;msvbvm60.__vbaStrToUnicode
0043A405 .8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
0043A408 .51 PUSH ECX
0043A409 .8D55 D8 LEA EDX,DWORD PTR SS:[EBP-28]
0043A40C .52 PUSH EDX
0043A40D .8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
0043A410 .50 PUSH EAX
0043A411 .8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
0043A414 .51 PUSH ECX
0043A415 .8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
0043A418 .52 PUSH EDX
0043A419 .6A 05 PUSH 5
0043A41B .FF15 20124000 CALL DWORD PTR DS:[<&msvbvm60.__vbaFreeS>;msvbvm60.__vbaFreeStrList
0043A421 .83C4 18 ADD ESP,18
0043A424 .8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
0043A427 .FF15 C0124000 CALL DWORD PTR DS:[<&msvbvm60.__vbaFreeO>;msvbvm60.__vbaFreeObj
0043A42D .8B06 MOV EAX,DWORD PTR DS:[ESI]
0043A42F .56 PUSH ESI
0043A430 .FF90 00030000 CALL DWORD PTR DS:[EAX+300]
0043A436 .50 PUSH EAX
0043A437 .8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
0043A43A .51 PUSH ECX
0043A43B .FF15 B0104000 CALL DWORD PTR DS:[<&msvbvm60.__vbaObjSe>;msvbvm60.__vbaObjSet
0043A441 .8B10 MOV EDX,DWORD PTR DS:[EAX]
0043A443 .8D4D E4 LEA ECX,DWORD PTR SS:[EBP-1C]
0043A446 .51 PUSH ECX
0043A447 .50 PUSH EAX
0043A448 .8985 48FFFFFF MOV DWORD PTR SS:[EBP-B8],EAX
0043A44E .FF92 A0000000 CALL DWORD PTR DS:[EDX+A0]
0043A454 .DBE2 FCLEX
0043A456 .85C0 TEST EAX,EAX
0043A458 .7D 18 JGE SHORT 1_.0043A472
0043A45A .8B95 48FFFFFF MOV EDX,DWORD PTR SS:[EBP-B8]
0043A460 .68 A0000000 PUSH 0A0
0043A465 .68 5CD24000 PUSH 1_.0040D25C
0043A46A .52 PUSH EDX
0043A46B .50 PUSH EAX
0043A46C .FF15 78104000 CALL DWORD PTR DS:[<&msvbvm60.__vbaHresu>;msvbvm60.__vbaHresultCheckObj
0043A472 >8B03 MOV EAX,DWORD PTR DS:[EBX]
0043A474 .50 PUSH EAX
0043A475 .8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
0043A478 .51 PUSH ECX
0043A479 .FFD7 CALL EDI
0043A47B .8B55 E4 MOV EDX,DWORD PTR SS:[EBP-1C]
0043A47E .50 PUSH EAX
0043A47F .52 PUSH EDX
0043A480 .8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
0043A483 .50 PUSH EAX
0043A484 .FFD7 CALL EDI
0043A486 .50 PUSH EAX
0043A487 .68 F4F64000 PUSH 1_.0040F6F4 ;username
0043A48C .8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
0043A48F .51 PUSH ECX
0043A490 .FFD7 CALL EDI
0043A492 .50 PUSH EAX
0043A493 .68 DCF64000 PUSH 1_.0040F6DC ;alexdict
0043A498 .8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
0043A49B .52 PUSH EDX
0043A49C .FFD7 CALL EDI
0043A49E .50 PUSH EAX
0043A49F .E8 4C44FDFF CALL 1_.0040E8F0
0043A4A4 .FF15 74104000 CALL DWORD PTR DS:[<&msvbvm60.__vbaSetSy>;msvbvm60.__vbaSetSystemError
0043A4AA .8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C]
0043A4AD .50 PUSH EAX
0043A4AE .53 PUSH EBX
0043A4AF .FF15 98114000 CALL DWORD PTR DS:[<&msvbvm60.__vbaStrTo>;msvbvm60.__vbaStrToUnicode
0043A4B5 .8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
0043A4B8 .51 PUSH ECX
0043A4B9 .8D55 D8 LEA EDX,DWORD PTR SS:[EBP-28]
0043A4BC .52 PUSH EDX
0043A4BD .8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
0043A4C0 .50 PUSH EAX
0043A4C1 .8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
0043A4C4 .51 PUSH ECX
0043A4C5 .8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
0043A4C8 .52 PUSH EDX
0043A4C9 .6A 05 PUSH 5
0043A4CB .FF15 20124000 CALL DWORD PTR DS:[<&msvbvm60.__vbaFreeS>;msvbvm60.__vbaFreeStrList
0043A4D1 .83C4 18 ADD ESP,18
0043A4D4 .8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
0043A4D7 .FF15 C0124000 CALL DWORD PTR DS:[<&msvbvm60.__vbaFreeO>;msvbvm60.__vbaFreeObj
0043A4DD .8B06 MOV EAX,DWORD PTR DS:[ESI]
0043A4DF .56 PUSH ESI
0043A4E0 .FF90 18070000 CALL DWORD PTR DS:[EAX+718]
0043A4E6 .^ E9 99FCFFFF JMP 1_.0043A184
0043A4EB >8B0E MOV ECX,DWORD PTR DS:[ESI]
0043A4ED .56 PUSH ESI
0043A4EE .FF91 18070000 CALL DWORD PTR DS:[ECX+718]
0043A4F4 .^ E9 8DFCFFFF JMP 1_.0043A186
0043A4F9 .8D55 D4 LEA EDX,DWORD PTR SS:[EBP-2C]
0043A4FC .52 PUSH EDX
0043A4FD .8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
0043A500 .50 PUSH EAX
0043A501 .8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
0043A504 .51 PUSH ECX
0043A505 .8D55 E0 LEA EDX,DWORD PTR SS:[EBP-20]
0043A508 .52 PUSH EDX
0043A509 .8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
0043A50C .50 PUSH EAX
0043A50D .6A 05 PUSH 5
0043A50F .FF15 20124000 CALL DWORD PTR DS:[<&msvbvm60.__vbaFreeS>;msvbvm60.__vbaFreeStrList
0043A515 .83C4 18 ADD ESP,18
0043A518 .8D4D D0 LEA ECX,DWORD PTR SS:[EBP-30]
0043A51B .FF15 C0124000 CALL DWORD PTR DS:[<&msvbvm60.__vbaFreeO>;msvbvm60.__vbaFreeObj
0043A521 .8D4D 90 LEA ECX,DWORD PTR SS:[EBP-70]
0043A524 .51 PUSH ECX
0043A525 .8D55 A0 LEA EDX,DWORD PTR SS:[EBP-60]
0043A528 .52 PUSH EDX
0043A529 .8D45 B0 LEA EAX,DWORD PTR SS:[EBP-50]
0043A52C .50 PUSH EAX
0043A52D .8D4D C0 LEA ECX,DWORD PTR SS:[EBP-40]
0043A530 .51 PUSH ECX
0043A531 .6A 04 PUSH 4
0043A533 .FF15 3C104000 CALL DWORD PTR DS:[<&msvbvm60.__vbaFreeV>;msvbvm60.__vbaFreeVarList
0043A539 .83C4 14 ADD ESP,14
0043A53C .C3 RETN
0043A53D >8D4D E8 LEA ECX,DWORD PTR SS:[EBP-18]
0043A540 .FF15 C4124000 CALL DWORD PTR DS:[<&msvbvm60.__vbaFreeS>;msvbvm60.__vbaFreeStr
0043A546 .C3 RETN
0043A547 .8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
0043A54A .8B10 MOV EDX,DWORD PTR DS:[EAX]
0043A54C .50 PUSH EAX
0043A54D .FF52 08 CALL DWORD PTR DS:[EDX+8]
0043A550 .8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
0043A553 .8B4D EC MOV ECX,DWORD PTR SS:[EBP-14]
0043A556 .5F POP EDI
0043A557 .5E POP ESI
0043A558 .64:890D 00000000 MOV DWORD PTR FS:,ECX
0043A55F .5B POP EBX
0043A560 .8BE5 MOV ESP,EBP
0043A562 .5D
真服了风球兄弟!猫将修改好的文件压解成一个自解压包啦,算是对风球兄的支持!
[ 本帖最后由 野猫III 于 2006-5-13 19:16 编辑 ]
原帖由 野猫III 于 2006-5-13 18:58 发表
真服了风球兄弟!猫将修改好的文件压解成一个自解压包啦,算是对风球兄的支持!
感谢猫,辛苦了```呵```我这个没技术含量的
其实也可以把写好注册信息的config.ini把打包进去的,避免名码框的空白,当然这个也可自己修改
原帖由 风球 于 2006-5-13 20:01 发表
感谢猫,辛苦了```呵```我这个没技术含量的
其实也可以把写好注册信息的config.ini把打包进去的,避免名码框的空白,当然这个也可自己修改
还是算了吧。机器码不同,不知道会不会再次发生错误。
原帖由 野猫III 于 2006-5-13 20:24 发表
还是算了吧。机器码不同,不知道会不会再次发生错误。
嗯```这个无所谓了```可能没影响吧,比较前软件会再次自动把C盘卷标(机器码)写进去的
谢谢风兄和猫兄的帮助~!~
我按照风兄的办法学习操作一次,学习中~!~!~
再次谢谢大家啊~!~
谢谢分享,学习中~~~
如果用断点。。。怎么断啊。。。不查固定码。。。。。???
嗯,正在操练的一个软件也是类似,感谢了学ING。。。
:victory: :victory:
学习了~!