标 题:
[原创]VB P-code粗略分析(3)
发帖人:moodsky
时 间: 2005-02-05 18:17
原文链接:http://bbs.pediy.com/showthread.php?threadid=10877
详细信息:
'在理解前两节知识的前提下,我们这里引入一个我自己写的LYSA算法和一个简单的CrackmeONEII作为分析的目标。
'作为除夕的礼物送给大家,小鸟一只让向各位献丑了!
'CrackmeONEII
'为了和前面衔接,CrackmeONEII是在Pcode(2-2)基础上写的
'下面是源代码,里面用的是一种查表法
***********Reference CrackmeONEII's Sound code
Private Sub Command1_Click()
Dim name As String, code As String, strCode As String, T As String, F As String
Dim i As Integer, j As Integer
T = "CrackmeONEII+LYSA-II True code!"
F = "CrackmeONEII+LYSA-II False code!"
name = "": code = "": strCode = ""
name = Text1.Text
If name = "" Then
Text1.Text = ""
Exit Sub
End If
If Asc(name) < 0 Then
Text1.Text = ""
Exit Sub
End If
For i = 1 To Len(name)
If Asc(Mid(name, i, 1)) >= 48 And Asc(Mid(name, i, 1)) <= 57 Then '0-9
Select Case Mid(name, i, 1)
Case "1"
strCode = strCode & "da"
Case "2"
strCode = strCode & "fa"
Case "3"
strCode = strCode & "fc"
Case "4"
strCode = strCode & "dc"
Case "5"
strCode = strCode & "eb"
Case "6"
strCode = strCode & "fb"
Case "7"
strCode = strCode & "ea"
Case "8"
strCode = strCode & "ec"
Case "9"
strCode = strCode & "db"
Case "0"
strCode = strCode & "ab"
End Select
End If
If Asc(Mid(name, i, 1)) >= 65 And Asc(Mid(name, i, 1)) <= 90 Then 'A-Z
Select Case Mid(name, i, 1)
Case "A"
strCode = strCode & "01"
Case "B"
strCode = strCode & "62"
Case "C"
strCode = strCode & "81"
Case "D"
strCode = strCode & "84"
Case "E"
strCode = strCode & "63"
Case "F"
strCode = strCode & "71"
Case "G"
strCode = strCode & "72"
Case "H"
strCode = strCode & "91"
Case "I"
strCode = strCode & "74"
Case "J"
strCode = strCode & "93"
Case "K"
strCode = strCode & "03"
Case "L"
strCode = strCode & "82"
Case "M"
strCode = strCode & "61"
Case "N"
strCode = strCode & "02"
Case "O"
strCode = strCode & "65"
Case "P"
strCode = strCode & "8a"
Case "Q"
strCode = strCode & "92"
Case "R"
strCode = strCode & "75"
Case "S"
strCode = strCode & "05"
Case "T"
strCode = strCode & "95"
Case "U"
strCode = strCode & "83"
Case "V"
strCode = strCode & "64"
Case "W"
strCode = strCode & "85"
Case "X"
strCode = strCode & "04"
Case "Y"
strCode = strCode & "94"
Case "Z"
strCode = strCode & "73"
End Select
End If
If Asc(Mid(name, i, 1)) >= 97 And Asc(Mid(name, i, 1)) <= 122 Then 'a-z
Select Case Mid(name, i, 1)
Case "a"
strCode = strCode & "10"
Case "b"
strCode = strCode & "26"
Case "c"
strCode = strCode & "18"
Case "d"
strCode = strCode & "48"
Case "e"
strCode = strCode & "36"
Case "f"
strCode = strCode & "17"
Case "g"
strCode = strCode & "27"
Case "h"
strCode = strCode & "19"
Case "i"
strCode = strCode & "47"
Case "j"
strCode = strCode & "39"
Case "k"
strCode = strCode & "30"
Case "l"
strCode = strCode & "28"
Case "m"
strCode = strCode & "16"
Case "n"
strCode = strCode & "20"
Case "o"
strCode = strCode & "56"
Case "p"
strCode = strCode & "3f"
Case "q"
strCode = strCode & "29"
Case "r"
strCode = strCode & "57"
Case "s"
strCode = strCode & "50"
Case "t"
strCode = strCode & "59"
Case "u"
strCode = strCode & "38"
Case "v"
strCode = strCode & "46"
Case "w"
strCode = strCode & "58"
Case "x"
strCode = strCode & "40"
Case "y"
strCode = strCode & "94"
Case "z"
strCode = strCode & "37"
End Select
End If
If Asc(Mid(name, i, 1)) >= 0 And Asc(Mid(name, i, 1)) <= 47 Then
Text1.Text = ""
Exit Sub
End If
If Asc(Mid(name, i, 1)) >= 58 And Asc(Mid(name, i, 1)) <= 64 Then
Text1.Text = ""
Exit Sub
End If
If Asc(Mid(name, i, 1)) >= 91 And Asc(Mid(name, i, 1)) <= 96 Then
Text1.Text = ""
Exit Sub
End If
If Asc(Mid(name, i, 1)) >= 123 And Asc(Mid(name, i, 1)) <= 255 Then
Text1.Text = ""
Exit Sub
End If
Next i
'MsgBox strCode
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "f" Then code = code & "f"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "e" Then code = code & "e"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "d" Then code = code & "d"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "c" Then code = code & "c"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "b" Then code = code & "b"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "a" Then code = code & "a"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "9" Then code = code & "9"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "8" Then code = code & "8"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "7" Then code = code & "7"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "6" Then code = code & "6"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "5" Then code = code & "5"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "4" Then code = code & "4"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "3" Then code = code & "3"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "2" Then code = code & "2"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "1" Then code = code & "1"
Next j
For j = 1 To Len(strCode)
If Mid(strCode, j, 1) = "0" Then code = code & "0"
Next j
'MsgBox code
If Text2.Text = code Then
MsgBox T, vbOKOnly, "CrackmeONEII+LYSA-II"
Else
Text1.Text = ""
Text2.Text = ""
MsgBox F, vbOKOnly, "CrackmeONEII+LYSA-II"
End If
End Sub
***********Reference VB P-code
[Command1.Click]
******Possible String Ref To->"CrackmeONEII+LYSA-II True code!"
|
:004027E4 1B0000 LitStr ;Push ptr_0040219C // 装入字符串
:004027E7 436CFF FStStrCopy ;[LOCAL_0094]=SysAllocStringByteLen(Pop, [Pop-4]); SysFreeString Pop // 复制到内存0094
******Possible String Ref To->"CrackmeONEII+LYSA-II False code!"
|
:004027EA 1B0100 LitStr ;Push ptr_004021E0 // 装入字符串
:004027ED 4368FF FStStrCopy ;[LOCAL_0098]=SysAllocStringByteLen(Pop, [Pop-4]); SysFreeString Pop // 复制到内存0098
******Possible String Ref To->""
|
:004027F0 1B0200 LitStr ;Push ptr_00402228 // 装入字符串
:004027F3 4378FF FStStrCopy ;[LOCAL_0088]=SysAllocStringByteLen(Pop, [Pop-4]); SysFreeString Pop // 复制到内存0088
******Possible String Ref To->""
|
:004027F6 1B0200 LitStr ;Push ptr_00402228 // 装入字符串
:004027F9 4374FF FStStrCopy ;[LOCAL_008C]=SysAllocStringByteLen(Pop, [Pop-4]); SysFreeString Pop // 复制到内存008C
******Possible String Ref To->""
|
:004027FC 1B0200 LitStr ;Push ptr_00402228 // 装入字符串
:004027FF 4370FF FStStrCopy ;[LOCAL_0090]=SysAllocStringByteLen(Pop, [Pop-4]); SysFreeString Pop // 复制到内存0090
****************************************
T = "CrackmeONEII+LYSA-II True code!"
F = "CrackmeONEII+LYSA-II False code!"
name = "": code = "": strCode = ""
****************************************
:00402802 045CFF FLdRfVar ;Push LOCAL_00A4 // 开辟内存空间
:00402805 21 FLdPrThis ;[SR]=[stack2] \
:00402806 0F0403 VCallAd ;Return the control index 03 / // 获得窗体句柄
:00402809 1960FF FStAdFunc ;// 取propget过程地址
:0040280C 0860FF FLdPr ;[SR]=[LOCAL_00A0] // 加载过程
***********Reference To:[propget]TextBox.Text // propget,TextBox.Text的取过程
|
:0040280F 0DA0000300 VCallHresult ;Call ptr_0040222C // 获得文本框中的内容
:00402814 3E5CFF FLdZeroAd ;Push DWORD [LOCAL_00A4]; [LOCAL_00A4]=0 // 将内容入栈
:00402817 3178FF FStStr ;SysFreeString [LOCAL_0088]; [LOCAL_0088]=Pop // 将字符释放到0088
:0040281A 1A60FF FFree1Ad ;Push [LOCAL_00A0]; Call [[[LOCAL_00A0]]+8]; [[LOCAL_00A0]]=0 // 调用后释放空间
****************************************
name = Text1.Text
****************************************
:0040281D 6C78FF ILdRf ;Push DWORD [LOCAL_0088] // 装载获取的文本内容,作为参数
******Possible String Ref To->""
|
:00402820 1B0200 LitStr ;Push ptr_00402228 // NULL字符入栈
:00402823 FB30 EqStr ;//字符串比较
:00402825 1C5A00 BranchF ;If Pop=0 then ESI=0040283E // 不相等则跳(F->条件为假)0040283E
******Possible String Ref To->""
|
:00402828 1B0200 LitStr ;Push ptr_00402228 // NULL字符入栈
:0040282B 21 FLdPrThis ;[SR]=[stack2] \
:0040282C 0F0403 VCallAd ;Return the control index 03 / // 获得窗体句柄
:0040282F 1960FF FStAdFunc ;// 取propput过程地址
:00402832 0860FF FLdPr ;[SR]=[LOCAL_00A0] // 加载过程
***********Reference To:[propput]TextBox.Text // propput,TextBox.Text的赋值过程
|
:00402835 0DA4000300 VCallHresult ;Call ptr_0040222C // 将文本框赋值为NULL字符
:0040283A 1A60FF FFree1Ad ;Push [LOCAL_00A0]; Call [[[LOCAL_00A0]]+8]; [[LOCAL_00A0]]=0 // 调用后释放空间
:0040283D 13 ExitProcHresult ;// 退出过程
****************************************
If name = "" Then
Text1.Text = ""
Exit Sub
End If
****************************************
:0040283E 6C78FF ILdRf ;Push DWORD [LOCAL_0088] // 装载获取的文本内容,作为参数
**********Reference To->msvbvm60.rtcAnsiValueBstr //ASC()
|
:00402841 0B04000400 ImpAdCallI2 ;Call ptr_00401030; check stack 0004; Push EAX // ASC([LOCAL_0088])
:00402846 F400 LitI2_Byte ;Push 00 // 0入栈
:00402848 D0 LtI2 ;// 整数的小于判断(less than)
:00402849 1C7E00 BranchF ;If Pop=0 then ESI=00402862 // 不小于则跳00402862
******Possible String Ref To->""
|
:0040284C 1B0200 LitStr ;Push ptr_00402228 // NULL字符入栈
:0040284F 21 FLdPrThis ;[SR]=[stack2] \
:00402850 0F0403 VCallAd ;Return the control index 03 / // 获得窗体句柄
:00402853 1960FF FStAdFunc ;// 取propput过程地址
:00402856 0860FF FLdPr ;[SR]=[LOCAL_00A0] // 加载过程
***********Reference To:[propput]TextBox.Text // propput,TextBox.Text的赋值过程
|
:00402859 0DA4000300 VCallHresult ;Call ptr_0040222C // 将文本框赋值为NULL字符
:0040285E 1A60FF FFree1Ad ;Push [LOCAL_00A0]; Call [[[LOCAL_00A0]]+8]; [[LOCAL_00A0]]=0 // 调用后释放空间
:00402861 13 ExitProcHresult ;// 退出过程
****************************************
If Asc(name) < 0 Then
Text1.Text = ""
Exit Sub
End If
****************************************
:00402862 F401 LitI2_Byte ;Push 01 // 01入栈
:00402864 0466FF FLdRfVar ;Push LOCAL_009A // 加载变量i
:00402867 6C78FF ILdRf ;Push DWORD [LOCAL_0088] // 装载获取的文本内容,作为参数
:0040286A 4A FnLenStr ;vbaLenBstr // 计算name长度
:0040286B E4 CI2I4 ;Verify [stack] high word is 0000, ECX=[ECX]
:0040286C FE6358FFA30A ForI2 ;// FOR
****************************************
For i = 1 To Len(name)
****************************************
:00402872 2828FF0100 LitVarI2 ;PushVarInteger 0001 \ 取长度
:00402877 6B66FF FLdI2 ;Push WORD [LOCAL_009A] | 变量i的值
:0040287A E7 CI4UI1 ; | // MID函数参数入栈
:0040287B 0478FF FLdRfVar ;Push LOCAL_0088 / 文本内容
:0040287E 4D48FF0840 CVarRef ;// 创建临时变量
:00402883 0418FF FLdRfVar ;Push LOCAL_00E8 // 加载临时变量
**********Reference To->msvbvm60.rtcMidCharVar
|
:00402886 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX // MID操作
:0040288B 0418FF FLdRfVar ;Push LOCAL_00E8 \
:0040288E FDFE5CFF CStrVarVal ; / // ASC函数参数入栈
**********Reference To->msvbvm60.rtcAnsiValueBstr
|
:00402892 0B04000400 ImpAdCallI2 ;Call ptr_00401030; check stack 0004; Push EAX // ASC操作
:00402897 F430 LitI2_Byte ;Push 30 // 48入栈
:00402899 DF GeI2 ;// 大于等于比较操作
:0040289A 28E8FE0100 LitVarI2 ;PushVarInteger 0001 \ 取长度
:0040289F 6B66FF FLdI2 ;Push WORD [LOCAL_009A] | 变量i的值
:004028A2 E7 CI4UI1 ; | // MID函数参数入栈
:004028A3 0478FF FLdRfVar ;Push LOCAL_0088 / 文本内容
:004028A6 4D08FF0840 CVarRef ;// 创建临时变量
:004028AB 04D8FE FLdRfVar ;Push LOCAL_0128 // 加载临时变量
**********Reference To->msvbvm60.rtcMidCharVar
|
:004028AE 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX //MID操作
:004028B3 04D8FE FLdRfVar ;Push LOCAL_0128 \
:004028B6 FDFED4FE CStrVarVal ; / // ASC函数参数入栈
**********Reference To->msvbvm60.rtcAnsiValueBstr
|
:004028BA 0B04000400 ImpAdCallI2 ;Call ptr_00401030; check stack 0004; Push EAX //ASC操作
:004028BF F439 LitI2_Byte ;Push 39 // 57入栈
:004028C1 D5 LeI2 ;// 小于等于比较操作
:004028C2 C4 AndI4 ;// AND
:004028C3 3204005CFFD4FE FFreeStr ;Do SysFreeString [arg_n]; [arg_n]=0 0004/2 times ~ arg
:004028CA 36080028FF18FFE8 FFreeVar ;Free 0008/2 variants // 释放临时变量
:004028D5 1C2202 BranchF ;If Pop=0 then ESI=00402A06 // 条件为假则跳00402A06
****************************************
If Asc(Mid(name, i, 1)) >= 48 And Asc(Mid(name, i, 1)) <= 57 Then '0-9
****************************************
:004028D8 2828FF0100 LitVarI2 ;PushVarInteger 0001 \ 取长度
:004028DD 6B66FF FLdI2 ;Push WORD [LOCAL_009A] | 变量i的值
:004028E0 E7 CI4UI1 ; | // MID函数参数入栈
:004028E1 0478FF FLdRfVar ;Push LOCAL_0088 / 文本内容
:004028E4 4D48FF0840 CVarRef ;// 创建临时变量
:004028E9 0418FF FLdRfVar ;Push LOCAL_00E8 // 加载临时变量
**********Reference To->msvbvm60.rtcMidCharVar
|
:004028EC 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX // MID操作
****************************************
Mid(name, i, 1)
****************************************
:004028F1 0418FF FLdRfVar ;Push LOCAL_00E8 // Mid(name, i, 1)的内容入栈
:004028F4 FCF6C4FE FStVar ;
:004028F8 3528FF FFree1Var ;Free LOCAL_00D8
:004028FB 04C4FE FLdRfVar ;Push LOCAL_013C // 加载临时变量,用来保存"1"
******Possible String Ref To->"1"
|
:004028FE 3A48FF0600 LitVarStr ;PushVarString ptr_00402240 // "1"入栈
:00402903 5D HardType ;
:00402904 FB33 EqVarBool ;// 判断变量是否相等
:00402906 1C3201 BranchF ;If Pop=0 then ESI=00402916 // 条件为假跳00402916
:00402909 6C70FF ILdRf ;Push DWORD [LOCAL_0090] // 加载strCode
******Possible String Ref To->"da"
|
:0040290C 1B0700 LitStr ;Push ptr_00402248 // "da"入栈
:0040290F 2A ConcatStr ;vbaStrCat // 连接字符串
****************************************
Case "1"
strCode = strCode & "da"
****************************************
:00402910 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop // 将字符释放到0090
:00402913 1E2202 Branch ;ESI=00402A06 // 跳出CASE
:00402916 04C4FE FLdRfVar ;Push LOCAL_013C // 加载临时变量
******Possible String Ref To->"2"
|
:00402919 3A48FF0800 LitVarStr ;PushVarString ptr_00402254 // "2"入栈
:0040291E 5D HardType ;
:0040291F FB33 EqVarBool ;// 判断变量是否相等
:00402921 1C4D01 BranchF ;If Pop=0 then ESI=00402931 // 条件为假跳00402931
:00402924 6C70FF ILdRf ;Push DWORD [LOCAL_0090] // 加载strCode
******Possible String Ref To->"fa"
|
:00402927 1B0900 LitStr ;Push ptr_0040225C // "fa"入栈
:0040292A 2A ConcatStr ;vbaStrCat // 连接字符串
****************************************
Case "2"
strCode = strCode & "fa"
****************************************
:0040292B 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop // 将字符释放到0090
:0040292E 1E2202 Branch ;ESI=00402A06 // 跳出CASE
:00402931 04C4FE FLdRfVar ;Push LOCAL_013C // 加载临时变量
******Possible String Ref To->"3"
|
:00402934 3A48FF0A00 LitVarStr ;PushVarString ptr_00402268 // "3"入栈
:00402939 5D HardType ;
:0040293A FB33 EqVarBool ;// 判断变量是否相等
:0040293C 1C6801 BranchF ;If Pop=0 then ESI=0040294C // 条件为假跳0040294C
:0040293F 6C70FF ILdRf ;Push DWORD [LOCAL_0090] // 加载strCode
******Possible String Ref To->"fc"
|
:00402942 1B0B00 LitStr ;Push ptr_00402270 // "fc"入栈
:00402945 2A ConcatStr ;vbaStrCat // 连接字符串
****************************************
Case "3"
strCode = strCode & "fc"
****************************************
:00402946 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop // 将字符释放到0090
:00402949 1E2202 Branch ;ESI=00402A06 // 跳出CASE
:0040294C 04C4FE FLdRfVar ;Push LOCAL_013C // 加载临时变量
******Possible String Ref To->"4"
|
:0040294F 3A48FF0C00 LitVarStr ;PushVarString ptr_0040227C // "4"入栈
:00402954 5D HardType ;
:00402955 FB33 EqVarBool ;// 判断变量是否相等
:00402957 1C8301 BranchF ;If Pop=0 then ESI=00402967 // 条件为假跳00402967
:0040295A 6C70FF ILdRf ;Push DWORD [LOCAL_0090] // 加载strCode
******Possible String Ref To->"dc"
|
:0040295D 1B0D00 LitStr ;Push ptr_00402284 // "dc"入栈
:00402960 2A ConcatStr ;vbaStrCat // 连接字符串
****************************************
Case "4"
strCode = strCode & "dc"
****************************************
:00402961 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop // 将字符释放到0090
:00402964 1E2202 Branch ;ESI=00402A06 // 跳出CASE
:00402967 04C4FE FLdRfVar ;Push LOCAL_013C // 加载临时变量
******Possible String Ref To->"5"
|
:0040296A 3A48FF0E00 LitVarStr ;PushVarString ptr_00402290 // "5"入栈
:0040296F 5D HardType ;
:00402970 FB33 EqVarBool ;// 判断变量是否相等
:00402972 1C9E01 BranchF ;If Pop=0 then ESI=00402982 // 条件为假跳00402982
:00402975 6C70FF ILdRf ;Push DWORD [LOCAL_0090] // 加载strCode
******Possible String Ref To->"eb"
|
:00402978 1B0F00 LitStr ;Push ptr_00402298 // "eb"入栈
:0040297B 2A ConcatStr ;vbaStrCat // 连接字符串
****************************************
Case "5"
strCode = strCode & "eb"
****************************************
:0040297C 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop // 将字符释放到0090
:0040297F 1E2202 Branch ;ESI=00402A06 // 跳出CASE
:00402982 04C4FE FLdRfVar ;Push LOCAL_013C // 加载临时变量
******Possible String Ref To->"6"
|
:00402985 3A48FF1000 LitVarStr ;PushVarString ptr_004022A4 // "6"入栈
:0040298A 5D HardType ;
:0040298B FB33 EqVarBool ;// 判断变量是否相等
:0040298D 1CB901 BranchF ;If Pop=0 then ESI=0040299D // 条件为假跳0040299D
:00402990 6C70FF ILdRf ;Push DWORD [LOCAL_0090] // 加载strCode
******Possible String Ref To->"fb"
|
:00402993 1B1100 LitStr ;Push ptr_004022AC // "fb"入栈
:00402996 2A ConcatStr ;vbaStrCat // 连接字符串
****************************************
Case "6"
strCode = strCode & "fb"
****************************************
:00402997 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop // 将字符释放到0090
:0040299A 1E2202 Branch ;ESI=00402A06 // 跳出CASE
:0040299D 04C4FE FLdRfVar ;Push LOCAL_013C // 加载临时变量
******Possible String Ref To->"7"
|
:004029A0 3A48FF1200 LitVarStr ;PushVarString ptr_004022B8 // "7"入栈
:004029A5 5D HardType ;
:004029A6 FB33 EqVarBool ;// 判断变量是否相等
:004029A8 1CD401 BranchF ;If Pop=0 then ESI=004029B8 // 条件为假跳004029B8
:004029AB 6C70FF ILdRf ;Push DWORD [LOCAL_0090] // 加载strCode
******Possible String Ref To->"ea"
|
:004029AE 1B1300 LitStr ;Push ptr_004022C0 // "ea"入栈
:004029B1 2A ConcatStr ;vbaStrCat // 连接字符串
****************************************
Case "7"
strCode = strCode & "ea"
****************************************
:004029B2 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop // 将字符释放到0090
:004029B5 1E2202 Branch ;ESI=00402A06 // 跳出CASE
:004029B8 04C4FE FLdRfVar ;Push LOCAL_013C // 加载临时变量
******Possible String Ref To->"8"
|
:004029BB 3A48FF1400 LitVarStr ;PushVarString ptr_004022CC // "8"入栈
:004029C0 5D HardType ;
:004029C1 FB33 EqVarBool ;// 判断变量是否相等
:004029C3 1CEF01 BranchF ;If Pop=0 then ESI=004029D3 // 条件为假跳004029D3
:004029C6 6C70FF ILdRf ;Push DWORD [LOCAL_0090] // 加载strCode
******Possible String Ref To->"ec"
|
:004029C9 1B1500 LitStr ;Push ptr_004022D4 // "ec"入栈
:004029CC 2A ConcatStr ;vbaStrCat // 连接字符串
****************************************
Case "8"
strCode = strCode & "ec"
****************************************
:004029CD 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop // 将字符释放到0090
:004029D0 1E2202 Branch ;ESI=00402A06 // 跳出CASE
:004029D3 04C4FE FLdRfVar ;Push LOCAL_013C // 加载临时变量
******Possible String Ref To->"9"
|
:004029D6 3A48FF1600 LitVarStr ;PushVarString ptr_004022E0 // "9"入栈
:004029DB 5D HardType ;
:004029DC FB33 EqVarBool ;// 判断变量是否相等
:004029DE 1C0A02 BranchF ;If Pop=0 then ESI=004029EE // 条件为假跳004029EE
:004029E1 6C70FF ILdRf ;Push DWORD [LOCAL_0090] // 加载strCode
******Possible String Ref To->"db"
|
:004029E4 1B1700 LitStr ;Push ptr_004022E8 // "db"入栈
:004029E7 2A ConcatStr ;vbaStrCat // 连接字符串
****************************************
Case "9"
strCode = strCode & "db"
****************************************
:004029E8 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop // 将字符释放到0090
:004029EB 1E2202 Branch ;ESI=00402A06 // 跳出CASE
:004029EE 04C4FE FLdRfVar ;Push LOCAL_013C // 加载临时变量
******Possible String Ref To->"0"
|
:004029F1 3A48FF1800 LitVarStr ;PushVarString ptr_004022F4 // "0"入栈
:004029F6 5D HardType ;
:004029F7 FB33 EqVarBool ;// 判断变量是否相等
:004029F9 1C2202 BranchF ;If Pop=0 then ESI=00402A06 // 条件为假跳00402A06,正好为CASE结束
:004029FC 6C70FF ILdRf ;Push DWORD [LOCAL_0090] // 加载strCode
******Possible String Ref To->"ab"
|
:004029FF 1B1900 LitStr ;Push ptr_004022FC // "ab"入栈
:00402A02 2A ConcatStr ;vbaStrCat // 连接字符串
****************************************
Case "0"
strCode = strCode & "da"
****************************************
:00402A03 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop // 将字符释放到0090
****************************************
End Select
****************************************
:00402A06 2828FF0100 LitVarI2 ;PushVarInteger 0001 \ 取长度
:00402A0B 6B66FF FLdI2 ;Push WORD [LOCAL_009A] | 变量i的值
:00402A0E E7 CI4UI1 ; | // MID函数参数入栈
:00402A0F 0478FF FLdRfVar ;Push LOCAL_0088 / 文本内容
:00402A12 4D48FF0840 CVarRef ;// 创建临时变量
:00402A17 0418FF FLdRfVar ;Push LOCAL_00E8 // 加载临时变量
**********Reference To->msvbvm60.rtcMidCharVar
|
:00402A1A 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX // MID()操作
:00402A1F 0418FF FLdRfVar ;Push LOCAL_00E8 \
:00402A22 FDFE5CFF CStrVarVal ; / // ASC函数参数入栈
**********Reference To->msvbvm60.rtcAnsiValueBstr
|
:00402A26 0B04000400 ImpAdCallI2 ;Call ptr_00401030; check stack 0004; Push EAX // ASC()操作
:00402A2B F441 LitI2_Byte ;Push 41 // 65入栈
:00402A2D DF GeI2 ;// 大于等于比较操作
:00402A2E 28E8FE0100 LitVarI2 ;PushVarInteger 0001 \ 取长度
:00402A33 6B66FF FLdI2 ;Push WORD [LOCAL_009A] | 变量i的值
:00402A36 E7 CI4UI1 ; | // MID函数参数入栈
:00402A37 0478FF FLdRfVar ;Push LOCAL_0088 / 文本内容
:00402A3A 4D08FF0840 CVarRef ;// 创建临时变量
:00402A3F 04D8FE FLdRfVar ;Push LOCAL_0128 // 加载临时变量
**********Reference To->msvbvm60.rtcMidCharVar
|
:00402A42 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX // MID()操作
:00402A47 04D8FE FLdRfVar ;Push LOCAL_0128 \
:00402A4A FDFED4FE CStrVarVal ; / // ASC函数参数入栈
**********Reference To->msvbvm60.rtcAnsiValueBstr
|
:00402A4E 0B04000400 ImpAdCallI2 ;Call ptr_00401030; check stack 0004; Push EAX // ASC()操作
:00402A53 F45A LitI2_Byte ;Push 5A // 90入栈
:00402A55 D5 LeI2 ;// 小于等于比较操作
:00402A56 C4 AndI4 ;// AND
:00402A57 3204005CFFD4FE FFreeStr ;Do SysFreeString [arg_n]; [arg_n]=0 0004/2 times ~ arg
:00402A5E 36080028FF18FFE8 FFreeVar ;Free 0008/2 variants // 释放临时变量
:00402A69 1C6605 BranchF ;If Pop=0 then ESI=00402D4A // 条件为假则跳00402D4A
****************************************
If Asc(Mid(name, i, 1)) >= 65 And Asc(Mid(name, i, 1)) <= 90 Then 'A-Z
****************************************
:00402A6C 2828FF0100 LitVarI2 ;PushVarInteger 0001 \
:00402A71 6B66FF FLdI2 ;Push WORD [LOCAL_009A] | // MID函数参数入栈
:00402A74 E7 CI4UI1 ; | 具体操作如上
:00402A75 0478FF FLdRfVar ;Push LOCAL_0088 /
:00402A78 4D48FF0840 CVarRef ;// 创建临时变量
:00402A7D 0418FF FLdRfVar ;Push LOCAL_00E8 // 加载临时变量
**********Reference To->msvbvm60.rtcMidCharVar
|
:00402A80 0A05001000 ImpAdCallFPR4 ;Call ptr_00401036; check stack 0010; Push EAX //MID
:00402A85 0418FF FLdRfVar ;Push LOCAL_00E8 // Mid(name, i, 1)的内容入栈
:00402A88 FCF6B4FE FStVar ;
:00402A8C 3528FF FFree1Var ;Free LOCAL_00D8
:00402A8F 04B4FE FLdRfVar ;Push LOCAL_014C // 加载临时变量,用来保存"A"
################################下面是判断字符是大写、小写字母时的操作和上面的数字是一样的!################################
____________________________________________________________________________________________________________________________
******Possible String Ref To->"A"
|
:00402A92 3A48FF1A00 LitVarStr ;PushVarString ptr_00402308
:00402A97 5D HardType ;
:00402A98 FB33 EqVarBool ;
:00402A9A 1CC602 BranchF ;If Pop=0 then ESI=00402AAA
:00402A9D 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"01"
|
:00402AA0 1B1B00 LitStr ;Push ptr_00402310
:00402AA3 2A ConcatStr ;vbaStrCat
****************************************
Case "A"
strCode = strCode & "01"
****************************************
:00402AA4 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402AA7 1E6605 Branch ;ESI=00402D4A
:00402AAA 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"B"
|
:00402AAD 3A48FF1C00 LitVarStr ;PushVarString ptr_0040231C
:00402AB2 5D HardType ;
:00402AB3 FB33 EqVarBool ;
:00402AB5 1CE102 BranchF ;If Pop=0 then ESI=00402AC5
:00402AB8 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"62"
|
:00402ABB 1B1D00 LitStr ;Push ptr_00402324
:00402ABE 2A ConcatStr ;vbaStrCat
****************************************
Case "B"
strCode = strCode & "62"
****************************************
:00402ABF 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402AC2 1E6605 Branch ;ESI=00402D4A
:00402AC5 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"C"
|
:00402AC8 3A48FF1E00 LitVarStr ;PushVarString ptr_00402330
:00402ACD 5D HardType ;
:00402ACE FB33 EqVarBool ;
:00402AD0 1CFC02 BranchF ;If Pop=0 then ESI=00402AE0
:00402AD3 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"81"
|
:00402AD6 1B1F00 LitStr ;Push ptr_00402338
:00402AD9 2A ConcatStr ;vbaStrCat
****************************************
Case "C"
strCode = strCode & "81"
****************************************
:00402ADA 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402ADD 1E6605 Branch ;ESI=00402D4A
:00402AE0 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"D"
|
:00402AE3 3A48FF2000 LitVarStr ;PushVarString ptr_00402344
:00402AE8 5D HardType ;
:00402AE9 FB33 EqVarBool ;
:00402AEB 1C1703 BranchF ;If Pop=0 then ESI=00402AFB
:00402AEE 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"84"
|
:00402AF1 1B2100 LitStr ;Push ptr_0040234C
:00402AF4 2A ConcatStr ;vbaStrCat
****************************************
Case "D"
strCode = strCode & "84"
****************************************
:00402AF5 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402AF8 1E6605 Branch ;ESI=00402D4A
:00402AFB 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"E"
|
:00402AFE 3A48FF2200 LitVarStr ;PushVarString ptr_00402358
:00402B03 5D HardType ;
:00402B04 FB33 EqVarBool ;
:00402B06 1C3203 BranchF ;If Pop=0 then ESI=00402B16
:00402B09 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"63"
|
:00402B0C 1B2300 LitStr ;Push ptr_00402360
:00402B0F 2A ConcatStr ;vbaStrCat
****************************************
Case "E"
strCode = strCode & "63"
****************************************
:00402B10 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402B13 1E6605 Branch ;ESI=00402D4A
:00402B16 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"F"
|
:00402B19 3A48FF2400 LitVarStr ;PushVarString ptr_0040236C
:00402B1E 5D HardType ;
:00402B1F FB33 EqVarBool ;
:00402B21 1C4D03 BranchF ;If Pop=0 then ESI=00402B31
:00402B24 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"71"
|
:00402B27 1B2500 LitStr ;Push ptr_00402374
:00402B2A 2A ConcatStr ;vbaStrCat
****************************************
Case "F"
strCode = strCode & "71"
****************************************
:00402B2B 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402B2E 1E6605 Branch ;ESI=00402D4A
:00402B31 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"G"
|
:00402B34 3A48FF2600 LitVarStr ;PushVarString ptr_00402380
:00402B39 5D HardType ;
:00402B3A FB33 EqVarBool ;
:00402B3C 1C6803 BranchF ;If Pop=0 then ESI=00402B4C
:00402B3F 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"72"
|
:00402B42 1B2700 LitStr ;Push ptr_00402388
:00402B45 2A ConcatStr ;vbaStrCat
****************************************
Case "G"
strCode = strCode & "72"
****************************************
:00402B46 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402B49 1E6605 Branch ;ESI=00402D4A
:00402B4C 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"H"
|
:00402B4F 3A48FF2800 LitVarStr ;PushVarString ptr_00402394
:00402B54 5D HardType ;
:00402B55 FB33 EqVarBool ;
:00402B57 1C8303 BranchF ;If Pop=0 then ESI=00402B67
:00402B5A 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"91"
|
:00402B5D 1B2900 LitStr ;Push ptr_0040239C
:00402B60 2A ConcatStr ;vbaStrCat
****************************************
Case "H"
strCode = strCode & "91"
****************************************
:00402B61 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402B64 1E6605 Branch ;ESI=00402D4A
:00402B67 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"I"
|
:00402B6A 3A48FF2A00 LitVarStr ;PushVarString ptr_004023A8
:00402B6F 5D HardType ;
:00402B70 FB33 EqVarBool ;
:00402B72 1C9E03 BranchF ;If Pop=0 then ESI=00402B82
:00402B75 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
******Possible String Ref To->"74"
|
:00402B78 1B2B00 LitStr ;Push ptr_004023B0
:00402B7B 2A ConcatStr ;vbaStrCat
****************************************
Case "I"
strCode = strCode & "74"
****************************************
:00402B7C 3170FF FStStr ;SysFreeString [LOCAL_0090]; [LOCAL_0090]=Pop
:00402B7F 1E6605 Branch ;ESI=00402D4A
:00402B82 04B4FE FLdRfVar ;Push LOCAL_014C
******Possible String Ref To->"J"
|
:00402B85 3A48FF2C00 LitVarStr ;PushVarString ptr_004023BC
:00402B8A 5D HardType ;
:00402B8B FB33 EqVarBool ;
:00402B8D 1CB903 BranchF ;If Pop=0 then ESI=00402B9D
:00402B90 6C70FF ILdRf