第一次分析大家见笑了,一个医院管理系统,
名称:一个医院管理系统语言:vb
是否加完:未加壳
下载地址:http://a2006.ys168.com 个人空间(常用软件)
在论坛也一段时间了,也发个软件给大家,不要见笑哦。
软件看了半天,只找到了爆破点,和做了个内存注册送给大家。
想研究程序的算法,搞了一夜,实在是没办法了,才来论坛求助大家,帮帮看看算法。
累啊, 文章发布于凌晨5:30 又备斗了一夜。该休息了。/:010
00703DD5 .89B5 68FFFFFF mov dword ptr ss:,esi
00703DDB .FF92 18030000 call dword ptr ds:
00703DE1 .50 push eax
00703DE2 .8D45 CC lea eax,dword ptr ss:
00703DE5 .50 push eax
00703DE6 .FF15 C4104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaObjSet
00703DEC .8BF8 mov edi,eax
00703DEE .8D55 C8 lea edx,dword ptr ss:
00703DF1 .52 push edx
00703DF2 .6A 01 push 1
00703DF4 .8B0F mov ecx,dword ptr ds:
00703DF6 .57 push edi
00703DF7 .FF51 40 call dword ptr ds:
00703DFA .3BC6 cmp eax,esi
00703DFC .DBE2 fclex
00703DFE .7D 0F jge short yygl.00703E0F
00703E00 .6A 40 push 40
00703E02 .68 48774600 push yygl.00467748
00703E07 .57 push edi
00703E08 .50 push eax
00703E09 .FF15 84104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaHresultCheckObj
00703E0F >8B45 C8 mov eax,dword ptr ss:
00703E12 .8D55 E4 lea edx,dword ptr ss:
00703E15 .52 push edx
00703E16 .50 push eax
00703E17 .8B08 mov ecx,dword ptr ds:
00703E19 .8BF8 mov edi,eax
00703E1B .FF91 A0000000 call dword ptr ds:
00703E21 .3BC6 cmp eax,esi
00703E23 .DBE2 fclex
00703E25 .7D 12 jge short yygl.00703E39
00703E27 .68 A0000000 push 0A0
00703E2C .68 28434600 push yygl.00464328
00703E31 .57 push edi
00703E32 .50 push eax
00703E33 .FF15 84104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaHresultCheckObj
00703E39 >8B55 E4 mov edx,dword ptr ss:
00703E3C .8B3D 24134000 mov edi,dword ptr ds:[<&MSVBVM60.>;MSVBVM60.__vbaStrMove
00703E42 .B9 B400AD00 mov ecx,yygl.00AD00B4
00703E47 .8975 E4 mov dword ptr ss:,esi
00703E4A .FFD7 call edi ;<&MSVBVM60.__vbaStrMove>
00703E4C .8D45 C8 lea eax,dword ptr ss:
00703E4F .8D4D CC lea ecx,dword ptr ss:
00703E52 .50 push eax
00703E53 .51 push ecx
00703E54 .6A 02 push 2
00703E56 .FF15 48104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaFreeObjList
00703E5C .83C4 0C add esp,0C
00703E5F .E8 7C120000 call yygl.007050E0
00703E64 .8BD0 mov edx,eax
00703E66 .8D4D D8 lea ecx,dword ptr ss:
00703E69 .FFD7 call edi ;<&MSVBVM60.__vbaStrMove>
00703E6B .8B55 D8 mov edx,dword ptr ss:
00703E6E .8D4D E4 lea ecx,dword ptr ss:
00703E71 .8975 D8 mov dword ptr ss:,esi
00703E74 .FFD7 call edi ;<&MSVBVM60.__vbaStrMove>
00703E76 .8B13 mov edx,dword ptr ds:
00703E78 .53 push ebx
00703E79 .FF92 18030000 call dword ptr ds:
00703E7F .50 push eax
00703E80 .8D45 CC lea eax,dword ptr ss:
00703E83 .50 push eax
00703E84 .FF15 C4104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaObjSet
00703E8A .8B08 mov ecx,dword ptr ds:
00703E8C .8D55 C8 lea edx,dword ptr ss:
00703E8F .52 push edx
00703E90 .56 push esi
00703E91 .50 push eax
00703E92 .8985 44FFFFFF mov dword ptr ss:,eax
00703E98 .FF51 40 call dword ptr ds:
00703E9B .3BC6 cmp eax,esi
00703E9D .DBE2 fclex
00703E9F .7D 15 jge short yygl.00703EB6
00703EA1 .8B8D 44FFFFFF mov ecx,dword ptr ss:
00703EA7 .6A 40 push 40
00703EA9 .68 48774600 push yygl.00467748
00703EAE .51 push ecx
00703EAF .50 push eax
00703EB0 .FF15 84104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaHresultCheckObj
00703EB6 >8B45 C8 mov eax,dword ptr ss:
00703EB9 .8D4D E0 lea ecx,dword ptr ss:
00703EBC .51 push ecx
00703EBD .50 push eax
00703EBE .8B10 mov edx,dword ptr ds:
00703EC0 .8985 3CFFFFFF mov dword ptr ss:,eax
00703EC6 .FF92 A0000000 call dword ptr ds:
00703ECC .3BC6 cmp eax,esi
00703ECE .DBE2 fclex
00703ED0 .7D 18 jge short yygl.00703EEA
00703ED2 .8B95 3CFFFFFF mov edx,dword ptr ss:
00703ED8 .68 A0000000 push 0A0
00703EDD .68 28434600 push yygl.00464328
00703EE2 .52 push edx
00703EE3 .50 push eax
00703EE4 .FF15 84104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaHresultCheckObj
00703EEA >8D45 E4 lea eax,dword ptr ss:
00703EED .68 B400AD00 push yygl.00AD00B4
00703EF2 .50 push eax
00703EF3 .E8 58140000 call yygl.00705350
00703EF8 .8BD0 mov edx,eax ;出现正注册码
00703EFA .8D4D DC lea ecx,dword ptr ss:
00703EFD .FFD7 call edi
00703EFF .8B4D E0 mov ecx,dword ptr ss: ;输入的假注册码
00703F02 .50 push eax ;真注册码
00703F03 .51 push ecx ;假注册码
00703F04 .FF15 50114000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaStrCmp
00703F0A .8BF0 mov esi,eax
00703F0C .8D55 D8 lea edx,dword ptr ss: ;真注册码
00703F0F .F7DE neg esi
00703F11 .8D45 E0 lea eax,dword ptr ss:
00703F14 .52 push edx
00703F15 .8D4D DC lea ecx,dword ptr ss:
00703F18 .50 push eax
00703F19 .1BF6 sbb esi,esi
00703F1B .8D55 E4 lea edx,dword ptr ss:
00703F1E .51 push ecx
00703F1F .46 inc esi
00703F20 .52 push edx
00703F21 .6A 04 push 4
00703F23 .F7DE neg esi
00703F25 .FF15 9C124000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaFreeStrList
00703F2B .8D45 C8 lea eax,dword ptr ss:
00703F2E .8D4D CC lea ecx,dword ptr ss:
00703F31 .50 push eax
00703F32 .51 push ecx
00703F33 .6A 02 push 2
00703F35 .FF15 48104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaFreeObjList
00703F3B .83C4 20 add esp,20
00703F3E .B9 04000280 mov ecx,80020004
00703F43 .B8 0A000000 mov eax,0A
00703F48 .894D 90 mov dword ptr ss:,ecx
00703F4B .66:85F6 test si,si
00703F4E .8945 88 mov dword ptr ss:,eax
00703F51 .894D A0 mov dword ptr ss:,ecx
00703F54 .8945 98 mov dword ptr ss:,eax
00703F57 .0F84 D2030000 je yygl.0070432F 程序爆破点
00703F5D .8B35 DC124000 mov esi,dword ptr ds:[<&MSVBVM60.>;MSVBVM60.__vbaVarDup
00703F63 .8D95 68FFFFFF lea edx,dword ptr ss:
00703F69 .8D4D A8 lea ecx,dword ptr ss:
00703F6C .C785 70FFFFFF 50EC>mov dword ptr ss:,yygl.00>
00703F76 .C785 68FFFFFF 0800>mov dword ptr ss:,8
00703F80 .FFD6 call esi ;<&MSVBVM60.__vbaVarDup>
00703F82 .8D95 78FFFFFF lea edx,dword ptr ss:
00703F88 .8D4D B8 lea ecx,dword ptr ss:
00703F8B .C745 80 30EC4600 mov dword ptr ss:,yygl.00>
00703F92 .C785 78FFFFFF 0800>mov dword ptr ss:,8
00703F9C .FFD6 call esi ;<&MSVBVM60.__vbaVarDup>
00703F9E .8D55 88 lea edx,dword ptr ss:
00703FA1 .8D45 98 lea eax,dword ptr ss:
00703FA4 .52 push edx
00703FA5 .8D4D A8 lea ecx,dword ptr ss:
00703FA8 .50 push eax
00703FA9 .51 push ecx
00703FAA .8D55 B8 lea edx,dword ptr ss:
00703FAD .6A 00 push 0
00703FAF .52 push edx
00703FB0 .FF15 C8104000 call dword ptr ds:[<&MSVBVM60.#59>;MSVBVM60.rtcMsgBox
00703FB6 .8D45 88 lea eax,dword ptr ss:
00703FB9 .8D4D 98 lea ecx,dword ptr ss:
00703FBC .50 push eax
00703FBD .8D55 A8 lea edx,dword ptr ss:
00703FC0 .51 push ecx
00703FC1 .8D45 B8 lea eax,dword ptr ss:
00703FC4 .52 push edx
00703FC5 .50 push eax
00703FC6 .6A 04 push 4
00703FC8 .FF15 3C104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaFreeVarList
00703FCE .8B0B mov ecx,dword ptr ds:
00703FD0 .83C4 14 add esp,14
00703FD3 .53 push ebx
00703FD4 .FF91 18030000 call dword ptr ds:
00703FDA .8D55 CC lea edx,dword ptr ss:
00703FDD .50 push eax
00703FDE .52 push edx
00703FDF .FF15 C4104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaObjSet
00703FE5 .8BF0 mov esi,eax
00703FE7 .8D4D C8 lea ecx,dword ptr ss:
00703FEA .51 push ecx
00703FEB .6A 00 push 0
00703FED .8B06 mov eax,dword ptr ds:
00703FEF .56 push esi
00703FF0 .FF50 40 call dword ptr ds:
00703FF3 .85C0 test eax,eax
00703FF5 .DBE2 fclex
00703FF7 .7D 0F jge short yygl.00704008
00703FF9 .6A 40 push 40
00703FFB .68 48774600 push yygl.00467748
00704000 .56 push esi
00704001 .50 push eax
00704002 .FF15 84104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaHresultCheckObj
00704008 >8B45 C8 mov eax,dword ptr ss:
0070400B .8D4D D8 lea ecx,dword ptr ss:
0070400E .51 push ecx
0070400F .50 push eax
00704010 .8B10 mov edx,dword ptr ds:
00704012 .8BF0 mov esi,eax
00704014 .FF92 A0000000 call dword ptr ds:
0070401A .85C0 test eax,eax
0070401C .DBE2 fclex
0070401E .7D 12 jge short yygl.00704032
00704020 .68 A0000000 push 0A0
00704025 .68 28434600 push yygl.00464328
0070402A .56 push esi
0070402B .50 push eax
0070402C .FF15 84104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaHresultCheckObj
00704032 >8B55 D8 mov edx,dword ptr ss:
00704035 .8D4D D4 lea ecx,dword ptr ss:
00704038 .C745 D8 00000000 mov dword ptr ss:,0
0070403F .FFD7 call edi
00704041 .8B35 90124000 mov esi,dword ptr ds:[<&MSVBVM60.>;MSVBVM60.__vbaStrCopy
00704047 .BA F8B24600 mov edx,yygl.0046B2F8 ;UNICODE "SnOK" 这里是注册成功
0070404C .8D4D DC lea ecx,dword ptr ss:
0070404F .FFD6 call esi ;<&MSVBVM60.__vbaStrCopy>
00704051 .BA E8B24600 mov edx,yygl.0046B2E8 ;UNICODE "TgeSn"
00704056 .8D4D E0 lea ecx,dword ptr ss:
00704059 .FFD6 call esi ;<&MSVBVM60.__vbaStrCopy>
0070405B .8B15 3004AD00 mov edx,dword ptr ds:
00704061 .52 push edx
00704062 .68 FC484600 push yygl.004648FC ;UNICODE "\pcsf.ini" 这里是注册码写入配置文件
00704067 .FF15 64104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaStrCat
0070406D .8BD0 mov edx,eax
0070406F .8D4D E4 lea ecx,dword ptr ss:
00704072 .FFD7 call edi
00704074 .8D45 D4 lea eax,dword ptr ss:
00704077 .8D4D DC lea ecx,dword ptr ss:
0070407A .50 push eax
0070407B .8D55 E0 lea edx,dword ptr ss:
0070407E .51 push ecx
0070407F .8D45 E4 lea eax,dword ptr ss:
00704082 .52 push edx
00704083 .50 push eax
00704084 .E8 F7F6FFFF call yygl.00703780
00704089 .8BD0 mov edx,eax
0070408B .8D4D D0 lea ecx,dword ptr ss:
0070408E .FFD7 call edi
00704090 .8D4D D0 lea ecx,dword ptr ss:
00704093 .8D55 D4 lea edx,dword ptr ss:
00704096 .51 push ecx
00704097 .8D45 DC lea eax,dword ptr ss:
0070409A .52 push edx
0070409B .8D4D E0 lea ecx,dword ptr ss:
0070409E .50 push eax
0070409F .8D55 E4 lea edx,dword ptr ss:
007040A2 .51 push ecx
007040A3 .52 push edx
007040A4 .6A 05 push 5
007040A6 .FF15 9C124000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaFreeStrList
007040AC .8D45 C8 lea eax,dword ptr ss:
007040AF .8D4D CC lea ecx,dword ptr ss:
007040B2 .50 push eax
007040B3 .51 push ecx
007040B4 .6A 02 push 2
007040B6 .FF15 48104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaFreeObjList
007040BC .A1 8436AD00 mov eax,dword ptr ds:
007040C1 .83C4 24 add esp,24
007040C4 .85C0 test eax,eax
007040C6 .66:C705 5804AD00 F>mov word ptr ds:,0FFFF
007040CF .75 10 jnz short yygl.007040E1
007040D1 .68 8436AD00 push yygl.00AD3684
007040D6 .68 E4444600 push yygl.004644E4
007040DB .FF15 78124000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaNew2
007040E1 >8B3D 8436AD00 mov edi,dword ptr ds:
007040E7 .8D45 CC lea eax,dword ptr ss:
007040EA .53 push ebx
007040EB .50 push eax
007040EC .8B17 mov edx,dword ptr ds:
007040EE .8995 1CFFFFFF mov dword ptr ss:,edx
007040F4 .FF15 D8104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaObjSetAddref
007040FA .8B8D 1CFFFFFF mov ecx,dword ptr ss:
00704100 .50 push eax
00704101 .57 push edi
00704102 .FF51 10 call dword ptr ds:
00704105 .85C0 test eax,eax
00704107 .DBE2 fclex
00704109 .7D 0F jge short yygl.0070411A
0070410B .6A 10 push 10
0070410D .68 D4444600 push yygl.004644D4
00704112 .57 push edi
00704113 .50 push eax
00704114 .FF15 84104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaHresultCheckObj
0070411A >8D4D CC lea ecx,dword ptr ss:
0070411D .FF15 70134000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaFreeObj
00704123 .BA 10B24600 mov edx,yygl.0046B210 ;UNICODE "SELECT * FROM Sysset"
00704128 .B9 2C04AD00 mov ecx,yygl.00AD042C
0070412D .FFD6 call esi
0070412F .68 44544600 push yygl.00465444
00704134 .FF15 C4114000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaNew
0070413A .8D55 E8 lea edx,dword ptr ss:
0070413D .50 push eax
0070413E .52 push edx
0070413F .FF15 C4104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaObjSet
00704145 .A1 CC03AD00 mov eax,dword ptr ds:
0070414A .85C0 test eax,eax
0070414C .75 10 jnz short yygl.0070415E
0070414E .68 CC03AD00 push yygl.00AD03CC
00704153 .68 B0414600 push yygl.004641B0
00704158 .FF15 78124000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaNew2
0070415E >6A FF push -1
00704160 .6A 02 push 2
00704162 .6A 03 push 3
00704164 .A1 CC03AD00 mov eax,dword ptr ds:
00704169 .83EC 10 sub esp,10
0070416C .B9 09000000 mov ecx,9
00704171 .8BDC mov ebx,esp
00704173 .898D 68FFFFFF mov dword ptr ss:,ecx
00704179 .83EC 10 sub esp,10
0070417C .8985 70FFFFFF mov dword ptr ss:,eax
00704182 .890B mov dword ptr ds:,ecx
00704184 .8B8D 6CFFFFFF mov ecx,dword ptr ss:
0070418A .8B15 2C04AD00 mov edx,dword ptr ds:
00704190 .8B75 E8 mov esi,dword ptr ss:
00704193 .894B 04 mov dword ptr ds:,ecx
00704196 .8BCC mov ecx,esp
00704198 .BF 08000000 mov edi,8
0070419D .8955 80 mov dword ptr ss:,edx
007041A0 .8943 08 mov dword ptr ds:,eax
007041A3 .8B85 74FFFFFF mov eax,dword ptr ss:
007041A9 .89BD 78FFFFFF mov dword ptr ss:,edi
007041AF .8B36 mov esi,dword ptr ds:
007041B1 .8943 0C mov dword ptr ds:,eax
007041B4 .8B85 7CFFFFFF mov eax,dword ptr ss:
007041BA .8939 mov dword ptr ds:,edi
007041BC .8941 04 mov dword ptr ds:,eax
007041BF .8B45 E8 mov eax,dword ptr ss:
007041C2 .50 push eax
007041C3 .8951 08 mov dword ptr ds:,edx
007041C6 .8B55 84 mov edx,dword ptr ss:
007041C9 .8951 0C mov dword ptr ds:,edx
007041CC .FF96 A0000000 call dword ptr ds:
007041D2 .85C0 test eax,eax
007041D4 .DBE2 fclex
007041D6 .7D 15 jge short yygl.007041ED
007041D8 .8B4D E8 mov ecx,dword ptr ss:
007041DB .68 A0000000 push 0A0
007041E0 .68 E0414600 push yygl.004641E0
007041E5 .51 push ecx
007041E6 .50 push eax
007041E7 .FF15 84104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaHresultCheckObj
007041ED >8B45 E8 mov eax,dword ptr ss:
007041F0 .8D4D CC lea ecx,dword ptr ss:
007041F3 .51 push ecx
007041F4 .50 push eax
007041F5 .8B10 mov edx,dword ptr ds:
007041F7 .FF52 54 call dword ptr ds:
007041FA .85C0 test eax,eax
007041FC .DBE2 fclex
007041FE .7D 12 jge short yygl.00704212
00704200 .8B55 E8 mov edx,dword ptr ss:
00704203 .6A 54 push 54
00704205 .68 E0414600 push yygl.004641E0
0070420A .52 push edx
0070420B .50 push eax
0070420C .FF15 84104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaHresultCheckObj
00704212 >8D5D C8 lea ebx,dword ptr ss:
00704215 .8B45 CC mov eax,dword ptr ss:
00704218 .53 push ebx
00704219 .BA 08000000 mov edx,8
0070421E .83EC 10 sub esp,10
00704221 .8995 78FFFFFF mov dword ptr ss:,edx
00704227 .8BDC mov ebx,esp
00704229 .B9 44B24600 mov ecx,yygl.0046B244 ;UNICODE "name"
0070422E .894D 80 mov dword ptr ss:,ecx
00704231 .8B38 mov edi,dword ptr ds:
00704233 .8913 mov dword ptr ds:,edx
00704235 .8B95 7CFFFFFF mov edx,dword ptr ss:
0070423B .50 push eax
0070423C .8BF0 mov esi,eax
0070423E .8953 04 mov dword ptr ds:,edx
00704241 .894B 08 mov dword ptr ds:,ecx
00704244 .8B4D 84 mov ecx,dword ptr ss:
00704247 .894B 0C mov dword ptr ds:,ecx
0070424A .FF57 28 call dword ptr ds:
0070424D .85C0 test eax,eax
0070424F .DBE2 fclex
00704251 .7D 13 jge short yygl.00704266
00704253 .6A 28 push 28
00704255 .68 00424600 push yygl.00464200
0070425A .56 push esi
0070425B .8B35 84104000 mov esi,dword ptr ds:[<&MSVBVM60.>;MSVBVM60.__vbaHresultCheckObj
00704261 .50 push eax
00704262 .FFD6 call esi ;<&MSVBVM60.__vbaHresultCheckObj>
00704264 .EB 06 jmp short yygl.0070426C
00704266 >8B35 84104000 mov esi,dword ptr ds:[<&MSVBVM60.>;MSVBVM60.__vbaHresultCheckObj
0070426C >8B7D C8 mov edi,dword ptr ss:
0070426F .68 B400AD00 push yygl.00AD00B4
00704274 .E8 471DF9FF call yygl.00695FC0
00704279 .83EC 10 sub esp,10
0070427C .B9 08000000 mov ecx,8
00704281 .8BDC mov ebx,esp
00704283 .894D B8 mov dword ptr ss:,ecx
00704286 .8945 C0 mov dword ptr ss:,eax
00704289 .8B17 mov edx,dword ptr ds:
0070428B .890B mov dword ptr ds:,ecx
0070428D .8B4D BC mov ecx,dword ptr ss:
00704290 .57 push edi
00704291 .894B 04 mov dword ptr ds:,ecx
00704294 .8943 08 mov dword ptr ds:,eax
00704297 .8B45 C4 mov eax,dword ptr ss:
0070429A .8943 0C mov dword ptr ds:,eax
0070429D .FF52 38 call dword ptr ds:
007042A0 .85C0 test eax,eax
007042A2 .DBE2 fclex
007042A4 .7D 0B jge short yygl.007042B1
007042A6 .6A 38 push 38
007042A8 .68 10424600 push yygl.00464210
007042AD .57 push edi
007042AE .50 push eax
007042AF .FFD6 call esi
007042B1 >8D4D C8 lea ecx,dword ptr ss:
007042B4 .8D55 CC lea edx,dword ptr ss:
007042B7 .51 push ecx
007042B8 .52 push edx
007042B9 .6A 02 push 2
007042BB .FF15 48104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaFreeObjList
007042C1 .83C4 0C add esp,0C
007042C4 .8D4D B8 lea ecx,dword ptr ss:
007042C7 .FF15 20104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaFreeVar
007042CD .8B45 E8 mov eax,dword ptr ss:
007042D0 .6A 03 push 3
007042D2 .50 push eax
007042D3 .8B08 mov ecx,dword ptr ds:
007042D5 .FF91 E4000000 call dword ptr ds:
007042DB .85C0 test eax,eax
007042DD .DBE2 fclex
007042DF .7D 11 jge short yygl.007042F2
007042E1 .8B55 E8 mov edx,dword ptr ss:
007042E4 .68 E4000000 push 0E4
007042E9 .68 E0414600 push yygl.004641E0
007042EE .52 push edx
007042EF .50 push eax
007042F0 .FFD6 call esi
007042F2 >8B45 E8 mov eax,dword ptr ss:
007042F5 .50 push eax
007042F6 .8B08 mov ecx,dword ptr ds:
007042F8 .FF91 80000000 call dword ptr ds:
007042FE .85C0 test eax,eax
00704300 .DBE2 fclex
00704302 .7D 11 jge short yygl.00704315
00704304 .8B55 E8 mov edx,dword ptr ss:
00704307 .68 80000000 push 80
0070430C .68 E0414600 push yygl.004641E0
00704311 .52 push edx
00704312 .50 push eax
00704313 .FFD6 call esi
00704315 >68 D0414600 push yygl.004641D0
0070431A .6A 00 push 0
0070431C .FF15 28134000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaCastObj
00704322 .50 push eax
00704323 .8D45 E8 lea eax,dword ptr ss:
00704326 .50 push eax
00704327 .FF15 C4104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaObjSet
0070432D .EB 71 jmp short yygl.007043A0
0070432F >8B35 DC124000 mov esi,dword ptr ds:[<&MSVBVM60.>;MSVBVM60.__vbaVarDup
00704335 .BF 08000000 mov edi,8
0070433A .8D95 68FFFFFF lea edx,dword ptr ss:
00704340 .8D4D A8 lea ecx,dword ptr ss:
00704343 .C785 70FFFFFF D07D>mov dword ptr ss:,yygl.00>
0070434D .89BD 68FFFFFF mov dword ptr ss:,edi
00704353 .FFD6 call esi ;<&MSVBVM60.__vbaVarDup>
00704355 .8D95 78FFFFFF lea edx,dword ptr ss:
0070435B .8D4D B8 lea ecx,dword ptr ss:
0070435E .C745 80 5CEC4600 mov dword ptr ss:,yygl.00>
00704365 .89BD 78FFFFFF mov dword ptr ss:,edi
0070436B .FFD6 call esi ;<&MSVBVM60.__vbaVarDup>
0070436D .8D4D 88 lea ecx,dword ptr ss:
00704370 .8D55 98 lea edx,dword ptr ss:
00704373 .51 push ecx
00704374 .8D45 A8 lea eax,dword ptr ss:
00704377 .52 push edx
00704378 .50 push eax
00704379 .8D4D B8 lea ecx,dword ptr ss:
0070437C .6A 10 push 10
0070437E .51 push ecx
0070437F .FF15 C8104000 call dword ptr ds:[<&MSVBVM60.#59>;MSVBVM60.rtcMsgBox
00704385 .8D55 88 lea edx,dword ptr ss:
00704388 .8D45 98 lea eax,dword ptr ss:
0070438B .52 push edx
0070438C .8D4D A8 lea ecx,dword ptr ss:
0070438F .50 push eax
00704390 .8D55 B8 lea edx,dword ptr ss:
00704393 .51 push ecx
00704394 .52 push edx
00704395 .6A 04 push 4
00704397 .FF15 3C104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaFreeVarList
0070439D .83C4 14 add esp,14
007043A0 >C745 FC 00000000 mov dword ptr ss:,0
007043A7 .68 04447000 push yygl.00704404
007043AC .EB 4C jmp short yygl.007043FA
007043AE .8D45 D0 lea eax,dword ptr ss:
007043B1 .8D4D D4 lea ecx,dword ptr ss:
007043B4 .50 push eax
007043B5 .8D55 D8 lea edx,dword ptr ss:
007043B8 .51 push ecx
007043B9 .8D45 DC lea eax,dword ptr ss:
007043BC .52 push edx
007043BD .8D4D E0 lea ecx,dword ptr ss:
007043C0 .50 push eax
007043C1 .8D55 E4 lea edx,dword ptr ss:
007043C4 .51 push ecx
007043C5 .52 push edx
007043C6 .6A 06 push 6
007043C8 .FF15 9C124000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaFreeStrList
007043CE .8D45 C8 lea eax,dword ptr ss:
007043D1 .8D4D CC lea ecx,dword ptr ss:
007043D4 .50 push eax
007043D5 .51 push ecx
007043D6 .6A 02 push 2
007043D8 .FF15 48104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaFreeObjList
007043DE .8D55 88 lea edx,dword ptr ss:
007043E1 .8D45 98 lea eax,dword ptr ss:
007043E4 .52 push edx
007043E5 .8D4D A8 lea ecx,dword ptr ss:
007043E8 .50 push eax
007043E9 .8D55 B8 lea edx,dword ptr ss:
007043EC .51 push ecx
007043ED .52 push edx
007043EE .6A 04 push 4
007043F0 .FF15 3C104000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaFreeVarList
007043F6 .83C4 3C add esp,3C
007043F9 .C3 retn
007043FA >8D4D E8 lea ecx,dword ptr ss:
007043FD .FF15 70134000 call dword ptr ds:[<&MSVBVM60.__v>;MSVBVM60.__vbaFreeObj
00704403 .C3 retn
00704404 .8B45 08 mov eax,dword ptr ss:
00704407 .50 push eax
00704408 .8B08 mov ecx,dword ptr ds:
0070440A .FF51 08 call dword ptr ds:
0070440D .8B45 FC mov eax,dword ptr ss:
00704410 .8B4D EC mov ecx,dword ptr ss:
00704413 .5F pop edi
00704414 .5E pop esi
00704415 .64:890D 00000000 mov dword ptr fs:,ecx
0070441C .5B pop ebx
0070441D .8BE5 mov esp,ebp
0070441F .5D pop ebp
00704420 .C2 0400 retn 4
00704423 90 nop 这么复杂啊!唉!汇编当时学的不咋样!感谢!学些了! 晕,空间还加着密码呢:funk: 也曾经破解过十来个医疗方面的软件,也想看看你分析这个软件有没有弄过,可惜设置了密码,下载不了。 可惜设置了密码,下载不了。 /:013 VB就是看起累啊。。。学习了楼主的文章!!~/:001 学习了,谢谢楼主分享 需要密码哦,,楼主不如直接给出此软件名称啊
页:
[1]