进入主界面,输入123456,点击check it按钮,根据错误提示定位:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
004FEC14 > \8B4D E8 mov ecx,dword ptr ss:[ebp-0x18] ; usp10.73FF0250
004FEC17 . 51 push ecx ; 输入的123456
004FEC18 . 68 E41B4000 push cupofcof.00401BE4 ; ..........
004FEC1D . FF15 F8105000 call dword ptr ds:[<&MSVBVM50.__vbaStrCmp>] ; msvbvm50.__vbaStrCmp
004FEC23 . 8BF0 mov esi,eax
004FEC25 . 8D4D E8 lea ecx,dword ptr ss:[ebp-0x18]
004FEC28 . F7DE neg esi
004FEC2A . 1BF6 sbb esi,esi
004FEC2C . F7DE neg esi
004FEC2E . F7DE neg esi
004FEC30 . FF15 4C115000 call dword ptr ds:[<&MSVBVM50.__vbaFreeStr>] ; msvbvm50.__vbaFreeStr
004FEC36 . 8D4D E4 lea ecx,dword ptr ss:[ebp-0x1C]
004FEC39 . FF15 50115000 call dword ptr ds:[<&MSVBVM50.__vbaFreeObj>] ; msvbvm50.__vbaFreeObj
004FEC3F . 66:3BF7 cmp si,di
004FEC42 . 74 6E je short cupofcof.004FECB2
004FEC44 . B9 04000280 mov ecx,0x80020004
004FEC49 . B8 0A000000 mov eax,0xA
004FEC4E . 894D AC mov dword ptr ss:[ebp-0x54],ecx
004FEC51 . 894D BC mov dword ptr ss:[ebp-0x44],ecx
004FEC54 . 894D CC mov dword ptr ss:[ebp-0x34],ecx
004FEC57 . 8D55 94 lea edx,dword ptr ss:[ebp-0x6C]
004FEC5A . 8D4D D4 lea ecx,dword ptr ss:[ebp-0x2C]
004FEC5D . 8945 A4 mov dword ptr ss:[ebp-0x5C],eax
004FEC60 . 8945 B4 mov dword ptr ss:[ebp-0x4C],eax
004FEC63 . 8945 C4 mov dword ptr ss:[ebp-0x3C],eax
004FEC66 . C745 9C 001C4>mov dword ptr ss:[ebp-0x64],cupofcof.00401C00 ; Incorrect password
004FEC6D . C745 94 08000>mov dword ptr ss:[ebp-0x6C],0x8
004FEC74 . FF15 38115000 call dword ptr ds:[<&MSVBVM50.__vbaVarDup>] ; msvbvm50.__vbaVarDup
004FEC7A . 8D55 A4 lea edx,dword ptr ss:[ebp-0x5C]
004FEC7D . 8D45 B4 lea eax,dword ptr ss:[ebp-0x4C]
004FEC80 . 52 push edx
004FEC81 . 8D4D C4 lea ecx,dword ptr ss:[ebp-0x3C]
004FEC84 . 50 push eax
004FEC85 . 51 push ecx
004FEC86 . 8D55 D4 lea edx,dword ptr ss:[ebp-0x2C]
004FEC89 . 6A 10 push 0x10
004FEC8B . 52 push edx
004FEC8C . FF15 E0105000 call dword ptr ds:[<&MSVBVM50.#rtcMsgBox_595>] ; 错误提示
|
分析可以得固定key:..........