跟出 RETN 继续对"-21336"处理:
007C08F0 〉 6A 01 PUSH 1 ; 取出"-21336"的第一位"-"
007C08F2 . 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C]
007C08F5 . 50 PUSH EAX
007C08F6 . 8B3D E4114000 MOV EDI,DWORD PTR DS:[〈&MSVBVM60.#616〉] ; MSVBVM60.rtcLeftCharBstr
007C08FC . FFD7 CALL EDI ; 〈&MSVBVM60.#616〉
007C08FE . 8BD0 MOV EDX,EAX
007C0900 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
007C0903 . FFD3 CALL EBX
007C0905 . 50 PUSH EAX
007C0906 . 68 84FA4000 PUSH 音乐海盗.0040FA84
007C090B . FFD6 CALL ESI ; 判断第一位是不是"-"
007C090D . 8BF0 MOV ESI,EAX
007C090F . F7DE NEG ESI
007C0911 . 1BF6 SBB ESI,ESI
007C0913 . 46 INC ESI
007C0914 . F7DE NEG ESI
007C0916 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
007C0919 . FF15 14124000 CALL DWORD PTR DS:[〈&MSVBVM60.__vbaFreeStr〉] ; MSVBVM60.__vbaFreeStr
007C091F . 66:85F6 TEST SI,SI
007C0922 . 74 2F JE SHORT 音乐海盗.007C0953 ; 不是"-"就跳走
007C0924 . 68 BC0F4100 PUSH 音乐海盗.00410FBC
007C0929 . 6A 05 PUSH 5 ; 取后5位"21336"
007C092B . 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C]
007C092E . 51 PUSH ECX
007C092F . FF15 F0114000 CALL DWORD PTR DS:[〈&MSVBVM60.#618〉] ; MSVBVM60.rtcRightCharBstr
007C0935 . 8BD0 MOV EDX,EAX
007C0937 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
007C093A . FFD3 CALL EBX
007C093C . 50 PUSH EAX ; "1"+后5位,得到"121336"
007C093D . FF15 54104000 CALL DWORD PTR DS:[〈&MSVBVM60.__vbaStrCat〉] ; MSVBVM60.__vbaStrCat
007C0943 . 8BD0 MOV EDX,EAX
007C0945 . 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-2C]
007C0948 . FFD3 CALL EBX
007C094A . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
007C094D . FF15 14124000 CALL DWORD PTR DS:[〈&MSVBVM60.__vbaFreeStr〉] ; MSVBVM60.__vbaFreeStr
这里就是如果硬盘序号是负数,那么就用"1"替换掉"-"号
我电脑上得到的是"-21336"前面有"-"用"1"换掉,得到"121336"
如果前面没有"-"则没有这个操作
007C0953 〉 6A 03 PUSH 3 ; 取"121336"的后三位"336"
007C0955 . 8B55 D4 MOV EDX,DWORD PTR SS:[EBP-2C]
007C0958 . 52 PUSH EDX
007C0959 . FF15 F0114000 CALL DWORD PTR DS:[〈&MSVBVM60.#618〉] ; MSVBVM60.rtcRightCharBstr
007C095F . 8BD0 MOV EDX,EAX
007C0961 . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
007C0964 . FFD3 CALL EBX
007C0966 . 50 PUSH EAX
007C0967 . 6A 03 PUSH 3 ; 取"121336"的前三位"121"
007C0969 . 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-2C]
007C096C . 50 PUSH EAX
007C096D . FFD7 CALL EDI
007C096F . 8BD0 MOV EDX,EAX
007C0971 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
007C0974 . FFD3 CALL EBX
007C0976 . 50 PUSH EAX ; "336"+"121"="336121"
007C0977 . FF15 54104000 CALL DWORD PTR DS:[〈&MSVBVM60.__vbaStrCat〉] ; MSVBVM60.__vbaStrCat
007C097D . 8BD0 MOV EDX,EAX
007C097F . 8D4D DC LEA ECX,DWORD PTR SS:[EBP-24]
007C0982 . FFD3 CALL EBX
007C0984 . 8D4D C4 LEA ECX,DWORD PTR SS:[EBP-3C]
007C0987 . 51 PUSH ECX
007C0988 . 8D55 C8 LEA EDX,DWORD PTR SS:[EBP-38]
007C098B . 52 PUSH EDX
007C098C . 6A 02 PUSH 2
007C098E . FF15 A8114000 CALL DWORD PTR DS:[〈&MSVBVM60.__vbaFreeStrList〉〉; MSVBVM60.__vbaFreeStrList
007C0994 . 83C4 0C ADD ESP,0C
007C0997 . 8B45 DC MOV EAX,DWORD PTR SS:[EBP-24]
007C099A . 50 PUSH EAX ; 字符串-〉整数,"336121"得到0x520F9
007C099B . FF15 A0114000 CALL DWORD PTR DS:[〈&MSVBVM60.__vbaI4Str〉] ; MSVBVM60.__vbaI4Str
007C09A1 . 69C0 FE010000 IMUL EAX,EAX,1FE ; 0x520F9 × 0x1FE = 0xA37B00E
007C09A7 . 0F80 90080000 JO 音乐海盗.007C123D
007C09AD . 50 PUSH EAX ; 再转为10进制字符串得到"171421710"
007C09AE . FF15 18104000 CALL DWORD PTR DS:[〈&MSVBVM60.__vbaStrI4〉] ; MSVBVM60.__vbaStrI4
上面拿"121336"的前三位和后三位交换得到"336121"
336121×510=171421710
得到的"171421710"就是我机器上的注册码了。
相关文章
EMAIL: