160 - 30 cracking4all.1_crack4all-CSDN博客

本文链接：https://blog.csdn.net/goodnameused/article/details/78585702

环境
Windows XP sp3

工具
exeinfope
ollydbg

查壳
无壳的VB程序

测试
这个serial藏得比较里面，多点几下才能看到

字符串搜索：

00403338   .  50            push eax                                         ; /var18
00403339   .  51            push ecx                                         ; |var28
0040333A   .  C785 40FFFFFF>mov dword ptr ss:[ebp-0xC0],cracking.004027C8    ; |UNICODE "qBQSYdXUe_B\V"
00403344   .  C785 38FFFFFF>mov dword ptr ss:[ebp-0xC8],0x8008               ; |
0040334E   .  FF15 44614000 call dword ptr ds:[<&MSVBVM50.__vbaVarTstEq>]    ; \__vbaVarTstEq
00403354   .  66:85C0       test ax,ax
00403357   .  B9 04000280   mov ecx,0x80020004
0040335C   .  B8 0A000000   mov eax,0xA
00403361   .  894D 80       mov dword ptr ss:[ebp-0x80],ecx
00403364   .  8985 78FFFFFF mov dword ptr ss:[ebp-0x88],eax
0040336A   .  894D 90       mov dword ptr ss:[ebp-0x70],ecx
0040336D   .  8945 88       mov dword ptr ss:[ebp-0x78],eax
00403370   .  0F84 E8000000 je cracking.0040345E
00403376   .  8B35 9C614000 mov esi,dword ptr ds:[<&MSVBVM50.__vbaVarDup>]   ;  MSVBVM50.__vbaVarDup
0040337C   .  BF 08000000   mov edi,0x8
00403381   .  8D95 28FFFFFF lea edx,dword ptr ss:[ebp-0xD8]
00403387   .  8D4D 98       lea ecx,dword ptr ss:[ebp-0x68]
0040338A   .  C785 30FFFFFF>mov dword ptr ss:[ebp-0xD0],cracking.00402824    ;  UNICODE "Valid"
00403394   .  89BD 28FFFFFF mov dword ptr ss:[ebp-0xD8],edi
0040339A   .  FFD6          call esi                                         ;  <&MSVBVM50.__vbaVarDup>
0040339C   .  8D95 38FFFFFF lea edx,dword ptr ss:[ebp-0xC8]
004033A2   .  8D4D A8       lea ecx,dword ptr ss:[ebp-0x58]
004033A5   .  C785 40FFFFFF>mov dword ptr ss:[ebp-0xC0],cracking.004027E8    ;  UNICODE "Password correct, hehe, :-)"