|
|
1、用PEID查是VB写的。
2、用OD载入,随便输用户名和注册码,注册按钮为灰色不能用。
3、下断点,试了几个断点都不能断下,猜测是用户名与注册码对了才能用,接下来下BP __vbaVarTstEq,断下了。往上找到PUSH EBP在这下断
00405090 > \55 PUSH EBP
00405091 . 8BEC MOV EBP,ESP
00405093 . 83EC 0C SUB ESP,0C
00405096 . 68 76104000 PUSH <JMP.&MSVBVM50.__vbaExceptHandler> ; SE 处理程序安装
0040509B . 64:A1 0000000>MOV EAX,DWORD PTR FS:[0]
004050A1 . 50 PUSH EAX
004050A2 . 64:8925 00000>MOV DWORD PTR FS:[0],ESP
004050A9 . 81EC FC000000 SUB ESP,0FC
004050AF . 53 PUSH EBX
004050B0 . 56 PUSH ESI
004050B1 . 57 PUSH EDI
004050B2 . 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+8]
004050B5 . 8BC7 MOV EAX,EDI
004050B7 . 83E7 FE AND EDI,FFFFFFFE
004050BA . 8965 F4 MOV DWORD PTR SS:[EBP-C],ESP
004050BD . 83E0 01 AND EAX,1
004050C0 . 8B1F MOV EBX,DWORD PTR DS:[EDI]
004050C2 . C745 F8 50104>MOV DWORD PTR SS:[EBP-8],Volatili.004010>
004050C9 . 57 PUSH EDI
004050CA . 8945 FC MOV DWORD PTR SS:[EBP-4],EAX
004050CD . 897D 08 MOV DWORD PTR SS:[EBP+8],EDI
004050D0 . FF53 04 CALL DWORD PTR DS:[EBX+4]
004050D3 . 8B9B 2C030000 MOV EBX,DWORD PTR DS:[EBX+32C]
004050D9 . 33F6 XOR ESI,ESI
004050DB . 57 PUSH EDI
004050DC . 8975 DC MOV DWORD PTR SS:[EBP-24],ESI
004050DF . 8975 CC MOV DWORD PTR SS:[EBP-34],ESI
004050E2 . 8975 BC MOV DWORD PTR SS:[EBP-44],ESI
004050E5 . 8975 AC MOV DWORD PTR SS:[EBP-54],ESI
004050E8 . 8975 9C MOV DWORD PTR SS:[EBP-64],ESI
004050EB . 8975 8C MOV DWORD PTR SS:[EBP-74],ESI
004050EE . 8975 88 MOV DWORD PTR SS:[EBP-78],ESI
004050F1 . 8975 84 MOV DWORD PTR SS:[EBP-7C],ESI
004050F4 . 8975 80 MOV DWORD PTR SS:[EBP-80],ESI
004050F7 . 89B5 70FFFFFF MOV DWORD PTR SS:[EBP-90],ESI
004050FD . 89B5 60FFFFFF MOV DWORD PTR SS:[EBP-A0],ESI
00405103 . 89B5 50FFFFFF MOV DWORD PTR SS:[EBP-B0],ESI
00405109 . 89B5 40FFFFFF MOV DWORD PTR SS:[EBP-C0],ESI
0040510F . 89B5 30FFFFFF MOV DWORD PTR SS:[EBP-D0],ESI
00405115 . 89B5 20FFFFFF MOV DWORD PTR SS:[EBP-E0],ESI
0040511B . 899D F0FEFFFF MOV DWORD PTR SS:[EBP-110],EBX
00405121 . FFD3 CALL EBX
00405123 . 8D4D 80 LEA ECX,DWORD PTR SS:[EBP-80]
00405126 . 50 PUSH EAX
00405127 . 51 PUSH ECX
00405128 . FF15 60814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
0040512E . 8BD8 MOV EBX,EAX
00405130 . 8D45 88 LEA EAX,DWORD PTR SS:[EBP-78]
00405133 . 50 PUSH EAX
00405134 . 53 PUSH EBX
00405135 . 8B13 MOV EDX,DWORD PTR DS:[EBX]
00405137 . FF92 A0000000 CALL DWORD PTR DS:[EDX+A0]
0040513D . 3BC6 CMP EAX,ESI
0040513F . 7D 12 JGE SHORT Volatili.00405153
00405141 . 68 A0000000 PUSH 0A0
00405146 . 68 301E4000 PUSH Volatili.00401E30
0040514B . 53 PUSH EBX
0040514C . 50 PUSH EAX
0040514D . FF15 50814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00405153 > 8B45 88 MOV EAX,DWORD PTR SS:[EBP-78] ; 用户名出现
00405156 . 8D8D 70FFFFFF LEA ECX,DWORD PTR SS:[EBP-90]
0040515C . 6A 01 PUSH 1
0040515E . 8D95 60FFFFFF LEA EDX,DWORD PTR SS:[EBP-A0]
00405164 . 51 PUSH ECX
00405165 . 52 PUSH EDX
00405166 . 8975 88 MOV DWORD PTR SS:[EBP-78],ESI
00405169 . 8985 78FFFFFF MOV DWORD PTR SS:[EBP-88],EAX
0040516F . C785 70FFFFFF>MOV DWORD PTR SS:[EBP-90],8
00405179 . FF15 00824000 CALL DWORD PTR DS:[<&MSVBVM50.#617>] ; MSVBVM50.rtcLeftCharVar
0040517F . 8D85 60FFFFFF LEA EAX,DWORD PTR SS:[EBP-A0]
00405185 . 8D4D 84 LEA ECX,DWORD PTR SS:[EBP-7C]
00405188 . 50 PUSH EAX
00405189 . 51 PUSH ECX
0040518A . FF15 C4814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrVa>; MSVBVM50.__vbaStrVarVal
00405190 . 50 PUSH EAX
00405191 . FF15 48814000 CALL DWORD PTR DS:[<&MSVBVM50.#516>] ; 取用户名第一位
00405197 . 8B35 30814000 MOV ESI,DWORD PTR DS:[<&MSVBVM50.__vbaVa>; MSVBVM50.__vbaVarMove
0040519D . 8D95 30FFFFFF LEA EDX,DWORD PTR SS:[EBP-D0]
004051A3 . 8D4D CC LEA ECX,DWORD PTR SS:[EBP-34]
004051A6 . 66:8985 38FFF>MOV WORD PTR SS:[EBP-C8],AX
004051AD . C785 30FFFFFF>MOV DWORD PTR SS:[EBP-D0],2
004051B7 . FFD6 CALL ESI ; <&MSVBVM50.__vbaVarMove>
004051B9 . 8D4D 84 LEA ECX,DWORD PTR SS:[EBP-7C]
004051BC . FF15 14824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr
004051C2 . 8D4D 80 LEA ECX,DWORD PTR SS:[EBP-80]
004051C5 . FF15 18824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
004051CB . 8B1D 3C814000 MOV EBX,DWORD PTR DS:[<&MSVBVM50.__vbaFr>; MSVBVM50.__vbaFreeVarList
004051D1 . 8D95 60FFFFFF LEA EDX,DWORD PTR SS:[EBP-A0]
004051D7 . 8D85 70FFFFFF LEA EAX,DWORD PTR SS:[EBP-90]
004051DD . 52 PUSH EDX
004051DE . 50 PUSH EAX
004051DF . 6A 02 PUSH 2
004051E1 . FFD3 CALL EBX ; <&MSVBVM50.__vbaFreeVarList>
004051E3 . 83C4 0C ADD ESP,0C
004051E6 . 57 PUSH EDI
004051E7 . FF95 F0FEFFFF CALL DWORD PTR SS:[EBP-110]
004051ED . 8D4D 80 LEA ECX,DWORD PTR SS:[EBP-80]
004051F0 . 50 PUSH EAX
004051F1 . 51 PUSH ECX
004051F2 . FF15 60814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
004051F8 . 8B10 MOV EDX,DWORD PTR DS:[EAX]
004051FA . 8D4D 88 LEA ECX,DWORD PTR SS:[EBP-78]
004051FD . 51 PUSH ECX
004051FE . 50 PUSH EAX
004051FF . 8985 1CFFFFFF MOV DWORD PTR SS:[EBP-E4],EAX
00405205 . FF92 A0000000 CALL DWORD PTR DS:[EDX+A0]
0040520B . 85C0 TEST EAX,EAX
0040520D . 7D 18 JGE SHORT Volatili.00405227
0040520F . 8B95 1CFFFFFF MOV EDX,DWORD PTR SS:[EBP-E4]
00405215 . 68 A0000000 PUSH 0A0
0040521A . 68 301E4000 PUSH Volatili.00401E30
0040521F . 52 PUSH EDX
00405220 . 50 PUSH EAX
00405221 . FF15 50814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00405227 > 8B45 88 MOV EAX,DWORD PTR SS:[EBP-78]
0040522A . 8D8D 70FFFFFF LEA ECX,DWORD PTR SS:[EBP-90]
00405230 . 8985 78FFFFFF MOV DWORD PTR SS:[EBP-88],EAX
00405236 . 8D85 60FFFFFF LEA EAX,DWORD PTR SS:[EBP-A0]
0040523C . 50 PUSH EAX
0040523D . 6A 02 PUSH 2
0040523F . 8D95 50FFFFFF LEA EDX,DWORD PTR SS:[EBP-B0]
00405245 . 51 PUSH ECX
00405246 . 52 PUSH EDX
00405247 . C785 68FFFFFF>MOV DWORD PTR SS:[EBP-98],1
00405251 . C785 60FFFFFF>MOV DWORD PTR SS:[EBP-A0],2
0040525B . C745 88 00000>MOV DWORD PTR SS:[EBP-78],0
00405262 . C785 70FFFFFF>MOV DWORD PTR SS:[EBP-90],8
0040526C . FF15 88814000 CALL DWORD PTR DS:[<&MSVBVM50.#632>] ; 取用户名第二位
00405272 . 8D85 50FFFFFF LEA EAX,DWORD PTR SS:[EBP-B0]
00405278 . 8D4D 84 LEA ECX,DWORD PTR SS:[EBP-7C]
0040527B . 50 PUSH EAX
0040527C . 51 PUSH ECX
0040527D . FF15 C4814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrVa>; MSVBVM50.__vbaStrVarVal
00405283 . 50 PUSH EAX
00405284 . FF15 48814000 CALL DWORD PTR DS:[<&MSVBVM50.#516>] ; MSVBVM50.rtcAnsiValueBstr
0040528A . 8D95 20FFFFFF LEA EDX,DWORD PTR SS:[EBP-E0]
00405290 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
00405293 . 66:8985 28FFF>MOV WORD PTR SS:[EBP-D8],AX
0040529A . C785 20FFFFFF>MOV DWORD PTR SS:[EBP-E0],2
004052A4 . FFD6 CALL ESI
004052A6 . 8D4D 84 LEA ECX,DWORD PTR SS:[EBP-7C]
004052A9 . FF15 14824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr
004052AF . 8D4D 80 LEA ECX,DWORD PTR SS:[EBP-80]
004052B2 . FF15 18824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
004052B8 . 8D95 50FFFFFF LEA EDX,DWORD PTR SS:[EBP-B0]
004052BE . 8D85 60FFFFFF LEA EAX,DWORD PTR SS:[EBP-A0]
004052C4 . 52 PUSH EDX
004052C5 . 8D8D 70FFFFFF LEA ECX,DWORD PTR SS:[EBP-90]
004052CB . 50 PUSH EAX
004052CC . 51 PUSH ECX
004052CD . 6A 03 PUSH 3
004052CF . FFD3 CALL EBX
004052D1 . 83C4 10 ADD ESP,10
004052D4 . 57 PUSH EDI
004052D5 . FF95 F0FEFFFF CALL DWORD PTR SS:[EBP-110]
004052DB . 8D55 80 LEA EDX,DWORD PTR SS:[EBP-80]
004052DE . 50 PUSH EAX
004052DF . 52 PUSH EDX
004052E0 . FF15 60814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
004052E6 . 8B08 MOV ECX,DWORD PTR DS:[EAX]
004052E8 . 8D55 88 LEA EDX,DWORD PTR SS:[EBP-78]
004052EB . 52 PUSH EDX
004052EC . 50 PUSH EAX
004052ED . 8985 1CFFFFFF MOV DWORD PTR SS:[EBP-E4],EAX
004052F3 . FF91 A0000000 CALL DWORD PTR DS:[ECX+A0]
004052F9 . 85C0 TEST EAX,EAX
004052FB . 7D 18 JGE SHORT Volatili.00405315
004052FD . 8B8D 1CFFFFFF MOV ECX,DWORD PTR SS:[EBP-E4]
00405303 . 68 A0000000 PUSH 0A0
00405308 . 68 301E4000 PUSH Volatili.00401E30
0040530D . 51 PUSH ECX
0040530E . 50 PUSH EAX
0040530F . FF15 50814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00405315 > 8B45 88 MOV EAX,DWORD PTR SS:[EBP-78]
00405318 . 8D95 60FFFFFF LEA EDX,DWORD PTR SS:[EBP-A0]
0040531E . 8985 78FFFFFF MOV DWORD PTR SS:[EBP-88],EAX
00405324 . 52 PUSH EDX
00405325 . 8D85 70FFFFFF LEA EAX,DWORD PTR SS:[EBP-90]
0040532B . 6A 03 PUSH 3
0040532D . 8D8D 50FFFFFF LEA ECX,DWORD PTR SS:[EBP-B0]
00405333 . 50 PUSH EAX
00405334 . 51 PUSH ECX
00405335 . C785 68FFFFFF>MOV DWORD PTR SS:[EBP-98],1
0040533F . C785 60FFFFFF>MOV DWORD PTR SS:[EBP-A0],2
00405349 . C745 88 00000>MOV DWORD PTR SS:[EBP-78],0
00405350 . C785 70FFFFFF>MOV DWORD PTR SS:[EBP-90],8
0040535A . FF15 88814000 CALL DWORD PTR DS:[<&MSVBVM50.#632>] ; 取用户名第三位
00405360 . 8D95 50FFFFFF LEA EDX,DWORD PTR SS:[EBP-B0]
00405366 . 8D45 84 LEA EAX,DWORD PTR SS:[EBP-7C]
00405369 . 52 PUSH EDX
0040536A . 50 PUSH EAX
0040536B . FF15 C4814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrVa>; MSVBVM50.__vbaStrVarVal
00405371 . 50 PUSH EAX
00405372 . FF15 48814000 CALL DWORD PTR DS:[<&MSVBVM50.#516>] ; MSVBVM50.rtcAnsiValueBstr
00405378 . 8D95 20FFFFFF LEA EDX,DWORD PTR SS:[EBP-E0]
0040537E . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
00405381 . 66:8985 28FFF>MOV WORD PTR SS:[EBP-D8],AX
00405388 . C785 20FFFFFF>MOV DWORD PTR SS:[EBP-E0],2
00405392 . FFD6 CALL ESI
00405394 . 8D4D 84 LEA ECX,DWORD PTR SS:[EBP-7C]
00405397 . FF15 14824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr
0040539D . 8D4D 80 LEA ECX,DWORD PTR SS:[EBP-80]
004053A0 . FF15 18824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
004053A6 . 8D8D 50FFFFFF LEA ECX,DWORD PTR SS:[EBP-B0]
004053AC . 8D95 60FFFFFF LEA EDX,DWORD PTR SS:[EBP-A0]
004053B2 . 51 PUSH ECX
004053B3 . 8D85 70FFFFFF LEA EAX,DWORD PTR SS:[EBP-90]
004053B9 . 52 PUSH EDX
004053BA . 50 PUSH EAX
004053BB . 6A 03 PUSH 3
004053BD . FFD3 CALL EBX
004053BF . 83C4 10 ADD ESP,10
004053C2 . 57 PUSH EDI
004053C3 . FF95 F0FEFFFF CALL DWORD PTR SS:[EBP-110]
004053C9 . 8D4D 80 LEA ECX,DWORD PTR SS:[EBP-80]
004053CC . 50 PUSH EAX
004053CD . 51 PUSH ECX
004053CE . FF15 60814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
004053D4 . 8B10 MOV EDX,DWORD PTR DS:[EAX]
004053D6 . 8D4D 88 LEA ECX,DWORD PTR SS:[EBP-78]
004053D9 . 51 PUSH ECX
004053DA . 50 PUSH EAX
004053DB . 8985 1CFFFFFF MOV DWORD PTR SS:[EBP-E4],EAX
004053E1 . FF92 A0000000 CALL DWORD PTR DS:[EDX+A0]
004053E7 . 85C0 TEST EAX,EAX
004053E9 . 7D 18 JGE SHORT Volatili.00405403
004053EB . 8B95 1CFFFFFF MOV EDX,DWORD PTR SS:[EBP-E4]
004053F1 . 68 A0000000 PUSH 0A0
004053F6 . 68 301E4000 PUSH Volatili.00401E30
004053FB . 52 PUSH EDX
004053FC . 50 PUSH EAX
004053FD . FF15 50814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00405403 > 8B45 88 MOV EAX,DWORD PTR SS:[EBP-78]
00405406 . 8D8D 70FFFFFF LEA ECX,DWORD PTR SS:[EBP-90]
0040540C . 8985 78FFFFFF MOV DWORD PTR SS:[EBP-88],EAX
00405412 . 8D85 60FFFFFF LEA EAX,DWORD PTR SS:[EBP-A0]
00405418 . 50 PUSH EAX
00405419 . 6A 04 PUSH 4
0040541B . 8D95 50FFFFFF LEA EDX,DWORD PTR SS:[EBP-B0]
00405421 . 51 PUSH ECX
00405422 . 52 PUSH EDX
00405423 . C785 68FFFFFF>MOV DWORD PTR SS:[EBP-98],1
0040542D . C785 60FFFFFF>MOV DWORD PTR SS:[EBP-A0],2
00405437 . C745 88 00000>MOV DWORD PTR SS:[EBP-78],0
0040543E . C785 70FFFFFF>MOV DWORD PTR SS:[EBP-90],8
00405448 . FF15 88814000 CALL DWORD PTR DS:[<&MSVBVM50.#632>] ; 取用户名第四位
0040544E . 8D85 50FFFFFF LEA EAX,DWORD PTR SS:[EBP-B0]
00405454 . 8D4D 84 LEA ECX,DWORD PTR SS:[EBP-7C]
00405457 . 50 PUSH EAX
00405458 . 51 PUSH ECX
00405459 . FF15 C4814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrVa>; MSVBVM50.__vbaStrVarVal
0040545F . 50 PUSH EAX
00405460 . FF15 48814000 CALL DWORD PTR DS:[<&MSVBVM50.#516>] ; MSVBVM50.rtcAnsiValueBstr
00405466 . 8D95 20FFFFFF LEA EDX,DWORD PTR SS:[EBP-E0]
0040546C . 8D4D 9C LEA ECX,DWORD PTR SS:[EBP-64]
0040546F . 66:8985 28FFF>MOV WORD PTR SS:[EBP-D8],AX
00405476 . C785 20FFFFFF>MOV DWORD PTR SS:[EBP-E0],2
00405480 . FFD6 CALL ESI
00405482 . 8D4D 84 LEA ECX,DWORD PTR SS:[EBP-7C]
00405485 . FF15 14824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr
0040548B . 8D4D 80 LEA ECX,DWORD PTR SS:[EBP-80]
0040548E . FF15 18824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
00405494 . 8D95 50FFFFFF LEA EDX,DWORD PTR SS:[EBP-B0]
0040549A . 8D85 60FFFFFF LEA EAX,DWORD PTR SS:[EBP-A0]
004054A0 . 52 PUSH EDX
004054A1 . 8D8D 70FFFFFF LEA ECX,DWORD PTR SS:[EBP-90]
004054A7 . 50 PUSH EAX
004054A8 . 51 PUSH ECX
004054A9 . 6A 03 PUSH 3
004054AB . FFD3 CALL EBX
004054AD . 83C4 10 ADD ESP,10
004054B0 . 57 PUSH EDI
004054B1 . FF95 F0FEFFFF CALL DWORD PTR SS:[EBP-110]
004054B7 . 8D55 80 LEA EDX,DWORD PTR SS:[EBP-80]
004054BA . 50 PUSH EAX
004054BB . 52 PUSH EDX
004054BC . FF15 60814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
004054C2 . 8B08 MOV ECX,DWORD PTR DS:[EAX]
004054C4 . 8D55 88 LEA EDX,DWORD PTR SS:[EBP-78]
004054C7 . 52 PUSH EDX
004054C8 . 50 PUSH EAX
004054C9 . 8985 1CFFFFFF MOV DWORD PTR SS:[EBP-E4],EAX
004054CF . FF91 A0000000 CALL DWORD PTR DS:[ECX+A0]
004054D5 . 85C0 TEST EAX,EAX
004054D7 . 7D 18 JGE SHORT Volatili.004054F1
004054D9 . 8B8D 1CFFFFFF MOV ECX,DWORD PTR SS:[EBP-E4]
004054DF . 68 A0000000 PUSH 0A0
004054E4 . 68 301E4000 PUSH Volatili.00401E30
004054E9 . 51 PUSH ECX
004054EA . 50 PUSH EAX
004054EB . FF15 50814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
004054F1 > 8B45 88 MOV EAX,DWORD PTR SS:[EBP-78]
004054F4 . 8D95 60FFFFFF LEA EDX,DWORD PTR SS:[EBP-A0]
004054FA . 8985 78FFFFFF MOV DWORD PTR SS:[EBP-88],EAX
00405500 . 52 PUSH EDX
00405501 . 8D85 70FFFFFF LEA EAX,DWORD PTR SS:[EBP-90]
00405507 . 6A 05 PUSH 5
00405509 . 8D8D 50FFFFFF LEA ECX,DWORD PTR SS:[EBP-B0]
0040550F . 50 PUSH EAX
00405510 . 51 PUSH ECX
00405511 . C785 68FFFFFF>MOV DWORD PTR SS:[EBP-98],1
0040551B . C785 60FFFFFF>MOV DWORD PTR SS:[EBP-A0],2
00405525 . C745 88 00000>MOV DWORD PTR SS:[EBP-78],0
0040552C . C785 70FFFFFF>MOV DWORD PTR SS:[EBP-90],8
00405536 . FF15 88814000 CALL DWORD PTR DS:[<&MSVBVM50.#632>] ; 取用户名第五位
0040553C . 8D95 50FFFFFF LEA EDX,DWORD PTR SS:[EBP-B0]
00405542 . 8D45 84 LEA EAX,DWORD PTR SS:[EBP-7C]
00405545 . 52 PUSH EDX
00405546 . 50 PUSH EAX
00405547 . FF15 C4814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaStrVa>; MSVBVM50.__vbaStrVarVal
0040554D . 50 PUSH EAX
0040554E . FF15 48814000 CALL DWORD PTR DS:[<&MSVBVM50.#516>] ; MSVBVM50.rtcAnsiValueBstr
00405554 . 8D95 20FFFFFF LEA EDX,DWORD PTR SS:[EBP-E0]
0040555A . 8D4D 8C LEA ECX,DWORD PTR SS:[EBP-74]
0040555D . 66:8985 28FFF>MOV WORD PTR SS:[EBP-D8],AX
00405564 . C785 20FFFFFF>MOV DWORD PTR SS:[EBP-E0],2
0040556E . FFD6 CALL ESI
00405570 . 8D4D 84 LEA ECX,DWORD PTR SS:[EBP-7C]
00405573 . FF15 14824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStr
00405579 . 8D4D 80 LEA ECX,DWORD PTR SS:[EBP-80]
0040557C . FF15 18824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
00405582 . 8D8D 50FFFFFF LEA ECX,DWORD PTR SS:[EBP-B0]
00405588 . 8D95 60FFFFFF LEA EDX,DWORD PTR SS:[EBP-A0]
0040558E . 51 PUSH ECX
0040558F . 8D85 70FFFFFF LEA EAX,DWORD PTR SS:[EBP-90]
00405595 . 52 PUSH EDX
00405596 . 50 PUSH EAX
00405597 . 6A 03 PUSH 3
00405599 . FFD3 CALL EBX
0040559B . 83C4 10 ADD ESP,10
0040559E . 8D4D CC LEA ECX,DWORD PTR SS:[EBP-34]
004055A1 . 8D55 BC LEA EDX,DWORD PTR SS:[EBP-44]
004055A4 . 8D85 70FFFFFF LEA EAX,DWORD PTR SS:[EBP-90]
004055AA . 51 PUSH ECX
004055AB . 52 PUSH EDX
004055AC . 50 PUSH EAX
004055AD . FF15 C8814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaVarCa>; MSVBVM50.__vbaVarCat
004055B3 . 8D4D AC LEA ECX,DWORD PTR SS:[EBP-54]
004055B6 . 50 PUSH EAX
004055B7 . 8D95 60FFFFFF LEA EDX,DWORD PTR SS:[EBP-A0]
004055BD . 51 PUSH ECX
004055BE . 52 PUSH EDX
004055BF . FF15 C8814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaVarCa>; MSVBVM50.__vbaVarCat
004055C5 . 50 PUSH EAX
004055C6 . 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64]
004055C9 . 8D8D 50FFFFFF LEA ECX,DWORD PTR SS:[EBP-B0]
004055CF . 50 PUSH EAX
004055D0 . 51 PUSH ECX
004055D1 . FF15 C8814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaVarCa>; MSVBVM50.__vbaVarCat
004055D7 . 50 PUSH EAX
004055D8 . 8D55 8C LEA EDX,DWORD PTR SS:[EBP-74]
004055DB . 8D85 40FFFFFF LEA EAX,DWORD PTR SS:[EBP-C0]
004055E1 . 52 PUSH EDX
004055E2 . 50 PUSH EAX
004055E3 . FF15 C8814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaVarCa>; MSVBVM50.__vbaVarCat
004055E9 . 8BD0 MOV EDX,EAX
004055EB . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
004055EE . FFD6 CALL ESI
004055F0 > . 8D8D 50FFFFFF LEA ECX,DWORD PTR SS:[EBP-B0] ; 把用户名所有字符的ASCⅡ码十进制连起来
004055F6 . 8D95 60FFFFFF LEA EDX,DWORD PTR SS:[EBP-A0]
004055FC . 51 PUSH ECX
004055FD . 8D85 70FFFFFF LEA EAX,DWORD PTR SS:[EBP-90]
00405603 . 52 PUSH EDX
00405604 . 50 PUSH EAX
00405605 . 6A 03 PUSH 3
00405607 . FFD3 CALL EBX
00405609 . 83C4 10 ADD ESP,10
0040560C . 8D8D 70FFFFFF LEA ECX,DWORD PTR SS:[EBP-90]
00405612 . C785 78FFFFFF>MOV DWORD PTR SS:[EBP-88],0A
0040561C . C785 70FFFFFF>MOV DWORD PTR SS:[EBP-90],2
00405626 . 51 PUSH ECX
00405627 . 6A 02 PUSH 2
00405629 . 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
0040562C . 8D85 60FFFFFF LEA EAX,DWORD PTR SS:[EBP-A0]
00405632 . 52 PUSH EDX
00405633 . 50 PUSH EAX
00405634 . FF15 88814000 CALL DWORD PTR DS:[<&MSVBVM50.#632>] ; MSVBVM50.rtcMidCharVar
0040563A . 8D95 60FFFFFF LEA EDX,DWORD PTR SS:[EBP-A0]
00405640 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
00405643 . FFD6 CALL ESI
00405645 . 8D8D 70FFFFFF LEA ECX,DWORD PTR SS:[EBP-90] ; 取ASCⅡ码十进制的第二位到第十一位为注册码
0040564B . FF15 34814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeV>; MSVBVM50.__vbaFreeVar
00405651 . 8B1F MOV EBX,DWORD PTR DS:[EDI]
00405653 . 57 PUSH EDI
00405654 . FF93 20030000 CALL DWORD PTR DS:[EBX+320]
0040565A . 8D4D 80 LEA ECX,DWORD PTR SS:[EBP-80]
0040565D . 50 PUSH EAX
0040565E . 51 PUSH ECX
0040565F . FF15 60814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
00405665 . 8BF0 MOV ESI,EAX
00405667 . 8D45 88 LEA EAX,DWORD PTR SS:[EBP-78]
0040566A . 50 PUSH EAX
0040566B . 56 PUSH ESI
0040566C . 8B16 MOV EDX,DWORD PTR DS:[ESI]
0040566E . FF92 A0000000 CALL DWORD PTR DS:[EDX+A0]
00405674 . 85C0 TEST EAX,EAX
00405676 . 7D 12 JGE SHORT Volatili.0040568A
00405678 . 68 A0000000 PUSH 0A0
0040567D . 68 301E4000 PUSH Volatili.00401E30
00405682 . 56 PUSH ESI
00405683 . 50 PUSH EAX
00405684 . FF15 50814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
0040568A > 8B45 88 MOV EAX,DWORD PTR SS:[EBP-78]
0040568D . 33C9 XOR ECX,ECX
0040568F . 894D 88 MOV DWORD PTR SS:[EBP-78],ECX
00405692 . 898D 38FFFFFF MOV DWORD PTR SS:[EBP-C8],ECX
00405698 . 8D8D 70FFFFFF LEA ECX,DWORD PTR SS:[EBP-90]
0040569E . 8985 78FFFFFF MOV DWORD PTR SS:[EBP-88],EAX
004056A4 . 8D55 DC LEA EDX,DWORD PTR SS:[EBP-24]
004056A7 . 51 PUSH ECX
004056A8 . 8D85 60FFFFFF LEA EAX,DWORD PTR SS:[EBP-A0]
004056AE . 52 PUSH EDX
004056AF . 50 PUSH EAX
004056B0 . C785 70FFFFFF>MOV DWORD PTR SS:[EBP-90],8
004056BA . C785 30FFFFFF>MOV DWORD PTR SS:[EBP-D0],8002
004056C4 . FF15 24814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaVarSu>; MSVBVM50.__vbaVarSub
004056CA . 8D8D 30FFFFFF LEA ECX,DWORD PTR SS:[EBP-D0]
004056D0 . 50 PUSH EAX
004056D1 . 51 PUSH ECX
004056D2 . FF15 98814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaVarTs>; MSVBVM50.__vbaVarTstEq
004056D8 . 8D4D 80 LEA ECX,DWORD PTR SS:[EBP-80] ; 断在这
004056DB . 8BF0 MOV ESI,EAX
004056DD . FF15 18824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
004056E3 . 8D8D 70FFFFFF LEA ECX,DWORD PTR SS:[EBP-90]
004056E9 . FF15 34814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeV>; MSVBVM50.__vbaFreeVar
004056EF . 66:85F6 TEST SI,SI
004056F2 . 74 3E JE SHORT Volatili.00405732 ; 爆破点
004056F4 . 57 PUSH EDI
004056F5 . FF93 10030000 CALL DWORD PTR DS:[EBX+310]
004056FB . 8D55 80 LEA EDX,DWORD PTR SS:[EBP-80]
004056FE . 50 PUSH EAX
004056FF . 52 PUSH EDX
00405700 . FF15 60814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaObjSe>; MSVBVM50.__vbaObjSet
00405706 . 8BF8 MOV EDI,EAX
00405708 . 6A FF PUSH -1
0040570A . 57 PUSH EDI
0040570B . 8B07 MOV EAX,DWORD PTR DS:[EDI]
0040570D . FF90 8C000000 CALL DWORD PTR DS:[EAX+8C]
00405713 . 85C0 TEST EAX,EAX
00405715 . 7D 12 JGE SHORT Volatili.00405729
00405717 . 68 8C000000 PUSH 8C
0040571C . 68 481E4000 PUSH Volatili.00401E48
00405721 . 57 PUSH EDI
00405722 . 50 PUSH EAX
00405723 . FF15 50814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaHresu>; MSVBVM50.__vbaHresultCheckObj
00405729 > 8D4D 80 LEA ECX,DWORD PTR SS:[EBP-80]
0040572C . FF15 18824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
00405732 > C745 FC 00000>MOV DWORD PTR SS:[EBP-4],0
00405739 . 68 A9574000 PUSH Volatili.004057A9
0040573E . EB 44 JMP SHORT Volatili.00405784
00405740 . 8D4D 84 LEA ECX,DWORD PTR SS:[EBP-7C]
00405743 . 8D55 88 LEA EDX,DWORD PTR SS:[EBP-78]
00405746 . 51 PUSH ECX
00405747 . 52 PUSH EDX
00405748 . 6A 02 PUSH 2
0040574A . FF15 EC814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeS>; MSVBVM50.__vbaFreeStrList
00405750 . 83C4 0C ADD ESP,0C
00405753 . 8D4D 80 LEA ECX,DWORD PTR SS:[EBP-80]
00405756 . FF15 18824000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeO>; MSVBVM50.__vbaFreeObj
0040575C . 8D85 40FFFFFF LEA EAX,DWORD PTR SS:[EBP-C0]
00405762 . 8D8D 50FFFFFF LEA ECX,DWORD PTR SS:[EBP-B0]
00405768 . 50 PUSH EAX
00405769 . 8D95 60FFFFFF LEA EDX,DWORD PTR SS:[EBP-A0]
0040576F . 51 PUSH ECX
00405770 . 8D85 70FFFFFF LEA EAX,DWORD PTR SS:[EBP-90]
00405776 . 52 PUSH EDX
00405777 . 50 PUSH EAX
00405778 . 6A 04 PUSH 4
0040577A . FF15 3C814000 CALL DWORD PTR DS:[<&MSVBVM50.__vbaFreeV>; MSVBVM50.__vbaFreeVarList
00405780 . 83C4 14 ADD ESP,14
00405783 . C3 RETN
总结:
1、用户名不能小于5位。
2、注册码是用户名的ASCⅡ码十进制的第二位到第十一位。这样灰色按钮就可用了。
[ 本帖最后由 lhl8730 于 2006-5-11 20:04 编辑 ] |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?加入我们
x
|
IP卡
发表于 2006-5-11 20:03:03
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2006-5-13 22:56:52
发表于 2006-5-13 23:26:56
发表于 2006-5-15 11:37:54
发表于 2006-5-16 18:22:55
发表于 2006-6-24 17:32:47
