- UID
- 59317
注册时间2009-1-28
阅读权限40
最后登录1970-1-1
独步武林
 
TA的每日心情 | 无聊
2024-1-15 22:57 |
|---|
签到天数: 3 天 [LV.2]偶尔看看I
|
本帖最后由 zaas 于 2025-6-23 15:01 编辑
刚刚看到了之前版本的破解记录,并没有什么新加密措施,只是我忘了~~~年纪大了忘性大
又从头分析了一遍。。。浪费时间浪费生命。。。。。
qword ptr ds:[0000000000E9311C L"SOFTWARE\\Classes\\CLSID\\{25078A8E-FA7B-4ECE-B58D-D6FCAF67A375}"]=540046004F0053
Computer\HKEY_USERS\S-1-5-21-76941862-3110539684-1773814691-1001\SOFTWARE\Classes\CLSID\{25078A8E-FA7B-4ECE-B58D-D6FCAF67A375}
[Asm] 纯文本查看 复制代码 0000000000E9BA38 | 48:8B05 A9141000 | mov rax,qword ptr ds:[F9CEE8] | 0000000000F9CEE8:"@满"
0000000000E9BA38 | 48:8B05 A9141000 | mov rax,qword ptr ds:[F9CEE8] | 0000000000F9CEE8:"@满"
0000000000E9BA3F | 8850 66 | mov byte ptr ds:[rax+66],dl |
0000000000E9BA42 | 84D2 | test dl,dl |
0000000000E9BA44 | 0F85 D0000000 | jne wiseduplicatefinder.E9BB1A |
0000000000E9BA51 | 48:8D15 48010000 | lea rdx,qword ptr ds:[<sub_E9BBA0>] | 0000000000E9BBA0:L"SOFTWARE\\WiseCleaner\\WiseDuplicateFinder"
0000000000E9BA58 | 4C:8D05 A1010000 | lea r8,qword ptr ds:[E9BC00] | 0000000000E9BC00:L"License Key"
0000000000E9BA5F | E8 CC0DA0FF | call <wiseduplicatefinder.sub_89C830> |
0000000000E9BA64 | 48:C7C1 01000080 | mov rcx,FFFFFFFF80000001 | rcx:&"0鮢"
0000000000E9BA6B | 48:8D15 2E010000 | lea rdx,qword ptr ds:[<sub_E9BBA0>] | 0000000000E9BBA0:L"SOFTWARE\\WiseCleaner\\WiseDuplicateFinder"
0000000000E9BA72 | 4C:8D05 AB010000 | lea r8,qword ptr ds:[<sub_E9BC24>] | 0000000000E9BC24:L"Expire Date"
0000000000E9BA79 | E8 B20DA0FF | call <wiseduplicatefinder.sub_89C830> |
0000000000E9BA7E | 48:C7C1 01000080 | mov rcx,FFFFFFFF80000001 | rcx:&"0鮢"
0000000000E9BA85 | 48:8D15 BC010000 | lea rdx,qword ptr ds:[<sub_E9BC48>] | 0000000000E9BC48:L"SOFTWARE\\Wow6432Node\\WiseCleaner\\WiseDuplicateFinder"
0000000000E9BA8C | 4C:8D05 6D010000 | lea r8,qword ptr ds:[E9BC00] | 0000000000E9BC00:L"License Key"
0000000000E9BA93 | E8 980DA0FF | call <wiseduplicatefinder.sub_89C830> |
0000000000E9BA98 | 48:C7C1 01000080 | mov rcx,FFFFFFFF80000001 | rcx:&"0鮢"
0000000000E9BA9F | 48:8D15 A2010000 | lea rdx,qword ptr ds:[<sub_E9BC48>] | 0000000000E9BC48:L"SOFTWARE\\Wow6432Node\\WiseCleaner\\WiseDuplicateFinder"
0000000000E9BAA6 | 4C:8D05 77010000 | lea r8,qword ptr ds:[<sub_E9BC24>] | 0000000000E9BC24:L"Expire Date"
0000000000E9BAAD | E8 7E0DA0FF | call <wiseduplicatefinder.sub_89C830> |
0000000000E9BAB2 | 48:C7C1 01000080 | mov rcx,FFFFFFFF80000001 | rcx:&"0鮢"
0000000000E9BAB9 | 48:8D15 00020000 | lea rdx,qword ptr ds:[<sub_E9BCC0>] | 0000000000E9BCC0:L"SOFTWARE\\Classes\\CLSID\\{25078A8E-FA7B-4ECE-B58D-D6FCAF67A375}"
0000000000E9BAC0 | 4C:8D05 39010000 | lea r8,qword ptr ds:[E9BC00] | 0000000000E9BC00:L"License Key"
CRC—— selfCheck:
[Asm] 纯文本查看 复制代码 00000000004FD8A5 | 75 4F | jne wiseduplicatefinder1.4FD8F6 |
00000000004FD8A7 | 48:8B4D 48 | mov rcx,qword ptr ss:[rbp+48] |
00000000004FD8AB | 48:8D95 86000000 | lea rdx,qword ptr ss:[rbp+86] |
00000000004FD8B2 | 41:B8 04010000 | mov r8d,104 |
00000000004FD8B8 | E8 F363F2FF | call <JMP.&GetModuleFileNameW> |
00000000004FD8BD | 48:8D8D 86000000 | lea rcx,qword ptr ss:[rbp+86] |
00000000004FD8C4 | BA 00000080 | mov edx,80000000 |
00000000004FD8C9 | 41:B8 03000000 | mov r8d,3 |
00000000004FD8CF | 4D:33C9 | xor r9,r9 |
00000000004FD8D2 | C74424 20 03000000 | mov dword ptr ss:[rsp+20],3 |
00000000004FD8DA | C74424 28 00000000 | mov dword ptr ss:[rsp+28],0 |
00000000004FD8E2 | 48:C74424 30 00000000 | mov qword ptr ss:[rsp+30],0 |
00000000004FD8EB | E8 305EF2FF | call <JMP.&CreateFileW> |
00000000004FD8F0 | 48:8945 50 | mov qword ptr ss:[rbp+50],rax |
00000000004FD8F4 | EB 4D | jmp wiseduplicatefinder1.4FD943 |
00000000004FD8F6 | 48:8B4D 48 | mov rcx,qword ptr ss:[rbp+48] |
00000000004FD8FA | 48:8D95 86000000 | lea rdx,qword ptr ss:[rbp+86] |
00000000004FD901 | 41:B8 04010000 | mov r8d,104 |
00000000004FD907 | E8 9463F2FF | call <JMP.&GetModuleFileNameA> |
00000000004FD90C | 48:8D8D 86000000 | lea rcx,qword ptr ss:[rbp+86] |
00000000004FD913 | BA 00000080 | mov edx,80000000 |
00000000004FD918 | 41:B8 03000000 | mov r8d,3 |
00000000004FD91E | 4D:33C9 | xor r9,r9 |
00000000004FD921 | C74424 20 03000000 | mov dword ptr ss:[rsp+20],3 |
00000000004FD929 | C74424 28 00000000 | mov dword ptr ss:[rsp+28],0 |
00000000004FD931 | 48:C74424 30 00000000 | mov qword ptr ss:[rsp+30],0 |
00000000004FD93A | E8 D15DF2FF | call <JMP.&CreateFileA> |
00000000004FD93F | 48:8945 50 | mov qword ptr ss:[rbp+50],rax |
00000000004FD943 | 48:8B45 50 | mov rax,qword ptr ss:[rbp+50] |
00000000004FD947 | 48:83F8 FF | cmp rax,FFFFFFFFFFFFFFFF |
00000000004FD94B | 0F84 E1000000 | je wiseduplicatefinder1.4FDA32 |
00000000004FD951 | 48:8B4D 50 | mov rcx,qword ptr ss:[rbp+50] |
00000000004FD955 | 33D2 | xor edx,edx |
00000000004FD957 | 41:B8 02000000 | mov r8d,2 |
00000000004FD95D | 4D:33C9 | xor r9,r9 |
00000000004FD960 | C74424 20 00000000 | mov dword ptr ss:[rsp+20],0 |
00000000004FD968 | 48:C74424 28 00000000 | mov qword ptr ss:[rsp+28],0 |
00000000004FD971 | E8 BA5DF2FF | call <JMP.&CreateFileMappingW> |
00000000004FD976 | 48:8945 58 | mov qword ptr ss:[rbp+58],rax | [rbp+58]:&" 鍿"
00000000004FD97A | 48:8B45 58 | mov rax,qword ptr ss:[rbp+58] | [rbp+58]:&" 鍿"
00000000004FD97E | 48:85C0 | test rax,rax |
00000000004FD981 | 0F84 A2000000 | je wiseduplicatefinder1.4FDA29 |
00000000004FD987 | 48:8B4D 58 | mov rcx,qword ptr ss:[rbp+58] | [rbp+58]:&" 鍿"
00000000004FD98B | BA 04000000 | mov edx,4 |
00000000004FD990 | 4D:33C0 | xor r8,r8 |
00000000004FD993 | 4D:33C9 | xor r9,r9 |
00000000004FD996 | 48:C74424 20 00000000 | mov qword ptr ss:[rsp+20],0 |
00000000004FD99F | E8 0C68F2FF | call <JMP.&MapViewOfFile> |
00000000004FD9A4 | 48:89C3 | mov rbx,rax | rbx:&" 鍿"
00000000004FD9A7 | 48:85DB | test rbx,rbx | rbx:&" 鍿"
00000000004FD9AA | 74 74 | je wiseduplicatefinder1.4FDA20 |
00000000004FD9AC | 48:89D9 | mov rcx,rbx | rbx:&" 鍿"
00000000004FD9AF | E8 BC4FF3FF | call <wiseduplicatefinder1.sub_432970> |
00000000004FD9B4 | 48:85C0 | test rax,rax |
00000000004FD9B7 | 74 5F | je wiseduplicatefinder1.4FDA18 |
00000000004FD9B9 | 66:8178 18 0B02 | cmp word ptr ds:[rax+18],20B |
00000000004FD9BF | 75 06 | jne wiseduplicatefinder1.4FD9C7 |
00000000004FD9C1 | 48:8D78 58 | lea rdi,qword ptr ds:[rax+58] |
00000000004FD9C5 | EB 04 | jmp wiseduplicatefinder1.4FD9CB |
00000000004FD9C7 | 48:8D78 58 | lea rdi,qword ptr ds:[rax+58] |
00000000004FD9CB | 833F 00 | cmp dword ptr ds:[rdi],0 |
00000000004FD9CE | 74 48 | je wiseduplicatefinder1.4FDA18 |
00000000004FD9D0 | 48:8B4D 50 | mov rcx,qword ptr ss:[rbp+50] |
00000000004FD9D4 | 33D2 | xor edx,edx |
00000000004FD9D6 | E8 2562F2FF | call <JMP.&GetFileSize> |
00000000004FD9DB | 89C6 | mov esi,eax |
00000000004FD9DD | 44:8BEF | mov r13d,edi |
00000000004FD9E0 | 44:2BEB | sub r13d,ebx | ebx:&" 鍿"
00000000004FD9E3 | 48:89E9 | mov rcx,rbp |
00000000004FD9E6 | 48:89DA | mov rdx,rbx | rbx:&" 鍿"
00000000004FD9E9 | 45:89E8 | mov r8d,r13d |
00000000004FD9EC | 4D:33C9 | xor r9,r9 |
00000000004FD9EF | E8 DCFDFFFF | call <wiseduplicatefinder1.sub_4FD7D0> |
00000000004FD9F4 | 48:89E9 | mov rcx,rbp |
00000000004FD9F7 | 48:8D57 04 | lea rdx,qword ptr ds:[rdi+4] |
00000000004FD9FB | 44:8BC6 | mov r8d,esi |
00000000004FD9FE | 45:2BC5 | sub r8d,r13d |
00000000004FDA01 | 41:83E8 04 | sub r8d,4 |
00000000004FDA05 | 41:89C1 | mov r9d,eax |
00000000004FDA08 | E8 C3FDFFFF | call <wiseduplicatefinder1.sub_4FD7D0> |
00000000004FDA0D | 03C6 | add eax,esi |
00000000004FDA0F | 3B07 | cmp eax,dword ptr ds:[rdi] |
00000000004FDA11 | 74 05 | je wiseduplicatefinder1.4FDA18 |
00000000004FDA13 | B0 01 | mov al,1 |
00000000004FDA15 | 8845 47 | mov byte ptr ss:[rbp+47],al |
00000000004FDA18 | 48:89D9 | mov rcx,rbx | rbx:&" 鍿"
00000000004FDA1B | E8 206AF2FF | call <JMP.&UnmapViewOfFile> |
00000000004FDA20 | 48:8B4D 58 | mov rcx,qword ptr ss:[rbp+58] | [rbp+58]:&" 鍿"
00000000004FDA24 | E8 D75BF2FF | call <JMP.&CloseHandle> |
00000000004FDA29 | 48:8B4D 50 | mov rcx,qword ptr ss:[rbp+50] |
00000000004FDA2D | E8 CE5BF2FF | call <JMP.&CloseHandle> |
00000000004FDA32 | 48:0FB645 47 | movzx rax,byte ptr ss:[rbp+47] |
00000000004FDA37 | 84C0 | test al,al |
00000000004FDA39 | 0F84 E5000000 | je wiseduplicatefinder1.4FDB24 |
00000000004FDA3F | E8 0C65F2FF | call <JMP.&GetVersion> |
00000000004FDA44 | F7C0 00000080 | test eax,80000000 |
00000000004FDA4A | 75 39 | jne wiseduplicatefinder1.4FDA85 |
reg:
[Asm] 纯文本查看 复制代码 0000000000893CC0 | 55 | push rbp |
0000000000893CC1 | 48:83EC 30 | sub rsp,30 |
0000000000893CC5 | 48:8BEC | mov rbp,rsp |
0000000000893CC8 | 48:C745 28 00000000 | mov qword ptr ss:[rbp+28],0 | [rbp+28]:GetLayout+6C
0000000000893CD0 | 48:894D 40 | mov qword ptr ss:[rbp+40],rcx |
0000000000893CD4 | 48:8B4D 40 | mov rcx,qword ptr ss:[rbp+40] |
0000000000893CD8 | E8 93D9B7FF | call <wiseduplicatefinder.sub_411670> |
0000000000893CDD | 90 | nop |
0000000000893CDE | 48:8D4D 28 | lea rcx,qword ptr ss:[rbp+28] | [rbp+28]:GetLayout+6C
0000000000893CE2 | 48:8B55 40 | mov rdx,qword ptr ss:[rbp+40] |
0000000000893CE6 | E8 75F6B7FF | call <wiseduplicatefinder.sub_413360> |
0000000000893CEB | 48:8D0D 5A000000 | lea rcx,qword ptr ds:[<sub_893D4C>] | 0000000000893D4C:L"^20\\d{2}-[0|1|2|3]\\d-[0|1]\\d"
0000000000893CF2 | 48:8B55 28 | mov rdx,qword ptr ss:[rbp+28] | [rbp+28]:GetLayout+6C
0000000000893CF6 | 4D:33C0 | xor r8,r8 |
0000000000893CF9 | E8 5226F8FF | call <wiseduplicatefinder.sub_816350> |
0000000000893CFE | 8845 27 | mov byte ptr ss:[rbp+27],al |
0000000000893D01 | 90 | nop |
0000000000893D02 | 48:8D4D 28 | lea rcx,qword ptr ss:[rbp+28] | [rbp+28]:GetLayout+6C
0000000000893D06 | E8 75D8B7FF | call <wiseduplicatefinder.sub_411580> |
0000000000893D0B | 48:8D4D 40 | lea rcx,qword ptr ss:[rbp+40] |
0000000000893D0F | E8 CCD7B7FF | call <wiseduplicatefinder.sub_4114E0> |
0000000000893D14 | 48:0FB645 27 | movzx rax,byte ptr ss:[rbp+27] |
0000000000893D19 | 48:8D65 30 | lea rsp,qword ptr ss:[rbp+30] | [rbp+30]:&"0鮢"
0000000000893D1D | 5D | pop rbp |
0000000000893D1E | C3 | ret |
[Asm] 纯文本查看 复制代码 0000000000E1CCCF | 48:C785 88000000 0000000 | mov qword ptr ss:[rbp+88],0 |
0000000000E1CCDA | C685 90000000 11 | mov byte ptr ss:[rbp+90],11 |
0000000000E1CCE1 | C785 98000000 0E000000 | mov dword ptr ss:[rbp+98],E |
0000000000E1CCEB | C685 A0000000 00 | mov byte ptr ss:[rbp+A0],0 |
0000000000E1CCF2 | 48:8B85 38010000 | mov rax,qword ptr ss:[rbp+138] | [rbp+138]:L"3213213213213213213213213123121"
0000000000E1CCF9 | 48:8985 A8000000 | mov qword ptr ss:[rbp+A8],rax |
0000000000E1CD00 | C685 B0000000 11 | mov byte ptr ss:[rbp+B0],11 |
0000000000E1CD07 | 48:8D8D 28010000 | lea rcx,qword ptr ss:[rbp+128] |
0000000000E1CD0E | 48:8D15 67040000 | lea rdx,qword ptr ds:[<sub_E1D17C>] | 0000000000E1D17C:L"http://reg.wisecleaner.com/order/regchecker.php?email=%s&fname=%s&lname=%s&itemid=%d&code=%s"
0000000000E1CD15 | 4C:8D45 68 | lea r8,qword ptr ss:[rbp+68] |
0000000000E1CD19 | 41:B9 04000000 | mov r9d,4 |
[Asm] 纯文本查看 复制代码 0000000000E1DABA | 48:8B8D 80020000 | mov rcx,qword ptr ss:[rbp+280] |
0000000000E1DAC1 | E8 AA3B5FFF | call <wiseduplicatefinder.sub_411670> |
0000000000E1DAC6 | 48:8D8D B0000000 | lea rcx,qword ptr ss:[rbp+B0] |
0000000000E1DACD | 48:8B15 E45365FF | mov rdx,qword ptr ds:[472EB8] | rdx:&" |
评分
-
查看全部评分
|
[复制链接]
IP卡
发表于 
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 
发表于 
