是一段风暴加密的代码,但是找不到加密CALL,不知道是不是被VMP了,是一个VB网络验证程序
005CF6A3 BA C83B4400 MOV EDX,JY007.00443BC8 ; VMProtect begin
005CF6A8 8D4D CC LEA ECX,DWORD PTR SS:[EBP-0x34]
005CF6AB FF15 1C134000 CALL DWORD PTR DS:[0x40131C] ; msvbvm60.__vbaStrCopy
005CF6B1 8D55 CC LEA EDX,DWORD PTR SS:[EBP-0x34]
005CF6B4 52 PUSH EDX
005CF6B5 FF15 D8124000 CALL DWORD PTR DS:[0x4012D8] ; msvbvm60.VarPtr
005CF6BB 8D4D CC LEA ECX,DWORD PTR SS:[EBP-0x34]
005CF6BE FF15 E8134000 CALL DWORD PTR DS:[0x4013E8] ; msvbvm60.__vbaFreeStr
005CF6C4 C745 FC 0300000>MOV DWORD PTR SS:[EBP-0x4],0x3
005CF6CB 6A 00 PUSH 0x0
005CF6CD 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8]
005CF6D0 8B88 00040000 MOV ECX,DWORD PTR DS:[EAX+0x400]
005CF6D6 51 PUSH ECX
005CF6D7 FF15 34124000 CALL DWORD PTR DS:[0x401234] ; msvbvm60.__vbaObjIs
005CF6DD 0FBFD0 MOVSX EDX,AX
005CF6E0 85D2 TEST EDX,EDX
005CF6E2 74 37 JE SHORT JY007.005CF71B
005CF6E4 C745 FC 0400000>MOV DWORD PTR SS:[EBP-0x4],0x4
005CF6EB 68 98264100 PUSH JY007.00412698
005CF6F0 FF15 18124000 CALL DWORD PTR DS:[0x401218] ; msvbvm60.__vbaNew
005CF6F6 50 PUSH EAX
005CF6F7 8D45 C8 LEA EAX,DWORD PTR SS:[EBP-0x38]
005CF6FA 50 PUSH EAX
005CF6FB FF15 1C114000 CALL DWORD PTR DS:[0x40111C] ; msvbvm60.__vbaObjSet
005CF701 50 PUSH EAX
005CF702 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8]
005CF705 81C1 00040000 ADD ECX,0x400
005CF70B 51 PUSH ECX
005CF70C FF15 28114000 CALL DWORD PTR DS:[0x401128] ; msvbvm60.__vbaObjSetAddref
005CF712 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-0x38]
005CF715 FF15 EC134000 CALL DWORD PTR DS:[0x4013EC] ; msvbvm60.__vbaFreeObj
005CF71B C745 FC 0600000>MOV DWORD PTR SS:[EBP-0x4],0x6
005CF722 6A 00 PUSH 0x0
005CF724 68 FF000000 PUSH 0xFF
005CF729 6A 01 PUSH 0x1
005CF72B 6A 11 PUSH 0x11
005CF72D 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-0x30]
005CF730 52 PUSH EDX
005CF731 6A 01 PUSH 0x1
005CF733 68 80000000 PUSH 0x80
005CF738 FF15 04124000 CALL DWORD PTR DS:[0x401204] ; msvbvm60.__vbaRedim
005CF73E 83C4 1C ADD ESP,0x1C
005CF741 C745 FC 0700000>MOV DWORD PTR SS:[EBP-0x4],0x7
005CF748 8D45 A4 LEA EAX,DWORD PTR SS:[EBP-0x5C]
005CF74B 50 PUSH EAX
005CF74C 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-0x30]
005CF74F 51 PUSH ECX
005CF750 8B55 08 MOV EDX,DWORD PTR SS:[EBP+0x8]
005CF753 81C2 98030000 ADD EDX,0x398
005CF759 52 PUSH EDX
005CF75A 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8]
005CF75D 8B88 00040000 MOV ECX,DWORD PTR DS:[EAX+0x400]
005CF763 8B55 08 MOV EDX,DWORD PTR SS:[EBP+0x8]
005CF766 8B82 00040000 MOV EAX,DWORD PTR DS:[EDX+0x400]
005CF76C 8B10 MOV EDX,DWORD PTR DS:[EAX]
005CF76E 51 PUSH ECX
005CF76F FF52 1C CALL DWORD PTR DS:[EDX+0x1C]
005CF772 DBE2 FCLEX
005CF774 8945 A0 MOV DWORD PTR SS:[EBP-0x60],EAX
005CF777 837D A0 00 CMP DWORD PTR SS:[EBP-0x60],0x0
005CF77B 7D 20 JGE SHORT JY007.005CF79D
005CF77D 6A 1C PUSH 0x1C
005CF77F 68 A41E4400 PUSH JY007.00441EA4
005CF784 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8]
005CF787 8B88 00040000 MOV ECX,DWORD PTR DS:[EAX+0x400]
005CF78D 51 PUSH ECX
005CF78E 8B55 A0 MOV EDX,DWORD PTR SS:[EBP-0x60]
005CF791 52 PUSH EDX
005CF792 FF15 B0104000 CALL DWORD PTR DS:[0x4010B0] ; msvbvm60.__vbaHresultCheckObj
005CF798 8945 88 MOV DWORD PTR SS:[EBP-0x78],EAX
005CF79B EB 07 JMP SHORT JY007.005CF7A4
005CF79D C745 88 0000000>MOV DWORD PTR SS:[EBP-0x78],0x0
005CF7A4 8B45 A4 MOV EAX,DWORD PTR SS:[EBP-0x5C]
005CF7A7 8945 D8 MOV DWORD PTR SS:[EBP-0x28],EAX
005CF7AA C745 FC 0800000>MOV DWORD PTR SS:[EBP-0x4],0x8
005CF7B1 837D D8 00 CMP DWORD PTR SS:[EBP-0x28],0x0
005CF7B5 7E 30 JLE SHORT JY007.005CF7E7
005CF7B7 C745 FC 0900000>MOV DWORD PTR SS:[EBP-0x4],0x9
005CF7BE 6A 00 PUSH 0x0
005CF7C0 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-0x28]
005CF7C3 83E9 01 SUB ECX,0x1
005CF7C6 0F80 22010000 JO JY007.005CF8EE
005CF7CC 51 PUSH ECX
005CF7CD 6A 01 PUSH 0x1
005CF7CF 6A 11 PUSH 0x11
005CF7D1 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-0x30]
005CF7D4 52 PUSH EDX
005CF7D5 6A 01 PUSH 0x1
005CF7D7 68 80000000 PUSH 0x80
005CF7DC FF15 EC114000 CALL DWORD PTR DS:[0x4011EC] ; msvbvm60.__vbaRedimPreserve
005CF7E2 83C4 1C ADD ESP,0x1C
005CF7E5 EB 05 JMP SHORT JY007.005CF7EC
005CF7E7 E9 B2000000 JMP JY007.005CF89E
005CF7EC C745 FC 0D00000>MOV DWORD PTR SS:[EBP-0x4],0xD
005CF7F3 6A FF PUSH -0x1
005CF7F5 FF15 18114000 CALL DWORD PTR DS:[0x401118] ; msvbvm60.__vbaOnError
005CF7FB C745 FC 0E00000>MOV DWORD PTR SS:[EBP-0x4],0xE
005CF802 8B45 D0 MOV EAX,DWORD PTR SS:[EBP-0x30]
005CF805 8945 C0 MOV DWORD PTR SS:[EBP-0x40],EAX
005CF808 C745 B8 1120000>MOV DWORD PTR SS:[EBP-0x48],0x2011
005CF80F B8 10000000 MOV EAX,0x10
005CF814 E8 F721E4FF CALL JY007.00411A10 ; JMP 到 msvbvm60.__vbaChkstk
005CF819 8BCC MOV ECX,ESP
005CF81B 8B55 B8 MOV EDX,DWORD PTR SS:[EBP-0x48]
005CF81E 8911 MOV DWORD PTR DS:[ECX],EDX
005CF820 8B45 BC MOV EAX,DWORD PTR SS:[EBP-0x44]
005CF823 8941 04 MOV DWORD PTR DS:[ECX+0x4],EAX
005CF826 8B55 C0 MOV EDX,DWORD PTR SS:[EBP-0x40]
005CF829 8951 08 MOV DWORD PTR DS:[ECX+0x8],EDX
005CF82C 8B45 C4 MOV EAX,DWORD PTR SS:[EBP-0x3C]
005CF82F 8941 0C MOV DWORD PTR DS:[ECX+0xC],EAX
005CF832 6A 01 PUSH 0x1
005CF834 6A 43 PUSH 0x43
005CF836 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8]
005CF839 8B11 MOV EDX,DWORD PTR DS:[ECX]
005CF83B 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8]
005CF83E 50 PUSH EAX
005CF83F FF92 68060000 CALL DWORD PTR DS:[EDX+0x668]
005CF845 50 PUSH EAX
005CF846 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-0x38]
005CF849 51 PUSH ECX
005CF84A FF15 1C114000 CALL DWORD PTR DS:[0x40111C] ; msvbvm60.__vbaObjSet
005CF850 50 PUSH EAX
005CF851 FF15 3C104000 CALL DWORD PTR DS:[0x40103C] ; msvbvm60.__vbaLateIdCall
005CF857 83C4 1C ADD ESP,0x1C
005CF85A 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-0x38]
005CF85D FF15 EC134000 CALL DWORD PTR DS:[0x4013EC] ; msvbvm60.__vbaFreeObj
005CF863 C745 FC 0F00000>MOV DWORD PTR SS:[EBP-0x4],0xF
005CF86A BA 203C4400 MOV EDX,JY007.00443C20 ; VMProtect end
[培训]科锐逆向工程师培训第53期2025年7月8日开班!
