破解webclaw——出学者全凭眼力
这个软件也不难,就是需要细心。下载地址我也不知道,哪位知道告诉我一下
它的注册码计算出来后在call中直接换算成16进制,RET前放在edx里,出来后
edx直接被填充,以后该数值也不完整出现。所以说,对出学者来说全凭眼力。
点击程序,选注册,填121212121,按bpx hmemcpy,enter,x退出点注册。
pmodule到领空,按f12一次就退出。最近的vb都怎么了?我一连遇上3个f12一次
就退出的,成潮流了!
原样再来,到这里,按f10往下
016F:004188D4 CMP EAX,EDI
016F:004188D6 JNL 004188F0
016F:004188D8 MOV ECX,[EBP+FFFFFE90]
016F:004188DE PUSH DWORD A0
016F:004188E3 PUSH DWORD 0040BFB4
016F:004188E8 PUSH ECX
016F:004188E9 PUSH EAX
016F:004188EA CALL `MSVBVM50!__vbaHresultCheckObj`
016F:004188F0 MOV EDX,[EBP+FFFFFF18]
016F:004188F6 PUSH EDX
016F:004188F7 CALL `MSVBVM50!rtcR8ValFromBstr`
016F:004188FD FSTP QWORD [EBP+FFFFFECC]
016F:00418903 LEA EDX,[EBP+FFFFFEC4]
016F:00418909 LEA ECX,[EBP+FFFFFF1C]
016F:0041890F MOV DWORD [EBP+FFFFFEC4],05
016F:00418919 CALL ESI
016F:0041891B LEA ECX,[EBP+FFFFFF18]
016F:00418921 CALL `MSVBVM50!__vbaFreeStr`
016F:00418927 LEA ECX,[EBP+FFFFFF14]
016F:0041892D CALL `MSVBVM50!__vbaFreeObj`
016F:00418933 MOV EAX,[EBP+FFFFFE80]
016F:00418939 PUSH EBX
016F:0041893A CALL NEAR [EAX+0318]
016F:00418940 LEA ECX,[EBP+FFFFFF14]
016F:00418946 PUSH EAX
016F:00418947 PUSH ECX
016F:00418948 CALL `MSVBVM50!__vbaObjSet`
016F:0041894E MOV EBX,EAX
016F:00418950 LEA EAX,[EBP+FFFFFF18]
016F:00418956 PUSH EAX
016F:00418957 PUSH EBX
016F:00418958 MOV EDX,[EBX]
016F:0041895A CALL NEAR [EDX+A0]
016F:00418960 CMP EAX,EDI
016F:00418962 JNL 00418976
016F:00418964 PUSH DWORD A0
016F:00418969 PUSH DWORD 0040BFB4
016F:0041896E PUSH EBX
016F:0041896F PUSH EAX
016F:00418970 CALL `MSVBVM50!__vbaHresultCheckObj`
016F:00418976 MOV ECX,[EBP+FFFFFF18]
016F:0041897C PUSH ECX
016F:0041897D CALL `MSVBVM50!rtcR8ValFromBstr`
016F:00418983 FSTP QWORD [EBP+FFFFFECC]
016F:00418989 LEA EDX,[EBP+FFFFFEC4]
016F:0041898F LEA ECX,[EBP-54]
016F:00418992 MOV DWORD [EBP+FFFFFEC4],05
016F:0041899C CALL ESI
016F:0041899E LEA ECX,[EBP+FFFFFF18]
016F:004189A4 CALL `MSVBVM50!__vbaFreeStr`
016F:004189AA LEA ECX,[EBP+FFFFFF14]
016F:004189B0 CALL `MSVBVM50!__vbaFreeObj`
016F:004189B6 LEA EDX,[EBP+FFFFFF1C]
016F:004189BC LEA EAX,[EBP+FFFFFF4C]
016F:004189C2 PUSH EDX
016F:004189C3 LEA ECX,[EBP+FFFFFF04]
016F:004189C9 PUSH EAX
016F:004189CA PUSH ECX
016F:004189CB CALL `MSVBVM50!__vbaVarAdd`
016F:004189D1 PUSH EAX
016F:004189D2 LEA EDX,[EBP+FFFFFF4C]
016F:004189D8 LEA EAX,[EBP+FFFFFEF4]
016F:004189DE PUSH EDX
016F:004189DF PUSH EAX
016F:004189E0 CALL `MSVBVM50!__vbaVarXor`
016F:004189E6 MOV EDX,EAX
016F:004189E8 LEA ECX,[EBP+FFFFFF2C]
016F:004189EE CALL ESI
016F:004189F0 LEA ECX,[EBP+FFFFFF04]
016F:004189F6 CALL `MSVBVM50!__vbaFreeVar`
就是这里!!call过后edx是新的,打?edx就是注册码。
016F:004189FC LEA ECX,[EBP-54]
016F:004189FF LEA EDX,[EBP+FFFFFF2C]
016F:00418A05 PUSH ECX
016F:00418A06 PUSH EDX
016F:00418A07 CALL `MSVBVM50!__vbaVarTstEq`
016F:00418A0D TEST AX,AX
016F:00418A10 MOV EAX,80020004
016F:00418A15 MOV ECX,0A
016F:00418A1A MOV [EBP+FFFFFEDC],EAX
016F:00418A20 MOV [EBP+FFFFFED4],ECX
016F:00418A26 MOV [EBP+FFFFFEEC],EAX
016F:00418A2C MOV [EBP+FFFFFEE4],ECX
016F:00418A32 JZ NEAR 00418EA9
016F:00418A38 MOV EBX,[00420334]
016F:00418A3E LEA EDX,[EBP+FFFFFEB4]
016F:00418A44 LEA ECX,[EBP+FFFFFEF4]
016F:00418A4A MOV DWORD [EBP+FFFFFEBC],0040CD40
016F:00418A54 MOV DWORD [EBP+FFFFFEB4],08
016F:00418A5E CALL EBX
016F:00418A60 LEA EDX,[EBP+FFFFFEC4]
016F:00418A66 LEA ECX,[EBP+FFFFFF04]
016F:00418A6C MOV DWORD [EBP+FFFFFECC],0040CD28
016F:00418A76 MOV DWORD [EBP+FFFFFEC4],08
016F:00418A80 CALL EBX
016F:00418A82 LEA EAX,[EBP+FFFFFED4]
016F:00418A88 LEA ECX,[EBP+FFFFFEE4]
016F:00418A8E PUSH EAX
016F:00418A8F LEA EDX,[EBP+FFFFFEF4]
016F:00418A95 PUSH ECX
016F:00418A96 PUSH EDX
016F:00418A97 LEA EAX,[EBP+FFFFFF04]
016F:00418A9D PUSH BYTE +40
016F:00418A9F PUSH EAX
016F:00418AA0 CALL `MSVBVM50!rtcMsgBox`
016F:00418AA6 LEA ECX,[EBP+FFFFFED4]
016F:00418AAC LEA EDX,[EBP+FFFFFEE4]
016F:00418AB2 PUSH ECX
016F:00418AB3 LEA EAX,[EBP+FFFFFEF4]
016F:00418AB9 PUSH EDX
016F:00418ABA LEA ECX,[EBP+FFFFFF04]
016F:00418AC0 PUSH EAX
016F:00418AC1 PUSH ECX
016F:00418AC2 PUSH BYTE +04
016F:00418AC4 CALL `MSVBVM50!__vbaFreeVarList`
016F:00418ACA ADD ESP,BYTE +14
016F:00418ACD LEA EDX,[EBP+FFFFFF2C]
016F:00418AD3 LEA EAX,[EBP+FFFFFF04]
016F:00418AD9 PUSH EDX
016F:00418ADA PUSH EAX
016F:00418ADB CALL `MSVBVM50!rtcVarStrFromVar`
016F:00418AE1 LEA ECX,[EBP+FFFFFF04]
016F:00418AE7 LEA EDX,[EBP+FFFFFF18]
016F:00418AED PUSH ECX
016F:00418AEE PUSH EDX
016F:00418AEF CALL `MSVBVM50!__vbaStrVarVal`
016F:00418AF5 PUSH EAX
016F:00418AF6 PUSH DWORD 0040C04C
016F:00418AFB PUSH DWORD 0040C040
016F:00418B00 PUSH DWORD 0040C000
016F:00418B05 CALL `MSVBVM50!rtcSaveSetting`
016F:00418B0B LEA ECX,[EBP+FFFFFF18]
016F:00418B11 CALL `MSVBVM50!__vbaFreeStr`
016F:00418B17 LEA ECX,[EBP+FFFFFF04]
016F:00418B1D CALL `MSVBVM50!__vbaFreeVar`
016F:00418B23 SUB ESP,BYTE +10
016F:00418B26 MOV ECX,08
016F:00418B2B MOV EDX,ESP
016F:00418B2D MOV [EBP+FFFFFEB4],ECX
016F:00418B33 MOV [EBP+FFFFFEC4],ECX
016F:00418B39 MOV EAX,0040CD64
016F:00418B3E MOV [EDX],ECX
016F:00418B40 MOV ECX,[EBP+FFFFFEB8]
016F:00418B46 MOV [EBP+FFFFFEBC],EAX
016F:00418B4C SUB ESP,BYTE +10
016F:00418B4F MOV [EDX+04],ECX
016F:00418B52 MOV ECX,ESP
016F:00418B54 MOV DWORD [EBP+FFFFFECC],0040C040
016F:00418B5E PUSH DWORD 0040C000
016F:00418B63 MOV [EDX+08],EAX
016F:00418B66 MOV EAX,[EBP+FFFFFEC0]
016F:00418B6C MOV [EDX+0C],EAX
016F:00418B6F MOV EDX,[EBP+FFFFFEC4]
016F:00418B75 MOV EAX,[EBP+FFFFFEC8]
016F:00418B7B MOV [ECX],EDX
016F:00418B7D MOV EDX,[EBP+FFFFFECC]
016F:00418B83 MOV [ECX+04],EAX
016F:00418B86 MOV EAX,[EBP+FFFFFED0]
016F:00418B8C MOV [ECX+08],EDX
016F:00418B8F MOV [ECX+0C],EAX
016F:00418B92 CALL `MSVBVM50!rtcDeleteSetting`
016F:00418B98 MOV EAX,0040CD7C
016F:00418B9D MOV ECX,08
016F:00418BA2 MOV [EBP+FFFFFEBC],EAX
016F:00418BA8 MOV [EBP+FFFFFEB4],ECX
016F:00418BAE SUB ESP,BYTE +10
016F:00418BB1 MOV [EBP+FFFFFEC4],ECX
016F:00418BB7 MOV EDX,ESP
016F:00418BB9 SUB ESP,BYTE +10
016F:00418BBC MOV DWORD [EBP+FFFFFECC],0040C040
016F:00418BC6 MOV [EDX],ECX
016F:00418BC8 MOV ECX,[EBP+FFFFFEB8]
016F:00418BCE MOV [EDX+04],ECX
016F:00418BD1 MOV ECX,ESP
016F:00418BD3 PUSH DWORD 0040C000
016F:00418BD8 MOV [EDX+08],EAX
016F:00418BDB MOV EAX,[EBP+FFFFFEC0]
016F:00418BE1 MOV [EDX+0C],EAX
016F:00418BE4 MOV EDX,[EBP+FFFFFEC4]
016F:00418BEA MOV EAX,[EBP+FFFFFEC8]
016F:00418BF0 MOV [ECX],EDX
016F:00418BF2 MOV EDX,[EBP+FFFFFECC]
016F:00418BF8 MOV [ECX+04],EAX
016F:00418BFB MOV EAX,[EBP+FFFFFED0]
016F:00418C01 MOV [ECX+08],EDX
016F:00418C04 MOV [ECX+0C],EAX
016F:00418C07 CALL `MSVBVM50!rtcDeleteSetting`
016F:00418C0D MOV ECX,[EBP+08]
016F:00418C10 MOV EDX,[EBP+FFFFFE80]
016F:00418C16 PUSH ECX
016F:00418C17 CALL NEAR [EDX+0324]
016F:00418C1D PUSH EAX
016F:00418C1E LEA EAX,[EBP+FFFFFF14]
016F:00418C24 PUSH EAX
016F:00418C25 CALL `MSVBVM50!__vbaObjSet`
016F:00418C2B MOV ECX,[EAX]
016F:00418C2D PUSH EDI
016F:00418C2E PUSH EAX
016F:00418C2F MOV [EBP+FFFFFE90],EAX
016F:00418C35 CALL NEAR [ECX+8C]
016F:00418C3B CMP EAX,EDI
016F:00418C3D JNL 00418C57
016F:00418C3F MOV EDX,[EBP+FFFFFE90]
016F:00418C45 PUSH DWORD 8C
016F:00418C4A PUSH DWORD 0040CA78
016F:00418C4F PUSH EDX
016F:00418C50 PUSH EAX
016F:00418C51 CALL `MSVBVM50!__vbaHresultCheckObj`
016F:00418C57 LEA ECX,[EBP+FFFFFF14]
016F:00418C5D CALL `MSVBVM50!__vbaFreeObj`
016F:00418C63 LEA EDX,[EBP+FFFFFEC4]
016F:00418C69 LEA ECX,[EBP-34]
016F:00418C6C MOV DWORD [EBP+FFFFFECC],0040C574
016F:00418C76 MOV DWORD [EBP+FFFFFEC4],08
016F:00418C80 CALL `MSVBVM50!__vbaVarCopy`
016F:00418C86 LEA EDX,[EBP+FFFFFEC4]
016F:00418C8C LEA ECX,[EBP+FFFFFF04]
016F:00418C92 MOV DWORD [EBP+FFFFFECC],0040CD94
016F:00418C9C MOV DWORD [EBP+FFFFFEC4],08
016F:00418CA6 CALL EBX
016F:00418CA8 LEA EAX,[EBP+FFFFFF04]
016F:00418CAE PUSH BYTE +10
016F:00418CB0 PUSH EAX
016F:00418CB1 CALL `MSVBVM50!rtcDir`
016F:00418CB7 LEA EDX,[EBP+FFFFFEF4]
016F:00418CBD LEA ECX,[EBP-64]
016F:00418CC0 MOV [EBP+FFFFFEFC],EAX
016F:00418CC6 MOV DWORD [EBP+FFFFFEF4],08
016F:00418CD0 CALL ESI
016F:00418CD2 LEA ECX,[EBP+FFFFFF04]
016F:00418CD8 CALL `MSVBVM50!__vbaFreeVar`
016F:00418CDE LEA EDX,[EBP+FFFFFEC4]
016F:00418CE4 LEA ECX,[EBP+FFFFFF04]
016F:00418CEA MOV DWORD [EBP+FFFFFECC],0040CDB0
016F:00418CF4 MOV DWORD [EBP+FFFFFEC4],08
016F:00418CFE CALL EBX
016F:00418D00 LEA ECX,[EBP+FFFFFF04]
016F:00418D06 LEA EDX,[EBP+FFFFFEF4]
016F:00418D0C PUSH ECX
016F:00418D0D PUSH EDX
016F:00418D0E CALL `MSVBVM50!rtcUpperCaseVar`
016F:00418D14 LEA EAX,[EBP-64]
016F:00418D17 LEA ECX,[EBP+FFFFFEF4]
016F:00418D1D PUSH EAX
016F:00418D1E PUSH ECX
016F:00418D1F CALL `MSVBVM50!__vbaVarTstEq`
016F:00418D25 MOV [EBP+FFFFFE90],EAX
016F:00418D2B LEA EDX,[EBP+FFFFFEF4]
016F:00418D31 LEA EAX,[EBP+FFFFFF04]
016F:00418D37 PUSH EDX
016F:00418D38 PUSH EAX
016F:00418D39 PUSH BYTE +02
016F:00418D3B CALL `MSVBVM50!__vbaFreeVarList`
016F:00418D41 ADD ESP,BYTE +0C
016F:00418D44 CMP [EBP+FFFFFE90],DI
016F:00418D4B JZ NEAR 00418F3B
016F:00418D51 LEA ECX,[EBP+FFFFFEC4]
016F:00418D57 LEA EDX,[EBP-64]
016F:00418D5A PUSH ECX
016F:00418D5B LEA EAX,[EBP+FFFFFF04]
016F:00418D61 PUSH EDX
016F:00418D62 PUSH EAX
016F:00418D63 MOV DWORD [EBP+FFFFFECC],0040BFC8
016F:00418D6D MOV DWORD [EBP+FFFFFEC4],08
016F:00418D77 CALL `MSVBVM50!__vbaVarAdd`
016F:00418D7D MOV EDX,EAX
016F:00418D7F LEA ECX,[EBP-34]
016F:00418D82 CALL ESI
016F:00418D84 LEA ECX,[EBP-34]
016F:00418D87 LEA EDX,[EBP+FFFFFEC4]
016F:00418D8D PUSH ECX
016F:00418D8E LEA EAX,[EBP+FFFFFF04]
016F:00418D94 PUSH EDX
016F:00418D95 PUSH EAX
016F:00418D96 MOV DWORD [EBP+FFFFFECC],0040CDDC
016F:00418DA0 MOV DWORD [EBP+FFFFFEC4],08
016F:00418DAA CALL `MSVBVM50!__vbaVarAdd`
016F:00418DB0 MOV EDX,EAX
016F:00418DB2 LEA ECX,[EBP+FFFFFF5C]
016F:00418DB8 CALL ESI
016F:00418DBA LEA ECX,[EBP+FFFFFF5C]
016F:00418DC0 PUSH BYTE +02
016F:00418DC2 PUSH ECX
016F:00418DC3 CALL `MSVBVM50!rtcDir`
016F:00418DC9 MOV [EBP+FFFFFF0C],EAX
016F:00418DCF LEA EDX,[EBP+FFFFFF04]
016F:00418DD5 LEA EAX,[EBP+FFFFFEF4]
016F:00418DDB PUSH EDX
016F:00418DDC PUSH EAX
016F:00418DDD MOV DWORD [EBP+FFFFFF04],08
016F:00418DE7 CALL `MSVBVM50!rtcUpperCaseVar`
016F:00418DED LEA EDX,[EBP+FFFFFEF4]
016F:00418DF3 LEA ECX,[EBP-24]
016F:00418DF6 CALL ESI
016F:00418DF8 LEA ECX,[EBP+FFFFFF04]
016F:00418DFE CALL `MSVBVM50!__vbaFreeVar`
016F:00418E04 LEA EDX,[EBP+FFFFFEC4]
016F:00418E0A LEA ECX,[EBP+FFFFFF04]
016F:00418E10 MOV DWORD [EBP+FFFFFECC],0040CE08
016F:00418E1A MOV DWORD [EBP+FFFFFEC4],08
016F:00418E24 CALL EBX
016F:00418E26 LEA ECX,[EBP+FFFFFF04]
016F:00418E2C LEA EDX,[EBP+FFFFFEF4]
016F:00418E32 PUSH ECX
016F:00418E33 PUSH EDX
016F:00418E34 CALL `MSVBVM50!rtcUpperCaseVar`
016F:00418E3A LEA EAX,[EBP-24]
016F:00418E3D LEA ECX,[EBP+FFFFFEF4]
016F:00418E43 PUSH EAX
016F:00418E44 PUSH ECX
016F:00418E45 CALL `MSVBVM50!__vbaVarTstEq`
016F:00418E4B MOV ESI,EAX
016F:00418E4D LEA EDX,[EBP+FFFFFEF4]
016F:00418E53 LEA EAX,[EBP+FFFFFF04]
016F:00418E59 PUSH EDX
016F:00418E5A PUSH EAX
016F:00418E5B PUSH BYTE +02
016F:00418E5D CALL `MSVBVM50!__vbaFreeVarList`
016F:00418E63 ADD ESP,BYTE +0C
016F:00418E66 CMP SI,DI
016F:00418E69 JZ NEAR 00418F3B
016F:00418E6F LEA ECX,[EBP+FFFFFF5C]
016F:00418E75 PUSH EDI
016F:00418E76 LEA EDX,[EBP+FFFFFF18]
016F:00418E7C PUSH ECX
016F:00418E7D PUSH EDX
016F:00418E7E CALL `MSVBVM50!__vbaStrVarVal`
016F:00418E84 PUSH EAX
016F:00418E85 CALL `MSVBVM50!rtcSetFileAttr`
016F:00418E8B LEA ECX,[EBP+FFFFFF18]
016F:00418E91 CALL `MSVBVM50!__vbaFreeStr`
016F:00418E97 LEA EAX,[EBP+FFFFFF5C]
016F:00418E9D PUSH EAX
016F:00418E9E CALL `MSVBVM50!rtcKillFiles`
016F:00418EA4 JMP 00418F3B
016F:00418EA9 MOV ESI,[00420334]
016F:00418EAF MOV EBX,08
016F:00418EB4 LEA EDX,[EBP+FFFFFEB4]
016F:00418EBA LEA ECX,[EBP+FFFFFEF4]
016F:00418EC0 MOV DWORD [EBP+FFFFFEBC],0040CE44
016F:00418ECA MOV [EBP+FFFFFEB4],EBX
016F:00418ED0 CALL ESI
016F:00418ED2 LEA EDX,[EBP+FFFFFEC4]
016F:00418ED8 LEA ECX,[EBP+FFFFFF04]
016F:00418EDE MOV DWORD [EBP+FFFFFECC],0040CE30
016F:00418EE8 MOV [EBP+FFFFFEC4],EBX
016F:00418EEE CALL ESI
016F:00418EF0 LEA ECX,[EBP+FFFFFED4]
016F:00418EF6 LEA EDX,[EBP+FFFFFEE4]
016F:00418EFC PUSH ECX
016F:00418EFD LEA EAX,[EBP+FFFFFEF4]
016F:00418F03 PUSH EDX
016F:00418F04 PUSH EAX
016F:00418F05 LEA ECX,[EBP+FFFFFF04]
016F:00418F0B PUSH BYTE +10
016F:00418F0D PUSH ECX
418f0e是个退出call,从4189e6到这里有这么长!
下弦月
- 标 题:破解webclaw——全凭眼力 (14千字)
- 作 者:下弦月
- 时 间:2001-5-21 18:56:20
- 链 接:http://bbs.pediy.com