帮忙分析一下<世界上最小的密码查看器(vb编的)(已经脱壳)>原理
[Timer1.Timer]:00401E74 0002 LargeBos ;IDE beginning of line With 02 Byte codes
:00401E76 0005 LargeBos ;IDE beginning of line With 05 Byte codes
:00401E78 4BFFFF OnErrorGoto ;
:00401E7B 0034 LargeBos ;IDE beginning of line With 34 Byte codes
:00401E7D 0478FF FLdRfVar ush LOCAL_0088
:00401E80 080800 FLdPr ;[SR] = [STACK_0008]
:00401E83 0D58000300 VCallHresult ;Call ptr_004018C4
:00401E88 F503000000 LitI4 ush 00000003
:00401E8D F500000000 LitI4 ush 00000000
:00401E92 F500000000 LitI4 ;Push 00000000
:00401E97 F500000000 LitI4 ;Push 00000000
:00401E9C F500000000 LitI4 ;Push 00000000
:00401EA1 F5FFFFFFFF LitI4 ;Push FFFFFFFF
:00401EA6 6C78FF ILdRf ;Push DWORD [LOCAL_0088]
* * * * * * * * * * * Reference To:user32.SetWindowPos
|
:00401EA9 0A06001C00 ImpAdCallFPR4 ;Call ptr_00401B0C; check stack 001C; Push EAX
:00401EAE 3C SetLastSystemError ;Kernel GetLastError
:00401EAF 000E LargeBos ;IDE beginning of line With 0E Byte codes
:00401EB1 080800 FLdPr ;[SR] = [STACK_0008]
:00401EB4 063400 MemLdRfVar ;Push [SR] + STACK_0034
* * * * * * * * * * * Reference To:user32.GetCursorPos
|
:00401EB7 0A07000400 ImpAdCallFPR4 ;Call ptr_004019CC; check stack 0004; Push EAX
:00401EBC 3C SetLastSystemError ;Kernel GetLastError
:00401EBD 001D LargeBos ;IDE beginning of line With 1D Byte codes
:00401EBF 080800 FLdPr ;[SR] = [STACK_0008]
:00401EC2 8A3800 MemLdStr ;Push DWORD [[SR] + 0038]
:00401EC5 080800 FLdPr ;[SR] = [STACK_0008]
:00401EC8 8A3400 MemLdStr ;Push DWORD [[SR] + 0034]
* * * * * * * * * * * Reference To:user32.WindowFromPoint
|
:00401ECB 5E08000800 ImpAdCallI2 ;Call ptr_00401A0C; check stack 0008; Push EAX
:00401ED0 7178FF FStR4 ;Pop DWORD [LOCAL_0088]
:00401ED3 3C SetLastSystemError ;Kernel GetLastError
:00401ED4 6C78FF ILdRf ;Push DWORD [LOCAL_0088]
:00401ED7 7170FF FStR4 ;Pop DWORD [LOCAL_0090]
:00401EDA 000F LargeBos ;IDE beginning of line With 0F Byte codes
:00401EDC FCED58FF FLdVar ;
:00401EE0 0448FF FLdRfVar ;Push LOCAL_00B8
:00401EE3 FD9F LdPrVar ;
:00401EE5 FE9B0900 LateMemSt ;
:00401EE9 000F LargeBos ;IDE beginning of line With 0F Byte codes
:00401EEB FCED38FF FLdVar ;
:00401EEF 0448FF FLdRfVar ;Push LOCAL_00B8
:00401EF2 FD9F LdPrVar ;
:00401EF4 FE9B0A00 LateMemSt ;
:00401EF8 0019 LargeBos ;IDE beginning of line With 19 Byte codes
:00401EFA F5FF000000 LitI4 ;Push 000000FF
:00401EFF 0428FF FLdRfVar ;Push LOCAL_00D8
* * * * * * * * * * Reference To - > msvbvm50.rtcSpaceVar
|
:00401F02 0A0B000800 ImpAdCallFPR4 ;Call ptr_0040100C; check stack 0008; Push EAX
:00401F07 0428FF FLdRfVar ;Push LOCAL_00D8
:00401F0A 60 CStrVarTmp ;
:00401F0B 316CFF FStStr ;SysFreeString [LOCAL_0094]; [LOCAL_0094] = Pop
:00401F0E 3528FF FFree1Var ;Free LOCAL_00D8
:00401F11 0009 LargeBos ;IDE beginning of line With 09 Byte codes
:00401F13 6C6CFF ILdRf ;Push DWORD [LOCAL_0094]
:00401F16 4A FnLenStr ;vbaLenBstr
:00401F17 7168FF FStR4 ;Pop DWORD [LOCAL_0098]
:00401F1A 002C LargeBos ;IDE beginning of line With 2C Byte codes
:00401F1C 6C68FF ILdRf ;Push DWORD [LOCAL_0098]
:00401F1F 6C6CFF ILdRf ;Push DWORD [LOCAL_0094]
:00401F22 0424FF FLdRfVar ;Push LOCAL_00DC
:00401F25 34 CStr2Ansi ;vbaStrToAnsi
:00401F26 6C24FF ILdRf ;Push DWORD [LOCAL_00DC]
:00401F29 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
* * * * * * * * * * * Reference To:user32.GetClassNameA
|
:00401F2C 5E0C000C00 ImpAdCallI2 ;Call ptr_00401A8C; check stack 000C; Push EAX
:00401F31 7178FF FStR4 ;Pop DWORD [LOCAL_0088]
:00401F34 3C SetLastSystemError ;Kernel GetLastError
:00401F35 6C24FF ILdRf ;Push DWORD [LOCAL_00DC]
:00401F38 046CFF FLdRfVar ;Push LOCAL_0094
:00401F3B FC58 CStr2Uni ;vbaStrToUnicode
:00401F3D 6C78FF ILdRf ;Push DWORD [LOCAL_0088]
:00401F40 7174FF FStR4 ;Pop DWORD [LOCAL_008C]
:00401F43 2F24FF FFree1Str ;SysFreeString [LOCAL_00DC]; [LOCAL_00DC] = 0
:00401F46 000E LargeBos ;IDE beginning of line With 0E Byte codes
:00401F48 6C74FF ILdRf ;Push DWORD [LOCAL_008C]
:00401F4B F500000000 LitI4 ;Push 00000000
:00401F50 C7 EqI4 ;Push (Pop1 == Pop2)
:00401F51 1CE300 BranchF ;If Pop = 0 Then ESI = 00401F57
:00401F54 0003 LargeBos ;IDE beginning of line With 03 Byte codes
:00401F56 13 ExitProcHresult ;
:00401F57 001C LargeBos ;IDE beginning of line With 1C Byte codes
:00401F59 046CFF FLdRfVar ;Push LOCAL_0094
:00401F5C 4D14FF0840 CVarRef ;
:00401F61 0428FF FLdRfVar ;Push LOCAL_00D8
--------------------编程问答-------------------- * * * * * * * * * * Reference To - > msvbvm50.rtcTrimVar
|
:00401F64 0A0D000800 ImpAdCallFPR4 ;Call ptr_00401012; check stack 0008; Push EAX
:00401F69 0428FF FLdRfVar ;Push LOCAL_00D8
:00401F6C 60 CStrVarTmp ;
:00401F6D 316CFF FStStr ;SysFreeString [LOCAL_0094]; [LOCAL_0094] = Pop
:00401F70 3528FF FFree1Var ;Free LOCAL_00D8
:00401F73 000C LargeBos ;IDE beginning of line With 0C Byte codes
:00401F75 6C6CFF ILdRf ;Push DWORD [LOCAL_0094]
:00401F78 080800 FLdPr ;[SR] = [STACK_0008]
:00401F7B FD913C00 MemStStrCopy ;[SR] + 003C = SysAllocStringByteLen(Pop, [Pop - 4]); SysFreeString Pop
:00401F7F 000B LargeBos ;IDE beginning of line With 0B Byte codes
:00401F81 080800 FLdPr ;[SR] = [STACK_0008]
:00401F84 8A3C00 MemLdStr ;Push DWORD [[SR] + 003C]
:00401F87 436CFF FStStrCopy ;[LOCAL_0094] = SysAllocStringByteLen(Pop, [Pop - 4]); SysFreeString Pop
:00401F8A 0035 LargeBos ;IDE beginning of line With 35 Byte codes
:00401F8C F401 LitI2_Byte ;Push 01
:00401F8E FBFD CStrUI1 ;vbaStrI2
:00401F90 2324FF FStStrNoPop ;SysFreeString [LOCAL_00DC]; [LOCAL_00DC] = [stack]
:00401F93 0410FF FLdRfVar ;Push LOCAL_00F0
:00401F96 34 CStr2Ansi ;vbaStrToAnsi
:00401F97 6C10FF ILdRf ;Push DWORD [LOCAL_00F0]
:00401F9A F500000000 LitI4 ;Push 00000000
:00401F9F F5D2000000 LitI4 ;Push 000000D2
:00401FA4 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
* * * * * * * * * * * Reference To:user32.SendMessageA
|
:00401FA7 5E0E001000 ImpAdCallI2 ;Call ptr_00401A4C; check stack 0010; Push EAX
:00401FAC 7178FF FStR4 ;Pop DWORD [LOCAL_0088]
:00401FAF 3C SetLastSystemError ;Kernel GetLastError
:00401FB0 6C78FF ILdRf ;Push DWORD [LOCAL_0088]
:00401FB3 FC52 CBoolI4 ;Not DWORD
:00401FB5 32040024FF10FF FFreeStr ;Do SysFreeString [arg_n]; [arg_n] = 0 0004 / 2 times ~ arg
:00401FBC 1C9C01 BranchF ;If Pop = 0 Then ESI = 00402010
:00401FBF 0020 LargeBos ;IDE beginning of line With 20 Byte codes
:00401FC1 F504000000 LitI4 ;Push 00000004
:00401FC6 080800 FLdPr ;[SR] = [STACK_0008]
:00401FC9 8A3C00 MemLdStr ;Push DWORD [[SR] + 003C]
* * * * * * * * * * Reference To - > msvbvm50.rtcLeftCharBstr
|
:00401FCC 0B0F000800 ImpAdCallI2 ;Call ptr_00401018; check stack 0008; Push EAX
:00401FD1 2324FF FStStrNoPop ;SysFreeString [LOCAL_00DC]; [LOCAL_00DC] = [stack]
* * * * * * Possible String Ref To - > "Edit"
|
:00401FD4 1B1000 LitStr ;Push ptr_00401C2C
:00401FD7 FB30 EqStr ;
:00401FD9 2F24FF FFree1Str ;SysFreeString [LOCAL_00DC]; [LOCAL_00DC] = 0
:00401FDC 1C8301 BranchF ;If Pop = 0 Then ESI = 00401FF7
:00401FDF 0015 LargeBos ;IDE beginning of line With 15 Byte codes
:00401FE1 F580000000 LitI4 ;Push 00000080
:00401FE6 F5F0FFFFFF LitI4 ;Push FFFFFFF0
:00401FEB 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
* * * * * * * * * * * Reference To:user32.SetWindowWord
|
:00401FEE 0A11000C00 ImpAdCallFPR4 ;Call ptr_00401ACC; check stack 000C; Push EAX
:00401FF3 3C SetLastSystemError ;Kernel GetLastError
:00401FF4 1E9A01 Branch ;ESI = 0040200E
:00401FF7 0002 LargeBos ;IDE beginning of line With 02 Byte codes
:00401FF9 0015 LargeBos ;IDE beginning of line With 15 Byte codes
:00401FFB F5C0000000 LitI4 ;Push 000000C0
:00402000 F5F0FFFFFF LitI4 ;Push FFFFFFF0
:00402005 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
* * * * * * * * * * * Reference To:user32.SetWindowWord
|
:00402008 0A11000C00 ImpAdCallFPR4 ;Call ptr_00401ACC; check stack 000C; Push EAX
:0040200D 3C SetLastSystemError ;Kernel GetLastError
:0040200E 0002 LargeBos ;IDE beginning of line With 02 Byte codes
:00402010 0002 LargeBos ;IDE beginning of line With 02 Byte codes
:00402012 0019 LargeBos ;IDE beginning of line With 19 Byte codes
:00402014 F5FF000000 LitI4 ;Push 000000FF
:00402019 0428FF FLdRfVar ;Push LOCAL_00D8
* * * * * * * * * * Reference To - > msvbvm50.rtcSpaceVar
|
:0040201C 0A0B000800 ImpAdCallFPR4 ;Call ptr_0040100C; check stack 0008; Push EAX
:00402021 0428FF FLdRfVar ;Push LOCAL_00D8
:00402024 60 CStrVarTmp ;
:00402025 316CFF FStStr ;SysFreeString [LOCAL_0094]; [LOCAL_0094] = Pop
:00402028 3528FF FFree1Var ;Free LOCAL_00D8
:0040202B 0009 LargeBos ;IDE beginning of line With 09 Byte codes
:0040202D 6C6CFF ILdRf ;Push DWORD [LOCAL_0094]
:00402030 4A FnLenStr ;vbaLenBstr
:00402031 7168FF FStR4 ;Pop DWORD [LOCAL_0098]
:00402034 0031 LargeBos ;IDE beginning of line With 31 Byte codes
:00402036 6C6CFF ILdRf ;Push DWORD [LOCAL_0094]
:00402039 0424FF FLdRfVar ;Push LOCAL_00DC
:0040203C 34 CStr2Ansi ;vbaStrToAnsi
:0040203D 6C24FF ILdRf ;Push DWORD [LOCAL_00DC]
:00402040 6C68FF ILdRf ;Push DWORD [LOCAL_0098]
:00402043 F50D000000 LitI4 ;Push 0000000D
:00402048 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
* * * * * * * * * * * Reference To:user32.SendMessageA
|
:0040204B 5E0E001000 ImpAdCallI2 ;Call ptr_00401A4C; check stack 0010; Push EAX
:00402050 7178FF FStR4 ;Pop DWORD [LOCAL_0088]
:00402053 3C SetLastSystemError ;Kernel GetLastError
:00402054 6C24FF ILdRf ;Push DWORD [LOCAL_00DC]
:00402057 046CFF FLdRfVar ;Push LOCAL_0094
:0040205A FC58 CStr2Uni ;vbaStrToUnicode
:0040205C 6C78FF ILdRf ;Push DWORD [LOCAL_0088]
:0040205F 7174FF FStR4 ;Pop DWORD [LOCAL_008C]
:00402062 2F24FF FFree1Str ;SysFreeString [LOCAL_00DC]; [LOCAL_00DC] = 0
:00402065 001C LargeBos ;IDE beginning of line With 1C Byte codes
:00402067 046CFF FLdRfVar ;Push LOCAL_0094
:0040206A 4D14FF0840 CVarRef ;
:0040206F 0428FF FLdRfVar ;Push LOCAL_00D8
* * * * * * * * * * Reference To - > msvbvm50.rtcTrimVar
|
:00402072 0A0D000800 ImpAdCallFPR4 ;Call ptr_00401012; check stack 0008; Push EAX
:00402077 0428FF FLdRfVar ;Push LOCAL_00D8
:0040207A 60 CStrVarTmp ;
:0040207B 316CFF FStStr ;SysFreeString [LOCAL_0094]; [LOCAL_0094] = Pop
:0040207E 3528FF FFree1Var ;Free LOCAL_00D8
:00402081 001A LargeBos ;IDE beginning of line With 1A Byte codes
:00402083 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
:00402086 FBFE CStrI4 ;vbaStrI4
:00402088 2324FF FStStrNoPop ;SysFreeString [LOCAL_00DC]; [LOCAL_00DC] = [stack]
--------------------编程问答-------------------- * * * * * * * * * * Reference To - > msvbvm50.rtcR8ValFromBstr
|
:0040208B 0A12000400 ImpAdCallFPR4 ;Call ptr_0040101E; check stack 0004; Push EAX
:00402090 FD6B14FF CVarR8 ;
:00402094 FCF600FF FStVar ;
:00402098 2F24FF FFree1Str ;SysFreeString [LOCAL_00DC]; [LOCAL_00DC] = 0
:0040209B 0015 LargeBos ;IDE beginning of line With 15 Byte codes
:0040209D 080800 FLdPr ;[SR] = [STACK_0008]
:004020A0 8A3C00 MemLdStr ;Push DWORD [[SR] + 003C]
:004020A3 4614FF CVarStr ;
:004020A6 25 PopAdLdVar ;
:004020A7 04F0FE FLdRfVar ;Push LOCAL_0110
:004020AA FD9F LdPrVar ;
:004020AC FE9B1300 LateMemSt ;
:004020B0 000D LargeBos ;IDE beginning of line With 0D Byte codes
:004020B2 6C6CFF ILdRf ;Push DWORD [LOCAL_0094]
:004020B5 080800 FLdPr ;[SR] = [STACK_0008]
:004020B8 0D54000300 VCallHresult ;Call ptr_004018C4
:004020BD 0035 LargeBos ;IDE beginning of line With 35 Byte codes
:004020BF F401 LitI2_Byte ;Push 01
:004020C1 FBFD CStrUI1 ;vbaStrI2
:004020C3 2324FF FStStrNoPop ;SysFreeString [LOCAL_00DC]; [LOCAL_00DC] = [stack]
:004020C6 0410FF FLdRfVar ;Push LOCAL_00F0
:004020C9 34 CStr2Ansi ;vbaStrToAnsi
:004020CA 6C10FF ILdRf ;Push DWORD [LOCAL_00F0]
:004020CD F500000000 LitI4 ;Push 00000000
:004020D2 F5D2000000 LitI4 ;Push 000000D2
:004020D7 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
* * * * * * * * * * * Reference To:user32.SendMessageA
|
:004020DA 5E0E001000 ImpAdCallI2 ;Call ptr_00401A4C; check stack 0010; Push EAX
:004020DF 7178FF FStR4 ;Pop DWORD [LOCAL_0088]
:004020E2 3C SetLastSystemError ;Kernel GetLastError
:004020E3 6C78FF ILdRf ;Push DWORD [LOCAL_0088]
:004020E6 FC52 CBoolI4 ;Not DWORD
:004020E8 32040024FF10FF FFreeStr ;Do SysFreeString [arg_n]; [arg_n] = 0 0004 / 2 times ~ arg
:004020EF 1CCF02 BranchF ;If Pop = 0 Then ESI = 00402143
:004020F2 0020 LargeBos ;IDE beginning of line With 20 Byte codes
:004020F4 F504000000 LitI4 ;Push 00000004
:004020F9 080800 FLdPr ;[SR] = [STACK_0008]
:004020FC 8A3C00 MemLdStr ;Push DWORD [[SR] + 003C]
* * * * * * * * * * Reference To - > msvbvm50.rtcLeftCharBstr
|
:004020FF 0B0F000800 ImpAdCallI2 ;Call ptr_00401018; check stack 0008; Push EAX
:00402104 2324FF FStStrNoPop ;SysFreeString [LOCAL_00DC]; [LOCAL_00DC] = [stack]
* * * * * * Possible String Ref To - > "Edit"
|
:00402107 1B1000 LitStr ;Push ptr_00401C2C
:0040210A FB30 EqStr ;
:0040210C 2F24FF FFree1Str ;SysFreeString [LOCAL_00DC]; [LOCAL_00DC] = 0
:0040210F 1CB602 BranchF ;If Pop = 0 Then ESI = 0040212A
:00402112 0015 LargeBos ;IDE beginning of line With 15 Byte codes
:00402114 F5A0000000 LitI4 ;Push 000000A0
:00402119 F5F0FFFFFF LitI4 ;Push FFFFFFF0
:0040211E 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
* * * * * * * * * * * Reference To:user32.SetWindowWord
|
:00402121 0A11000C00 ImpAdCallFPR4 ;Call ptr_00401ACC; check stack 000C; Push EAX
:00402126 3C SetLastSystemError ;Kernel GetLastError
:00402127 1ECD02 Branch ;ESI = 00402141
:0040212A 0002 LargeBos ;IDE beginning of line With 02 Byte codes
:0040212C 0015 LargeBos ;IDE beginning of line With 15 Byte codes
:0040212E F5E0000000 LitI4 ;Push 000000E0
:00402133 F5F0FFFFFF LitI4 ;Push FFFFFFF0
:00402138 6C70FF ILdRf ;Push DWORD [LOCAL_0090]
* * * * * * * * * * * Reference To:user32.SetWindowWord
|
:0040213B 0A11000C00 ImpAdCallFPR4 ;Call ptr_00401ACC; check stack 000C; Push EAX
:00402140 3C SetLastSystemError ;Kernel GetLastError
:00402141 0002 LargeBos ;IDE beginning of line With 02 Byte codes
:00402143 0002 LargeBos ;IDE beginning of line With 02 Byte codes
:00402145 0000 LargeBos ;IDE beginning of line With 00 Byte codes
:00402147 13 ExitProcHresult ;
[Form.Load]
:00401DE0 27FCFE LitVar ;PushVar LOCAL_0104
:00401DE3 271CFF LitVar ;PushVar LOCAL_00E4
:00401DE6 273CFF LitVar ;PushVar LOCAL_00C4
:00401DE9 F500000000 LitI4 ;Push 00000000
* * * * * * Possible String Ref To - > "??衫嚏幌3K蠯殿谩履曹侩崎"
|
:00401DEE 3A6CFF0000 LitVarStr ;PushVarString ptr_00401BB4
:00401DF3 4E5CFF FStVarCopyObj ;[LOCAL_00A4] = vbaVarDup(Pop)
:00401DF6 045CFF FLdRfVar ;Push LOCAL_00A4
* * * * * * * * * * Reference To - > msvbvm50.rtcMsgBox
|
:00401DF9 0A01001400 ImpAdCallFPR4 ;Call ptr_00401006; check stack 0014; Push EAX
:00401DFE 3608005CFF3CFF1C FFreeVar ;Free 0008 / 2 variants
:00401E09 F4FF LitI2_Byte ;Push FF
:00401E0B 21 FLdPrThis ;[SR] = [stack2]
:00401E0C 0FFC02 VCallAd ;Return the control index 01
:00401E0F 19F8FE FStAdFunc ;
:00401E12 08F8FE FLdPr ;[SR] = [LOCAL_0108]
* * * * * * * * * * * Reference To:[propput]Timer.Enabled
|
:00401E15 0D5C000200 VCallHresult ;Call ptr_00401BD4
:00401E1A 1AF8FE FFree1Ad ;Push [LOCAL_0108]; Call [[[LOCAL_0108]] + 8]; [[LOCAL_0108]] = 0
:00401E1D 274CFF LitVar ;PushVar LOCAL_00B4
:00401E20 25 PopAdLdVar ;
:00401E21 276CFF LitVar ;PushVar LOCAL_0094
:00401E24 25 PopAdLdVar ;
:00401E25 080800 FLdPr ;[SR] = [STACK_0008]
:00401E28 0DB0020300 VCallHresult ;Call ptr_004018C4
:00401E2D 13 ExitProcHresult ;
[Form.Unload]
:00401D74 0002 LargeBos ;IDE beginning of line With 02 Byte codes
:00401D76 0005 LargeBos ;IDE beginning of line With 05 Byte codes
:00401D78 4BFFFF OnErrorGoto ;
:00401D7B 002E LargeBos ;IDE beginning of line With 2E Byte codes
:00401D7D F503000000 LitI4 ;Push 00000003
:00401D82 F500000000 LitI4 ;Push 00000000
:00401D87 F500000000 LitI4 ;Push 00000000
* * * * * * Possible String Ref To - > "?遫?哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌"
|
:00401D8C 1B0400 LitStr ;Push ptr_00401BF4
:00401D8F 0478FF FLdRfVar ;Push LOCAL_0088
:00401D92 34 CStr2Ansi ;vbaStrToAnsi
:00401D93 6C78FF ILdRf ;Push DWORD [LOCAL_0088]
:00401D96 F500000000 LitI4 ;Push 00000000
:00401D9B F500000000 LitI4 ;Push 00000000
* * * * * * * * * * * Reference To:shell32.dll.ShellExecuteA
|
:00401DA0 0A05001800 ImpAdCallFPR4 ;Call ptr_00401B5C; check stack 0018; Push EAX
:00401DA5 3C SetLastSystemError ;Kernel GetLastError
:00401DA6 2F78FF FFree1Str ;SysFreeString [LOCAL_0088]; [LOCAL_0088] = 0
:00401DA9 0000 LargeBos ;IDE beginning of line With 00 Byte codes
:00401DAB 13 ExitProcHresult ;
简明一下他用了
SetWindowPos
GetCursorPos
WindowFromPoint
msvbvm50.rtcSpaceVar(产生空字符)
GetClassNameA
msvbvm50.rtcMsgBox(打开时候的MsgBox)
SendMessageA
SetWindowWord(显示密码字符在本窗口上)
ShellExecuteA(关闭时候开个网页,已经被我屏蔽了)
"Edit"(不知道用来 干嘛,不停低取不就得了,嗨判断干什么,难道别有用途)
EM_GETPASSWORDCHAR 也不知道为什么要用,又没有用EM_SETPASSWORDCHAR(用了的话就是用来还原用的)
---------------------------------------------------------
这个是捕捉的全部消息
没有用EM_SETPASSWORDCHAR
spy++捕捉的全部消息
GetCursorPos tPoint
zongwindow = WindowFromPoint(tPoint.X, tPoint.Y) '当前的窗口
Char = SendMessage(zongwindow, &HD2, 0, 0)
Text2 = Chr(Char)
SendMessage zongwindow, &HD, 1000, ByVal strBuffer
Text1 = Trim$(strBuffer)
我的代码也是这样怎么取的是空的,非密码的是正常的可以
他那软件没用这个吧EM_SETPASSWORDCHAR
也没用什么内存分析,注入的吧?
那他是怎么弄的呢 请高手指点
--------------------编程问答-------------------- http://www.vbgood.com/viewthread.php?tid=85813&extra=page%3D1
这里有脱壳文件下载 和上面一样的内容
补充:VB , API
