无任何提示的软件~算法分析
本帖最后由 xuhw 于 2018-6-13 04:00 编辑解压后请执行auto.exe,软件是繁体的,
打开软件需要用apploc,以繁体模式运行,
才能打开待网路连线下载资料完成,再点选66,此时载入od方可运行
这软件爆破非常简单,主要是讨论算法的思路值得大家讨论研究。
软件1个月试用
可以直接更动系统日期,使软件过期,挑战17位注册码高难度算法。
软体1个月试用期破解序号及方法
9位注册码算法
123456789
(10进制第2+3+4+5+7+8+9位+31(1F)=1,6的和
3,9位=程式代码(如66)
------------------------------------------------
试用期过后序号是17位
17位注册码算法总结
第1+2+3+5+6+7+8+9+10+11+12+13+14+16+17位+25---T3
取1个月试用期间的真序号---设T4
取假码第12.10.16.2.6.7.9.14.3位合并----设为T2
1.T3/64(100->10进制)余数与第4,15位相等
2.假码3,16位数相反与程式代号66(Luck66)相等
3-4的验证分析就要麻烦先进了
5.T4与T2字串比较
軟件大小 15MB
https://pan.baidu.com/s/1YGBkrjBHqW9KjV4ZX3qq5g 密码: wu6u
[mw_shl_code=asm,true]
代码简略
00513AA3 .53 push ebx ; F2
00513AA4 .56 push esi
00513AA5 .57 push edi
00513AA6 .8965 E8 mov dword ptr ss:,esp
00513AA9 .C745 EC 405A4>mov dword ptr ss:,00405A40
00513AB0 .8B45 08 mov eax,dword ptr ss:
00513AB3 .83E0 01 and eax,1
00513AB6 .8945 F0 mov dword ptr ss:,eax
00513AB9 .8B4D 08 mov ecx,dword ptr ss:
00513ABC .83E1 FE and ecx,FFFFFFFE
00513ABF .894D 08 mov dword ptr ss:,ecx
00513AC2 .C745 F4 00000>mov dword ptr ss:,0
00513AC9 .8B55 08 mov edx,dword ptr ss:
00513ACC .8B02 mov eax,dword ptr ds:
00513ACE .8B4D 08 mov ecx,dword ptr ss:
00513AD1 .51 push ecx
//
//
略
//
算法代码
0051558A .52 push edx
0051558B .6A 1A push 1A
0051558D .FF15 38104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>] ;MSVBVM60.__vbaFreeVarList
00515593 .83C4 6C add esp,6C
00515596 .C745 FC 20000>mov dword ptr ss:,20
0051559D .B8 01000000 mov eax,1
005155A2 .83E8 01 sub eax,1
005155A5 .8985 34FCFFFF mov dword ptr ss:,eax
005155AB .83BD 34FCFFFF>cmp dword ptr ss:,64
005155B2 .73 0C jnb short 005155C0
005155B4 .C785 B4FAFFFF>mov dword ptr ss:,0
005155BE .EB 0C jmp short 005155CC
005155C0 >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
005155C6 .8985 B4FAFFFF mov dword ptr ss:,eax
005155CC >B9 02000000 mov ecx,2
005155D1 .83E9 01 sub ecx,1
005155D4 .898D 30FCFFFF mov dword ptr ss:,ecx
005155DA .83BD 30FCFFFF>cmp dword ptr ss:,64
005155E1 .73 0C jnb short 005155EF
005155E3 .C785 B0FAFFFF>mov dword ptr ss:,0
005155ED .EB 0C jmp short 005155FB
005155EF >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
005155F5 .8985 B0FAFFFF mov dword ptr ss:,eax
005155FB >BA 03000000 mov edx,3
00515600 .83EA 01 sub edx,1
00515603 .8995 2CFCFFFF mov dword ptr ss:,edx
00515609 .83BD 2CFCFFFF>cmp dword ptr ss:,64
00515610 .73 0C jnb short 0051561E
00515612 .C785 ACFAFFFF>mov dword ptr ss:,0
0051561C .EB 0C jmp short 0051562A
0051561E >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
00515624 .8985 ACFAFFFF mov dword ptr ss:,eax
0051562A >B8 05000000 mov eax,5
0051562F .83E8 01 sub eax,1
00515632 .8985 28FCFFFF mov dword ptr ss:,eax
00515638 .83BD 28FCFFFF>cmp dword ptr ss:,64
0051563F .73 0C jnb short 0051564D
00515641 .C785 A8FAFFFF>mov dword ptr ss:,0
0051564B .EB 0C jmp short 00515659
0051564D >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
00515653 .8985 A8FAFFFF mov dword ptr ss:,eax
00515659 >B9 06000000 mov ecx,6
0051565E .83E9 01 sub ecx,1
00515661 .898D 24FCFFFF mov dword ptr ss:,ecx
00515667 .83BD 24FCFFFF>cmp dword ptr ss:,64
0051566E .73 0C jnb short 0051567C
00515670 .C785 A4FAFFFF>mov dword ptr ss:,0
0051567A .EB 0C jmp short 00515688
0051567C >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
00515682 .8985 A4FAFFFF mov dword ptr ss:,eax
00515688 >BA 07000000 mov edx,7
0051568D .83EA 01 sub edx,1
00515690 .8995 20FCFFFF mov dword ptr ss:,edx
00515696 .83BD 20FCFFFF>cmp dword ptr ss:,64
0051569D .73 0C jnb short 005156AB
0051569F .C785 A0FAFFFF>mov dword ptr ss:,0
005156A9 .EB 0C jmp short 005156B7
005156AB >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
005156B1 .8985 A0FAFFFF mov dword ptr ss:,eax
005156B7 >B8 08000000 mov eax,8
005156BC .83E8 01 sub eax,1
005156BF .8985 1CFCFFFF mov dword ptr ss:,eax
005156C5 .83BD 1CFCFFFF>cmp dword ptr ss:,64
005156CC .73 0C jnb short 005156DA
005156CE .C785 9CFAFFFF>mov dword ptr ss:,0
005156D8 .EB 0C jmp short 005156E6
005156DA >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
005156E0 .8985 9CFAFFFF mov dword ptr ss:,eax
005156E6 >B9 09000000 mov ecx,9
005156EB .83E9 01 sub ecx,1
005156EE .898D 18FCFFFF mov dword ptr ss:,ecx
005156F4 .83BD 18FCFFFF>cmp dword ptr ss:,64
005156FB .73 0C jnb short 00515709
005156FD .C785 98FAFFFF>mov dword ptr ss:,0
00515707 .EB 0C jmp short 00515715
00515709 >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
0051570F .8985 98FAFFFF mov dword ptr ss:,eax
00515715 >BA 0A000000 mov edx,0A
0051571A .83EA 01 sub edx,1
0051571D .8995 14FCFFFF mov dword ptr ss:,edx
00515723 .83BD 14FCFFFF>cmp dword ptr ss:,64
0051572A .73 0C jnb short 00515738
0051572C .C785 94FAFFFF>mov dword ptr ss:,0
00515736 .EB 0C jmp short 00515744
00515738 >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
0051573E .8985 94FAFFFF mov dword ptr ss:,eax
00515744 >B8 0B000000 mov eax,0B
00515749 .83E8 01 sub eax,1
0051574C .8985 10FCFFFF mov dword ptr ss:,eax
00515752 .83BD 10FCFFFF>cmp dword ptr ss:,64
00515759 .73 0C jnb short 00515767
0051575B .C785 90FAFFFF>mov dword ptr ss:,0
00515765 .EB 0C jmp short 00515773
00515767 >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
0051576D .8985 90FAFFFF mov dword ptr ss:,eax
00515773 >B9 0C000000 mov ecx,0C
00515778 .83E9 01 sub ecx,1
0051577B .898D 0CFCFFFF mov dword ptr ss:,ecx
00515781 .83BD 0CFCFFFF>cmp dword ptr ss:,64
00515788 .73 0C jnb short 00515796
0051578A .C785 8CFAFFFF>mov dword ptr ss:,0
00515794 .EB 0C jmp short 005157A2
00515796 >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
0051579C .8985 8CFAFFFF mov dword ptr ss:,eax
005157A2 >BA 0D000000 mov edx,0D
005157A7 .83EA 01 sub edx,1
005157AA .8995 08FCFFFF mov dword ptr ss:,edx
005157B0 .83BD 08FCFFFF>cmp dword ptr ss:,64
005157B7 .73 0C jnb short 005157C5
005157B9 .C785 88FAFFFF>mov dword ptr ss:,0
005157C3 .EB 0C jmp short 005157D1
005157C5 >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
005157CB .8985 88FAFFFF mov dword ptr ss:,eax
005157D1 >B8 0E000000 mov eax,0E
005157D6 .83E8 01 sub eax,1
005157D9 .8985 04FCFFFF mov dword ptr ss:,eax
005157DF .83BD 04FCFFFF>cmp dword ptr ss:,64
005157E6 .73 0C jnb short 005157F4
005157E8 .C785 84FAFFFF>mov dword ptr ss:,0
005157F2 .EB 0C jmp short 00515800
005157F4 >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
005157FA .8985 84FAFFFF mov dword ptr ss:,eax
00515800 >B9 10000000 mov ecx,10
00515805 .83E9 01 sub ecx,1
00515808 .898D 00FCFFFF mov dword ptr ss:,ecx
0051580E .83BD 00FCFFFF>cmp dword ptr ss:,64
00515815 .73 0C jnb short 00515823
00515817 .C785 80FAFFFF>mov dword ptr ss:,0
00515821 .EB 0C jmp short 0051582F
00515823 >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
00515829 .8985 80FAFFFF mov dword ptr ss:,eax
0051582F >BA 11000000 mov edx,11
00515834 .83EA 01 sub edx,1
00515837 .8995 FCFBFFFF mov dword ptr ss:,edx
0051583D .83BD FCFBFFFF>cmp dword ptr ss:,64
00515844 .73 0C jnb short 00515852
00515846 .C785 7CFAFFFF>mov dword ptr ss:,0
00515850 .EB 0C jmp short 0051585E
00515852 >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
00515858 .8985 7CFAFFFF mov dword ptr ss:,eax <---------------------->算法
0051585E >8B85 34FCFFFF mov eax,dword ptr ss:
00515864 .8B8D 30FCFFFF mov ecx,dword ptr ss:
0051586A .8A90 64E15300 mov dl,byte ptr ds:
00515870 .0291 64E15300 add dl,byte ptr ds:
00515876 .0F82 22130000 jb 00516B9E
0051587C .8B85 2CFCFFFF mov eax,dword ptr ss:
00515882 .0290 64E15300 add dl,byte ptr ds:
00515888 .0F82 10130000 jb 00516B9E
0051588E .8B8D 28FCFFFF mov ecx,dword ptr ss:
00515894 .0291 64E15300 add dl,byte ptr ds:
0051589A .0F82 FE120000 jb 00516B9E
005158A0 .8B85 24FCFFFF mov eax,dword ptr ss:
005158A6 .0290 64E15300 add dl,byte ptr ds:
005158AC .0F82 EC120000 jb 00516B9E
005158B2 .8B8D 20FCFFFF mov ecx,dword ptr ss:
005158B8 .0291 64E15300 add dl,byte ptr ds:
005158BE .0F82 DA120000 jb 00516B9E
005158C4 .8B85 1CFCFFFF mov eax,dword ptr ss:
005158CA .0290 64E15300 add dl,byte ptr ds:
005158D0 .0F82 C8120000 jb 00516B9E
005158D6 .8B8D 18FCFFFF mov ecx,dword ptr ss:
005158DC .0291 64E15300 add dl,byte ptr ds:
005158E2 .0F82 B6120000 jb 00516B9E
005158E8 .8B85 14FCFFFF mov eax,dword ptr ss:
005158EE .0290 64E15300 add dl,byte ptr ds:
005158F4 .0F82 A4120000 jb 00516B9E
005158FA .8B8D 10FCFFFF mov ecx,dword ptr ss:
00515900 .0291 64E15300 add dl,byte ptr ds:
00515906 .0F82 92120000 jb 00516B9E
0051590C .8B85 0CFCFFFF mov eax,dword ptr ss:
00515912 .0290 64E15300 add dl,byte ptr ds:
00515918 .0F82 80120000 jb 00516B9E
0051591E .8B8D 08FCFFFF mov ecx,dword ptr ss:
00515924 .0291 64E15300 add dl,byte ptr ds:
0051592A .0F82 6E120000 jb 00516B9E
00515930 .8B85 04FCFFFF mov eax,dword ptr ss:
00515936 .0290 64E15300 add dl,byte ptr ds:
0051593C .0F82 5C120000 jb 00516B9E
00515942 .8B8D 00FCFFFF mov ecx,dword ptr ss:
00515948 .0291 64E15300 add dl,byte ptr ds:
0051594E .0F82 4A120000 jb 00516B9E
00515954 .8B85 FCFBFFFF mov eax,dword ptr ss:
0051595A .0290 64E15300 add dl,byte ptr ds:
00515960 .0F82 38120000 jb 00516B9E
00515966 .66:33C0 xor ax,ax
00515969 .8AC2 mov al,dl
0051596B .8B4D 08 mov ecx,dword ptr ss:
0051596E .66:0341 34 add ax,word ptr ds:
00515972 .0F80 26120000 jo 00516B9E
00515978 .66:99 cwd
0051597A .66:B9 6400 mov cx,64 ->第1+2+3+5+6+7+8+9+10+11+12+13+14+16+17位+41/100---T3
0051597E .66:F7F9 idiv cx
00515981 .66:8995 58FDF>mov word ptr ss:,dx
00515988 .C785 50FDFFFF>mov dword ptr ss:,8002
00515992 .8D95 78FFFFFF lea edx,dword ptr ss:
00515998 .52 push edx ; /Arg2
00515999 .8D85 50FDFFFF lea eax,dword ptr ss: ; |
0051599F .50 push eax ; |Arg1
005159A0 .FF15 18114000 call dword ptr ds:[<&MSVBVM60.__vbaVarTstEq>] ; \比较4,15位余数 --------------1
005159A6 .0FBFC8 movsx ecx,ax
005159A9 .85C9 test ecx,ecx
005159AB .0F84 FF0F0000 je 005169B0 -------------------------------------跳走就完
005159B1 .C745 FC 21000>mov dword ptr ss:,21
005159B8 .8D95 58FFFFFF lea edx,dword ptr ss:
005159BE .52 push edx ; /Arg2
005159BF .8D45 A0 lea eax,dword ptr ss: ; |
005159C2 .50 push eax ; |Arg1
005159C3 .FF15 18114000 call dword ptr ds:[<&MSVBVM60.__vbaVarTstEq>] ; \比较程式代码与第3,16位相等---2
005159C9 .0FBFC8 movsx ecx,ax
005159CC .85C9 test ecx,ecx
005159CE .0F84 DC0F0000 je 005169B0------------------------------------跳走就完
005159D4 .C745 FC 22000>mov dword ptr ss:,22
005159DB .8D55 88 lea edx,dword ptr ss:
005159DE .52 push edx ; /Arg3
005159DF .8D85 44FFFFFF lea eax,dword ptr ss: ; |
005159E5 .50 push eax ; |Arg2
005159E6 .8D8D F0FEFFFF lea ecx,dword ptr ss: ; |
005159EC .51 push ecx ; |Arg1
005159ED .FF15 84104000 call dword ptr ds:[<&MSVBVM60.__vbaVarCmpGe>] ; \__vbaVarCmpGe---不知验证什么----3
005159F3 .50 push eax ; /Arg3
005159F4 .8D55 88 lea edx,dword ptr ss: ; |
005159F7 .52 push edx ; |/Arg3
005159F8 .8D85 10FFFFFF lea eax,dword ptr ss: ; ||
005159FE .50 push eax ; ||Arg2
005159FF .8D8D E0FEFFFF lea ecx,dword ptr ss: ; ||
00515A05 .51 push ecx ; ||Arg1
00515A06 .FF15 9C114000 call dword ptr ds:[<&MSVBVM60.__vbaVarCmpLe>] ; |\__vbaVarCmpLe ---不知验证什么----4
00515A0C .50 push eax ; |Arg2
00515A0D .8D95 D0FEFFFF lea edx,dword ptr ss: ; |
00515A13 .52 push edx ; |Arg1
00515A14 .FF15 64114000 call dword ptr ds:[<&MSVBVM60.__vbaVarAnd>] ; \__vbaVarAnd
00515A1A .50 push eax ; /Arg1
00515A1B .FF15 DC104000 call dword ptr ds:[<&MSVBVM60.__vbaBoolVarNull>] ; \__vbaBoolVarNull
00515A21 .0FBFC0 movsx eax,ax
00515A24 .85C0 test eax,eax
00515A26 .0F84 840F0000 je 005169B0------------------------------------跳走就完
00515A2C .C745 FC 23000>mov dword ptr ss:,23
00515A33 .C785 F8FEFFFF>mov dword ptr ss:,80020004
00515A3D .C785 F0FEFFFF>mov dword ptr ss:,0A
00515A47 .8D8D F0FEFFFF lea ecx,dword ptr ss:
00515A4D .51 push ecx ; /Arg1
00515A4E .FF15 D0114000 call dword ptr ds:[<&MSVBVM60.#648>] ; \rtcFreeFile
00515A54 .66:8985 48FDF>mov word ptr ss:,ax
00515A5B .C785 40FDFFFF>mov dword ptr ss:,2
00515A65 .8D95 40FDFFFF lea edx,dword ptr ss:
00515A6B .8D8D 68FFFFFF lea ecx,dword ptr ss:
00515A71 .FF15 14104000 call dword ptr ds:[<&MSVBVM60.__vbaVarMove>] ;MSVBVM60.__vbaVarMove
00515A77 .8D8D F0FEFFFF lea ecx,dword ptr ss:
00515A7D .FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
00515A83 .C745 FC 24000>mov dword ptr ss:,24
00515A8A .8B15 58E05300 mov edx,dword ptr ds:
00515A90 .52 push edx ; /Arg2 => 0019FAFC
00515A91 .68 F0FC4000 push 0040FCF0 ; |Arg1 = 0040FCF0
00515A96 .FF15 5C104000 call dword ptr ds:[<&MSVBVM60.__vbaStrCat>] ; \__vbaStrCat
00515A9C .8BD0 mov edx,eax
00515A9E .8D8D 0CFFFFFF lea ecx,dword ptr ss:
00515AA4 .FF15 58124000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
00515AAA .50 push eax ; /Arg2
00515AAB .A1 34E25300 mov eax,dword ptr ds: ; |
00515AB0 .50 push eax ; |Arg1 => 0019FAC4
00515AB1 .FF15 5C104000 call dword ptr ds:[<&MSVBVM60.__vbaStrCat>] ; \__vbaStrCat
00515AB7 .8BD0 mov edx,eax
00515AB9 .8D8D 08FFFFFF lea ecx,dword ptr ss:
00515ABF .FF15 58124000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
00515AC5 .50 push eax ; /Arg2
00515AC6 .68 0CFD4000 push 0040FD0C ; |Arg1 = 0040FD0C
00515ACB .FF15 5C104000 call dword ptr ds:[<&MSVBVM60.__vbaStrCat>] ; \__vbaStrCat
00515AD1 .8BD0 mov edx,eax
00515AD3 .8D8D 04FFFFFF lea ecx,dword ptr ss:
00515AD9 .FF15 58124000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
00515ADF .50 push eax
00515AE0 .8D8D 68FFFFFF lea ecx,dword ptr ss:
00515AE6 .51 push ecx
00515AE7 .FF15 B8114000 call dword ptr ds:[<&MSVBVM60.__vbaI2Var>] ;MSVBVM60.__vbaI2Var
00515AED .50 push eax ; |Arg3
00515AEE .6A FF push -1 ; |Arg2 = FFFFFFFF
00515AF0 .6A 20 push 20 ; |Arg1 = 00000020
00515AF2 .FF15 C8114000 call dword ptr ds:[<&MSVBVM60.__vbaFileOpen>] ; \__vbaFileOpen
00515AF8 .8D95 04FFFFFF lea edx,dword ptr ss:
00515AFE .52 push edx
00515AFF .8D85 08FFFFFF lea eax,dword ptr ss:
00515B05 .50 push eax
00515B06 .8D8D 0CFFFFFF lea ecx,dword ptr ss:
00515B0C .51 push ecx
00515B0D .6A 03 push 3
00515B0F .FF15 F4114000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStrList>] ;MSVBVM60.__vbaFreeStrList
00515B15 .83C4 10 add esp,10
00515B18 .C745 FC 25000>mov dword ptr ss:,25
00515B1F .C785 58FDFFFF>mov dword ptr ss:,64
00515B29 .C785 50FDFFFF>mov dword ptr ss:,2
00515B33 .C785 48FDFFFF>mov dword ptr ss:,64
00515B3D .C785 40FDFFFF>mov dword ptr ss:,2
00515B47 .8D95 68FFFFFF lea edx,dword ptr ss:
00515B4D .52 push edx
00515B4E .FF15 B8114000 call dword ptr ds:[<&MSVBVM60.__vbaI2Var>] ;MSVBVM60.__vbaI2Var
00515B54 .50 push eax
00515B55 .8D45 A0 lea eax,dword ptr ss:
00515B58 .50 push eax ; /Arg3
00515B59 .8D8D 50FDFFFF lea ecx,dword ptr ss: ; |
00515B5F .51 push ecx ; |Arg2
00515B60 .8D95 F0FEFFFF lea edx,dword ptr ss: ; |
00515B66 .52 push edx ; |Arg1
00515B67 .FF15 70114000 call dword ptr ds:[<&MSVBVM60.__vbaVarMul>] ; \__vbaVarMul
00515B6D .50 push eax ; /Arg3
00515B6E .8D85 40FDFFFF lea eax,dword ptr ss: ; |
00515B74 .50 push eax ; |Arg2
00515B75 .8D8D E0FEFFFF lea ecx,dword ptr ss: ; |
00515B7B .51 push ecx ; |Arg1
00515B7C .FF15 2C124000 call dword ptr ds:[<&MSVBVM60.__vbaVarAdd>] ; \__vbaVarAdd
00515B82 .50 push eax
00515B83 .FF15 24124000 call dword ptr ds:[<&MSVBVM60.__vbaI4Var>] ;MSVBVM60.__vbaI4Var
00515B89 .50 push eax ; |Arg3
00515B8A .68 C8E15300 push 0053E1C8 ; |Arg2 = 0053E1C8
00515B8F .6A 64 push 64 ; |Arg1 = 00000064
00515B91 .FF15 14114000 call dword ptr ds:[<&MSVBVM60.__vbaGet4>] ; \__vbaGet4
00515B97 .8D8D E0FEFFFF lea ecx,dword ptr ss:
00515B9D .FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
00515BA3 .C745 FC 26000>mov dword ptr ss:,26
00515BAA .BA 3CE44000 mov edx,0040E43C
00515BAF .8D4D 98 lea ecx,dword ptr ss:
00515BB2 .FF15 F0114000 call dword ptr ds:[<&MSVBVM60.__vbaStrCopy>] ;MSVBVM60.__vbaStrCopy
00515BB8 .C745 FC 27000>mov dword ptr ss:,27
00515BBF .C785 58FDFFFF>mov dword ptr ss:,1
00515BC9 .C785 50FDFFFF>mov dword ptr ss:,2
00515BD3 .C785 48FDFFFF>mov dword ptr ss:,27
00515BDD .C785 40FDFFFF>mov dword ptr ss:,2
00515BE7 .C785 38FDFFFF>mov dword ptr ss:,1F
00515BF1 .C785 30FDFFFF>mov dword ptr ss:,2
00515BFB .8D95 50FDFFFF lea edx,dword ptr ss:
00515C01 .52 push edx
00515C02 .8D85 40FDFFFF lea eax,dword ptr ss:
00515C08 .50 push eax
00515C09 .8D8D 30FDFFFF lea ecx,dword ptr ss:
00515C0F .51 push ecx
00515C10 .8D95 BCFBFFFF lea edx,dword ptr ss:
00515C16 .52 push edx
00515C17 .8D85 CCFBFFFF lea eax,dword ptr ss:
00515C1D .50 push eax
00515C1E .8D4D B0 lea ecx,dword ptr ss:
00515C21 .51 push ecx
00515C22 .FF15 90104000 call dword ptr ds:[<&MSVBVM60.__vbaVarForInit>];MSVBVM60.__vbaVarForInit
00515C28 .8985 38FBFFFF mov dword ptr ss:,eax
00515C2E .E9 A8010000 jmp 00515DDB
00515C33 >C745 FC 28000>mov dword ptr ss:,28
00515C3A .8B55 98 mov edx,dword ptr ss:
00515C3D .8995 38FDFFFF mov dword ptr ss:,edx
00515C43 .C785 30FDFFFF>mov dword ptr ss:,8
00515C4D .C785 48FDFFFF>mov dword ptr ss:,0040E348 ;UNICODE "0"
00515C57 .C785 40FDFFFF>mov dword ptr ss:,8
00515C61 .8D95 40FDFFFF lea edx,dword ptr ss:
00515C67 .8D8D F0FEFFFF lea ecx,dword ptr ss:
00515C6D .FF15 34124000 call dword ptr ds:[<&MSVBVM60.__vbaVarDup>] ;MSVBVM60.__vbaVarDup
00515C73 .8D45 B0 lea eax,dword ptr ss:
00515C76 .50 push eax
00515C77 .FF15 24124000 call dword ptr ds:[<&MSVBVM60.__vbaI4Var>] ;MSVBVM60.__vbaI4Var
00515C7D .83E8 01 sub eax,1
00515C80 .8985 34FCFFFF mov dword ptr ss:,eax
00515C86 .83BD 34FCFFFF>cmp dword ptr ss:,64
00515C8D .73 0C jnb short 00515C9B
00515C8F .C785 78FAFFFF>mov dword ptr ss:,0
00515C99 .EB 0C jmp short 00515CA7
00515C9B >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
00515CA1 .8985 78FAFFFF mov dword ptr ss:,eax
00515CA7 >8B8D 34FCFFFF mov ecx,dword ptr ss:
00515CAD .81C1 C8E15300 add ecx,0053E1C8
00515CB3 .898D 58FDFFFF mov dword ptr ss:,ecx
00515CB9 .C785 50FDFFFF>mov dword ptr ss:,4011
00515CC3 .6A 01 push 1 ; /Arg5 = 00000001
00515CC5 .6A 01 push 1 ; |Arg4 = 00000001
00515CC7 .8D95 F0FEFFFF lea edx,dword ptr ss: ; |
00515CCD .52 push edx ; |Arg3
00515CCE .8D85 50FDFFFF lea eax,dword ptr ss: ; |
00515CD4 .50 push eax ; |Arg2
00515CD5 .8D8D E0FEFFFF lea ecx,dword ptr ss: ; |
00515CDB .51 push ecx ; |Arg1
00515CDC .FF15 64104000 call dword ptr ds:[<&MSVBVM60.#660>] ; \rtcVarFromFormatVar
00515CE2 .8D95 30FDFFFF lea edx,dword ptr ss:
00515CE8 .52 push edx ; /Arg3
00515CE9 .8D85 E0FEFFFF lea eax,dword ptr ss: ; |
00515CEF .50 push eax ; |Arg2
00515CF0 .8D8D D0FEFFFF lea ecx,dword ptr ss: ; |
00515CF6 .51 push ecx ; |Arg1
00515CF7 .FF15 2C124000 call dword ptr ds:[<&MSVBVM60.__vbaVarAdd>] ; \__vbaVarAdd
00515CFD .50 push eax ; /Arg1
00515CFE .FF15 28104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVarMove>]; \__vbaStrVarMove
00515D04 .8BD0 mov edx,eax
00515D06 .8D4D 98 lea ecx,dword ptr ss:
00515D09 .FF15 58124000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
00515D0F .8D95 D0FEFFFF lea edx,dword ptr ss:
00515D15 .52 push edx
00515D16 .8D85 E0FEFFFF lea eax,dword ptr ss:
00515D1C .50 push eax
00515D1D .8D8D F0FEFFFF lea ecx,dword ptr ss:
00515D23 .51 push ecx
00515D24 .6A 03 push 3
00515D26 .FF15 38104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>] ;MSVBVM60.__vbaFreeVarList
00515D2C .83C4 10 add esp,10
00515D2F .C745 FC 29000>mov dword ptr ss:,29
00515D36 .8D55 B0 lea edx,dword ptr ss:
00515D39 .52 push edx
00515D3A .FF15 24124000 call dword ptr ds:[<&MSVBVM60.__vbaI4Var>] ;MSVBVM60.__vbaI4Var
00515D40 .83E8 01 sub eax,1
00515D43 .8985 30FCFFFF mov dword ptr ss:,eax
00515D49 .83BD 30FCFFFF>cmp dword ptr ss:,64
00515D50 .73 0C jnb short 00515D5E
00515D52 .C785 74FAFFFF>mov dword ptr ss:,0
00515D5C .EB 0C jmp short 00515D6A
00515D5E >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
00515D64 .8985 74FAFFFF mov dword ptr ss:,eax
00515D6A >8D45 B0 lea eax,dword ptr ss:
00515D6D .50 push eax
00515D6E .FF15 24124000 call dword ptr ds:[<&MSVBVM60.__vbaI4Var>] ;MSVBVM60.__vbaI4Var
00515D74 .83E8 01 sub eax,1
00515D77 .8985 34FCFFFF mov dword ptr ss:,eax
00515D7D .83BD 34FCFFFF>cmp dword ptr ss:,64
00515D84 .73 0C jnb short 00515D92
00515D86 .C785 70FAFFFF>mov dword ptr ss:,0
00515D90 .EB 0C jmp short 00515D9E
00515D92 >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
00515D98 .8985 70FAFFFF mov dword ptr ss:,eax
00515D9E >8B8D 34FCFFFF mov ecx,dword ptr ss:
00515DA4 .8B95 30FCFFFF mov edx,dword ptr ss:
00515DAA .8A82 C8E15300 mov al,byte ptr ds:
00515DB0 .8881 64E15300 mov byte ptr ds:,al
00515DB6 .C745 FC 2A000>mov dword ptr ss:,2A
00515DBD .8D8D BCFBFFFF lea ecx,dword ptr ss:
00515DC3 .51 push ecx ; /Arg3
00515DC4 .8D95 CCFBFFFF lea edx,dword ptr ss: ; |
00515DCA .52 push edx ; |Arg2
00515DCB .8D45 B0 lea eax,dword ptr ss: ; |
00515DCE .50 push eax ; |Arg1
00515DCF .FF15 88124000 call dword ptr ds:[<&MSVBVM60.__vbaVarForNext>]; \__vbaVarForNext
00515DD5 .8985 38FBFFFF mov dword ptr ss:,eax
00515DDB >83BD 38FBFFFF>cmp dword ptr ss:,0
00515DE2 .^ 0F85 4BFEFFFF jnz 00515C33
00515DE8 .C745 FC 2B000>mov dword ptr ss:,2B
00515DEF .8B8D 40FFFFFF mov ecx,dword ptr ss:
00515DF5 .51 push ecx ; /Arg2
00515DF6 .8B55 98 mov edx,dword ptr ss: ; |
00515DF9 .52 push edx ; |Arg1
00515DFA .FF15 10114000 call dword ptr ds:[<&MSVBVM60.__vbaStrCmp>] ; \__vbaStrCmp ------...5
00515E00 .85C0 test eax,eax
00515E02 .0F85 9B0B0000 jnz 005169A3 ------------------------------------跳走就完
00515E08 .C745 FC 2C000>mov dword ptr ss:,2C
00515E0F .C785 58FDFFFF>mov dword ptr ss:,1
00515E19 .C785 50FDFFFF>mov dword ptr ss:,2
00515E23 .C785 48FDFFFF>mov dword ptr ss:,14
00515E2D .C785 40FDFFFF>mov dword ptr ss:,2
00515E37 .C785 38FDFFFF>mov dword ptr ss:,1
00515E41 .C785 30FDFFFF>mov dword ptr ss:,2
00515E4B .8D85 50FDFFFF lea eax,dword ptr ss:
00515E51 .50 push eax
00515E52 .8D8D 40FDFFFF lea ecx,dword ptr ss:
00515E58 .51 push ecx
00515E59 .8D95 30FDFFFF lea edx,dword ptr ss:
00515E5F .52 push edx
00515E60 .8D85 9CFBFFFF lea eax,dword ptr ss:
00515E66 .50 push eax
00515E67 .8D8D ACFBFFFF lea ecx,dword ptr ss:
00515E6D .51 push ecx
00515E6E .8D55 B0 lea edx,dword ptr ss:
00515E71 .52 push edx
00515E72 .FF15 90104000 call dword ptr ds:[<&MSVBVM60.__vbaVarForInit>];MSVBVM60.__vbaVarForInit
00515E78 .8985 34FBFFFF mov dword ptr ss:,eax
00515E7E .E9 24010000 jmp 00515FA7
00515E83 >C745 FC 2D000>mov dword ptr ss:,2D
00515E8A .C785 58FDFFFF>mov dword ptr ss:,32
00515E94 .C785 50FDFFFF>mov dword ptr ss:,2
00515E9E .8D45 B0 lea eax,dword ptr ss:
00515EA1 .50 push eax ; /Arg3
00515EA2 .8D8D 50FDFFFF lea ecx,dword ptr ss: ; |
00515EA8 .51 push ecx ; |Arg2
00515EA9 .8D95 F0FEFFFF lea edx,dword ptr ss: ; |
00515EAF .52 push edx ; |Arg1
00515EB0 .FF15 2C124000 call dword ptr ds:[<&MSVBVM60.__vbaVarAdd>] ; \__vbaVarAdd
00515EB6 .50 push eax
00515EB7 .FF15 24124000 call dword ptr ds:[<&MSVBVM60.__vbaI4Var>] ;MSVBVM60.__vbaI4Var
00515EBD .83E8 01 sub eax,1
00515EC0 .8985 34FCFFFF mov dword ptr ss:,eax
00515EC6 .83BD 34FCFFFF>cmp dword ptr ss:,64
00515ECD .73 0C jnb short 00515EDB
00515ECF .C785 6CFAFFFF>mov dword ptr ss:,0
00515ED9 .EB 0C jmp short 00515EE7
00515EDB >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
00515EE1 .8985 6CFAFFFF mov dword ptr ss:,eax
00515EE7 >8D45 B0 lea eax,dword ptr ss:
00515EEA .50 push eax
00515EEB .FF15 24124000 call dword ptr ds:[<&MSVBVM60.__vbaI4Var>] ;MSVBVM60.__vbaI4Var
00515EF1 .83E8 01 sub eax,1
00515EF4 .8985 30FCFFFF mov dword ptr ss:,eax
00515EFA .83BD 30FCFFFF>cmp dword ptr ss:,64
00515F01 .73 0C jnb short 00515F0F
00515F03 .C785 68FAFFFF>mov dword ptr ss:,0
00515F0D .EB 0C jmp short 00515F1B
00515F0F >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
00515F15 .8985 68FAFFFF mov dword ptr ss:,eax
00515F1B >8B8D 34FCFFFF mov ecx,dword ptr ss:
00515F21 .8B95 30FCFFFF mov edx,dword ptr ss:
00515F27 .8A81 C8E15300 mov al,byte ptr ds:
00515F2D .33C9 xor ecx,ecx
00515F2F .3A82 64E15300 cmp al,byte ptr ds:
00515F35 .0F95C1 setne cl
00515F38 .F7D9 neg ecx
00515F3A .66:898D 2CFCF>mov word ptr ss:,cx
00515F41 .8D8D F0FEFFFF lea ecx,dword ptr ss:
00515F47 .FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
00515F4D .0FBF95 2CFCFF>movsx edx,word ptr ss:
00515F54 .85D2 test edx,edx
00515F56 .74 2A je short 00515F82
00515F58 .C745 FC 2E000>mov dword ptr ss:,2E
00515F5F .C785 58FDFFFF>mov dword ptr ss:,63
00515F69 .C785 50FDFFFF>mov dword ptr ss:,2
00515F73 .8D95 50FDFFFF lea edx,dword ptr ss:
00515F79 .8D4D B0 lea ecx,dword ptr ss:
00515F7C .FF15 14104000 call dword ptr ds:[<&MSVBVM60.__vbaVarMove>] ;MSVBVM60.__vbaVarMove
00515F82 >C745 FC 30000>mov dword ptr ss:,30
00515F89 .8D85 9CFBFFFF lea eax,dword ptr ss:
00515F8F .50 push eax ; /Arg3
00515F90 .8D8D ACFBFFFF lea ecx,dword ptr ss: ; |
00515F96 .51 push ecx ; |Arg2
00515F97 .8D55 B0 lea edx,dword ptr ss: ; |
00515F9A .52 push edx ; |Arg1
00515F9B .FF15 88124000 call dword ptr ds:[<&MSVBVM60.__vbaVarForNext>]; \__vbaVarForNext
00515FA1 .8985 34FBFFFF mov dword ptr ss:,eax
00515FA7 >83BD 34FBFFFF>cmp dword ptr ss:,0
00515FAE .^ 0F85 CFFEFFFF jnz 00515E83
00515FB4 .C745 FC 31000>mov dword ptr ss:,31
00515FBB .C785 58FDFFFF>mov dword ptr ss:,5A
00515FC5 .C785 50FDFFFF>mov dword ptr ss:,8002
00515FCF .8D45 B0 lea eax,dword ptr ss:
00515FD2 .50 push eax
00515FD3 .8D8D 50FDFFFF lea ecx,dword ptr ss:
00515FD9 .51 push ecx
00515FDA .FF15 00104000 call dword ptr ds:[<&MSVBVM60.__vbaVarTstGt>] ;MSVBVM60.__vbaVarTstGt
00515FE0 .0FBFD0 movsx edx,ax
00515FE3 .85D2 test edx,edx
00515FE5 .0F84 05060000 je 005165F0
00515FEB .C745 FC 32000>mov dword ptr ss:,32
00515FF2 .B8 15000000 mov eax,15
00515FF7 .83E8 01 sub eax,1
00515FFA .8985 34FCFFFF mov dword ptr ss:,eax
00516000 .83BD 34FCFFFF>cmp dword ptr ss:,64
00516007 .73 0C jnb short 00516015
00516009 .C785 64FAFFFF>mov dword ptr ss:,0
00516013 .EB 0C jmp short 00516021
00516015 >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
0051601B .8985 64FAFFFF mov dword ptr ss:,eax
00516021 >66:8B0D 2EE25>mov cx,word ptr ds:
00516028 .FF15 5C114000 call dword ptr ds:[<&MSVBVM60.__vbaUI1I2>] ;MSVBVM60.__vbaUI1I2
0051602E .8B8D 34FCFFFF mov ecx,dword ptr ss:
00516034 .8881 64E15300 mov byte ptr ds:,al
0051603A .C745 FC 33000>mov dword ptr ss:,33
00516041 .BA 16000000 mov edx,16
00516046 .83EA 01 sub edx,1
00516049 .8995 34FCFFFF mov dword ptr ss:,edx
0051604F .83BD 34FCFFFF>cmp dword ptr ss:,64
00516056 .73 0C jnb short 00516064
00516058 .C785 60FAFFFF>mov dword ptr ss:,0
00516062 .EB 0C jmp short 00516070
00516064 >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
0051606A .8985 60FAFFFF mov dword ptr ss:,eax
00516070 >66:8B0D 30E25>mov cx,word ptr ds:
00516077 .FF15 5C114000 call dword ptr ds:[<&MSVBVM60.__vbaUI1I2>] ;MSVBVM60.__vbaUI1I2
0051607D .8B8D 34FCFFFF mov ecx,dword ptr ss:
00516083 .8881 64E15300 mov byte ptr ds:,al
00516089 .C745 FC 34000>mov dword ptr ss:,34
00516090 .BA 17000000 mov edx,17
00516095 .83EA 01 sub edx,1
00516098 .8995 34FCFFFF mov dword ptr ss:,edx
0051609E .83BD 34FCFFFF>cmp dword ptr ss:,64
005160A5 .73 0C jnb short 005160B3
005160A7 .C785 5CFAFFFF>mov dword ptr ss:,0
005160B1 .EB 0C jmp short 005160BF
005160B3 >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
005160B9 .8985 5CFAFFFF mov dword ptr ss:,eax
005160BF >66:8B0D 32E25>mov cx,word ptr ds:
005160C6 .FF15 5C114000 call dword ptr ds:[<&MSVBVM60.__vbaUI1I2>] ;MSVBVM60.__vbaUI1I2
005160CC .8B8D 34FCFFFF mov ecx,dword ptr ss:
005160D2 .8881 64E15300 mov byte ptr ds:,al
005160D8 .C745 FC 35000>mov dword ptr ss:,35
005160DF .8D95 F0FEFFFF lea edx,dword ptr ss:
005160E5 .52 push edx ; /Arg1
005160E6 .FF15 7C124000 call dword ptr ds:[<&MSVBVM60.#546>] ; \rtcGetPresentDate
005160EC .8D85 F0FEFFFF lea eax,dword ptr ss:
005160F2 .50 push eax ; /Arg2
005160F3 .8D8D E0FEFFFF lea ecx,dword ptr ss: ; |
005160F9 .51 push ecx ; |Arg1
005160FA .FF15 E0114000 call dword ptr ds:[<&MSVBVM60.__vbaVarInt>] ; \__vbaVarInt
00516100 .50 push eax
00516101 .FF15 24124000 call dword ptr ds:[<&MSVBVM60.__vbaI4Var>] ;MSVBVM60.__vbaI4Var
00516107 .8985 54FFFFFF mov dword ptr ss:,eax
0051610D .8D8D F0FEFFFF lea ecx,dword ptr ss:
00516113 .FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
00516119 .C745 FC 36000>mov dword ptr ss:,36
00516120 .8D95 F0FEFFFF lea edx,dword ptr ss:
00516126 .52 push edx ; /Arg1
00516127 .FF15 7C124000 call dword ptr ds:[<&MSVBVM60.#546>] ; \rtcGetPresentDate
0051612D .8D85 E0FEFFFF lea eax,dword ptr ss:
00516133 .50 push eax ; /Arg1
00516134 .FF15 7C124000 call dword ptr ds:[<&MSVBVM60.#546>] ; \rtcGetPresentDate
0051613A .C785 58FDFFFF>mov dword ptr ss:,100
00516144 .C785 50FDFFFF>mov dword ptr ss:,2
0051614E .C785 48FDFFFF>mov dword ptr ss:,100
00516158 .C785 40FDFFFF>mov dword ptr ss:,2
00516162 .8D8D F0FEFFFF lea ecx,dword ptr ss:
00516168 .51 push ecx ; /Arg3
00516169 .8D95 E0FEFFFF lea edx,dword ptr ss: ; |
0051616F .52 push edx ; |/Arg2
00516170 .8D85 D0FEFFFF lea eax,dword ptr ss: ; ||
00516176 .50 push eax ; ||Arg1
00516177 .FF15 E0114000 call dword ptr ds:[<&MSVBVM60.__vbaVarInt>] ; |\__vbaVarInt
0051617D .50 push eax ; |Arg2
0051617E .8D8D C0FEFFFF lea ecx,dword ptr ss: ; |
00516184 .51 push ecx ; |Arg1
00516185 .FF15 04104000 call dword ptr ds:[<&MSVBVM60.__vbaVarSub>] ; \__vbaVarSub
0051618B .50 push eax ; /Arg3
0051618C .8D95 50FDFFFF lea edx,dword ptr ss: ; |
00516192 .52 push edx ; |Arg2
00516193 .8D85 B0FEFFFF lea eax,dword ptr ss: ; |
00516199 .50 push eax ; |Arg1
0051619A .FF15 70114000 call dword ptr ds:[<&MSVBVM60.__vbaVarMul>] ; \__vbaVarMul
005161A0 .50 push eax ; /Arg3
005161A1 .8D8D 40FDFFFF lea ecx,dword ptr ss: ; |
005161A7 .51 push ecx ; |Arg2
005161A8 .8D95 A0FEFFFF lea edx,dword ptr ss: ; |
005161AE .52 push edx ; |Arg1
005161AF .FF15 70114000 call dword ptr ds:[<&MSVBVM60.__vbaVarMul>] ; \__vbaVarMul
005161B5 .50 push eax ; /Arg2
005161B6 .8D85 90FEFFFF lea eax,dword ptr ss: ; |
005161BC .50 push eax ; |Arg1
005161BD .FF15 E0114000 call dword ptr ds:[<&MSVBVM60.__vbaVarInt>] ; \__vbaVarInt
005161C3 .50 push eax
005161C4 .FF15 24124000 call dword ptr ds:[<&MSVBVM60.__vbaI4Var>] ;MSVBVM60.__vbaI4Var
005161CA .8945 9C mov dword ptr ss:,eax
005161CD .8D8D F0FEFFFF lea ecx,dword ptr ss:
005161D3 .51 push ecx
005161D4 .8D95 E0FEFFFF lea edx,dword ptr ss:
005161DA .52 push edx
005161DB .6A 02 push 2
005161DD .FF15 38104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>] ;MSVBVM60.__vbaFreeVarList
005161E3 .83C4 0C add esp,0C
005161E6 .C745 FC 37000>mov dword ptr ss:,37
005161ED .B8 29000000 mov eax,29
005161F2 .83E8 01 sub eax,1
005161F5 .8985 34FCFFFF mov dword ptr ss:,eax
005161FB .83BD 34FCFFFF>cmp dword ptr ss:,64
00516202 .73 0C jnb short 00516210
00516204 .C785 58FAFFFF>mov dword ptr ss:,0
0051620E .EB 0C jmp short 0051621C
00516210 >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
00516216 .8985 58FAFFFF mov dword ptr ss:,eax
0051621C >8B85 54FFFFFF mov eax,dword ptr ss:
00516222 .99 cdq
00516223 .81E2 FF000000 and edx,0FF
00516229 .03C2 add eax,edx
0051622B .8BC8 mov ecx,eax
0051622D .C1F9 08 sar ecx,8
00516230 .FF15 74114000 call dword ptr ds:[<&MSVBVM60.__vbaUI1I4>] ;MSVBVM60.__vbaUI1I4
00516236 .8B8D 34FCFFFF mov ecx,dword ptr ss:
0051623C .8881 64E15300 mov byte ptr ds:,al
00516242 .C745 FC 38000>mov dword ptr ss:,38
00516249 .BA 2A000000 mov edx,2A
0051624E .83EA 01 sub edx,1
00516251 .8995 34FCFFFF mov dword ptr ss:,edx
00516257 .83BD 34FCFFFF>cmp dword ptr ss:,64
0051625E .73 0C jnb short 0051626C
00516260 .C785 54FAFFFF>mov dword ptr ss:,0
0051626A .EB 0C jmp short 00516278
0051626C >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
00516272 .8985 54FAFFFF mov dword ptr ss:,eax
00516278 >8B8D 54FFFFFF mov ecx,dword ptr ss:
0051627E .81E1 FF000080 and ecx,800000FF
00516284 .79 08 jns short 0051628E
00516286 .49 dec ecx
00516287 .81C9 00FFFFFF or ecx,FFFFFF00
0051628D .41 inc ecx
0051628E >FF15 74114000 call dword ptr ds:[<&MSVBVM60.__vbaUI1I4>] ;MSVBVM60.__vbaUI1I4
00516294 .8B8D 34FCFFFF mov ecx,dword ptr ss:
0051629A .8881 64E15300 mov byte ptr ds:,al
005162A0 .C745 FC 39000>mov dword ptr ss:,39
005162A7 .BA 2B000000 mov edx,2B
005162AC .83EA 01 sub edx,1
005162AF .8995 34FCFFFF mov dword ptr ss:,edx
005162B5 .83BD 34FCFFFF>cmp dword ptr ss:,64
005162BC .73 0C jnb short 005162CA
005162BE .C785 50FAFFFF>mov dword ptr ss:,0
005162C8 .EB 0C jmp short 005162D6
005162CA >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
005162D0 .8985 50FAFFFF mov dword ptr ss:,eax
005162D6 >8B45 9C mov eax,dword ptr ss:
005162D9 .99 cdq
005162DA .81E2 FF000000 and edx,0FF
005162E0 .03C2 add eax,edx
005162E2 .8BC8 mov ecx,eax
005162E4 .C1F9 08 sar ecx,8
005162E7 .FF15 74114000 call dword ptr ds:[<&MSVBVM60.__vbaUI1I4>] ;MSVBVM60.__vbaUI1I4
005162ED .8B8D 34FCFFFF mov ecx,dword ptr ss:
005162F3 .8881 64E15300 mov byte ptr ds:,al
005162F9 .C745 FC 3A000>mov dword ptr ss:,3A
00516300 .BA 2C000000 mov edx,2C
00516305 .83EA 01 sub edx,1
00516308 .8995 34FCFFFF mov dword ptr ss:,edx
0051630E .83BD 34FCFFFF>cmp dword ptr ss:,64
00516315 .73 0C jnb short 00516323
00516317 .C785 4CFAFFFF>mov dword ptr ss:,0
00516321 .EB 0C jmp short 0051632F
00516323 >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
00516329 .8985 4CFAFFFF mov dword ptr ss:,eax
0051632F >8B4D 9C mov ecx,dword ptr ss:
00516332 .81E1 FF000080 and ecx,800000FF
00516338 .79 08 jns short 00516342
0051633A .49 dec ecx
0051633B .81C9 00FFFFFF or ecx,FFFFFF00
00516341 .41 inc ecx
00516342 >FF15 74114000 call dword ptr ds:[<&MSVBVM60.__vbaUI1I4>] ;MSVBVM60.__vbaUI1I4
00516348 .8B8D 34FCFFFF mov ecx,dword ptr ss:
0051634E .8881 64E15300 mov byte ptr ds:,al
00516354 .C745 FC 3B000>mov dword ptr ss:,3B
0051635B .BA 2D000000 mov edx,2D
00516360 .83EA 01 sub edx,1
00516363 .8995 30FCFFFF mov dword ptr ss:,edx
00516369 .83BD 30FCFFFF>cmp dword ptr ss:,64
00516370 .73 0C jnb short 0051637E
00516372 .C785 48FAFFFF>mov dword ptr ss:,0
0051637C .EB 0C jmp short 0051638A
0051637E >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
00516384 .8985 48FAFFFF mov dword ptr ss:,eax
0051638A >B8 2D000000 mov eax,2D
0051638F .83E8 01 sub eax,1
00516392 .8985 34FCFFFF mov dword ptr ss:,eax
00516398 .83BD 34FCFFFF>cmp dword ptr ss:,64
0051639F .73 0C jnb short 005163AD
005163A1 .C785 44FAFFFF>mov dword ptr ss:,0
005163AB .EB 0C jmp short 005163B9
005163AD >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
005163B3 .8985 44FAFFFF mov dword ptr ss:,eax
005163B9 >8B8D 34FCFFFF mov ecx,dword ptr ss:
005163BF .8B95 30FCFFFF mov edx,dword ptr ss:
005163C5 .8A82 C8E15300 mov al,byte ptr ds:
005163CB .8881 64E15300 mov byte ptr ds:,al
005163D1 .C745 FC 3C000>mov dword ptr ss:,3C
005163D8 .B9 2E000000 mov ecx,2E
005163DD .83E9 01 sub ecx,1
005163E0 .898D 30FCFFFF mov dword ptr ss:,ecx
005163E6 .83BD 30FCFFFF>cmp dword ptr ss:,64
005163ED .73 0C jnb short 005163FB
005163EF .C785 40FAFFFF>mov dword ptr ss:,0
005163F9 .EB 0C jmp short 00516407
005163FB >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
00516401 .8985 40FAFFFF mov dword ptr ss:,eax
00516407 >BA 2E000000 mov edx,2E
0051640C .83EA 01 sub edx,1
0051640F .8995 34FCFFFF mov dword ptr ss:,edx
00516415 .83BD 34FCFFFF>cmp dword ptr ss:,64
0051641C .73 0C jnb short 0051642A
0051641E .C785 3CFAFFFF>mov dword ptr ss:,0
00516428 .EB 0C jmp short 00516436
0051642A >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
00516430 .8985 3CFAFFFF mov dword ptr ss:,eax
00516436 >8B85 34FCFFFF mov eax,dword ptr ss:
0051643C .8B8D 30FCFFFF mov ecx,dword ptr ss:
00516442 .8A91 C8E15300 mov dl,byte ptr ds:
00516448 .8890 64E15300 mov byte ptr ds:,dl
0051644E .C745 FC 3D000>mov dword ptr ss:,3D
00516455 .B8 2F000000 mov eax,2F
0051645A .83E8 01 sub eax,1
0051645D .8985 30FCFFFF mov dword ptr ss:,eax
00516463 .83BD 30FCFFFF>cmp dword ptr ss:,64
0051646A .73 0C jnb short 00516478
0051646C .C785 38FAFFFF>mov dword ptr ss:,0
00516476 .EB 0C jmp short 00516484
00516478 >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
0051647E .8985 38FAFFFF mov dword ptr ss:,eax
00516484 >B9 2F000000 mov ecx,2F
00516489 .83E9 01 sub ecx,1
0051648C .898D 34FCFFFF mov dword ptr ss:,ecx
00516492 .83BD 34FCFFFF>cmp dword ptr ss:,64
00516499 .73 0C jnb short 005164A7
0051649B .C785 34FAFFFF>mov dword ptr ss:,0
005164A5 .EB 0C jmp short 005164B3
005164A7 >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
005164AD .8985 34FAFFFF mov dword ptr ss:,eax
005164B3 >8B95 34FCFFFF mov edx,dword ptr ss:
005164B9 .8B85 30FCFFFF mov eax,dword ptr ss:
005164BF .8A88 C8E15300 mov cl,byte ptr ds:
005164C5 .888A 64E15300 mov byte ptr ds:,cl
005164CB .C745 FC 3E000>mov dword ptr ss:,3E
005164D2 .BA 30000000 mov edx,30
005164D7 .83EA 01 sub edx,1
005164DA .8995 34FCFFFF mov dword ptr ss:,edx
005164E0 .83BD 34FCFFFF>cmp dword ptr ss:,64
005164E7 .73 0C jnb short 005164F5
005164E9 .C785 30FAFFFF>mov dword ptr ss:,0
005164F3 .EB 0C jmp short 00516501
005164F5 >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
005164FB .8985 30FAFFFF mov dword ptr ss:,eax
00516501 >B9 01000000 mov ecx,1
00516506 .FF15 5C114000 call dword ptr ds:[<&MSVBVM60.__vbaUI1I2>] ;MSVBVM60.__vbaUI1I2
0051650C .8B8D 34FCFFFF mov ecx,dword ptr ss:
00516512 .8881 64E15300 mov byte ptr ds:,al
00516518 .C745 FC 3F000>mov dword ptr ss:,3F
0051651F .BA 31000000 mov edx,31
00516524 .83EA 01 sub edx,1
00516527 .8995 34FCFFFF mov dword ptr ss:,edx
0051652D .83BD 34FCFFFF>cmp dword ptr ss:,64
00516534 .73 0C jnb short 00516542
00516536 .C785 2CFAFFFF>mov dword ptr ss:,0
00516540 .EB 0C jmp short 0051654E
00516542 >FF15 08114000 call dword ptr ds:[<&MSVBVM60.__vbaGenerateBound>; \__vbaGenerateBoundsError
00516548 .8985 2CFAFFFF mov dword ptr ss:,eax
0051654E >B9 01000000 mov ecx,1
00516553 .FF15 5C114000 call dword ptr ds:[<&MSVBVM60.__vbaUI1I2>] ;MSVBVM60.__vbaUI1I2
00516559 .8B8D 34FCFFFF mov ecx,dword ptr ss:
0051655F .8881 64E15300 mov byte ptr ds:,al
00516565 .C745 FC 40000>mov dword ptr ss:,40
0051656C .C785 58FDFFFF>mov dword ptr ss:,64
00516576 .C785 50FDFFFF>mov dword ptr ss:,2
00516580 .C785 48FDFFFF>mov dword ptr ss:,64
0051658A .C785 40FDFFFF>mov dword ptr ss:,2
00516594 .8D95 68FFFFFF lea edx,dword ptr ss:
0051659A .52 push edx
0051659B .FF15 B8114000 call dword ptr ds:[<&MSVBVM60.__vbaI2Var>] ;MSVBVM60.__vbaI2Var
005165A1 .50 push eax
005165A2 .8D45 A0 lea eax,dword ptr ss:
005165A5 .50 push eax ; /Arg3
005165A6 .8D8D 50FDFFFF lea ecx,dword ptr ss: ; |
005165AC .51 push ecx ; |Arg2
005165AD .8D95 F0FEFFFF lea edx,dword ptr ss: ; |
005165B3 .52 push edx ; |Arg1
005165B4 .FF15 70114000 call dword ptr ds:[<&MSVBVM60.__vbaVarMul>] ; \__vbaVarMul
005165BA .50 push eax ; /Arg3
005165BB .8D85 40FDFFFF lea eax,dword ptr ss: ; |
005165C1 .50 push eax ; |Arg2
005165C2 .8D8D E0FEFFFF lea ecx,dword ptr ss: ; |
005165C8 .51 push ecx ; |Arg1
005165C9 .FF15 2C124000 call dword ptr ds:[<&MSVBVM60.__vbaVarAdd>] ; \__vbaVarAdd
005165CF .50 push eax
005165D0 .FF15 24124000 call dword ptr ds:[<&MSVBVM60.__vbaI4Var>] ;MSVBVM60.__vbaI4Var
005165D6 .50 push eax ; |Arg3
005165D7 .68 64E15300 push 0053E164 ; |Arg2 = 0053E164
005165DC .6A 64 push 64 ; |Arg1 = 00000064
005165DE .FF15 44104000 call dword ptr ds:[<&MSVBVM60.__vbaPut4>] ; \__vbaPut4
005165E4 .8D8D E0FEFFFF lea ecx,dword ptr ss:
005165EA .FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
005165F0 >C745 FC 42000>mov dword ptr ss:,42
005165F7 .FF15 A0104000 call dword ptr ds:[<&MSVBVM60.__vbaFileCloseAll>>;MSVBVM60.__vbaFileCloseAll
005165FD .C745 FC 43000>mov dword ptr ss:,43
00516604 .8B55 08 mov edx,dword ptr ss:
00516607 .8B02 mov eax,dword ptr ds:
00516609 .8B4D 08 mov ecx,dword ptr ss:
0051660C .51 push ecx
0051660D .FF90 F8060000 call dword ptr ds:
00516613 .8985 34FCFFFF mov dword ptr ss:,eax
00516619 .83BD 34FCFFFF>cmp dword ptr ss:,0
00516620 .7D 23 jge short 00516645
00516622 .68 F8060000 push 6F8 ; /Arg4 = 000006F8
00516627 .68 A8CA4000 push 0040CAA8 ; |Arg3 = 0040CAA8
0051662C .8B55 08 mov edx,dword ptr ss: ; |
0051662F .52 push edx ; |Arg2
00516630 .8B85 34FCFFFF mov eax,dword ptr ss: ; |
00516636 .50 push eax ; |Arg1
00516637 .FF15 74104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultCheckO>; \__vbaHresultCheckObj
0051663D .8985 28FAFFFF mov dword ptr ss:,eax
00516643 .EB 0A jmp short 0051664F
00516645 >C785 28FAFFFF>mov dword ptr ss:,0
0051664F >C745 FC 44000>mov dword ptr ss:,44
00516656 .C785 58FDFFFF>mov dword ptr ss:,5A
00516660 .C785 50FDFFFF>mov dword ptr ss:,8002
0051666A .8D4D B0 lea ecx,dword ptr ss:
0051666D .51 push ecx
0051666E .8D95 50FDFFFF lea edx,dword ptr ss:
00516674 .52 push edx
00516675 .FF15 00104000 call dword ptr ds:[<&MSVBVM60.__vbaVarTstGt>] ;MSVBVM60.__vbaVarTstGt
0051667B .0FBFC0 movsx eax,ax
0051667E .85C0 test eax,eax
00516680 .0F84 1B030000 je 005169A1
00516686 .C745 FC 45000>mov dword ptr ss:,45
0051668D .8D8D F0FEFFFF lea ecx,dword ptr ss:
00516693 .51 push ecx ; /Arg1
00516694 .FF15 7C124000 call dword ptr ds:[<&MSVBVM60.#546>] ; \rtcGetPresentDate
0051669A .6A 01 push 1 ; /Arg4 = 00000001
0051669C .6A 03 push 3 ; |Arg3 = 00000003
0051669E .68 E0070000 push 7E0 ; |Arg2 = 000007E0
005166A3 .8D95 E0FEFFFF lea edx,dword ptr ss: ; |
005166A9 .52 push edx ; |Arg1
005166AA .FF15 BC114000 call dword ptr ds:[<&MSVBVM60.#538>] ; \rtcPackDate
005166B0 .8D85 C0FEFFFF lea eax,dword ptr ss:
005166B6 .50 push eax ; /Arg1
005166B7 .FF15 7C124000 call dword ptr ds:[<&MSVBVM60.#546>] ; \rtcGetPresentDate
005166BD .68 B5000000 push 0B5 ; /Arg4 = 000000B5
005166C2 .68 B7000000 push 0B7 ; |Arg3 = 000000B7
005166C7 .68 94080000 push 894 ; |Arg2 = 00000894
005166CC .8D8D B0FEFFFF lea ecx,dword ptr ss: ; |
005166D2 .51 push ecx ; |Arg1
005166D3 .FF15 BC114000 call dword ptr ds:[<&MSVBVM60.#538>] ; \rtcPackDate
005166D9 .8D95 F0FEFFFF lea edx,dword ptr ss:
005166DF .52 push edx ; /Arg3
005166E0 .8D85 E0FEFFFF lea eax,dword ptr ss: ; |
005166E6 .50 push eax ; |Arg2
005166E7 .8D8D D0FEFFFF lea ecx,dword ptr ss: ; |
005166ED .51 push ecx ; |Arg1
005166EE .FF15 F8114000 call dword ptr ds:[<&MSVBVM60.__vbaVarCmpLt>] ; \__vbaVarCmpLt
005166F4 .50 push eax ; /Arg3
005166F5 .8D95 C0FEFFFF lea edx,dword ptr ss: ; |
005166FB .52 push edx ; |/Arg3
005166FC .8D85 B0FEFFFF lea eax,dword ptr ss: ; ||
00516702 .50 push eax ; ||Arg2
00516703 .8D8D A0FEFFFF lea ecx,dword ptr ss: ; ||
00516709 .51 push ecx ; ||Arg1
0051670A .FF15 EC104000 call dword ptr ds:[<&MSVBVM60.__vbaVarCmpGt>] ; |\__vbaVarCmpGt
00516710 .50 push eax ; |Arg2
00516711 .8D95 90FEFFFF lea edx,dword ptr ss: ; |
00516717 .52 push edx ; |Arg1
00516718 .FF15 34114000 call dword ptr ds:[<&MSVBVM60.__vbaVarOr>] ; \__vbaVarOr
0051671E .50 push eax ; /Arg1
0051671F .FF15 DC104000 call dword ptr ds:[<&MSVBVM60.__vbaBoolVarNull>] ; \__vbaBoolVarNull
00516725 .66:8985 34FCF>mov word ptr ss:,ax
0051672C .8D85 B0FEFFFF lea eax,dword ptr ss:
00516732 .50 push eax
00516733 .8D8D C0FEFFFF lea ecx,dword ptr ss:
00516739 .51 push ecx
0051673A .8D95 E0FEFFFF lea edx,dword ptr ss:
00516740 .52 push edx
00516741 .8D85 F0FEFFFF lea eax,dword ptr ss:
00516747 .50 push eax
00516748 .6A 04 push 4
0051674A .FF15 38104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>] ;MSVBVM60.__vbaFreeVarList
00516750 .83C4 14 add esp,14
00516753 .0FBF8D 34FCFF>movsx ecx,word ptr ss:
0051675A .85C9 test ecx,ecx
0051675C .74 05 je short 00516763
0051675E .E9 4D020000 jmp 005169B0
00516763 >C745 FC 48000>mov dword ptr ss:,48
0051676A .6A 09 push 9 ; /Arg1 = 00000009
0051676C .FF15 08104000 call dword ptr ds:[<&MSVBVM60.__vbaStrI2>] ; \__vbaStrI2
00516772 .8BD0 mov edx,eax
00516774 .8D8D 0CFFFFFF lea ecx,dword ptr ss:
0051677A .FF15 58124000 call dword ptr ds:[<&MSVBVM60.__vbaStrMove>] ;MSVBVM60.__vbaStrMove
00516780 .50 push eax
00516781 .8B55 08 mov edx,dword ptr ss:
00516784 .8B02 mov eax,dword ptr ds:
00516786 .8B4D 08 mov ecx,dword ptr ss:
00516789 .51 push ecx
0051678A .FF90 C4010000 call dword ptr ds:
00516790 .DBE2 fclex
00516792 .8985 34FCFFFF mov dword ptr ss:,eax
00516798 .83BD 34FCFFFF>cmp dword ptr ss:,0
0051679F .7D 23 jge short 005167C4
005167A1 .68 C4010000 push 1C4 ; /Arg4 = 000001C4
005167A6 .68 78CA4000 push 0040CA78 ; |Arg3 = 0040CA78
005167AB .8B55 08 mov edx,dword ptr ss: ; |
005167AE .52 push edx ; |Arg2
005167AF .8B85 34FCFFFF mov eax,dword ptr ss: ; |
005167B5 .50 push eax ; |Arg1
005167B6 .FF15 74104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultCheckO>; \__vbaHresultCheckObj
005167BC .8985 24FAFFFF mov dword ptr ss:,eax
005167C2 .EB 0A jmp short 005167CE
005167C4 >C785 24FAFFFF>mov dword ptr ss:,0
005167CE >8D8D 0CFFFFFF lea ecx,dword ptr ss:
005167D4 .FF15 9C124000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ;MSVBVM60.__vbaFreeStr
005167DA .C745 FC 49000>mov dword ptr ss:,49
005167E1 .68 804FC347 push 47C34F80
005167E6 .8B4D 08 mov ecx,dword ptr ss:
005167E9 .8B11 mov edx,dword ptr ds:
005167EB .8B45 08 mov eax,dword ptr ss:
005167EE .50 push eax
005167EF .FF52 7C call dword ptr ds:
005167F2 .DBE2 fclex
005167F4 .8985 34FCFFFF mov dword ptr ss:,eax
005167FA .83BD 34FCFFFF>cmp dword ptr ss:,0
00516801 .7D 20 jge short 00516823
00516803 .6A 7C push 7C ; /Arg4 = 0000007C
00516805 .68 78CA4000 push 0040CA78 ; |Arg3 = 0040CA78
0051680A .8B4D 08 mov ecx,dword ptr ss: ; |
0051680D .51 push ecx ; |Arg2
0051680E .8B95 34FCFFFF mov edx,dword ptr ss: ; |
00516814 .52 push edx ; |Arg1
00516815 .FF15 74104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultCheckO>; \__vbaHresultCheckObj
0051681B .8985 20FAFFFF mov dword ptr ss:,eax
00516821 .EB 0A jmp short 0051682D
00516823 >C785 20FAFFFF>mov dword ptr ss:,0
0051682D >C745 FC 4A000>mov dword ptr ss:,4A
00516834 .8B45 08 mov eax,dword ptr ss:
00516837 .8B08 mov ecx,dword ptr ds:
00516839 .8B55 08 mov edx,dword ptr ss:
0051683C .52 push edx
0051683D .FF91 B4020000 call dword ptr ds:
00516843 .DBE2 fclex
00516845 .8985 34FCFFFF mov dword ptr ss:,eax
0051684B .83BD 34FCFFFF>cmp dword ptr ss:,0
00516852 .7D 23 jge short 00516877
00516854 .68 B4020000 push 2B4 ; /Arg4 = 000002B4
00516859 .68 78CA4000 push 0040CA78 ; |Arg3 = 0040CA78
0051685E .8B45 08 mov eax,dword ptr ss: ; |
00516861 .50 push eax ; |Arg2
00516862 .8B8D 34FCFFFF mov ecx,dword ptr ss: ; |
00516868 .51 push ecx ; |Arg1
00516869 .FF15 74104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultCheckO>; \__vbaHresultCheckObj
0051686F .8985 1CFAFFFF mov dword ptr ss:,eax
00516875 .EB 0A jmp short 00516881
00516877 >C785 1CFAFFFF>mov dword ptr ss:,0
00516881 >C745 FC 4B000>mov dword ptr ss:,4B
00516888 .833D 10E05300>cmp dword ptr ds:,0
0051688F .75 1C jnz short 005168AD
00516891 .68 10E05300 push 0053E010 ; /Arg2 = 0053E010
00516896 .68 94B94000 push 0040B994 ; |Arg1 = 0040B994
0051689B .FF15 D4114000 call dword ptr ds:[<&MSVBVM60.__vbaNew2>] ; \__vbaNew2
005168A1 .C785 18FAFFFF>mov dword ptr ss:,0053E010
005168AB .EB 0A jmp short 005168B7
005168AD >C785 18FAFFFF>mov dword ptr ss:,0053E010
005168B7 >8B95 18FAFFFF mov edx,dword ptr ss:
005168BD .8B02 mov eax,dword ptr ds:
005168BF .8985 34FCFFFF mov dword ptr ss:,eax
005168C5 .C785 48FDFFFF>mov dword ptr ss:,80020004
005168CF .C785 40FDFFFF>mov dword ptr ss:,0A
005168D9 .C785 58FDFFFF>mov dword ptr ss:,80020004
005168E3 .C785 50FDFFFF>mov dword ptr ss:,0A
005168ED .B8 10000000 mov eax,10
005168F2 .E8 A908EFFF call <jmp.&MSVBVM60.__vbaChkstk>
005168F7 .8BCC mov ecx,esp
005168F9 .8B95 40FDFFFF mov edx,dword ptr ss:
005168FF .8911 mov dword ptr ds:,edx
00516901 .8B85 44FDFFFF mov eax,dword ptr ss:
00516907 .8941 04 mov dword ptr ds:,eax
0051690A .8B95 48FDFFFF mov edx,dword ptr ss:
00516910 .8951 08 mov dword ptr ds:,edx
00516913 .8B85 4CFDFFFF mov eax,dword ptr ss:
00516919 .8941 0C mov dword ptr ds:,eax
0051691C .B8 10000000 mov eax,10
00516921 .E8 7A08EFFF call <jmp.&MSVBVM60.__vbaChkstk>
00516926 .8BCC mov ecx,esp
00516928 .8B95 50FDFFFF mov edx,dword ptr ss:
0051692E .8911 mov dword ptr ds:,edx
00516930 .8B85 54FDFFFF mov eax,dword ptr ss:
00516936 .8941 04 mov dword ptr ds:,eax
00516939 .8B95 58FDFFFF mov edx,dword ptr ss:
0051693F .8951 08 mov dword ptr ds:,edx
00516942 .8B85 5CFDFFFF mov eax,dword ptr ss:
00516948 .8941 0C mov dword ptr ds:,eax
0051694B .8B8D 34FCFFFF mov ecx,dword ptr ss:
00516951 .8B11 mov edx,dword ptr ds:
00516953 .8B85 34FCFFFF mov eax,dword ptr ss:
00516959 .50 push eax
0051695A .FF92 B0020000 call dword ptr ds:
00516960 .DBE2 fclex
00516962 .8985 30FCFFFF mov dword ptr ss:,eax
00516968 .83BD 30FCFFFF>cmp dword ptr ss:,0
0051696F .7D 26 jge short 00516997
00516971 .68 B0020000 push 2B0 ; /Arg4 = 000002B0
00516976 .68 88C74000 push 0040C788 ; |Arg3 = 0040C788
0051697B .8B8D 34FCFFFF mov ecx,dword ptr ss: ; |
00516981 .51 push ecx ; |Arg2
00516982 .8B95 30FCFFFF mov edx,dword ptr ss: ; |
00516988 .52 push edx ; |Arg1
00516989 .FF15 74104000 call dword ptr ds:[<&MSVBVM60.__vbaHresultCheckO>; \__vbaHresultCheckObj
0051698F .8985 14FAFFFF mov dword ptr ss:,eax
00516995 .EB 0A jmp short 005169A1
00516997 >C785 14FAFFFF>mov dword ptr ss:,0
005169A1 >EB 0D jmp short 005169B0
005169A3 >C745 FC 4E000>mov dword ptr ss:,4E
005169AA .FF15 A0104000 call dword ptr ds:[<&MSVBVM60.__vbaFileCloseAll>>;MSVBVM60.__vbaFileCloseAll
005169B0 >C745 F0 00000>mov dword ptr ss:,0
005169B7 .9B wait
005169B8 .68 7C6B5100 push 00516B7C
005169BD .E9 EE000000 jmp 00516AB0
005169C2 .8D85 04FFFFFF lea eax,dword ptr ss:
005169C8 .50 push eax
005169C9 .8D8D 08FFFFFF lea ecx,dword ptr ss:
005169CF .51 push ecx
005169D0 .8D95 0CFFFFFF lea edx,dword ptr ss:
005169D6 .52 push edx
005169D7 .6A 03 push 3
005169D9 .FF15 F4114000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStrList>] ;MSVBVM60.__vbaFreeStrList
005169DF .83C4 10 add esp,10
005169E2 .8D8D 00FFFFFF lea ecx,dword ptr ss:
005169E8 .FF15 98124000 call dword ptr ds:[<&MSVBVM60.__vbaFreeObj>] ;MSVBVM60.__vbaFreeObj
005169EE .8D85 60FDFFFF lea eax,dword ptr ss:
005169F4 .50 push eax
005169F5 .8D8D 70FDFFFF lea ecx,dword ptr ss:
005169FB .51 push ecx
005169FC .8D95 80FDFFFF lea edx,dword ptr ss:
00516A02 .52 push edx
00516A03 .8D85 90FDFFFF lea eax,dword ptr ss:
00516A09 .50 push eax
00516A0A .8D8D A0FDFFFF lea ecx,dword ptr ss:
00516A10 .51 push ecx
00516A11 .8D95 B0FDFFFF lea edx,dword ptr ss:
00516A17 .52 push edx
00516A18 .8D85 C0FDFFFF lea eax,dword ptr ss:
00516A1E .50 push eax
00516A1F .8D8D D0FDFFFF lea ecx,dword ptr ss:
00516A25 .51 push ecx
00516A26 .8D95 E0FDFFFF lea edx,dword ptr ss:
00516A2C .52 push edx
00516A2D .8D85 F0FDFFFF lea eax,dword ptr ss:
00516A33 .50 push eax
00516A34 .8D8D 00FEFFFF lea ecx,dword ptr ss:
00516A3A .51 push ecx
00516A3B .8D95 10FEFFFF lea edx,dword ptr ss:
00516A41 .52 push edx
00516A42 .8D85 20FEFFFF lea eax,dword ptr ss:
00516A48 .50 push eax
00516A49 .8D8D 30FEFFFF lea ecx,dword ptr ss:
00516A4F .51 push ecx
00516A50 .8D95 40FEFFFF lea edx,dword ptr ss:
00516A56 .52 push edx
00516A57 .8D85 50FEFFFF lea eax,dword ptr ss:
00516A5D .50 push eax
00516A5E .8D8D 60FEFFFF lea ecx,dword ptr ss:
00516A64 .51 push ecx
00516A65 .8D95 70FEFFFF lea edx,dword ptr ss:
00516A6B .52 push edx
00516A6C .8D85 80FEFFFF lea eax,dword ptr ss:
00516A72 .50 push eax
00516A73 .8D8D 90FEFFFF lea ecx,dword ptr ss:
00516A79 .51 push ecx
00516A7A .8D95 A0FEFFFF lea edx,dword ptr ss:
00516A80 .52 push edx
00516A81 .8D85 B0FEFFFF lea eax,dword ptr ss:
00516A87 .50 push eax
00516A88 .8D8D C0FEFFFF lea ecx,dword ptr ss:
00516A8E .51 push ecx
00516A8F .8D95 D0FEFFFF lea edx,dword ptr ss:
00516A95 .52 push edx
00516A96 .8D85 E0FEFFFF lea eax,dword ptr ss:
00516A9C .50 push eax
00516A9D .8D8D F0FEFFFF lea ecx,dword ptr ss:
00516AA3 .51 push ecx
00516AA4 .6A 1A push 1A
00516AA6 .FF15 38104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>] ;MSVBVM60.__vbaFreeVarList
00516AAC .83C4 6C add esp,6C
00516AAF .C3 retn
00516AB0 >8D95 9CFBFFFF lea edx,dword ptr ss:
00516AB6 .52 push edx
00516AB7 .8D85 ACFBFFFF lea eax,dword ptr ss:
00516ABD .50 push eax
00516ABE .8D8D BCFBFFFF lea ecx,dword ptr ss:
00516AC4 .51 push ecx
00516AC5 .8D95 CCFBFFFF lea edx,dword ptr ss:
00516ACB .52 push edx
00516ACC .8D85 DCFBFFFF lea eax,dword ptr ss:
00516AD2 .50 push eax
00516AD3 .8D8D ECFBFFFF lea ecx,dword ptr ss:
00516AD9 .51 push ecx
00516ADA .6A 06 push 6
00516ADC .FF15 38104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVarList>] ;MSVBVM60.__vbaFreeVarList
00516AE2 .83C4 1C add esp,1C
00516AE5 .8D4D D0 lea ecx,dword ptr ss:
00516AE8 .FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
00516AEE .8D4D C0 lea ecx,dword ptr ss:
00516AF1 .FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
00516AF7 .8D4D B0 lea ecx,dword ptr ss:
00516AFA .FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
00516B00 .8D4D A0 lea ecx,dword ptr ss:
00516B03 .FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
00516B09 .8D4D 98 lea ecx,dword ptr ss:
00516B0C .FF15 9C124000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ;MSVBVM60.__vbaFreeStr
00516B12 .8D4D 88 lea ecx,dword ptr ss:
00516B15 .FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
00516B1B .8D8D 78FFFFFF lea ecx,dword ptr ss:
00516B21 .FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
00516B27 .8D8D 68FFFFFF lea ecx,dword ptr ss:
00516B2D .FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
00516B33 .8D8D 58FFFFFF lea ecx,dword ptr ss:
00516B39 .FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
00516B3F .8D8D 44FFFFFF lea ecx,dword ptr ss:
00516B45 .FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
00516B4B .8D8D 40FFFFFF lea ecx,dword ptr ss:
00516B51 .FF15 9C124000 call dword ptr ds:[<&MSVBVM60.__vbaFreeStr>] ;MSVBVM60.__vbaFreeStr
00516B57 .8D8D 30FFFFFF lea ecx,dword ptr ss:
00516B5D .FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
00516B63 .8D8D 20FFFFFF lea ecx,dword ptr ss:
00516B69 .FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
00516B6F .8D8D 10FFFFFF lea ecx,dword ptr ss:
00516B75 .FF15 1C104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeVar>] ;MSVBVM60.__vbaFreeVar
00516B7B .C3 retn
00516B7C .8B55 08 mov edx,dword ptr ss:
00516B7F .8B02 mov eax,dword ptr ds:
00516B81 .8B4D 08 mov ecx,dword ptr ss:
00516B84 .51 push ecx
00516B85 .FF50 08 call dword ptr ds:
00516B88 .8B45 F0 mov eax,dword ptr ss:
00516B8B .8B4D E0 mov ecx,dword ptr ss:
00516B8E .64:890D 00000>mov dword ptr fs:,ecx
00516B95 .5F pop edi
00516B96 .5E pop esi
00516B97 .5B pop ebx
00516B98 .8BE5 mov esp,ebp
00516B9A .5D pop ebp
[/mw_shl_code]
再测试一下
```
00401000 $C701 C049C400 MOV DWORD PTR DS:,ElementC.00C449C0
00401006 .E9 55367B00 JMP ElementC.00BB4660
0040100B 90 NOP
0040100C 90 NOP
0040100D 90 NOP
0040100E 90 NOP
0040100F 90 NOP
00401010 .56 PUSH ESI
00401011 .8BF1 MOV ESI,ECX
00401013 .E8 E8FFFFFF CALL ElementC.00401000
00401018 .F64424 08 01TEST BYTE PTR SS:,1
0040101D .74 09 JE SHORT ElementC.00401028
0040101F .56 PUSH ESI
00401020 .E8 0B9C6200 CALL ElementC.00A2AC30
00401025 .83C4 04 ADD ESP,4
00401028 >8BC6 MOV EAX,ESI
0040102A .5E POP ESI
0040102B .C2 0400 RETN 4
0040102E 90 NOP
0040102F 90 NOP
00401030 .8B4424 10 MOV EAX,DWORD PTR SS:
00401034 .8B4C24 08 MOV ECX,DWORD PTR SS:
00401038 .8B5424 1C MOV EDX,DWORD PTR SS:
0040103C .8908 MOV DWORD PTR DS:,ECX
0040103E .8B4424 14 MOV EAX,DWORD PTR SS:
00401042 .8902 MOV DWORD PTR DS:,EAX
00401044 .B8 03000000 MOV EAX,3
00401049 .C2 1C00 RETN 1C
0040104C 90 NOP
0040104D 90 NOP
0040104E 90 NOP
0040104F 90 NOP
``` 本帖最后由 xuhw 于 2018-6-12 16:41 编辑
005159ED .FF15 84104000 call dword ptr ds:[<&MSVBVM60.__vbaVarCmpGe>] ; \__vbaVarCmpGe---不知验证什么----3
例如
7xxx0xx7xx6x0xxx6
经调示得知取第8 位,第5,11位相反与常数10706比较
也就说第8位要等于7,第5位6,第11位=0
但是第8位为7,会变成 7+5A(常数)X100+第5,11位,7+90(5A)x100=9700//=> //=>与10706(常数)比较不相等
00515A06 .FF15 9C114000 call dword ptr ds:[<&MSVBVM60.__vbaVarCmpLe>] ; |\__vbaVarCmpLe ---不知验证什么----4
例如
7xxx0xx7xx6x0xxx6
取第1 位,第13,17位常数10706比较
也就说第1位=7,13位要等于0,第17位=6,
但是第1位为7,会变成 7+5A(常数)X100 +13,17位,7+90(5A)x100=9700//=>与10706(常数)比较不相等
这两处验证一直无法搞定,高手们进来分析看看,指导迷津
之时高深,学习了
有点深,看不太懂,但是这种是不是就连闪都不闪 直接运行的 学习学,学习学习 楼主还没说是款什么软件呢? 代码好长....项一下! 这种是不是就连闪都不闪 直接运行的 学习了大佬
之时高深,学习了 此文着很辛苦。。希望楼主可以重新编辑一下。