汇编开发工具emu8086追码详细教程
【文章标题】: 汇编开发工具emu8086追码详细教程【作 者】: 冰河之刃
【邮 箱】: [email protected]
【主 页】: http://user.qzone.qq.com/290113866
【QQ 号】: 290113866
【软件名称】: emu8086
【大 小】: 2.12 MB
【下载地址】: 自己搜索下载
【加壳方式】: 无壳
【保护方式】: 无
【编写语言】: Microsoft Visual Basic 5.0 / 6.0
【工 具】: peid,od,大脑和双手
【操作平台】: Windows xp3
【软件介绍】: 汇编开发工具,汇编初学者的好帮手。
【作者声明】: 相互交流,共同进步!
------------------------------------------------------------------------------
先简单介绍一下这一款软件的注册原理:
这个软件在注册时,会同时在注册表中和自己的根目录中写下注册信息。
在启动时候会先判断注册表,然后判断根目录下的reg.ini文件看哪一个是成功的。
只要有一个是成功的就不再继续判断了,也就是只要有一处是成功的,软件就算是注册成功版了。
下面开始了:
-------------------------------------注册流程----------------------------------
005D4B01 .83BD 08FFFFFF 00 cmp dword ptr ss:,0 ;就先断在此处,开始往下调
005D4B08 .7D 26 jge short emu8086.005D4B30
005D4B0A .68 A0000000 push 0A0
005D4B0F .68 B8454400 push emu8086.004445B8
005D4B14 .8B85 0CFFFFFF mov eax,dword ptr ss:
005D4B1A .50 push eax
005D4B1B .8B8D 08FFFFFF mov ecx,dword ptr ss:
005D4B21 .51 push ecx
005D4B22 .FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>;MSVBVM60.__vbaHresultCheckObj
005D4B28 .8985 70FEFFFF mov dword ptr ss:,eax
005D4B2E .EB 0A jmp short emu8086.005D4B3A
005D4B30 >C785 70FEFFFF 00000000 mov dword ptr ss:,0
005D4B3A >8B55 08 mov edx,dword ptr ss:
005D4B3D .8B02 mov eax,dword ptr ds:
005D4B3F .8B4D 08 mov ecx,dword ptr ss:
005D4B42 .51 push ecx
005D4B43 .FF90 FC020000 call dword ptr ds:
005D4B49 .50 push eax
005D4B4A .8D55 C4 lea edx,dword ptr ss:
005D4B4D .52 push edx
005D4B4E .FF15 FC104000 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ;MSVBVM60.__vbaObjSet
005D4B54 .8985 04FFFFFF mov dword ptr ss:,eax
005D4B5A .8D45 D4 lea eax,dword ptr ss:
005D4B5D .50 push eax
005D4B5E .8B8D 04FFFFFF mov ecx,dword ptr ss:
005D4B64 .8B11 mov edx,dword ptr ds:
005D4B66 .8B85 04FFFFFF mov eax,dword ptr ss:
005D4B6C .50 push eax
005D4B6D .FF92 A0000000 call dword ptr ds:
005D4B73 .DBE2 fclex
005D4B75 .8985 00FFFFFF mov dword ptr ss:,eax
005D4B7B .83BD 00FFFFFF 00 cmp dword ptr ss:,0
005D4B82 .7D 26 jge short emu8086.005D4BAA
005D4B84 .68 A0000000 push 0A0
005D4B89 .68 B8454400 push emu8086.004445B8
005D4B8E .8B8D 04FFFFFF mov ecx,dword ptr ss:
005D4B94 .51 push ecx
005D4B95 .8B95 00FFFFFF mov edx,dword ptr ss:
005D4B9B .52 push edx
005D4B9C .FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>;MSVBVM60.__vbaHresultCheckObj
005D4BA2 .8985 6CFEFFFF mov dword ptr ss:,eax
005D4BA8 .EB 0A jmp short emu8086.005D4BB4
005D4BAA >C785 6CFEFFFF 00000000 mov dword ptr ss:,0
005D4BB4 >8B45 D4 mov eax,dword ptr ss:
005D4BB7 .8985 C0FEFFFF mov dword ptr ss:,eax ;运行至此,寄存器中已出现输入的假码
005D4BBD .C745 D4 00000000 mov dword ptr ss:,0
005D4BC4 .8B95 C0FEFFFF mov edx,dword ptr ss:
005D4BCA .8D4D CC lea ecx,dword ptr ss:
005D4BCD .FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
005D4BD3 .8B4D D8 mov ecx,dword ptr ss:
005D4BD6 .898D BCFEFFFF mov dword ptr ss:,ecx
005D4BDC .C745 D8 00000000 mov dword ptr ss:,0
005D4BE3 .8B95 BCFEFFFF mov edx,dword ptr ss:
005D4BE9 .8D4D D0 lea ecx,dword ptr ss:
005D4BEC .FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
005D4BF2 .68 64D46100 push emu8086.0061D464
005D4BF7 .68 84D46100 push emu8086.0061D484 ;d
005D4BFC .8D55 CC lea edx,dword ptr ss:
005D4BFF .52 push edx
005D4C00 .8D45 D0 lea eax,dword ptr ss:
005D4C03 .50 push eax
005D4C04 .E8 E70F0000 call emu8086.005D5BF0
005D4C09 .8D4D CC lea ecx,dword ptr ss:
005D4C0C .51 push ecx
005D4C0D .8D55 D0 lea edx,dword ptr ss:
005D4C10 .52 push edx
005D4C11 .6A 02 push 2
005D4C13 .FF15 44134000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStrList>;MSVBVM60.__vbaFreeStrList
005D4C19 .83C4 0C add esp,0C
005D4C1C .8D45 C4 lea eax,dword ptr ss:
005D4C1F .50 push eax
005D4C20 .8D4D C8 lea ecx,dword ptr ss:
005D4C23 .51 push ecx
005D4C24 .6A 02 push 2
005D4C26 .FF15 60104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeObjList>;MSVBVM60.__vbaFreeObjList
005D4C2C .83C4 0C add esp,0C
005D4C2F .C745 FC 21000000 mov dword ptr ss:,21
005D4C36 .66:C785 10FFFFFF FFFF mov word ptr ss:,0FFFF
005D4C3F .8D95 10FFFFFF lea edx,dword ptr ss:
005D4C45 .52 push edx
005D4C46 .E8 35130000 call emu8086.005D5F80 ;这个call按f8也能过去,就是算法call 按f7多走路
005D4C4B .C745 FC 22000000 mov dword ptr ss:,22 ;返回于此
005D4C52 .0FBF05 70D46100 movsx eax,word ptr ds:
005D4C59 .85C0 test eax,eax
005D4C5B 0F84 53050000 je emu8086.005D51B4 ;关键的一跳,跳向失败处
005D4C61 .C745 FC 23000000 mov dword ptr ss:,23
005D4C68 .68 0000FF00 push 0FF0000
005D4C6D .8B4D 08 mov ecx,dword ptr ss:
005D4C70 .8B11 mov edx,dword ptr ds:
005D4C72 .8B45 08 mov eax,dword ptr ss:
005D4C75 .50 push eax
005D4C76 .FF52 64 call dword ptr ds:
005D4C79 .DBE2 fclex
005D4C7B .8985 0CFFFFFF mov dword ptr ss:,eax
005D4C81 .83BD 0CFFFFFF 00 cmp dword ptr ss:,0
005D4C88 7D 20 jge short emu8086.005D4CAA
005D4C8A .6A 64 push 64
005D4C8C .68 60B24400 push emu8086.0044B260
005D4C91 .8B4D 08 mov ecx,dword ptr ss:
005D4C94 .51 push ecx
005D4C95 .8B95 0CFFFFFF mov edx,dword ptr ss:
005D4C9B .52 push edx
005D4C9C .FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>;MSVBVM60.__vbaHresultCheckObj
005D4CA2 .8985 68FEFFFF mov dword ptr ss:,eax
005D4CA8 .EB 0A jmp short emu8086.005D4CB4
005D4CAA >C785 68FEFFFF 00000000 mov dword ptr ss:,0
005D4CB4 >C745 FC 24000000 mov dword ptr ss:,24 ;下面一句不用我多说了吧,注册成功了
005D4CBB .68 18074500 push emu8086.00450718 ;the software is successfully registered
005D4CC0 .8B45 08 mov eax,dword ptr ss:
005D4CC3 .8B08 mov ecx,dword ptr ds:
005D4CC5 .8B55 08 mov edx,dword ptr ss:
005D4CC8 .52 push edx
005D4CC9 .FF51 54 call dword ptr ds:
005D4CCC .DBE2 fclex
005D4CCE .8985 0CFFFFFF mov dword ptr ss:,eax
005D4CD4 .83BD 0CFFFFFF 00 cmp dword ptr ss:,0
005D4CDB .7D 20 jge short emu8086.005D4CFD
005D4CDD .6A 54 push 54
005D4CDF .68 60B24400 push emu8086.0044B260
005D4CE4 .8B45 08 mov eax,dword ptr ss:
005D4CE7 .50 push eax
005D4CE8 .8B8D 0CFFFFFF mov ecx,dword ptr ss:
005D4CEE .51 push ecx
005D4CEF .FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>;MSVBVM60.__vbaHresultCheckObj
005D4CF5 .8985 64FEFFFF mov dword ptr ss:,eax
005D4CFB .EB 0A jmp short emu8086.005D4D07
005D4CFD >C785 64FEFFFF 00000000 mov dword ptr ss:,0
005D4D07 >C745 FC 25000000 mov dword ptr ss:,25
005D4D0E .8B55 08 mov edx,dword ptr ss:
005D4D11 .8B02 mov eax,dword ptr ds:
005D4D13 .8B4D 08 mov ecx,dword ptr ss:
005D4D16 .51 push ecx
005D4D17 .FF90 0C030000 call dword ptr ds:
005D4D1D .50 push eax
005D4D1E .8D55 C8 lea edx,dword ptr ss:
005D4D21 .52 push edx
005D4D22 .FF15 FC104000 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ;MSVBVM60.__vbaObjSet
005D4D28 .8985 0CFFFFFF mov dword ptr ss:,eax
005D4D2E .6A 00 push 0
005D4D30 .8B85 0CFFFFFF mov eax,dword ptr ss:
005D4D36 .8B08 mov ecx,dword ptr ds:
005D4D38 .8B95 0CFFFFFF mov edx,dword ptr ss:
005D4D3E .52 push edx
005D4D3F .FF91 94000000 call dword ptr ds:
005D4D45 .DBE2 fclex
005D4D47 .8985 08FFFFFF mov dword ptr ss:,eax
005D4D4D .83BD 08FFFFFF 00 cmp dword ptr ss:,0
005D4D54 .7D 26 jge short emu8086.005D4D7C
005D4D56 .68 94000000 push 94
005D4D5B .68 80B54300 push emu8086.0043B580
005D4D60 .8B85 0CFFFFFF mov eax,dword ptr ss:
005D4D66 .50 push eax
005D4D67 .8B8D 08FFFFFF mov ecx,dword ptr ss:
005D4D6D .51 push ecx
005D4D6E .FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>;MSVBVM60.__vbaHresultCheckObj
005D4D74 .8985 60FEFFFF mov dword ptr ss:,eax
005D4D7A .EB 0A jmp short emu8086.005D4D86
005D4D7C >C785 60FEFFFF 00000000 mov dword ptr ss:,0
005D4D86 >8D4D C8 lea ecx,dword ptr ss:
005D4D89 .FF15 38144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeObj>] ;MSVBVM60.__vbaFreeObj
005D4D8F .C745 FC 26000000 mov dword ptr ss:,26
005D4D96 .8B55 08 mov edx,dword ptr ss:
005D4D99 .8B02 mov eax,dword ptr ds:
005D4D9B .8B4D 08 mov ecx,dword ptr ss:
005D4D9E .51 push ecx
005D4D9F .FF90 04030000 call dword ptr ds:
005D4DA5 .50 push eax
005D4DA6 .8D55 C8 lea edx,dword ptr ss:
005D4DA9 .52 push edx
005D4DAA .FF15 FC104000 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ;MSVBVM60.__vbaObjSet
005D4DB0 .8985 0CFFFFFF mov dword ptr ss:,eax
005D4DB6 .6A 00 push 0
005D4DB8 .8B85 0CFFFFFF mov eax,dword ptr ss:
005D4DBE .8B08 mov ecx,dword ptr ds:
005D4DC0 .8B95 0CFFFFFF mov edx,dword ptr ss:
005D4DC6 .52 push edx
005D4DC7 .FF91 94000000 call dword ptr ds:
005D4DCD .DBE2 fclex
005D4DCF .8985 08FFFFFF mov dword ptr ss:,eax
005D4DD5 .83BD 08FFFFFF 00 cmp dword ptr ss:,0
005D4DDC .7D 26 jge short emu8086.005D4E04
005D4DDE .68 94000000 push 94
005D4DE3 .68 80B54300 push emu8086.0043B580
005D4DE8 .8B85 0CFFFFFF mov eax,dword ptr ss:
005D4DEE .50 push eax
005D4DEF .8B8D 08FFFFFF mov ecx,dword ptr ss:
005D4DF5 .51 push ecx
005D4DF6 .FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>;MSVBVM60.__vbaHresultCheckObj
005D4DFC .8985 5CFEFFFF mov dword ptr ss:,eax
005D4E02 .EB 0A jmp short emu8086.005D4E0E
005D4E04 >C785 5CFEFFFF 00000000 mov dword ptr ss:,0
005D4E0E >8D4D C8 lea ecx,dword ptr ss:
005D4E11 .FF15 38144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeObj>] ;MSVBVM60.__vbaFreeObj
005D4E17 .C745 FC 27000000 mov dword ptr ss:,27
005D4E1E .8B55 08 mov edx,dword ptr ss:
005D4E21 .8B02 mov eax,dword ptr ds:
005D4E23 .8B4D 08 mov ecx,dword ptr ss:
005D4E26 .51 push ecx
005D4E27 .FF90 08030000 call dword ptr ds:
005D4E2D .50 push eax
005D4E2E .8D55 C8 lea edx,dword ptr ss:
005D4E31 .52 push edx
005D4E32 .FF15 FC104000 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ;MSVBVM60.__vbaObjSet
005D4E38 .8985 0CFFFFFF mov dword ptr ss:,eax
005D4E3E .6A 00 push 0
005D4E40 .8B85 0CFFFFFF mov eax,dword ptr ss:
005D4E46 .8B08 mov ecx,dword ptr ds:
005D4E48 .8B95 0CFFFFFF mov edx,dword ptr ss:
005D4E4E .52 push edx
005D4E4F .FF91 94000000 call dword ptr ds:
005D4E55 .DBE2 fclex
005D4E57 .8985 08FFFFFF mov dword ptr ss:,eax
005D4E5D .83BD 08FFFFFF 00 cmp dword ptr ss:,0
005D4E64 .7D 26 jge short emu8086.005D4E8C
005D4E66 .68 94000000 push 94
005D4E6B .68 80B54300 push emu8086.0043B580
005D4E70 .8B85 0CFFFFFF mov eax,dword ptr ss:
005D4E76 .50 push eax
005D4E77 .8B8D 08FFFFFF mov ecx,dword ptr ss:
005D4E7D .51 push ecx
005D4E7E .FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>;MSVBVM60.__vbaHresultCheckObj
005D4E84 .8985 58FEFFFF mov dword ptr ss:,eax
005D4E8A .EB 0A jmp short emu8086.005D4E96
005D4E8C >C785 58FEFFFF 00000000 mov dword ptr ss:,0
005D4E96 >8D4D C8 lea ecx,dword ptr ss:
005D4E99 .FF15 38144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeObj>] ;MSVBVM60.__vbaFreeObj
005D4E9F .C745 FC 28000000 mov dword ptr ss:,28
005D4EA6 .8B55 08 mov edx,dword ptr ss:
005D4EA9 .8B02 mov eax,dword ptr ds:
005D4EAB .8B4D 08 mov ecx,dword ptr ss:
005D4EAE .51 push ecx
005D4EAF .FF90 00030000 call dword ptr ds:
005D4EB5 .50 push eax
005D4EB6 .8D55 C8 lea edx,dword ptr ss:
005D4EB9 .52 push edx
005D4EBA .FF15 FC104000 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ;MSVBVM60.__vbaObjSet
005D4EC0 .8985 0CFFFFFF mov dword ptr ss:,eax
005D4EC6 .6A 00 push 0
005D4EC8 .8B85 0CFFFFFF mov eax,dword ptr ss:
005D4ECE .8B08 mov ecx,dword ptr ds:
005D4ED0 .8B95 0CFFFFFF mov edx,dword ptr ss:
005D4ED6 .52 push edx
005D4ED7 .FF91 94000000 call dword ptr ds:
005D4EDD .DBE2 fclex
005D4EDF .8985 08FFFFFF mov dword ptr ss:,eax
005D4EE5 .83BD 08FFFFFF 00 cmp dword ptr ss:,0
005D4EEC .7D 26 jge short emu8086.005D4F14
005D4EEE .68 94000000 push 94
005D4EF3 .68 B8454400 push emu8086.004445B8
005D4EF8 .8B85 0CFFFFFF mov eax,dword ptr ss:
005D4EFE .50 push eax
005D4EFF .8B8D 08FFFFFF mov ecx,dword ptr ss:
005D4F05 .51 push ecx
005D4F06 .FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>;MSVBVM60.__vbaHresultCheckObj
005D4F0C .8985 54FEFFFF mov dword ptr ss:,eax
005D4F12 .EB 0A jmp short emu8086.005D4F1E
005D4F14 >C785 54FEFFFF 00000000 mov dword ptr ss:,0
005D4F1E >8D4D C8 lea ecx,dword ptr ss:
005D4F21 .FF15 38144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeObj>] ;MSVBVM60.__vbaFreeObj
005D4F27 .C745 FC 29000000 mov dword ptr ss:,29
005D4F2E .8B55 08 mov edx,dword ptr ss:
005D4F31 .8B02 mov eax,dword ptr ds:
005D4F33 .8B4D 08 mov ecx,dword ptr ss:
005D4F36 .51 push ecx
005D4F37 .FF90 FC020000 call dword ptr ds:
005D4F3D .50 push eax
005D4F3E .8D55 C8 lea edx,dword ptr ss:
005D4F41 .52 push edx
005D4F42 .FF15 FC104000 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ;MSVBVM60.__vbaObjSet
005D4F48 .8985 0CFFFFFF mov dword ptr ss:,eax
005D4F4E .6A 00 push 0
005D4F50 .8B85 0CFFFFFF mov eax,dword ptr ss:
005D4F56 .8B08 mov ecx,dword ptr ds:
005D4F58 .8B95 0CFFFFFF mov edx,dword ptr ss:
005D4F5E .52 push edx
005D4F5F .FF91 94000000 call dword ptr ds:
005D4F65 .DBE2 fclex
005D4F67 .8985 08FFFFFF mov dword ptr ss:,eax
005D4F6D .83BD 08FFFFFF 00 cmp dword ptr ss:,0
005D4F74 .7D 26 jge short emu8086.005D4F9C
005D4F76 .68 94000000 push 94
005D4F7B .68 B8454400 push emu8086.004445B8
005D4F80 .8B85 0CFFFFFF mov eax,dword ptr ss:
005D4F86 .50 push eax
005D4F87 .8B8D 08FFFFFF mov ecx,dword ptr ss:
005D4F8D .51 push ecx
005D4F8E .FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>;MSVBVM60.__vbaHresultCheckObj
005D4F94 .8985 50FEFFFF mov dword ptr ss:,eax
005D4F9A .EB 0A jmp short emu8086.005D4FA6
005D4F9C >C785 50FEFFFF 00000000 mov dword ptr ss:,0
005D4FA6 >8D4D C8 lea ecx,dword ptr ss:
005D4FA9 .FF15 38144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeObj>] ;MSVBVM60.__vbaFreeObj
005D4FAF .C745 FC 2A000000 mov dword ptr ss:,2A
005D4FB6 .8B55 08 mov edx,dword ptr ss:
005D4FB9 .8B02 mov eax,dword ptr ds:
005D4FBB .8B4D 08 mov ecx,dword ptr ss:
005D4FBE .51 push ecx
005D4FBF .FF90 14030000 call dword ptr ds:
005D4FC5 .50 push eax
005D4FC6 .8D55 C8 lea edx,dword ptr ss:
005D4FC9 .52 push edx
005D4FCA .FF15 FC104000 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ;MSVBVM60.__vbaObjSet
005D4FD0 .8985 0CFFFFFF mov dword ptr ss:,eax
005D4FD6 .6A 00 push 0
005D4FD8 .8B85 0CFFFFFF mov eax,dword ptr ss:
005D4FDE .8B08 mov ecx,dword ptr ds:
005D4FE0 .8B95 0CFFFFFF mov edx,dword ptr ss:
005D4FE6 .52 push edx
005D4FE7 .FF91 9C000000 call dword ptr ds:
005D4FED .DBE2 fclex
005D4FEF .8985 08FFFFFF mov dword ptr ss:,eax
005D4FF5 .83BD 08FFFFFF 00 cmp dword ptr ss:,0
005D4FFC .7D 26 jge short emu8086.005D5024
005D4FFE .68 9C000000 push 9C
005D5003 .68 5CB74300 push emu8086.0043B75C
005D5008 .8B85 0CFFFFFF mov eax,dword ptr ss:
005D500E .50 push eax
005D500F .8B8D 08FFFFFF mov ecx,dword ptr ss:
005D5015 .51 push ecx
005D5016 .FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>;MSVBVM60.__vbaHresultCheckObj
005D501C .8985 4CFEFFFF mov dword ptr ss:,eax
005D5022 .EB 0A jmp short emu8086.005D502E
005D5024 >C785 4CFEFFFF 00000000 mov dword ptr ss:,0
005D502E >8D4D C8 lea ecx,dword ptr ss:
005D5031 .FF15 38144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeObj>] ;MSVBVM60.__vbaFreeObj
005D5037 .C745 FC 2B000000 mov dword ptr ss:,2B
005D503E .8B55 08 mov edx,dword ptr ss:
005D5041 .8B02 mov eax,dword ptr ds:
005D5043 .8B4D 08 mov ecx,dword ptr ss:
005D5046 .51 push ecx
005D5047 .FF90 10030000 call dword ptr ds:
005D504D .50 push eax
005D504E .8D55 C8 lea edx,dword ptr ss:
005D5051 .52 push edx
005D5052 .FF15 FC104000 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ;MSVBVM60.__vbaObjSet
005D5058 .8985 0CFFFFFF mov dword ptr ss:,eax
005D505E .6A 00 push 0
005D5060 .8B85 0CFFFFFF mov eax,dword ptr ss:
005D5066 .8B08 mov ecx,dword ptr ds:
005D5068 .8B95 0CFFFFFF mov edx,dword ptr ss:
005D506E .52 push edx
005D506F .FF91 9C000000 call dword ptr ds:
005D5075 .DBE2 fclex
005D5077 .8985 08FFFFFF mov dword ptr ss:,eax
005D507D .83BD 08FFFFFF 00 cmp dword ptr ss:,0
005D5084 .7D 26 jge short emu8086.005D50AC
005D5086 .68 9C000000 push 9C
005D508B .68 5CB74300 push emu8086.0043B75C
005D5090 .8B85 0CFFFFFF mov eax,dword ptr ss:
005D5096 .50 push eax
005D5097 .8B8D 08FFFFFF mov ecx,dword ptr ss:
005D509D .51 push ecx
005D509E .FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>;MSVBVM60.__vbaHresultCheckObj
005D50A4 .8985 48FEFFFF mov dword ptr ss:,eax
005D50AA .EB 0A jmp short emu8086.005D50B6
005D50AC >C785 48FEFFFF 00000000 mov dword ptr ss:,0
005D50B6 >8D4D C8 lea ecx,dword ptr ss:
005D50B9 .FF15 38144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeObj>] ;MSVBVM60.__vbaFreeObj
005D50BF .C745 FC 2C000000 mov dword ptr ss:,2C
005D50C6 .C745 8C 04000280 mov dword ptr ss:,80020004
005D50CD .C745 84 0A000000 mov dword ptr ss:,0A
005D50D4 .C745 9C 04000280 mov dword ptr ss:,80020004
005D50DB .C745 94 0A000000 mov dword ptr ss:,0A
005D50E2 .C785 3CFFFFFF 4C744300 mov dword ptr ss:,emu8086.0043744C
005D50EC .C785 34FFFFFF 08000000 mov dword ptr ss:,8
005D50F6 .8D95 34FFFFFF lea edx,dword ptr ss:
005D50FC .8D4D A4 lea ecx,dword ptr ss:
005D50FF .FF15 94134000 call dword ptr ds:[<&MSVBVM60.__vbaVarDup>] ;MSVBVM60.__vbaVarDup
005D5105 .C785 4CFFFFFF 6C074500 mov dword ptr ss:,emu8086.0045076C ; THANK YOU
005D510F .C785 44FFFFFF 08000000 mov dword ptr ss:,8
005D5119 .8D95 44FFFFFF lea edx,dword ptr ss:
005D511F .8D4D B4 lea ecx,dword ptr ss:
005D5122 .FF15 94134000 call dword ptr ds:[<&MSVBVM60.__vbaVarDup>] ;MSVBVM60.__vbaVarDup
005D5128 .8D55 84 lea edx,dword ptr ss:
005D512B .52 push edx
005D512C .8D45 94 lea eax,dword ptr ss:
005D512F .50 push eax
005D5130 .8D4D A4 lea ecx,dword ptr ss:
005D5133 .51 push ecx
005D5134 .6A 00 push 0
005D5136 .8D55 B4 lea edx,dword ptr ss:
005D5139 .52 push edx
005D513A .FF15 00114000 call dword ptr ds:[<&MSVBVM60.#595>] ;MSVBVM60.rtcMsgBox
005D5140 .8D45 84 lea eax,dword ptr ss:
005D5143 .50 push eax
005D5144 .8D4D 94 lea ecx,dword ptr ss:
005D5147 .51 push ecx
005D5148 .8D55 A4 lea edx,dword ptr ss:
005D514B .52 push edx
005D514C .8D45 B4 lea eax,dword ptr ss:
005D514F .50 push eax
005D5150 .6A 04 push 4
005D5152 .FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>;MSVBVM60.__vbaFreeVarList
005D5158 .83C4 14 add esp,14
005D515B .C745 FC 2D000000 mov dword ptr ss:,2D
005D5162 .8B4D 08 mov ecx,dword ptr ss:
005D5165 .8B11 mov edx,dword ptr ds:
005D5167 .8B45 08 mov eax,dword ptr ss:
005D516A .50 push eax
005D516B .FF92 B4020000 call dword ptr ds:
005D5171 .DBE2 fclex
005D5173 .8985 0CFFFFFF mov dword ptr ss:,eax
005D5179 .83BD 0CFFFFFF 00 cmp dword ptr ss:,0
005D5180 7D 23 jge short emu8086.005D51A5
005D5182 .68 B4020000 push 2B4
005D5187 .68 60B24400 push emu8086.0044B260
005D518C .8B4D 08 mov ecx,dword ptr ss:
005D518F .51 push ecx
005D5190 .8B95 0CFFFFFF mov edx,dword ptr ss:
005D5196 .52 push edx
005D5197 .FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>;MSVBVM60.__vbaHresultCheckObj
005D519D .8985 44FEFFFF mov dword ptr ss:,eax
005D51A3 .EB 0A jmp short emu8086.005D51AF
005D51A5 >C785 44FEFFFF 00000000 mov dword ptr ss:,0
005D51AF >E9 F5000000 jmp emu8086.005D52A9
005D51B4 >C745 FC 2F000000 mov dword ptr ss:,2F ;跳到这里,即错误提示处
005D51BB .BA C0074500 mov edx,emu8086.004507C0 ;wrong registration key.
005D51C0 .8D4D D8 lea ecx,dword ptr ss:
005D51C3 .FF15 28134000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ;MSVBVM60.__vbaStrCopy
005D51C9 .8D45 D8 lea eax,dword ptr ss:
005D51CC .50 push eax
005D51CD .E8 CE8F0100 call emu8086.005EE1A0
005D51D2 .8BD0 mov edx,eax
005D51D4 .8D4D D0 lea ecx,dword ptr ss:
005D51D7 .FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
005D51DD .BA 0C0E4400 mov edx,emu8086.00440E0C ;error!
005D51E2 .8D4D D4 lea ecx,dword ptr ss:
005D51E5 .FF15 28134000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ;MSVBVM60.__vbaStrCopy
005D51EB .8D4D D4 lea ecx,dword ptr ss:
005D51EE .51 push ecx
005D51EF .E8 AC8F0100 call emu8086.005EE1A0
005D51F4 .8BD0 mov edx,eax
005D51F6 .8D4D CC lea ecx,dword ptr ss:
005D51F9 .FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
005D51FF .C745 8C 04000280 mov dword ptr ss:,80020004
005D5206 .C745 84 0A000000 mov dword ptr ss:,0A
005D520D .C745 9C 04000280 mov dword ptr ss:,80020004
005D5214 .C745 94 0A000000 mov dword ptr ss:,0A
005D521B .8B55 CC mov edx,dword ptr ss:
005D521E .8995 B8FEFFFF mov dword ptr ss:,edx
005D5224 .C745 CC 00000000 mov dword ptr ss:,0
005D522B .8B85 B8FEFFFF mov eax,dword ptr ss:
005D5231 .8945 AC mov dword ptr ss:,eax
005D5234 .C745 A4 08000000 mov dword ptr ss:,8
005D523B .8B4D D0 mov ecx,dword ptr ss:
005D523E .898D B4FEFFFF mov dword ptr ss:,ecx
005D5244 .C745 D0 00000000 mov dword ptr ss:,0
005D524B .8B95 B4FEFFFF mov edx,dword ptr ss:
005D5251 .8955 BC mov dword ptr ss:,edx
005D5254 .C745 B4 08000000 mov dword ptr ss:,8
005D525B .8D45 84 lea eax,dword ptr ss:
005D525E .50 push eax
005D525F .8D4D 94 lea ecx,dword ptr ss:
005D5262 .51 push ecx
005D5263 .8D55 A4 lea edx,dword ptr ss:
005D5266 .52 push edx
005D5267 .6A 00 push 0
005D5269 .8D45 B4 lea eax,dword ptr ss:
005D526C .50 push eax ;下面的call就弹出错误提示框了
005D526D .FF15 00114000 call dword ptr ds:[<&MSVBVM60.#595>] ;MSVBVM60.rtcMsgBox
-----------------------------进入关键call后的流程-----------------------------------
005D5F80 $55 push ebp ;按f7后到此处。。。
005D5F81 .8BEC mov ebp,esp
005D5F83 .83EC 14 sub esp,14
005D5F86 .68 16974100 push <jmp.&MSVBVM60.__vbaExceptHandler> ;SE 处理程序安装
005D5F8B .64:A1 00000000 mov eax,dword ptr fs:
005D5F91 .50 push eax
005D5F92 .64:8925 00000000 mov dword ptr fs:,esp
005D5F99 .83EC 60 sub esp,60
005D5F9C .53 push ebx
005D5F9D .56 push esi
005D5F9E .57 push edi
005D5F9F .8965 EC mov dword ptr ss:,esp
005D5FA2 .C745 F0 A8574100 mov dword ptr ss:,emu8086.004157A8
005D5FA9 .33C0 xor eax,eax
005D5FAB .8945 F4 mov dword ptr ss:,eax
005D5FAE .8945 F8 mov dword ptr ss:,eax
005D5FB1 .8945 E0 mov dword ptr ss:,eax
005D5FB4 .8945 D8 mov dword ptr ss:,eax
005D5FB7 .8945 D4 mov dword ptr ss:,eax
005D5FBA .8945 D0 mov dword ptr ss:,eax
005D5FBD .8945 CC mov dword ptr ss:,eax
005D5FC0 .8945 BC mov dword ptr ss:,eax
005D5FC3 .8945 AC mov dword ptr ss:,eax
005D5FC6 .8945 9C mov dword ptr ss:,eax
005D5FC9 .6A 01 push 1
005D5FCB .FF15 F8104000 call dword ptr ds:[<&MSVBVM60.__vbaOnError>] ;MSVBVM60.__vbaOnError
005D5FD1 .B8 4C744300 mov eax,emu8086.0043744C
005D5FD6 .B9 08000000 mov ecx,8
005D5FDB .83EC 10 sub esp,10
005D5FDE .8BD4 mov edx,esp
005D5FE0 .890A mov dword ptr ds:,ecx
005D5FE2 .8B75 A0 mov esi,dword ptr ss:
005D5FE5 .8972 04 mov dword ptr ds:,esi
005D5FE8 .8942 08 mov dword ptr ds:,eax
005D5FEB .8B5D A8 mov ebx,dword ptr ss:
005D5FEE .895A 0C mov dword ptr ds:,ebx
005D5FF1 .68 90084500 push emu8086.00450890 ;UserName
005D5FF6 .68 CC054500 push emu8086.004505CC ;Reg
005D5FFB .68 F8724300 push emu8086.004372F8 ;emu8086
005D6000 .FF15 74134000 call dword ptr ds:[<&MSVBVM60.#689>] ;MSVBVM60.rtcGetSetting
005D6006 .8945 C4 mov dword ptr ss:,eax
005D6009 .C745 BC 08000000 mov dword ptr ss:,8
005D6010 .8D45 BC lea eax,dword ptr ss:
005D6013 .50 push eax
005D6014 .8D4D AC lea ecx,dword ptr ss:
005D6017 .51 push ecx
005D6018 .FF15 30114000 call dword ptr ds:[<&MSVBVM60.#520>] ;MSVBVM60.rtcTrimVar
005D601E .8D55 AC lea edx,dword ptr ss:
005D6021 .52 push edx
005D6022 .FF15 38104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarMove>>;MSVBVM60.__vbaStrVarMove
005D6028 .8BD0 mov edx,eax
005D602A .B9 74D46100 mov ecx,emu8086.0061D474
005D602F .8B3D D0134000 mov edi,dword ptr ds:[<&MSVBVM60.__vbaStrMove>>;MSVBVM60.__vbaStrMove
005D6035 .FFD7 call edi ;<&MSVBVM60.__vbaStrMove>
005D6037 .8D45 AC lea eax,dword ptr ss:
005D603A .50 push eax
005D603B .8D4D BC lea ecx,dword ptr ss:
005D603E .51 push ecx
005D603F .6A 02 push 2
005D6041 .FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>;MSVBVM60.__vbaFreeVarList
005D6047 .B8 4C744300 mov eax,emu8086.0043744C
005D604C .B9 08000000 mov ecx,8
005D6051 .51 push ecx
005D6052 .8BD4 mov edx,esp
005D6054 .890A mov dword ptr ds:,ecx
005D6056 .8972 04 mov dword ptr ds:,esi
005D6059 .8942 08 mov dword ptr ds:,eax
005D605C .895A 0C mov dword ptr ds:,ebx
005D605F .68 A8084500 push emu8086.004508A8 ;RegKey
005D6064 .68 CC054500 push emu8086.004505CC ;Reg
005D6069 .68 F8724300 push emu8086.004372F8 ;emu8086
005D606E .FF15 74134000 call dword ptr ds:[<&MSVBVM60.#689>] ;MSVBVM60.rtcGetSetting
005D6074 .8945 C4 mov dword ptr ss:,eax
005D6077 .C745 BC 08000000 mov dword ptr ss:,8
005D607E .8D45 BC lea eax,dword ptr ss:
005D6081 .50 push eax
005D6082 .8D4D AC lea ecx,dword ptr ss:
005D6085 .51 push ecx
005D6086 .FF15 30114000 call dword ptr ds:[<&MSVBVM60.#520>] ;MSVBVM60.rtcTrimVar
005D608C .8D55 AC lea edx,dword ptr ss:
005D608F .52 push edx
005D6090 .FF15 38104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarMove>>;MSVBVM60.__vbaStrVarMove
005D6096 .8BD0 mov edx,eax
005D6098 .B9 78D46100 mov ecx,emu8086.0061D478
005D609D .FFD7 call edi ;<&MSVBVM60.__vbaStrMove>
005D609F .8D45 AC lea eax,dword ptr ss:
005D60A2 .50 push eax
005D60A3 .8D4D BC lea ecx,dword ptr ss:
005D60A6 .51 push ecx
005D60A7 .6A 02 push 2
005D60A9 .FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>;MSVBVM60.__vbaFreeVarList
005D60AF .B8 D0A04300 mov eax,emu8086.0043A0D0 ;1
005D60B4 .B9 08000000 mov ecx,8
005D60B9 .51 push ecx
005D60BA .8BD4 mov edx,esp
005D60BC .890A mov dword ptr ds:,ecx
005D60BE .8972 04 mov dword ptr ds:,esi
005D60C1 .8942 08 mov dword ptr ds:,eax
005D60C4 .895A 0C mov dword ptr ds:,ebx
005D60C7 .68 BC084500 push emu8086.004508BC ;LicCount
005D60CC .68 CC054500 push emu8086.004505CC ;Reg
005D60D1 .68 F8724300 push emu8086.004372F8 ;emu8086
005D60D6 .FF15 74134000 call dword ptr ds:[<&MSVBVM60.#689>] ;MSVBVM60.rtcGetSetting
005D60DC .8945 C4 mov dword ptr ss:,eax
005D60DF .C745 BC 08000000 mov dword ptr ss:,8
005D60E6 .8D45 BC lea eax,dword ptr ss:
005D60E9 .50 push eax
005D60EA .8D4D AC lea ecx,dword ptr ss:
005D60ED .51 push ecx
005D60EE .FF15 30114000 call dword ptr ds:[<&MSVBVM60.#520>] ;MSVBVM60.rtcTrimVar
005D60F4 .8D55 AC lea edx,dword ptr ss:
005D60F7 .52 push edx
005D60F8 .8D45 D8 lea eax,dword ptr ss:
005D60FB .50 push eax
005D60FC .FF15 C4124000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarVal>] ;MSVBVM60.__vbaStrVarVal
005D6102 .50 push eax
005D6103 .FF15 40144000 call dword ptr ds:[<&MSVBVM60.#581>] ;MSVBVM60.rtcR8ValFromBstr
005D6109 .FF15 9C134000 call dword ptr ds:[<&MSVBVM60.__vbaFpI2>] ;MSVBVM60.__vbaFpI2
005D610F .66:A3 7CD46100 mov word ptr ds:,ax
005D6115 .8D4D D8 lea ecx,dword ptr ss:
005D6118 .FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ;MSVBVM60.__vbaFreeStr
005D611E .8D4D AC lea ecx,dword ptr ss:
005D6121 .51 push ecx
005D6122 .8D55 BC lea edx,dword ptr ss:
005D6125 .52 push edx
005D6126 .6A 02 push 2
005D6128 .FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>;MSVBVM60.__vbaFreeVarList
005D612E .B8 749E4300 mov eax,emu8086.00439E74 ;0
005D6133 .B9 08000000 mov ecx,8
005D6138 .51 push ecx
005D6139 .8BD4 mov edx,esp
005D613B .890A mov dword ptr ds:,ecx
005D613D .8972 04 mov dword ptr ds:,esi
005D6140 .8942 08 mov dword ptr ds:,eax
005D6143 .895A 0C mov dword ptr ds:,ebx
005D6146 .68 D8054500 push emu8086.004505D8 ;NCHK
005D614B .68 CC054500 push emu8086.004505CC ;Reg
005D6150 .68 0C734300 push emu8086.0043730C ;reg2x
005D6155 .FF15 74134000 call dword ptr ds:[<&MSVBVM60.#689>] ;MSVBVM60.rtcGetSetting
005D615B .8BD0 mov edx,eax
005D615D .8D4D D8 lea ecx,dword ptr ss:
005D6160 .FFD7 call edi ;<&MSVBVM60.__vbaStrMove>
005D6162 .50 push eax
005D6163 .FF15 34134000 call dword ptr ds:[<&MSVBVM60.__vbaI4Str>] ;MSVBVM60.__vbaI4Str
005D6169 .8BF0 mov esi,eax
005D616B .8D4D D8 lea ecx,dword ptr ss:
005D616E .FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ;MSVBVM60.__vbaFreeStr
005D6174 .8D45 BC lea eax,dword ptr ss:
005D6177 .50 push eax
005D6178 .FF15 78134000 call dword ptr ds:[<&MSVBVM60.#610>] ;MSVBVM60.rtcGetDateVar
005D617E .8D4D BC lea ecx,dword ptr ss:
005D6181 .51 push ecx
005D6182 .FF15 34144000 call dword ptr ds:[<&MSVBVM60.__vbaI4ErrVar>];MSVBVM60.__vbaI4ErrVar
005D6188 .81C6 90010000 add esi,190
005D618E .0F80 F1030000 jo emu8086.005D6585
005D6194 .33DB xor ebx,ebx
005D6196 .3BF0 cmp esi,eax
005D6198 .0F9EC3 setle bl
005D619B .F7DB neg ebx
005D619D .6A 01 push 1
005D619F .8B15 78D46100 mov edx,dword ptr ds:
005D61A5 .52 push edx
005D61A6 .68 BC054500 push emu8086.004505BC ;AX4CT
005D61AB .6A 01 push 1
005D61AD .8B35 14134000 mov esi,dword ptr ds:[<&MSVBVM60.__vbaInStr>];MSVBVM60.__vbaInStr
005D61B3 .FFD6 call esi ;<&MSVBVM60.__vbaInStr>
005D61B5 .33C9 xor ecx,ecx
005D61B7 .85C0 test eax,eax
005D61B9 .0F9FC1 setg cl
005D61BC .F7D9 neg ecx
005D61BE .23D9 and ebx,ecx
005D61C0 .8D55 BC lea edx,dword ptr ss:
005D61C3 .52 push edx
005D61C4 .8D45 BC lea eax,dword ptr ss:
005D61C7 .50 push eax
005D61C8 .6A 02 push 2
005D61CA .FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>;MSVBVM60.__vbaFreeVarList
005D61D0 .83C4 0C add esp,0C
005D61D3 .66:85DB test bx,bx
005D61D6 .0F84 DA000000 je emu8086.005D62B6
005D61DC .66:C705 70D46100 0000 mov word ptr ds:,0
005D61E5 .B8 4C744300 mov eax,emu8086.0043744C
005D61EA .B9 08000000 mov ecx,8
005D61EF .83EC 10 sub esp,10
005D61F2 .8BD4 mov edx,esp
005D61F4 .890A mov dword ptr ds:,ecx
005D61F6 .8B4D A0 mov ecx,dword ptr ss:
005D61F9 .894A 04 mov dword ptr ds:,ecx
005D61FC .8942 08 mov dword ptr ds:,eax
005D61FF .8B45 A8 mov eax,dword ptr ss:
005D6202 .8942 0C mov dword ptr ds:,eax
005D6205 .68 E8054500 push emu8086.004505E8 ;NCHKEXP
005D620A .68 CC054500 push emu8086.004505CC ;Reg
005D620F .68 0C734300 push emu8086.0043730C ;reg2x
005D6214 .FF15 74134000 call dword ptr ds:[<&MSVBVM60.#689>] ;MSVBVM60.rtcGetSetting
005D621A .8BD0 mov edx,eax
005D621C .8D4D E0 lea ecx,dword ptr ss:
005D621F .FFD7 call edi ;<&MSVBVM60.__vbaStrMove>
005D6221 .6A 01 push 1
005D6223 .8B4D E0 mov ecx,dword ptr ss:
005D6226 .51 push ecx
005D6227 .8B15 78D46100 mov edx,dword ptr ds:
005D622D .52 push edx
005D622E .6A 01 push 1
005D6230 .FFD6 call esi ;<&MSVBVM60.__vbaInStr>
005D6232 .85C0 test eax,eax
005D6234 .0F8F EC020000 jg emu8086.005D6526
005D623A .8B45 E0 mov eax,dword ptr ss:
005D623D .50 push eax
005D623E .FF15 3C104000 call dword ptr ds:[<&MSVBVM60.__vbaLenBstr>] ;MSVBVM60.__vbaLenBstr
005D6244 .83F8 78 cmp eax,78
005D6247 .7D 34 jge short emu8086.005D627D
005D6249 .8B0D 78D46100 mov ecx,dword ptr ds:
005D624F .51 push ecx
005D6250 .68 AC954300 push emu8086.004395AC ;;
005D6255 .8B35 88104000 mov esi,dword ptr ds:[<&MSVBVM60.__vbaStrCat>] ;MSVBVM60.__vbaStrCat
005D625B .FFD6 call esi ;<&MSVBVM60.__vbaStrCat>
005D625D .8BD0 mov edx,eax
005D625F .8D4D D8 lea ecx,dword ptr ss:
005D6262 .FFD7 call edi ;<&MSVBVM60.__vbaStrMove>
005D6264 .50 push eax
005D6265 .8B55 E0 mov edx,dword ptr ss:
005D6268 .52 push edx
005D6269 .FFD6 call esi ;<&MSVBVM60.__vbaStrCat>
005D626B .8BD0 mov edx,eax
005D626D .8D4D E0 lea ecx,dword ptr ss:
005D6270 .FFD7 call edi ;<&MSVBVM60.__vbaStrMove>
005D6272 .8D4D D8 lea ecx,dword ptr ss:
005D6275 .FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ;MSVBVM60.__vbaFreeStr
005D627B .EB 0F jmp short emu8086.005D628C
005D627D >8B15 78D46100 mov edx,dword ptr ds:
005D6283 .8D4D E0 lea ecx,dword ptr ss:
005D6286 .FF15 28134000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ;MSVBVM60.__vbaStrCopy
005D628C >8B45 E0 mov eax,dword ptr ss:
005D628F .50 push eax
005D6290 .68 E8054500 push emu8086.004505E8 ;NCHKEXP
005D6295 .68 CC054500 push emu8086.004505CC ;Reg
005D629A .68 0C734300 push emu8086.0043730C ;reg2x
005D629F .FF15 10104000 call dword ptr ds:[<&MSVBVM60.#690>] ;MSVBVM60.rtcSaveSetting
005D62A5 .FF15 E0104000 call dword ptr ds:[<&MSVBVM60.__vbaExitProc>];MSVBVM60.__vbaExitProc
005D62AB .9B wait
005D62AC .68 72655D00 push emu8086.005D6572
005D62B1 .E9 B2020000 jmp emu8086.005D6568
005D62B6 >B8 4C744300 mov eax,emu8086.0043744C
005D62BB .B9 08000000 mov ecx,8
005D62C0 .83EC 10 sub esp,10
005D62C3 .8BD4 mov edx,esp
005D62C5 .890A mov dword ptr ds:,ecx
005D62C7 .8B4D A0 mov ecx,dword ptr ss:
005D62CA .894A 04 mov dword ptr ds:,ecx
005D62CD .8942 08 mov dword ptr ds:,eax
005D62D0 .8B45 A8 mov eax,dword ptr ss:
005D62D3 .8942 0C mov dword ptr ds:,eax
005D62D6 .68 E8054500 push emu8086.004505E8 ;NCHKEXP
005D62DB .68 CC054500 push emu8086.004505CC ;Reg
005D62E0 .68 0C734300 push emu8086.0043730C ;reg2x
005D62E5 .FF15 74134000 call dword ptr ds:[<&MSVBVM60.#689>] ;MSVBVM60.rtcGetSetting
005D62EB .8BD0 mov edx,eax
005D62ED .8D4D E0 lea ecx,dword ptr ss:
005D62F0 .FFD7 call edi
005D62F2 .6A 01 push 1
005D62F4 .8B4D E0 mov ecx,dword ptr ss:
005D62F7 .51 push ecx
005D62F8 .8B15 78D46100 mov edx,dword ptr ds:
005D62FE .52 push edx
005D62FF .6A 01 push 1
005D6301 .FFD6 call esi
005D6303 .85C0 test eax,eax
005D6305 .0F8F 1B020000 jg emu8086.005D6526
005D630B .68 7CD46100 push emu8086.0061D47C ;d
005D6310 .68 78D46100 push emu8086.0061D478
005D6315 .68 74D46100 push emu8086.0061D474
005D631A .E8 71020000 call emu8086.005D6590
005D631F .66:85C0 test ax,ax
005D6322 .0F84 AB000000 je emu8086.005D63D3
005D6328 .66:C705 70D46100 FFFF mov word ptr ds:,0FFFF
005D6331 .8B45 08 mov eax,dword ptr ss:
005D6334 .66:8338 00 cmp word ptr ds:,0
005D6338 .0F84 E8010000 je emu8086.005D6526
005D633E .A1 08D46100 mov eax,dword ptr ds:
005D6343 .85C0 test eax,eax
005D6345 .75 10 jnz short emu8086.005D6357
005D6347 .68 08D46100 push emu8086.0061D408
005D634C .68 C43B4200 push emu8086.00423BC4
005D6351 .FF15 0C134000 call dword ptr ds:[<&MSVBVM60.__vbaNew2>] ;MSVBVM60.__vbaNew2
005D6357 >8B35 08D46100 mov esi,dword ptr ds:
005D635D .8B0E mov ecx,dword ptr ds:
005D635F .56 push esi
005D6360 .FF91 F8060000 call dword ptr ds:
005D6366 .DBE2 fclex
005D6368 .85C0 test eax,eax
005D636A .7D 12 jge short emu8086.005D637E
005D636C .68 F8060000 push 6F8
005D6371 .68 D8984300 push emu8086.004398D8
005D6376 .56 push esi
005D6377 .50 push eax
005D6378 .FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>;MSVBVM60.__vbaHresultCheckObj
005D637E >A1 24D06100 mov eax,dword ptr ds:
005D6383 .85C0 test eax,eax
005D6385 .75 10 jnz short emu8086.005D6397
005D6387 .68 24D06100 push emu8086.0061D024
005D638C .68 2C514200 push emu8086.0042512C
005D6391 .FF15 0C134000 call dword ptr ds:[<&MSVBVM60.__vbaNew2>] ;MSVBVM60.__vbaNew2
005D6397 >8B35 24D06100 mov esi,dword ptr ds:
005D639D .8B16 mov edx,dword ptr ds:
005D639F .56 push esi
005D63A0 .FF92 F8060000 call dword ptr ds:
005D63A6 .DBE2 fclex
005D63A8 .85C0 test eax,eax
005D63AA .0F8D 76010000 jge emu8086.005D6526
005D63B0 .68 F8060000 push 6F8
005D63B5 .68 7C834300 push emu8086.0043837C
005D63BA .56 push esi
005D63BB .50 push eax
005D63BC .FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>;MSVBVM60.__vbaHresultCheckObj
005D63C2 .FF15 E0104000 call dword ptr ds:[<&MSVBVM60.__vbaExitProc>];MSVBVM60.__vbaExitProc
005D63C8 .9B wait
005D63C9 .68 72655D00 push emu8086.005D6572
005D63CE .E9 95010000 jmp emu8086.005D6568
005D63D3 >BA BC094500 mov edx,emu8086.004509BC ;emu8086.com
005D63D8 .8D4D D4 lea ecx,dword ptr ss:
005D63DB .8B35 28134000 mov esi,dword ptr ds:[<&MSVBVM60.__vbaStrCopy>>;MSVBVM60.__vbaStrCopy
005D63E1 .FFD6 call esi ;<&MSVBVM60.__vbaStrCopy>
005D63E3 .BA A4094500 mov edx,emu8086.004509A4 ;username
005D63E8 .8D4D D8 lea ecx,dword ptr ss:
005D63EB .FFD6 call esi ;<&MSVBVM60.__vbaStrCopy>
005D63ED .8D45 D4 lea eax,dword ptr ss:
005D63F0 .50 push eax
005D63F1 .8D4D D8 lea ecx,dword ptr ss:
005D63F4 .51 push ecx
005D63F5 .68 24094500 push emu8086.00450924 ;reg.ini
005D63FA .E8 31970000 call emu8086.005DFB30
005D63FF .8BD0 mov edx,eax
005D6401 .B9 74D46100 mov ecx,emu8086.0061D474
005D6406 .FFD7 call edi
005D6408 .8D55 D4 lea edx,dword ptr ss:
005D640B .52 push edx
005D640C .8D45 D8 lea eax,dword ptr ss:
005D640F .50 push eax
005D6410 .6A 02 push 2
005D6412 .8B1D 44134000 mov ebx,dword ptr ds:[<&MSVBVM60.__vbaFreeStrL>;MSVBVM60.__vbaFreeStrList
005D6418 .FFD3 call ebx ;<&MSVBVM60.__vbaFreeStrList>
005D641A .83C4 0C add esp,0C
005D641D .BA BC094500 mov edx,emu8086.004509BC ;emu8086.com
005D6422 .8D4D D4 lea ecx,dword ptr ss:
005D6425 .FFD6 call esi ;<&MSVBVM60.__vbaStrCopy>
005D6427 .BA D8094500 mov edx,emu8086.004509D8 ;regkey
005D642C .8D4D D8 lea ecx,dword ptr ss:
005D642F .FFD6 call esi ;<&MSVBVM60.__vbaStrCopy>
005D6431 .8D4D D4 lea ecx,dword ptr ss:
005D6434 .51 push ecx
005D6435 .8D55 D8 lea edx,dword ptr ss:
005D6438 .52 push edx
005D6439 .68 24094500 push emu8086.00450924 ;reg.ini
005D643E .E8 ED960000 call emu8086.005DFB30
005D6443 .8BD0 mov edx,eax
005D6445 .B9 78D46100 mov ecx,emu8086.0061D478
005D644A .FFD7 call edi
005D644C .8D45 D4 lea eax,dword ptr ss:
005D644F .50 push eax
005D6450 .8D4D D8 lea ecx,dword ptr ss:
005D6453 .51 push ecx
005D6454 .6A 02 push 2
005D6456 .FFD3 call ebx ;<&MSVBVM60.__vbaFreeStrList>
005D6458 .83C4 0C add esp,0C
005D645B .BA 749E4300 mov edx,emu8086.00439E74 ;0
005D6460 .8D4D D4 lea ecx,dword ptr ss:
005D6463 .FFD6 call esi ;<&MSVBVM60.__vbaStrCopy>
005D6465 .BA B4D64400 mov edx,emu8086.0044D6B4 ;q
005D646A .8D4D D8 lea ecx,dword ptr ss:
005D646D .FFD6 call esi ;<&MSVBVM60.__vbaStrCopy>
005D646F .8D55 D4 lea edx,dword ptr ss:
005D6472 .52 push edx
005D6473 .8D45 D8 lea eax,dword ptr ss:
005D6476 .50 push eax
005D6477 .68 24094500 push emu8086.00450924 ;reg.ini
005D647C .E8 AF960000 call emu8086.005DFB30
005D6481 .8BD0 mov edx,eax
005D6483 .8D4D D0 lea ecx,dword ptr ss:
005D6486 .FFD7 call edi
005D6488 .50 push eax
005D6489 .FF15 88124000 call dword ptr ds:[<&MSVBVM60.__vbaI2Str>] ;MSVBVM60.__vbaI2Str
005D648F .66:A3 7CD46100 mov word ptr ds:,ax
005D6495 .8D4D D0 lea ecx,dword ptr ss:
005D6498 .51 push ecx
005D6499 .8D55 D4 lea edx,dword ptr ss:
005D649C .52 push edx
005D649D .8D45 D8 lea eax,dword ptr ss:
005D64A0 .50 push eax
005D64A1 .6A 03 push 3
005D64A3 .FFD3 call ebx ;<&MSVBVM60.__vbaFreeStrList>
005D64A5 .83C4 10 add esp,10
005D64A8 .68 7CD46100 push emu8086.0061D47C ;d
005D64AD .68 78D46100 push emu8086.0061D478
005D64B2 .68 74D46100 push emu8086.0061D474
005D64B7 .E8 D4000000 call emu8086.005D6590 ;第二次较验的call即读reg.ini文件
005D64BC .66:F7D8 neg ax ;两次注册校验后返回至此处
005D64BF .1BC0 sbb eax,eax
005D64C1 .66:A3 70D46100 mov word ptr ds:,ax
005D64C7 .FF15 E0104000 call dword ptr ds:[<&MSVBVM60.__vbaExitProc>];MSVBVM60.__vbaExitProc
005D64CD .9B wait
005D64CE .68 72655D00 push emu8086.005D6572
005D64D3 .E9 90000000 jmp emu8086.005D6568
005D64D8 .FF15 58134000 call dword ptr ds:[<&MSVBVM60.#685>] ;MSVBVM60.rtcErrObj
005D64DE .50 push eax
005D64DF .8D4D CC lea ecx,dword ptr ss:
005D64E2 .51 push ecx
005D64E3 .FF15 FC104000 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ;MSVBVM60.__vbaObjSet
005D64E9 .8BF0 mov esi,eax
005D64EB .8B16 mov edx,dword ptr ds:
005D64ED .8D45 D8 lea eax,dword ptr ss:
005D64F0 .50 push eax
005D64F1 .56 push esi
005D64F2 .FF52 2C call dword ptr ds:
005D64F5 .DBE2 fclex
005D64F7 .85C0 test eax,eax
005D64F9 .7D 0F jge short emu8086.005D650A
005D64FB .6A 2C push 2C
005D64FD .68 20854300 push emu8086.00438520
005D6502 .56 push esi
005D6503 .50 push eax
005D6504 .FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>;MSVBVM60.__vbaHresultCheckObj
005D650A >8D4D D4 lea ecx,dword ptr ss:
005D650D .51 push ecx
005D650E .8D55 D8 lea edx,dword ptr ss:
005D6511 .52 push edx
005D6512 .6A 02 push 2
005D6514 .FF15 44134000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStrList>;MSVBVM60.__vbaFreeStrList
005D651A .83C4 0C add esp,0C
005D651D .8D4D CC lea ecx,dword ptr ss:
005D6520 .FF15 38144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeObj>] ;MSVBVM60.__vbaFreeObj
005D6526 >FF15 E0104000 call dword ptr ds:[<&MSVBVM60.__vbaExitProc>];MSVBVM60.__vbaExitProc
005D652C .9B wait
005D652D .68 72655D00 push emu8086.005D6572
005D6532 .EB 34 jmp short emu8086.005D6568
005D6534 .8D45 D0 lea eax,dword ptr ss:
005D6537 .50 push eax
005D6538 .8D4D D4 lea ecx,dword ptr ss:
005D653B .51 push ecx
005D653C .8D55 D8 lea edx,dword ptr ss:
005D653F .52 push edx
005D6540 .6A 03 push 3
005D6542 .FF15 44134000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStrList>;MSVBVM60.__vbaFreeStrList
005D6548 .83C4 10 add esp,10
005D654B .8D4D CC lea ecx,dword ptr ss:
005D654E .FF15 38144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeObj>] ;MSVBVM60.__vbaFreeObj
005D6554 .8D45 AC lea eax,dword ptr ss:
005D6557 .50 push eax
005D6558 .8D4D BC lea ecx,dword ptr ss:
005D655B .51 push ecx
005D655C .6A 02 push 2
005D655E .FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>;MSVBVM60.__vbaFreeVarList
005D6564 .83C4 0C add esp,0C
005D6567 .C3 retn
005D6568 >8D4D E0 lea ecx,dword ptr ss:
005D656B .FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ;MSVBVM60.__vbaFreeStr
005D6571 .C3 retn
005D6572 .8B4D E4 mov ecx,dword ptr ss:
005D6575 .64:890D 00000000 mov dword ptr fs:,ecx
005D657C .5F pop edi
005D657D .5E pop esi
005D657E .5B pop ebx
005D657F .8BE5 mov esp,ebp
005D6581 .5D pop ebp
005D6582 .C2 0400 retn 4 ;按f7后该返回了
005D6585 >FF15 F4124000 call dword ptr ds:[<&MSVBVM60.__vbaErrorOverfl>;MSVBVM60.__vbaErrorOverflow
005D658B .90 nop
005D658C .90 nop
005D658D .90 nop
005D658E .90 nop
005D658F .90 nop
005D6590 $55 push ebp ;开始时也要较验两次,看是否注册成功
005D6591 .8BEC mov ebp,esp
005D6593 .83EC 18 sub esp,18
005D6596 .68 16974100 push <jmp.&MSVBVM60.__vbaExceptHandler> ;SE 处理程序安装
005D659B .64:A1 00000000 mov eax,dword ptr fs:
005D65A1 .50 push eax
005D65A2 .64:8925 00000000 mov dword ptr fs:,esp
005D65A9 .B8 74000000 mov eax,74
005D65AE .E8 5D31E4FF call <jmp.&MSVBVM60.__vbaChkstk>
005D65B3 .53 push ebx
005D65B4 .56 push esi
005D65B5 .57 push edi
005D65B6 .8965 E8 mov dword ptr ss:,esp
005D65B9 .C745 EC D0574100 mov dword ptr ss:,emu8086.004157D0
005D65C0 .C745 F0 00000000 mov dword ptr ss:,0
005D65C7 .C745 F4 00000000 mov dword ptr ss:,0
005D65CE .C745 FC 01000000 mov dword ptr ss:,1
005D65D5 .C745 FC 02000000 mov dword ptr ss:,2
005D65DC .6A FF push -1
005D65DE .FF15 F8104000 call dword ptr ds:[<&MSVBVM60.__vbaOnError>] ;MSVBVM60.__vbaOnError
005D65E4 .C745 FC 03000000 mov dword ptr ss:,3
005D65EB .8B45 0C mov eax,dword ptr ss:
005D65EE .8945 9C mov dword ptr ss:,eax
005D65F1 .C745 94 08400000 mov dword ptr ss:,4008
005D65F8 .8D4D 94 lea ecx,dword ptr ss:
005D65FB .51 push ecx
005D65FC .8D55 C4 lea edx,dword ptr ss:
005D65FF .52 push edx
005D6600 .FF15 30114000 call dword ptr ds:[<&MSVBVM60.#520>] ;MSVBVM60.rtcTrimVar
005D6606 .BA 74064500 mov edx,emu8086.00450674 ;112
005D660B .8D4D D4 lea ecx,dword ptr ss:
005D660E .FF15 28134000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ;MSVBVM60.__vbaStrCopy
005D6614 .8D45 C4 lea eax,dword ptr ss:
005D6617 .50 push eax
005D6618 .FF15 38104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarMove>>;MSVBVM60.__vbaStrVarMove
005D661E .8BD0 mov edx,eax
005D6620 .8D4D D8 lea ecx,dword ptr ss:
005D6623 .FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
005D6629 .8D4D D4 lea ecx,dword ptr ss:
005D662C .51 push ecx
005D662D .8D55 D8 lea edx,dword ptr ss:
005D6630 .52 push edx
005D6631 .E8 DA8BEDFF call emu8086.004AF210
005D6636 .66:8945 80 mov word ptr ss:,ax
005D663A .8D45 D4 lea eax,dword ptr ss:
005D663D .50 push eax
005D663E .8D4D D8 lea ecx,dword ptr ss:
005D6641 .51 push ecx
005D6642 .6A 02 push 2
005D6644 .FF15 44134000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStrList>;MSVBVM60.__vbaFreeStrList
005D664A .83C4 0C add esp,0C
005D664D .8D4D C4 lea ecx,dword ptr ss:
005D6650 .FF15 34104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
005D6656 .0FBF55 80 movsx edx,word ptr ss:
005D665A .85D2 test edx,edx
005D665C .74 12 je short emu8086.005D6670
005D665E .C745 FC 04000000 mov dword ptr ss:,4
005D6665 .66:C745 DC FFFF mov word ptr ss:,0FFFF
005D666B .E9 55020000 jmp emu8086.005D68C5
005D6670 >C745 FC 07000000 mov dword ptr ss:,7
005D6677 .8B45 0C mov eax,dword ptr ss:
005D667A .8945 9C mov dword ptr ss:,eax
005D667D .C745 94 08400000 mov dword ptr ss:,4008
005D6684 .8D4D 94 lea ecx,dword ptr ss:
005D6687 .51 push ecx
005D6688 .8D55 C4 lea edx,dword ptr ss:
005D668B .52 push edx
005D668C .FF15 30114000 call dword ptr ds:[<&MSVBVM60.#520>] ;MSVBVM60.rtcTrimVar
005D6692 .BA 50084500 mov edx,emu8086.00450850 ;27
005D6697 .8D4D D4 lea ecx,dword ptr ss:
005D669A .FF15 28134000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ;MSVBVM60.__vbaStrCopy
005D66A0 .8D45 C4 lea eax,dword ptr ss:
005D66A3 .50 push eax
005D66A4 .FF15 38104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarMove>>;MSVBVM60.__vbaStrVarMove
005D66AA .8BD0 mov edx,eax
005D66AC .8D4D D8 lea ecx,dword ptr ss:
005D66AF .FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
005D66B5 .8D4D D4 lea ecx,dword ptr ss:
005D66B8 .51 push ecx
005D66B9 .8D55 D8 lea edx,dword ptr ss:
005D66BC .52 push edx
005D66BD .E8 4E8BEDFF call emu8086.004AF210
005D66C2 .66:8945 80 mov word ptr ss:,ax
005D66C6 .8D45 D4 lea eax,dword ptr ss:
005D66C9 .50 push eax
005D66CA .8D4D D8 lea ecx,dword ptr ss:
005D66CD .51 push ecx
005D66CE .6A 02 push 2
005D66D0 .FF15 44134000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStrList>;MSVBVM60.__vbaFreeStrList
005D66D6 .83C4 0C add esp,0C
005D66D9 .8D4D C4 lea ecx,dword ptr ss:
005D66DC .FF15 34104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
005D66E2 .0FBF55 80 movsx edx,word ptr ss:
005D66E6 .85D2 test edx,edx
005D66E8 .74 12 je short emu8086.005D66FC
005D66EA .C745 FC 08000000 mov dword ptr ss:,8
005D66F1 .66:C745 DC FFFF mov word ptr ss:,0FFFF
005D66F7 .E9 C9010000 jmp emu8086.005D68C5
005D66FC >C745 FC 0B000000 mov dword ptr ss:,0B
005D6703 .6A 0D push 0D
005D6705 .8D45 C4 lea eax,dword ptr ss:
005D6708 .50 push eax
005D6709 .FF15 94124000 call dword ptr ds:[<&MSVBVM60.#608>] ;MSVBVM60.rtcVarBstrFromAnsi
005D670F .6A 01 push 1
005D6711 .6A FF push -1
005D6713 .6A 01 push 1
005D6715 .68 4C744300 push emu8086.0043744C
005D671A .8D4D C4 lea ecx,dword ptr ss:
005D671D .51 push ecx
005D671E .8D55 D8 lea edx,dword ptr ss:
005D6721 .52 push edx
005D6722 .FF15 C4124000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarVal>] ;MSVBVM60.__vbaStrVarVal
005D6728 .50 push eax
005D6729 .8B45 0C mov eax,dword ptr ss:
005D672C .8B08 mov ecx,dword ptr ds:
005D672E .51 push ecx
005D672F .FF15 68124000 call dword ptr ds:[<&MSVBVM60.#712>] ;MSVBVM60.rtcReplace
005D6735 .8BD0 mov edx,eax
005D6737 .8B4D 0C mov ecx,dword ptr ss:
005D673A .FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
005D6740 .8D4D D8 lea ecx,dword ptr ss:
005D6743 .FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ;MSVBVM60.__vbaFreeStr
005D6749 .8D4D C4 lea ecx,dword ptr ss:
005D674C .FF15 34104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
005D6752 .C745 FC 0C000000 mov dword ptr ss:,0C
005D6759 .6A 0A push 0A
005D675B .8D55 C4 lea edx,dword ptr ss:
005D675E .52 push edx
005D675F .FF15 94124000 call dword ptr ds:[<&MSVBVM60.#608>] ;MSVBVM60.rtcVarBstrFromAnsi
005D6765 .6A 01 push 1
005D6767 .6A FF push -1
005D6769 .6A 01 push 1
005D676B .68 4C744300 push emu8086.0043744C
005D6770 .8D45 C4 lea eax,dword ptr ss:
005D6773 .50 push eax
005D6774 .8D4D D8 lea ecx,dword ptr ss:
005D6777 .51 push ecx
005D6778 .FF15 C4124000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarVal>] ;MSVBVM60.__vbaStrVarVal
005D677E .50 push eax
005D677F .8B55 0C mov edx,dword ptr ss:
005D6782 .8B02 mov eax,dword ptr ds:
005D6784 .50 push eax
005D6785 .FF15 68124000 call dword ptr ds:[<&MSVBVM60.#712>] ;MSVBVM60.rtcReplace
005D678B .8BD0 mov edx,eax
005D678D .8B4D 0C mov ecx,dword ptr ss:
005D6790 .FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
005D6796 .8D4D D8 lea ecx,dword ptr ss:
005D6799 .FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ;MSVBVM60.__vbaFreeStr
005D679F .8D4D C4 lea ecx,dword ptr ss:
005D67A2 .FF15 34104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
005D67A8 .C745 FC 0D000000 mov dword ptr ss:,0D
005D67AF .6A 01 push 1
005D67B1 .6A FF push -1
005D67B3 .6A 01 push 1
005D67B5 .68 4C744300 push emu8086.0043744C
005D67BA .68 E0E74300 push emu8086.0043E7E0 ;-
005D67BF .8B4D 0C mov ecx,dword ptr ss:
005D67C2 .8B11 mov edx,dword ptr ds:
005D67C4 .52 push edx
005D67C5 .FF15 68124000 call dword ptr ds:[<&MSVBVM60.#712>] ;MSVBVM60.rtcReplace
005D67CB .8BD0 mov edx,eax
005D67CD .8B4D 0C mov ecx,dword ptr ss:
005D67D0 .FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
005D67D6 .C745 FC 0E000000 mov dword ptr ss:,0E
005D67DD .6A 01 push 1
005D67DF .6A FF push -1
005D67E1 .6A 01 push 1
005D67E3 .68 749E4300 push emu8086.00439E74 ;0
005D67E8 .68 20E94300 push emu8086.0043E920 ;O
005D67ED .8B45 0C mov eax,dword ptr ss:
005D67F0 .8B08 mov ecx,dword ptr ds:
005D67F2 .51 push ecx
005D67F3 .FF15 68124000 call dword ptr ds:[<&MSVBVM60.#712>] ;MSVBVM60.rtcReplace
005D67F9 .8BD0 mov edx,eax
005D67FB .8B4D 0C mov ecx,dword ptr ss:
005D67FE .FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
005D6804 .C745 FC 0F000000 mov dword ptr ss:,0F
005D680B .6A 01 push 1
005D680D .6A FF push -1
005D680F .6A 01 push 1
005D6811 .68 D0A04300 push emu8086.0043A0D0 ;1
005D6816 .68 0C044500 push emu8086.0045040C ;I
005D681B .8B55 0C mov edx,dword ptr ss:
005D681E .8B02 mov eax,dword ptr ds:
005D6820 .50 push eax
005D6821 .FF15 68124000 call dword ptr ds:[<&MSVBVM60.#712>] ;MSVBVM60.rtcReplace
005D6827 .8BD0 mov edx,eax
005D6829 .8B4D 0C mov ecx,dword ptr ss:
005D682C .FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
005D6832 .C745 FC 10000000 mov dword ptr ss:,10
005D6839 .8B4D 0C mov ecx,dword ptr ss:
005D683C .8B11 mov edx,dword ptr ds:
005D683E .8955 9C mov dword ptr ss:,edx
005D6841 .C745 94 08000000 mov dword ptr ss:,8
005D6848 .8B45 10 mov eax,dword ptr ss:
005D684B .50 push eax
005D684C .8B4D 08 mov ecx,dword ptr ss:
005D684F .8B11 mov edx,dword ptr ds:
005D6851 .52 push edx
005D6852 .8D45 C4 lea eax,dword ptr ss:
005D6855 .50 push eax
005D6856 .E8 B5000000 call emu8086.005D6910 ;这个是算法call
005D685B .C745 8C 00000000 mov dword ptr ss:,0 ;返回来了
005D6862 .C745 84 02800000 mov dword ptr ss:,8002 ;这个软件只要注册表中注册成功或reg.ini成功一样就OK了
005D6869 .6A 01 push 1 ;因此它判断两次,算法也算两次
005D686B .8D4D 94 lea ecx,dword ptr ss:
005D686E .51 push ecx
005D686F .8D55 C4 lea edx,dword ptr ss:
005D6872 .52 push edx
005D6873 .6A 01 push 1
005D6875 .8D45 B4 lea eax,dword ptr ss:
005D6878 .50 push eax
005D6879 .FF15 B8124000 call dword ptr ds:[<&MSVBVM60.__vbaInStrVar>];MSVBVM60.__vbaInStrVar
005D687F .50 push eax
005D6880 .8D4D 84 lea ecx,dword ptr ss:
005D6883 .51 push ecx
005D6884 .FF15 04104000 call dword ptr ds:[<&MSVBVM60.__vbaVarTstGt>];MSVBVM60.__vbaVarTstGt
005D688A .66:8945 80 mov word ptr ss:,ax
005D688E .8D55 B4 lea edx,dword ptr ss:
005D6891 .52 push edx
005D6892 .8D45 C4 lea eax,dword ptr ss:
005D6895 .50 push eax
005D6896 .6A 02 push 2
005D6898 .FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>;MSVBVM60.__vbaFreeVarList
005D689E .83C4 0C add esp,0C
005D68A1 .0FBF4D 80 movsx ecx,word ptr ss:
005D68A5 .85C9 test ecx,ecx
005D68A7 .74 0F je short emu8086.005D68B8
005D68A9 .C745 FC 11000000 mov dword ptr ss:,11
005D68B0 .66:C745 DC FFFF mov word ptr ss:,0FFFF
005D68B6 .EB 0D jmp short emu8086.005D68C5
005D68B8 >C745 FC 13000000 mov dword ptr ss:,13
005D68BF .66:C745 DC 0000 mov word ptr ss:,0
005D68C5 >68 F8685D00 push emu8086.005D68F8
005D68CA .EB 2B jmp short emu8086.005D68F7
005D68CC .8D55 D4 lea edx,dword ptr ss:
005D68CF .52 push edx
005D68D0 .8D45 D8 lea eax,dword ptr ss:
005D68D3 .50 push eax
005D68D4 .6A 02 push 2
005D68D6 .FF15 44134000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStrList>;MSVBVM60.__vbaFreeStrList
005D68DC .83C4 0C add esp,0C
005D68DF .8D4D A4 lea ecx,dword ptr ss:
005D68E2 .51 push ecx
005D68E3 .8D55 B4 lea edx,dword ptr ss:
005D68E6 .52 push edx
005D68E7 .8D45 C4 lea eax,dword ptr ss:
005D68EA .50 push eax
005D68EB .6A 03 push 3
005D68ED .FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>;MSVBVM60.__vbaFreeVarList
005D68F3 .83C4 10 add esp,10
005D68F6 .C3 retn
005D68F7 >C3 retn ;RET 用作跳转到 005D68F8
005D68F8 >66:8B45 DC mov ax,word ptr ss:
005D68FC .8B4D E0 mov ecx,dword ptr ss:
005D68FF .64:890D 00000000 mov dword ptr fs:,ecx
005D6906 .5F pop edi
005D6907 .5E pop esi
005D6908 .5B pop ebx
005D6909 .8BE5 mov esp,ebp
005D690B .5D pop ebp
005D690C .C2 0C00 retn 0C ;要返回去了。。。下面的语句就开始算法了
---------------------------算法call-----------------------------------
005D6910 $55 push ebp ;开始时候判断是否注册,检查注册表和reg.ini文件,算法就在这儿了
005D6911 .8BEC mov ebp,esp
005D6913 .83EC 18 sub esp,18
005D6916 .68 16974100 push <jmp.&MSVBVM60.__vbaExceptHandler> ;SE 处理程序安装
005D691B .64:A1 00000000 mov eax,dword ptr fs:
005D6921 .50 push eax
005D6922 .64:8925 00000000 mov dword ptr fs:,esp
005D6929 .B8 B8000000 mov eax,0B8
005D692E .E8 DD2DE4FF call <jmp.&MSVBVM60.__vbaChkstk>
005D6933 .53 push ebx
005D6934 .56 push esi
005D6935 .57 push edi
005D6936 .8965 E8 mov dword ptr ss:,esp
005D6939 .C745 EC 48584100 mov dword ptr ss:,emu8086.00415848
005D6940 .C745 F0 00000000 mov dword ptr ss:,0
005D6947 .C745 F4 00000000 mov dword ptr ss:,0
005D694E .C745 FC 01000000 mov dword ptr ss:,1
005D6955 .8B55 0C mov edx,dword ptr ss:
005D6958 .8D4D C8 lea ecx,dword ptr ss:
005D695B .FF15 28134000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ;MSVBVM60.__vbaStrCopy
005D6961 .C745 FC 02000000 mov dword ptr ss:,2
005D6968 .6A FF push -1
005D696A .FF15 F8104000 call dword ptr ds:[<&MSVBVM60.__vbaOnError>] ;MSVBVM60.__vbaOnError
005D6970 .C745 FC 03000000 mov dword ptr ss:,3
005D6977 .BA 1C0A4500 mov edx,emu8086.00450A1C ;ABCDEFGHIJKLMNOPQRSTUVWXYZ
005D697C .8D4D A4 lea ecx,dword ptr ss:
005D697F .FF15 28134000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ;MSVBVM60.__vbaStrCopy
005D6985 .C745 FC 04000000 mov dword ptr ss:,4
005D698C .BA 580A4500 mov edx,emu8086.00450A58 ;QW10PASDFGHJKLZXCVBNMERTYU
005D6991 .8D4D D8 lea ecx,dword ptr ss:
005D6994 .FF15 28134000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ;MSVBVM60.__vbaStrCopy
005D699A .C745 FC 05000000 mov dword ptr ss:,5
005D69A1 .BA 940A4500 mov edx,emu8086.00450A94 ;Z9RTASDF01823ASJFSD1234346GFHPLMASDR613412QWERX
005D69A6 .8D4D D4 lea ecx,dword ptr ss:
005D69A9 .FF15 28134000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ;MSVBVM60.__vbaStrCopy
005D69AF .C745 FC 06000000 mov dword ptr ss:,6
005D69B6 .BA F80A4500 mov edx,emu8086.00450AF8 ;JKASERKKN837C3FRTQZX
005D69BB .8D4D B0 lea ecx,dword ptr ss:
005D69BE .FF15 28134000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ;MSVBVM60.__vbaStrCopy
005D69C4 .C745 FC 07000000 mov dword ptr ss:,7
005D69CB .BA 4C744300 mov edx,emu8086.0043744C
005D69D0 .8D4D B4 lea ecx,dword ptr ss:
005D69D3 .FF15 28134000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ;MSVBVM60.__vbaStrCopy
005D69D9 .C745 FC 08000000 mov dword ptr ss:,8
005D69E0 .8D45 C8 lea eax,dword ptr ss:
005D69E3 .8985 6CFFFFFF mov dword ptr ss:,eax
005D69E9 .C785 64FFFFFF 08400000 mov dword ptr ss:,4008
005D69F3 .8D8D 64FFFFFF lea ecx,dword ptr ss:
005D69F9 .51 push ecx
005D69FA .8D55 94 lea edx,dword ptr ss:
005D69FD .52 push edx
005D69FE .FF15 90114000 call dword ptr ds:[<&MSVBVM60.#528>] ;MSVBVM60.rtcUpperCaseVar
005D6A04 .8D45 94 lea eax,dword ptr ss: ;应该是从第6位开始截取吧?截了4位即6789
005D6A07 .50 push eax
005D6A08 .FF15 38104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarMove>>;MSVBVM60.__vbaStrVarMove
005D6A0E .8BD0 mov edx,eax
005D6A10 .8D4D A8 lea ecx,dword ptr ss:
005D6A13 .FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
005D6A19 .8D4D 94 lea ecx,dword ptr ss:
005D6A1C .FF15 34104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
005D6A22 .C745 FC 09000000 mov dword ptr ss:,9
005D6A29 .8D4D A8 lea ecx,dword ptr ss:
005D6A2C .51 push ecx
005D6A2D .E8 1EDCF6FF call emu8086.00544650 ;EAX中出现03,"RKN" 首次见到数据
005D6A32 .8BD0 mov edx,eax
005D6A34 .8D4D A8 lea ecx,dword ptr ss:
005D6A37 .FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
005D6A3D .C745 FC 0A000000 mov dword ptr ss:,0A
005D6A44 .66:C745 DC 0100 mov word ptr ss:,1
005D6A4A .C745 FC 0B000000 mov dword ptr ss:,0B
005D6A51 .66:C745 CC 0100 mov word ptr ss:,1
005D6A57 .C745 FC 0C000000 mov dword ptr ss:,0C
005D6A5E .66:C745 AC 0000 mov word ptr ss:,0
005D6A64 >C745 FC 0D000000 mov dword ptr ss:,0D ;循环1的开始,下面结尾是在005D6D80
005D6A6B .0FBF75 DC movsx esi,word ptr ss: ;循环1 装入一大堆固定的字符串拼起来
005D6A6F .8B55 A8 mov edx,dword ptr ss:
005D6A72 .52 push edx
005D6A73 .FF15 3C104000 call dword ptr ds:[<&MSVBVM60.__vbaLenBstr>] ;MSVBVM60.__vbaLenBstr
005D6A79 .33DB xor ebx,ebx
005D6A7B .3BF0 cmp esi,eax
005D6A7D .0F9FC3 setg bl
005D6A80 .0FBF75 CC movsx esi,word ptr ss:
005D6A84 .8B45 B0 mov eax,dword ptr ss:
005D6A87 .50 push eax ;EAX中的值为:JKASERKKN837C3FRTQZX
005D6A88 .FF15 3C104000 call dword ptr ds:[<&MSVBVM60.__vbaLenBstr>] ;MSVBVM60.__vbaLenBstr
005D6A8E .33C9 xor ecx,ecx
005D6A90 .3BF0 cmp esi,eax
005D6A92 .0F9FC1 setg cl
005D6A95 .0BD9 or ebx,ecx
005D6A97 .85DB test ebx,ebx
005D6A99 .0F85 E6020000 jnz emu8086.005D6D85 ;此跳转实现过
005D6A9F .C745 FC 0E000000 mov dword ptr ss:,0E
005D6AA6 .8B55 A4 mov edx,dword ptr ss:
005D6AA9 .8995 4CFFFFFF mov dword ptr ss:,edx
005D6AAF .C785 44FFFFFF 08000000 mov dword ptr ss:,8
005D6AB9 .C745 9C 01000000 mov dword ptr ss:,1
005D6AC0 .C745 94 02000000 mov dword ptr ss:,2
005D6AC7 .8D45 A8 lea eax,dword ptr ss:
005D6ACA .8985 6CFFFFFF mov dword ptr ss:,eax
005D6AD0 .C785 64FFFFFF 08400000 mov dword ptr ss:,4008
005D6ADA .8D4D 94 lea ecx,dword ptr ss:
005D6ADD .51 push ecx
005D6ADE .0FBF55 DC movsx edx,word ptr ss:
005D6AE2 .52 push edx
005D6AE3 .8D85 64FFFFFF lea eax,dword ptr ss:
005D6AE9 .50 push eax
005D6AEA .8D4D 84 lea ecx,dword ptr ss:
005D6AED .51 push ecx
005D6AEE .FF15 70114000 call dword ptr ds:[<&MSVBVM60.#632>] ;MSVBVM60.rtcMidCharVar
005D6AF4 .6A 01 push 1
005D6AF6 .8D95 44FFFFFF lea edx,dword ptr ss:
005D6AFC .52 push edx
005D6AFD .8D45 84 lea eax,dword ptr ss:
005D6B00 .50 push eax
005D6B01 .6A 00 push 0
005D6B03 .8D8D 74FFFFFF lea ecx,dword ptr ss:
005D6B09 .51 push ecx
005D6B0A .FF15 B8124000 call dword ptr ds:[<&MSVBVM60.__vbaInStrVar>];MSVBVM60.__vbaInStrVar
005D6B10 .50 push eax
005D6B11 .FF15 DC124000 call dword ptr ds:[<&MSVBVM60.__vbaI2Var>] ;MSVBVM60.__vbaI2Var
005D6B17 .66:8945 D0 mov word ptr ss:,ax
005D6B1B .8D95 74FFFFFF lea edx,dword ptr ss:
005D6B21 .52 push edx
005D6B22 .8D45 84 lea eax,dword ptr ss:
005D6B25 .50 push eax
005D6B26 .8D4D 94 lea ecx,dword ptr ss:
005D6B29 .51 push ecx
005D6B2A .6A 03 push 3
005D6B2C .FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>;MSVBVM60.__vbaFreeVarList
005D6B32 .83C4 10 add esp,10
005D6B35 .C745 FC 0F000000 mov dword ptr ss:,0F
005D6B3C .66:837D D0 00 cmp word ptr ss:,0
005D6B41 .0F8E DB010000 jle emu8086.005D6D22 ;此处跳向005D6D22 已实现
005D6B47 .C745 FC 10000000 mov dword ptr ss:,10
005D6B4E .66:837D AC 01 cmp word ptr ss:,1
005D6B53 .0F85 AB000000 jnz emu8086.005D6C04
005D6B59 .C745 FC 11000000 mov dword ptr ss:,11
005D6B60 .8B55 B4 mov edx,dword ptr ss:
005D6B63 .8995 4CFFFFFF mov dword ptr ss:,edx
005D6B69 .C785 44FFFFFF 08000000 mov dword ptr ss:,8
005D6B73 .C745 9C 01000000 mov dword ptr ss:,1
005D6B7A .C745 94 02000000 mov dword ptr ss:,2
005D6B81 .8D45 D8 lea eax,dword ptr ss:
005D6B84 .8985 6CFFFFFF mov dword ptr ss:,eax
005D6B8A .C785 64FFFFFF 08400000 mov dword ptr ss:,4008
005D6B94 .8D4D 94 lea ecx,dword ptr ss:
005D6B97 .51 push ecx
005D6B98 .0FBF55 D0 movsx edx,word ptr ss:
005D6B9C .52 push edx
005D6B9D .8D85 64FFFFFF lea eax,dword ptr ss:
005D6BA3 .50 push eax
005D6BA4 .8D4D 84 lea ecx,dword ptr ss:
005D6BA7 .51 push ecx
005D6BA8 .FF15 70114000 call dword ptr ds:[<&MSVBVM60.#632>] ;MSVBVM60.rtcMidCharVar
005D6BAE .8D95 44FFFFFF lea edx,dword ptr ss:
005D6BB4 .52 push edx
005D6BB5 .8D45 84 lea eax,dword ptr ss:
005D6BB8 .50 push eax
005D6BB9 .8D8D 74FFFFFF lea ecx,dword ptr ss:
005D6BBF .51 push ecx
005D6BC0 .FF15 D0124000 call dword ptr ds:[<&MSVBVM60.__vbaVarCat>] ;MSVBVM60.__vbaVarCat
005D6BC6 .50 push eax
005D6BC7 .FF15 38104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarMove>>;MSVBVM60.__vbaStrVarMove
005D6BCD .8BD0 mov edx,eax
005D6BCF .8D4D B4 lea ecx,dword ptr ss:
005D6BD2 .FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
005D6BD8 .8D95 74FFFFFF lea edx,dword ptr ss:
005D6BDE .52 push edx
005D6BDF .8D45 84 lea eax,dword ptr ss:
005D6BE2 .50 push eax
005D6BE3 .8D4D 94 lea ecx,dword ptr ss:
005D6BE6 .51 push ecx
005D6BE7 .6A 03 push 3
005D6BE9 .FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>;MSVBVM60.__vbaFreeVarList
005D6BEF .83C4 10 add esp,10
005D6BF2 .C745 FC 12000000 mov dword ptr ss:,12
005D6BF9 .66:C745 AC 0000 mov word ptr ss:,0
005D6BFF .E9 A6000000 jmp emu8086.005D6CAA
005D6C04 >C745 FC 14000000 mov dword ptr ss:,14
005D6C0B .8B55 B4 mov edx,dword ptr ss:
005D6C0E .8995 4CFFFFFF mov dword ptr ss:,edx
005D6C14 .C785 44FFFFFF 08000000 mov dword ptr ss:,8
005D6C1E .C745 9C 01000000 mov dword ptr ss:,1
005D6C25 .C745 94 02000000 mov dword ptr ss:,2
005D6C2C .8D45 D4 lea eax,dword ptr ss:
005D6C2F .8985 6CFFFFFF mov dword ptr ss:,eax
005D6C35 .C785 64FFFFFF 08400000 mov dword ptr ss:,4008
005D6C3F .8D4D 94 lea ecx,dword ptr ss:
005D6C42 .51 push ecx
005D6C43 .0FBF55 D0 movsx edx,word ptr ss:
005D6C47 .52 push edx
005D6C48 .8D85 64FFFFFF lea eax,dword ptr ss:
005D6C4E .50 push eax
005D6C4F .8D4D 84 lea ecx,dword ptr ss:
005D6C52 .51 push ecx
005D6C53 .FF15 70114000 call dword ptr ds:[<&MSVBVM60.#632>] ;MSVBVM60.rtcMidCharVar
005D6C59 .8D95 44FFFFFF lea edx,dword ptr ss:
005D6C5F .52 push edx
005D6C60 .8D45 84 lea eax,dword ptr ss:
005D6C63 .50 push eax
005D6C64 .8D8D 74FFFFFF lea ecx,dword ptr ss:
005D6C6A .51 push ecx
005D6C6B .FF15 D0124000 call dword ptr ds:[<&MSVBVM60.__vbaVarCat>] ;MSVBVM60.__vbaVarCat
005D6C71 .50 push eax
005D6C72 .FF15 38104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarMove>>;MSVBVM60.__vbaStrVarMove
005D6C78 .8BD0 mov edx,eax
005D6C7A .8D4D B4 lea ecx,dword ptr ss:
005D6C7D .FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
005D6C83 .8D95 74FFFFFF lea edx,dword ptr ss:
005D6C89 .52 push edx
005D6C8A .8D45 84 lea eax,dword ptr ss:
005D6C8D .50 push eax
005D6C8E .8D4D 94 lea ecx,dword ptr ss:
005D6C91 .51 push ecx
005D6C92 .6A 03 push 3
005D6C94 .FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>;MSVBVM60.__vbaFreeVarList
005D6C9A .83C4 10 add esp,10
005D6C9D .C745 FC 15000000 mov dword ptr ss:,15
005D6CA4 .66:C745 AC 0100 mov word ptr ss:,1
005D6CAA >C745 FC 17000000 mov dword ptr ss:,17
005D6CB1 .66:8B55 CC mov dx,word ptr ss:
005D6CB5 .66:83C2 01 add dx,1
005D6CB9 .0F80 DD020000 jo emu8086.005D6F9C
005D6CBF .66:8955 CC mov word ptr ss:,dx
005D6CC3 .C745 FC 18000000 mov dword ptr ss:,18
005D6CCA .8D45 D8 lea eax,dword ptr ss:
005D6CCD .50 push eax
005D6CCE .E8 DD020000 call emu8086.005D6FB0
005D6CD3 .8BD0 mov edx,eax
005D6CD5 .8D4D D8 lea ecx,dword ptr ss:
005D6CD8 .FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
005D6CDE .C745 FC 19000000 mov dword ptr ss:,19
005D6CE5 .8D4D D4 lea ecx,dword ptr ss:
005D6CE8 .51 push ecx
005D6CE9 .E8 C2020000 call emu8086.005D6FB0
005D6CEE .8BD0 mov edx,eax
005D6CF0 .8D4D D4 lea ecx,dword ptr ss:
005D6CF3 .FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
005D6CF9 .C745 FC 1A000000 mov dword ptr ss:,1A
005D6D00 .66:837D AC 01 cmp word ptr ss:,1
005D6D05 .75 1B jnz short emu8086.005D6D22
005D6D07 .C745 FC 1B000000 mov dword ptr ss:,1B
005D6D0E .8D55 D8 lea edx,dword ptr ss:
005D6D11 .52 push edx
005D6D12 .E8 99020000 call emu8086.005D6FB0
005D6D17 .8BD0 mov edx,eax
005D6D19 .8D4D D8 lea ecx,dword ptr ss:
005D6D1C .FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
005D6D22 >C745 FC 1E000000 mov dword ptr ss:,1E
005D6D29 .8D45 B0 lea eax,dword ptr ss:
005D6D2C .50 push eax ;让EAX进栈
005D6D2D .E8 7E020000 call emu8086.005D6FB0
005D6D32 .8BD0 mov edx,eax ;把EAX中的值赋给EDX
005D6D34 .8D4D B0 lea ecx,dword ptr ss:
005D6D37 .FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
005D6D3D .C745 FC 1F000000 mov dword ptr ss:,1F
005D6D44 .0FBF4D AC movsx ecx,word ptr ss:
005D6D48 .85C9 test ecx,ecx
005D6D4A .75 1B jnz short emu8086.005D6D67
005D6D4C .C745 FC 20000000 mov dword ptr ss:,20
005D6D53 .8D55 B0 lea edx,dword ptr ss:
005D6D56 .52 push edx
005D6D57 .E8 54020000 call emu8086.005D6FB0
005D6D5C .8BD0 mov edx,eax
005D6D5E .8D4D B0 lea ecx,dword ptr ss:
005D6D61 .FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
005D6D67 >C745 FC 22000000 mov dword ptr ss:,22
005D6D6E .66:8B45 DC mov ax,word ptr ss:
005D6D72 .66:05 0100 add ax,1
005D6D76 .0F80 20020000 jo emu8086.005D6F9C
005D6D7C .66:8945 DC mov word ptr ss:,ax
005D6D80 .^ E9 DFFCFFFF jmp emu8086.005D6A64 ;循环1的结尾,跳向005D6A64
005D6D85 >C745 FC 24000000 mov dword ptr ss:,24 ;循环2的开始
005D6D8C .0FBF75 CC movsx esi,word ptr ss:
005D6D90 .8B4D B0 mov ecx,dword ptr ss: ;循环2就能看到些希望了
005D6D93 .51 push ecx
005D6D94 .FF15 3C104000 call dword ptr ds:[<&MSVBVM60.__vbaLenBstr>] ;MSVBVM60.__vbaLenBstr
005D6D9A .3BF0 cmp esi,eax
005D6D9C .0F8F B7000000 jg emu8086.005D6E59
005D6DA2 .C745 FC 25000000 mov dword ptr ss:,25
005D6DA9 .8B55 B4 mov edx,dword ptr ss:
005D6DAC .8995 4CFFFFFF mov dword ptr ss:,edx
005D6DB2 .C785 44FFFFFF 08000000 mov dword ptr ss:,8
005D6DBC .C745 9C 01000000 mov dword ptr ss:,1
005D6DC3 .C745 94 02000000 mov dword ptr ss:,2
005D6DCA .8D45 B0 lea eax,dword ptr ss:
005D6DCD .8985 6CFFFFFF mov dword ptr ss:,eax
005D6DD3 .C785 64FFFFFF 08400000 mov dword ptr ss:,4008
005D6DDD .8D4D 94 lea ecx,dword ptr ss:
005D6DE0 .51 push ecx
005D6DE1 .0FBF55 CC movsx edx,word ptr ss:
005D6DE5 .52 push edx
005D6DE6 .8D85 64FFFFFF lea eax,dword ptr ss:
005D6DEC .50 push eax
005D6DED .8D4D 84 lea ecx,dword ptr ss:
005D6DF0 .51 push ecx
005D6DF1 .FF15 70114000 call dword ptr ds:[<&MSVBVM60.#632>] ;MSVBVM60.rtcMidCharVar
005D6DF7 .8D95 44FFFFFF lea edx,dword ptr ss:
005D6DFD .52 push edx
005D6DFE .8D45 84 lea eax,dword ptr ss:
005D6E01 .50 push eax
005D6E02 .8D8D 74FFFFFF lea ecx,dword ptr ss:
005D6E08 .51 push ecx
005D6E09 .FF15 D0124000 call dword ptr ds:[<&MSVBVM60.__vbaVarCat>] ;MSVBVM60.__vbaVarCat
005D6E0F .50 push eax
005D6E10 .FF15 38104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarMove>>;MSVBVM60.__vbaStrVarMove
005D6E16 .8BD0 mov edx,eax
005D6E18 .8D4D B4 lea ecx,dword ptr ss:
005D6E1B .FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
005D6E21 .8D95 74FFFFFF lea edx,dword ptr ss:
005D6E27 .52 push edx
005D6E28 .8D45 84 lea eax,dword ptr ss:
005D6E2B .50 push eax
005D6E2C .8D4D 94 lea ecx,dword ptr ss:
005D6E2F .51 push ecx
005D6E30 .6A 03 push 3
005D6E32 .FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>;MSVBVM60.__vbaFreeVarList
005D6E38 .83C4 10 add esp,10
005D6E3B .C745 FC 26000000 mov dword ptr ss:,26
005D6E42 .66:8B55 CC mov dx,word ptr ss:
005D6E46 .66:83C2 01 add dx,1
005D6E4A .0F80 4C010000 jo emu8086.005D6F9C
005D6E50 .66:8955 CC mov word ptr ss:,dx
005D6E54 .^ E9 2CFFFFFF jmp emu8086.005D6D85 ;循环2的结尾
005D6E59 >C745 FC 28000000 mov dword ptr ss:,28
005D6E60 .8B45 10 mov eax,dword ptr ss:
005D6E63 .66:8B08 mov cx,word ptr ds:
005D6E66 .66:83E9 01 sub cx,1
005D6E6A .0F80 2C010000 jo emu8086.005D6F9C
005D6E70 .66:898D 3CFFFFFF mov word ptr ss:,cx
005D6E77 .66:C785 40FFFFFF 0100 mov word ptr ss:,1
005D6E80 .66:C745 DC 0100 mov word ptr ss:,1
005D6E86 .EB 15 jmp short emu8086.005D6E9D
005D6E88 >66:8B55 DC mov dx,word ptr ss: ;循环3开始
005D6E8C .66:0395 40FFFFFF add dx,word ptr ss: ;循环3 当然是最后整理注册码了
005D6E93 .0F80 03010000 jo emu8086.005D6F9C
005D6E99 .66:8955 DC mov word ptr ss:,dx
005D6E9D >66:8B45 DC mov ax,word ptr ss:
005D6EA1 .66:3B85 3CFFFFFF cmp ax,word ptr ss:
005D6EA8 .7F 24 jg short emu8086.005D6ECE
005D6EAA .C745 FC 29000000 mov dword ptr ss:,29
005D6EB1 .8D4D B4 lea ecx,dword ptr ss:
005D6EB4 .51 push ecx
005D6EB5 .E8 F6000000 call emu8086.005D6FB0
005D6EBA .8BD0 mov edx,eax
005D6EBC .8D4D B4 lea ecx,dword ptr ss:
005D6EBF .FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
005D6EC5 .C745 FC 2A000000 mov dword ptr ss:,2A
005D6ECC .^ EB BA jmp short emu8086.005D6E88 ;循环3结尾
005D6ECE >C745 FC 2B000000 mov dword ptr ss:,2B
005D6ED5 .8B55 B4 mov edx,dword ptr ss:
005D6ED8 .8995 6CFFFFFF mov dword ptr ss:,edx
005D6EDE .C785 64FFFFFF 08000000 mov dword ptr ss:,8
005D6EE8 .8D95 64FFFFFF lea edx,dword ptr ss:
005D6EEE .8D4D B8 lea ecx,dword ptr ss:
005D6EF1 .FF15 B0134000 call dword ptr ds:[<&MSVBVM60.__vbaVarCopy>] ;MSVBVM60.__vbaVarCopy
005D6EF7 .68 6C6F5D00 push emu8086.005D6F6C
005D6EFC .EB 2E jmp short emu8086.005D6F2C ;跳向005D6F2C 已经实现
005D6EFE .8B45 F0 mov eax,dword ptr ss:
005D6F01 .83E0 04 and eax,4
005D6F04 .85C0 test eax,eax
005D6F06 .74 09 je short emu8086.005D6F11
005D6F08 .8D4D B8 lea ecx,dword ptr ss:
005D6F0B .FF15 34104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
005D6F11 >8D8D 74FFFFFF lea ecx,dword ptr ss:
005D6F17 .51 push ecx
005D6F18 .8D55 84 lea edx,dword ptr ss:
005D6F1B .52 push edx
005D6F1C .8D45 94 lea eax,dword ptr ss:
005D6F1F .50 push eax
005D6F20 .6A 03 push 3
005D6F22 .FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>;MSVBVM60.__vbaFreeVarList
005D6F28 .83C4 10 add esp,10
005D6F2B .C3 retn
005D6F2C >8D4D D8 lea ecx,dword ptr ss: ;跳转来自 005D6EFC
005D6F2F .FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ;MSVBVM60.__vbaFreeStr
005D6F35 .8D4D D4 lea ecx,dword ptr ss:
005D6F38 .FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ;MSVBVM60.__vbaFreeStr
005D6F3E .8D4D C8 lea ecx,dword ptr ss:
005D6F41 .FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ;MSVBVM60.__vbaFreeStr
005D6F47 .8D4D B4 lea ecx,dword ptr ss:
005D6F4A .FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ;MSVBVM60.__vbaFreeStr
005D6F50 .8D4D B0 lea ecx,dword ptr ss:
005D6F53 .FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ;MSVBVM60.__vbaFreeStr
005D6F59 .8D4D A8 lea ecx,dword ptr ss:
005D6F5C .FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ;MSVBVM60.__vbaFreeStr
005D6F62 .8D4D A4 lea ecx,dword ptr ss:
005D6F65 .FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ;MSVBVM60.__vbaFreeStr
005D6F6B .C3 retn
005D6F6C .8B4D 08 mov ecx,dword ptr ss:
005D6F6F .8B55 B8 mov edx,dword ptr ss:
005D6F72 .8911 mov dword ptr ds:,edx
005D6F74 .8B45 BC mov eax,dword ptr ss:
005D6F77 .8941 04 mov dword ptr ds:,eax
005D6F7A .8B55 C0 mov edx,dword ptr ss:
005D6F7D .8951 08 mov dword ptr ds:,edx
005D6F80 .8B45 C4 mov eax,dword ptr ss:
005D6F83 .8941 0C mov dword ptr ds:,eax
005D6F86 .8B45 08 mov eax,dword ptr ss:
005D6F89 .8B4D E0 mov ecx,dword ptr ss:
005D6F8C .64:890D 00000000 mov dword ptr fs:,ecx
005D6F93 .5F pop edi
005D6F94 .5E pop esi
005D6F95 .5B pop ebx
005D6F96 .8BE5 mov esp,ebp ;最终EDX中出现的就是真正的注册码了
005D6F98 .5D pop ebp
005D6F99 .C2 0C00 retn 0C ;算法call结束,返回调用处
----------------------------所用断点信息-------------------------------------------
Breakpoints
地址 模块 激活 反汇编 注释
005D4B01 emu8086 始终 cmp dword ptr ss:,0 就先断在此处,开始往下调
005D4C46 emu8086 始终 call emu8086.005D5F80 这个call按f8也能过去,就是算法call
005D6590 emu8086 始终 push ebp 开始时也要较验两次,看是否注册成功
005D6910 emu8086 始终 push ebp 开始时候判断是否注册,检查注册表和reg.ini文件,算法就在这儿了
-----------------------------reg.ini中所写数据---------------------------------------
username=冰河之刃
regkey=3FRTQZXJKASERKKN837C
q=100
--------------------------------------------------------------------------------------
谨以此教程送给那些一直关心我,帮助过我的人。是你们的帮助才让我的生活更加的轻松快乐。
愿你们天天都有一份好的心情。^_^
2009年12月27日16时56分23秒
--------------------------------------------------------------------------------
【总结】
VB的程序其实也并不是太难破。只要找准位置下好断点,再加一点儿耐心,就没有做不到的事。
愚蠢的人总是人云亦云,别人说VB程序难破,他就也跟着说难破,你破了吗?亲自做过才有发言权。
神,其实也是人!只不过他做了别人做不到的事,所以他就成了神!
--------------------------------------------------------------------------------
【版权声明】: 本文原创自冰河之刃, 转载请注明作者并保持文章的完整, 谢谢!
[ 本帖最后由 月之精灵 于 2010-1-7 16:36 编辑 ] 首先:学习了,谢谢
另外:最好把前面的广告去除,最好您自己动手哈
最后 ,谢谢您在PYG发表你的作品, 文章很精彩,可惜的是开头插播了一段广告~ 怎么还带广告的?/:017 顶一下,谢谢共享 好好学习下~~
帖子好长,最好把重点标注的再详细点就好了~~,让我等菜鸟看的会更
明白点~~
冰河之刃 名字好耳熟
楼主是不是在网友世界杂志发表过文章? 呵呵文章不错学习下呵呵 广告就不学了/:018 学习了你,谢谢楼主分享 这就是我做的教程中的一篇破文,发到这里面的时候忘了把前面的去掉了。让大家见笑了。。。 原帖由 伏牛山 于 2010-1-7 16:22 发表 https://www.chinapyg.com/images/common/back.gif
这就是我做的教程中的一篇破文,发到这里面的时候忘了把前面的去掉了。让大家见笑了。。。
既然如此我就代劳帮你删了那广告,勿怪,哈哈 文章非常详细。尤其是出现MSVBVM60.rtcVarBstrFromAnsi类似指令显示出来。看着能分析个大概,能猜测下大概那里是快到重点了。
页:
[1]
2