- UID
- 8671
注册时间2006-2-27
阅读权限40
最后登录1970-1-1
独步武林
 
TA的每日心情 | 开心
2018-5-6 16:27 |
|---|
签到天数: 7 天 [LV.3]偶尔看看II
|
一、Microsoft Visual Basic 5.0 / 6.0程序。
二、OD载入程序,运行,OD下断:bp rtcMsgBox,注册确认,程序中断在:
740F405A > 55 PUSH EBP 、、取消断点
740F405B 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14]
740F405F 8BEC MOV EBP,ESP
740F4061 83EC 48 SUB ESP,48
740F4064 66:8338 0A CMP WORD PTR DS:[EAX],0A
740F4068 53 PUSH EBX
740F4069 56 PUSH ESI
740F406A 57 PUSH EDI
推栈友好提示:
0012F3FC 00402229 返回到 ex805.00402229 来自 <JMP.&MSVBVM50.#595> 、、右键返回。
0012F400 0012F4AC
0012F404 00000030
0012F408 0012F49C
+++++++
三、F9运行程序,重来~
++++
00402163 > \FF75 E0 PUSH DWORD PTR SS:[EBP-20] ; 试练码~
00402166 . E8 85EFFFFF CALL <JMP.&MSVBVM50.__vbaR8Str>
0040216B . DC1D 28104000 FCOMP QWORD PTR DS:[401028] ; 浮点比较~
00402171 . DFE0 FSTSW AX
00402173 . 9E SAHF
00402174 . 75 03 JNZ SHORT ex805.00402179
00402176 . 6A 01 PUSH 1
00402178 . 5F POP EDI
00402179 > 8D4D E0 LEA ECX,DWORD PTR SS:[EBP-20]
0040217C . E8 5DEFFFFF CALL <JMP.&MSVBVM50.__vbaFreeStr>
00402181 . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
00402184 . E8 4FEFFFFF CALL <JMP.&MSVBVM50.__vbaFreeObj>
00402189 . F7DF NEG EDI
0040218B . 66:85FF TEST DI,DI ; 标志位比较~
0040218E . 74 3B JE SHORT ex805.004021CB ; 为0注册失败~~~
00402190 . B9 04000280 MOV ECX,80020004 ; (初始 cpu 选择)
00402195 . 894D A4 MOV DWORD PTR SS:[EBP-5C],ECX
00402198 . 6A 0A PUSH 0A
0040219A . 58 POP EAX
0040219B . 8945 9C MOV DWORD PTR SS:[EBP-64],EAX
0040219E . 894D B4 MOV DWORD PTR SS:[EBP-4C],ECX
004021A1 . 8945 AC MOV DWORD PTR SS:[EBP-54],EAX
004021A4 . C745 84 441F4>MOV DWORD PTR SS:[EBP-7C],ex805.>; thank you
004021AB . 6A 08 PUSH 8
004021AD . 5E POP ESI
004021AE . 89B5 7CFFFFFF MOV DWORD PTR SS:[EBP-84],ESI
004021B4 . 8D95 7CFFFFFF LEA EDX,DWORD PTR SS:[EBP-84]
004021BA . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
004021BD . E8 0AEFFFFF CALL <JMP.&MSVBVM50.__vbaVarDup>
004021C2 . C745 94 081F4>MOV DWORD PTR SS:[EBP-6C],ex805.>; thank you for registering!
004021C9 . EB 39 JMP SHORT ex805.00402204
004021CB > B9 04000280 MOV ECX,80020004
004021D0 . 894D A4 MOV DWORD PTR SS:[EBP-5C],ECX
004021D3 . 6A 0A PUSH 0A
004021D5 . 58 POP EAX
004021D6 . 8945 9C MOV DWORD PTR SS:[EBP-64],EAX
004021D9 . 894D B4 MOV DWORD PTR SS:[EBP-4C],ECX
004021DC . 8945 AC MOV DWORD PTR SS:[EBP-54],EAX
004021DF . C745 84 F81E4>MOV DWORD PTR SS:[EBP-7C],ex805.>; error
004021E6 . 6A 08 PUSH 8
004021E8 . 5E POP ESI
004021E9 . 89B5 7CFFFFFF MOV DWORD PTR SS:[EBP-84],ESI
004021EF . 8D95 7CFFFFFF LEA EDX,DWORD PTR SS:[EBP-84]
004021F5 . 8D4D BC LEA ECX,DWORD PTR SS:[EBP-44]
004021F8 . E8 CFEEFFFF CALL <JMP.&MSVBVM50.__vbaVarDup>
004021FD . C745 94 B81E4>MOV DWORD PTR SS:[EBP-6C],ex805.>; invalid registration number!
00402204 > 8975 8C MOV DWORD PTR SS:[EBP-74],ESI
00402207 . 8D55 8C LEA EDX,DWORD PTR SS:[EBP-74]
0040220A . 8D4D CC LEA ECX,DWORD PTR SS:[EBP-34]
0040220D . E8 BAEEFFFF CALL <JMP.&MSVBVM50.__vbaVarDup>
00402212 . 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64]
00402215 . 50 PUSH EAX
00402216 . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54]
00402219 . 50 PUSH EAX
0040221A . 8D45 BC LEA EAX,DWORD PTR SS:[EBP-44]
0040221D . 50 PUSH EAX
0040221E . 6A 30 PUSH 30
00402220 . 8D45 CC LEA EAX,DWORD PTR SS:[EBP-34]
00402223 . 50 PUSH EAX
00402224 . E8 A9EEFFFF CALL <JMP.&MSVBVM50.#595>
00402229 . 8D45 9C LEA EAX,DWORD PTR SS:[EBP-64] ; 返回到这~
转载请注明出处。Cracked by WildCatIII[D.4s][PYG]
[ 本帖最后由 野猫III 于 2006-7-13 01:36 编辑 ] |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?加入我们
x
|
IP卡
发表于 2006-7-13 01:30:20
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2006-7-13 08:37:52
发表于 2006-7-13 10:07:50
发表于 2006-7-13 19:03:48
发表于 2006-7-15 10:36:29
