Wise Duplicate Finder Pro v2.1.7 绿色版
本帖最后由 zaas 于 2025-6-23 15:01 编辑刚刚看到了之前版本的破解记录,并没有什么新加密措施,只是我忘了~~~年纪大了忘性大{:cry:}
又从头分析了一遍。。。浪费时间浪费生命。。。。。
**** Hidden Message *****
qword ptr ds:=540046004F0053
Computer\HKEY_USERS\S-1-5-21-76941862-3110539684-1773814691-1001\SOFTWARE\Classes\CLSID\{25078A8E-FA7B-4ECE-B58D-D6FCAF67A375}
0000000000E9BA38 | 48:8B05 A9141000 | mov rax,qword ptr ds: | 0000000000F9CEE8:"@满"
0000000000E9BA38 | 48:8B05 A9141000 | mov rax,qword ptr ds: | 0000000000F9CEE8:"@满"
0000000000E9BA3F | 8850 66 | mov byte ptr ds:,dl |
0000000000E9BA42 | 84D2 | test dl,dl |
0000000000E9BA44 | 0F85 D0000000 | jne wiseduplicatefinder.E9BB1A |
0000000000E9BA51 | 48:8D15 48010000 | lea rdx,qword ptr ds:[<sub_E9BBA0>] | 0000000000E9BBA0:L"SOFTWARE\\WiseCleaner\\WiseDuplicateFinder"
0000000000E9BA58 | 4C:8D05 A1010000 | lea r8,qword ptr ds: | 0000000000E9BC00:L"License Key"
0000000000E9BA5F | E8 CC0DA0FF | call <wiseduplicatefinder.sub_89C830> |
0000000000E9BA64 | 48:C7C1 01000080 | mov rcx,FFFFFFFF80000001 | rcx:&"0鮢"
0000000000E9BA6B | 48:8D15 2E010000 | lea rdx,qword ptr ds:[<sub_E9BBA0>] | 0000000000E9BBA0:L"SOFTWARE\\WiseCleaner\\WiseDuplicateFinder"
0000000000E9BA72 | 4C:8D05 AB010000 | lea r8,qword ptr ds:[<sub_E9BC24>] | 0000000000E9BC24:L"Expire Date"
0000000000E9BA79 | E8 B20DA0FF | call <wiseduplicatefinder.sub_89C830> |
0000000000E9BA7E | 48:C7C1 01000080 | mov rcx,FFFFFFFF80000001 | rcx:&"0鮢"
0000000000E9BA85 | 48:8D15 BC010000 | lea rdx,qword ptr ds:[<sub_E9BC48>] | 0000000000E9BC48:L"SOFTWARE\\Wow6432Node\\WiseCleaner\\WiseDuplicateFinder"
0000000000E9BA8C | 4C:8D05 6D010000 | lea r8,qword ptr ds: | 0000000000E9BC00:L"License Key"
0000000000E9BA93 | E8 980DA0FF | call <wiseduplicatefinder.sub_89C830> |
0000000000E9BA98 | 48:C7C1 01000080 | mov rcx,FFFFFFFF80000001 | rcx:&"0鮢"
0000000000E9BA9F | 48:8D15 A2010000 | lea rdx,qword ptr ds:[<sub_E9BC48>] | 0000000000E9BC48:L"SOFTWARE\\Wow6432Node\\WiseCleaner\\WiseDuplicateFinder"
0000000000E9BAA6 | 4C:8D05 77010000 | lea r8,qword ptr ds:[<sub_E9BC24>] | 0000000000E9BC24:L"Expire Date"
0000000000E9BAAD | E8 7E0DA0FF | call <wiseduplicatefinder.sub_89C830> |
0000000000E9BAB2 | 48:C7C1 01000080 | mov rcx,FFFFFFFF80000001 | rcx:&"0鮢"
0000000000E9BAB9 | 48:8D15 00020000 | lea rdx,qword ptr ds:[<sub_E9BCC0>] | 0000000000E9BCC0:L"SOFTWARE\\Classes\\CLSID\\{25078A8E-FA7B-4ECE-B58D-D6FCAF67A375}"
0000000000E9BAC0 | 4C:8D05 39010000 | lea r8,qword ptr ds: | 0000000000E9BC00:L"License Key"
CRC—— selfCheck:
00000000004FD8A5 | 75 4F | jne wiseduplicatefinder1.4FD8F6 |
00000000004FD8A7 | 48:8B4D 48 | mov rcx,qword ptr ss: |
00000000004FD8AB | 48:8D95 86000000 | lea rdx,qword ptr ss: |
00000000004FD8B2 | 41:B8 04010000 | mov r8d,104 |
00000000004FD8B8 | E8 F363F2FF | call <JMP.&GetModuleFileNameW> |
00000000004FD8BD | 48:8D8D 86000000 | lea rcx,qword ptr ss: |
00000000004FD8C4 | BA 00000080 | mov edx,80000000 |
00000000004FD8C9 | 41:B8 03000000 | mov r8d,3 |
00000000004FD8CF | 4D:33C9 | xor r9,r9 |
00000000004FD8D2 | C74424 20 03000000 | mov dword ptr ss:,3 |
00000000004FD8DA | C74424 28 00000000 | mov dword ptr ss:,0 |
00000000004FD8E2 | 48:C74424 30 00000000 | mov qword ptr ss:,0 |
00000000004FD8EB | E8 305EF2FF | call <JMP.&CreateFileW> |
00000000004FD8F0 | 48:8945 50 | mov qword ptr ss:,rax |
00000000004FD8F4 | EB 4D | jmp wiseduplicatefinder1.4FD943 |
00000000004FD8F6 | 48:8B4D 48 | mov rcx,qword ptr ss: |
00000000004FD8FA | 48:8D95 86000000 | lea rdx,qword ptr ss: |
00000000004FD901 | 41:B8 04010000 | mov r8d,104 |
00000000004FD907 | E8 9463F2FF | call <JMP.&GetModuleFileNameA> |
00000000004FD90C | 48:8D8D 86000000 | lea rcx,qword ptr ss: |
00000000004FD913 | BA 00000080 | mov edx,80000000 |
00000000004FD918 | 41:B8 03000000 | mov r8d,3 |
00000000004FD91E | 4D:33C9 | xor r9,r9 |
00000000004FD921 | C74424 20 03000000 | mov dword ptr ss:,3 |
00000000004FD929 | C74424 28 00000000 | mov dword ptr ss:,0 |
00000000004FD931 | 48:C74424 30 00000000 | mov qword ptr ss:,0 |
00000000004FD93A | E8 D15DF2FF | call <JMP.&CreateFileA> |
00000000004FD93F | 48:8945 50 | mov qword ptr ss:,rax |
00000000004FD943 | 48:8B45 50 | mov rax,qword ptr ss: |
00000000004FD947 | 48:83F8 FF | cmp rax,FFFFFFFFFFFFFFFF |
00000000004FD94B | 0F84 E1000000 | je wiseduplicatefinder1.4FDA32 |
00000000004FD951 | 48:8B4D 50 | mov rcx,qword ptr ss: |
00000000004FD955 | 33D2 | xor edx,edx |
00000000004FD957 | 41:B8 02000000 | mov r8d,2 |
00000000004FD95D | 4D:33C9 | xor r9,r9 |
00000000004FD960 | C74424 20 00000000 | mov dword ptr ss:,0 |
00000000004FD968 | 48:C74424 28 00000000 | mov qword ptr ss:,0 |
00000000004FD971 | E8 BA5DF2FF | call <JMP.&CreateFileMappingW> |
00000000004FD976 | 48:8945 58 | mov qword ptr ss:,rax | :&" 鍿"
00000000004FD97A | 48:8B45 58 | mov rax,qword ptr ss: | :&" 鍿"
00000000004FD97E | 48:85C0 | test rax,rax |
00000000004FD981 | 0F84 A2000000 | je wiseduplicatefinder1.4FDA29 |
00000000004FD987 | 48:8B4D 58 | mov rcx,qword ptr ss: | :&" 鍿"
00000000004FD98B | BA 04000000 | mov edx,4 |
00000000004FD990 | 4D:33C0 | xor r8,r8 |
00000000004FD993 | 4D:33C9 | xor r9,r9 |
00000000004FD996 | 48:C74424 20 00000000 | mov qword ptr ss:,0 |
00000000004FD99F | E8 0C68F2FF | call <JMP.&MapViewOfFile> |
00000000004FD9A4 | 48:89C3 | mov rbx,rax | rbx:&" 鍿"
00000000004FD9A7 | 48:85DB | test rbx,rbx | rbx:&" 鍿"
00000000004FD9AA | 74 74 | je wiseduplicatefinder1.4FDA20 |
00000000004FD9AC | 48:89D9 | mov rcx,rbx | rbx:&" 鍿"
00000000004FD9AF | E8 BC4FF3FF | call <wiseduplicatefinder1.sub_432970> |
00000000004FD9B4 | 48:85C0 | test rax,rax |
00000000004FD9B7 | 74 5F | je wiseduplicatefinder1.4FDA18 |
00000000004FD9B9 | 66:8178 18 0B02 | cmp word ptr ds:,20B |
00000000004FD9BF | 75 06 | jne wiseduplicatefinder1.4FD9C7 |
00000000004FD9C1 | 48:8D78 58 | lea rdi,qword ptr ds: |
00000000004FD9C5 | EB 04 | jmp wiseduplicatefinder1.4FD9CB |
00000000004FD9C7 | 48:8D78 58 | lea rdi,qword ptr ds: |
00000000004FD9CB | 833F 00 | cmp dword ptr ds:,0 |
00000000004FD9CE | 74 48 | je wiseduplicatefinder1.4FDA18 |
00000000004FD9D0 | 48:8B4D 50 | mov rcx,qword ptr ss: |
00000000004FD9D4 | 33D2 | xor edx,edx |
00000000004FD9D6 | E8 2562F2FF | call <JMP.&GetFileSize> |
00000000004FD9DB | 89C6 | mov esi,eax |
00000000004FD9DD | 44:8BEF | mov r13d,edi |
00000000004FD9E0 | 44:2BEB | sub r13d,ebx | ebx:&" 鍿"
00000000004FD9E3 | 48:89E9 | mov rcx,rbp |
00000000004FD9E6 | 48:89DA | mov rdx,rbx | rbx:&" 鍿"
00000000004FD9E9 | 45:89E8 | mov r8d,r13d |
00000000004FD9EC | 4D:33C9 | xor r9,r9 |
00000000004FD9EF | E8 DCFDFFFF | call <wiseduplicatefinder1.sub_4FD7D0> |
00000000004FD9F4 | 48:89E9 | mov rcx,rbp |
00000000004FD9F7 | 48:8D57 04 | lea rdx,qword ptr ds: |
00000000004FD9FB | 44:8BC6 | mov r8d,esi |
00000000004FD9FE | 45:2BC5 | sub r8d,r13d |
00000000004FDA01 | 41:83E8 04 | sub r8d,4 |
00000000004FDA05 | 41:89C1 | mov r9d,eax |
00000000004FDA08 | E8 C3FDFFFF | call <wiseduplicatefinder1.sub_4FD7D0> |
00000000004FDA0D | 03C6 | add eax,esi |
00000000004FDA0F | 3B07 | cmp eax,dword ptr ds: |
00000000004FDA11 | 74 05 | je wiseduplicatefinder1.4FDA18 |
00000000004FDA13 | B0 01 | mov al,1 |
00000000004FDA15 | 8845 47 | mov byte ptr ss:,al |
00000000004FDA18 | 48:89D9 | mov rcx,rbx | rbx:&" 鍿"
00000000004FDA1B | E8 206AF2FF | call <JMP.&UnmapViewOfFile> |
00000000004FDA20 | 48:8B4D 58 | mov rcx,qword ptr ss: | :&" 鍿"
00000000004FDA24 | E8 D75BF2FF | call <JMP.&CloseHandle> |
00000000004FDA29 | 48:8B4D 50 | mov rcx,qword ptr ss: |
00000000004FDA2D | E8 CE5BF2FF | call <JMP.&CloseHandle> |
00000000004FDA32 | 48:0FB645 47 | movzx rax,byte ptr ss: |
00000000004FDA37 | 84C0 | test al,al |
00000000004FDA39 | 0F84 E5000000 | je wiseduplicatefinder1.4FDB24 |
00000000004FDA3F | E8 0C65F2FF | call <JMP.&GetVersion> |
00000000004FDA44 | F7C0 00000080 | test eax,80000000 |
00000000004FDA4A | 75 39 | jne wiseduplicatefinder1.4FDA85 |
reg:
0000000000893CC0 | 55 | push rbp |
0000000000893CC1 | 48:83EC 30 | sub rsp,30 |
0000000000893CC5 | 48:8BEC | mov rbp,rsp |
0000000000893CC8 | 48:C745 28 00000000 | mov qword ptr ss:,0 | :GetLayout+6C
0000000000893CD0 | 48:894D 40 | mov qword ptr ss:,rcx |
0000000000893CD4 | 48:8B4D 40 | mov rcx,qword ptr ss: |
0000000000893CD8 | E8 93D9B7FF | call <wiseduplicatefinder.sub_411670> |
0000000000893CDD | 90 | nop |
0000000000893CDE | 48:8D4D 28 | lea rcx,qword ptr ss: | :GetLayout+6C
0000000000893CE2 | 48:8B55 40 | mov rdx,qword ptr ss: |
0000000000893CE6 | E8 75F6B7FF | call <wiseduplicatefinder.sub_413360> |
0000000000893CEB | 48:8D0D 5A000000 | lea rcx,qword ptr ds:[<sub_893D4C>] | 0000000000893D4C:L"^20\\d{2}-\\d-\\d"
0000000000893CF2 | 48:8B55 28 | mov rdx,qword ptr ss: | :GetLayout+6C
0000000000893CF6 | 4D:33C0 | xor r8,r8 |
0000000000893CF9 | E8 5226F8FF | call <wiseduplicatefinder.sub_816350> |
0000000000893CFE | 8845 27 | mov byte ptr ss:,al |
0000000000893D01 | 90 | nop |
0000000000893D02 | 48:8D4D 28 | lea rcx,qword ptr ss: | :GetLayout+6C
0000000000893D06 | E8 75D8B7FF | call <wiseduplicatefinder.sub_411580> |
0000000000893D0B | 48:8D4D 40 | lea rcx,qword ptr ss: |
0000000000893D0F | E8 CCD7B7FF | call <wiseduplicatefinder.sub_4114E0> |
0000000000893D14 | 48:0FB645 27 | movzx rax,byte ptr ss: |
0000000000893D19 | 48:8D65 30 | lea rsp,qword ptr ss: | :&"0鮢"
0000000000893D1D | 5D | pop rbp |
0000000000893D1E | C3 | ret |
0000000000E1CCCF | 48:C785 88000000 0000000 | mov qword ptr ss:,0 |
0000000000E1CCDA | C685 90000000 11 | mov byte ptr ss:,11 |
0000000000E1CCE1 | C785 98000000 0E000000 | mov dword ptr ss:,E |
0000000000E1CCEB | C685 A0000000 00 | mov byte ptr ss:,0 |
0000000000E1CCF2 | 48:8B85 38010000 | mov rax,qword ptr ss: | :L"3213213213213213213213213123121"
0000000000E1CCF9 | 48:8985 A8000000 | mov qword ptr ss:,rax |
0000000000E1CD00 | C685 B0000000 11 | mov byte ptr ss:,11 |
0000000000E1CD07 | 48:8D8D 28010000 | lea rcx,qword ptr ss: |
0000000000E1CD0E | 48:8D15 67040000 | lea rdx,qword ptr ds:[<sub_E1D17C>] | 0000000000E1D17C:L"http://reg.wisecleaner.com/order/regchecker.php?email=%s&fname=%s&lname=%s&itemid=%d&code=%s"
0000000000E1CD15 | 4C:8D45 68 | lea r8,qword ptr ss: |
0000000000E1CD19 | 41:B9 04000000 | mov r9d,4 |
0000000000E1DABA | 48:8B8D 80020000 | mov rcx,qword ptr ss: |
0000000000E1DAC1 | E8 AA3B5FFF | call <wiseduplicatefinder.sub_411670> |
0000000000E1DAC6 | 48:8D8D B0000000 | lea rcx,qword ptr ss: |
0000000000E1DACD | 48:8B15 E45365FF | mov rdx,qword ptr ds: | rdx:&" 感谢楼主分享 还是老规矩哦,拿走吱个声.收藏了,感谢分享 PYG有你更精彩! 感谢楼主分享 谢谢经验分享! 感谢分享精品
这个应该走向智能化。特别是选择删除文件上
这个界面比较友好
PYG有你更精彩!谢谢楼主分享{:hug:}{:hug:}