• 标 题:半字节破解Vopt Millennium edition (9千字)
  • 作 者:conanxu[BCG]
  • 时 间:2001-5-13 13:42:29
  • 链 接:http://bbs.pediy.com

半字节破解Vopt Millennium edition
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00432956(C), :004329FE(C), :00432AE6(C)
|
:00432B39 C745FC22000000          mov [ebp-04], 00000022
:00432B40 8B55DC                  mov edx, dword ptr [ebp-24]
:00432B43 52                      push edx
:00432B44 E867E2FDFF              call 00410DB0

* Reference To: MSVBVM50.__vbaSetSystemError, Ord:0000h
                                  |
:00432B49 FF151C334600            Call dword ptr [0046331C]
:00432B4F C745FC23000000          mov [ebp-04], 00000023
:00432B56          movsx eax, word ptr [0045F642]
:00432B5D 85C0                    test eax, eax
:00432B5F 0F8573030000            jne 00432ED8                    --->这里可以跳过改为je 00432ED8即0F8473030000
:00432B65 C745FC24000000          mov [ebp-04], 00000024
:00432B6C 8B4D08                  mov ecx, dword ptr [ebp+08]
:00432B6F 8B11                    mov edx, dword ptr [ecx]
:00432B71 8B4508                  mov eax, dword ptr [ebp+08]
:00432B74 50                      push eax
:00432B75 FF92F4030000            call dword ptr [edx+000003F4]
:00432B7B 50                      push eax
:00432B7C 8D4DB8                  lea ecx, dword ptr [ebp-48]
:00432B7F 51                      push ecx

* Reference To: MSVBVM50.__vbaObjSet, Ord:0000h
                                  |
:00432B80 FF1544334600            Call dword ptr [00463344]
:00432B86 894588                  mov dword ptr [ebp-78], eax
:00432B89 6AFF                    push FFFFFFFF
:00432B8B 8B5588                  mov edx, dword ptr [ebp-78]
:00432B8E 8B02                    mov eax, dword ptr [edx]
:00432B90 8B4D88                  mov ecx, dword ptr [ebp-78]
:00432B93 51                      push ecx
:00432B94 FF505C                  call [eax+5C]
:00432B97 894584                  mov dword ptr [ebp-7C], eax
:00432B9A 837D8400                cmp dword ptr [ebp-7C], 00000000
:00432B9E 7D1D                    jge 00432BBD
:00432BA0 6A5C                    push 0000005C

* Possible StringData Ref from Code Obj ->"iO?檉??"
                                  |
:00432BA2 686C254100              push 0041256C
:00432BA7 8B5588                  mov edx, dword ptr [ebp-78]
:00432BAA 52                      push edx
:00432BAB 8B4584                  mov eax, dword ptr [ebp-7C]
:00432BAE 50                      push eax

* Reference To: MSVBVM50.__vbaHresultCheckObj, Ord:0000h
                                  |
:00432BAF FF1524334600            Call dword ptr [00463324]
:00432BB5 898564FFFFFF            mov dword ptr [ebp+FFFFFF64], eax
:00432BBB EB0A                    jmp 00432BC7

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00432B9E(C)
|
:00432BBD C78564FFFFFF00000000    mov dword ptr [ebp+FFFFFF64], 00000000

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00432BBB(U)
|
:00432BC7 8D4DB8                  lea ecx, dword ptr [ebp-48]

* Reference To: MSVBVM50.__vbaFreeObj, Ord:0000h
                                  |
:00432BCA FF1504354600            Call dword ptr [00463504]
:00432BD0 C745FC25000000          mov [ebp-04], 00000025
:00432BD7 66837DCC00              cmp word ptr [ebp-34], 0000
:00432BDC 7E07                    jle 00432BE5
:00432BDE 66837DCC2D              cmp word ptr [ebp-34], 002D
:00432BE3 7E15                    jle 00432BFA

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00432BDC(C)
|
:00432BE5 C745FC26000000          mov [ebp-04], 00000026
:00432BEC 66C70576F04500FFFF      mov word ptr [0045F076], FFFF
:00432BF5 E920010000              jmp 00432D1A

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00432BE3(C)
|
:00432BFA C745FC28000000          mov [ebp-04], 00000028
:00432C01 8B4D08                  mov ecx, dword ptr [ebp+08]
:00432C04 8B11                    mov edx, dword ptr [ecx]
:00432C06 8B4508                  mov eax, dword ptr [ebp+08]
:00432C09 50                      push eax
:00432C0A FF9218030000            call dword ptr [edx+00000318]
:00432C10 50                      push eax
:00432C11 8D4DB8                  lea ecx, dword ptr [ebp-48]
:00432C14 51                      push ecx

* Reference To: MSVBVM50.__vbaObjSet, Ord:0000h
                                  |
:00432C15 FF1544334600            Call dword ptr [00463344]
:00432C1B 894588                  mov dword ptr [ebp-78], eax
:00432C1E 8D55B4                  lea edx, dword ptr [ebp-4C]
:00432C21 52                      push edx
:00432C22 6A01                    push 00000001
:00432C24 8B4588                  mov eax, dword ptr [ebp-78]
:00432C27 8B08                    mov ecx, dword ptr [eax]
:00432C29 8B5588                  mov edx, dword ptr [ebp-78]
:00432C2C 52                      push edx
:00432C2D FF5140                  call [ecx+40]
:00432C30 894584                  mov dword ptr [ebp-7C], eax
:00432C33 837D8400                cmp dword ptr [ebp-7C], 00000000
:00432C37 7D1D                    jge 00432C56
:00432C39 6A40                    push 00000040
:00432C3B 6804224100              push 00412204
:00432C40 8B4588                  mov eax, dword ptr [ebp-78]
:00432C43 50                      push eax
:00432C44 8B4D84                  mov ecx, dword ptr [ebp-7C]
:00432C47 51                      push ecx

* Reference To: MSVBVM50.__vbaHresultCheckObj, Ord:0000h
                                  |
:00432C48 FF1524334600            Call dword ptr [00463324]
:00432C4E 898560FFFFFF            mov dword ptr [ebp+FFFFFF60], eax
:00432C54 EB0A                    jmp 00432C60

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00432C37(C)
|
:00432C56 C78560FFFFFF00000000    mov dword ptr [ebp+FFFFFF60], 00000000

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00432C54(U)
|
:00432C60 8B55B4                  mov edx, dword ptr [ebp-4C]
:00432C63 895580                  mov dword ptr [ebp-80], edx

* Possible StringData Ref from Code Obj ->"330 day trial: "            -->试用标志
                                  |
:00432C66 681C024100              push 0041021C
:00432C6B 668B45CC                mov ax, word ptr [ebp-34]
:00432C6F 50                      push eax

* Reference To: MSVBVM50.__vbaStrI2, Ord:0000h
                                  |
:00432C70 FF15A4324600            Call dword ptr [004632A4]
:00432C76 8BD0                    mov edx, eax
:00432C78 8D4DC4                  lea ecx, dword ptr [ebp-3C]

* Reference To: MSVBVM50.__vbaStrMove, Ord:0000h
                                  |
:00432C7B FF15D0344600            Call dword ptr [004634D0]
:00432C81 50                      push eax

* Reference To: MSVBVM50.__vbaStrCat, Ord:0000h
                                  |
:00432C82 FF150C334600            Call dword ptr [0046330C]
:00432C88 8BD0                    mov edx, eax
:00432C8A 8D4DC0                  lea ecx, dword ptr [ebp-40]

* Reference To: MSVBVM50.__vbaStrMove, Ord:0000h
                                  |
:00432C8D FF15D0344600            Call dword ptr [004634D0]
:00432C93 50                      push eax

* Possible StringData Ref from Code Obj ->"  days left."                -->试用标志
                                  |
:00432C94 68A0374100              push 004137A0

* Reference To: MSVBVM50.__vbaStrCat, Ord:0000h
                                  |
:00432C99 FF150C334600            Call dword ptr [0046330C]
:00432C9F 8BD0                    mov edx, eax
:00432CA1 8D4DBC                  lea ecx, dword ptr [ebp-44]

* Reference To: MSVBVM50.__vbaStrMove, Ord:0000h
                                  |
:00432CA4 FF15D0344600            Call dword ptr [004634D0]
:00432CAA 50                      push eax
:00432CAB 8B4D80                  mov ecx, dword ptr [ebp-80]
:00432CAE 8B11                    mov edx, dword ptr [ecx]
:00432CB0 8B4580                  mov eax, dword ptr [ebp-80]
:00432CB3 50                      push eax
:00432CB4 FF5254                  call [edx+54]
:00432CB7 89857CFFFFFF            mov dword ptr [ebp+FFFFFF7C], eax
:00432CBD 83BD7CFFFFFF00          cmp dword ptr [ebp+FFFFFF7C], 00000000
:00432CC4 7D20                    jge 00432CE6
:00432CC6 6A54                    push 00000054

* Possible StringData Ref from Code Obj ->"貼?檉??"
                                  |
:00432CC8 6814224100              push 00412214
:00432CCD 8B4D80                  mov ecx, dword ptr [ebp-80]
:00432CD0 51                      push ecx
:00432CD1 8B957CFFFFFF            mov edx, dword ptr [ebp+FFFFFF7C]
:00432CD7 52                      push edx

* Reference To: MSVBVM50.__vbaHresultCheckObj, Ord:0000h
                                  |
:00432CD8 FF1524334600            Call dword ptr [00463324]
:00432CDE 89855CFFFFFF            mov dword ptr [ebp+FFFFFF5C], eax
:00432CE4 EB0A                    jmp 00432CF0

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00432CC4(C)
|
:00432CE6 C7855CFFFFFF00000000    mov dword ptr [ebp+FFFFFF5C], 00000000

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00432CE4(U)
|
:00432CF0 8D45BC                  lea eax, dword ptr [ebp-44]
:00432CF3 50                      push eax
:00432CF4 8D4DC0                  lea ecx, dword ptr [ebp-40]
:00432CF7 51                      push ecx
:00432CF8 8D55C4                  lea edx, dword ptr [ebp-3C]
:00432CFB 52                      push edx
:00432CFC 6A03                    push 00000003



conanxu[BCG]
conanxu@eastday.com