破解webclaw――全憑眼力 (14千字)
破解webclaw――出學者全憑眼力
這個軟體也不難,就是需要細心。下載地址我也不知道,哪位知道告訴我一下
它的註冊碼計算出來後在call中直接換算成16進位制,RET前放在edx裡,出來後
edx直接被填充,以後該數值也不完整出現。所以說,對出學者來說全憑眼力。
點選程式,選註冊,填121212121,按bpx hmemcpy,enter,x退出點註冊。
pmodule到領空,按f12一次就退出。最近的vb都怎麼了?我一連遇上3個f12一次
就退出的,成潮流了!
原樣再來,到這裡,按f10往下
016F:004188D4 CMP EAX,EDI
016F:004188D6 JNL 004188F0
016F:004188D8 MOV ECX,[EBP+FFFFFE90]
016F:004188DE PUSH DWORD A0
016F:004188E3 PUSH DWORD 0040BFB4
016F:004188E8 PUSH ECX
016F:004188E9 PUSH EAX
016F:004188EA CALL `MSVBVM50!__vbaHresultCheckObj`
016F:004188F0 MOV EDX,[EBP+FFFFFF18]
016F:004188F6 PUSH EDX
016F:004188F7 CALL `MSVBVM50!rtcR8ValFromBstr`
016F:004188FD FSTP QWORD [EBP+FFFFFECC]
016F:00418903 LEA EDX,[EBP+FFFFFEC4]
016F:00418909 LEA ECX,[EBP+FFFFFF1C]
016F:0041890F MOV DWORD [EBP+FFFFFEC4],05
016F:00418919 CALL ESI
016F:0041891B LEA ECX,[EBP+FFFFFF18]
016F:00418921 CALL `MSVBVM50!__vbaFreeStr`
016F:00418927 LEA ECX,[EBP+FFFFFF14]
016F:0041892D CALL `MSVBVM50!__vbaFreeObj`
016F:00418933 MOV EAX,[EBP+FFFFFE80]
016F:00418939 PUSH EBX
016F:0041893A CALL NEAR [EAX+0318]
016F:00418940 LEA ECX,[EBP+FFFFFF14]
016F:00418946 PUSH EAX
016F:00418947 PUSH ECX
016F:00418948 CALL `MSVBVM50!__vbaObjSet`
016F:0041894E MOV EBX,EAX
016F:00418950 LEA EAX,[EBP+FFFFFF18]
016F:00418956 PUSH EAX
016F:00418957 PUSH EBX
016F:00418958 MOV EDX,[EBX]
016F:0041895A CALL NEAR [EDX+A0]
016F:00418960 CMP EAX,EDI
016F:00418962 JNL 00418976
016F:00418964 PUSH DWORD A0
016F:00418969 PUSH DWORD 0040BFB4
016F:0041896E PUSH EBX
016F:0041896F PUSH EAX
016F:00418970 CALL `MSVBVM50!__vbaHresultCheckObj`
016F:00418976 MOV ECX,[EBP+FFFFFF18]
016F:0041897C PUSH ECX
016F:0041897D CALL `MSVBVM50!rtcR8ValFromBstr`
016F:00418983 FSTP QWORD [EBP+FFFFFECC]
016F:00418989 LEA EDX,[EBP+FFFFFEC4]
016F:0041898F LEA ECX,[EBP-54]
016F:00418992 MOV DWORD [EBP+FFFFFEC4],05
016F:0041899C CALL ESI
016F:0041899E LEA ECX,[EBP+FFFFFF18]
016F:004189A4 CALL `MSVBVM50!__vbaFreeStr`
016F:004189AA LEA ECX,[EBP+FFFFFF14]
016F:004189B0 CALL `MSVBVM50!__vbaFreeObj`
016F:004189B6 LEA EDX,[EBP+FFFFFF1C]
016F:004189BC LEA EAX,[EBP+FFFFFF4C]
016F:004189C2 PUSH EDX
016F:004189C3 LEA ECX,[EBP+FFFFFF04]
016F:004189C9 PUSH EAX
016F:004189CA PUSH ECX
016F:004189CB CALL `MSVBVM50!__vbaVarAdd`
016F:004189D1 PUSH EAX
016F:004189D2 LEA EDX,[EBP+FFFFFF4C]
016F:004189D8 LEA EAX,[EBP+FFFFFEF4]
016F:004189DE PUSH EDX
016F:004189DF PUSH EAX
016F:004189E0 CALL `MSVBVM50!__vbaVarXor`
016F:004189E6 MOV EDX,EAX
016F:004189E8 LEA ECX,[EBP+FFFFFF2C]
016F:004189EE CALL ESI
016F:004189F0 LEA ECX,[EBP+FFFFFF04]
016F:004189F6 CALL `MSVBVM50!__vbaFreeVar`
就是這裡!!call過後edx是新的,打?edx就是註冊碼。
016F:004189FC LEA ECX,[EBP-54]
016F:004189FF LEA EDX,[EBP+FFFFFF2C]
016F:00418A05 PUSH ECX
016F:00418A06 PUSH EDX
016F:00418A07 CALL `MSVBVM50!__vbaVarTstEq`
016F:00418A0D TEST AX,AX
016F:00418A10 MOV EAX,80020004
016F:00418A15 MOV ECX,0A
016F:00418A1A MOV [EBP+FFFFFEDC],EAX
016F:00418A20 MOV [EBP+FFFFFED4],ECX
016F:00418A26 MOV [EBP+FFFFFEEC],EAX
016F:00418A2C MOV [EBP+FFFFFEE4],ECX
016F:00418A32 JZ NEAR 00418EA9
016F:00418A38 MOV EBX,[00420334]
016F:00418A3E LEA EDX,[EBP+FFFFFEB4]
016F:00418A44 LEA ECX,[EBP+FFFFFEF4]
016F:00418A4A MOV DWORD [EBP+FFFFFEBC],0040CD40
016F:00418A54 MOV DWORD [EBP+FFFFFEB4],08
016F:00418A5E CALL EBX
016F:00418A60 LEA EDX,[EBP+FFFFFEC4]
016F:00418A66 LEA ECX,[EBP+FFFFFF04]
016F:00418A6C MOV DWORD [EBP+FFFFFECC],0040CD28
016F:00418A76 MOV DWORD [EBP+FFFFFEC4],08
016F:00418A80 CALL EBX
016F:00418A82 LEA EAX,[EBP+FFFFFED4]
016F:00418A88 LEA ECX,[EBP+FFFFFEE4]
016F:00418A8E PUSH EAX
016F:00418A8F LEA EDX,[EBP+FFFFFEF4]
016F:00418A95 PUSH ECX
016F:00418A96 PUSH EDX
016F:00418A97 LEA EAX,[EBP+FFFFFF04]
016F:00418A9D PUSH BYTE +40
016F:00418A9F PUSH EAX
016F:00418AA0 CALL `MSVBVM50!rtcMsgBox`
016F:00418AA6 LEA ECX,[EBP+FFFFFED4]
016F:00418AAC LEA EDX,[EBP+FFFFFEE4]
016F:00418AB2 PUSH ECX
016F:00418AB3 LEA EAX,[EBP+FFFFFEF4]
016F:00418AB9 PUSH EDX
016F:00418ABA LEA ECX,[EBP+FFFFFF04]
016F:00418AC0 PUSH EAX
016F:00418AC1 PUSH ECX
016F:00418AC2 PUSH BYTE +04
016F:00418AC4 CALL `MSVBVM50!__vbaFreeVarList`
016F:00418ACA ADD ESP,BYTE +14
016F:00418ACD LEA EDX,[EBP+FFFFFF2C]
016F:00418AD3 LEA EAX,[EBP+FFFFFF04]
016F:00418AD9 PUSH EDX
016F:00418ADA PUSH EAX
016F:00418ADB CALL `MSVBVM50!rtcVarStrFromVar`
016F:00418AE1 LEA ECX,[EBP+FFFFFF04]
016F:00418AE7 LEA EDX,[EBP+FFFFFF18]
016F:00418AED PUSH ECX
016F:00418AEE PUSH EDX
016F:00418AEF CALL `MSVBVM50!__vbaStrVarVal`
016F:00418AF5 PUSH EAX
016F:00418AF6 PUSH DWORD 0040C04C
016F:00418AFB PUSH DWORD 0040C040
016F:00418B00 PUSH DWORD 0040C000
016F:00418B05 CALL `MSVBVM50!rtcSaveSetting`
016F:00418B0B LEA ECX,[EBP+FFFFFF18]
016F:00418B11 CALL `MSVBVM50!__vbaFreeStr`
016F:00418B17 LEA ECX,[EBP+FFFFFF04]
016F:00418B1D CALL `MSVBVM50!__vbaFreeVar`
016F:00418B23 SUB ESP,BYTE +10
016F:00418B26 MOV ECX,08
016F:00418B2B MOV EDX,ESP
016F:00418B2D MOV [EBP+FFFFFEB4],ECX
016F:00418B33 MOV [EBP+FFFFFEC4],ECX
016F:00418B39 MOV EAX,0040CD64
016F:00418B3E MOV [EDX],ECX
016F:00418B40 MOV ECX,[EBP+FFFFFEB8]
016F:00418B46 MOV [EBP+FFFFFEBC],EAX
016F:00418B4C SUB ESP,BYTE +10
016F:00418B4F MOV [EDX+04],ECX
016F:00418B52 MOV ECX,ESP
016F:00418B54 MOV DWORD [EBP+FFFFFECC],0040C040
016F:00418B5E PUSH DWORD 0040C000
016F:00418B63 MOV [EDX+08],EAX
016F:00418B66 MOV EAX,[EBP+FFFFFEC0]
016F:00418B6C MOV [EDX+0C],EAX
016F:00418B6F MOV EDX,[EBP+FFFFFEC4]
016F:00418B75 MOV EAX,[EBP+FFFFFEC8]
016F:00418B7B MOV [ECX],EDX
016F:00418B7D MOV EDX,[EBP+FFFFFECC]
016F:00418B83 MOV [ECX+04],EAX
016F:00418B86 MOV EAX,[EBP+FFFFFED0]
016F:00418B8C MOV [ECX+08],EDX
016F:00418B8F MOV [ECX+0C],EAX
016F:00418B92 CALL `MSVBVM50!rtcDeleteSetting`
016F:00418B98 MOV EAX,0040CD7C
016F:00418B9D MOV ECX,08
016F:00418BA2 MOV [EBP+FFFFFEBC],EAX
016F:00418BA8 MOV [EBP+FFFFFEB4],ECX
016F:00418BAE SUB ESP,BYTE +10
016F:00418BB1 MOV [EBP+FFFFFEC4],ECX
016F:00418BB7 MOV EDX,ESP
016F:00418BB9 SUB ESP,BYTE +10
016F:00418BBC MOV DWORD [EBP+FFFFFECC],0040C040
016F:00418BC6 MOV [EDX],ECX
016F:00418BC8 MOV ECX,[EBP+FFFFFEB8]
016F:00418BCE MOV [EDX+04],ECX
016F:00418BD1 MOV ECX,ESP
016F:00418BD3 PUSH DWORD 0040C000
016F:00418BD8 MOV [EDX+08],EAX
016F:00418BDB MOV EAX,[EBP+FFFFFEC0]
016F:00418BE1 MOV [EDX+0C],EAX
016F:00418BE4 MOV EDX,[EBP+FFFFFEC4]
016F:00418BEA MOV EAX,[EBP+FFFFFEC8]
016F:00418BF0 MOV [ECX],EDX
016F:00418BF2 MOV EDX,[EBP+FFFFFECC]
016F:00418BF8 MOV [ECX+04],EAX
016F:00418BFB MOV EAX,[EBP+FFFFFED0]
016F:00418C01 MOV [ECX+08],EDX
016F:00418C04 MOV [ECX+0C],EAX
016F:00418C07 CALL `MSVBVM50!rtcDeleteSetting`
016F:00418C0D MOV ECX,[EBP+08]
016F:00418C10 MOV EDX,[EBP+FFFFFE80]
016F:00418C16 PUSH ECX
016F:00418C17 CALL NEAR [EDX+0324]
016F:00418C1D PUSH EAX
016F:00418C1E LEA EAX,[EBP+FFFFFF14]
016F:00418C24 PUSH EAX
016F:00418C25 CALL `MSVBVM50!__vbaObjSet`
016F:00418C2B MOV ECX,[EAX]
016F:00418C2D PUSH EDI
016F:00418C2E PUSH EAX
016F:00418C2F MOV [EBP+FFFFFE90],EAX
016F:00418C35 CALL NEAR [ECX+8C]
016F:00418C3B CMP EAX,EDI
016F:00418C3D JNL 00418C57
016F:00418C3F MOV EDX,[EBP+FFFFFE90]
016F:00418C45 PUSH DWORD 8C
016F:00418C4A PUSH DWORD 0040CA78
016F:00418C4F PUSH EDX
016F:00418C50 PUSH EAX
016F:00418C51 CALL `MSVBVM50!__vbaHresultCheckObj`
016F:00418C57 LEA ECX,[EBP+FFFFFF14]
016F:00418C5D CALL `MSVBVM50!__vbaFreeObj`
016F:00418C63 LEA EDX,[EBP+FFFFFEC4]
016F:00418C69 LEA ECX,[EBP-34]
016F:00418C6C MOV DWORD [EBP+FFFFFECC],0040C574
016F:00418C76 MOV DWORD [EBP+FFFFFEC4],08
016F:00418C80 CALL `MSVBVM50!__vbaVarCopy`
016F:00418C86 LEA EDX,[EBP+FFFFFEC4]
016F:00418C8C LEA ECX,[EBP+FFFFFF04]
016F:00418C92 MOV DWORD [EBP+FFFFFECC],0040CD94
016F:00418C9C MOV DWORD [EBP+FFFFFEC4],08
016F:00418CA6 CALL EBX
016F:00418CA8 LEA EAX,[EBP+FFFFFF04]
016F:00418CAE PUSH BYTE +10
016F:00418CB0 PUSH EAX
016F:00418CB1 CALL `MSVBVM50!rtcDir`
016F:00418CB7 LEA EDX,[EBP+FFFFFEF4]
016F:00418CBD LEA ECX,[EBP-64]
016F:00418CC0 MOV [EBP+FFFFFEFC],EAX
016F:00418CC6 MOV DWORD [EBP+FFFFFEF4],08
016F:00418CD0 CALL ESI
016F:00418CD2 LEA ECX,[EBP+FFFFFF04]
016F:00418CD8 CALL `MSVBVM50!__vbaFreeVar`
016F:00418CDE LEA EDX,[EBP+FFFFFEC4]
016F:00418CE4 LEA ECX,[EBP+FFFFFF04]
016F:00418CEA MOV DWORD [EBP+FFFFFECC],0040CDB0
016F:00418CF4 MOV DWORD [EBP+FFFFFEC4],08
016F:00418CFE CALL EBX
016F:00418D00 LEA ECX,[EBP+FFFFFF04]
016F:00418D06 LEA EDX,[EBP+FFFFFEF4]
016F:00418D0C PUSH ECX
016F:00418D0D PUSH EDX
016F:00418D0E CALL `MSVBVM50!rtcUpperCaseVar`
016F:00418D14 LEA EAX,[EBP-64]
016F:00418D17 LEA ECX,[EBP+FFFFFEF4]
016F:00418D1D PUSH EAX
016F:00418D1E PUSH ECX
016F:00418D1F CALL `MSVBVM50!__vbaVarTstEq`
016F:00418D25 MOV [EBP+FFFFFE90],EAX
016F:00418D2B LEA EDX,[EBP+FFFFFEF4]
016F:00418D31 LEA EAX,[EBP+FFFFFF04]
016F:00418D37 PUSH EDX
016F:00418D38 PUSH EAX
016F:00418D39 PUSH BYTE +02
016F:00418D3B CALL `MSVBVM50!__vbaFreeVarList`
016F:00418D41 ADD ESP,BYTE +0C
016F:00418D44 CMP [EBP+FFFFFE90],DI
016F:00418D4B JZ NEAR 00418F3B
016F:00418D51 LEA ECX,[EBP+FFFFFEC4]
016F:00418D57 LEA EDX,[EBP-64]
016F:00418D5A PUSH ECX
016F:00418D5B LEA EAX,[EBP+FFFFFF04]
016F:00418D61 PUSH EDX
016F:00418D62 PUSH EAX
016F:00418D63 MOV DWORD [EBP+FFFFFECC],0040BFC8
016F:00418D6D MOV DWORD [EBP+FFFFFEC4],08
016F:00418D77 CALL `MSVBVM50!__vbaVarAdd`
016F:00418D7D MOV EDX,EAX
016F:00418D7F LEA ECX,[EBP-34]
016F:00418D82 CALL ESI
016F:00418D84 LEA ECX,[EBP-34]
016F:00418D87 LEA EDX,[EBP+FFFFFEC4]
016F:00418D8D PUSH ECX
016F:00418D8E LEA EAX,[EBP+FFFFFF04]
016F:00418D94 PUSH EDX
016F:00418D95 PUSH EAX
016F:00418D96 MOV DWORD [EBP+FFFFFECC],0040CDDC
016F:00418DA0 MOV DWORD [EBP+FFFFFEC4],08
016F:00418DAA CALL `MSVBVM50!__vbaVarAdd`
016F:00418DB0 MOV EDX,EAX
016F:00418DB2 LEA ECX,[EBP+FFFFFF5C]
016F:00418DB8 CALL ESI
016F:00418DBA LEA ECX,[EBP+FFFFFF5C]
016F:00418DC0 PUSH BYTE +02
016F:00418DC2 PUSH ECX
016F:00418DC3 CALL `MSVBVM50!rtcDir`
016F:00418DC9 MOV [EBP+FFFFFF0C],EAX
016F:00418DCF LEA EDX,[EBP+FFFFFF04]
016F:00418DD5 LEA EAX,[EBP+FFFFFEF4]
016F:00418DDB PUSH EDX
016F:00418DDC PUSH EAX
016F:00418DDD MOV DWORD [EBP+FFFFFF04],08
016F:00418DE7 CALL `MSVBVM50!rtcUpperCaseVar`
016F:00418DED LEA EDX,[EBP+FFFFFEF4]
016F:00418DF3 LEA ECX,[EBP-24]
016F:00418DF6 CALL ESI
016F:00418DF8 LEA ECX,[EBP+FFFFFF04]
016F:00418DFE CALL `MSVBVM50!__vbaFreeVar`
016F:00418E04 LEA EDX,[EBP+FFFFFEC4]
016F:00418E0A LEA ECX,[EBP+FFFFFF04]
016F:00418E10 MOV DWORD [EBP+FFFFFECC],0040CE08
016F:00418E1A MOV DWORD [EBP+FFFFFEC4],08
016F:00418E24 CALL EBX
016F:00418E26 LEA ECX,[EBP+FFFFFF04]
016F:00418E2C LEA EDX,[EBP+FFFFFEF4]
016F:00418E32 PUSH ECX
016F:00418E33 PUSH EDX
016F:00418E34 CALL `MSVBVM50!rtcUpperCaseVar`
016F:00418E3A LEA EAX,[EBP-24]
016F:00418E3D LEA ECX,[EBP+FFFFFEF4]
016F:00418E43 PUSH EAX
016F:00418E44 PUSH ECX
016F:00418E45 CALL `MSVBVM50!__vbaVarTstEq`
016F:00418E4B MOV ESI,EAX
016F:00418E4D LEA EDX,[EBP+FFFFFEF4]
016F:00418E53 LEA EAX,[EBP+FFFFFF04]
016F:00418E59 PUSH EDX
016F:00418E5A PUSH EAX
016F:00418E5B PUSH BYTE +02
016F:00418E5D CALL `MSVBVM50!__vbaFreeVarList`
016F:00418E63 ADD ESP,BYTE +0C
016F:00418E66 CMP SI,DI
016F:00418E69 JZ NEAR 00418F3B
016F:00418E6F LEA ECX,[EBP+FFFFFF5C]
016F:00418E75 PUSH EDI
016F:00418E76 LEA EDX,[EBP+FFFFFF18]
016F:00418E7C PUSH ECX
016F:00418E7D PUSH EDX
016F:00418E7E CALL `MSVBVM50!__vbaStrVarVal`
016F:00418E84 PUSH EAX
016F:00418E85 CALL `MSVBVM50!rtcSetFileAttr`
016F:00418E8B LEA ECX,[EBP+FFFFFF18]
016F:00418E91 CALL `MSVBVM50!__vbaFreeStr`
016F:00418E97 LEA EAX,[EBP+FFFFFF5C]
016F:00418E9D PUSH EAX
016F:00418E9E CALL `MSVBVM50!rtcKillFiles`
016F:00418EA4 JMP 00418F3B
016F:00418EA9 MOV ESI,[00420334]
016F:00418EAF MOV EBX,08
016F:00418EB4 LEA EDX,[EBP+FFFFFEB4]
016F:00418EBA LEA ECX,[EBP+FFFFFEF4]
016F:00418EC0 MOV DWORD [EBP+FFFFFEBC],0040CE44
016F:00418ECA MOV [EBP+FFFFFEB4],EBX
016F:00418ED0 CALL ESI
016F:00418ED2 LEA EDX,[EBP+FFFFFEC4]
016F:00418ED8 LEA ECX,[EBP+FFFFFF04]
016F:00418EDE MOV DWORD [EBP+FFFFFECC],0040CE30
016F:00418EE8 MOV [EBP+FFFFFEC4],EBX
016F:00418EEE CALL ESI
016F:00418EF0 LEA ECX,[EBP+FFFFFED4]
016F:00418EF6 LEA EDX,[EBP+FFFFFEE4]
016F:00418EFC PUSH ECX
016F:00418EFD LEA EAX,[EBP+FFFFFEF4]
016F:00418F03 PUSH EDX
016F:00418F04 PUSH EAX
016F:00418F05 LEA ECX,[EBP+FFFFFF04]
016F:00418F0B PUSH BYTE +10
016F:00418F0D PUSH ECX
418f0e是個退出call,從4189e6到這裡有這麼長!
下弦月
相關文章
- WebTimeSync 5.2.0 破解過程 (14千字)2001-10-05Web
- GaitCD破解全過程(installshield) (3千字)2015-11-15AI
- 破解 OverNimble Localize Plus 1.04
全過程! (13千字)2015-11-15
- 破解<<破解堅盾磁碟加密系統 V4.0>>的全過程 (10千字)2001-10-23加密
- 菜鳥破解vis_ddr v1.11 (14千字)2001-12-08
- 修改指標法破解VB程式 騰圖影視'97 (14千字)2001-07-25指標
- FINDITNOW!1.25 or 102 中文版 破解心得 (14千字)2002-02-09
- PolyView 破解 (5千字)2000-12-31View
- 破解FAQGenie (4千字)2001-04-10
- 破解MyMahj (5千字)2001-06-20
- 破解winimage (1千字)2001-10-07
- 分析破解某個軟體公司出的理財東東!
(14千字)2015-11-15
- 菜鳥破解錄(14)之 3DMark2000 1.0 (4千字)2000-07-313D
- 破解Ghost多媒體視訊點播系統全過程 (9千字)2002-07-29
- 破解ClockWise 3.03 (7千字)2001-06-06
- 破解TurboLaunch 4.04 (5千字)2001-06-06
- winimage完全破解 (8千字)2001-07-04
- Authorware 5.0破解 (4千字)2001-09-10
- 破解“Mail Scan” (1千字)2000-08-04AI
- 流光 4.5 完全破解 (15千字)2002-08-24
- 破解入門5 (3千字)2000-09-23
- duelist crackme 1 破解 (5千字)2000-10-16
- 《破解webmirror殘記》 (2千字)2001-01-11Web
- The JPEG Wizard 1.40破解 (4千字)2001-02-01
- IPTools 1.10 破解 (5千字)2001-02-11
- 暴力破解3 (6千字)2001-02-18
- 破解冰盾IV (2千字)2001-06-23
- 財智系列破解 (3千字)2001-07-22
- ClassExplorer的破解 (13千字)2001-07-29
- CUTEVIDEO 1.0破解 (4千字)2002-02-28IDE
- Registry Crawler 4.0.0.3破解 (6千字)2002-02-28
- Restools系列完全破解~~~~~~~~~~~~~~~~~~~~~~~ (12千字)2002-03-03REST
- see This 破解實戰! (5千字)2000-06-26
- 破解實戰!polyview (3千字)2000-06-27View
- 如何破解CuteFTP 4.0 (5千字)2000-07-20FTP
- 破解 程式獵人 1.2 (2千字)2000-08-10
- wintools5.0破解 (1千字)2000-03-02
- Photo Watermark破解(SMC) (3千字)2015-11-15