Dim var_54 As Me
Dim var_40 As Me
Dim var_58 As Me
Dim var_5C As Me
Dim var_60 As Me
loc_00405625: var_10 = &H401288
loc_00405680: On Error Resume Next
loc_004056D9: var_40 = Me.Hwnd
loc_0040570E: var_80 = "NNSS"
loc_00405730: var_44 = var_40 & "Timer"
loc_0040575B: Var_Ret_1 = 1 & Format$(Now, var_80)
loc_00405765: CreateWaitableTimerA(esi, FFFFFFFFh, Var_Ret_1, 00000001h, var_44)
loc_0040576A: var_C4 = CreateWaitableTimerA(esi, FFFFFFFFh, Var_Ret_1, 00000001h, var_44)
loc_00405776: GetLastError
loc_004057C1: call Err(var_80, var_54, "佹餿??", 00000058h)
loc_004057CC: Set var_54 = Err(var_80, var_54, "佹餿??", 00000058h)
loc_004057DE: Me.Name = var_C4
If var_C4 >= 0 Then GoTo loc_004057F6
loc_00405802: setnz cl
If cx = 0 Then GoTo loc_0040583D
loc_00405818: eax = var_54 Or FFFFFFFFh
loc_0040581B: var_3C = var_54 Or FFFFFFFFh
loc_0040581E: var_38 = var_54 Or FFFFFFFFh
loc_00405830: SetWaitableTimer(esi, var_3C, 00000000h, 00000000h, 00000000h)
loc_00405835: var_C4 = SetWaitableTimer(esi, var_3C, 00000000h, 00000000h, 00000000h)
loc_0040583B: GetLastError
loc_0040583D:
loc_00405854: var_28 = (ecx * &H40C3880000000000&H)
If var_407000 <> 0 Then GoTo loc_00405875
loc_00405896: Var_Ret_2 = CLng((var_28 / 4294967296))
loc_00405898: edx = var_3C Or FFFFFFFFh
loc_004058A3: var_38 =FFFFFFFFh = var_3C Or FFFFFFFFh - Var_Ret_2 Or FFFFFFFFh
If var_407000 <> 0 Then GoTo loc_004058BA
If var_407000 <> 0 Then GoTo loc_004058EF
loc_00405910: call MSVBVM60.DLL.__vbaStrR8(0000000), (var_28 , var_4012C0, var_4012C4, var_4012C4, var_4012C4, 00000000h, var_C4, var_54)
loc_0040591B: var_40 = MSVBVM60.DLL.__vbaStrR8(0000000), (var_28 , var_4012C0, var_4012C4, var_4012C4, var_4012C4, 00000000h, var_C4, var_54)
loc_00405928: call MSVBVM60.DLL.__vbaFPFix
loc_0040593A: var_34 = (((var_28 / &H41F0000000000000&H) - var_40) * &HC1F0000000000000&H)
loc_00405953: fcomp real8 ptr ;
loc_0040597B: var_3C = Var_Ret_3
loc_0040598D: SetWaitableTimer(esi, var_3C, 00000000h)
loc_00405998: GetLastError
loc_0040599A:
loc_004059A6: MsgWaitForMultipleObjects(00000001h, SetWaitableTimer(esi, var_3C, 00000000h), 00000000h, FFFFFFFFh, 000000FFh)
loc_004059AB: var_C4 = MsgWaitForMultipleObjects(00000001h, var_C4, 00000000h, FFFFFFFFh, 000000FFh)
loc_004059B1: GetLastError
loc_004059B9: DoEvents
If var_C4 <> 0 Then GoTo loc_0040599A
loc_004059C6: CloseHandle(var_C4)
loc_004059CB: GetLastError
loc_004059CF: GoTo loc_00405B32
loc_004059DA: call Err(00000000h, 00000000h, 00000000h)
loc_004059E7: Set var_54 = Err(00000000h, 00000000h, 00000000h)
loc_004059F5: Me.%x3 = PropBag.ReadProperty(var_C4, %x2)
loc_00405A14: Set var_58 = Err(var_54, var_54, 004036C0h, 0000001Ch)
loc_00405A1F: call Me.SetPropA(var_40)
loc_00405A3E: Set var_5C = Err(Me.SetPropA(var_40), var_58, 004036C0h, 00000024h)
loc_00405A49: call Me.GetPropHsz(var_44)
loc_00405A68: Set var_60 = Err(Me.GetPropHsz(var_44), var_5C, 004036C0h, 0000002Ch)
loc_00405A71: var_98 = 80020004h
loc_00405A82: var_88 = 80020004h
loc_00405A88: var_90 = 10
loc_00405A9D: var_78 = "" & var_44
loc_00405AA5: var_80 = 8
loc_00405AB2: var_68 = 0
loc_00405AB5: var_70 = 8
loc_00405AD8: Me = var_C4
loc_00405B32: call Exit Sub(10, var_C4, var_60, 004036C0h, 00000044h, var_C4, var_60, 004036C0h, 00000044h)
loc_00405B3E: GoTo loc_00405B96
loc_00405B95: Exit Sub
loc_00405B96: Exit Sub
loc_00405BB3: Exit Sub
loc_00405BB6: GoTo loc_MSVBVM60.DLL.__vbaFPException
End Sub
252164381 发表于 2013-8-4 23:59 static/image/common/back.gif
看到楼上,我也吓尿了。求解释!!!这是点[确定]后Wait的方法???
这是用一个反编译软件翻出来的东西,可能不准确,但能辅助分析。
252164381 发表于 2013-8-5 16:23 static/image/common/back.gif
そが。我去找找~
这个程序加了多线程,可能比较麻烦,加油啊,同志们~
小生工具箱中就有啊
本帖最后由 tigel1986 于 2013-8-12 13:03 编辑
004044A7 /74 07 JE SHORT Cracker_.004044B0
改9090
爆破完成.
len(id)>5
len(注册码)>3
点击注册完成触发。
---------------------------------------------------------------
00402858 .816C24 04 63000000SUB DWORD PTR SS:,0x63
00402860 .E9 AB130000 JMP Cracker_.00403C10 ;<--确定 按钮触发
00402865 .816C24 04 5B000000SUB DWORD PTR SS:,0x5B
0040286D .E9 2E180000 JMP Cracker_.004040A0
00402872 .816C24 04 4F000000SUB DWORD PTR SS:,0x4F
0040287A .E9 011A0000 JMP Cracker_.00404280
0040287F .816C24 04 4B000000SUB DWORD PTR SS:,0x4B
00402887 .E9 341B0000 JMP Cracker_.004043C0 ;<--当注册码>3时触发此jmp 2
0040288C .816C24 04 57000000SUB DWORD PTR SS:,0x57
00402894 .E9 071D0000 JMP Cracker_.004045A0
00402899 .816C24 04 53000000SUB DWORD PTR SS:,0x53
004028A1 .E9 DA200000 JMP Cracker_.00404980 ;<--当注册码长度>3时触发此jmp 1
004028A6 .816C24 04 FFFF0000SUB DWORD PTR SS:,0xFFFF
004028AE .E9 7D230000 JMP Cracker_.00404C30 ;<--验证中
004028B3 .816C24 04 6F000000SUB DWORD PTR SS:,0x6F
004028BB .E9 70240000 JMP Cracker_.00404D30 ;<--ID 编辑框被改变
004028C0 .816C24 04 67000000SUB DWORD PTR SS:,0x67
004028C8 .E9 13250000 JMP Cracker_.00404DE0 ;<--注册码 编辑框被改变
捕获所有事件。
简单分析然后跟00402887 .E9 341B0000 JMP Cracker_.004043C0 ;<--当注册码>3时触发此jmp 2
一路走下去。
004044A4 .F6C4 40 TEST AH,0x40
004044A7 74 07 JE SHORT Cracker_.004044B0 ;可疑
004044A9 .B8 01000000 MOV EAX,0x1 ;eax返回1
004044AE .EB 02 JMP SHORT Cracker_.004044B2
004044B0 >33C0 XOR EAX,EAX ;eax返回0
004044B2 >F7D8 NEG EAX ;eax设为-1
004044B4 .8BF8 MOV EDI,EAX
004044A7 74 07 JE SHORT Cracker_.004044B0 可疑
进行nop.发现弹出"正确"提示。
~~~~~~~~~~~~~
最近砍了几个,待我今晚放出啦
页:
[1]
2