- UID
- 5592
注册时间2005-12-21
阅读权限40
最后登录1970-1-1
独步武林
 
TA的每日心情 | 慵懒
2019-1-18 17:27 |
|---|
签到天数: 30 天 [LV.5]常住居民I
|
【破文标题】企虎产品管理软件 V4.3 解码分析
【破文作者】lzq1973[PYG][CZG][OCN][DFCG]
【作者邮箱】[email protected]
【作者主页】http://my.winzheng.com/?455397
【破解工具】OD、PEiD、C32Asm
【破解平台】WinXP
【软件名称】企虎产品管理软件 V4.3
【软件大小】4.1M
【原版下载】http://www.sharebank.com.cn/soft/SoftView_21150.htm
【保护方式】SN
【软件简介】企虎产品管理软件是一款企业产品管理软件,
A.产品表字段自定义功能!能满足企业产品管理特殊化需求[支持产品图片管理]
B.产品信息的增加,删除,修改,支持存储海量数据!
C.产品表信息自由查询功能
D.产品信息列表式打印
E.支持产品单打印[可以打印产品图片]
【破解声明】俺是只小小鸟,纯为学习,愿与大家分享!
------------------------------------------------------------------------
【破解过程】1、PEiD侦之“Microsoft Visual Basic 5.0 / 6.0”,无壳,心中暗喜;
2、运行程序,来到注册界面,试着注册,有提示“你输入的注册码有错!如果要注册正式版!请与企虎软件研发部联”,属直接比较型;也可在OD里用rtcMsgBox下断;
3、OD载入,用其插件找字相关字符串(上面已说了的),双击后来到004400DA这里,向上找子程序的开始处为43F7A0,在这里下断,就来到了...
0043F7A0 > \55 push ebp ; 来到这里
0043F7A1 . 8BEC mov ebp, esp
0043F7A3 . 83EC 0C sub esp, 0C
0043F7A6 . 68 C62C4000 push <jmp.&MSVBVM60.__vbaExceptHandle>; SE 处理程序安装
0043F7AB . 64:A1 0000000>mov eax, fs:[0]
0043F7B1 . 50 push eax
0043F7B2 . 64:8925 00000>mov fs:[0], esp
0043F7B9 . 81EC 40020000 sub esp, 240
0043F7BF . 53 push ebx
0043F7C0 . 56 push esi
0043F7C1 . 57 push edi
0043F7C2 . 8965 F4 mov [ebp-C], esp
0043F7C5 . C745 F8 40174>mov dword ptr [ebp-8], 00401740
0043F7CC . 8B7D 08 mov edi, [ebp+8]
0043F7CF . 8BC7 mov eax, edi
0043F7D1 . 83E0 01 and eax, 1
0043F7D4 . 8945 FC mov [ebp-4], eax
0043F7D7 . 83E7 FE and edi, FFFFFFFE
0043F7DA . 57 push edi
0043F7DB . 897D 08 mov [ebp+8], edi
0043F7DE . 8B0F mov ecx, [edi]
0043F7E0 . FF51 04 call [ecx+4]
0043F7E3 . 8B17 mov edx, [edi]
0043F7E5 . 33F6 xor esi, esi
0043F7E7 . 57 push edi
0043F7E8 . 8975 E8 mov [ebp-18], esi
0043F7EB . 8975 E4 mov [ebp-1C], esi
0043F7EE . 8975 E0 mov [ebp-20], esi
0043F7F1 . 8975 DC mov [ebp-24], esi
0043F7F4 . 8975 D8 mov [ebp-28], esi
0043F7F7 . 8975 D4 mov [ebp-2C], esi
0043F7FA . 8975 D0 mov [ebp-30], esi
0043F7FD . 8975 CC mov [ebp-34], esi
0043F800 . 8975 C8 mov [ebp-38], esi
0043F803 . 8975 C4 mov [ebp-3C], esi
0043F806 . 8975 C0 mov [ebp-40], esi
0043F809 . 8975 BC mov [ebp-44], esi
0043F80C . 8975 B8 mov [ebp-48], esi
0043F80F . 8975 B4 mov [ebp-4C], esi
0043F812 . 8975 B0 mov [ebp-50], esi
0043F815 . 8975 AC mov [ebp-54], esi
0043F818 . 8975 9C mov [ebp-64], esi
0043F81B . 8975 8C mov [ebp-74], esi
0043F81E . 89B5 7CFFFFFF mov [ebp-84], esi
0043F824 . 89B5 6CFFFFFF mov [ebp-94], esi
0043F82A . 89B5 5CFFFFFF mov [ebp-A4], esi
0043F830 . 89B5 4CFFFFFF mov [ebp-B4], esi
0043F836 . 89B5 3CFFFFFF mov [ebp-C4], esi
0043F83C . 89B5 2CFFFFFF mov [ebp-D4], esi
0043F842 . 89B5 1CFFFFFF mov [ebp-E4], esi
0043F848 . 89B5 0CFFFFFF mov [ebp-F4], esi
0043F84E . 89B5 FCFEFFFF mov [ebp-104], esi
0043F854 . 89B5 ECFEFFFF mov [ebp-114], esi
0043F85A . 89B5 DCFEFFFF mov [ebp-124], esi
0043F860 . 89B5 CCFEFFFF mov [ebp-134], esi
0043F866 . 89B5 BCFEFFFF mov [ebp-144], esi
0043F86C . 89B5 ACFEFFFF mov [ebp-154], esi
0043F872 . 89B5 9CFEFFFF mov [ebp-164], esi
0043F878 . 89B5 7CFEFFFF mov [ebp-184], esi
0043F87E . 89B5 5CFEFFFF mov [ebp-1A4], esi
0043F884 . 89B5 3CFEFFFF mov [ebp-1C4], esi
0043F88A . 89B5 28FEFFFF mov [ebp-1D8], esi
0043F890 . 89B5 24FEFFFF mov [ebp-1DC], esi
0043F896 . 89B5 20FEFFFF mov [ebp-1E0], esi
0043F89C . 89B5 1CFEFFFF mov [ebp-1E4], esi
0043F8A2 . 89B5 18FEFFFF mov [ebp-1E8], esi
0043F8A8 . FF92 10030000 call [edx+310]
0043F8AE . 50 push eax
0043F8AF . 8D45 BC lea eax, [ebp-44]
0043F8B2 . 50 push eax
0043F8B3 . FF15 A8104000 call [<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
0043F8B9 . 8BF8 mov edi, eax
0043F8BB . 8D55 E0 lea edx, [ebp-20]
0043F8BE . 52 push edx
0043F8BF . 57 push edi
0043F8C0 . 8B0F mov ecx, [edi]
0043F8C2 . FF91 A0000000 call [ecx+A0]
0043F8C8 . 3BC6 cmp eax, esi
0043F8CA . DBE2 fclex
0043F8CC . 7D 12 jge short 0043F8E0
0043F8CE . 68 A0000000 push 0A0
0043F8D3 . 68 D8FE4000 push 0040FED8
0043F8D8 . 57 push edi
0043F8D9 . 50 push eax
0043F8DA . FF15 70104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
0043F8E0 > 8B55 E0 mov edx, [ebp-20] ; 机器码[令其为A] (UNICODE "534917322")
0043F8E3 . 8975 E0 mov [ebp-20], esi
0043F8E6 . 8B35 70124000 mov esi, [<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
0043F8EC . 8D4D DC lea ecx, [ebp-24]
0043F8EF . FFD6 call esi ; <&MSVBVM60.__vbaStrMove>
0043F8F1 . 8D45 DC lea eax, [ebp-24]
0043F8F4 . 8D4D 9C lea ecx, [ebp-64]
0043F8F7 . 50 push eax
0043F8F8 . 51 push ecx
0043F8F9 . E8 D2F8FFFF call 0043F1D0 ; 机器码翻转 (设字符串为B)
0043F8FE . 8B3D C0114000 mov edi, [<&MSVBVM60.__vbaStrVarVal>>; MSVBVM60.__vbaStrVarVal
0043F904 . 8D55 9C lea edx, [ebp-64]
0043F907 . 8D45 D8 lea eax, [ebp-28]
0043F90A . 52 push edx
0043F90B . 50 push eax
0043F90C . FFD7 call edi ; <&MSVBVM60.__vbaStrVarVal>
0043F90E . 50 push eax ; 翻转后(UNICODE "223719435")
0043F90F . FF15 A4124000 call [<&MSVBVM60.#581>] ; MSVBVM60.rtcR8ValFromBstr
0043F915 . 83EC 08 sub esp, 8
0043F918 . DD1C24 fstp qword ptr [esp]
0043F91B . FF15 60114000 call [<&MSVBVM60.__vbaStrR8>] ; MSVBVM60.__vbaStrR8
0043F921 . 8BD0 mov edx, eax
0043F923 . 8D4D E4 lea ecx, [ebp-1C]
0043F926 . FFD6 call esi
0043F928 . 8D4D D8 lea ecx, [ebp-28]
0043F92B . 8D55 DC lea edx, [ebp-24]
0043F92E . 51 push ecx
0043F92F . 52 push edx
0043F930 . 6A 02 push 2
0043F932 . FF15 F8114000 call [<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
0043F938 . 83C4 0C add esp, 0C
0043F93B . 8D4D BC lea ecx, [ebp-44]
0043F93E . FF15 9C124000 call [<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
0043F944 . 8D4D 9C lea ecx, [ebp-64]
0043F947 . FF15 20104000 call [<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar
0043F94D . 8B45 E4 mov eax, [ebp-1C]
0043F950 . 50 push eax
0043F951 . 68 30024100 push 00410230 ; 常量令其为[C] 22651156339035732265115633903573
0043F956 . FF15 58104000 call [<&MSVBVM60.__vbaStrCat>] ; B+C=D (这里的“+”为连接符)
0043F95C . 8BD0 mov edx, eax ; (UNICODE "22371943522651156339035732265115633903573")
0043F95E . 8D4D E4 lea ecx, [ebp-1C]
0043F961 . FFD6 call esi
0043F963 . 8B1D 04114000 mov ebx, [<&MSVBVM60.#632>] ; MSVBVM60.rtcMidCharVar
0043F969 . 8D4D E4 lea ecx, [ebp-1C]
0043F96C . 8D55 9C lea edx, [ebp-64]
0043F96F . 898D C4FEFFFF mov [ebp-13C], ecx
0043F975 . 52 push edx
0043F976 . 8D85 BCFEFFFF lea eax, [ebp-144]
0043F97C . 6A 01 push 1
0043F97E . 8D4D 8C lea ecx, [ebp-74]
0043F981 . 50 push eax
0043F982 . 51 push ecx
0043F983 . C745 A4 19000>mov dword ptr [ebp-5C], 19
0043F98A . C745 9C 02000>mov dword ptr [ebp-64], 2
0043F991 . C785 BCFEFFFF>mov dword ptr [ebp-144], 4008
0043F99B . FFD3 call ebx ; <&MSVBVM60.#632>
0043F99D . 8D55 8C lea edx, [ebp-74]
0043F9A0 . 52 push edx
0043F9A1 . FF15 28104000 call [<&MSVBVM60.__vbaStrVarMove>] ; MSVBVM60.__vbaStrVarMove
0043F9A7 . 8BD0 mov edx, eax ; (UNICODE "2237194352265115633903573")
0043F9A9 . 8D4D E4 lea ecx, [ebp-1C]
0043F9AC . FFD6 call esi
0043F9AE . 8D45 8C lea eax, [ebp-74]
0043F9B1 . 8D4D 9C lea ecx, [ebp-64]
0043F9B4 . 50 push eax
0043F9B5 . 51 push ecx
0043F9B6 . 6A 02 push 2
0043F9B8 . FF15 30104000 call [<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
0043F9BE . 83C4 0C add esp, 0C
0043F9C1 . 8D55 E4 lea edx, [ebp-1C]
0043F9C4 . 8D85 7CFFFFFF lea eax, [ebp-84]
0043F9CA . 8995 A4FEFFFF mov [ebp-15C], edx
0043F9D0 . 50 push eax
0043F9D1 . 8D8D 9CFEFFFF lea ecx, [ebp-164]
0043F9D7 . 6A 0C push 0C
0043F9D9 . 8D95 6CFFFFFF lea edx, [ebp-94]
0043F9DF . 51 push ecx
0043F9E0 . C745 84 01000>mov dword ptr [ebp-7C], 1
0043F9E7 . C785 7CFFFFFF>mov dword ptr [ebp-84], 2
0043F9F1 . C785 9CFEFFFF>mov dword ptr [ebp-164], 4008
0043F9FB . 52 push edx
0043F9FC . FFD3 call ebx
0043F9FE . 8D85 6CFFFFFF lea eax, [ebp-94]
0043FA04 . 8D4D DC lea ecx, [ebp-24]
0043FA07 . 50 push eax
0043FA08 . 51 push ecx
0043FA09 . FFD7 call edi
0043FA0B . 50 push eax
0043FA0C . FF15 A4124000 call [<&MSVBVM60.#581>] ; MSVBVM60.rtcR8ValFromBstr
0043FA12 . DD9D 10FEFFFF fstp qword ptr [ebp-1F0]
0043FA18 . 8D55 E4 lea edx, [ebp-1C]
0043FA1B . 8D85 5CFFFFFF lea eax, [ebp-A4]
0043FA21 . 8995 84FEFFFF mov [ebp-17C], edx
0043FA27 . 50 push eax
0043FA28 . 8D8D 7CFEFFFF lea ecx, [ebp-184]
0043FA2E . 6A 18 push 18
0043FA30 . 8D95 4CFFFFFF lea edx, [ebp-B4]
0043FA36 . 51 push ecx
0043FA37 . 52 push edx
0043FA38 . C785 64FFFFFF>mov dword ptr [ebp-9C], 1
0043FA42 . C785 5CFFFFFF>mov dword ptr [ebp-A4], 2
0043FA4C . C785 7CFEFFFF>mov dword ptr [ebp-184], 4008
0043FA56 . FFD3 call ebx
0043FA58 . 8D85 4CFFFFFF lea eax, [ebp-B4]
0043FA5E . 8D4D D8 lea ecx, [ebp-28]
0043FA61 . 50 push eax
0043FA62 . 51 push ecx
0043FA63 . FFD7 call edi
0043FA65 . 50 push eax
0043FA66 . FF15 A4124000 call [<&MSVBVM60.#581>] ; MSVBVM60.rtcR8ValFromBstr
0043FA6C . DD9D 08FEFFFF fstp qword ptr [ebp-1F8]
0043FA72 . 8D55 E4 lea edx, [ebp-1C]
0043FA75 . 8D85 3CFFFFFF lea eax, [ebp-C4]
0043FA7B . 8995 64FEFFFF mov [ebp-19C], edx
0043FA81 . 50 push eax
0043FA82 . 8D8D 5CFEFFFF lea ecx, [ebp-1A4]
0043FA88 . 6A 01 push 1
0043FA8A . 8D95 2CFFFFFF lea edx, [ebp-D4]
0043FA90 . 51 push ecx
0043FA91 . 52 push edx
0043FA92 . C785 44FFFFFF>mov dword ptr [ebp-BC], 1
0043FA9C . C785 3CFFFFFF>mov dword ptr [ebp-C4], 2
0043FAA6 . C785 5CFEFFFF>mov dword ptr [ebp-1A4], 4008
0043FAB0 . FFD3 call ebx
0043FAB2 . 8D85 2CFFFFFF lea eax, [ebp-D4]
0043FAB8 . 8D4D D4 lea ecx, [ebp-2C]
0043FABB . 50 push eax
0043FABC . 51 push ecx
0043FABD . FFD7 call edi
0043FABF . 50 push eax
0043FAC0 . FF15 A4124000 call [<&MSVBVM60.#581>] ; MSVBVM60.rtcR8ValFromBstr
0043FAC6 . DD9D 00FEFFFF fstp qword ptr [ebp-200]
0043FACC . DD85 00FEFFFF fld qword ptr [ebp-200]
0043FAD2 . 8D85 1CFFFFFF lea eax, [ebp-E4]
0043FAD8 . 8D55 E4 lea edx, [ebp-1C]
0043FADB . 50 push eax
0043FADC . C785 24FFFFFF>mov dword ptr [ebp-DC], 1
0043FAE6 . C785 1CFFFFFF>mov dword ptr [ebp-E4], 2
0043FAF0 . 8995 44FEFFFF mov [ebp-1BC], edx
0043FAF6 . C785 3CFEFFFF>mov dword ptr [ebp-1C4], 4008
0043FB00 . FF15 50124000 call [<&MSVBVM60.__vbaFpI4>] ; MSVBVM60.__vbaFpI4
0043FB06 . 8D8D 3CFEFFFF lea ecx, [ebp-1C4]
0043FB0C . 50 push eax
0043FB0D . 8D95 0CFFFFFF lea edx, [ebp-F4]
0043FB13 . 51 push ecx
0043FB14 . 52 push edx
0043FB15 . FFD3 call ebx
0043FB17 . 8D85 0CFFFFFF lea eax, [ebp-F4]
0043FB1D . 8D4D D0 lea ecx, [ebp-30]
0043FB20 . 50 push eax
0043FB21 . 51 push ecx
0043FB22 . FFD7 call edi
0043FB24 . 50 push eax
0043FB25 . FF15 A4124000 call [<&MSVBVM60.#581>] ; MSVBVM60.rtcR8ValFromBstr
0043FB2B . DD9D F8FDFFFF fstp qword ptr [ebp-208]
0043FB31 . 8D55 E4 lea edx, [ebp-1C]
0043FB34 . 8D45 9C lea eax, [ebp-64]
0043FB37 . C745 A4 01000>mov dword ptr [ebp-5C], 1
0043FB3E . C745 9C 02000>mov dword ptr [ebp-64], 2
0043FB45 . 8995 C4FEFFFF mov [ebp-13C], edx
0043FB4B . C785 BCFEFFFF>mov dword ptr [ebp-144], 4008
0043FB55 . 50 push eax
0043FB56 . 8D8D BCFEFFFF lea ecx, [ebp-144]
0043FB5C . 6A 01 push 1
0043FB5E . 8D55 8C lea edx, [ebp-74]
0043FB61 . 51 push ecx
0043FB62 . 52 push edx
0043FB63 . FFD3 call ebx
0043FB65 . 8D45 8C lea eax, [ebp-74]
0043FB68 . 8D4D E0 lea ecx, [ebp-20]
0043FB6B . 50 push eax
0043FB6C . 51 push ecx
0043FB6D . FFD7 call edi
0043FB6F . 50 push eax
0043FB70 . FF15 A4124000 call [<&MSVBVM60.#581>] ; MSVBVM60.rtcR8ValFromBstr
0043FB76 . DC85 10FEFFFF fadd qword ptr [ebp-1F0]
0043FB7C . 8B3D 60114000 mov edi, [<&MSVBVM60.__vbaStrR8>] ; MSVBVM60.__vbaStrR8
0043FB82 . 83EC 08 sub esp, 8
0043FB85 . DC85 08FEFFFF fadd qword ptr [ebp-1F8]
0043FB8B . DC85 F8FDFFFF fadd qword ptr [ebp-208]
0043FB91 . DFE0 fstsw ax
0043FB93 . A8 0D test al, 0D
0043FB95 . 0F85 4B080000 jnz 004403E6
0043FB9B . DD1C24 fstp qword ptr [esp]
0043FB9E . FFD7 call edi ; <&MSVBVM60.__vbaStrR8>
0043FBA0 . 8BD0 mov edx, eax
0043FBA2 . 8D4D CC lea ecx, [ebp-34]
0043FBA5 . FFD6 call esi
0043FBA7 . 50 push eax
0043FBA8 . FF15 A4124000 call [<&MSVBVM60.#581>] ; MSVBVM60.rtcR8ValFromBstr
0043FBAE . 833D 00604600>cmp dword ptr [466000], 0
0043FBB5 . 75 08 jnz short 0043FBBF
0043FBB7 . DC35 F8124000 fdiv qword ptr [4012F8]
0043FBBD . EB 11 jmp short 0043FBD0
0043FBBF > FF35 FC124000 push dword ptr [4012FC]
0043FBC5 . FF35 F8124000 push dword ptr [4012F8]
0043FBCB . E8 1431FCFF call <jmp.&MSVBVM60._adj_fdiv_m64>
0043FBD0 > 83EC 08 sub esp, 8
0043FBD3 . DFE0 fstsw ax
0043FBD5 . A8 0D test al, 0D
0043FBD7 . 0F85 09080000 jnz 004403E6
0043FBDD . DD1C24 fstp qword ptr [esp]
0043FBE0 . FFD7 call edi
0043FBE2 . 8BD0 mov edx, eax
0043FBE4 . 8D4D C8 lea ecx, [ebp-38]
0043FBE7 . FFD6 call esi
0043FBE9 . 50 push eax
0043FBEA . FF15 A4124000 call [<&MSVBVM60.#581>] ; MSVBVM60.rtcR8ValFromBstr
0043FBF0 . FF15 5C124000 call [<&MSVBVM60.__vbaR8IntI2>] ; MSVBVM60.__vbaR8IntI2
0043FBF6 . 8945 E8 mov [ebp-18], eax
0043FBF9 . 8D55 C8 lea edx, [ebp-38]
0043FBFC . 8D45 CC lea eax, [ebp-34]
0043FBFF . 52 push edx
0043FC00 . 8D4D D0 lea ecx, [ebp-30]
0043FC03 . 50 push eax
0043FC04 . 8D55 D4 lea edx, [ebp-2C]
0043FC07 . 51 push ecx
0043FC08 . 8D45 D8 lea eax, [ebp-28]
0043FC0B . 52 push edx
0043FC0C . 8D4D DC lea ecx, [ebp-24]
0043FC0F . 50 push eax
0043FC10 . 8D55 E0 lea edx, [ebp-20]
0043FC13 . 51 push ecx
0043FC14 . 52 push edx
0043FC15 . 6A 07 push 7
0043FC17 . FF15 F8114000 call [<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
0043FC1D . 8D85 0CFFFFFF lea eax, [ebp-F4]
0043FC23 . 8D8D 1CFFFFFF lea ecx, [ebp-E4]
0043FC29 . 50 push eax
0043FC2A . 8D95 2CFFFFFF lea edx, [ebp-D4]
0043FC30 . 51 push ecx
0043FC31 . 8D85 3CFFFFFF lea eax, [ebp-C4]
0043FC37 . 52 push edx
0043FC38 . 8D8D 4CFFFFFF lea ecx, [ebp-B4]
0043FC3E . 50 push eax
0043FC3F . 8D95 5CFFFFFF lea edx, [ebp-A4]
0043FC45 . 51 push ecx
0043FC46 . 8D85 6CFFFFFF lea eax, [ebp-94]
0043FC4C . 52 push edx
0043FC4D . 8D8D 7CFFFFFF lea ecx, [ebp-84]
0043FC53 . 50 push eax
0043FC54 . 8D55 8C lea edx, [ebp-74]
0043FC57 . 51 push ecx
0043FC58 . 8D45 9C lea eax, [ebp-64]
0043FC5B . 52 push edx
0043FC5C . 50 push eax
0043FC5D . 6A 0A push 0A
0043FC5F . FF15 30104000 call [<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
0043FC65 . 83C4 4C add esp, 4C
0043FC68 . 8D8D 28FEFFFF lea ecx, [ebp-1D8]
0043FC6E . 8D55 E8 lea edx, [ebp-18]
0043FC71 . 51 push ecx
0043FC72 . 8D45 E4 lea eax, [ebp-1C]
0043FC75 . 33DB xor ebx, ebx
0043FC77 . 52 push edx
0043FC78 . 50 push eax
0043FC79 . 899D 28FEFFFF mov [ebp-1D8], ebx
0043FC7F . E8 CCF6FFFF call 0043F350 ; 取D的前5位×4(都是十进制)为E1
0043FC84 . 8BD0 mov edx, eax ; (UNICODE "89484")
0043FC86 . 8D4D E0 lea ecx, [ebp-20]
0043FC89 . FFD6 call esi
0043FC8B . 8D8D 24FEFFFF lea ecx, [ebp-1DC]
0043FC91 . 8D55 E8 lea edx, [ebp-18]
0043FC94 . 51 push ecx
0043FC95 . 8D45 E4 lea eax, [ebp-1C]
0043FC98 . 52 push edx
0043FC99 . 50 push eax
0043FC9A . C785 24FEFFFF>mov dword ptr [ebp-1DC], 1
0043FCA4 . E8 A7F6FFFF call 0043F350 ; 取D的第二个5位×4(都是十进制)为E2
0043FCA9 . 8BD0 mov edx, eax ; (UNICODE "377408")
0043FCAB . 8D4D DC lea ecx, [ebp-24]
0043FCAE . FFD6 call esi
0043FCB0 . 8D8D 20FEFFFF lea ecx, [ebp-1E0]
0043FCB6 . 8D55 E8 lea edx, [ebp-18]
0043FCB9 . 51 push ecx
0043FCBA . 8D45 E4 lea eax, [ebp-1C]
0043FCBD . 52 push edx
0043FCBE . 50 push eax
0043FCBF . C785 20FEFFFF>mov dword ptr [ebp-1E0], 2
0043FCC9 . E8 82F6FFFF call 0043F350 ; 第三个5位×4(都是十进制)为E3
0043FCCE . 8BD0 mov edx, eax ; (UNICODE "106044")
0043FCD0 . 8D4D D8 lea ecx, [ebp-28]
0043FCD3 . FFD6 call esi
0043FCD5 . 8D8D 1CFEFFFF lea ecx, [ebp-1E4]
0043FCDB . 8D55 E8 lea edx, [ebp-18]
0043FCDE . 51 push ecx
0043FCDF . 8D45 E4 lea eax, [ebp-1C]
0043FCE2 . 52 push edx
0043FCE3 . 50 push eax
0043FCE4 . C785 1CFEFFFF>mov dword ptr [ebp-1E4], 3
0043FCEE . E8 5DF6FFFF call 0043F350 ; 第四个5位×4(都是十进制)为E4
0043FCF3 . 8BD0 mov edx, eax ; (UNICODE "225356")
0043FCF5 . 8D4D D4 lea ecx, [ebp-2C]
0043FCF8 . FFD6 call esi
0043FCFA . 8D8D 18FEFFFF lea ecx, [ebp-1E8]
0043FD00 . 8D55 E8 lea edx, [ebp-18]
0043FD03 . 51 push ecx
0043FD04 . 8D45 E4 lea eax, [ebp-1C]
0043FD07 . 52 push edx
0043FD08 . 50 push eax
0043FD09 . C785 18FEFFFF>mov dword ptr [ebp-1E8], 4
0043FD13 . E8 38F6FFFF call 0043F350 ; 末5位×4(都是十进制)为E5
0043FD18 . 8BD0 mov edx, eax ; (UNICODE "14292")
0043FD1A . 8D4D D0 lea ecx, [ebp-30]
0043FD1D . FFD6 call esi
0043FD1F . 8B45 E0 mov eax, [ebp-20] ; E1 (UNICODE "89484")
0043FD22 . 8B3D 60124000 mov edi, [<&MSVBVM60.#617>] ; MSVBVM60.rtcLeftCharVar
0043FD28 . 8D4D 9C lea ecx, [ebp-64]
0043FD2B . 6A 05 push 5 ; 取E1的前5位为K1
0043FD2D . 8D55 8C lea edx, [ebp-74]
0043FD30 . 51 push ecx
0043FD31 . 52 push edx
0043FD32 . 895D E0 mov [ebp-20], ebx
0043FD35 . 8945 A4 mov [ebp-5C], eax
0043FD38 . C745 9C 08000>mov dword ptr [ebp-64], 8
0043FD3F . FFD7 call edi ; <&MSVBVM60.#617>
0043FD41 . 8B45 DC mov eax, [ebp-24] ; E2 (UNICODE "377408")
0043FD44 . 6A 05 push 5 ; 取E2的前5位为K2
0043FD46 . 8945 84 mov [ebp-7C], eax
0043FD49 . 8D85 7CFFFFFF lea eax, [ebp-84]
0043FD4F . 8D8D 6CFFFFFF lea ecx, [ebp-94]
0043FD55 . 50 push eax
0043FD56 . 51 push ecx
0043FD57 . 895D DC mov [ebp-24], ebx
0043FD5A . C785 7CFFFFFF>mov dword ptr [ebp-84], 8
0043FD64 . FFD7 call edi
0043FD66 . 8B45 D8 mov eax, [ebp-28] ; E3 (UNICODE "106044")
0043FD69 . 895D D8 mov [ebp-28], ebx
0043FD6C . 8985 54FFFFFF mov [ebp-AC], eax
0043FD72 . C785 4CFFFFFF>mov dword ptr [ebp-B4], 8
0043FD7C . 8D95 4CFFFFFF lea edx, [ebp-B4]
0043FD82 . 6A 05 push 5 ; 取E3的前5位为K3
0043FD84 . 8D85 3CFFFFFF lea eax, [ebp-C4]
0043FD8A . 52 push edx
0043FD8B . 50 push eax
0043FD8C . FFD7 call edi
0043FD8E . 8B45 D4 mov eax, [ebp-2C] ; E4 (UNICODE "225356")
0043FD91 . 8D8D 1CFFFFFF lea ecx, [ebp-E4]
0043FD97 . 6A 05 push 5 ; 取E4的前5位为K4
0043FD99 . 8D95 0CFFFFFF lea edx, [ebp-F4]
0043FD9F . 51 push ecx
0043FDA0 . 52 push edx
0043FDA1 . 895D D4 mov [ebp-2C], ebx
0043FDA4 . 8985 24FFFFFF mov [ebp-DC], eax
0043FDAA . C785 1CFFFFFF>mov dword ptr [ebp-E4], 8
0043FDB4 . FFD7 call edi
0043FDB6 . 8B45 D0 mov eax, [ebp-30] ; E5 (UNICODE "14292")
0043FDB9 . 6A 05 push 5 ; 取E5的前5位为K5
0043FDBB . 8985 F4FEFFFF mov [ebp-10C], eax
0043FDC1 . 8D85 ECFEFFFF lea eax, [ebp-114]
0043FDC7 . 8D8D DCFEFFFF lea ecx, [ebp-124]
0043FDCD . 50 push eax
0043FDCE . 51 push ecx
0043FDCF . 895D D0 mov [ebp-30], ebx
0043FDD2 . C785 ECFEFFFF>mov dword ptr [ebp-114], 8
0043FDDC . FFD7 call edi
0043FDDE . 8B3D 2C124000 mov edi, [<&MSVBVM60.__vbaVarAdd>] ; MSVBVM60.__vbaVarAdd
0043FDE4 . 8D55 8C lea edx, [ebp-74]
0043FDE7 . 8D85 6CFFFFFF lea eax, [ebp-94]
0043FDED . 52 push edx
0043FDEE . 8D8D 5CFFFFFF lea ecx, [ebp-A4]
0043FDF4 . 50 push eax
0043FDF5 . 51 push ecx
0043FDF6 . FFD7 call edi ; <&MSVBVM60.__vbaVarAdd>
0043FDF8 . 50 push eax
0043FDF9 . 8D95 3CFFFFFF lea edx, [ebp-C4]
0043FDFF . 8D85 2CFFFFFF lea eax, [ebp-D4]
0043FE05 . 52 push edx
0043FE06 . 50 push eax
0043FE07 . FFD7 call edi
0043FE09 . 8D8D 0CFFFFFF lea ecx, [ebp-F4]
0043FE0F . 50 push eax
0043FE10 . 8D95 FCFEFFFF lea edx, [ebp-104]
0043FE16 . 51 push ecx
0043FE17 . 52 push edx
0043FE18 . FFD7 call edi
0043FE1A . 50 push eax
0043FE1B . 8D85 DCFEFFFF lea eax, [ebp-124]
0043FE21 . 8D8D CCFEFFFF lea ecx, [ebp-134]
0043FE27 . 50 push eax
0043FE28 . 51 push ecx
0043FE29 . FFD7 call edi ; K=K1+K2+K3+K4+K5 (这里的“+”为连接符,K1~K5分别对应注册码输入的5个框,从左至右)
0043FE2B . 50 push eax
0043FE2C . FF15 28104000 call [<&MSVBVM60.__vbaStrVarMove>] ; MSVBVM60.__vbaStrVarMove
0043FE32 . 8BD0 mov edx, eax ; 注册码为K (UNICODE "8948437740106042253514292")
0043FE34 . 8D4D E4 lea ecx, [ebp-1C]
0043FE37 . FFD6 call esi ; 这里可做内存注册器(EAX或EDX)
0043FE39 . 8D55 D0 lea edx, [ebp-30]
0043FE3C . 8D45 D4 lea eax, [ebp-2C]
0043FE3F . 52 push edx
0043FE40 . 8D4D D8 lea ecx, [ebp-28]
0043FE43 . 50 push eax
0043FE44 . 8D55 DC lea edx, [ebp-24]
0043FE47 . 51 push ecx
0043FE48 . 8D45 E0 lea eax, [ebp-20]
0043FE4B . 52 push edx
0043FE4C . 50 push eax
0043FE4D . 6A 05 push 5
0043FE4F . FF15 F8114000 call [<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
0043FE55 . 8D8D CCFEFFFF lea ecx, [ebp-134]
0043FE5B . 8D95 DCFEFFFF lea edx, [ebp-124]
0043FE61 . 51 push ecx
0043FE62 . 8D85 FCFEFFFF lea eax, [ebp-104]
0043FE68 . 52 push edx
0043FE69 . 8D8D ECFEFFFF lea ecx, [ebp-114]
0043FE6F . 50 push eax
0043FE70 . 8D95 0CFFFFFF lea edx, [ebp-F4]
0043FE76 . 51 push ecx
0043FE77 . 8D85 2CFFFFFF lea eax, [ebp-D4]
0043FE7D . 52 push edx
0043FE7E . 50 push eax
0043FE7F . 8D8D 1CFFFFFF lea ecx, [ebp-E4]
0043FE85 . 8D95 3CFFFFFF lea edx, [ebp-C4]
0043FE8B . 51 push ecx
0043FE8C . 8D85 5CFFFFFF lea eax, [ebp-A4]
0043FE92 . 52 push edx
0043FE93 . 8D8D 4CFFFFFF lea ecx, [ebp-B4]
0043FE99 . 50 push eax
0043FE9A . 8D95 6CFFFFFF lea edx, [ebp-94]
0043FEA0 . 51 push ecx
0043FEA1 . 8D45 8C lea eax, [ebp-74]
0043FEA4 . 52 push edx
0043FEA5 . 8D8D 7CFFFFFF lea ecx, [ebp-84]
0043FEAB . 50 push eax
0043FEAC . 8D55 9C lea edx, [ebp-64]
0043FEAF . 51 push ecx
0043FEB0 . 52 push edx
0043FEB1 . 6A 0E push 0E
0043FEB3 . FF15 30104000 call [<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
0043FEB9 . 8B7D 08 mov edi, [ebp+8]
0043FEBC . 83C4 54 add esp, 54
0043FEBF . 8B07 mov eax, [edi]
0043FEC1 . 57 push edi
0043FEC2 . FF90 FC020000 call [eax+2FC]
0043FEC8 . 8D4D BC lea ecx, [ebp-44]
0043FECB . 50 push eax
0043FECC . 51 push ecx
0043FECD . FF15 A8104000 call [<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
0043FED3 . 8BD8 mov ebx, eax
0043FED5 . 8D45 E0 lea eax, [ebp-20]
0043FED8 . 50 push eax
0043FED9 . 53 push ebx
0043FEDA . 8B13 mov edx, [ebx]
0043FEDC . FF92 A0000000 call [edx+A0]
0043FEE2 . 85C0 test eax, eax
0043FEE4 . DBE2 fclex
0043FEE6 . 7D 12 jge short 0043FEFA
0043FEE8 . 68 A0000000 push 0A0
0043FEED . 68 D8FE4000 push 0040FED8
0043FEF2 . 53 push ebx
0043FEF3 . 50 push eax
0043FEF4 . FF15 70104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
0043FEFA > 8B0F mov ecx, [edi]
0043FEFC . 57 push edi
0043FEFD . FF91 00030000 call [ecx+300]
0043FF03 . 8D55 B8 lea edx, [ebp-48]
0043FF06 . 50 push eax
0043FF07 . 52 push edx
0043FF08 . FF15 A8104000 call [<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
0043FF0E . 8BD8 mov ebx, eax
0043FF10 . 8D4D DC lea ecx, [ebp-24]
0043FF13 . 51 push ecx
0043FF14 . 53 push ebx
0043FF15 . 8B03 mov eax, [ebx]
0043FF17 . FF90 A0000000 call [eax+A0]
0043FF1D . 85C0 test eax, eax
0043FF1F . DBE2 fclex
0043FF21 . 7D 12 jge short 0043FF35
0043FF23 . 68 A0000000 push 0A0
0043FF28 . 68 D8FE4000 push 0040FED8
0043FF2D . 53 push ebx
0043FF2E . 50 push eax
0043FF2F . FF15 70104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
0043FF35 > 8B17 mov edx, [edi]
0043FF37 . 57 push edi
0043FF38 . FF92 04030000 call [edx+304]
0043FF3E . 50 push eax
0043FF3F . 8D45 B4 lea eax, [ebp-4C]
0043FF42 . 50 push eax
0043FF43 . FF15 A8104000 call [<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
0043FF49 . 8BD8 mov ebx, eax
0043FF4B . 8D55 D8 lea edx, [ebp-28]
0043FF4E . 52 push edx
0043FF4F . 53 push ebx
0043FF50 . 8B0B mov ecx, [ebx]
0043FF52 . FF91 A0000000 call [ecx+A0]
0043FF58 . 85C0 test eax, eax
0043FF5A . DBE2 fclex
0043FF5C . 7D 12 jge short 0043FF70
0043FF5E . 68 A0000000 push 0A0
0043FF63 . 68 D8FE4000 push 0040FED8
0043FF68 . 53 push ebx
0043FF69 . 50 push eax
0043FF6A . FF15 70104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
0043FF70 > 8B07 mov eax, [edi]
0043FF72 . 57 push edi
0043FF73 . FF90 08030000 call [eax+308]
0043FF79 . 8D4D B0 lea ecx, [ebp-50]
0043FF7C . 50 push eax
0043FF7D . 51 push ecx
0043FF7E . FF15 A8104000 call [<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
0043FF84 . 8BD8 mov ebx, eax
0043FF86 . 8D45 D0 lea eax, [ebp-30]
0043FF89 . 50 push eax
0043FF8A . 53 push ebx
0043FF8B . 8B13 mov edx, [ebx]
0043FF8D . FF92 A0000000 call [edx+A0]
0043FF93 . 85C0 test eax, eax
0043FF95 . DBE2 fclex
0043FF97 . 7D 12 jge short 0043FFAB
0043FF99 . 68 A0000000 push 0A0
0043FF9E . 68 D8FE4000 push 0040FED8
0043FFA3 . 53 push ebx
0043FFA4 . 50 push eax
0043FFA5 . FF15 70104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
0043FFAB > 8B0F mov ecx, [edi]
0043FFAD . 57 push edi
0043FFAE . FF91 0C030000 call [ecx+30C]
0043FFB4 . 8D55 AC lea edx, [ebp-54]
0043FFB7 . 50 push eax
0043FFB8 . 52 push edx
0043FFB9 . FF15 A8104000 call [<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
0043FFBF . 8BD8 mov ebx, eax
0043FFC1 . 8D4D C8 lea ecx, [ebp-38]
0043FFC4 . 51 push ecx
0043FFC5 . 53 push ebx
0043FFC6 . 8B03 mov eax, [ebx]
0043FFC8 . FF90 A0000000 call [eax+A0]
0043FFCE . 85C0 test eax, eax
0043FFD0 . DBE2 fclex
0043FFD2 . 7D 12 jge short 0043FFE6
0043FFD4 . 68 A0000000 push 0A0
0043FFD9 . 68 D8FE4000 push 0040FED8
0043FFDE . 53 push ebx
0043FFDF . 50 push eax
0043FFE0 . FF15 70104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
0043FFE6 > 8B55 E0 mov edx, [ebp-20] ; 假码一(UNICODE "11111")
0043FFE9 . 8B45 DC mov eax, [ebp-24] ; 假码二(UNICODE "22222")
0043FFEC . 8B1D 58104000 mov ebx, [<&MSVBVM60.__vbaStrCat>] ; MSVBVM60.__vbaStrCat
0043FFF2 . 52 push edx
0043FFF3 . 50 push eax
0043FFF4 . FFD3 call ebx ; <&MSVBVM60.__vbaStrCat>
0043FFF6 . 8BD0 mov edx, eax ; eax=001C2564, (UNICODE "1111122222")
0043FFF8 . 8D4D D4 lea ecx, [ebp-2C]
0043FFFB . FFD6 call esi
0043FFFD . 8B4D D8 mov ecx, [ebp-28] ; 假码三(UNICODE "33333")
00440000 . 50 push eax
00440001 . 51 push ecx
00440002 . FFD3 call ebx
00440004 . 8BD0 mov edx, eax ; (UNICODE "111112222233333")
00440006 . 8D4D CC lea ecx, [ebp-34]
00440009 . FFD6 call esi
0044000B . 8B55 D0 mov edx, [ebp-30] ; 假码四(UNICODE "44444")
0044000E . 50 push eax
0044000F . 52 push edx
00440010 . FFD3 call ebx
00440012 . 8BD0 mov edx, eax ; (UNICODE "11111222223333344444")
00440014 . 8D4D C4 lea ecx, [ebp-3C]
00440017 . FFD6 call esi
00440019 . 50 push eax
0044001A . 8B45 C8 mov eax, [ebp-38] ; 假码五(UNICODE "55555")
0044001D . 50 push eax
0044001E . FFD3 call ebx
00440020 . 8BD0 mov edx, eax ; (UNICODE "1111122222333334444455555")
00440022 . 8D4D C0 lea ecx, [ebp-40]
00440025 . FFD6 call esi
00440027 . 8B4D E4 mov ecx, [ebp-1C] ; (UNICODE "8948437740106042253514292")
0044002A . 50 push eax
0044002B . 51 push ecx
0044002C . FF15 24114000 call [<&MSVBVM60.__vbaStrCmp>] ; MSVBVM60.__vbaStrCmp
00440032 . F7D8 neg eax
00440034 . 1BC0 sbb eax, eax
00440036 . 8D55 C0 lea edx, [ebp-40]
00440039 . F7D8 neg eax
0044003B . F7D8 neg eax
0044003D . 8985 CCFDFFFF mov [ebp-234], eax
00440043 . 8D45 C8 lea eax, [ebp-38]
00440046 . 52 push edx
00440047 . 8D4D C4 lea ecx, [ebp-3C]
0044004A . 50 push eax
0044004B . 8D55 D0 lea edx, [ebp-30]
0044004E . 51 push ecx
0044004F . 8D45 CC lea eax, [ebp-34]
00440052 . 52 push edx
00440053 . 8D4D D8 lea ecx, [ebp-28]
00440056 . 50 push eax
00440057 . 8D55 D4 lea edx, [ebp-2C]
0044005A . 51 push ecx
0044005B . 8D45 DC lea eax, [ebp-24]
0044005E . 52 push edx
0044005F . 8D4D E0 lea ecx, [ebp-20]
00440062 . 50 push eax
00440063 . 51 push ecx
00440064 . 6A 09 push 9
00440066 . FF15 F8114000 call [<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
0044006C . 8D55 AC lea edx, [ebp-54]
0044006F . 8D45 B0 lea eax, [ebp-50]
00440072 . 52 push edx
00440073 . 8D4D B4 lea ecx, [ebp-4C]
00440076 . 50 push eax
00440077 . 8D55 B8 lea edx, [ebp-48]
0044007A . 51 push ecx
0044007B . 8D45 BC lea eax, [ebp-44]
0044007E . 52 push edx
0044007F . 50 push eax
00440080 . 6A 05 push 5
00440082 . FF15 3C104000 call [<&MSVBVM60.__vbaFreeObjList>] ; MSVBVM60.__vbaFreeObjList
00440088 . 83C4 40 add esp, 40
0044008B . 66:83BD CCFDF>cmp word ptr [ebp-234], 0
00440093 . 74 54 je short 004400E9
00440095 . 8B35 38124000 mov esi, [<&MSVBVM60.__vbaVarDup>] ; MSVBVM60.__vbaVarDup
0044009B . B9 0A000000 mov ecx, 0A
004400A0 . B8 04000280 mov eax, 80020004
004400A5 . 898D 6CFFFFFF mov [ebp-94], ecx
004400AB . 898D 7CFFFFFF mov [ebp-84], ecx
004400B1 . BF 08000000 mov edi, 8
004400B6 . 8D95 ACFEFFFF lea edx, [ebp-154]
004400BC . 8D4D 8C lea ecx, [ebp-74]
004400BF . 8985 74FFFFFF mov [ebp-8C], eax
004400C5 . 8945 84 mov [ebp-7C], eax
004400C8 . C785 B4FEFFFF>mov dword ptr [ebp-14C], 00411C80 ; \->: 企虎提示!
004400D2 . 89BD ACFEFFFF mov [ebp-154], edi
004400D8 . FFD6 call esi ; <&MSVBVM60.__vbaVarDup>
004400DA . C785 C4FEFFFF>mov dword ptr [ebp-13C], 00411C20 ; \->: 你输入的注册码有错!如果要注册正式版!请与企虎软件研发部联
004400E4 . E9 BF010000 jmp 004402A8
004400E9 > 8D4D 9C lea ecx, [ebp-64]
004400EC . C745 A4 04000>mov dword ptr [ebp-5C], 80020004
004400F3 . C745 9C 0A000>mov dword ptr [ebp-64], 0A
004400FA . FF15 34124000 call [<&MSVBVM60.__vbaFreeVarg>] ; MSVBVM60.__vbaFreeVarg
00440100 . 8B07 mov eax, [edi]
00440102 . 57 push edi
00440103 . FF90 10030000 call [eax+310]
00440109 . 8D4D BC lea ecx, [ebp-44]
0044010C . 50 push eax
0044010D . 51 push ecx
0044010E . FF15 A8104000 call [<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
00440114 . 8BF8 mov edi, eax
00440116 . 8D45 E0 lea eax, [ebp-20]
00440119 . 50 push eax
0044011A . 57 push edi
0044011B . 8B17 mov edx, [edi]
0044011D . FF92 A0000000 call [edx+A0]
00440123 . 85C0 test eax, eax
00440125 . DBE2 fclex
00440127 . 7D 12 jge short 0044013B
00440129 . 68 A0000000 push 0A0
0044012E . 68 D8FE4000 push 0040FED8
00440133 . 57 push edi
00440134 . 50 push eax
00440135 . FF15 70104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
0044013B > 8B0D 30604600 mov ecx, [466030]
00440141 . 8D55 B8 lea edx, [ebp-48]
00440144 . 52 push edx
00440145 . 8D45 9C lea eax, [ebp-64]
00440148 . 8B39 mov edi, [ecx]
0044014A . 8B4D E0 mov ecx, [ebp-20]
0044014D . 6A FF push -1
0044014F . 50 push eax
00440150 . 68 AC1C4100 push 00411CAC ; update rjzc set sbxx='
00440155 . 51 push ecx
00440156 . FFD3 call ebx
00440158 . 8BD0 mov edx, eax
0044015A . 8D4D DC lea ecx, [ebp-24]
0044015D . FFD6 call esi
0044015F . 50 push eax
00440160 . 68 5CFF4000 push 0040FF5C ; '
00440165 . FFD3 call ebx
00440167 . 8BD0 mov edx, eax
00440169 . 8D4D D8 lea ecx, [ebp-28]
0044016C . FFD6 call esi
0044016E . 8B15 30604600 mov edx, [466030]
00440174 . 50 push eax
00440175 . 52 push edx
00440176 . FF57 40 call [edi+40]
00440179 . 85C0 test eax, eax
0044017B . DBE2 fclex
0044017D . 7D 15 jge short 00440194
0044017F . 8B0D 30604600 mov ecx, [466030]
00440185 . 6A 40 push 40
00440187 . 68 A8054100 push 004105A8
0044018C . 51 push ecx
0044018D . 50 push eax
0044018E . FF15 70104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
00440194 > 8D55 D8 lea edx, [ebp-28]
00440197 . 8D45 DC lea eax, [ebp-24]
0044019A . 52 push edx
0044019B . 8D4D E0 lea ecx, [ebp-20]
0044019E . 50 push eax
0044019F . 51 push ecx
004401A0 . 6A 03 push 3
004401A2 . FF15 F8114000 call [<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
004401A8 . 8D55 B8 lea edx, [ebp-48]
004401AB . 8D45 BC lea eax, [ebp-44]
004401AE . 52 push edx
004401AF . 50 push eax
004401B0 . 6A 02 push 2
004401B2 . FF15 3C104000 call [<&MSVBVM60.__vbaFreeObjList>] ; MSVBVM60.__vbaFreeObjList
004401B8 . 83C4 1C add esp, 1C
004401BB . 8D4D 9C lea ecx, [ebp-64]
004401BE . FF15 20104000 call [<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar
004401C4 . 8D4D 9C lea ecx, [ebp-64]
004401C7 . C745 A4 04000>mov dword ptr [ebp-5C], 80020004
004401CE . C745 9C 0A000>mov dword ptr [ebp-64], 0A
004401D5 . FF15 34124000 call [<&MSVBVM60.__vbaFreeVarg>] ; MSVBVM60.__vbaFreeVarg
004401DB . 8B0D 30604600 mov ecx, [466030]
004401E1 . 8D55 BC lea edx, [ebp-44]
004401E4 . 52 push edx
004401E5 . 8D45 9C lea eax, [ebp-64]
004401E8 . 8B39 mov edi, [ecx]
004401EA . 8B4D E4 mov ecx, [ebp-1C]
004401ED . 6A FF push -1
004401EF . 50 push eax
004401F0 . 68 E01C4100 push 00411CE0 ; update rjzc set zcm='
004401F5 . 51 push ecx
004401F6 . FFD3 call ebx
004401F8 . 8BD0 mov edx, eax
004401FA . 8D4D E0 lea ecx, [ebp-20]
004401FD . FFD6 call esi
004401FF . 50 push eax
00440200 . 68 5CFF4000 push 0040FF5C ; '
00440205 . FFD3 call ebx
00440207 . 8BD0 mov edx, eax
00440209 . 8D4D DC lea ecx, [ebp-24]
0044020C . FFD6 call esi
0044020E . 8B15 30604600 mov edx, [466030]
00440214 . 50 push eax
00440215 . 52 push edx
00440216 . FF57 40 call [edi+40]
00440219 . 85C0 test eax, eax
0044021B . DBE2 fclex
0044021D . 7D 15 jge short 00440234
0044021F . 8B0D 30604600 mov ecx, [466030]
00440225 . 6A 40 push 40
00440227 . 68 A8054100 push 004105A8
0044022C . 51 push ecx
0044022D . 50 push eax
0044022E . FF15 70104000 call [<&MSVBVM60.__vbaHresultCheckObj>; MSVBVM60.__vbaHresultCheckObj
00440234 > 8D55 DC lea edx, [ebp-24]
00440237 . 8D45 E0 lea eax, [ebp-20]
0044023A . 52 push edx
0044023B . 50 push eax
0044023C . 6A 02 push 2
0044023E . FF15 F8114000 call [<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
00440244 . 83C4 0C add esp, 0C
00440247 . 8D4D BC lea ecx, [ebp-44]
0044024A . FF15 9C124000 call [<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
00440250 . 8D4D 9C lea ecx, [ebp-64]
00440253 . FF15 20104000 call [<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar
00440259 . 8B35 38124000 mov esi, [<&MSVBVM60.__vbaVarDup>] ; MSVBVM60.__vbaVarDup
0044025F . B9 04000280 mov ecx, 80020004
00440264 . 898D 74FFFFFF mov [ebp-8C], ecx
0044026A . B8 0A000000 mov eax, 0A
0044026F . 894D 84 mov [ebp-7C], ecx
00440272 . BF 08000000 mov edi, 8
00440277 . 8D95 ACFEFFFF lea edx, [ebp-154]
0044027D . 8D4D 8C lea ecx, [ebp-74]
00440280 . 8985 6CFFFFFF mov [ebp-94], eax
00440286 . 8985 7CFFFFFF mov [ebp-84], eax
0044028C . C785 B4FEFFFF>mov dword ptr [ebp-14C], 00411D30 ; \->: 企虎提示!
00440296 . 89BD ACFEFFFF mov [ebp-154], edi
0044029C . FFD6 call esi ; <&MSVBVM60.__vbaVarDup>
0044029E . C785 C4FEFFFF>mov dword ptr [ebp-13C], 00411D10 ; \->: 感谢你对企虎软件的支持!
004402A8 > 8D95 BCFEFFFF lea edx, [ebp-144]
004402AE . 8D4D 9C lea ecx, [ebp-64]
004402B1 . 89BD BCFEFFFF mov [ebp-144], edi
004402B7 . FFD6 call esi
004402B9 . 8D8D 6CFFFFFF lea ecx, [ebp-94]
004402BF . 8D95 7CFFFFFF lea edx, [ebp-84]
004402C5 . 51 push ecx
004402C6 . 8D45 8C lea eax, [ebp-74]
004402C9 . 52 push edx
004402CA . 50 push eax
004402CB . 8D4D 9C lea ecx, [ebp-64]
004402CE . 6A 40 push 40
004402D0 . 51 push ecx
004402D1 . FF15 AC104000 call [<&MSVBVM60.#595>] ; MSVBVM60.rtcMsgBox
004402D7 . 8D95 6CFFFFFF lea edx, [ebp-94]
004402DD . 8D85 7CFFFFFF lea eax, [ebp-84]
004402E3 . 52 push edx
004402E4 . 8D4D 8C lea ecx, [ebp-74]
004402E7 . 50 push eax
004402E8 . 8D55 9C lea edx, [ebp-64]
004402EB . 51 push ecx
004402EC . 52 push edx
004402ED . 6A 04 push 4
004402EF . FF15 30104000 call [<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
004402F5 . 83C4 14 add esp, 14
004402F8 . C745 FC 00000>mov dword ptr [ebp-4], 0
004402FF . 9B wait
00440300 . 68 C7034400 push 004403C7
00440305 . E9 B3000000 jmp 004403BD
0044030A . 8D45 C0 lea eax, [ebp-40]
0044030D . 8D4D C4 lea ecx, [ebp-3C]
00440310 . 50 push eax
00440311 . 8D55 C8 lea edx, [ebp-38]
00440314 . 51 push ecx
00440315 . 8D45 CC lea eax, [ebp-34]
00440318 . 52 push edx
00440319 . 8D4D D0 lea ecx, [ebp-30]
0044031C . 50 push eax
0044031D . 8D55 D4 lea edx, [ebp-2C]
00440320 . 51 push ecx
00440321 . 8D45 D8 lea eax, [ebp-28]
00440324 . 52 push edx
00440325 . 8D4D DC lea ecx, [ebp-24]
00440328 . 50 push eax
00440329 . 8D55 E0 lea edx, [ebp-20]
0044032C . 51 push ecx
0044032D . 52 push edx
0044032E . 6A 09 push 9
00440330 . FF15 F8114000 call [<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
00440336 . 8D45 AC lea eax, [ebp-54]
00440339 . 8D4D B0 lea ecx, [ebp-50]
0044033C . 50 push eax
0044033D . 8D55 B4 lea edx, [ebp-4C]
00440340 . 51 push ecx
00440341 . 8D45 B8 lea eax, [ebp-48]
00440344 . 52 push edx
00440345 . 8D4D BC lea ecx, [ebp-44]
00440348 . 50 push eax
00440349 . 51 push ecx
0044034A . 6A 05 push 5
0044034C . FF15 3C104000 call [<&MSVBVM60.__vbaFreeObjList>] ; MSVBVM60.__vbaFreeObjList
00440352 . 83C4 40 add esp, 40
00440355 . 8D95 CCFEFFFF lea edx, [ebp-134]
0044035B . 8D85 DCFEFFFF lea eax, [ebp-124]
00440361 . 8D8D ECFEFFFF lea ecx, [ebp-114]
00440367 . 52 push edx
00440368 . 50 push eax
00440369 . 8D95 FCFEFFFF lea edx, [ebp-104]
0044036F . 51 push ecx
00440370 . 8D85 0CFFFFFF lea eax, [ebp-F4]
00440376 . 52 push edx
00440377 . 8D8D 1CFFFFFF lea ecx, [ebp-E4]
0044037D . 50 push eax
0044037E . 8D95 2CFFFFFF lea edx, [ebp-D4]
00440384 . 51 push ecx
00440385 . 8D85 3CFFFFFF lea eax, [ebp-C4]
0044038B . 52 push edx
0044038C . 8D8D 4CFFFFFF lea ecx, [ebp-B4]
00440392 . 50 push eax
00440393 . 8D95 5CFFFFFF lea edx, [ebp-A4]
00440399 . 51 push ecx
0044039A . 8D85 6CFFFFFF lea eax, [ebp-94]
004403A0 . 52 push edx
004403A1 . 8D8D 7CFFFFFF lea ecx, [ebp-84]
004403A7 . 50 push eax
004403A8 . 8D55 8C lea edx, [ebp-74]
004403AB . 51 push ecx
004403AC . 8D45 9C lea eax, [ebp-64]
004403AF . 52 push edx
004403B0 . 50 push eax
004403B1 . 6A 0E push 0E
004403B3 . FF15 30104000 call [<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
004403B9 . 83C4 3C add esp, 3C
004403BC . C3 retn
004403BD > 8D4D E4 lea ecx, [ebp-1C]
004403C0 . FF15 A0124000 call [<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
004403C6 . C3 retn
004403C7 . 8B45 08 mov eax, [ebp+8]
004403CA . 50 push eax
004403CB . 8B08 mov ecx, [eax]
004403CD . FF51 08 call [ecx+8]
004403D0 . 8B45 FC mov eax, [ebp-4]
004403D3 . 8B4D EC mov ecx, [ebp-14]
004403D6 . 5F pop edi
004403D7 . 5E pop esi
004403D8 . 64:890D 00000>mov fs:[0], ecx
004403DF . 5B pop ebx
004403E0 . 8BE5 mov esp, ebp
004403E2 . 5D pop ebp
004403E3 . C2 0400 retn 4
=========43F8F9 . E8 D2F8FFFF call 0043F1D0 ===== 机器码翻转 ====
0043F1D0 $ 55 push ebp
0043F1D1 . 8BEC mov ebp, esp
0043F1D3 . 83EC 0C sub esp, 0C
0043F1D6 . 68 C62C4000 push <jmp.&MSVBVM60.__vbaExceptHandle>; SE 处理程序安装
0043F1DB . 64:A1 0000000>mov eax, fs:[0]
0043F1E1 . 50 push eax
0043F1E2 . 64:8925 00000>mov fs:[0], esp
0043F1E9 . 81EC 80000000 sub esp, 80
0043F1EF . 53 push ebx
0043F1F0 . 56 push esi
0043F1F1 . 57 push edi
0043F1F2 . 8965 F4 mov [ebp-C], esp
0043F1F5 . C745 F8 20174>mov dword ptr [ebp-8], 00401720
0043F1FC . 33C0 xor eax, eax
0043F1FE . 8945 E4 mov [ebp-1C], eax
0043F201 . 8945 D4 mov [ebp-2C], eax
0043F204 . 8945 C4 mov [ebp-3C], eax
0043F207 . 8945 B4 mov [ebp-4C], eax
0043F20A . 8945 A4 mov [ebp-5C], eax
0043F20D . 8945 94 mov [ebp-6C], eax
0043F210 . 8985 74FFFFFF mov [ebp-8C], eax
0043F216 . 8B45 0C mov eax, [ebp+C]
0043F219 . 8B08 mov ecx, [eax]
0043F21B . 51 push ecx
0043F21C . FF15 24104000 call [<&MSVBVM60.__vbaLenBstr>] ; MSVBVM60.__vbaLenBstr
0043F222 . 8BC8 mov ecx, eax
0043F224 . FF15 3C114000 call [<&MSVBVM60.__vbaI2I4>] ; MSVBVM60.__vbaI2I4
0043F22A . 8B3D 70124000 mov edi, [<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
0043F230 . 8B1D 28104000 mov ebx, [<&MSVBVM60.__vbaStrVarMove>; MSVBVM60.__vbaStrVarMove
0043F236 . 8BF0 mov esi, eax
0043F238 > 8B55 E4 mov edx, [ebp-1C] ; / 机器码翻转
0043F23B . 66:85F6 test si, si
0043F23E . 0F84 86000000 je 0043F2CA
0043F244 . 8B45 0C mov eax, [ebp+C]
0043F247 . 8995 7CFFFFFF mov [ebp-84], edx
0043F24D . 0FBFD6 movsx edx, si
0043F250 . 8D4D C4 lea ecx, [ebp-3C]
0043F253 . 8945 9C mov [ebp-64], eax
0043F256 . 51 push ecx
0043F257 . 8D45 94 lea eax, [ebp-6C]
0043F25A . 52 push edx
0043F25B . 8D4D B4 lea ecx, [ebp-4C]
0043F25E . 50 push eax
0043F25F . 51 push ecx
0043F260 . C785 74FFFFFF>mov dword ptr [ebp-8C], 8
0043F26A . C745 CC 01000>mov dword ptr [ebp-34], 1
0043F271 . C745 C4 02000>mov dword ptr [ebp-3C], 2
0043F278 . C745 94 08400>mov dword ptr [ebp-6C], 4008
0043F27F . FF15 04114000 call [<&MSVBVM60.#632>] ; MSVBVM60.rtcMidCharVar
0043F285 . 8D95 74FFFFFF lea edx, [ebp-8C]
0043F28B . 8D45 B4 lea eax, [ebp-4C]
0043F28E . 52 push edx
0043F28F . 8D4D A4 lea ecx, [ebp-5C]
0043F292 . 50 push eax
0043F293 . 51 push ecx
0043F294 . FF15 C4114000 call [<&MSVBVM60.__vbaVarCat>] ; MSVBVM60.__vbaVarCat
0043F29A . 50 push eax
0043F29B . FFD3 call ebx
0043F29D . 8BD0 mov edx, eax
0043F29F . 8D4D E4 lea ecx, [ebp-1C]
0043F2A2 . FFD7 call edi
0043F2A4 . 8D55 A4 lea edx, [ebp-5C]
0043F2A7 . 8D45 B4 lea eax, [ebp-4C]
0043F2AA . 52 push edx
0043F2AB . 8D4D C4 lea ecx, [ebp-3C]
0043F2AE . 50 push eax
0043F2AF . 51 push ecx
0043F2B0 . 6A 03 push 3
0043F2B2 . FF15 30104000 call [<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
0043F2B8 . 83C4 10 add esp, 10
0043F2BB . 66:83EE 01 sub si, 1
0043F2BF . 0F80 82000000 jo 0043F347
0043F2C5 .^ E9 6EFFFFFF jmp 0043F238 ; \ 循环
0043F2CA > 8955 9C mov [ebp-64], edx ; 翻转后(UNICODE "223719435")
0043F2CD . 8D55 94 lea edx, [ebp-6C]
0043F2D0 . 8D4D D4 lea ecx, [ebp-2C]
0043F2D3 . C745 94 08000>mov dword ptr [ebp-6C], 8
0043F2DA . FF15 48124000 call [<&MSVBVM60.__vbaVarCopy>] ; MSVBVM60.__vbaVarCopy
0043F2E0 . 68 18F34300 push 0043F318
0043F2E5 . EB 27 jmp short 0043F30E
0043F2E7 . F645 FC 04 test byte ptr [ebp-4], 4
0043F2EB . 74 09 je short 0043F2F6
0043F2ED . 8D4D D4 lea ecx, [ebp-2C]
0043F2F0 . FF15 20104000 call [<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar
0043F2F6 > 8D45 A4 lea eax, [ebp-5C]
0043F2F9 . 8D4D B4 lea ecx, [ebp-4C]
0043F2FC . 50 push eax
0043F2FD . 8D55 C4 lea edx, [ebp-3C]
0043F300 . 51 push ecx
0043F301 . 52 push edx
0043F302 . 6A 03 push 3
0043F304 . FF15 30104000 call [<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
0043F30A . 83C4 10 add esp, 10
0043F30D . C3 retn
0043F30E > 8D4D E4 lea ecx, [ebp-1C]
0043F311 . FF15 A0124000 call [<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
0043F317 . C3 retn
0043F318 . 8B45 08 mov eax, [ebp+8]
0043F31B . 8B55 D4 mov edx, [ebp-2C]
0043F31E . 8BC8 mov ecx, eax
0043F320 . 5F pop edi
0043F321 . 5E pop esi
0043F322 . 5B pop ebx
0043F323 . 8911 mov [ecx], edx
0043F325 . 8B55 D8 mov edx, [ebp-28]
0043F328 . 8951 04 mov [ecx+4], edx
0043F32B . 8B55 DC mov edx, [ebp-24]
0043F32E . 8951 08 mov [ecx+8], edx
0043F331 . 8B55 E0 mov edx, [ebp-20]
0043F334 . 8951 0C mov [ecx+C], edx
0043F337 . 8B4D EC mov ecx, [ebp-14]
0043F33A . 64:890D 00000>mov fs:[0], ecx
0043F341 . 8BE5 mov esp, ebp
0043F343 . 5D pop ebp
0043F344 . C2 0800 retn 8
============== F7键 0043FC7F . E8 CCF6FFFF call 0043F350 ===============关键算法============
0043F350 $ 55 push ebp ; 来到这里
0043F351 . 8BEC mov ebp, esp
0043F353 . 83EC 0C sub esp, 0C
0043F356 . 68 C62C4000 push <jmp.&MSVBVM60.__vbaExceptHandle>; SE 处理程序安装
0043F35B . 64:A1 0000000>mov eax, fs:[0]
0043F361 . 50 push eax
0043F362 . 64:8925 00000>mov fs:[0], esp
0043F369 . 81EC B8000000 sub esp, 0B8
0043F36F . 53 push ebx
0043F370 . 56 push esi
0043F371 . 57 push edi
0043F372 . 8965 F4 mov [ebp-C], esp
0043F375 . C745 F8 30174>mov dword ptr [ebp-8], 00401730
0043F37C . 33C0 xor eax, eax
0043F37E . 6A 08 push 8
0043F380 . 8945 E8 mov [ebp-18], eax
0043F383 . 8945 E4 mov [ebp-1C], eax
0043F386 . 8945 C4 mov [ebp-3C], eax
0043F389 . 8945 C0 mov [ebp-40], eax
0043F38C . 8945 B0 mov [ebp-50], eax
0043F38F . 8945 A0 mov [ebp-60], eax
0043F392 . 8945 90 mov [ebp-70], eax
0043F395 . 8985 7CFFFFFF mov [ebp-84], eax
0043F39B . 8D45 CC lea eax, [ebp-34]
0043F39E . 68 C81B4100 push 00411BC8
0043F3A3 . 50 push eax
0043F3A4 . FF15 28114000 call [<&MSVBVM60.__vbaAryConstruct2>] ; MSVBVM60.__vbaAryConstruct2
0043F3AA . 8B4D 08 mov ecx, [ebp+8]
0043F3AD . 8B35 F0114000 mov esi, [<&MSVBVM60.__vbaStrCopy>] ; MSVBVM60.__vbaStrCopy
0043F3B3 . 8B11 mov edx, [ecx] ; 字串D (UNICODE "2237194352265115633903573")
0043F3B5 . 8D4D E8 lea ecx, [ebp-18]
0043F3B8 . FFD6 call esi ; <&MSVBVM60.__vbaStrCopy>
0043F3BA . 8B3D 04114000 mov edi, [<&MSVBVM60.#632>] ; MSVBVM60.rtcMidCharVar
0043F3C0 . 8D55 E8 lea edx, [ebp-18]
0043F3C3 . 8D45 B0 lea eax, [ebp-50]
0043F3C6 . 8955 98 mov [ebp-68], edx
0043F3C9 . 50 push eax
0043F3CA . 8D4D 90 lea ecx, [ebp-70]
0043F3CD . 6A 01 push 1
0043F3CF . 8D55 A0 lea edx, [ebp-60]
0043F3D2 . 51 push ecx
0043F3D3 . 52 push edx
0043F3D4 . C745 B8 05000>mov dword ptr [ebp-48], 5
0043F3DB . C745 B0 02000>mov dword ptr [ebp-50], 2
0043F3E2 . C745 90 08400>mov dword ptr [ebp-70], 4008
0043F3E9 . FFD7 call edi ; <&MSVBVM60.#632>
0043F3EB . 8B1D C0114000 mov ebx, [<&MSVBVM60.__vbaStrVarVal>>; MSVBVM60.__vbaStrVarVal
0043F3F1 . 8D45 A0 lea eax, [ebp-60]
0043F3F4 . 8D4D C4 lea ecx, [ebp-3C]
0043F3F7 . 50 push eax
0043F3F8 . 51 push ecx
0043F3F9 . FFD3 call ebx ; 取D的前5位 C1; <&MSVBVM60.__vbaStrVarVal>
0043F3FB . 50 push eax ; (UNICODE "22371")
0043F3FC . FF15 A4124000 call [<&MSVBVM60.#581>] ; MSVBVM60.rtcR8ValFromBstr
0043F402 . 8B55 0C mov edx, [ebp+C]
0043F405 . 83EC 08 sub esp, 8
0043F408 . 0FBF02 movsx eax, word ptr [edx]
0043F40B . 8985 6CFFFFFF mov [ebp-94], eax
0043F411 . DB85 6CFFFFFF fild dword ptr [ebp-94]
0043F417 . DD9D 64FFFFFF fstp qword ptr [ebp-9C]
0043F41D . DC8D 64FFFFFF fmul qword ptr [ebp-9C]
0043F423 . DFE0 fstsw ax
0043F425 . A8 0D test al, 0D
0043F427 . 0F85 6D030000 jnz 0043F79A
0043F42D . DD1C24 fstp qword ptr [esp]
0043F430 . FF15 60114000 call [<&MSVBVM60.__vbaStrR8>] ; MSVBVM60.__vbaStrR8
0043F436 . 8BD0 mov edx, eax ; 取D的前5位×4(都是十进制)为E1(即C1×4) (UNICODE "89484")
0043F438 . 8D4D C0 lea ecx, [ebp-40]
0043F43B . FF15 70124000 call [<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
0043F441 . 8B4D D8 mov ecx, [ebp-28]
0043F444 . 8BD0 mov edx, eax
0043F446 . FFD6 call esi
0043F448 . 8D4D C0 lea ecx, [ebp-40]
0043F44B . 8D55 C4 lea edx, [ebp-3C]
0043F44E . 51 push ecx
0043F44F . 52 push edx
0043F450 . 6A 02 push 2
0043F452 . FF15 F8114000 call [<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
0043F458 . 8D45 A0 lea eax, [ebp-60]
0043F45B . 8D4D B0 lea ecx, [ebp-50]
0043F45E . 50 push eax
0043F45F . 51 push ecx
0043F460 . 6A 02 push 2
0043F462 . FF15 30104000 call [<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
0043F468 . 8D55 E8 lea edx, [ebp-18]
0043F46B . 83C4 18 add esp, 18
0043F46E . C745 B8 05000>mov dword ptr [ebp-48], 5
0043F475 . C745 B0 02000>mov dword ptr [ebp-50], 2
0043F47C . 8955 98 mov [ebp-68], edx
0043F47F . C745 90 08400>mov dword ptr [ebp-70], 4008
0043F486 . 8D45 B0 lea eax, [ebp-50]
0043F489 . 8D4D 90 lea ecx, [ebp-70]
0043F48C . 50 push eax
0043F48D . 6A 06 push 6
0043F48F . 8D55 A0 lea edx, [ebp-60]
0043F492 . 51 push ecx
0043F493 . 52 push edx
0043F494 . FFD7 call edi
0043F496 . 8D45 A0 lea eax, [ebp-60]
0043F499 . 8D4D C4 lea ecx, [ebp-3C]
0043F49C . 50 push eax
0043F49D . 51 push ecx
0043F49E . FFD3 call ebx ; 取D的第二个5位为C2
0043F4A0 . 50 push eax ; (UNICODE "94352")
0043F4A1 . FF15 A4124000 call [<&MSVBVM60.#581>] ; MSVBVM60.rtcR8ValFromBstr
0043F4A7 . 8B55 0C mov edx, [ebp+C]
0043F4AA . 83EC 08 sub esp, 8
0043F4AD . 0FBF02 movsx eax, word ptr [edx]
0043F4B0 . 8985 60FFFFFF mov [ebp-A0], eax
0043F4B6 . DB85 60FFFFFF fild dword ptr [ebp-A0]
0043F4BC . DD9D 58FFFFFF fstp qword ptr [ebp-A8]
0043F4C2 . DC8D 58FFFFFF fmul qword ptr [ebp-A8]
0043F4C8 . DFE0 fstsw ax
0043F4CA . A8 0D test al, 0D
0043F4CC . 0F85 C8020000 jnz 0043F79A
0043F4D2 . DD1C24 fstp qword ptr [esp]
0043F4D5 . FF15 60114000 call [<&MSVBVM60.__vbaStrR8>] ; E2(即C2×4) (UNICODE "377408")
0043F4DB . 8BD0 mov edx, eax ; (UNICODE "377408")
0043F4DD . 8D4D C0 lea ecx, [ebp-40]
0043F4E0 . FF15 70124000 call [<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
0043F4E6 . 8B4D D8 mov ecx, [ebp-28]
0043F4E9 . 8BD0 mov edx, eax
0043F4EB . 83C1 04 add ecx, 4
0043F4EE . FFD6 call esi
0043F4F0 . 8D55 C0 lea edx, [ebp-40]
0043F4F3 . 8D45 C4 lea eax, [ebp-3C]
0043F4F6 . 52 push edx
0043F4F7 . 50 push eax
0043F4F8 . 6A 02 push 2
0043F4FA . FF15 F8114000 call [<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
0043F500 . 8D4D A0 lea ecx, [ebp-60]
0043F503 . 8D55 B0 lea edx, [ebp-50]
0043F506 . 51 push ecx
0043F507 . 52 push edx
0043F508 . 6A 02 push 2
0043F50A . FF15 30104000 call [<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
0043F510 . 83C4 18 add esp, 18
0043F513 . 8D45 E8 lea eax, [ebp-18]
0043F516 . 8D4D B0 lea ecx, [ebp-50]
0043F519 . 8945 98 mov [ebp-68], eax
0043F51C . 51 push ecx
0043F51D . 8D55 90 lea edx, [ebp-70]
0043F520 . 6A 0B push 0B
0043F522 . 8D45 A0 lea eax, [ebp-60]
0043F525 . 52 push edx
0043F526 . 50 push eax
0043F527 . C745 B8 05000>mov dword ptr [ebp-48], 5
0043F52E . C745 B0 02000>mov dword ptr [ebp-50], 2
0043F535 . C745 90 08400>mov dword ptr [ebp-70], 4008
0043F53C . FFD7 call edi
0043F53E . 8D4D A0 lea ecx, [ebp-60]
0043F541 . 8D55 C4 lea edx, [ebp-3C]
0043F544 . 51 push ecx
0043F545 . 52 push edx
0043F546 . FFD3 call ebx ; 取D的第三个5位为C3
0043F548 . 50 push eax ; eax=001BDEA4, (UNICODE "26511")
0043F549 . FF15 A4124000 call [<&MSVBVM60.#581>] ; MSVBVM60.rtcR8ValFromBstr
0043F54F . 8B45 0C mov eax, [ebp+C]
0043F552 . 83EC 08 sub esp, 8
0043F555 . 0FBF08 movsx ecx, word ptr [eax]
0043F558 . 898D 54FFFFFF mov [ebp-AC], ecx
0043F55E . DB85 54FFFFFF fild dword ptr [ebp-AC]
0043F564 . DD9D 4CFFFFFF fstp qword ptr [ebp-B4]
0043F56A . DC8D 4CFFFFFF fmul qword ptr [ebp-B4]
0043F570 . DFE0 fstsw ax
0043F572 . A8 0D test al, 0D
0043F574 . 0F85 20020000 jnz 0043F79A
0043F57A . DD1C24 fstp qword ptr [esp] ; ×4
0043F57D . FF15 60114000 call [<&MSVBVM60.__vbaStrR8>] ; E3(即C3×4) (UNICODE "106044")
0043F583 . 8BD0 mov edx, eax ; (UNICODE "106044")
0043F585 . 8D4D C0 lea ecx, [ebp-40]
0043F588 . FF15 70124000 call [<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
0043F58E . 8BD0 mov edx, eax
0043F590 . 8B45 D8 mov eax, [ebp-28]
0043F593 . 8D48 08 lea ecx, [eax+8]
0043F596 . FFD6 call esi
0043F598 . 8D4D C0 lea ecx, [ebp-40]
0043F59B . 8D55 C4 lea edx, [ebp-3C]
0043F59E . 51 push ecx
0043F59F . 52 push edx
0043F5A0 . 6A 02 push 2
0043F5A2 . FF15 F8114000 call [<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
0043F5A8 . 8D45 A0 lea eax, [ebp-60]
0043F5AB . 8D4D B0 lea ecx, [ebp-50]
0043F5AE . 50 push eax
0043F5AF . 51 push ecx
0043F5B0 . 6A 02 push 2
0043F5B2 . FF15 30104000 call [<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
0043F5B8 . 83C4 18 add esp, 18
0043F5BB . 8D55 E8 lea edx, [ebp-18]
0043F5BE . 8D45 B0 lea eax, [ebp-50]
0043F5C1 . 8955 98 mov [ebp-68], edx
0043F5C4 . 50 push eax
0043F5C5 . 8D4D 90 lea ecx, [ebp-70]
0043F5C8 . 6A 10 push 10
0043F5CA . 8D55 A0 lea edx, [ebp-60]
0043F5CD . 51 push ecx
0043F5CE . 52 push edx
0043F5CF . C745 B8 05000>mov dword ptr [ebp-48], 5
0043F5D6 . C745 B0 02000>mov dword ptr [ebp-50], 2
0043F5DD . C745 90 08400>mov dword ptr [ebp-70], 4008
0043F5E4 . FFD7 call edi
0043F5E6 . 8D45 A0 lea eax, [ebp-60]
0043F5E9 . 8D4D C4 lea ecx, [ebp-3C]
0043F5EC . 50 push eax
0043F5ED . 51 push ecx
0043F5EE . FFD3 call ebx ; 取D的第四个5位为C4
0043F5F0 . 50 push eax ; eax=001BEE8C, (UNICODE "56339")
0043F5F1 . FF15 A4124000 call [<&MSVBVM60.#581>] ; MSVBVM60.rtcR8ValFromBstr
0043F5F7 . 8B55 0C mov edx, [ebp+C]
0043F5FA . 83EC 08 sub esp, 8
0043F5FD . 0FBF02 movsx eax, word ptr [edx]
0043F600 . 8985 48FFFFFF mov [ebp-B8], eax
0043F606 . DB85 48FFFFFF fild dword ptr [ebp-B8]
0043F60C . DD9D 40FFFFFF fstp qword ptr [ebp-C0]
0043F612 . DC8D 40FFFFFF fmul qword ptr [ebp-C0]
0043F618 . DFE0 fstsw ax
0043F61A . A8 0D test al, 0D
0043F61C . 0F85 78010000 jnz 0043F79A
0043F622 . DD1C24 fstp qword ptr [esp]
0043F625 . FF15 60114000 call [<&MSVBVM60.__vbaStrR8>] ; E4(即C4×4) (UNICODE "225356")
0043F62B . 8BD0 mov edx, eax ; eax=001BDEA4, (UNICODE "225356")
0043F62D . 8D4D C0 lea ecx, [ebp-40]
0043F630 . FF15 70124000 call [<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
0043F636 . 8B4D D8 mov ecx, [ebp-28]
0043F639 . 8BD0 mov edx, eax
0043F63B . 83C1 0C add ecx, 0C
0043F63E . FFD6 call esi
0043F640 . 8D55 C0 lea edx, [ebp-40]
0043F643 . 8D45 C4 lea eax, [ebp-3C]
0043F646 . 52 push edx
0043F647 . 50 push eax
0043F648 . 6A 02 push 2
0043F64A . FF15 F8114000 call [<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
0043F650 . 8D4D A0 lea ecx, [ebp-60]
0043F653 . 8D55 B0 lea edx, [ebp-50]
0043F656 . 51 push ecx
0043F657 . 52 push edx
0043F658 . 6A 02 push 2
0043F65A . FF15 30104000 call [<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
0043F660 . 83C4 18 add esp, 18
0043F663 . 8D45 E8 lea eax, [ebp-18]
0043F666 . 8D4D B0 lea ecx, [ebp-50]
0043F669 . 8945 98 mov [ebp-68], eax
0043F66C . 51 push ecx
0043F66D . 8D55 90 lea edx, [ebp-70]
0043F670 . 6A 15 push 15
0043F672 . 8D45 A0 lea eax, [ebp-60]
0043F675 . 52 push edx
0043F676 . 50 push eax
0043F677 . C745 B8 05000>mov dword ptr [ebp-48], 5
0043F67E . C745 B0 02000>mov dword ptr [ebp-50], 2
0043F685 . C745 90 08400>mov dword ptr [ebp-70], 4008
0043F68C . FFD7 call edi
0043F68E . 8D4D A0 lea ecx, [ebp-60]
0043F691 . 8D55 C4 lea edx, [ebp-3C]
0043F694 . 51 push ecx
0043F695 . 52 push edx
0043F696 . FFD3 call ebx ; 取D的第五个5位为C5
0043F698 . 50 push eax ; eax=001BDEA4, (UNICODE "03573")
0043F699 . FF15 A4124000 call [<&MSVBVM60.#581>] ; MSVBVM60.rtcR8ValFromBstr
0043F69F . 8B45 0C mov eax, [ebp+C]
0043F6A2 . 83EC 08 sub esp, 8
0043F6A5 . 0FBF08 movsx ecx, word ptr [eax]
0043F6A8 . 898D 3CFFFFFF mov [ebp-C4], ecx
0043F6AE . DB85 3CFFFFFF fild dword ptr [ebp-C4]
0043F6B4 . DD9D 34FFFFFF fstp qword ptr [ebp-CC]
0043F6BA . DC8D 34FFFFFF fmul qword ptr [ebp-CC]
0043F6C0 . DFE0 fstsw ax
0043F6C2 . A8 0D test al, 0D
0043F6C4 . 0F85 D0000000 jnz 0043F79A
0043F6CA . DD1C24 fstp qword ptr [esp]
0043F6CD . FF15 60114000 call [<&MSVBVM60.__vbaStrR8>] ; E5(即C5×4) (UNICODE "14292")
0043F6D3 . 8BD0 mov edx, eax ; eax=001BEE8C, (UNICODE "14292")
0043F6D5 . 8D4D C0 lea ecx, [ebp-40]
0043F6D8 . FF15 70124000 call [<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
0043F6DE . 8BD0 mov edx, eax
0043F6E0 . 8B45 D8 mov eax, [ebp-28]
0043F6E3 . 8D48 10 lea ecx, [eax+10]
0043F6E6 . FFD6 call esi
0043F6E8 . 8D4D C0 lea ecx, [ebp-40]
0043F6EB . 8D55 C4 lea edx, [ebp-3C]
0043F6EE . 51 push ecx
0043F6EF . 52 push edx
0043F6F0 . 6A 02 push 2
0043F6F2 . FF15 F8114000 call [<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
0043F6F8 . 8D45 A0 lea eax, [ebp-60]
0043F6FB . 8D4D B0 lea ecx, [ebp-50]
0043F6FE . 50 push eax
0043F6FF . 51 push ecx
0043F700 . 6A 02 push 2
0043F702 . FF15 30104000 call [<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
0043F708 . 8B55 10 mov edx, [ebp+10]
0043F70B . 83C4 18 add esp, 18
0043F70E . 0FBF3A movsx edi, word ptr [edx]
0043F711 . 83FF 06 cmp edi, 6
0043F714 . 72 06 jb short 0043F71C
0043F716 . FF15 18114000 call [<&MSVBVM60.__vbaGenerateBoundsE>; MSVBVM60.__vbaGenerateBoundsError
0043F71C > 8B45 D8 mov eax, [ebp-28]
0043F71F . 8D4D E4 lea ecx, [ebp-1C]
0043F722 . 8B14B8 mov edx, [eax+edi*4]
0043F725 . FFD6 call esi
0043F727 . 9B wait
0043F728 . 68 84F74300 push 0043F784
0043F72D . EB 33 jmp short 0043F762
0043F72F . F645 FC 04 test byte ptr [ebp-4], 4
0043F733 . 74 09 je short 0043F73E
0043F735 . 8D4D E4 lea ecx, [ebp-1C]
0043F738 . FF15 A0124000 call [<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
0043F73E > 8D4D C0 lea ecx, [ebp-40]
0043F741 . 8D55 C4 lea edx, [ebp-3C]
0043F744 . 51 push ecx
0043F745 . 52 push edx
0043F746 . 6A 02 push 2
0043F748 . FF15 F8114000 call [<&MSVBVM60.__vbaFreeStrList>] ; MSVBVM60.__vbaFreeStrList
0043F74E . 8D45 A0 lea eax, [ebp-60]
0043F751 . 8D4D B0 lea ecx, [ebp-50]
0043F754 . 50 push eax
0043F755 . 51 push ecx
0043F756 . 6A 02 push 2
0043F758 . FF15 30104000 call [<&MSVBVM60.__vbaFreeVarList>] ; MSVBVM60.__vbaFreeVarList
0043F75E . 83C4 18 add esp, 18
0043F761 . C3 retn
属明码比较,算法也简单,祥见代码后的注释。
------------------------------------------------------------------------
【破解总结】注册码由5部分组成,每部分长度为5。
1、令机器码为A;
2、令其机器码翻转后为B;
3、常量22651156339035732265115633903573为C,则B+C=D,这里的“+”为连接符;
4、取D的前25位为E,即E=2237194352265115633903573;
5、将E从左至右分为5等份,分别为C1、C2、C3、C4、C5(即22371、94352、26511、56339、03573);
6、将C1、C2、C3、C4、C5分别乘4的结果为E1、E2、E3、E4、E5,(即89484、377408、106044、225356、14292);
7、分别取E1、E2、E3、E4、E5的前5位为K1、K2、K3、K4、K5,即89484、37740、10604、22535、14292;
8、注册码K=K1+K2+K3+K4+K5,这里的“+”为连接符,K1~K5分别对应注册窗口的输入框(从左至右)。
另:与之相关的企虎信息管理系统算法一样,只是其常量D变为 (UNICODE "33903573226511563390357322651156")
------------------------------------------------------------------------
【版权声明】本文纯属技术交流, 转载请注明作者信息并保持文章的完整, 谢谢!
|
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?加入我们
x
|
IP卡
发表于 2007-4-24 11:13:10
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2007-4-24 12:34:15