- UID
- 63478
注册时间2009-11-1
阅读权限10
最后登录1970-1-1
周游历练
该用户从未签到
|
【文章标题】: 汇编开发工具emu8086追码详细教程
【作 者】: 冰河之刃
【邮 箱】: [email protected]
【主 页】: http://user.qzone.qq.com/290113866
【QQ 号】: 290113866
【软件名称】: emu8086
【大 小】: 2.12 MB
【下载地址】: 自己搜索下载
【加壳方式】: 无壳
【保护方式】: 无
【编写语言】: Microsoft Visual Basic 5.0 / 6.0
【工 具】: peid,od,大脑和双手
【操作平台】: Windows xp3
【软件介绍】: 汇编开发工具,汇编初学者的好帮手。
【作者声明】: 相互交流,共同进步!
------------------------------------------------------------------------------
先简单介绍一下这一款软件的注册原理:
这个软件在注册时,会同时在注册表中和自己的根目录中写下注册信息。
在启动时候会先判断注册表,然后判断根目录下的reg.ini文件看哪一个是成功的。
只要有一个是成功的就不再继续判断了,也就是只要有一处是成功的,软件就算是注册成功版了。
下面开始了:
-------------------------------------注册流程----------------------------------
005D4B01 . 83BD 08FFFFFF 00 cmp dword ptr ss:[ebp-F8],0 ; 就先断在此处,开始往下调
005D4B08 . 7D 26 jge short emu8086.005D4B30
005D4B0A . 68 A0000000 push 0A0
005D4B0F . 68 B8454400 push emu8086.004445B8
005D4B14 . 8B85 0CFFFFFF mov eax,dword ptr ss:[ebp-F4]
005D4B1A . 50 push eax
005D4B1B . 8B8D 08FFFFFF mov ecx,dword ptr ss:[ebp-F8]
005D4B21 . 51 push ecx
005D4B22 . FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>; MSVBVM60.__vbaHresultCheckObj
005D4B28 . 8985 70FEFFFF mov dword ptr ss:[ebp-190],eax
005D4B2E . EB 0A jmp short emu8086.005D4B3A
005D4B30 > C785 70FEFFFF 00000000 mov dword ptr ss:[ebp-190],0
005D4B3A > 8B55 08 mov edx,dword ptr ss:[ebp+8]
005D4B3D . 8B02 mov eax,dword ptr ds:[edx]
005D4B3F . 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
005D4B42 . 51 push ecx
005D4B43 . FF90 FC020000 call dword ptr ds:[eax+2FC]
005D4B49 . 50 push eax
005D4B4A . 8D55 C4 lea edx,dword ptr ss:[ebp-3C]
005D4B4D . 52 push edx
005D4B4E . FF15 FC104000 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
005D4B54 . 8985 04FFFFFF mov dword ptr ss:[ebp-FC],eax
005D4B5A . 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
005D4B5D . 50 push eax
005D4B5E . 8B8D 04FFFFFF mov ecx,dword ptr ss:[ebp-FC]
005D4B64 . 8B11 mov edx,dword ptr ds:[ecx]
005D4B66 . 8B85 04FFFFFF mov eax,dword ptr ss:[ebp-FC]
005D4B6C . 50 push eax
005D4B6D . FF92 A0000000 call dword ptr ds:[edx+A0]
005D4B73 . DBE2 fclex
005D4B75 . 8985 00FFFFFF mov dword ptr ss:[ebp-100],eax
005D4B7B . 83BD 00FFFFFF 00 cmp dword ptr ss:[ebp-100],0
005D4B82 . 7D 26 jge short emu8086.005D4BAA
005D4B84 . 68 A0000000 push 0A0
005D4B89 . 68 B8454400 push emu8086.004445B8
005D4B8E . 8B8D 04FFFFFF mov ecx,dword ptr ss:[ebp-FC]
005D4B94 . 51 push ecx
005D4B95 . 8B95 00FFFFFF mov edx,dword ptr ss:[ebp-100]
005D4B9B . 52 push edx
005D4B9C . FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>; MSVBVM60.__vbaHresultCheckObj
005D4BA2 . 8985 6CFEFFFF mov dword ptr ss:[ebp-194],eax
005D4BA8 . EB 0A jmp short emu8086.005D4BB4
005D4BAA > C785 6CFEFFFF 00000000 mov dword ptr ss:[ebp-194],0
005D4BB4 > 8B45 D4 mov eax,dword ptr ss:[ebp-2C]
005D4BB7 . 8985 C0FEFFFF mov dword ptr ss:[ebp-140],eax ; 运行至此,寄存器中已出现输入的假码
005D4BBD . C745 D4 00000000 mov dword ptr ss:[ebp-2C],0
005D4BC4 . 8B95 C0FEFFFF mov edx,dword ptr ss:[ebp-140]
005D4BCA . 8D4D CC lea ecx,dword ptr ss:[ebp-34]
005D4BCD . FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
005D4BD3 . 8B4D D8 mov ecx,dword ptr ss:[ebp-28]
005D4BD6 . 898D BCFEFFFF mov dword ptr ss:[ebp-144],ecx
005D4BDC . C745 D8 00000000 mov dword ptr ss:[ebp-28],0
005D4BE3 . 8B95 BCFEFFFF mov edx,dword ptr ss:[ebp-144]
005D4BE9 . 8D4D D0 lea ecx,dword ptr ss:[ebp-30]
005D4BEC . FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
005D4BF2 . 68 64D46100 push emu8086.0061D464
005D4BF7 . 68 84D46100 push emu8086.0061D484 ; d
005D4BFC . 8D55 CC lea edx,dword ptr ss:[ebp-34]
005D4BFF . 52 push edx
005D4C00 . 8D45 D0 lea eax,dword ptr ss:[ebp-30]
005D4C03 . 50 push eax
005D4C04 . E8 E70F0000 call emu8086.005D5BF0
005D4C09 . 8D4D CC lea ecx,dword ptr ss:[ebp-34]
005D4C0C . 51 push ecx
005D4C0D . 8D55 D0 lea edx,dword ptr ss:[ebp-30]
005D4C10 . 52 push edx
005D4C11 . 6A 02 push 2
005D4C13 . FF15 44134000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStrList>; MSVBVM60.__vbaFreeStrList
005D4C19 . 83C4 0C add esp,0C
005D4C1C . 8D45 C4 lea eax,dword ptr ss:[ebp-3C]
005D4C1F . 50 push eax
005D4C20 . 8D4D C8 lea ecx,dword ptr ss:[ebp-38]
005D4C23 . 51 push ecx
005D4C24 . 6A 02 push 2
005D4C26 . FF15 60104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeObjList>; MSVBVM60.__vbaFreeObjList
005D4C2C . 83C4 0C add esp,0C
005D4C2F . C745 FC 21000000 mov dword ptr ss:[ebp-4],21
005D4C36 . 66:C785 10FFFFFF FFFF mov word ptr ss:[ebp-F0],0FFFF
005D4C3F . 8D95 10FFFFFF lea edx,dword ptr ss:[ebp-F0]
005D4C45 . 52 push edx
005D4C46 . E8 35130000 call emu8086.005D5F80 ; 这个call按f8也能过去,就是算法call 按f7多走路
005D4C4B . C745 FC 22000000 mov dword ptr ss:[ebp-4],22 ; 返回于此
005D4C52 . 0FBF05 70D46100 movsx eax,word ptr ds:[61D470]
005D4C59 . 85C0 test eax,eax
005D4C5B 0F84 53050000 je emu8086.005D51B4 ; 关键的一跳,跳向失败处
005D4C61 . C745 FC 23000000 mov dword ptr ss:[ebp-4],23
005D4C68 . 68 0000FF00 push 0FF0000
005D4C6D . 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
005D4C70 . 8B11 mov edx,dword ptr ds:[ecx]
005D4C72 . 8B45 08 mov eax,dword ptr ss:[ebp+8]
005D4C75 . 50 push eax
005D4C76 . FF52 64 call dword ptr ds:[edx+64]
005D4C79 . DBE2 fclex
005D4C7B . 8985 0CFFFFFF mov dword ptr ss:[ebp-F4],eax
005D4C81 . 83BD 0CFFFFFF 00 cmp dword ptr ss:[ebp-F4],0
005D4C88 7D 20 jge short emu8086.005D4CAA
005D4C8A . 6A 64 push 64
005D4C8C . 68 60B24400 push emu8086.0044B260
005D4C91 . 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
005D4C94 . 51 push ecx
005D4C95 . 8B95 0CFFFFFF mov edx,dword ptr ss:[ebp-F4]
005D4C9B . 52 push edx
005D4C9C . FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>; MSVBVM60.__vbaHresultCheckObj
005D4CA2 . 8985 68FEFFFF mov dword ptr ss:[ebp-198],eax
005D4CA8 . EB 0A jmp short emu8086.005D4CB4
005D4CAA > C785 68FEFFFF 00000000 mov dword ptr ss:[ebp-198],0
005D4CB4 > C745 FC 24000000 mov dword ptr ss:[ebp-4],24 ; 下面一句不用我多说了吧,注册成功了
005D4CBB . 68 18074500 push emu8086.00450718 ; the software is successfully registered
005D4CC0 . 8B45 08 mov eax,dword ptr ss:[ebp+8]
005D4CC3 . 8B08 mov ecx,dword ptr ds:[eax]
005D4CC5 . 8B55 08 mov edx,dword ptr ss:[ebp+8]
005D4CC8 . 52 push edx
005D4CC9 . FF51 54 call dword ptr ds:[ecx+54]
005D4CCC . DBE2 fclex
005D4CCE . 8985 0CFFFFFF mov dword ptr ss:[ebp-F4],eax
005D4CD4 . 83BD 0CFFFFFF 00 cmp dword ptr ss:[ebp-F4],0
005D4CDB . 7D 20 jge short emu8086.005D4CFD
005D4CDD . 6A 54 push 54
005D4CDF . 68 60B24400 push emu8086.0044B260
005D4CE4 . 8B45 08 mov eax,dword ptr ss:[ebp+8]
005D4CE7 . 50 push eax
005D4CE8 . 8B8D 0CFFFFFF mov ecx,dword ptr ss:[ebp-F4]
005D4CEE . 51 push ecx
005D4CEF . FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>; MSVBVM60.__vbaHresultCheckObj
005D4CF5 . 8985 64FEFFFF mov dword ptr ss:[ebp-19C],eax
005D4CFB . EB 0A jmp short emu8086.005D4D07
005D4CFD > C785 64FEFFFF 00000000 mov dword ptr ss:[ebp-19C],0
005D4D07 > C745 FC 25000000 mov dword ptr ss:[ebp-4],25
005D4D0E . 8B55 08 mov edx,dword ptr ss:[ebp+8]
005D4D11 . 8B02 mov eax,dword ptr ds:[edx]
005D4D13 . 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
005D4D16 . 51 push ecx
005D4D17 . FF90 0C030000 call dword ptr ds:[eax+30C]
005D4D1D . 50 push eax
005D4D1E . 8D55 C8 lea edx,dword ptr ss:[ebp-38]
005D4D21 . 52 push edx
005D4D22 . FF15 FC104000 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
005D4D28 . 8985 0CFFFFFF mov dword ptr ss:[ebp-F4],eax
005D4D2E . 6A 00 push 0
005D4D30 . 8B85 0CFFFFFF mov eax,dword ptr ss:[ebp-F4]
005D4D36 . 8B08 mov ecx,dword ptr ds:[eax]
005D4D38 . 8B95 0CFFFFFF mov edx,dword ptr ss:[ebp-F4]
005D4D3E . 52 push edx
005D4D3F . FF91 94000000 call dword ptr ds:[ecx+94]
005D4D45 . DBE2 fclex
005D4D47 . 8985 08FFFFFF mov dword ptr ss:[ebp-F8],eax
005D4D4D . 83BD 08FFFFFF 00 cmp dword ptr ss:[ebp-F8],0
005D4D54 . 7D 26 jge short emu8086.005D4D7C
005D4D56 . 68 94000000 push 94
005D4D5B . 68 80B54300 push emu8086.0043B580
005D4D60 . 8B85 0CFFFFFF mov eax,dword ptr ss:[ebp-F4]
005D4D66 . 50 push eax
005D4D67 . 8B8D 08FFFFFF mov ecx,dword ptr ss:[ebp-F8]
005D4D6D . 51 push ecx
005D4D6E . FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>; MSVBVM60.__vbaHresultCheckObj
005D4D74 . 8985 60FEFFFF mov dword ptr ss:[ebp-1A0],eax
005D4D7A . EB 0A jmp short emu8086.005D4D86
005D4D7C > C785 60FEFFFF 00000000 mov dword ptr ss:[ebp-1A0],0
005D4D86 > 8D4D C8 lea ecx,dword ptr ss:[ebp-38]
005D4D89 . FF15 38144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
005D4D8F . C745 FC 26000000 mov dword ptr ss:[ebp-4],26
005D4D96 . 8B55 08 mov edx,dword ptr ss:[ebp+8]
005D4D99 . 8B02 mov eax,dword ptr ds:[edx]
005D4D9B . 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
005D4D9E . 51 push ecx
005D4D9F . FF90 04030000 call dword ptr ds:[eax+304]
005D4DA5 . 50 push eax
005D4DA6 . 8D55 C8 lea edx,dword ptr ss:[ebp-38]
005D4DA9 . 52 push edx
005D4DAA . FF15 FC104000 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
005D4DB0 . 8985 0CFFFFFF mov dword ptr ss:[ebp-F4],eax
005D4DB6 . 6A 00 push 0
005D4DB8 . 8B85 0CFFFFFF mov eax,dword ptr ss:[ebp-F4]
005D4DBE . 8B08 mov ecx,dword ptr ds:[eax]
005D4DC0 . 8B95 0CFFFFFF mov edx,dword ptr ss:[ebp-F4]
005D4DC6 . 52 push edx
005D4DC7 . FF91 94000000 call dword ptr ds:[ecx+94]
005D4DCD . DBE2 fclex
005D4DCF . 8985 08FFFFFF mov dword ptr ss:[ebp-F8],eax
005D4DD5 . 83BD 08FFFFFF 00 cmp dword ptr ss:[ebp-F8],0
005D4DDC . 7D 26 jge short emu8086.005D4E04
005D4DDE . 68 94000000 push 94
005D4DE3 . 68 80B54300 push emu8086.0043B580
005D4DE8 . 8B85 0CFFFFFF mov eax,dword ptr ss:[ebp-F4]
005D4DEE . 50 push eax
005D4DEF . 8B8D 08FFFFFF mov ecx,dword ptr ss:[ebp-F8]
005D4DF5 . 51 push ecx
005D4DF6 . FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>; MSVBVM60.__vbaHresultCheckObj
005D4DFC . 8985 5CFEFFFF mov dword ptr ss:[ebp-1A4],eax
005D4E02 . EB 0A jmp short emu8086.005D4E0E
005D4E04 > C785 5CFEFFFF 00000000 mov dword ptr ss:[ebp-1A4],0
005D4E0E > 8D4D C8 lea ecx,dword ptr ss:[ebp-38]
005D4E11 . FF15 38144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
005D4E17 . C745 FC 27000000 mov dword ptr ss:[ebp-4],27
005D4E1E . 8B55 08 mov edx,dword ptr ss:[ebp+8]
005D4E21 . 8B02 mov eax,dword ptr ds:[edx]
005D4E23 . 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
005D4E26 . 51 push ecx
005D4E27 . FF90 08030000 call dword ptr ds:[eax+308]
005D4E2D . 50 push eax
005D4E2E . 8D55 C8 lea edx,dword ptr ss:[ebp-38]
005D4E31 . 52 push edx
005D4E32 . FF15 FC104000 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
005D4E38 . 8985 0CFFFFFF mov dword ptr ss:[ebp-F4],eax
005D4E3E . 6A 00 push 0
005D4E40 . 8B85 0CFFFFFF mov eax,dword ptr ss:[ebp-F4]
005D4E46 . 8B08 mov ecx,dword ptr ds:[eax]
005D4E48 . 8B95 0CFFFFFF mov edx,dword ptr ss:[ebp-F4]
005D4E4E . 52 push edx
005D4E4F . FF91 94000000 call dword ptr ds:[ecx+94]
005D4E55 . DBE2 fclex
005D4E57 . 8985 08FFFFFF mov dword ptr ss:[ebp-F8],eax
005D4E5D . 83BD 08FFFFFF 00 cmp dword ptr ss:[ebp-F8],0
005D4E64 . 7D 26 jge short emu8086.005D4E8C
005D4E66 . 68 94000000 push 94
005D4E6B . 68 80B54300 push emu8086.0043B580
005D4E70 . 8B85 0CFFFFFF mov eax,dword ptr ss:[ebp-F4]
005D4E76 . 50 push eax
005D4E77 . 8B8D 08FFFFFF mov ecx,dword ptr ss:[ebp-F8]
005D4E7D . 51 push ecx
005D4E7E . FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>; MSVBVM60.__vbaHresultCheckObj
005D4E84 . 8985 58FEFFFF mov dword ptr ss:[ebp-1A8],eax
005D4E8A . EB 0A jmp short emu8086.005D4E96
005D4E8C > C785 58FEFFFF 00000000 mov dword ptr ss:[ebp-1A8],0
005D4E96 > 8D4D C8 lea ecx,dword ptr ss:[ebp-38]
005D4E99 . FF15 38144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
005D4E9F . C745 FC 28000000 mov dword ptr ss:[ebp-4],28
005D4EA6 . 8B55 08 mov edx,dword ptr ss:[ebp+8]
005D4EA9 . 8B02 mov eax,dword ptr ds:[edx]
005D4EAB . 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
005D4EAE . 51 push ecx
005D4EAF . FF90 00030000 call dword ptr ds:[eax+300]
005D4EB5 . 50 push eax
005D4EB6 . 8D55 C8 lea edx,dword ptr ss:[ebp-38]
005D4EB9 . 52 push edx
005D4EBA . FF15 FC104000 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
005D4EC0 . 8985 0CFFFFFF mov dword ptr ss:[ebp-F4],eax
005D4EC6 . 6A 00 push 0
005D4EC8 . 8B85 0CFFFFFF mov eax,dword ptr ss:[ebp-F4]
005D4ECE . 8B08 mov ecx,dword ptr ds:[eax]
005D4ED0 . 8B95 0CFFFFFF mov edx,dword ptr ss:[ebp-F4]
005D4ED6 . 52 push edx
005D4ED7 . FF91 94000000 call dword ptr ds:[ecx+94]
005D4EDD . DBE2 fclex
005D4EDF . 8985 08FFFFFF mov dword ptr ss:[ebp-F8],eax
005D4EE5 . 83BD 08FFFFFF 00 cmp dword ptr ss:[ebp-F8],0
005D4EEC . 7D 26 jge short emu8086.005D4F14
005D4EEE . 68 94000000 push 94
005D4EF3 . 68 B8454400 push emu8086.004445B8
005D4EF8 . 8B85 0CFFFFFF mov eax,dword ptr ss:[ebp-F4]
005D4EFE . 50 push eax
005D4EFF . 8B8D 08FFFFFF mov ecx,dword ptr ss:[ebp-F8]
005D4F05 . 51 push ecx
005D4F06 . FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>; MSVBVM60.__vbaHresultCheckObj
005D4F0C . 8985 54FEFFFF mov dword ptr ss:[ebp-1AC],eax
005D4F12 . EB 0A jmp short emu8086.005D4F1E
005D4F14 > C785 54FEFFFF 00000000 mov dword ptr ss:[ebp-1AC],0
005D4F1E > 8D4D C8 lea ecx,dword ptr ss:[ebp-38]
005D4F21 . FF15 38144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
005D4F27 . C745 FC 29000000 mov dword ptr ss:[ebp-4],29
005D4F2E . 8B55 08 mov edx,dword ptr ss:[ebp+8]
005D4F31 . 8B02 mov eax,dword ptr ds:[edx]
005D4F33 . 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
005D4F36 . 51 push ecx
005D4F37 . FF90 FC020000 call dword ptr ds:[eax+2FC]
005D4F3D . 50 push eax
005D4F3E . 8D55 C8 lea edx,dword ptr ss:[ebp-38]
005D4F41 . 52 push edx
005D4F42 . FF15 FC104000 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
005D4F48 . 8985 0CFFFFFF mov dword ptr ss:[ebp-F4],eax
005D4F4E . 6A 00 push 0
005D4F50 . 8B85 0CFFFFFF mov eax,dword ptr ss:[ebp-F4]
005D4F56 . 8B08 mov ecx,dword ptr ds:[eax]
005D4F58 . 8B95 0CFFFFFF mov edx,dword ptr ss:[ebp-F4]
005D4F5E . 52 push edx
005D4F5F . FF91 94000000 call dword ptr ds:[ecx+94]
005D4F65 . DBE2 fclex
005D4F67 . 8985 08FFFFFF mov dword ptr ss:[ebp-F8],eax
005D4F6D . 83BD 08FFFFFF 00 cmp dword ptr ss:[ebp-F8],0
005D4F74 . 7D 26 jge short emu8086.005D4F9C
005D4F76 . 68 94000000 push 94
005D4F7B . 68 B8454400 push emu8086.004445B8
005D4F80 . 8B85 0CFFFFFF mov eax,dword ptr ss:[ebp-F4]
005D4F86 . 50 push eax
005D4F87 . 8B8D 08FFFFFF mov ecx,dword ptr ss:[ebp-F8]
005D4F8D . 51 push ecx
005D4F8E . FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>; MSVBVM60.__vbaHresultCheckObj
005D4F94 . 8985 50FEFFFF mov dword ptr ss:[ebp-1B0],eax
005D4F9A . EB 0A jmp short emu8086.005D4FA6
005D4F9C > C785 50FEFFFF 00000000 mov dword ptr ss:[ebp-1B0],0
005D4FA6 > 8D4D C8 lea ecx,dword ptr ss:[ebp-38]
005D4FA9 . FF15 38144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
005D4FAF . C745 FC 2A000000 mov dword ptr ss:[ebp-4],2A
005D4FB6 . 8B55 08 mov edx,dword ptr ss:[ebp+8]
005D4FB9 . 8B02 mov eax,dword ptr ds:[edx]
005D4FBB . 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
005D4FBE . 51 push ecx
005D4FBF . FF90 14030000 call dword ptr ds:[eax+314]
005D4FC5 . 50 push eax
005D4FC6 . 8D55 C8 lea edx,dword ptr ss:[ebp-38]
005D4FC9 . 52 push edx
005D4FCA . FF15 FC104000 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
005D4FD0 . 8985 0CFFFFFF mov dword ptr ss:[ebp-F4],eax
005D4FD6 . 6A 00 push 0
005D4FD8 . 8B85 0CFFFFFF mov eax,dword ptr ss:[ebp-F4]
005D4FDE . 8B08 mov ecx,dword ptr ds:[eax]
005D4FE0 . 8B95 0CFFFFFF mov edx,dword ptr ss:[ebp-F4]
005D4FE6 . 52 push edx
005D4FE7 . FF91 9C000000 call dword ptr ds:[ecx+9C]
005D4FED . DBE2 fclex
005D4FEF . 8985 08FFFFFF mov dword ptr ss:[ebp-F8],eax
005D4FF5 . 83BD 08FFFFFF 00 cmp dword ptr ss:[ebp-F8],0
005D4FFC . 7D 26 jge short emu8086.005D5024
005D4FFE . 68 9C000000 push 9C
005D5003 . 68 5CB74300 push emu8086.0043B75C
005D5008 . 8B85 0CFFFFFF mov eax,dword ptr ss:[ebp-F4]
005D500E . 50 push eax
005D500F . 8B8D 08FFFFFF mov ecx,dword ptr ss:[ebp-F8]
005D5015 . 51 push ecx
005D5016 . FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>; MSVBVM60.__vbaHresultCheckObj
005D501C . 8985 4CFEFFFF mov dword ptr ss:[ebp-1B4],eax
005D5022 . EB 0A jmp short emu8086.005D502E
005D5024 > C785 4CFEFFFF 00000000 mov dword ptr ss:[ebp-1B4],0
005D502E > 8D4D C8 lea ecx,dword ptr ss:[ebp-38]
005D5031 . FF15 38144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
005D5037 . C745 FC 2B000000 mov dword ptr ss:[ebp-4],2B
005D503E . 8B55 08 mov edx,dword ptr ss:[ebp+8]
005D5041 . 8B02 mov eax,dword ptr ds:[edx]
005D5043 . 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
005D5046 . 51 push ecx
005D5047 . FF90 10030000 call dword ptr ds:[eax+310]
005D504D . 50 push eax
005D504E . 8D55 C8 lea edx,dword ptr ss:[ebp-38]
005D5051 . 52 push edx
005D5052 . FF15 FC104000 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
005D5058 . 8985 0CFFFFFF mov dword ptr ss:[ebp-F4],eax
005D505E . 6A 00 push 0
005D5060 . 8B85 0CFFFFFF mov eax,dword ptr ss:[ebp-F4]
005D5066 . 8B08 mov ecx,dword ptr ds:[eax]
005D5068 . 8B95 0CFFFFFF mov edx,dword ptr ss:[ebp-F4]
005D506E . 52 push edx
005D506F . FF91 9C000000 call dword ptr ds:[ecx+9C]
005D5075 . DBE2 fclex
005D5077 . 8985 08FFFFFF mov dword ptr ss:[ebp-F8],eax
005D507D . 83BD 08FFFFFF 00 cmp dword ptr ss:[ebp-F8],0
005D5084 . 7D 26 jge short emu8086.005D50AC
005D5086 . 68 9C000000 push 9C
005D508B . 68 5CB74300 push emu8086.0043B75C
005D5090 . 8B85 0CFFFFFF mov eax,dword ptr ss:[ebp-F4]
005D5096 . 50 push eax
005D5097 . 8B8D 08FFFFFF mov ecx,dword ptr ss:[ebp-F8]
005D509D . 51 push ecx
005D509E . FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>; MSVBVM60.__vbaHresultCheckObj
005D50A4 . 8985 48FEFFFF mov dword ptr ss:[ebp-1B8],eax
005D50AA . EB 0A jmp short emu8086.005D50B6
005D50AC > C785 48FEFFFF 00000000 mov dword ptr ss:[ebp-1B8],0
005D50B6 > 8D4D C8 lea ecx,dword ptr ss:[ebp-38]
005D50B9 . FF15 38144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
005D50BF . C745 FC 2C000000 mov dword ptr ss:[ebp-4],2C
005D50C6 . C745 8C 04000280 mov dword ptr ss:[ebp-74],80020004
005D50CD . C745 84 0A000000 mov dword ptr ss:[ebp-7C],0A
005D50D4 . C745 9C 04000280 mov dword ptr ss:[ebp-64],80020004
005D50DB . C745 94 0A000000 mov dword ptr ss:[ebp-6C],0A
005D50E2 . C785 3CFFFFFF 4C744300 mov dword ptr ss:[ebp-C4],emu8086.0043744C
005D50EC . C785 34FFFFFF 08000000 mov dword ptr ss:[ebp-CC],8
005D50F6 . 8D95 34FFFFFF lea edx,dword ptr ss:[ebp-CC]
005D50FC . 8D4D A4 lea ecx,dword ptr ss:[ebp-5C]
005D50FF . FF15 94134000 call dword ptr ds:[<&MSVBVM60.__vbaVarDup>] ; MSVBVM60.__vbaVarDup
005D5105 . C785 4CFFFFFF 6C074500 mov dword ptr ss:[ebp-B4],emu8086.0045076C ; THANK YOU
005D510F . C785 44FFFFFF 08000000 mov dword ptr ss:[ebp-BC],8
005D5119 . 8D95 44FFFFFF lea edx,dword ptr ss:[ebp-BC]
005D511F . 8D4D B4 lea ecx,dword ptr ss:[ebp-4C]
005D5122 . FF15 94134000 call dword ptr ds:[<&MSVBVM60.__vbaVarDup>] ; MSVBVM60.__vbaVarDup
005D5128 . 8D55 84 lea edx,dword ptr ss:[ebp-7C]
005D512B . 52 push edx
005D512C . 8D45 94 lea eax,dword ptr ss:[ebp-6C]
005D512F . 50 push eax
005D5130 . 8D4D A4 lea ecx,dword ptr ss:[ebp-5C]
005D5133 . 51 push ecx
005D5134 . 6A 00 push 0
005D5136 . 8D55 B4 lea edx,dword ptr ss:[ebp-4C]
005D5139 . 52 push edx
005D513A . FF15 00114000 call dword ptr ds:[<&MSVBVM60.#595>] ; MSVBVM60.rtcMsgBox
005D5140 . 8D45 84 lea eax,dword ptr ss:[ebp-7C]
005D5143 . 50 push eax
005D5144 . 8D4D 94 lea ecx,dword ptr ss:[ebp-6C]
005D5147 . 51 push ecx
005D5148 . 8D55 A4 lea edx,dword ptr ss:[ebp-5C]
005D514B . 52 push edx
005D514C . 8D45 B4 lea eax,dword ptr ss:[ebp-4C]
005D514F . 50 push eax
005D5150 . 6A 04 push 4
005D5152 . FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>; MSVBVM60.__vbaFreeVarList
005D5158 . 83C4 14 add esp,14
005D515B . C745 FC 2D000000 mov dword ptr ss:[ebp-4],2D
005D5162 . 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
005D5165 . 8B11 mov edx,dword ptr ds:[ecx]
005D5167 . 8B45 08 mov eax,dword ptr ss:[ebp+8]
005D516A . 50 push eax
005D516B . FF92 B4020000 call dword ptr ds:[edx+2B4]
005D5171 . DBE2 fclex
005D5173 . 8985 0CFFFFFF mov dword ptr ss:[ebp-F4],eax
005D5179 . 83BD 0CFFFFFF 00 cmp dword ptr ss:[ebp-F4],0
005D5180 7D 23 jge short emu8086.005D51A5
005D5182 . 68 B4020000 push 2B4
005D5187 . 68 60B24400 push emu8086.0044B260
005D518C . 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
005D518F . 51 push ecx
005D5190 . 8B95 0CFFFFFF mov edx,dword ptr ss:[ebp-F4]
005D5196 . 52 push edx
005D5197 . FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>; MSVBVM60.__vbaHresultCheckObj
005D519D . 8985 44FEFFFF mov dword ptr ss:[ebp-1BC],eax
005D51A3 . EB 0A jmp short emu8086.005D51AF
005D51A5 > C785 44FEFFFF 00000000 mov dword ptr ss:[ebp-1BC],0
005D51AF > E9 F5000000 jmp emu8086.005D52A9
005D51B4 > C745 FC 2F000000 mov dword ptr ss:[ebp-4],2F ; 跳到这里,即错误提示处
005D51BB . BA C0074500 mov edx,emu8086.004507C0 ; wrong registration key.
005D51C0 . 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
005D51C3 . FF15 28134000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ; MSVBVM60.__vbaStrCopy
005D51C9 . 8D45 D8 lea eax,dword ptr ss:[ebp-28]
005D51CC . 50 push eax
005D51CD . E8 CE8F0100 call emu8086.005EE1A0
005D51D2 . 8BD0 mov edx,eax
005D51D4 . 8D4D D0 lea ecx,dword ptr ss:[ebp-30]
005D51D7 . FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
005D51DD . BA 0C0E4400 mov edx,emu8086.00440E0C ; error!
005D51E2 . 8D4D D4 lea ecx,dword ptr ss:[ebp-2C]
005D51E5 . FF15 28134000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ; MSVBVM60.__vbaStrCopy
005D51EB . 8D4D D4 lea ecx,dword ptr ss:[ebp-2C]
005D51EE . 51 push ecx
005D51EF . E8 AC8F0100 call emu8086.005EE1A0
005D51F4 . 8BD0 mov edx,eax
005D51F6 . 8D4D CC lea ecx,dword ptr ss:[ebp-34]
005D51F9 . FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
005D51FF . C745 8C 04000280 mov dword ptr ss:[ebp-74],80020004
005D5206 . C745 84 0A000000 mov dword ptr ss:[ebp-7C],0A
005D520D . C745 9C 04000280 mov dword ptr ss:[ebp-64],80020004
005D5214 . C745 94 0A000000 mov dword ptr ss:[ebp-6C],0A
005D521B . 8B55 CC mov edx,dword ptr ss:[ebp-34]
005D521E . 8995 B8FEFFFF mov dword ptr ss:[ebp-148],edx
005D5224 . C745 CC 00000000 mov dword ptr ss:[ebp-34],0
005D522B . 8B85 B8FEFFFF mov eax,dword ptr ss:[ebp-148]
005D5231 . 8945 AC mov dword ptr ss:[ebp-54],eax
005D5234 . C745 A4 08000000 mov dword ptr ss:[ebp-5C],8
005D523B . 8B4D D0 mov ecx,dword ptr ss:[ebp-30]
005D523E . 898D B4FEFFFF mov dword ptr ss:[ebp-14C],ecx
005D5244 . C745 D0 00000000 mov dword ptr ss:[ebp-30],0
005D524B . 8B95 B4FEFFFF mov edx,dword ptr ss:[ebp-14C]
005D5251 . 8955 BC mov dword ptr ss:[ebp-44],edx
005D5254 . C745 B4 08000000 mov dword ptr ss:[ebp-4C],8
005D525B . 8D45 84 lea eax,dword ptr ss:[ebp-7C]
005D525E . 50 push eax
005D525F . 8D4D 94 lea ecx,dword ptr ss:[ebp-6C]
005D5262 . 51 push ecx
005D5263 . 8D55 A4 lea edx,dword ptr ss:[ebp-5C]
005D5266 . 52 push edx
005D5267 . 6A 00 push 0
005D5269 . 8D45 B4 lea eax,dword ptr ss:[ebp-4C]
005D526C . 50 push eax ; 下面的call就弹出错误提示框了
005D526D . FF15 00114000 call dword ptr ds:[<&MSVBVM60.#595>] ; MSVBVM60.rtcMsgBox
-----------------------------进入关键call后的流程-----------------------------------
005D5F80 $ 55 push ebp ; 按f7后到此处。。。
005D5F81 . 8BEC mov ebp,esp
005D5F83 . 83EC 14 sub esp,14
005D5F86 . 68 16974100 push <jmp.&MSVBVM60.__vbaExceptHandler> ; SE 处理程序安装
005D5F8B . 64:A1 00000000 mov eax,dword ptr fs:[0]
005D5F91 . 50 push eax
005D5F92 . 64:8925 00000000 mov dword ptr fs:[0],esp
005D5F99 . 83EC 60 sub esp,60
005D5F9C . 53 push ebx
005D5F9D . 56 push esi
005D5F9E . 57 push edi
005D5F9F . 8965 EC mov dword ptr ss:[ebp-14],esp
005D5FA2 . C745 F0 A8574100 mov dword ptr ss:[ebp-10],emu8086.004157A8
005D5FA9 . 33C0 xor eax,eax
005D5FAB . 8945 F4 mov dword ptr ss:[ebp-C],eax
005D5FAE . 8945 F8 mov dword ptr ss:[ebp-8],eax
005D5FB1 . 8945 E0 mov dword ptr ss:[ebp-20],eax
005D5FB4 . 8945 D8 mov dword ptr ss:[ebp-28],eax
005D5FB7 . 8945 D4 mov dword ptr ss:[ebp-2C],eax
005D5FBA . 8945 D0 mov dword ptr ss:[ebp-30],eax
005D5FBD . 8945 CC mov dword ptr ss:[ebp-34],eax
005D5FC0 . 8945 BC mov dword ptr ss:[ebp-44],eax
005D5FC3 . 8945 AC mov dword ptr ss:[ebp-54],eax
005D5FC6 . 8945 9C mov dword ptr ss:[ebp-64],eax
005D5FC9 . 6A 01 push 1
005D5FCB . FF15 F8104000 call dword ptr ds:[<&MSVBVM60.__vbaOnError>] ; MSVBVM60.__vbaOnError
005D5FD1 . B8 4C744300 mov eax,emu8086.0043744C
005D5FD6 . B9 08000000 mov ecx,8
005D5FDB . 83EC 10 sub esp,10
005D5FDE . 8BD4 mov edx,esp
005D5FE0 . 890A mov dword ptr ds:[edx],ecx
005D5FE2 . 8B75 A0 mov esi,dword ptr ss:[ebp-60]
005D5FE5 . 8972 04 mov dword ptr ds:[edx+4],esi
005D5FE8 . 8942 08 mov dword ptr ds:[edx+8],eax
005D5FEB . 8B5D A8 mov ebx,dword ptr ss:[ebp-58]
005D5FEE . 895A 0C mov dword ptr ds:[edx+C],ebx
005D5FF1 . 68 90084500 push emu8086.00450890 ; UserName
005D5FF6 . 68 CC054500 push emu8086.004505CC ; Reg
005D5FFB . 68 F8724300 push emu8086.004372F8 ; emu8086
005D6000 . FF15 74134000 call dword ptr ds:[<&MSVBVM60.#689>] ; MSVBVM60.rtcGetSetting
005D6006 . 8945 C4 mov dword ptr ss:[ebp-3C],eax
005D6009 . C745 BC 08000000 mov dword ptr ss:[ebp-44],8
005D6010 . 8D45 BC lea eax,dword ptr ss:[ebp-44]
005D6013 . 50 push eax
005D6014 . 8D4D AC lea ecx,dword ptr ss:[ebp-54]
005D6017 . 51 push ecx
005D6018 . FF15 30114000 call dword ptr ds:[<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar
005D601E . 8D55 AC lea edx,dword ptr ss:[ebp-54]
005D6021 . 52 push edx
005D6022 . FF15 38104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarMove>>; MSVBVM60.__vbaStrVarMove
005D6028 . 8BD0 mov edx,eax
005D602A . B9 74D46100 mov ecx,emu8086.0061D474
005D602F . 8B3D D0134000 mov edi,dword ptr ds:[<&MSVBVM60.__vbaStrMove>>; MSVBVM60.__vbaStrMove
005D6035 . FFD7 call edi ; <&MSVBVM60.__vbaStrMove>
005D6037 . 8D45 AC lea eax,dword ptr ss:[ebp-54]
005D603A . 50 push eax
005D603B . 8D4D BC lea ecx,dword ptr ss:[ebp-44]
005D603E . 51 push ecx
005D603F . 6A 02 push 2
005D6041 . FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>; MSVBVM60.__vbaFreeVarList
005D6047 . B8 4C744300 mov eax,emu8086.0043744C
005D604C . B9 08000000 mov ecx,8
005D6051 . 51 push ecx
005D6052 . 8BD4 mov edx,esp
005D6054 . 890A mov dword ptr ds:[edx],ecx
005D6056 . 8972 04 mov dword ptr ds:[edx+4],esi
005D6059 . 8942 08 mov dword ptr ds:[edx+8],eax
005D605C . 895A 0C mov dword ptr ds:[edx+C],ebx
005D605F . 68 A8084500 push emu8086.004508A8 ; RegKey
005D6064 . 68 CC054500 push emu8086.004505CC ; Reg
005D6069 . 68 F8724300 push emu8086.004372F8 ; emu8086
005D606E . FF15 74134000 call dword ptr ds:[<&MSVBVM60.#689>] ; MSVBVM60.rtcGetSetting
005D6074 . 8945 C4 mov dword ptr ss:[ebp-3C],eax
005D6077 . C745 BC 08000000 mov dword ptr ss:[ebp-44],8
005D607E . 8D45 BC lea eax,dword ptr ss:[ebp-44]
005D6081 . 50 push eax
005D6082 . 8D4D AC lea ecx,dword ptr ss:[ebp-54]
005D6085 . 51 push ecx
005D6086 . FF15 30114000 call dword ptr ds:[<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar
005D608C . 8D55 AC lea edx,dword ptr ss:[ebp-54]
005D608F . 52 push edx
005D6090 . FF15 38104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarMove>>; MSVBVM60.__vbaStrVarMove
005D6096 . 8BD0 mov edx,eax
005D6098 . B9 78D46100 mov ecx,emu8086.0061D478
005D609D . FFD7 call edi ; <&MSVBVM60.__vbaStrMove>
005D609F . 8D45 AC lea eax,dword ptr ss:[ebp-54]
005D60A2 . 50 push eax
005D60A3 . 8D4D BC lea ecx,dword ptr ss:[ebp-44]
005D60A6 . 51 push ecx
005D60A7 . 6A 02 push 2
005D60A9 . FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>; MSVBVM60.__vbaFreeVarList
005D60AF . B8 D0A04300 mov eax,emu8086.0043A0D0 ; 1
005D60B4 . B9 08000000 mov ecx,8
005D60B9 . 51 push ecx
005D60BA . 8BD4 mov edx,esp
005D60BC . 890A mov dword ptr ds:[edx],ecx
005D60BE . 8972 04 mov dword ptr ds:[edx+4],esi
005D60C1 . 8942 08 mov dword ptr ds:[edx+8],eax
005D60C4 . 895A 0C mov dword ptr ds:[edx+C],ebx
005D60C7 . 68 BC084500 push emu8086.004508BC ; LicCount
005D60CC . 68 CC054500 push emu8086.004505CC ; Reg
005D60D1 . 68 F8724300 push emu8086.004372F8 ; emu8086
005D60D6 . FF15 74134000 call dword ptr ds:[<&MSVBVM60.#689>] ; MSVBVM60.rtcGetSetting
005D60DC . 8945 C4 mov dword ptr ss:[ebp-3C],eax
005D60DF . C745 BC 08000000 mov dword ptr ss:[ebp-44],8
005D60E6 . 8D45 BC lea eax,dword ptr ss:[ebp-44]
005D60E9 . 50 push eax
005D60EA . 8D4D AC lea ecx,dword ptr ss:[ebp-54]
005D60ED . 51 push ecx
005D60EE . FF15 30114000 call dword ptr ds:[<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar
005D60F4 . 8D55 AC lea edx,dword ptr ss:[ebp-54]
005D60F7 . 52 push edx
005D60F8 . 8D45 D8 lea eax,dword ptr ss:[ebp-28]
005D60FB . 50 push eax
005D60FC . FF15 C4124000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarVal>] ; MSVBVM60.__vbaStrVarVal
005D6102 . 50 push eax
005D6103 . FF15 40144000 call dword ptr ds:[<&MSVBVM60.#581>] ; MSVBVM60.rtcR8ValFromBstr
005D6109 . FF15 9C134000 call dword ptr ds:[<&MSVBVM60.__vbaFpI2>] ; MSVBVM60.__vbaFpI2
005D610F . 66:A3 7CD46100 mov word ptr ds:[61D47C],ax
005D6115 . 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
005D6118 . FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
005D611E . 8D4D AC lea ecx,dword ptr ss:[ebp-54]
005D6121 . 51 push ecx
005D6122 . 8D55 BC lea edx,dword ptr ss:[ebp-44]
005D6125 . 52 push edx
005D6126 . 6A 02 push 2
005D6128 . FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>; MSVBVM60.__vbaFreeVarList
005D612E . B8 749E4300 mov eax,emu8086.00439E74 ; 0
005D6133 . B9 08000000 mov ecx,8
005D6138 . 51 push ecx
005D6139 . 8BD4 mov edx,esp
005D613B . 890A mov dword ptr ds:[edx],ecx
005D613D . 8972 04 mov dword ptr ds:[edx+4],esi
005D6140 . 8942 08 mov dword ptr ds:[edx+8],eax
005D6143 . 895A 0C mov dword ptr ds:[edx+C],ebx
005D6146 . 68 D8054500 push emu8086.004505D8 ; NCHK
005D614B . 68 CC054500 push emu8086.004505CC ; Reg
005D6150 . 68 0C734300 push emu8086.0043730C ; reg2x
005D6155 . FF15 74134000 call dword ptr ds:[<&MSVBVM60.#689>] ; MSVBVM60.rtcGetSetting
005D615B . 8BD0 mov edx,eax
005D615D . 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
005D6160 . FFD7 call edi ; <&MSVBVM60.__vbaStrMove>
005D6162 . 50 push eax
005D6163 . FF15 34134000 call dword ptr ds:[<&MSVBVM60.__vbaI4Str>] ; MSVBVM60.__vbaI4Str
005D6169 . 8BF0 mov esi,eax
005D616B . 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
005D616E . FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
005D6174 . 8D45 BC lea eax,dword ptr ss:[ebp-44]
005D6177 . 50 push eax
005D6178 . FF15 78134000 call dword ptr ds:[<&MSVBVM60.#610>] ; MSVBVM60.rtcGetDateVar
005D617E . 8D4D BC lea ecx,dword ptr ss:[ebp-44]
005D6181 . 51 push ecx
005D6182 . FF15 34144000 call dword ptr ds:[<&MSVBVM60.__vbaI4ErrVar>] ; MSVBVM60.__vbaI4ErrVar
005D6188 . 81C6 90010000 add esi,190
005D618E . 0F80 F1030000 jo emu8086.005D6585
005D6194 . 33DB xor ebx,ebx
005D6196 . 3BF0 cmp esi,eax
005D6198 . 0F9EC3 setle bl
005D619B . F7DB neg ebx
005D619D . 6A 01 push 1
005D619F . 8B15 78D46100 mov edx,dword ptr ds:[61D478]
005D61A5 . 52 push edx
005D61A6 . 68 BC054500 push emu8086.004505BC ; AX4CT
005D61AB . 6A 01 push 1
005D61AD . 8B35 14134000 mov esi,dword ptr ds:[<&MSVBVM60.__vbaInStr>] ; MSVBVM60.__vbaInStr
005D61B3 . FFD6 call esi ; <&MSVBVM60.__vbaInStr>
005D61B5 . 33C9 xor ecx,ecx
005D61B7 . 85C0 test eax,eax
005D61B9 . 0F9FC1 setg cl
005D61BC . F7D9 neg ecx
005D61BE . 23D9 and ebx,ecx
005D61C0 . 8D55 BC lea edx,dword ptr ss:[ebp-44]
005D61C3 . 52 push edx
005D61C4 . 8D45 BC lea eax,dword ptr ss:[ebp-44]
005D61C7 . 50 push eax
005D61C8 . 6A 02 push 2
005D61CA . FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>; MSVBVM60.__vbaFreeVarList
005D61D0 . 83C4 0C add esp,0C
005D61D3 . 66:85DB test bx,bx
005D61D6 . 0F84 DA000000 je emu8086.005D62B6
005D61DC . 66:C705 70D46100 0000 mov word ptr ds:[61D470],0
005D61E5 . B8 4C744300 mov eax,emu8086.0043744C
005D61EA . B9 08000000 mov ecx,8
005D61EF . 83EC 10 sub esp,10
005D61F2 . 8BD4 mov edx,esp
005D61F4 . 890A mov dword ptr ds:[edx],ecx
005D61F6 . 8B4D A0 mov ecx,dword ptr ss:[ebp-60]
005D61F9 . 894A 04 mov dword ptr ds:[edx+4],ecx
005D61FC . 8942 08 mov dword ptr ds:[edx+8],eax
005D61FF . 8B45 A8 mov eax,dword ptr ss:[ebp-58]
005D6202 . 8942 0C mov dword ptr ds:[edx+C],eax
005D6205 . 68 E8054500 push emu8086.004505E8 ; NCHKEXP
005D620A . 68 CC054500 push emu8086.004505CC ; Reg
005D620F . 68 0C734300 push emu8086.0043730C ; reg2x
005D6214 . FF15 74134000 call dword ptr ds:[<&MSVBVM60.#689>] ; MSVBVM60.rtcGetSetting
005D621A . 8BD0 mov edx,eax
005D621C . 8D4D E0 lea ecx,dword ptr ss:[ebp-20]
005D621F . FFD7 call edi ; <&MSVBVM60.__vbaStrMove>
005D6221 . 6A 01 push 1
005D6223 . 8B4D E0 mov ecx,dword ptr ss:[ebp-20]
005D6226 . 51 push ecx
005D6227 . 8B15 78D46100 mov edx,dword ptr ds:[61D478]
005D622D . 52 push edx
005D622E . 6A 01 push 1
005D6230 . FFD6 call esi ; <&MSVBVM60.__vbaInStr>
005D6232 . 85C0 test eax,eax
005D6234 . 0F8F EC020000 jg emu8086.005D6526
005D623A . 8B45 E0 mov eax,dword ptr ss:[ebp-20]
005D623D . 50 push eax
005D623E . FF15 3C104000 call dword ptr ds:[<&MSVBVM60.__vbaLenBstr>] ; MSVBVM60.__vbaLenBstr
005D6244 . 83F8 78 cmp eax,78
005D6247 . 7D 34 jge short emu8086.005D627D
005D6249 . 8B0D 78D46100 mov ecx,dword ptr ds:[61D478]
005D624F . 51 push ecx
005D6250 . 68 AC954300 push emu8086.004395AC ; ;
005D6255 . 8B35 88104000 mov esi,dword ptr ds:[<&MSVBVM60.__vbaStrCat>] ; MSVBVM60.__vbaStrCat
005D625B . FFD6 call esi ; <&MSVBVM60.__vbaStrCat>
005D625D . 8BD0 mov edx,eax
005D625F . 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
005D6262 . FFD7 call edi ; <&MSVBVM60.__vbaStrMove>
005D6264 . 50 push eax
005D6265 . 8B55 E0 mov edx,dword ptr ss:[ebp-20]
005D6268 . 52 push edx
005D6269 . FFD6 call esi ; <&MSVBVM60.__vbaStrCat>
005D626B . 8BD0 mov edx,eax
005D626D . 8D4D E0 lea ecx,dword ptr ss:[ebp-20]
005D6270 . FFD7 call edi ; <&MSVBVM60.__vbaStrMove>
005D6272 . 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
005D6275 . FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
005D627B . EB 0F jmp short emu8086.005D628C
005D627D > 8B15 78D46100 mov edx,dword ptr ds:[61D478]
005D6283 . 8D4D E0 lea ecx,dword ptr ss:[ebp-20]
005D6286 . FF15 28134000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ; MSVBVM60.__vbaStrCopy
005D628C > 8B45 E0 mov eax,dword ptr ss:[ebp-20]
005D628F . 50 push eax
005D6290 . 68 E8054500 push emu8086.004505E8 ; NCHKEXP
005D6295 . 68 CC054500 push emu8086.004505CC ; Reg
005D629A . 68 0C734300 push emu8086.0043730C ; reg2x
005D629F . FF15 10104000 call dword ptr ds:[<&MSVBVM60.#690>] ; MSVBVM60.rtcSaveSetting
005D62A5 . FF15 E0104000 call dword ptr ds:[<&MSVBVM60.__vbaExitProc>] ; MSVBVM60.__vbaExitProc
005D62AB . 9B wait
005D62AC . 68 72655D00 push emu8086.005D6572
005D62B1 . E9 B2020000 jmp emu8086.005D6568
005D62B6 > B8 4C744300 mov eax,emu8086.0043744C
005D62BB . B9 08000000 mov ecx,8
005D62C0 . 83EC 10 sub esp,10
005D62C3 . 8BD4 mov edx,esp
005D62C5 . 890A mov dword ptr ds:[edx],ecx
005D62C7 . 8B4D A0 mov ecx,dword ptr ss:[ebp-60]
005D62CA . 894A 04 mov dword ptr ds:[edx+4],ecx
005D62CD . 8942 08 mov dword ptr ds:[edx+8],eax
005D62D0 . 8B45 A8 mov eax,dword ptr ss:[ebp-58]
005D62D3 . 8942 0C mov dword ptr ds:[edx+C],eax
005D62D6 . 68 E8054500 push emu8086.004505E8 ; NCHKEXP
005D62DB . 68 CC054500 push emu8086.004505CC ; Reg
005D62E0 . 68 0C734300 push emu8086.0043730C ; reg2x
005D62E5 . FF15 74134000 call dword ptr ds:[<&MSVBVM60.#689>] ; MSVBVM60.rtcGetSetting
005D62EB . 8BD0 mov edx,eax
005D62ED . 8D4D E0 lea ecx,dword ptr ss:[ebp-20]
005D62F0 . FFD7 call edi
005D62F2 . 6A 01 push 1
005D62F4 . 8B4D E0 mov ecx,dword ptr ss:[ebp-20]
005D62F7 . 51 push ecx
005D62F8 . 8B15 78D46100 mov edx,dword ptr ds:[61D478]
005D62FE . 52 push edx
005D62FF . 6A 01 push 1
005D6301 . FFD6 call esi
005D6303 . 85C0 test eax,eax
005D6305 . 0F8F 1B020000 jg emu8086.005D6526
005D630B . 68 7CD46100 push emu8086.0061D47C ; d
005D6310 . 68 78D46100 push emu8086.0061D478
005D6315 . 68 74D46100 push emu8086.0061D474
005D631A . E8 71020000 call emu8086.005D6590
005D631F . 66:85C0 test ax,ax
005D6322 . 0F84 AB000000 je emu8086.005D63D3
005D6328 . 66:C705 70D46100 FFFF mov word ptr ds:[61D470],0FFFF
005D6331 . 8B45 08 mov eax,dword ptr ss:[ebp+8]
005D6334 . 66:8338 00 cmp word ptr ds:[eax],0
005D6338 . 0F84 E8010000 je emu8086.005D6526
005D633E . A1 08D46100 mov eax,dword ptr ds:[61D408]
005D6343 . 85C0 test eax,eax
005D6345 . 75 10 jnz short emu8086.005D6357
005D6347 . 68 08D46100 push emu8086.0061D408
005D634C . 68 C43B4200 push emu8086.00423BC4
005D6351 . FF15 0C134000 call dword ptr ds:[<&MSVBVM60.__vbaNew2>] ; MSVBVM60.__vbaNew2
005D6357 > 8B35 08D46100 mov esi,dword ptr ds:[61D408]
005D635D . 8B0E mov ecx,dword ptr ds:[esi]
005D635F . 56 push esi
005D6360 . FF91 F8060000 call dword ptr ds:[ecx+6F8]
005D6366 . DBE2 fclex
005D6368 . 85C0 test eax,eax
005D636A . 7D 12 jge short emu8086.005D637E
005D636C . 68 F8060000 push 6F8
005D6371 . 68 D8984300 push emu8086.004398D8
005D6376 . 56 push esi
005D6377 . 50 push eax
005D6378 . FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>; MSVBVM60.__vbaHresultCheckObj
005D637E > A1 24D06100 mov eax,dword ptr ds:[61D024]
005D6383 . 85C0 test eax,eax
005D6385 . 75 10 jnz short emu8086.005D6397
005D6387 . 68 24D06100 push emu8086.0061D024
005D638C . 68 2C514200 push emu8086.0042512C
005D6391 . FF15 0C134000 call dword ptr ds:[<&MSVBVM60.__vbaNew2>] ; MSVBVM60.__vbaNew2
005D6397 > 8B35 24D06100 mov esi,dword ptr ds:[61D024]
005D639D . 8B16 mov edx,dword ptr ds:[esi]
005D639F . 56 push esi
005D63A0 . FF92 F8060000 call dword ptr ds:[edx+6F8]
005D63A6 . DBE2 fclex
005D63A8 . 85C0 test eax,eax
005D63AA . 0F8D 76010000 jge emu8086.005D6526
005D63B0 . 68 F8060000 push 6F8
005D63B5 . 68 7C834300 push emu8086.0043837C
005D63BA . 56 push esi
005D63BB . 50 push eax
005D63BC . FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>; MSVBVM60.__vbaHresultCheckObj
005D63C2 . FF15 E0104000 call dword ptr ds:[<&MSVBVM60.__vbaExitProc>] ; MSVBVM60.__vbaExitProc
005D63C8 . 9B wait
005D63C9 . 68 72655D00 push emu8086.005D6572
005D63CE . E9 95010000 jmp emu8086.005D6568
005D63D3 > BA BC094500 mov edx,emu8086.004509BC ; emu8086.com
005D63D8 . 8D4D D4 lea ecx,dword ptr ss:[ebp-2C]
005D63DB . 8B35 28134000 mov esi,dword ptr ds:[<&MSVBVM60.__vbaStrCopy>>; MSVBVM60.__vbaStrCopy
005D63E1 . FFD6 call esi ; <&MSVBVM60.__vbaStrCopy>
005D63E3 . BA A4094500 mov edx,emu8086.004509A4 ; username
005D63E8 . 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
005D63EB . FFD6 call esi ; <&MSVBVM60.__vbaStrCopy>
005D63ED . 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
005D63F0 . 50 push eax
005D63F1 . 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
005D63F4 . 51 push ecx
005D63F5 . 68 24094500 push emu8086.00450924 ; reg.ini
005D63FA . E8 31970000 call emu8086.005DFB30
005D63FF . 8BD0 mov edx,eax
005D6401 . B9 74D46100 mov ecx,emu8086.0061D474
005D6406 . FFD7 call edi
005D6408 . 8D55 D4 lea edx,dword ptr ss:[ebp-2C]
005D640B . 52 push edx
005D640C . 8D45 D8 lea eax,dword ptr ss:[ebp-28]
005D640F . 50 push eax
005D6410 . 6A 02 push 2
005D6412 . 8B1D 44134000 mov ebx,dword ptr ds:[<&MSVBVM60.__vbaFreeStrL>; MSVBVM60.__vbaFreeStrList
005D6418 . FFD3 call ebx ; <&MSVBVM60.__vbaFreeStrList>
005D641A . 83C4 0C add esp,0C
005D641D . BA BC094500 mov edx,emu8086.004509BC ; emu8086.com
005D6422 . 8D4D D4 lea ecx,dword ptr ss:[ebp-2C]
005D6425 . FFD6 call esi ; <&MSVBVM60.__vbaStrCopy>
005D6427 . BA D8094500 mov edx,emu8086.004509D8 ; regkey
005D642C . 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
005D642F . FFD6 call esi ; <&MSVBVM60.__vbaStrCopy>
005D6431 . 8D4D D4 lea ecx,dword ptr ss:[ebp-2C]
005D6434 . 51 push ecx
005D6435 . 8D55 D8 lea edx,dword ptr ss:[ebp-28]
005D6438 . 52 push edx
005D6439 . 68 24094500 push emu8086.00450924 ; reg.ini
005D643E . E8 ED960000 call emu8086.005DFB30
005D6443 . 8BD0 mov edx,eax
005D6445 . B9 78D46100 mov ecx,emu8086.0061D478
005D644A . FFD7 call edi
005D644C . 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
005D644F . 50 push eax
005D6450 . 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
005D6453 . 51 push ecx
005D6454 . 6A 02 push 2
005D6456 . FFD3 call ebx ; <&MSVBVM60.__vbaFreeStrList>
005D6458 . 83C4 0C add esp,0C
005D645B . BA 749E4300 mov edx,emu8086.00439E74 ; 0
005D6460 . 8D4D D4 lea ecx,dword ptr ss:[ebp-2C]
005D6463 . FFD6 call esi ; <&MSVBVM60.__vbaStrCopy>
005D6465 . BA B4D64400 mov edx,emu8086.0044D6B4 ; q
005D646A . 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
005D646D . FFD6 call esi ; <&MSVBVM60.__vbaStrCopy>
005D646F . 8D55 D4 lea edx,dword ptr ss:[ebp-2C]
005D6472 . 52 push edx
005D6473 . 8D45 D8 lea eax,dword ptr ss:[ebp-28]
005D6476 . 50 push eax
005D6477 . 68 24094500 push emu8086.00450924 ; reg.ini
005D647C . E8 AF960000 call emu8086.005DFB30
005D6481 . 8BD0 mov edx,eax
005D6483 . 8D4D D0 lea ecx,dword ptr ss:[ebp-30]
005D6486 . FFD7 call edi
005D6488 . 50 push eax
005D6489 . FF15 88124000 call dword ptr ds:[<&MSVBVM60.__vbaI2Str>] ; MSVBVM60.__vbaI2Str
005D648F . 66:A3 7CD46100 mov word ptr ds:[61D47C],ax
005D6495 . 8D4D D0 lea ecx,dword ptr ss:[ebp-30]
005D6498 . 51 push ecx
005D6499 . 8D55 D4 lea edx,dword ptr ss:[ebp-2C]
005D649C . 52 push edx
005D649D . 8D45 D8 lea eax,dword ptr ss:[ebp-28]
005D64A0 . 50 push eax
005D64A1 . 6A 03 push 3
005D64A3 . FFD3 call ebx ; <&MSVBVM60.__vbaFreeStrList>
005D64A5 . 83C4 10 add esp,10
005D64A8 . 68 7CD46100 push emu8086.0061D47C ; d
005D64AD . 68 78D46100 push emu8086.0061D478
005D64B2 . 68 74D46100 push emu8086.0061D474
005D64B7 . E8 D4000000 call emu8086.005D6590 ; 第二次较验的call即读reg.ini文件
005D64BC . 66:F7D8 neg ax ; 两次注册校验后返回至此处
005D64BF . 1BC0 sbb eax,eax
005D64C1 . 66:A3 70D46100 mov word ptr ds:[61D470],ax
005D64C7 . FF15 E0104000 call dword ptr ds:[<&MSVBVM60.__vbaExitProc>] ; MSVBVM60.__vbaExitProc
005D64CD . 9B wait
005D64CE . 68 72655D00 push emu8086.005D6572
005D64D3 . E9 90000000 jmp emu8086.005D6568
005D64D8 . FF15 58134000 call dword ptr ds:[<&MSVBVM60.#685>] ; MSVBVM60.rtcErrObj
005D64DE . 50 push eax
005D64DF . 8D4D CC lea ecx,dword ptr ss:[ebp-34]
005D64E2 . 51 push ecx
005D64E3 . FF15 FC104000 call dword ptr ds:[<&MSVBVM60.__vbaObjSet>] ; MSVBVM60.__vbaObjSet
005D64E9 . 8BF0 mov esi,eax
005D64EB . 8B16 mov edx,dword ptr ds:[esi]
005D64ED . 8D45 D8 lea eax,dword ptr ss:[ebp-28]
005D64F0 . 50 push eax
005D64F1 . 56 push esi
005D64F2 . FF52 2C call dword ptr ds:[edx+2C]
005D64F5 . DBE2 fclex
005D64F7 . 85C0 test eax,eax
005D64F9 . 7D 0F jge short emu8086.005D650A
005D64FB . 6A 2C push 2C
005D64FD . 68 20854300 push emu8086.00438520
005D6502 . 56 push esi
005D6503 . 50 push eax
005D6504 . FF15 B0104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultChec>; MSVBVM60.__vbaHresultCheckObj
005D650A > 8D4D D4 lea ecx,dword ptr ss:[ebp-2C]
005D650D . 51 push ecx
005D650E . 8D55 D8 lea edx,dword ptr ss:[ebp-28]
005D6511 . 52 push edx
005D6512 . 6A 02 push 2
005D6514 . FF15 44134000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStrList>; MSVBVM60.__vbaFreeStrList
005D651A . 83C4 0C add esp,0C
005D651D . 8D4D CC lea ecx,dword ptr ss:[ebp-34]
005D6520 . FF15 38144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
005D6526 > FF15 E0104000 call dword ptr ds:[<&MSVBVM60.__vbaExitProc>] ; MSVBVM60.__vbaExitProc
005D652C . 9B wait
005D652D . 68 72655D00 push emu8086.005D6572
005D6532 . EB 34 jmp short emu8086.005D6568
005D6534 . 8D45 D0 lea eax,dword ptr ss:[ebp-30]
005D6537 . 50 push eax
005D6538 . 8D4D D4 lea ecx,dword ptr ss:[ebp-2C]
005D653B . 51 push ecx
005D653C . 8D55 D8 lea edx,dword ptr ss:[ebp-28]
005D653F . 52 push edx
005D6540 . 6A 03 push 3
005D6542 . FF15 44134000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStrList>; MSVBVM60.__vbaFreeStrList
005D6548 . 83C4 10 add esp,10
005D654B . 8D4D CC lea ecx,dword ptr ss:[ebp-34]
005D654E . FF15 38144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeObj>] ; MSVBVM60.__vbaFreeObj
005D6554 . 8D45 AC lea eax,dword ptr ss:[ebp-54]
005D6557 . 50 push eax
005D6558 . 8D4D BC lea ecx,dword ptr ss:[ebp-44]
005D655B . 51 push ecx
005D655C . 6A 02 push 2
005D655E . FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>; MSVBVM60.__vbaFreeVarList
005D6564 . 83C4 0C add esp,0C
005D6567 . C3 retn
005D6568 > 8D4D E0 lea ecx,dword ptr ss:[ebp-20]
005D656B . FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
005D6571 . C3 retn
005D6572 . 8B4D E4 mov ecx,dword ptr ss:[ebp-1C]
005D6575 . 64:890D 00000000 mov dword ptr fs:[0],ecx
005D657C . 5F pop edi
005D657D . 5E pop esi
005D657E . 5B pop ebx
005D657F . 8BE5 mov esp,ebp
005D6581 . 5D pop ebp
005D6582 . C2 0400 retn 4 ; 按f7后该返回了
005D6585 > FF15 F4124000 call dword ptr ds:[<&MSVBVM60.__vbaErrorOverfl>; MSVBVM60.__vbaErrorOverflow
005D658B . 90 nop
005D658C . 90 nop
005D658D . 90 nop
005D658E . 90 nop
005D658F . 90 nop
005D6590 $ 55 push ebp ; 开始时也要较验两次,看是否注册成功
005D6591 . 8BEC mov ebp,esp
005D6593 . 83EC 18 sub esp,18
005D6596 . 68 16974100 push <jmp.&MSVBVM60.__vbaExceptHandler> ; SE 处理程序安装
005D659B . 64:A1 00000000 mov eax,dword ptr fs:[0]
005D65A1 . 50 push eax
005D65A2 . 64:8925 00000000 mov dword ptr fs:[0],esp
005D65A9 . B8 74000000 mov eax,74
005D65AE . E8 5D31E4FF call <jmp.&MSVBVM60.__vbaChkstk>
005D65B3 . 53 push ebx
005D65B4 . 56 push esi
005D65B5 . 57 push edi
005D65B6 . 8965 E8 mov dword ptr ss:[ebp-18],esp
005D65B9 . C745 EC D0574100 mov dword ptr ss:[ebp-14],emu8086.004157D0
005D65C0 . C745 F0 00000000 mov dword ptr ss:[ebp-10],0
005D65C7 . C745 F4 00000000 mov dword ptr ss:[ebp-C],0
005D65CE . C745 FC 01000000 mov dword ptr ss:[ebp-4],1
005D65D5 . C745 FC 02000000 mov dword ptr ss:[ebp-4],2
005D65DC . 6A FF push -1
005D65DE . FF15 F8104000 call dword ptr ds:[<&MSVBVM60.__vbaOnError>] ; MSVBVM60.__vbaOnError
005D65E4 . C745 FC 03000000 mov dword ptr ss:[ebp-4],3
005D65EB . 8B45 0C mov eax,dword ptr ss:[ebp+C]
005D65EE . 8945 9C mov dword ptr ss:[ebp-64],eax
005D65F1 . C745 94 08400000 mov dword ptr ss:[ebp-6C],4008
005D65F8 . 8D4D 94 lea ecx,dword ptr ss:[ebp-6C]
005D65FB . 51 push ecx
005D65FC . 8D55 C4 lea edx,dword ptr ss:[ebp-3C]
005D65FF . 52 push edx
005D6600 . FF15 30114000 call dword ptr ds:[<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar
005D6606 . BA 74064500 mov edx,emu8086.00450674 ; 112
005D660B . 8D4D D4 lea ecx,dword ptr ss:[ebp-2C]
005D660E . FF15 28134000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ; MSVBVM60.__vbaStrCopy
005D6614 . 8D45 C4 lea eax,dword ptr ss:[ebp-3C]
005D6617 . 50 push eax
005D6618 . FF15 38104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarMove>>; MSVBVM60.__vbaStrVarMove
005D661E . 8BD0 mov edx,eax
005D6620 . 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
005D6623 . FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
005D6629 . 8D4D D4 lea ecx,dword ptr ss:[ebp-2C]
005D662C . 51 push ecx
005D662D . 8D55 D8 lea edx,dword ptr ss:[ebp-28]
005D6630 . 52 push edx
005D6631 . E8 DA8BEDFF call emu8086.004AF210
005D6636 . 66:8945 80 mov word ptr ss:[ebp-80],ax
005D663A . 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
005D663D . 50 push eax
005D663E . 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
005D6641 . 51 push ecx
005D6642 . 6A 02 push 2
005D6644 . FF15 44134000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStrList>; MSVBVM60.__vbaFreeStrList
005D664A . 83C4 0C add esp,0C
005D664D . 8D4D C4 lea ecx,dword ptr ss:[ebp-3C]
005D6650 . FF15 34104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar
005D6656 . 0FBF55 80 movsx edx,word ptr ss:[ebp-80]
005D665A . 85D2 test edx,edx
005D665C . 74 12 je short emu8086.005D6670
005D665E . C745 FC 04000000 mov dword ptr ss:[ebp-4],4
005D6665 . 66:C745 DC FFFF mov word ptr ss:[ebp-24],0FFFF
005D666B . E9 55020000 jmp emu8086.005D68C5
005D6670 > C745 FC 07000000 mov dword ptr ss:[ebp-4],7
005D6677 . 8B45 0C mov eax,dword ptr ss:[ebp+C]
005D667A . 8945 9C mov dword ptr ss:[ebp-64],eax
005D667D . C745 94 08400000 mov dword ptr ss:[ebp-6C],4008
005D6684 . 8D4D 94 lea ecx,dword ptr ss:[ebp-6C]
005D6687 . 51 push ecx
005D6688 . 8D55 C4 lea edx,dword ptr ss:[ebp-3C]
005D668B . 52 push edx
005D668C . FF15 30114000 call dword ptr ds:[<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar
005D6692 . BA 50084500 mov edx,emu8086.00450850 ; 27
005D6697 . 8D4D D4 lea ecx,dword ptr ss:[ebp-2C]
005D669A . FF15 28134000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ; MSVBVM60.__vbaStrCopy
005D66A0 . 8D45 C4 lea eax,dword ptr ss:[ebp-3C]
005D66A3 . 50 push eax
005D66A4 . FF15 38104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarMove>>; MSVBVM60.__vbaStrVarMove
005D66AA . 8BD0 mov edx,eax
005D66AC . 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
005D66AF . FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
005D66B5 . 8D4D D4 lea ecx,dword ptr ss:[ebp-2C]
005D66B8 . 51 push ecx
005D66B9 . 8D55 D8 lea edx,dword ptr ss:[ebp-28]
005D66BC . 52 push edx
005D66BD . E8 4E8BEDFF call emu8086.004AF210
005D66C2 . 66:8945 80 mov word ptr ss:[ebp-80],ax
005D66C6 . 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
005D66C9 . 50 push eax
005D66CA . 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
005D66CD . 51 push ecx
005D66CE . 6A 02 push 2
005D66D0 . FF15 44134000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStrList>; MSVBVM60.__vbaFreeStrList
005D66D6 . 83C4 0C add esp,0C
005D66D9 . 8D4D C4 lea ecx,dword ptr ss:[ebp-3C]
005D66DC . FF15 34104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar
005D66E2 . 0FBF55 80 movsx edx,word ptr ss:[ebp-80]
005D66E6 . 85D2 test edx,edx
005D66E8 . 74 12 je short emu8086.005D66FC
005D66EA . C745 FC 08000000 mov dword ptr ss:[ebp-4],8
005D66F1 . 66:C745 DC FFFF mov word ptr ss:[ebp-24],0FFFF
005D66F7 . E9 C9010000 jmp emu8086.005D68C5
005D66FC > C745 FC 0B000000 mov dword ptr ss:[ebp-4],0B
005D6703 . 6A 0D push 0D
005D6705 . 8D45 C4 lea eax,dword ptr ss:[ebp-3C]
005D6708 . 50 push eax
005D6709 . FF15 94124000 call dword ptr ds:[<&MSVBVM60.#608>] ; MSVBVM60.rtcVarBstrFromAnsi
005D670F . 6A 01 push 1
005D6711 . 6A FF push -1
005D6713 . 6A 01 push 1
005D6715 . 68 4C744300 push emu8086.0043744C
005D671A . 8D4D C4 lea ecx,dword ptr ss:[ebp-3C]
005D671D . 51 push ecx
005D671E . 8D55 D8 lea edx,dword ptr ss:[ebp-28]
005D6721 . 52 push edx
005D6722 . FF15 C4124000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarVal>] ; MSVBVM60.__vbaStrVarVal
005D6728 . 50 push eax
005D6729 . 8B45 0C mov eax,dword ptr ss:[ebp+C]
005D672C . 8B08 mov ecx,dword ptr ds:[eax]
005D672E . 51 push ecx
005D672F . FF15 68124000 call dword ptr ds:[<&MSVBVM60.#712>] ; MSVBVM60.rtcReplace
005D6735 . 8BD0 mov edx,eax
005D6737 . 8B4D 0C mov ecx,dword ptr ss:[ebp+C]
005D673A . FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
005D6740 . 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
005D6743 . FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
005D6749 . 8D4D C4 lea ecx,dword ptr ss:[ebp-3C]
005D674C . FF15 34104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar
005D6752 . C745 FC 0C000000 mov dword ptr ss:[ebp-4],0C
005D6759 . 6A 0A push 0A
005D675B . 8D55 C4 lea edx,dword ptr ss:[ebp-3C]
005D675E . 52 push edx
005D675F . FF15 94124000 call dword ptr ds:[<&MSVBVM60.#608>] ; MSVBVM60.rtcVarBstrFromAnsi
005D6765 . 6A 01 push 1
005D6767 . 6A FF push -1
005D6769 . 6A 01 push 1
005D676B . 68 4C744300 push emu8086.0043744C
005D6770 . 8D45 C4 lea eax,dword ptr ss:[ebp-3C]
005D6773 . 50 push eax
005D6774 . 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
005D6777 . 51 push ecx
005D6778 . FF15 C4124000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarVal>] ; MSVBVM60.__vbaStrVarVal
005D677E . 50 push eax
005D677F . 8B55 0C mov edx,dword ptr ss:[ebp+C]
005D6782 . 8B02 mov eax,dword ptr ds:[edx]
005D6784 . 50 push eax
005D6785 . FF15 68124000 call dword ptr ds:[<&MSVBVM60.#712>] ; MSVBVM60.rtcReplace
005D678B . 8BD0 mov edx,eax
005D678D . 8B4D 0C mov ecx,dword ptr ss:[ebp+C]
005D6790 . FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
005D6796 . 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
005D6799 . FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
005D679F . 8D4D C4 lea ecx,dword ptr ss:[ebp-3C]
005D67A2 . FF15 34104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar
005D67A8 . C745 FC 0D000000 mov dword ptr ss:[ebp-4],0D
005D67AF . 6A 01 push 1
005D67B1 . 6A FF push -1
005D67B3 . 6A 01 push 1
005D67B5 . 68 4C744300 push emu8086.0043744C
005D67BA . 68 E0E74300 push emu8086.0043E7E0 ; -
005D67BF . 8B4D 0C mov ecx,dword ptr ss:[ebp+C]
005D67C2 . 8B11 mov edx,dword ptr ds:[ecx]
005D67C4 . 52 push edx
005D67C5 . FF15 68124000 call dword ptr ds:[<&MSVBVM60.#712>] ; MSVBVM60.rtcReplace
005D67CB . 8BD0 mov edx,eax
005D67CD . 8B4D 0C mov ecx,dword ptr ss:[ebp+C]
005D67D0 . FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
005D67D6 . C745 FC 0E000000 mov dword ptr ss:[ebp-4],0E
005D67DD . 6A 01 push 1
005D67DF . 6A FF push -1
005D67E1 . 6A 01 push 1
005D67E3 . 68 749E4300 push emu8086.00439E74 ; 0
005D67E8 . 68 20E94300 push emu8086.0043E920 ; O
005D67ED . 8B45 0C mov eax,dword ptr ss:[ebp+C]
005D67F0 . 8B08 mov ecx,dword ptr ds:[eax]
005D67F2 . 51 push ecx
005D67F3 . FF15 68124000 call dword ptr ds:[<&MSVBVM60.#712>] ; MSVBVM60.rtcReplace
005D67F9 . 8BD0 mov edx,eax
005D67FB . 8B4D 0C mov ecx,dword ptr ss:[ebp+C]
005D67FE . FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
005D6804 . C745 FC 0F000000 mov dword ptr ss:[ebp-4],0F
005D680B . 6A 01 push 1
005D680D . 6A FF push -1
005D680F . 6A 01 push 1
005D6811 . 68 D0A04300 push emu8086.0043A0D0 ; 1
005D6816 . 68 0C044500 push emu8086.0045040C ; I
005D681B . 8B55 0C mov edx,dword ptr ss:[ebp+C]
005D681E . 8B02 mov eax,dword ptr ds:[edx]
005D6820 . 50 push eax
005D6821 . FF15 68124000 call dword ptr ds:[<&MSVBVM60.#712>] ; MSVBVM60.rtcReplace
005D6827 . 8BD0 mov edx,eax
005D6829 . 8B4D 0C mov ecx,dword ptr ss:[ebp+C]
005D682C . FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
005D6832 . C745 FC 10000000 mov dword ptr ss:[ebp-4],10
005D6839 . 8B4D 0C mov ecx,dword ptr ss:[ebp+C]
005D683C . 8B11 mov edx,dword ptr ds:[ecx]
005D683E . 8955 9C mov dword ptr ss:[ebp-64],edx
005D6841 . C745 94 08000000 mov dword ptr ss:[ebp-6C],8
005D6848 . 8B45 10 mov eax,dword ptr ss:[ebp+10]
005D684B . 50 push eax
005D684C . 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
005D684F . 8B11 mov edx,dword ptr ds:[ecx]
005D6851 . 52 push edx
005D6852 . 8D45 C4 lea eax,dword ptr ss:[ebp-3C]
005D6855 . 50 push eax
005D6856 . E8 B5000000 call emu8086.005D6910 ; 这个是算法call
005D685B . C745 8C 00000000 mov dword ptr ss:[ebp-74],0 ; 返回来了
005D6862 . C745 84 02800000 mov dword ptr ss:[ebp-7C],8002 ; 这个软件只要注册表中注册成功或reg.ini成功一样就OK了
005D6869 . 6A 01 push 1 ; 因此它判断两次,算法也算两次
005D686B . 8D4D 94 lea ecx,dword ptr ss:[ebp-6C]
005D686E . 51 push ecx
005D686F . 8D55 C4 lea edx,dword ptr ss:[ebp-3C]
005D6872 . 52 push edx
005D6873 . 6A 01 push 1
005D6875 . 8D45 B4 lea eax,dword ptr ss:[ebp-4C]
005D6878 . 50 push eax
005D6879 . FF15 B8124000 call dword ptr ds:[<&MSVBVM60.__vbaInStrVar>] ; MSVBVM60.__vbaInStrVar
005D687F . 50 push eax
005D6880 . 8D4D 84 lea ecx,dword ptr ss:[ebp-7C]
005D6883 . 51 push ecx
005D6884 . FF15 04104000 call dword ptr ds:[<&MSVBVM60.__vbaVarTstGt>] ; MSVBVM60.__vbaVarTstGt
005D688A . 66:8945 80 mov word ptr ss:[ebp-80],ax
005D688E . 8D55 B4 lea edx,dword ptr ss:[ebp-4C]
005D6891 . 52 push edx
005D6892 . 8D45 C4 lea eax,dword ptr ss:[ebp-3C]
005D6895 . 50 push eax
005D6896 . 6A 02 push 2
005D6898 . FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>; MSVBVM60.__vbaFreeVarList
005D689E . 83C4 0C add esp,0C
005D68A1 . 0FBF4D 80 movsx ecx,word ptr ss:[ebp-80]
005D68A5 . 85C9 test ecx,ecx
005D68A7 . 74 0F je short emu8086.005D68B8
005D68A9 . C745 FC 11000000 mov dword ptr ss:[ebp-4],11
005D68B0 . 66:C745 DC FFFF mov word ptr ss:[ebp-24],0FFFF
005D68B6 . EB 0D jmp short emu8086.005D68C5
005D68B8 > C745 FC 13000000 mov dword ptr ss:[ebp-4],13
005D68BF . 66:C745 DC 0000 mov word ptr ss:[ebp-24],0
005D68C5 > 68 F8685D00 push emu8086.005D68F8
005D68CA . EB 2B jmp short emu8086.005D68F7
005D68CC . 8D55 D4 lea edx,dword ptr ss:[ebp-2C]
005D68CF . 52 push edx
005D68D0 . 8D45 D8 lea eax,dword ptr ss:[ebp-28]
005D68D3 . 50 push eax
005D68D4 . 6A 02 push 2
005D68D6 . FF15 44134000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStrList>; MSVBVM60.__vbaFreeStrList
005D68DC . 83C4 0C add esp,0C
005D68DF . 8D4D A4 lea ecx,dword ptr ss:[ebp-5C]
005D68E2 . 51 push ecx
005D68E3 . 8D55 B4 lea edx,dword ptr ss:[ebp-4C]
005D68E6 . 52 push edx
005D68E7 . 8D45 C4 lea eax,dword ptr ss:[ebp-3C]
005D68EA . 50 push eax
005D68EB . 6A 03 push 3
005D68ED . FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>; MSVBVM60.__vbaFreeVarList
005D68F3 . 83C4 10 add esp,10
005D68F6 . C3 retn
005D68F7 > C3 retn ; RET 用作跳转到 005D68F8
005D68F8 > 66:8B45 DC mov ax,word ptr ss:[ebp-24]
005D68FC . 8B4D E0 mov ecx,dword ptr ss:[ebp-20]
005D68FF . 64:890D 00000000 mov dword ptr fs:[0],ecx
005D6906 . 5F pop edi
005D6907 . 5E pop esi
005D6908 . 5B pop ebx
005D6909 . 8BE5 mov esp,ebp
005D690B . 5D pop ebp
005D690C . C2 0C00 retn 0C ; 要返回去了。。。下面的语句就开始算法了
---------------------------算法call-----------------------------------
005D6910 $ 55 push ebp ; 开始时候判断是否注册,检查注册表和reg.ini文件,算法就在这儿了
005D6911 . 8BEC mov ebp,esp
005D6913 . 83EC 18 sub esp,18
005D6916 . 68 16974100 push <jmp.&MSVBVM60.__vbaExceptHandler> ; SE 处理程序安装
005D691B . 64:A1 00000000 mov eax,dword ptr fs:[0]
005D6921 . 50 push eax
005D6922 . 64:8925 00000000 mov dword ptr fs:[0],esp
005D6929 . B8 B8000000 mov eax,0B8
005D692E . E8 DD2DE4FF call <jmp.&MSVBVM60.__vbaChkstk>
005D6933 . 53 push ebx
005D6934 . 56 push esi
005D6935 . 57 push edi
005D6936 . 8965 E8 mov dword ptr ss:[ebp-18],esp
005D6939 . C745 EC 48584100 mov dword ptr ss:[ebp-14],emu8086.00415848
005D6940 . C745 F0 00000000 mov dword ptr ss:[ebp-10],0
005D6947 . C745 F4 00000000 mov dword ptr ss:[ebp-C],0
005D694E . C745 FC 01000000 mov dword ptr ss:[ebp-4],1
005D6955 . 8B55 0C mov edx,dword ptr ss:[ebp+C]
005D6958 . 8D4D C8 lea ecx,dword ptr ss:[ebp-38]
005D695B . FF15 28134000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ; MSVBVM60.__vbaStrCopy
005D6961 . C745 FC 02000000 mov dword ptr ss:[ebp-4],2
005D6968 . 6A FF push -1
005D696A . FF15 F8104000 call dword ptr ds:[<&MSVBVM60.__vbaOnError>] ; MSVBVM60.__vbaOnError
005D6970 . C745 FC 03000000 mov dword ptr ss:[ebp-4],3
005D6977 . BA 1C0A4500 mov edx,emu8086.00450A1C ; ABCDEFGHIJKLMNOPQRSTUVWXYZ
005D697C . 8D4D A4 lea ecx,dword ptr ss:[ebp-5C]
005D697F . FF15 28134000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ; MSVBVM60.__vbaStrCopy
005D6985 . C745 FC 04000000 mov dword ptr ss:[ebp-4],4
005D698C . BA 580A4500 mov edx,emu8086.00450A58 ; QW10PASDFGHJKLZXCVBNMERTYU
005D6991 . 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
005D6994 . FF15 28134000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ; MSVBVM60.__vbaStrCopy
005D699A . C745 FC 05000000 mov dword ptr ss:[ebp-4],5
005D69A1 . BA 940A4500 mov edx,emu8086.00450A94 ; Z9RTASDF01823ASJFSD1234346GFHPLMASDR613412QWERX
005D69A6 . 8D4D D4 lea ecx,dword ptr ss:[ebp-2C]
005D69A9 . FF15 28134000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ; MSVBVM60.__vbaStrCopy
005D69AF . C745 FC 06000000 mov dword ptr ss:[ebp-4],6
005D69B6 . BA F80A4500 mov edx,emu8086.00450AF8 ; JKASERKKN837C3FRTQZX
005D69BB . 8D4D B0 lea ecx,dword ptr ss:[ebp-50]
005D69BE . FF15 28134000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ; MSVBVM60.__vbaStrCopy
005D69C4 . C745 FC 07000000 mov dword ptr ss:[ebp-4],7
005D69CB . BA 4C744300 mov edx,emu8086.0043744C
005D69D0 . 8D4D B4 lea ecx,dword ptr ss:[ebp-4C]
005D69D3 . FF15 28134000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ; MSVBVM60.__vbaStrCopy
005D69D9 . C745 FC 08000000 mov dword ptr ss:[ebp-4],8
005D69E0 . 8D45 C8 lea eax,dword ptr ss:[ebp-38]
005D69E3 . 8985 6CFFFFFF mov dword ptr ss:[ebp-94],eax
005D69E9 . C785 64FFFFFF 08400000 mov dword ptr ss:[ebp-9C],4008
005D69F3 . 8D8D 64FFFFFF lea ecx,dword ptr ss:[ebp-9C]
005D69F9 . 51 push ecx
005D69FA . 8D55 94 lea edx,dword ptr ss:[ebp-6C]
005D69FD . 52 push edx
005D69FE . FF15 90114000 call dword ptr ds:[<&MSVBVM60.#528>] ; MSVBVM60.rtcUpperCaseVar
005D6A04 . 8D45 94 lea eax,dword ptr ss:[ebp-6C] ; 应该是从第6位开始截取吧?截了4位即6789
005D6A07 . 50 push eax
005D6A08 . FF15 38104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarMove>>; MSVBVM60.__vbaStrVarMove
005D6A0E . 8BD0 mov edx,eax
005D6A10 . 8D4D A8 lea ecx,dword ptr ss:[ebp-58]
005D6A13 . FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
005D6A19 . 8D4D 94 lea ecx,dword ptr ss:[ebp-6C]
005D6A1C . FF15 34104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar
005D6A22 . C745 FC 09000000 mov dword ptr ss:[ebp-4],9
005D6A29 . 8D4D A8 lea ecx,dword ptr ss:[ebp-58]
005D6A2C . 51 push ecx
005D6A2D . E8 1EDCF6FF call emu8086.00544650 ; EAX中出现03,"RKN" 首次见到数据
005D6A32 . 8BD0 mov edx,eax
005D6A34 . 8D4D A8 lea ecx,dword ptr ss:[ebp-58]
005D6A37 . FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
005D6A3D . C745 FC 0A000000 mov dword ptr ss:[ebp-4],0A
005D6A44 . 66:C745 DC 0100 mov word ptr ss:[ebp-24],1
005D6A4A . C745 FC 0B000000 mov dword ptr ss:[ebp-4],0B
005D6A51 . 66:C745 CC 0100 mov word ptr ss:[ebp-34],1
005D6A57 . C745 FC 0C000000 mov dword ptr ss:[ebp-4],0C
005D6A5E . 66:C745 AC 0000 mov word ptr ss:[ebp-54],0
005D6A64 > C745 FC 0D000000 mov dword ptr ss:[ebp-4],0D ; 循环1的开始,下面结尾是在005D6D80
005D6A6B . 0FBF75 DC movsx esi,word ptr ss:[ebp-24] ; 循环1 装入一大堆固定的字符串拼起来
005D6A6F . 8B55 A8 mov edx,dword ptr ss:[ebp-58]
005D6A72 . 52 push edx
005D6A73 . FF15 3C104000 call dword ptr ds:[<&MSVBVM60.__vbaLenBstr>] ; MSVBVM60.__vbaLenBstr
005D6A79 . 33DB xor ebx,ebx
005D6A7B . 3BF0 cmp esi,eax
005D6A7D . 0F9FC3 setg bl
005D6A80 . 0FBF75 CC movsx esi,word ptr ss:[ebp-34]
005D6A84 . 8B45 B0 mov eax,dword ptr ss:[ebp-50]
005D6A87 . 50 push eax ; EAX中的值为:JKASERKKN837C3FRTQZX
005D6A88 . FF15 3C104000 call dword ptr ds:[<&MSVBVM60.__vbaLenBstr>] ; MSVBVM60.__vbaLenBstr
005D6A8E . 33C9 xor ecx,ecx
005D6A90 . 3BF0 cmp esi,eax
005D6A92 . 0F9FC1 setg cl
005D6A95 . 0BD9 or ebx,ecx
005D6A97 . 85DB test ebx,ebx
005D6A99 . 0F85 E6020000 jnz emu8086.005D6D85 ; 此跳转实现过
005D6A9F . C745 FC 0E000000 mov dword ptr ss:[ebp-4],0E
005D6AA6 . 8B55 A4 mov edx,dword ptr ss:[ebp-5C]
005D6AA9 . 8995 4CFFFFFF mov dword ptr ss:[ebp-B4],edx
005D6AAF . C785 44FFFFFF 08000000 mov dword ptr ss:[ebp-BC],8
005D6AB9 . C745 9C 01000000 mov dword ptr ss:[ebp-64],1
005D6AC0 . C745 94 02000000 mov dword ptr ss:[ebp-6C],2
005D6AC7 . 8D45 A8 lea eax,dword ptr ss:[ebp-58]
005D6ACA . 8985 6CFFFFFF mov dword ptr ss:[ebp-94],eax
005D6AD0 . C785 64FFFFFF 08400000 mov dword ptr ss:[ebp-9C],4008
005D6ADA . 8D4D 94 lea ecx,dword ptr ss:[ebp-6C]
005D6ADD . 51 push ecx
005D6ADE . 0FBF55 DC movsx edx,word ptr ss:[ebp-24]
005D6AE2 . 52 push edx
005D6AE3 . 8D85 64FFFFFF lea eax,dword ptr ss:[ebp-9C]
005D6AE9 . 50 push eax
005D6AEA . 8D4D 84 lea ecx,dword ptr ss:[ebp-7C]
005D6AED . 51 push ecx
005D6AEE . FF15 70114000 call dword ptr ds:[<&MSVBVM60.#632>] ; MSVBVM60.rtcMidCharVar
005D6AF4 . 6A 01 push 1
005D6AF6 . 8D95 44FFFFFF lea edx,dword ptr ss:[ebp-BC]
005D6AFC . 52 push edx
005D6AFD . 8D45 84 lea eax,dword ptr ss:[ebp-7C]
005D6B00 . 50 push eax
005D6B01 . 6A 00 push 0
005D6B03 . 8D8D 74FFFFFF lea ecx,dword ptr ss:[ebp-8C]
005D6B09 . 51 push ecx
005D6B0A . FF15 B8124000 call dword ptr ds:[<&MSVBVM60.__vbaInStrVar>] ; MSVBVM60.__vbaInStrVar
005D6B10 . 50 push eax
005D6B11 . FF15 DC124000 call dword ptr ds:[<&MSVBVM60.__vbaI2Var>] ; MSVBVM60.__vbaI2Var
005D6B17 . 66:8945 D0 mov word ptr ss:[ebp-30],ax
005D6B1B . 8D95 74FFFFFF lea edx,dword ptr ss:[ebp-8C]
005D6B21 . 52 push edx
005D6B22 . 8D45 84 lea eax,dword ptr ss:[ebp-7C]
005D6B25 . 50 push eax
005D6B26 . 8D4D 94 lea ecx,dword ptr ss:[ebp-6C]
005D6B29 . 51 push ecx
005D6B2A . 6A 03 push 3
005D6B2C . FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>; MSVBVM60.__vbaFreeVarList
005D6B32 . 83C4 10 add esp,10
005D6B35 . C745 FC 0F000000 mov dword ptr ss:[ebp-4],0F
005D6B3C . 66:837D D0 00 cmp word ptr ss:[ebp-30],0
005D6B41 . 0F8E DB010000 jle emu8086.005D6D22 ; 此处跳向005D6D22 已实现
005D6B47 . C745 FC 10000000 mov dword ptr ss:[ebp-4],10
005D6B4E . 66:837D AC 01 cmp word ptr ss:[ebp-54],1
005D6B53 . 0F85 AB000000 jnz emu8086.005D6C04
005D6B59 . C745 FC 11000000 mov dword ptr ss:[ebp-4],11
005D6B60 . 8B55 B4 mov edx,dword ptr ss:[ebp-4C]
005D6B63 . 8995 4CFFFFFF mov dword ptr ss:[ebp-B4],edx
005D6B69 . C785 44FFFFFF 08000000 mov dword ptr ss:[ebp-BC],8
005D6B73 . C745 9C 01000000 mov dword ptr ss:[ebp-64],1
005D6B7A . C745 94 02000000 mov dword ptr ss:[ebp-6C],2
005D6B81 . 8D45 D8 lea eax,dword ptr ss:[ebp-28]
005D6B84 . 8985 6CFFFFFF mov dword ptr ss:[ebp-94],eax
005D6B8A . C785 64FFFFFF 08400000 mov dword ptr ss:[ebp-9C],4008
005D6B94 . 8D4D 94 lea ecx,dword ptr ss:[ebp-6C]
005D6B97 . 51 push ecx
005D6B98 . 0FBF55 D0 movsx edx,word ptr ss:[ebp-30]
005D6B9C . 52 push edx
005D6B9D . 8D85 64FFFFFF lea eax,dword ptr ss:[ebp-9C]
005D6BA3 . 50 push eax
005D6BA4 . 8D4D 84 lea ecx,dword ptr ss:[ebp-7C]
005D6BA7 . 51 push ecx
005D6BA8 . FF15 70114000 call dword ptr ds:[<&MSVBVM60.#632>] ; MSVBVM60.rtcMidCharVar
005D6BAE . 8D95 44FFFFFF lea edx,dword ptr ss:[ebp-BC]
005D6BB4 . 52 push edx
005D6BB5 . 8D45 84 lea eax,dword ptr ss:[ebp-7C]
005D6BB8 . 50 push eax
005D6BB9 . 8D8D 74FFFFFF lea ecx,dword ptr ss:[ebp-8C]
005D6BBF . 51 push ecx
005D6BC0 . FF15 D0124000 call dword ptr ds:[<&MSVBVM60.__vbaVarCat>] ; MSVBVM60.__vbaVarCat
005D6BC6 . 50 push eax
005D6BC7 . FF15 38104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarMove>>; MSVBVM60.__vbaStrVarMove
005D6BCD . 8BD0 mov edx,eax
005D6BCF . 8D4D B4 lea ecx,dword ptr ss:[ebp-4C]
005D6BD2 . FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
005D6BD8 . 8D95 74FFFFFF lea edx,dword ptr ss:[ebp-8C]
005D6BDE . 52 push edx
005D6BDF . 8D45 84 lea eax,dword ptr ss:[ebp-7C]
005D6BE2 . 50 push eax
005D6BE3 . 8D4D 94 lea ecx,dword ptr ss:[ebp-6C]
005D6BE6 . 51 push ecx
005D6BE7 . 6A 03 push 3
005D6BE9 . FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>; MSVBVM60.__vbaFreeVarList
005D6BEF . 83C4 10 add esp,10
005D6BF2 . C745 FC 12000000 mov dword ptr ss:[ebp-4],12
005D6BF9 . 66:C745 AC 0000 mov word ptr ss:[ebp-54],0
005D6BFF . E9 A6000000 jmp emu8086.005D6CAA
005D6C04 > C745 FC 14000000 mov dword ptr ss:[ebp-4],14
005D6C0B . 8B55 B4 mov edx,dword ptr ss:[ebp-4C]
005D6C0E . 8995 4CFFFFFF mov dword ptr ss:[ebp-B4],edx
005D6C14 . C785 44FFFFFF 08000000 mov dword ptr ss:[ebp-BC],8
005D6C1E . C745 9C 01000000 mov dword ptr ss:[ebp-64],1
005D6C25 . C745 94 02000000 mov dword ptr ss:[ebp-6C],2
005D6C2C . 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
005D6C2F . 8985 6CFFFFFF mov dword ptr ss:[ebp-94],eax
005D6C35 . C785 64FFFFFF 08400000 mov dword ptr ss:[ebp-9C],4008
005D6C3F . 8D4D 94 lea ecx,dword ptr ss:[ebp-6C]
005D6C42 . 51 push ecx
005D6C43 . 0FBF55 D0 movsx edx,word ptr ss:[ebp-30]
005D6C47 . 52 push edx
005D6C48 . 8D85 64FFFFFF lea eax,dword ptr ss:[ebp-9C]
005D6C4E . 50 push eax
005D6C4F . 8D4D 84 lea ecx,dword ptr ss:[ebp-7C]
005D6C52 . 51 push ecx
005D6C53 . FF15 70114000 call dword ptr ds:[<&MSVBVM60.#632>] ; MSVBVM60.rtcMidCharVar
005D6C59 . 8D95 44FFFFFF lea edx,dword ptr ss:[ebp-BC]
005D6C5F . 52 push edx
005D6C60 . 8D45 84 lea eax,dword ptr ss:[ebp-7C]
005D6C63 . 50 push eax
005D6C64 . 8D8D 74FFFFFF lea ecx,dword ptr ss:[ebp-8C]
005D6C6A . 51 push ecx
005D6C6B . FF15 D0124000 call dword ptr ds:[<&MSVBVM60.__vbaVarCat>] ; MSVBVM60.__vbaVarCat
005D6C71 . 50 push eax
005D6C72 . FF15 38104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarMove>>; MSVBVM60.__vbaStrVarMove
005D6C78 . 8BD0 mov edx,eax
005D6C7A . 8D4D B4 lea ecx,dword ptr ss:[ebp-4C]
005D6C7D . FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
005D6C83 . 8D95 74FFFFFF lea edx,dword ptr ss:[ebp-8C]
005D6C89 . 52 push edx
005D6C8A . 8D45 84 lea eax,dword ptr ss:[ebp-7C]
005D6C8D . 50 push eax
005D6C8E . 8D4D 94 lea ecx,dword ptr ss:[ebp-6C]
005D6C91 . 51 push ecx
005D6C92 . 6A 03 push 3
005D6C94 . FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>; MSVBVM60.__vbaFreeVarList
005D6C9A . 83C4 10 add esp,10
005D6C9D . C745 FC 15000000 mov dword ptr ss:[ebp-4],15
005D6CA4 . 66:C745 AC 0100 mov word ptr ss:[ebp-54],1
005D6CAA > C745 FC 17000000 mov dword ptr ss:[ebp-4],17
005D6CB1 . 66:8B55 CC mov dx,word ptr ss:[ebp-34]
005D6CB5 . 66:83C2 01 add dx,1
005D6CB9 . 0F80 DD020000 jo emu8086.005D6F9C
005D6CBF . 66:8955 CC mov word ptr ss:[ebp-34],dx
005D6CC3 . C745 FC 18000000 mov dword ptr ss:[ebp-4],18
005D6CCA . 8D45 D8 lea eax,dword ptr ss:[ebp-28]
005D6CCD . 50 push eax
005D6CCE . E8 DD020000 call emu8086.005D6FB0
005D6CD3 . 8BD0 mov edx,eax
005D6CD5 . 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
005D6CD8 . FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
005D6CDE . C745 FC 19000000 mov dword ptr ss:[ebp-4],19
005D6CE5 . 8D4D D4 lea ecx,dword ptr ss:[ebp-2C]
005D6CE8 . 51 push ecx
005D6CE9 . E8 C2020000 call emu8086.005D6FB0
005D6CEE . 8BD0 mov edx,eax
005D6CF0 . 8D4D D4 lea ecx,dword ptr ss:[ebp-2C]
005D6CF3 . FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
005D6CF9 . C745 FC 1A000000 mov dword ptr ss:[ebp-4],1A
005D6D00 . 66:837D AC 01 cmp word ptr ss:[ebp-54],1
005D6D05 . 75 1B jnz short emu8086.005D6D22
005D6D07 . C745 FC 1B000000 mov dword ptr ss:[ebp-4],1B
005D6D0E . 8D55 D8 lea edx,dword ptr ss:[ebp-28]
005D6D11 . 52 push edx
005D6D12 . E8 99020000 call emu8086.005D6FB0
005D6D17 . 8BD0 mov edx,eax
005D6D19 . 8D4D D8 lea ecx,dword ptr ss:[ebp-28]
005D6D1C . FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
005D6D22 > C745 FC 1E000000 mov dword ptr ss:[ebp-4],1E
005D6D29 . 8D45 B0 lea eax,dword ptr ss:[ebp-50]
005D6D2C . 50 push eax ; 让EAX进栈
005D6D2D . E8 7E020000 call emu8086.005D6FB0
005D6D32 . 8BD0 mov edx,eax ; 把EAX中的值赋给EDX
005D6D34 . 8D4D B0 lea ecx,dword ptr ss:[ebp-50]
005D6D37 . FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
005D6D3D . C745 FC 1F000000 mov dword ptr ss:[ebp-4],1F
005D6D44 . 0FBF4D AC movsx ecx,word ptr ss:[ebp-54]
005D6D48 . 85C9 test ecx,ecx
005D6D4A . 75 1B jnz short emu8086.005D6D67
005D6D4C . C745 FC 20000000 mov dword ptr ss:[ebp-4],20
005D6D53 . 8D55 B0 lea edx,dword ptr ss:[ebp-50]
005D6D56 . 52 push edx
005D6D57 . E8 54020000 call emu8086.005D6FB0
005D6D5C . 8BD0 mov edx,eax
005D6D5E . 8D4D B0 lea ecx,dword ptr ss:[ebp-50]
005D6D61 . FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
005D6D67 > C745 FC 22000000 mov dword ptr ss:[ebp-4],22
005D6D6E . 66:8B45 DC mov ax,word ptr ss:[ebp-24]
005D6D72 . 66:05 0100 add ax,1
005D6D76 . 0F80 20020000 jo emu8086.005D6F9C
005D6D7C . 66:8945 DC mov word ptr ss:[ebp-24],ax
005D6D80 .^ E9 DFFCFFFF jmp emu8086.005D6A64 ; 循环1的结尾,跳向005D6A64
005D6D85 > C745 FC 24000000 mov dword ptr ss:[ebp-4],24 ; 循环2的开始
005D6D8C . 0FBF75 CC movsx esi,word ptr ss:[ebp-34]
005D6D90 . 8B4D B0 mov ecx,dword ptr ss:[ebp-50] ; 循环2就能看到些希望了
005D6D93 . 51 push ecx
005D6D94 . FF15 3C104000 call dword ptr ds:[<&MSVBVM60.__vbaLenBstr>] ; MSVBVM60.__vbaLenBstr
005D6D9A . 3BF0 cmp esi,eax
005D6D9C . 0F8F B7000000 jg emu8086.005D6E59
005D6DA2 . C745 FC 25000000 mov dword ptr ss:[ebp-4],25
005D6DA9 . 8B55 B4 mov edx,dword ptr ss:[ebp-4C]
005D6DAC . 8995 4CFFFFFF mov dword ptr ss:[ebp-B4],edx
005D6DB2 . C785 44FFFFFF 08000000 mov dword ptr ss:[ebp-BC],8
005D6DBC . C745 9C 01000000 mov dword ptr ss:[ebp-64],1
005D6DC3 . C745 94 02000000 mov dword ptr ss:[ebp-6C],2
005D6DCA . 8D45 B0 lea eax,dword ptr ss:[ebp-50]
005D6DCD . 8985 6CFFFFFF mov dword ptr ss:[ebp-94],eax
005D6DD3 . C785 64FFFFFF 08400000 mov dword ptr ss:[ebp-9C],4008
005D6DDD . 8D4D 94 lea ecx,dword ptr ss:[ebp-6C]
005D6DE0 . 51 push ecx
005D6DE1 . 0FBF55 CC movsx edx,word ptr ss:[ebp-34]
005D6DE5 . 52 push edx
005D6DE6 . 8D85 64FFFFFF lea eax,dword ptr ss:[ebp-9C]
005D6DEC . 50 push eax
005D6DED . 8D4D 84 lea ecx,dword ptr ss:[ebp-7C]
005D6DF0 . 51 push ecx
005D6DF1 . FF15 70114000 call dword ptr ds:[<&MSVBVM60.#632>] ; MSVBVM60.rtcMidCharVar
005D6DF7 . 8D95 44FFFFFF lea edx,dword ptr ss:[ebp-BC]
005D6DFD . 52 push edx
005D6DFE . 8D45 84 lea eax,dword ptr ss:[ebp-7C]
005D6E01 . 50 push eax
005D6E02 . 8D8D 74FFFFFF lea ecx,dword ptr ss:[ebp-8C]
005D6E08 . 51 push ecx
005D6E09 . FF15 D0124000 call dword ptr ds:[<&MSVBVM60.__vbaVarCat>] ; MSVBVM60.__vbaVarCat
005D6E0F . 50 push eax
005D6E10 . FF15 38104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarMove>>; MSVBVM60.__vbaStrVarMove
005D6E16 . 8BD0 mov edx,eax
005D6E18 . 8D4D B4 lea ecx,dword ptr ss:[ebp-4C]
005D6E1B . FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
005D6E21 . 8D95 74FFFFFF lea edx,dword ptr ss:[ebp-8C]
005D6E27 . 52 push edx
005D6E28 . 8D45 84 lea eax,dword ptr ss:[ebp-7C]
005D6E2B . 50 push eax
005D6E2C . 8D4D 94 lea ecx,dword ptr ss:[ebp-6C]
005D6E2F . 51 push ecx
005D6E30 . 6A 03 push 3
005D6E32 . FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>; MSVBVM60.__vbaFreeVarList
005D6E38 . 83C4 10 add esp,10
005D6E3B . C745 FC 26000000 mov dword ptr ss:[ebp-4],26
005D6E42 . 66:8B55 CC mov dx,word ptr ss:[ebp-34]
005D6E46 . 66:83C2 01 add dx,1
005D6E4A . 0F80 4C010000 jo emu8086.005D6F9C
005D6E50 . 66:8955 CC mov word ptr ss:[ebp-34],dx
005D6E54 .^ E9 2CFFFFFF jmp emu8086.005D6D85 ; 循环2的结尾
005D6E59 > C745 FC 28000000 mov dword ptr ss:[ebp-4],28
005D6E60 . 8B45 10 mov eax,dword ptr ss:[ebp+10]
005D6E63 . 66:8B08 mov cx,word ptr ds:[eax]
005D6E66 . 66:83E9 01 sub cx,1
005D6E6A . 0F80 2C010000 jo emu8086.005D6F9C
005D6E70 . 66:898D 3CFFFFFF mov word ptr ss:[ebp-C4],cx
005D6E77 . 66:C785 40FFFFFF 0100 mov word ptr ss:[ebp-C0],1
005D6E80 . 66:C745 DC 0100 mov word ptr ss:[ebp-24],1
005D6E86 . EB 15 jmp short emu8086.005D6E9D
005D6E88 > 66:8B55 DC mov dx,word ptr ss:[ebp-24] ; 循环3开始
005D6E8C . 66:0395 40FFFFFF add dx,word ptr ss:[ebp-C0] ; 循环3 当然是最后整理注册码了
005D6E93 . 0F80 03010000 jo emu8086.005D6F9C
005D6E99 . 66:8955 DC mov word ptr ss:[ebp-24],dx
005D6E9D > 66:8B45 DC mov ax,word ptr ss:[ebp-24]
005D6EA1 . 66:3B85 3CFFFFFF cmp ax,word ptr ss:[ebp-C4]
005D6EA8 . 7F 24 jg short emu8086.005D6ECE
005D6EAA . C745 FC 29000000 mov dword ptr ss:[ebp-4],29
005D6EB1 . 8D4D B4 lea ecx,dword ptr ss:[ebp-4C]
005D6EB4 . 51 push ecx
005D6EB5 . E8 F6000000 call emu8086.005D6FB0
005D6EBA . 8BD0 mov edx,eax
005D6EBC . 8D4D B4 lea ecx,dword ptr ss:[ebp-4C]
005D6EBF . FF15 D0134000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ; MSVBVM60.__vbaStrMove
005D6EC5 . C745 FC 2A000000 mov dword ptr ss:[ebp-4],2A
005D6ECC .^ EB BA jmp short emu8086.005D6E88 ; 循环3结尾
005D6ECE > C745 FC 2B000000 mov dword ptr ss:[ebp-4],2B
005D6ED5 . 8B55 B4 mov edx,dword ptr ss:[ebp-4C]
005D6ED8 . 8995 6CFFFFFF mov dword ptr ss:[ebp-94],edx
005D6EDE . C785 64FFFFFF 08000000 mov dword ptr ss:[ebp-9C],8
005D6EE8 . 8D95 64FFFFFF lea edx,dword ptr ss:[ebp-9C]
005D6EEE . 8D4D B8 lea ecx,dword ptr ss:[ebp-48]
005D6EF1 . FF15 B0134000 call dword ptr ds:[<&MSVBVM60.__vbaVarCopy>] ; MSVBVM60.__vbaVarCopy
005D6EF7 . 68 6C6F5D00 push emu8086.005D6F6C
005D6EFC . EB 2E jmp short emu8086.005D6F2C ; 跳向005D6F2C 已经实现
005D6EFE . 8B45 F0 mov eax,dword ptr ss:[ebp-10]
005D6F01 . 83E0 04 and eax,4
005D6F04 . 85C0 test eax,eax
005D6F06 . 74 09 je short emu8086.005D6F11
005D6F08 . 8D4D B8 lea ecx,dword ptr ss:[ebp-48]
005D6F0B . FF15 34104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ; MSVBVM60.__vbaFreeVar
005D6F11 > 8D8D 74FFFFFF lea ecx,dword ptr ss:[ebp-8C]
005D6F17 . 51 push ecx
005D6F18 . 8D55 84 lea edx,dword ptr ss:[ebp-7C]
005D6F1B . 52 push edx
005D6F1C . 8D45 94 lea eax,dword ptr ss:[ebp-6C]
005D6F1F . 50 push eax
005D6F20 . 6A 03 push 3
005D6F22 . FF15 50104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>; MSVBVM60.__vbaFreeVarList
005D6F28 . 83C4 10 add esp,10
005D6F2B . C3 retn
005D6F2C > 8D4D D8 lea ecx,dword ptr ss:[ebp-28] ; 跳转来自 005D6EFC
005D6F2F . FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
005D6F35 . 8D4D D4 lea ecx,dword ptr ss:[ebp-2C]
005D6F38 . FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
005D6F3E . 8D4D C8 lea ecx,dword ptr ss:[ebp-38]
005D6F41 . FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
005D6F47 . 8D4D B4 lea ecx,dword ptr ss:[ebp-4C]
005D6F4A . FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
005D6F50 . 8D4D B0 lea ecx,dword ptr ss:[ebp-50]
005D6F53 . FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
005D6F59 . 8D4D A8 lea ecx,dword ptr ss:[ebp-58]
005D6F5C . FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
005D6F62 . 8D4D A4 lea ecx,dword ptr ss:[ebp-5C]
005D6F65 . FF15 3C144000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ; MSVBVM60.__vbaFreeStr
005D6F6B . C3 retn
005D6F6C . 8B4D 08 mov ecx,dword ptr ss:[ebp+8]
005D6F6F . 8B55 B8 mov edx,dword ptr ss:[ebp-48]
005D6F72 . 8911 mov dword ptr ds:[ecx],edx
005D6F74 . 8B45 BC mov eax,dword ptr ss:[ebp-44]
005D6F77 . 8941 04 mov dword ptr ds:[ecx+4],eax
005D6F7A . 8B55 C0 mov edx,dword ptr ss:[ebp-40]
005D6F7D . 8951 08 mov dword ptr ds:[ecx+8],edx
005D6F80 . 8B45 C4 mov eax,dword ptr ss:[ebp-3C]
005D6F83 . 8941 0C mov dword ptr ds:[ecx+C],eax
005D6F86 . 8B45 08 mov eax,dword ptr ss:[ebp+8]
005D6F89 . 8B4D E0 mov ecx,dword ptr ss:[ebp-20]
005D6F8C . 64:890D 00000000 mov dword ptr fs:[0],ecx
005D6F93 . 5F pop edi
005D6F94 . 5E pop esi
005D6F95 . 5B pop ebx
005D6F96 . 8BE5 mov esp,ebp ; 最终EDX中出现的就是真正的注册码了
005D6F98 . 5D pop ebp
005D6F99 . C2 0C00 retn 0C ; 算法call结束,返回调用处
----------------------------所用断点信息-------------------------------------------
Breakpoints
地址 模块 激活 反汇编 注释
005D4B01 emu8086 始终 cmp dword ptr ss:[ebp-F8],0 就先断在此处,开始往下调
005D4C46 emu8086 始终 call emu8086.005D5F80 这个call按f8也能过去,就是算法call
005D6590 emu8086 始终 push ebp 开始时也要较验两次,看是否注册成功
005D6910 emu8086 始终 push ebp 开始时候判断是否注册,检查注册表和reg.ini文件,算法就在这儿了
-----------------------------reg.ini中所写数据---------------------------------------
username=冰河之刃
regkey=3FRTQZXJKASERKKN837C
q=100
--------------------------------------------------------------------------------------
谨以此教程送给那些一直关心我,帮助过我的人。是你们的帮助才让我的生活更加的轻松快乐。
愿你们天天都有一份好的心情。^_^
2009年12月27日16时56分23秒
--------------------------------------------------------------------------------
【总结】
VB的程序其实也并不是太难破。只要找准位置下好断点,再加一点儿耐心,就没有做不到的事。
愚蠢的人总是人云亦云,别人说VB程序难破,他就也跟着说难破,你破了吗?亲自做过才有发言权。
神,其实也是人!只不过他做了别人做不到的事,所以他就成了神!
--------------------------------------------------------------------------------
【版权声明】: 本文原创自冰河之刃, 转载请注明作者并保持文章的完整, 谢谢!
[ 本帖最后由 月之精灵 于 2010-1-7 16:36 编辑 ] |
|
IP卡
发表于 2010-1-2 18:32:03
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2010-1-2 18:57:49
发表于 2010-1-2 19:03:47
楼主
发表于 2010-1-8 09:32:27