Crack实战系列教程-《VB系列-第五课(完结)》
本帖最后由 我是用户 于 2013-7-15 18:46 编辑【软件名称】: BatchPPT3.1
【作者邮箱】: 2714608453@qq.com
【下载地址】: 见附件
【软件语言】: VB
【使用工具】: OD
【操作平台】: XP SP2
【作者声明】: 只是感兴趣,没有其他目的。失误之处敬请诸位大侠赐教!
通过前面四课的了解,我们对VB程序应该有了大概的认识,VB的程序很烦,代码很简单,但是反汇编起来很难看懂,现在就用实例来帮大家理解
感谢@淡然出尘 提供的程序.如果大家有好的VB程序也可以连接我,具体请见贴子:http://www.52pojie.cn/thread-202083-1-1.html
写在前言:
首先这个程序的算法CALL有三处,我们记为算法CALL1,算法CALL2,算法CALL3.
注册码保存在注册表里,具体路径:
1.查壳
VB的壳无疑
2.寻找算法CALL
如何寻找这三个算法CALL呢。
当我们注册失败,以及进行算法验证时,会出现以下错误对话框。
当输入注册码注册时,进行算法CALL1验证。
如图1
当点击转换时候,进行算法CALL2验证。
如图2
当输入按钮标签中的类型转换以及幻灯片编号等,进行算法CALL3验证。
如图3
我们可以通过下断rtcMsgBox,或者搜索字符串到达关键代码处,此处就不在累述。
3.爆破
如果爆破的话,三处算法CALL都要改,所以这里干脆就直接分析出算法。
三处算法CALL分别地址分别如下:
算法CALL1:00452020
算法CALL2:00451DF0
算法CALL3:00451A10
爆破的话,直接让其返回不为0就好,大家可以自己动手试试。
4.算法分析
算法CALL1具体代码如下:
00452020 $55 push ebp
00452021 .8BEC mov ebp,esp
00452023 .83EC 14 sub esp,0x14
00452026 .68 962A4000 push <jmp.&MSVBVM60.__vbaExceptHandler>;SE 处理程序安装
0045202B .64:A1 0000000>mov eax,dword ptr fs:
00452031 .50 push eax
00452032 .64:8925 00000>mov dword ptr fs:,esp
00452039 .83EC 60 sub esp,0x60
0045203C .53 push ebx ;MSVBVM60.__vbaObjSet
0045203D .56 push esi
0045203E .57 push edi ;MSVBVM60.__vbaStrMove
0045203F .8965 EC mov dword ptr ss:,esp
00452042 .C745 F0 50264>mov dword ptr ss:,BatchPPT.004>
00452049 .33C0 xor eax,eax
0045204B .8945 F4 mov dword ptr ss:,eax
0045204E .8945 F8 mov dword ptr ss:,eax
00452051 .8945 DC mov dword ptr ss:,eax
00452054 .8945 D4 mov dword ptr ss:,eax
00452057 .8945 C4 mov dword ptr ss:,eax
0045205A .8945 B4 mov dword ptr ss:,eax
0045205D .8945 A4 mov dword ptr ss:,eax
00452060 .6A 01 push 0x1 ; /OnErrEvent = Goto Address
00452062 .FF15 88104000 call dword ptr ds:[<&MSVBVM60.__vbaOnErr>; \__vbaOnError
00452068 .8B75 08 mov esi,dword ptr ss:
0045206B .8975 AC mov dword ptr ss:,esi
0045206E .C745 A4 08400>mov dword ptr ss:,0x4008
00452075 .6A 01 push 0x1
00452077 .8D45 A4 lea eax,dword ptr ss:
0045207A .50 push eax
0045207B .8D4D C4 lea ecx,dword ptr ss:
0045207E .51 push ecx
0045207F .FF15 0C124000 call dword ptr ds:[<&MSVBVM60.#rtcRightC>;MSVBVM60.rtcRightCharVar
00452085 .8D55 C4 lea edx,dword ptr ss:
00452088 .52 push edx
00452089 .8B3D 20104000 mov edi,dword ptr ds:[<&MSVBVM60.__vbaSt>;MSVBVM60.__vbaStrVarMove
0045208F .FFD7 call edi ;MSVBVM60.__vbaStrMove; <&MSVBVM60.__vbaStrVarMove>
00452091 .8BD0 mov edx,eax
00452093 .8D4D DC lea ecx,dword ptr ss:
00452096 .8B1D 00124000 mov ebx,dword ptr ds:[<&MSVBVM60.__vbaSt>;MSVBVM60.__vbaStrMove
0045209C .FFD3 call ebx ;MSVBVM60.__vbaObjSet; <&MSVBVM60.__vbaStrMove>
0045209E .8D4D C4 lea ecx,dword ptr ss:
004520A1 .FF15 18104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>;MSVBVM60.__vbaFreeVar
004520A7 .C745 CC 01000>mov dword ptr ss:,0x1
004520AE .C745 C4 02000>mov dword ptr ss:,0x2
004520B5 .8975 AC mov dword ptr ss:,esi
004520B8 .C745 A4 08400>mov dword ptr ss:,0x4008
004520BF .8D45 C4 lea eax,dword ptr ss:
004520C2 .50 push eax ; /Length8 = 0x18130C
004520C3 .6A 1F push 0x1F ; |Start = 0x1F
004520C5 .8D4D A4 lea ecx,dword ptr ss: ; |
004520C8 .51 push ecx ; |dString8 = 0012EBAC
004520C9 .8D55 B4 lea edx,dword ptr ss: ; |
004520CC .52 push edx ; |RetBUFFER = 0012EBAC
004520CD .FF15 B4104000 call dword ptr ds:[<&MSVBVM60.#rtcMidCha>; \rtcMidCharVar
004520D3 .8D45 B4 lea eax,dword ptr ss:
004520D6 .50 push eax
004520D7 .FFD7 call edi ;MSVBVM60.__vbaStrMove
004520D9 .8BD0 mov edx,eax
004520DB .8D4D D4 lea ecx,dword ptr ss:
004520DE .FFD3 call ebx ;MSVBVM60.__vbaObjSet
004520E0 .8D4D B4 lea ecx,dword ptr ss:
004520E3 .51 push ecx
004520E4 .8D55 C4 lea edx,dword ptr ss:
004520E7 .52 push edx
004520E8 .6A 02 push 0x2
004520EA .FF15 2C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>;MSVBVM60.__vbaFreeVarList
004520F0 .83C4 0C add esp,0xC
004520F3 .8B45 D4 mov eax,dword ptr ss:
004520F6 .50 push eax
004520F7 .FF15 48114000 call dword ptr ds:[<&MSVBVM60.__vbaI2Str>;MSVBVM60.__vbaI2Str
004520FD .66:8BF0 mov si,ax
00452100 .66:83E6 01 and si,0x1
00452104 .79 08 jns short BatchPPT.0045210E
00452106 .66:4E dec si
00452108 .66:83CE FE or si,0xFFFE
0045210C .66:46 inc si
0045210E >8B4D DC mov ecx,dword ptr ss:
00452111 .51 push ecx
00452112 .68 18564100 push BatchPPT.00415618 ;X
00452117 .8B3D D0104000 mov edi,dword ptr ds:[<&MSVBVM60.__vbaSt>;MSVBVM60.__vbaStrCmp
0045211D .FFD7 call edi ;MSVBVM60.__vbaStrMove; <&MSVBVM60.__vbaStrCmp>
0045211F .8BD8 mov ebx,eax
00452121 .F7DB neg ebx ;MSVBVM60.__vbaObjSet
00452123 .1BDB sbb ebx,ebx ;MSVBVM60.__vbaObjSet
00452125 .43 inc ebx ;MSVBVM60.__vbaObjSet
00452126 .F7DB neg ebx ;MSVBVM60.__vbaObjSet
00452128 .33D2 xor edx,edx
0045212A .66:85F6 test si,si
0045212D .0F95C2 setne dl
00452130 .F7DA neg edx
00452132 .23DA and ebx,edx
00452134 .8B45 DC mov eax,dword ptr ss:
00452137 .50 push eax
00452138 .68 10564100 push BatchPPT.00415610 ;1
0045213D .FFD7 call edi ;MSVBVM60.__vbaStrMove
0045213F .F7D8 neg eax
00452141 .1BC0 sbb eax,eax
00452143 .40 inc eax
00452144 .F7D8 neg eax
00452146 .33C9 xor ecx,ecx
00452148 .66:85F6 test si,si
0045214B .0F94C1 sete cl
0045214E .F7D9 neg ecx
00452150 .23C1 and eax,ecx
00452152 .0BD8 or ebx,eax
00452154 .895D D8 mov dword ptr ss:,ebx ;MSVBVM60.__vbaObjSet
00452157 .FF15 74104000 call dword ptr ds:[<&MSVBVM60.__vbaExitP>;MSVBVM60.__vbaExitProc
0045215D .68 9D214500 push BatchPPT.0045219D
00452162 .EB 28 jmp short BatchPPT.0045218C
00452164 .C745 D8 00000>mov dword ptr ss:,0x0
0045216B .FF15 74104000 call dword ptr ds:[<&MSVBVM60.__vbaExitP>;MSVBVM60.__vbaExitProc
00452171 .68 9D214500 push BatchPPT.0045219D
00452176 .EB 14 jmp short BatchPPT.0045218C
00452178 .8D55 B4 lea edx,dword ptr ss:
0045217B .52 push edx
0045217C .8D45 C4 lea eax,dword ptr ss:
0045217F .50 push eax
00452180 .6A 02 push 0x2
00452182 .FF15 2C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>;MSVBVM60.__vbaFreeVarList
00452188 .83C4 0C add esp,0xC
0045218B .C3 retn
0045218C >8D4D DC lea ecx,dword ptr ss:
0045218F .8B35 28124000 mov esi,dword ptr ds:[<&MSVBVM60.__vbaFr>;MSVBVM60.__vbaFreeStr
00452195 .FFD6 call esi ;<&MSVBVM60.__vbaFreeStr>
00452197 .8D4D D4 lea ecx,dword ptr ss:
0045219A .FFD6 call esi
0045219C .C3 retn
0045219D .66:8B45 D8 mov ax,word ptr ss:
004521A1 .8B4D E4 mov ecx,dword ptr ss:
004521A4 .64:890D 00000>mov dword ptr fs:,ecx
004521AB .5F pop edi ;BatchPPT.00452868
004521AC .5E pop esi ;BatchPPT.00452868
004521AD .5B pop ebx ;BatchPPT.00452868
004521AE .8BE5 mov esp,ebp
004521B0 .5D pop ebp ;BatchPPT.00452868
004521B1 .C2 0400 retn 0x4
由上述代码可知:
注册码中的第1F位只能为数字。
当第1F位为奇数时,最后一位为X
当第1F位为偶数时,最后一位为1
算法CALL2具体代码如下:
00451DF0 $53 push ebx
00451DF1 .55 push ebp
00451DF2 .56 push esi
00451DF3 .57 push edi ;BatchPPT.0045A028
00451DF4 .8B7C24 14 mov edi,dword ptr ss: ;BatchPPT.0045A028
00451DF8 .8B1D 90114000 mov ebx,dword ptr ds:[<&MSVBVM60.__vbaIn>;MSVBVM60.__vbaInStr
00451DFE .6A 01 push 0x1
00451E00 .8B07 mov eax,dword ptr ds:
00451E02 .50 push eax
00451E03 .68 08564100 push BatchPPT.00415608 ;-
00451E08 .6A 01 push 0x1
00451E0A .FFD3 call ebx ;<&MSVBVM60.__vbaInStr>
00451E0C .8B2D DC104000 mov ebp,dword ptr ds:[<&MSVBVM60.__vbaI2>;MSVBVM60.__vbaI2I4
00451E12 .8BC8 mov ecx,eax
00451E14 .FFD5 call ebp ;<&MSVBVM60.__vbaI2I4>
00451E16 .8BF0 mov esi,eax
00451E18 .66:83FE 01 cmp si,0x1 ;si大于等于1
00451E1C .7D 09 jge short BatchPPT.00451E27
00451E1E .5F pop edi ;0012FB20
00451E1F .5E pop esi ;0012FB20
00451E20 .5D pop ebp ;0012FB20
00451E21 .33C0 xor eax,eax
00451E23 .5B pop ebx ;0012FB20
00451E24 .C2 0400 retn 0x4
00451E27 >66:8BCE mov cx,si ;cx=si
00451E2A .8B07 mov eax,dword ptr ds:
00451E2C .66:83C1 01 add cx,0x1 ;cx=cx+1
00451E30 .70 40 jo short BatchPPT.00451E72
00451E32 .0FBFD1 movsx edx,cx
00451E35 .52 push edx ;从上一个位置开始再找
00451E36 .50 push eax
00451E37 .68 08564100 push BatchPPT.00415608 ;-
00451E3C .6A 01 push 0x1
00451E3E .FFD3 call ebx
00451E40 .8BC8 mov ecx,eax
00451E42 .FFD5 call ebp
00451E44 .66:8BCE mov cx,si ;cx=第一个的位置
00451E47 .66:83C1 02 add cx,0x2 ;cx=cx+2
00451E4B .70 25 jo short BatchPPT.00451E72
00451E4D .66:3BC1 cmp ax,cx ;找到的位置要大于cx
00451E50 .7D 09 jge short BatchPPT.00451E5B
00451E52 .5F pop edi ;0012FB20
00451E53 .5E pop esi ;0012FB20
00451E54 .5D pop ebp ;0012FB20
00451E55 .33C0 xor eax,eax
00451E57 .5B pop ebx ;0012FB20
00451E58 .C2 0400 retn 0x4
00451E5B >66:03F0 add si,ax ;si+ax
00451E5E .5F pop edi ;0012FB20
00451E5F .70 11 jo short BatchPPT.00451E72
00451E61 .33C0 xor eax,eax
00451E63 .66:83FE 21 cmp si,0x21 //等于0x21
00451E67 .0F94C0 sete al
00451E6A .5E pop esi ;0012FB20
00451E6B .5D pop ebp ;0012FB20
00451E6C .F7D8 neg eax
00451E6E .5B pop ebx ;0012FB20
00451E6F .C2 0400 retn 0x4
00451E72 >FF15 80114000 call dword ptr ds:[<&MSVBVM60.__vbaError>;MSVBVM60.__vbaErrorOverflow
由上述代码可知:
他是通过计算"-"号出现的位置来进行验证的,我们把第一次,第二次出现的位置记为a1,a2.它要满足以下三个条件。
第一个:a1>=1(既必须存在)(要等于B)
第二个:a2>=a1+2(要等于0x16)
第二个:si=a2+a1要等于0x21
算法CALL3具体代码如下:
00451E80 $55 push ebp
00451E81 .8BEC mov ebp,esp
00451E83 .83EC 08 sub esp,0x8
00451E86 .68 962A4000 push <jmp.&MSVBVM60.__vbaExceptHandler>;SE 处理程序安装
00451E8B .64:A1 0000000>mov eax,dword ptr fs:
00451E91 .50 push eax
00451E92 .64:8925 00000>mov dword ptr fs:,esp
00451E99 .83EC 5C sub esp,0x5C
00451E9C .53 push ebx ;MSVBVM60.__vbaObjSet
00451E9D .56 push esi
00451E9E .57 push edi ;MSVBVM60.__vbaStrMove
00451E9F .8965 F8 mov dword ptr ss:,esp
00451EA2 .C745 FC 40264>mov dword ptr ss:,BatchPPT.0040>
00451EA9 .8B75 08 mov esi,dword ptr ss:
00451EAC .8B1D 90114000 mov ebx,dword ptr ds:[<&MSVBVM60.__vbaIn>;MSVBVM60.__vbaInStr
00451EB2 .6A 01 push 0x1
00451EB4 .33FF xor edi,edi ;MSVBVM60.__vbaStrMove
00451EB6 .8B06 mov eax,dword ptr ds: ;BatchPPT.0045CA40
00451EB8 .897D E4 mov dword ptr ss:,edi ;MSVBVM60.__vbaStrMove
00451EBB .50 push eax
00451EBC .68 08564100 push BatchPPT.00415608 ;-
00451EC1 .6A 01 push 0x1
00451EC3 .897D E0 mov dword ptr ss:,edi ;MSVBVM60.__vbaStrMove
00451EC6 .897D D8 mov dword ptr ss:,edi ;MSVBVM60.__vbaStrMove
00451EC9 .897D C8 mov dword ptr ss:,edi ;MSVBVM60.__vbaStrMove
00451ECC .897D B8 mov dword ptr ss:,edi ;MSVBVM60.__vbaStrMove
00451ECF .897D A8 mov dword ptr ss:,edi ;MSVBVM60.__vbaStrMove
00451ED2 .FFD3 call ebx ;MSVBVM60.__vbaObjSet; <&MSVBVM60.__vbaInStr>
00451ED4 .8BC8 mov ecx,eax
00451ED6 .FF15 DC104000 call dword ptr ds:[<&MSVBVM60.__vbaI2I4>>;MSVBVM60.__vbaI2I4
00451EDC .66:3D 0B00 cmp ax,0xB
00451EE0 .74 0D je short BatchPPT.00451EEF
00451EE2 .897D E8 mov dword ptr ss:,edi ;MSVBVM60.__vbaStrMove
00451EE5 .68 03204500 push BatchPPT.00452003
00451EEA .E9 03010000 jmp BatchPPT.00451FF2
00451EEF >8B0E mov ecx,dword ptr ds: ;BatchPPT.0045CA40
00451EF1 .6A 0C push 0xC
00451EF3 .51 push ecx
00451EF4 .68 08564100 push BatchPPT.00415608 ;-
00451EF9 .6A 01 push 0x1
00451EFB .FFD3 call ebx ;MSVBVM60.__vbaObjSet
00451EFD .8BC8 mov ecx,eax
00451EFF .FF15 DC104000 call dword ptr ds:[<&MSVBVM60.__vbaI2I4>>;MSVBVM60.__vbaI2I4
00451F05 .66:3D 1600 cmp ax,0x16
00451F09 .74 0D je short BatchPPT.00451F18
00451F0B .897D E8 mov dword ptr ss:,edi ;MSVBVM60.__vbaStrMove
00451F0E .68 03204500 push BatchPPT.00452003
00451F13 .E9 DA000000 jmp BatchPPT.00451FF2
00451F18 >8D55 C8 lea edx,dword ptr ss:
00451F1B .8D45 A8 lea eax,dword ptr ss:
00451F1E .52 push edx ; /Length8 = 0x12EBAC
00451F1F .6A 0C push 0xC ; |Start = 0xC
00451F21 .8D4D B8 lea ecx,dword ptr ss: ; |
00451F24 .50 push eax ; |dString8 = 0018130C
00451F25 .51 push ecx ; |RetBUFFER = 0012EBAC
00451F26 .C745 D0 0A000>mov dword ptr ss:,0xA ; |
00451F2D .C745 C8 02000>mov dword ptr ss:,0x2 ; |
00451F34 .8975 B0 mov dword ptr ss:,esi ; |
00451F37 .C745 A8 08400>mov dword ptr ss:,0x4008 ; |
00451F3E .FF15 B4104000 call dword ptr ds:[<&MSVBVM60.#rtcMidCha>; \rtcMidCharVar
00451F44 .8B1D 20104000 mov ebx,dword ptr ds:[<&MSVBVM60.__vbaSt>;、
00451F4A .8D55 B8 lea edx,dword ptr ss:
00451F4D .52 push edx
00451F4E .FFD3 call ebx ;MSVBVM60.__vbaObjSet; <&MSVBVM60.__vbaStrVarMove>
00451F50 .8B3D 00124000 mov edi,dword ptr ds:[<&MSVBVM60.__vbaSt>;MSVBVM60.__vbaStrMove
00451F56 .8BD0 mov edx,eax
00451F58 .8D4D E0 lea ecx,dword ptr ss:
00451F5B .FFD7 call edi ;MSVBVM60.__vbaStrMove; <&MSVBVM60.__vbaStrMove>
00451F5D .8D45 B8 lea eax,dword ptr ss:
00451F60 .8D4D C8 lea ecx,dword ptr ss:
00451F63 .50 push eax
00451F64 .51 push ecx
00451F65 .6A 02 push 0x2
00451F67 .FF15 2C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>;MSVBVM60.__vbaFreeVarList
00451F6D .83C4 0C add esp,0xC
00451F70 .8D55 A8 lea edx,dword ptr ss:
00451F73 .8D45 C8 lea eax,dword ptr ss:
00451F76 .8975 B0 mov dword ptr ss:,esi
00451F79 .6A 0A push 0xA
00451F7B .52 push edx
00451F7C .50 push eax
00451F7D .C745 A8 08400>mov dword ptr ss:,0x4008
00451F84 .FF15 F4114000 call dword ptr ds:[<&MSVBVM60.#rtcLeftCh>;取字符串的前A位
00451F8A .8D4D C8 lea ecx,dword ptr ss:
00451F8D .51 push ecx
00451F8E .FFD3 call ebx ;MSVBVM60.__vbaObjSet
00451F90 .8BD0 mov edx,eax
00451F92 .8D4D E4 lea ecx,dword ptr ss:
00451F95 .FFD7 call edi ;MSVBVM60.__vbaStrMove
00451F97 .8D4D C8 lea ecx,dword ptr ss:
00451F9A .FF15 18104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>;MSVBVM60.__vbaFreeVar
00451FA0 .8B55 E0 mov edx,dword ptr ss:
00451FA3 .8D45 E4 lea eax,dword ptr ss:
00451FA6 .52 push edx
00451FA7 .50 push eax
00451FA8 .E8 63FAFFFF call BatchPPT.00451A10 //关键CALL,进入
00451FAD .8BD0 mov edx,eax
00451FAF .8D4D D8 lea ecx,dword ptr ss:
00451FB2 .FFD7 call edi ;MSVBVM60.__vbaStrMove
00451FB4 .50 push eax
00451FB5 .FF15 D0104000 call dword ptr ds:[<&MSVBVM60.__vbaStrCm>;MSVBVM60.__vbaStrCmp
00451FBB .F7D8 neg eax
00451FBD .1BC0 sbb eax,eax
00451FBF .8D4D D8 lea ecx,dword ptr ss:
00451FC2 .40 inc eax
00451FC3 .F7D8 neg eax
00451FC5 .8945 E8 mov dword ptr ss:,eax
00451FC8 .FF15 28124000 call dword ptr ds:[<&MSVBVM60.__vbaFreeS>;MSVBVM60.__vbaFreeStr
00451FCE .68 03204500 push BatchPPT.00452003
00451FD3 .EB 1D jmp short BatchPPT.00451FF2
00451FD5 .8D4D D8 lea ecx,dword ptr ss:
00451FD8 .FF15 28124000 call dword ptr ds:[<&MSVBVM60.__vbaFreeS>;MSVBVM60.__vbaFreeStr
00451FDE .8D4D B8 lea ecx,dword ptr ss:
00451FE1 .8D55 C8 lea edx,dword ptr ss:
00451FE4 .51 push ecx
00451FE5 .52 push edx
00451FE6 .6A 02 push 0x2
00451FE8 .FF15 2C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>;MSVBVM60.__vbaFreeVarList
00451FEE .83C4 0C add esp,0xC
00451FF1 .C3 retn
00451FF2 >8B35 28124000 mov esi,dword ptr ds:[<&MSVBVM60.__vbaFr>;MSVBVM60.__vbaFreeStr
00451FF8 .8D4D E4 lea ecx,dword ptr ss:
00451FFB .FFD6 call esi ;<&MSVBVM60.__vbaFreeStr>
00451FFD .8D4D E0 lea ecx,dword ptr ss:
00452000 .FFD6 call esi
00452002 .C3 retn
00452003 .8B4D F0 mov ecx,dword ptr ss: ;BatchPPT.00402A96
00452006 .66:8B45 E8 mov ax,word ptr ss:
0045200A .5F pop edi ;BatchPPT.00452868
0045200B .5E pop esi ;BatchPPT.00452868
0045200C .64:890D 00000>mov dword ptr fs:,ecx
00452013 .5B pop ebx ;BatchPPT.00452868
00452014 .8BE5 mov esp,ebp
00452016 .5D pop ebp ;BatchPPT.00452868
00452017 .C2 0400 retn 0x4
//00451A10 进入
00451A10 > $55 push ebp
00451A11 .8BEC mov ebp,esp
00451A13 .83EC 0C sub esp,0xC
00451A16 .68 962A4000 push <jmp.&MSVBVM60.__vbaExceptHandler>;SE 处理程序安装
00451A1B .64:A1 0000000>mov eax,dword ptr fs:
00451A21 .50 push eax
00451A22 .64:8925 00000>mov dword ptr fs:,esp
00451A29 .83EC 6C sub esp,0x6C
00451A2C .53 push ebx ;MSVBVM60.__vbaObjSet
00451A2D .56 push esi
00451A2E .57 push edi ;MSVBVM60.__vbaStrMove
00451A2F .8965 F4 mov dword ptr ss:,esp
00451A32 .C745 F8 30264>mov dword ptr ss:,BatchPPT.0040>
00451A39 .8B7D 08 mov edi,dword ptr ss:
00451A3C .33F6 xor esi,esi
00451A3E .8975 D8 mov dword ptr ss:,esi
00451A41 .8975 D4 mov dword ptr ss:,esi
00451A44 .8B07 mov eax,dword ptr ds:
00451A46 .8975 D0 mov dword ptr ss:,esi
00451A49 .50 push eax ; /String = ""
00451A4A .8975 C4 mov dword ptr ss:,esi ; |
00451A4D .8975 C0 mov dword ptr ss:,esi ; |
00451A50 .8975 B0 mov dword ptr ss:,esi ; |
00451A53 .8975 AC mov dword ptr ss:,esi ; |
00451A56 .8975 9C mov dword ptr ss:,esi ; |
00451A59 .FF15 28104000 call dword ptr ds:[<&MSVBVM60.__vbaLenBs>; \__vbaLenBstr
00451A5F .85C0 test eax,eax
00451A61 .0F84 20030000 je BatchPPT.00451D87
00451A67 .56 push esi
00451A68 .8D4D 9C lea ecx,dword ptr ss:
00451A6B .68 80000000 push 0x80
00451A70 .8D55 B0 lea edx,dword ptr ss:
00451A73 .51 push ecx
00451A74 .52 push edx
00451A75 .897D A4 mov dword ptr ss:,edi ;MSVBVM60.__vbaStrMove
00451A78 .C745 9C 08400>mov dword ptr ss:,0x4008
00451A7F .FF15 5C114000 call dword ptr ds:[<&MSVBVM60.#rtcStrCon>;MSVBVM60.rtcStrConvVar2
00451A85 .8D45 B0 lea eax,dword ptr ss: ;转成ASCII码
00451A88 .8D4D AC lea ecx,dword ptr ss:
00451A8B .50 push eax
00451A8C .51 push ecx
00451A8D .FF15 88114000 call dword ptr ds:[<&MSVBVM60.__vbaVar2V>;MSVBVM60.__vbaVar2Vec
00451A93 .8D55 AC lea edx,dword ptr ss: ;转成数组
00451A96 .8D45 D8 lea eax,dword ptr ss:
00451A99 .52 push edx
00451A9A .50 push eax
00451A9B .FF15 14104000 call dword ptr ds:[<&MSVBVM60.__vbaAryMo>;MSVBVM60.__vbaAryMove
00451AA1 .8D4D B0 lea ecx,dword ptr ss:
00451AA4 .FF15 18104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>;MSVBVM60.__vbaFreeVar
00451AAA .8B4D D8 mov ecx,dword ptr ss:
00451AAD .51 push ecx
00451AAE .6A 01 push 0x1
00451AB0 .FF15 F0104000 call dword ptr ds:[<&MSVBVM60.__vbaLboun>;MSVBVM60.__vbaLbound
00451AB6 .8B55 D8 mov edx,dword ptr ss:
00451AB9 .8BF8 mov edi,eax
00451ABB .52 push edx
00451ABC .6A 01 push 0x1 ;前面的去除符号
00451ABE .897D DC mov dword ptr ss:,edi ;MSVBVM60.__vbaStrMove
00451AC1 .FF15 64114000 call dword ptr ds:[<&MSVBVM60.__vbaUboun>;MSVBVM60.__vbaUbound
00451AC7 .8BD8 mov ebx,eax ;取下界
00451AC9 .57 push edi ; |lBoundn = 0x73476A74
00451ACA .83C3 01 add ebx,0x1 ; |
00451ACD .8D4D C4 lea ecx,dword ptr ss: ; |
00451AD0 .0F80 13030000 jo BatchPPT.00451DE9 ; |
00451AD6 .8BC3 mov eax,ebx ; |MSVBVM60.__vbaObjSet
00451AD8 .895D C8 mov dword ptr ss:,ebx ; |MSVBVM60.__vbaObjSet
00451ADB .83E8 01 sub eax,0x1 ; |
00451ADE .0F80 05030000 jo BatchPPT.00451DE9 ; |
00451AE4 .50 push eax ; |uBoundn = 0x18130C
00451AE5 .6A 01 push 0x1 ; |TotalArray = 0x1
00451AE7 .6A 11 push 0x11 ; |vBType = Byte
00451AE9 .51 push ecx ; |RetADDR = 0012EBAC
00451AEA .6A 01 push 0x1 ; |VAlign = BYTE
00451AEC .68 80000000 push 0x80 ; |Arg1 = 0x80
00451AF1 .FF15 04114000 call dword ptr ds:[<&MSVBVM60.__vbaRedim>; \__vbaRedim
00451AF7 .8BCB mov ecx,ebx ;重定义数组 BYTE
00451AF9 .83C4 1C add esp,0x1C
00451AFC .83E9 01 sub ecx,0x1
00451AFF .0F80 E4020000 jo BatchPPT.00451DE9
00451B05 .FF15 DC104000 call dword ptr ds:[<&MSVBVM60.__vbaI2I4>>;MSVBVM60.__vbaI2I4
00451B0B .8BCF mov ecx,edi ;MSVBVM60.__vbaStrMove
00451B0D .8945 90 mov dword ptr ss:,eax
00451B10 .FF15 DC104000 call dword ptr ds:[<&MSVBVM60.__vbaI2I4>>;MSVBVM60.__vbaI2I4
00451B16 .8945 E8 mov dword ptr ss:,eax
00451B19 >66:3B45 90 cmp ax,word ptr ss: ;循环开始
00451B1D .0F8F 07020000 jg BatchPPT.00451D2A
00451B23 .8B4D D8 mov ecx,dword ptr ss:
00451B26 .0FBFC0 movsx eax,ax
00451B29 .3BC7 cmp eax,edi ;i与edi比较
00451B2B .8945 84 mov dword ptr ss:,eax ;变量7C为eax
00451B2E .0F85 BA000000 jnz BatchPPT.00451BEE
00451B34 .85C9 test ecx,ecx
00451B36 .74 2A je short BatchPPT.00451B62
00451B38 .66:8339 01 cmp word ptr ds:,0x1
00451B3C .75 24 jnz short BatchPPT.00451B62 ;以上的数组的一些判断
00451B3E .8B51 14 mov edx,dword ptr ds: ;BatchPPT.004026F0
00451B41 .8B41 10 mov eax,dword ptr ds: ;eax为数组大小
00451B44 .8BF3 mov esi,ebx ;MSVBVM60.__vbaObjSet
00451B46 .8B3D CC104000 mov edi,dword ptr ds:[<&MSVBVM60.__vbaGe>;MSVBVM60.__vbaGenerateBoundsError
00451B4C .83EE 01 sub esi,0x1
00451B4F .0F80 94020000 jo BatchPPT.00451DE9
00451B55 .2BF2 sub esi,edx
00451B57 .3BF0 cmp esi,eax ;9与A比较
00451B59 .72 18 jb short BatchPPT.00451B73
00451B5B .FFD7 call edi ;MSVBVM60.__vbaStrMove; <&MSVBVM60.__vbaGenerateBoundsError>
00451B5D .8B4D D8 mov ecx,dword ptr ss:
00451B60 .EB 11 jmp short BatchPPT.00451B73
00451B62 >FF15 CC104000 call dword ptr ds:[<&MSVBVM60.__vbaGener>;MSVBVM60.__vbaGenerateBoundsError
00451B68 .8B4D D8 mov ecx,dword ptr ss:
00451B6B .8B3D CC104000 mov edi,dword ptr ds:[<&MSVBVM60.__vbaGe>;MSVBVM60.__vbaGenerateBoundsError
00451B71 .8BF0 mov esi,eax
00451B73 >8B51 0C mov edx,dword ptr ds: ;BatchPPT.00402A96
00451B76 .33C0 xor eax,eax
00451B78 .83FB 01 cmp ebx,0x1
00451B7B .8A0432 mov al,byte ptr ds: ;al为第A位
00451B7E .8945 D0 mov dword ptr ss:,eax ;变量30为第A位(初始)
00451B81 .75 28 jnz short BatchPPT.00451BAB
00451B83 .85C9 test ecx,ecx
00451B85 .74 56 je short BatchPPT.00451BDD
00451B87 .66:3919 cmp word ptr ds:,bx
00451B8A .75 51 jnz short BatchPPT.00451BDD
00451B8C .8B71 14 mov esi,dword ptr ds: ;BatchPPT.004026F0
00451B8F .8B41 10 mov eax,dword ptr ds:
00451B92 .F7DE neg esi
00451B94 .3BF0 cmp esi,eax
00451B96 .72 05 jb short BatchPPT.00451B9D
00451B98 .FFD7 call edi ;MSVBVM60.__vbaStrMove
00451B9A .8B4D D8 mov ecx,dword ptr ss:
00451B9D >8B51 0C mov edx,dword ptr ds: ;BatchPPT.00402A96
00451BA0 .8BC6 mov eax,esi
00451BA2 .33DB xor ebx,ebx ;MSVBVM60.__vbaObjSet
00451BA4 .8A1C02 mov bl,byte ptr ds:
00451BA7 .8BF3 mov esi,ebx ;MSVBVM60.__vbaObjSet
00451BA9 .EB 49 jmp short BatchPPT.00451BF4
00451BAB >85C9 test ecx,ecx
00451BAD .74 2E je short BatchPPT.00451BDD
00451BAF .66:8339 01 cmp word ptr ds:,0x1
00451BB3 .75 28 jnz short BatchPPT.00451BDD
00451BB5 .8B51 14 mov edx,dword ptr ds: ;BatchPPT.004026F0
00451BB8 .8B41 10 mov eax,dword ptr ds:
00451BBB .83EB 02 sub ebx,0x2
00451BBE .0F80 25020000 jo BatchPPT.00451DE9
00451BC4 .2BDA sub ebx,edx
00451BC6 .3BD8 cmp ebx,eax
00451BC8 .72 05 jb short BatchPPT.00451BCF
00451BCA .FFD7 call edi ;MSVBVM60.__vbaStrMove
00451BCC .8B4D D8 mov ecx,dword ptr ss:
00451BCF >8B51 0C mov edx,dword ptr ds: ;BatchPPT.00402A96
00451BD2 .8BC3 mov eax,ebx ;MSVBVM60.__vbaObjSet
00451BD4 .33DB xor ebx,ebx ;MSVBVM60.__vbaObjSet
00451BD6 .8A1C02 mov bl,byte ptr ds: ;bl为第九位
00451BD9 .8BF3 mov esi,ebx ;esi=bl
00451BDB .EB 17 jmp short BatchPPT.00451BF4
00451BDD >FFD7 call edi ;MSVBVM60.__vbaStrMove
00451BDF .8B4D D8 mov ecx,dword ptr ss:
00451BE2 .33DB xor ebx,ebx ;MSVBVM60.__vbaObjSet
00451BE4 .8B51 0C mov edx,dword ptr ds: ;BatchPPT.00402A96
00451BE7 .8A1C02 mov bl,byte ptr ds:
00451BEA .8BF3 mov esi,ebx ;MSVBVM60.__vbaObjSet
00451BEC .EB 06 jmp short BatchPPT.00451BF4
00451BEE >8B3D CC104000 mov edi,dword ptr ds:[<&MSVBVM60.__vbaGe>;MSVBVM60.__vbaGenerateBoundsError
00451BF4 >85C9 test ecx,ecx
00451BF6 .74 1E je short BatchPPT.00451C16
00451BF8 .66:8339 01 cmp word ptr ds:,0x1
00451BFC .75 18 jnz short BatchPPT.00451C16
00451BFE .8B5D 84 mov ebx,dword ptr ss:
00451C01 .8B51 14 mov edx,dword ptr ds: ;BatchPPT.004026F0
00451C04 .8B41 10 mov eax,dword ptr ds:
00451C07 .2BDA sub ebx,edx
00451C09 .3BD8 cmp ebx,eax
00451C0B .72 05 jb short BatchPPT.00451C12
00451C0D .FFD7 call edi ;MSVBVM60.__vbaStrMove
00451C0F .8B4D D8 mov ecx,dword ptr ss:
00451C12 >8BC3 mov eax,ebx ;MSVBVM60.__vbaObjSet
00451C14 .EB 05 jmp short BatchPPT.00451C1B
00451C16 >FFD7 call edi ;MSVBVM60.__vbaStrMove
00451C18 .8B4D D8 mov ecx,dword ptr ss:
00451C1B >8B51 0C mov edx,dword ptr ds: ;BatchPPT.00402A96
00451C1E .33DB xor ebx,ebx ;MSVBVM60.__vbaObjSet
00451C20 .8A1C02 mov bl,byte ptr ds: ;依次取数组每一位
00451C23 .8B55 D0 mov edx,dword ptr ss: ;edx为变量30
00451C26 .23DA and ebx,edx ;每一位与第A位and
00451C28 .85C9 test ecx,ecx
00451C2A .74 22 je short BatchPPT.00451C4E
00451C2C .66:8339 01 cmp word ptr ds:,0x1
00451C30 .75 1C jnz short BatchPPT.00451C4E
00451C32 .8B7D 84 mov edi,dword ptr ss:
00451C35 .8B51 14 mov edx,dword ptr ds: ;BatchPPT.004026F0
00451C38 .8B41 10 mov eax,dword ptr ds:
00451C3B .2BFA sub edi,edx
00451C3D .3BF8 cmp edi,eax
00451C3F .72 09 jb short BatchPPT.00451C4A
00451C41 .FF15 CC104000 call dword ptr ds:[<&MSVBVM60.__vbaGener>;MSVBVM60.__vbaGenerateBoundsError
00451C47 .8B4D D8 mov ecx,dword ptr ss:
00451C4A >8BC7 mov eax,edi ;MSVBVM60.__vbaStrMove
00451C4C .EB 05 jmp short BatchPPT.00451C53
00451C4E >FFD7 call edi ;MSVBVM60.__vbaStrMove
00451C50 .8B4D D8 mov ecx,dword ptr ss:
00451C53 >8B49 0C mov ecx,dword ptr ds: ;BatchPPT.00402A96
00451C56 .33D2 xor edx,edx
00451C58 .8A1401 mov dl,byte ptr ds: ;dl为每一位
00451C5B .8BFA mov edi,edx
00451C5D .0BFE or edi,esi ;每一位与第九位(初始)(有经过计算)or
00451C5F .81FB 80000000 cmp ebx,0x80
00451C65 .7E 0F jle short BatchPPT.00451C76
00451C67 .B8 00010000 mov eax,0x100
00451C6C .2BC3 sub eax,ebx ;MSVBVM60.__vbaObjSet
00451C6E .0F80 75010000 jo BatchPPT.00451DE9
00451C74 .8BD8 mov ebx,eax
00451C76 >81FF 80000000 cmp edi,0x80
00451C7C .7E 0F jle short BatchPPT.00451C8D
00451C7E .B9 00010000 mov ecx,0x100
00451C83 .2BCF sub ecx,edi ;MSVBVM60.__vbaStrMove
00451C85 .0F80 5E010000 jo BatchPPT.00451DE9
00451C8B .8BF9 mov edi,ecx
00451C8D >8B45 C4 mov eax,dword ptr ss:
00451C90 .85C0 test eax,eax
00451C92 .74 22 je short BatchPPT.00451CB6
00451C94 .66:8338 01 cmp word ptr ds:,0x1
00451C98 .75 1C jnz short BatchPPT.00451CB6
00451C9A .8B4D 84 mov ecx,dword ptr ss:
00451C9D .8B50 14 mov edx,dword ptr ds:
00451CA0 .2BCA sub ecx,edx
00451CA2 .8BF1 mov esi,ecx
00451CA4 .8B48 10 mov ecx,dword ptr ds:
00451CA7 .3BF1 cmp esi,ecx
00451CA9 .72 06 jb short BatchPPT.00451CB1
00451CAB .FF15 CC104000 call dword ptr ds:[<&MSVBVM60.__vbaGener>;MSVBVM60.__vbaGenerateBoundsError
00451CB1 >8975 80 mov dword ptr ss:,esi
00451CB4 .EB 09 jmp short BatchPPT.00451CBF
00451CB6 >FF15 CC104000 call dword ptr ds:[<&MSVBVM60.__vbaGener>;MSVBVM60.__vbaGenerateBoundsError
00451CBC .8945 80 mov dword ptr ss:,eax
00451CBF >68 00564100 push BatchPPT.00415600 ; /A
00451CC4 .FF15 3C104000 call dword ptr ds:[<&MSVBVM60.#rtcAnsiVa>; \rtcAnsiValueBstr
00451CCA .0FBFC8 movsx ecx,ax ;ax为A的ASCII码
00451CCD .8BC7 mov eax,edi ;eax=edi经过or过的值
00451CCF .BE 34000000 mov esi,0x34 ;esi=34
00451CD4 .0FAFC3 imul eax,ebx ;and过的值*or过的值
00451CD7 .0F80 0C010000 jo BatchPPT.00451DE9
00451CDD .99 cdq
00451CDE .F7FE idiv esi ;/34
00451CE0 .03CA add ecx,edx ;余数加上41
00451CE2 .0F80 01010000 jo BatchPPT.00451DE9
00451CE8 .FF15 28114000 call dword ptr ds:[<&MSVBVM60.__vbaUI1I4>;MSVBVM60.__vbaUI1I4
00451CEE .8B55 C4 mov edx,dword ptr ss:
00451CF1 .8BF7 mov esi,edi ;esi=edi经过or过的值
00451CF3 .03F3 add esi,ebx ;and过的值加上or过的值
00451CF5 .8B5D C8 mov ebx,dword ptr ss:
00451CF8 .8B4A 0C mov ecx,dword ptr ds: ;BatchPPT.00402A96
00451CFB .8B55 80 mov edx,dword ptr ss:
00451CFE .0F80 E5000000 jo BatchPPT.00451DE9
00451D04 .880411 mov byte ptr ds:,al ;保存起来
00451D07 .B8 01000000 mov eax,0x1
00451D0C .81E6 FF000000 and esi,0xFF ;esi只保留低16位
00451D12 .66:0345 E8 add ax,word ptr ss:
00451D16 .897D D0 mov dword ptr ss:,edi ;edi保存给变量30
00451D19 .8B7D DC mov edi,dword ptr ss:
00451D1C .0F80 C7000000 jo BatchPPT.00451DE9
00451D22 .8945 E8 mov dword ptr ss:,eax
00451D25 .^ E9 EFFDFFFF jmp BatchPPT.00451B19
00451D2A >8B45 C4 mov eax,dword ptr ss:
00451D2D .8D4D 9C lea ecx,dword ptr ss:
00451D30 .51 push ecx
00451D31 .8945 A4 mov dword ptr ss:,eax
00451D34 .C745 9C 11200>mov dword ptr ss:,0x2011
00451D3B .FF15 08124000 call dword ptr ds:[<&MSVBVM60.__vbaStrVa>;MSVBVM60.__vbaStrVarCopy
00451D41 .8B35 00124000 mov esi,dword ptr ds:[<&MSVBVM60.__vbaSt>;MSVBVM60.__vbaStrMove
00451D47 .8BD0 mov edx,eax
00451D49 .8D4D D4 lea ecx,dword ptr ss:
00451D4C .FFD6 call esi ;<&MSVBVM60.__vbaStrMove>
00451D4E .6A 00 push 0x0
00451D50 .8D45 9C lea eax,dword ptr ss:
00451D53 .6A 40 push 0x40
00451D55 .8D4D B0 lea ecx,dword ptr ss:
00451D58 .8D55 D4 lea edx,dword ptr ss:
00451D5B .50 push eax
00451D5C .51 push ecx
00451D5D .8955 A4 mov dword ptr ss:,edx
00451D60 .C745 9C 08400>mov dword ptr ss:,0x4008
00451D67 .FF15 5C114000 call dword ptr ds:[<&MSVBVM60.#rtcStrCon>;MSVBVM60.rtcStrConvVar2
00451D6D .8D55 B0 lea edx,dword ptr ss:
00451D70 .52 push edx
00451D71 .FF15 20104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVa>;MSVBVM60.__vbaStrVarMove
00451D77 .8BD0 mov edx,eax
00451D79 .8D4D C0 lea ecx,dword ptr ss:
00451D7C .FFD6 call esi
00451D7E .8D4D B0 lea ecx,dword ptr ss:
00451D81 .FF15 18104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>;MSVBVM60.__vbaFreeVar
00451D87 >68 D31D4500 push BatchPPT.00451DD3
00451D8C .EB 25 jmp short BatchPPT.00451DB3
00451D8E .F645 FC 04 test byte ptr ss:,0x4
00451D92 .74 09 je short BatchPPT.00451D9D
00451D94 .8D4D C0 lea ecx,dword ptr ss:
00451D97 .FF15 28124000 call dword ptr ds:[<&MSVBVM60.__vbaFreeS>;MSVBVM60.__vbaFreeStr
00451D9D >8D4D B0 lea ecx,dword ptr ss:
00451DA0 .FF15 18104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>;MSVBVM60.__vbaFreeVar
00451DA6 .8D45 AC lea eax,dword ptr ss:
00451DA9 .50 push eax
00451DAA .6A 00 push 0x0
00451DAC .FF15 6C104000 call dword ptr ds:[<&MSVBVM60.__vbaAryDe>;MSVBVM60.__vbaAryDestruct
00451DB2 .C3 retn
00451DB3 >8B35 6C104000 mov esi,dword ptr ds:[<&MSVBVM60.__vbaAr>;MSVBVM60.__vbaAryDestruct
00451DB9 .8D4D D8 lea ecx,dword ptr ss:
00451DBC .51 push ecx
00451DBD .6A 00 push 0x0
00451DBF .FFD6 call esi ;<&MSVBVM60.__vbaAryDestruct>
00451DC1 .8D4D D4 lea ecx,dword ptr ss:
00451DC4 .FF15 28124000 call dword ptr ds:[<&MSVBVM60.__vbaFreeS>;MSVBVM60.__vbaFreeStr
00451DCA .8D55 C4 lea edx,dword ptr ss:
00451DCD .52 push edx
00451DCE .6A 00 push 0x0
00451DD0 .FFD6 call esi
00451DD2 .C3 retn
00451DD3 .8B4D EC mov ecx,dword ptr ss:
00451DD6 .8B45 C0 mov eax,dword ptr ss:
00451DD9 .5F pop edi ;BatchPPT.00452868
00451DDA .5E pop esi ;BatchPPT.00452868
00451DDB .64:890D 00000>mov dword ptr fs:,ecx
00451DE2 .5B pop ebx ;BatchPPT.00452868
00451DE3 .8BE5 mov esp,ebp
00451DE5 .5D pop ebp ;BatchPPT.00452868
00451DE6 .C2 0400 retn 0x4
00451DE9 >FF15 80114000 call dword ptr ds:[<&MSVBVM60.__vbaError>;MSVBVM60.__vbaErrorOverflow
由上述代码可知:
我们可以确定a1,a2的具体位置,分别为0xB和0x16,他们加起来刚好是0x21,满足算法CALL1。
注册码的格式应该是0000000000-0000000000-0000000000,用-号分为三部分。
第一部分通过计算得出的值要与第二部分的值相等,第三部分中的倒数第二数要为数字,最后一位由倒数第二位决定。
大概的注释我已经标在代码上了,不过VB的程序很是烦人,所以我用VB的语言来还原了一下。
如图4:
注册机如图5:
附注册成功的界面6:
OK,VB系列到此就更新完毕了,下一个系列可能会是Delphi,但不确定,敬请期待,谢谢大家的支持,有分加分,有热心的加点热心哈{:301_987:}
传送门==============================================================================
Crack实战系列教程-《VB系列-第一课》
http://www.52pojie.cn/thread-200996-1-1.html
Crack实战系列教程-《VB系列-第二课》
http://www.52pojie.cn/thread-201358-1-1.html
Crack实战系列教程-《VB系列-第三课》
http://www.52pojie.cn/thread-201748-1-1.html
Crack实战系列教程-《VB系列-第四课》
http://www.52pojie.cn/thread-202544-1-1.html
Crack实战系列教程-《VB系列-第五课》
http://www.52pojie.cn/thread-202545-1-1.html
顶了再看!谢谢 膜拜大神 {:1_931:} 膜拜会搞VB的大大············· 膜拜小Y,睡觉了! 写注册机好像很烦的样子- - 一定仔细看看 辛苦了..{:301_975:} 这么快就完结了啊 老实说 这课真的好难啊。 本帖最后由 blmk 于 2013-7-4 21:01 编辑
我错了,我一定会好好学追码的
这是爆破的
他还会弹注册窗口点确定即可!
vb的代码真可怕
页:
[1]
2