VBÄæÏò¹¤³ÌʵսÑÝÏ°£¨Ò»£©
¡¾ÄæÏòÈÕÆÚ¡¿ 9ÔÂ21ÈÕ
¡¾ÄæÏò×÷Õß¡¿ Çôͽ
¡¾×÷ÕßÓÊÏä¡¿ nnscccn@yahoo.com.cn
¡¾Ê¹Óù¤¾ß¡¿ VBDE¡¢SmartCheck¡¢W32dsm¡¢OD
¡¾ÄæÏòƽ̨¡¿ Win9x/NT/2000/XP
¡¾Èí¼þÃû³Æ¡¿ CasinoÂÖÅÌÖÇÄÜ»úÆ÷ÈË
¡¾ÏÂÔصØÖ·¡¿ ¼û¸½¼þ
¡¾Èí¼þ¼ò½é¡¿ casinoÂÖÅÌÖÇÄÜ»úÆ÷ÈËÊÇ888¶Ä³¡µÄÒ»¸öÍÑ»úÍâ¹Ò£¬¸ÃÖÇÄÜ»úÆ÷ÈË×Ô¶¯ ÏÂ×¢£¬×Ô¶¯¡°×ª¶¯¡±½«Ëü¹Ò»úºó£¬Äã¾Íʲô¶¼²»¹ÜÁË£¬·Ç³£ºÃÍ棬´ËÀàÍâ¹Ò±È½ÏÉÙ¼û£¬ËùÒÔÎÒ¾ö¶¨ÄæÏòËü¡£
¡¾Èí¼þ´óС¡¿ 84KB
¡¾¼Ó¿Ç·½Ê½¡¿ û
¡¾ÄæÏòÉùÃ÷¡¿ ÎÒÊÇһֻС²ËÄñ£¬ÏëÒª·ÉÈ´ÔõôҲ·É²»¸ß¡£
¡¾ÌâÍâ»° ¡¿ ÈËÓ붯ÎïµÄ×î´óÇø±ðÊÇ»áÀûÓù¤¾ß£¬Äã»á¿´µ½£¬Ö»ÒªÉÆÓÚÀûÓù¤¾ß£¬ÄæÏòÒ»¸öVB³ÌÐò²¢²»ÊǺÜÀ§ÄѵÄÊÂÇ飬¼´Ê¹ÊÇÎÒÕâÑùµÄ²ËÄñÒ²¿ÉÒÔ×öµ½¡£
----------------------------------------------------------------------------------------------------------------------
¡¾ÆƽâÄÚÈÝ¡¿
û¿Ç,ûÓÐCommand Button,ËùÓеÄÄÚÈݶ¼ÔÚForm_LoadÀï¡£ÓÃVBDE²é¿´£¬Form_LoadÔÚ00406A90,´ò¿ªW32dsm£¬ÔØÈëCasinoÂÖÅÌÖÇÄÜ»úÆ÷ÈË£¬²éÕÒ00406A90£¬·´»ã±à´úÂëÈçÏ£º
Quote:
:00406A90 55 push ebp
:00406A91 8BEC mov ebp, esp
:00406A93 83EC0C sub esp, 0000000C
* Possible StringData Ref from Code Obj ->"ÿ%?@"
|
:00406A96 68A6134000 push 004013A6
:00406A9B 64A100000000 mov eax, dword ptr fs:[00000000]
:00406AA1 50 push eax
:00406AA2 64892500000000 mov dword ptr fs:[00000000], esp
:00406AA9 81EC84010000 sub esp, 00000184
:00406AAF 53 push ebx
:00406AB0 56 push esi
:00406AB1 57 push edi
:00406AB2 8965F4 mov dword ptr [ebp-0C], esp
:00406AB5 C745F8A0114000 mov [ebp-08], 004011A0
:00406ABC 8B4508 mov eax, dword ptr [ebp+08]
:00406ABF 8BC8 mov ecx, eax
:00406AC1 83E101 and ecx, 00000001
:00406AC4 894DFC mov dword ptr [ebp-04], ecx
:00406AC7 24FE and al, FE
:00406AC9 50 push eax
:00406ACA 894508 mov dword ptr [ebp+08], eax
:00406ACD 8B10 mov edx, dword ptr [eax]
:00406ACF FF5204 call [edx+04]
:00406AD2 33DB xor ebx, ebx £»´ÓÕâÀ↑ʼ·´±àÒë
:00406AD4 895DDC mov dword ptr [ebp-24], ebx £»ÏÂÃ涼ÊÇһЩ±äÁ¿µÄ¶¨Òå
:00406AD7 895DD4 mov dword ptr [ebp-2C], ebx
:00406ADA 895DD0 mov dword ptr [ebp-30], ebx
:00406ADD 895DC0 mov dword ptr [ebp-40], ebx
:00406AE0 895DB0 mov dword ptr [ebp-50], ebx
:00406AE3 895DA0 mov dword ptr [ebp-60], ebx
:00406AE6 895D90 mov dword ptr [ebp-70], ebx
:00406AE9 895D80 mov dword ptr [ebp-80], ebx
:00406AEC 899D70FFFFFF mov dword ptr [ebp+FFFFFF70], ebx
:00406AF2 899D60FFFFFF mov dword ptr [ebp+FFFFFF60], ebx
:00406AF8 899D34FFFFFF mov dword ptr [ebp+FFFFFF34], ebx
:00406AFE 899D24FFFFFF mov dword ptr [ebp+FFFFFF24], ebx
:00406B04 899D14FFFFFF mov dword ptr [ebp+FFFFFF14], ebx
:00406B0A 899D04FFFFFF mov dword ptr [ebp+FFFFFF04], ebx
:00406B10 899DF4FEFFFF mov dword ptr [ebp+FFFFFEF4], ebx
:00406B16 899DE4FEFFFF mov dword ptr [ebp+FFFFFEE4], ebx
:00406B1C 899DD4FEFFFF mov dword ptr [ebp+FFFFFED4], ebx
:00406B22 899DC4FEFFFF mov dword ptr [ebp+FFFFFEC4], ebx
:00406B28 899DB4FEFFFF mov dword ptr [ebp+FFFFFEB4], ebx
:00406B2E 899DA4FEFFFF mov dword ptr [ebp+FFFFFEA4], ebx
:00406B34 E8F7610000 call 0040CD30 £»¸ú½øÈ¥¿´¿´
:00406B39 391D10204100 cmp dword ptr [00412010], ebx £»±È½Ï
:00406B3F 7510 jne 00406B51 £»²»µÈÔòÌø
:00406B41 6810204100 push 00412010
:00406B46 6804464000 push 00404604
* Reference To: MSVBVM60.__vbaNew2, Ord:0000h
|
:00406B4B FF15F8104000 Call dword ptr [004010F8]
*
*
*
ret
-------------------------------------------------------------------------------------------------------------------
Quote:
:0040CD30 55 push ebp
:0040CD31 8BEC mov ebp, esp
:0040CD33 83EC08 sub esp, 00000008
* Possible StringData Ref from Code Obj ->"ÿ%?@"
|
:0040CD36 68A6134000 push 004013A6
:0040CD3B 64A100000000 mov eax, dword ptr fs:[00000000]
:0040CD41 50 push eax
:0040CD42 64892500000000 mov dword ptr fs:[00000000], esp
:0040CD49 83EC2C sub esp, 0000002C
:0040CD4C 53 push ebx
:0040CD4D 56 push esi
:0040CD4E 57 push edi
:0040CD4F 8965F8 mov dword ptr [ebp-08], esp
:0040CD52 C745FC38134000 mov [ebp-04], 00401338
:0040CD59 33C0 xor eax, eax //eax=0
* Possible StringData Ref from Code Obj ->"127.0.0.1"
|
:0040CD5B BAB8654000 mov edx, 004065B8 £»edx="127.0.0.1"
:0040CD60 8D4DD8 lea ecx, dword ptr [ebp-28] £»ecxÖ¸Ïò±äÁ¿c
:0040CD63 8945E0 mov dword ptr [ebp-20], eax £»dim a as string
:0040CD66 8945DC mov dword ptr [ebp-24], eax £»dim b as string
:0040CD69 8945D8 mov dword ptr [ebp-28], eax £»dim c as string
:0040CD6C 8945C8 mov dword ptr [ebp-38], eax
* Reference To: MSVBVM60.__vbaStrCopy, Ord:0000h
|
:0040CD6F FF1504114000 Call dword ptr [00401104] £»c="127.0.0.1"
:0040CD75 8D45E0 lea eax, dword ptr [ebp-20] £»eaxÖ¸Ïò±äÁ¿a
:0040CD78 50 push eax £»Arg4:Long£¬³¤ÕûÐÍ£¬4×Ö½Ú
* Possible StringData Ref from Code Obj ->"IP1"
|
:0040CD79 6850664000 push 00406650 £»Arg3:string
* Possible StringData Ref from Code Obj ->"Software\casinoonnet\casino\init"
|
:0040CD7E 6808664000 push 00406608 £»Arg2:lpSubkey£¬string
:0040CD83 6801000080 push 80000001 £»Arg1:Õâ¸öÖµ¾ÍÊÇHKEY_CURRENT_USER£¬Long
:0040CD88 E883F6FFFF call 0040C410 £»º¯Êýµ÷ÓÃ:ÕâÊÇ×÷Õß×Ô¼º¹¹ÔìµÄÒ»¸öº¯Êý¡£
£»ÏÂÃæÎÒÃÇÀ´¿´¿´Õâ¸öº¯Êý
£»³õ²½È·¶¨Óë×¢²á±íÓйØ
£»ÎÒÃÇÒªÓõ½SmartCheck
*
*
*
ret
------------------------------------------------------------------------------------------------------------------
´ò¿ªSmartCheck£¬ÔØÈëCasinoÂÖÅÌ»úÆ÷ÈË£¬ÔÚEventÀï¿ÉÒÔ¿´µ½£º
Quote:
_Load
OnError
RegOpenKeyExA returns Long:2
*
*
*
_Load
¿ÉÒÔ¿´µ½£¬µÚÒ»²½ÊÇ´ò¿ª×¢²á±í£¬²éRegOpenKeyExº¯Êý£¬ÓУº
RegOpenKeyEx(ByVal hKey As Long, ByVal lpSubKey As String, ByVal ulOptions As Long, ByVal samDesired As Long, phkResult As Long)
ËüÓÐ5¸ö²ÎÊý£¬ÎÒÃÇ¿´¿´ËüÊÇÔÚÄÄÀÔÚSmartCheckÖУ¬Êó±êµã»÷×ó±ßµÄRegOpenKeyExA returns Long:2,ÔÚÓұ߿ÉÒÔ¿´µ½ËüµÄµØÖ·ÊÇ0040C4AC£¬ÎÒÃÇÔÚW32dsmÖвéÕÒÕâ¸öµØÖ·£¬¿´ËüÊÇ´ÓÄÄÀïÌø¹ýÀ´µÄ¡£
Quote£º
* Referenced by a CALL at Address:
|:0040CD88 £»ÊÇ´ÓÕâÀïÌø¹ýÀ´µÄ
| £»0040CD88¾ÍÊÇÎÒÃÇÉÏÃæÄǸöCall
:0040C410 55 push ebp
:0040C411 8BEC mov ebp, esp
:0040C413 83EC14 sub esp, 00000014
* Possible StringData Ref from Code Obj ->"ÿ%?@"
|
:0040C416 68A6134000 push 004013A6
:0040C41B 64A100000000 mov eax, dword ptr fs:[00000000]
:0040C421 50 push eax
:0040C422 64892500000000 mov dword ptr fs:[00000000], esp
:0040C429 81ECA0000000 sub esp, 000000A0
:0040C42F 53 push ebx
:0040C430 56 push esi
:0040C431 57 push edi
:0040C432 8965EC mov dword ptr [ebp-14], esp
:0040C435 C745F0E8124000 mov [ebp-10], 004012E8
:0040C43C 33F6 xor esi, esi
:0040C43E 8975F4 mov dword ptr [ebp-0C], esi £»
:0040C441 8975F8 mov dword ptr [ebp-08], esi
:0040C444 8975E0 mov dword ptr [ebp-20], esi £»Dim bb as string
:0040C447 8975D8 mov dword ptr [ebp-28], esi £»Dim aa as string
:0040C44A 8975D0 mov dword ptr [ebp-30], esi
:0040C44D 8975CC mov dword ptr [ebp-34], esi
:0040C450 8975BC mov dword ptr [ebp-44], esi
:0040C453 8975AC mov dword ptr [ebp-54], esi
:0040C456 89759C mov dword ptr [ebp-64], esi
:0040C459 89758C mov dword ptr [ebp-74], esi
:0040C45C 89B57CFFFFFF mov dword ptr [ebp+FFFFFF7C], esi £»
:0040C462 89B56CFFFFFF mov dword ptr [ebp+FFFFFF6C], esi
:0040C468 89B55CFFFFFF mov dword ptr [ebp+FFFFFF5C], esi
:0040C46E 8B550C mov edx, dword ptr [ebp+0C] £»Êµ²Î£¬¼´ÉÏÃæµÄArg2
:0040C471 8D4DD8 lea ecx, dword ptr [ebp-28]
* Reference To: MSVBVM60.__vbaStrCopy, Ord:0000h
|
:0040C474 8B3D04114000 mov edi, dword ptr [00401104]
:0040C47A FFD7 call edi £»aa=Arg2
:0040C47C 8B5510 mov edx, dword ptr [ebp+10] £»Êµ²Î£¬¼´ÉÏÃæµÄArg3
:0040C47F 8D4DE0 lea ecx, dword ptr [ebp-20]
:0040C482 FFD7 call edi £»bb=Arg3
:0040C484 6A01 push 00000001
* Reference To: MSVBVM60.__vbaOnError, Ord:0000h
|
:0040C486 FF155C104000 Call dword ptr [0040105C] £»On Error Resume Next
:0040C48C 68EC214100 push 004121EC £»Arg5:phKeyResult
:0040C491 6819000200 push 00020019 £»Arg4:SamDesired
:0040C496 56 push esi £»Arg3:ulOptions
:0040C497 8B45D8 mov eax, dword ptr [ebp-28]
:0040C49A 50 push eax
:0040C49B 8D4DD0 lea ecx, dword ptr [ebp-30]
:0040C49E 51 push ecx
* Reference To: MSVBVM60.__vbaStrToAnsi, Ord:0000h
|
:0040C49F 8B3528114000 mov esi, dword ptr [00401128]
:0040C4A5 FFD6 call esi
:0040C4A7 50 push eax £»Arg2:lpSubKey
:0040C4A8 8B5508 mov edx, dword ptr [ebp+08]
:0040C4AB 52 push edx £»Arg1:hKey=80000001
:0040C4AC E8D395FFFF call 00405A84 £»ÎÒÃÇÀ´µ½ÕâÀïRegOpenKeyEx
--------------------------------------------------------------------------------------------------------------
ÒÔÉÏÊÇһС¶ÎÄæÏòÐĵã¬ÇëÓÐÐËȤµÄÅóÓѺÍÎÒ¹²Í¬Ì½ÌÖ¡£ÎÒµÄE-mail£ºnnscccn@yahoo.com.cn