VB初级逆向与利用
今天做一个VB程序的自显注册码。我也不知道该怎么叫,就是找到出现注册码的地方,然后用对话框弹出来。说白了就是用MessageBox把一个字符串给弹出来(没追求阿。。。)
为了有点追求,今天不导入user32里面的API,而是把VB里面自带的Msgbox函数给挖出来调用,就是引用MSVBVM60.rtcMsgBox函数。我手头没有OP资料,自己分析一下这个函数的调用吧。
自己用VB写了一个东东,弹出对话框“Made by nbw”,逆向看了看,大体如下:
* Possible StringData Ref from Code Obj ->"Made by nbw"
|
:00401A25 C745A4CC144000 mov [ebp-5C], 004014CC ;指向字符串
:00401A2C C7459C08000000 mov [ebp-64], 00000008
* Reference To: MSVBVM60.__vbaVarDup, Ord:0000h
|
:00401A33 FF1568104000 Call dword ptr [00401068] ;一个函数,风晓得干么用
:00401A39 8D45AC lea eax, dword ptr [ebp-54]
:00401A3C 8D4DBC lea ecx, dword ptr [ebp-44]
:00401A3F 50 &n
相关文档:
VB根据窗口标题获取应用程序完整路径(来自网络)
Option Explicit
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId A ......
Private Sub Cmd_OK_Click()
Dim ExcelAppX As Excel.Application
Dim ExcelBookX As Excel.Workbook
Dim ExcelSheetX As Excel.Worksheet
Dim a(1 To 3) As Single
Dim strFormat As Variant
......
最简单的方法是使用filesystemobject对象。而它并非VB内置对象,
需引用才可以使用。
1.filesystemObject对象引用
“工程/引用/microsoft scription Runtime”
在对象浏览器窗口中选“scripting”模块,看到增了许多对象,
drive filesystemobject textstream &nbs ......
Welcome to Microsoft Developer Support, Languages team blog! You will find a lot of language related troubleshooting resources here.
Troubleshooting PInvoke Related Issues
I am back with some more PInvoke Stuff. Recently I was working on a PInvoke issue which I found interesting ......
“自动点击按钮”小工具VB源码
Option Explicit
Private Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long
Private Const WM_LBUTTONDOWN = &H201
Private Const WM_LBUTTONUP = &H202
Pri ......
