Popup Ad Stopper 08.02.08破解
Popup Ad Stopper 08.02.08http://sccrc.onlinedown.net/down/passx.zip
注册文件
"CurrentRegisterName"="qwert"
"CurrentUserStatus"="30343B393438"
"CurrentRegisterEmailAddr"="[email protected]"
"ModuleTuccType"="0"
"WinInteraction"="201"
"StopPopupAds"="1"
"StopMessageBoxes"="0"
"StopMsngrSrvcPopups"="0"
"AutoStart"="1"
"HideInTrayOnStartup"="0"
"UseSystemTray"="1"
"WantToolTips"="1"
"NetworkAdapter"="100000"
"TransHandle"="0"
004460b80044610c硬件断点
断点
地址 模块 激活 反汇编 注释
004070E8 pas 始终 REPNE SCAS BYTE PTR ES:
00409071 pas 始终 PUSH pas.0044610C
00409E20 pas 始终 PUSH EBX
00409E2E pas 始终 REPNE SCAS BYTE PTR ES:
00413590 pas 始终 INC ESI
004146EB pas 始终 JE SHORT pas.004146F1
004276C4 pas 始终 PUSH EBP
004276C7 pas 始终 MOV EAX,DWORD PTR DS:
004468FC 00 33 30 33 34 33 36 33 43 33 38 33 35 .3034363C3835
0040A0D0|.33C0 XOR EAX,EAX
0040A0D2|.BF 00694400 MOV EDI,pas.00446900 ;ASCII "1202869240"
0040A0D7|.68 80000000 PUSH 80 ; /BufSize = 80 (128.)
0040A0DC|.68 00694400 PUSH pas.00446900 ; |ReturnBuffer = pas.00446900
0040A0E1|.68 B4C94300 PUSH pas.0043C9B4 ; |Default = "1"
0040A0E6|.68 30C94300 PUSH pas.0043C930 ; |Key = "StrCmpPas"
0040A0EB|.F3:AB REP STOS DWORD PTR ES: ; |
0040A0ED|.68 20C94300 PUSH pas.0043C920 ; |Section = "WinSetStrCmp"
0040A0F2|.FF15 DC024300 CALL DWORD PTR DS:[<&KERNEL32.GetProfile>; \GetProfileStringA
0040A0F8|.83F8 01 CMP EAX,1
0040A0FB|.7F 3A JG SHORT pas.0040A137
0040A0FD|.68 CC864400 PUSH pas.004486CC
0040A102|.E8 BF980000 CALL pas.004139C6
0040A107|.A1 CC864400 MOV EAX,DWORD PTR DS:
0040A10C|.83C4 04 ADD ESP,4
0040A10F|.50 PUSH EAX
0040A110|.68 60CB4300 PUSH pas.0043CB60 ;ASCII "%lu"
0040A115|.68 00694400 PUSH pas.00446900 ;ASCII "1202869240"
0040A11A|.E8 C7930000 CALL pas.004134E6
0040A11F|.83C4 0C ADD ESP,0C
0040A122|.68 00694400 PUSH pas.00446900 ; /String = "1202869240"
0040A127|.68 30C94300 PUSH pas.0043C930 ; |Key = "StrCmpPas"
0040A12C|.68 20C94300 PUSH pas.0043C920 ; |Section = "WinSetStrCmp"
0040A131|.FF15 E0024300 CALL DWORD PTR DS:[<&KERNEL32.WriteProfi>; \WriteProfileStringA
0040A160|.68 B0B24300 PUSH pas.0043B2B0
EDX 00446901 ASCII "0343B393438"
EDI 00447400 pas.00447400
EIP 0040A160 pas.0040A160
ST6 empty 1.0000000000000000000
ST7 empty 1.0000000000000000000
00409F40/$A0 0C614400 MOV AL,BYTE PTR DS:
00409F45|.53 PUSH EBX
00409F46|.33DB XOR EBX,EBX
00409F48|.57 PUSH EDI
00409F49|.3AC3 CMP AL,BL
00409F4B|.75 12 JNZ SHORT pas.00409F5F
00409F4D|.381D B8604400 CMP BYTE PTR DS:,BL
00409F53|.75 0A JNZ SHORT pas.00409F5F
00409F55|.B9 C0674400 MOV ECX,pas.004467C0
00409F5A|.E8 33A10100 CALL pas.00424092
00409F5F|>A1 A0664400 MOV EAX,DWORD PTR DS:
00409F64|.56 PUSH ESI
00409F65|.53 PUSH EBX
00409F66|.68 0C614400 PUSH pas.0044610C ;ASCII "qwert"
00409F6B|.50 PUSH EAX
00409F6C|.E8 1FFEFFFF CALL pas.00409D90
00409F71|.83C4 0C ADD ESP,0C
00409F74|.83F8 01 CMP EAX,1
00409F77|.0F84 92000000 JE pas.0040A00F
00409F7D|.68 D8B24300 PUSH pas.0043B2D8 ;ASCII "Popup Ad Stopper"
00409F82|.68 38D34300 PUSH pas.0043D338 ;ASCII "%s, Your Name for Product Registration Purposes"
00409F87|.68 60854400 PUSH pas.00448560
00409F8C|.E8 55950000 CALL pas.004134E6
00409F91|.BF E8C74300 MOV EDI,pas.0043C7E8 ;ASCII "&Continue"
00409F96|.83C9 FF OR ECX,FFFFFFFF
00409F99|.33C0 XOR EAX,EAX
00409F9B|.881D 40754400 MOV BYTE PTR DS:,BL
00409FA1|.F2:AE REPNE SCAS BYTE PTR ES:
00409FA3|.F7D1 NOT ECX
00409FA5|.2BF9 SUB EDI,ECX
00409FA7|.68 98C54300 PUSH pas.0043C598 ;ASCII "Enter your name or your company name:
This name will be used when you need tech-support or want to register Popup Ad Stopper with ElectraSoft.
Typing your name correctly here will ensure that you will receive excellent t"...
00409FAC|.8BD1 MOV EDX,ECX
00409FAE|.8BF7 MOV ESI,EDI
00409FB0|.BF 50754400 MOV EDI,pas.00447550
00409FB5|.68 0C614400 PUSH pas.0044610C ;ASCII "qwert"
00409FBA|.C1E9 02 SHR ECX,2
00409FBD|.F3:A5 REP MOVS DWORD PTR ES:,DWORD PTR DS>
00409FBF|.8BCA MOV ECX,EDX
00409FC1|.83E1 03 AND ECX,3
00409FC4|.F3:A4 REP MOVS BYTE PTR ES:,BYTE PTR DS:[>
00409FC6|.E8 75E9FFFF CALL pas.00408940
00409FCB|.A1 A0664400 MOV EAX,DWORD PTR DS:
00409FD0|.6A 01 PUSH 1
00409FD2|.68 0C614400 PUSH pas.0044610C ;ASCII "qwert"
00409FD7|.50 PUSH EAX
00409FD8|.E8 B3FDFFFF CALL pas.00409D90
00409FDD|.83C4 20 ADD ESP,20
00409FE0|.83F8 01 CMP EAX,1
00409FE3|.74 2A JE SHORT pas.0040A00F
00409FE5|>68 98C54300 /PUSH pas.0043C598 ;ASCII "Enter your name or your company name:
This name will be used when you need tech-support or want to register Popup Ad Stopper with ElectraSoft.
Typing your name correctly here will ensure that you will receive excellent t"...
00409FEA|.68 0C614400 |PUSH pas.0044610C ;ASCII "qwert"
00409FEF|.E8 4CE9FFFF |CALL pas.00408940
00409FF4|.8B0D A0664400 |MOV ECX,DWORD PTR DS:
00409FFA|.6A 01 |PUSH 1
00409FFC|.68 0C614400 |PUSH pas.0044610C ;ASCII "qwert"
0040A001|.51 |PUSH ECX
0040A002|.E8 89FDFFFF |CALL pas.00409D90
0040A007|.83C4 14 |ADD ESP,14
0040A00A|.83F8 01 |CMP EAX,1
0040A00D|.^ 75 D6 \JNZ SHORT pas.00409FE5
0040A00F|>8B15 A0664400 MOV EDX,DWORD PTR DS:
0040A015|.53 PUSH EBX
0040A016|.68 B8604400 PUSH pas.004460B8 ;ASCII "[email protected]"
0040A01B|.52 PUSH EDX
0040A01C|.E8 FFFDFFFF CALL pas.00409E20
0040A021|.83C4 0C ADD ESP,0C
0040A024|.83F8 01 CMP EAX,1
0040A027|.0F84 93000000 JE pas.0040A0C0
0040A02D|.68 D8B24300 PUSH pas.0043B2D8 ;ASCII "Popup Ad Stopper"
0040A032|.68 FCD24300 PUSH pas.0043D2FC ;ASCII "%s, Your Email Address for Product Registration Purposes"
0040A037|.68 60854400 PUSH pas.00448560
0040A03C|.E8 A5940000 CALL pas.004134E6
0040A041|.BF E8C74300 MOV EDI,pas.0043C7E8 ;ASCII "&Continue"
0040A046|.83C9 FF OR ECX,FFFFFFFF
0040A049|.33C0 XOR EAX,EAX
0040A04B|.881D 40754400 MOV BYTE PTR DS:,BL
0040A051|.F2:AE REPNE SCAS BYTE PTR ES:
0040A053|.F7D1 NOT ECX
0040A055|.2BF9 SUB EDI,ECX
0040A057|.68 BCC64300 PUSH pas.0043C6BC ;ASCII "Enter your email address:
This email address will be used when you need tech-support or want to register Popup Ad Stopper with ElectraSoft.
Typing your email address correctly here will ensure that you will receive excel"...
0040A05C|.8BC1 MOV EAX,ECX
0040A05E|.8BF7 MOV ESI,EDI
0040A060|.BF 50754400 MOV EDI,pas.00447550
0040A065|.68 B8604400 PUSH pas.004460B8 ;ASCII "[email protected]"
0040A06A|.C1E9 02 SHR ECX,2
0040A06D|.F3:A5 REP MOVS DWORD PTR ES:,DWORD PTR DS>
0040A06F|.8BC8 MOV ECX,EAX
0040A071|.83E1 03 AND ECX,3
0040A074|.F3:A4 REP MOVS BYTE PTR ES:,BYTE PTR DS:[>
0040A076|.E8 C5E8FFFF CALL pas.00408940
0040A07B|.8B0D A0664400 MOV ECX,DWORD PTR DS:
0040A081|.6A 01 PUSH 1
0040A083|.68 B8604400 PUSH pas.004460B8 ;ASCII "[email protected]"
0040A088|.51 PUSH ECX
0040A089|.E8 92FDFFFF CALL pas.00409E20
0040A08E|.83C4 20 ADD ESP,20
0040A091|.83F8 01 CMP EAX,1
0040A094|.74 2A JE SHORT pas.0040A0C0
0040A096|>68 BCC64300 /PUSH pas.0043C6BC ;ASCII "Enter your email address:
This email address will be used when you need tech-support or want to register Popup Ad Stopper with ElectraSoft.
Typing your email address correctly here will ensure that you will receive excel"...
0040A09B|.68 B8604400 |PUSH pas.004460B8 ;ASCII "[email protected]"
0040A0A0|.E8 9BE8FFFF |CALL pas.00408940
0040A0A5|.8B15 A0664400 |MOV EDX,DWORD PTR DS:
0040A0AB|.6A 01 |PUSH 1
0040A0AD|.68 B8604400 |PUSH pas.004460B8 ;ASCII "[email protected]"
0040A0B2|.52 |PUSH EDX
0040A0B3|.E8 68FDFFFF |CALL pas.00409E20
0040A0B8|.83C4 14 |ADD ESP,14
0040A0BB|.83F8 01 |CMP EAX,1
0040A0BE|.^ 75 D6 \JNZ SHORT pas.0040A096
0040A0C0|>53 PUSH EBX
0040A0C1|.6A 01 PUSH 1
0040A0C3|.E8 18D8FFFF CALL pas.004078E0
0040A0C8|.83C4 08 ADD ESP,8
0040A0CB|.B9 00020000 MOV ECX,200
0040A0D0|.33C0 XOR EAX,EAX
0040A0D2|.BF 00694400 MOV EDI,pas.00446900 ;ASCII "30343B393438"
0040A0D7|.68 80000000 PUSH 80 ; /BufSize = 80 (128.)
0040A0DC|.68 00694400 PUSH pas.00446900 ; |ReturnBuffer = pas.00446900
0040A0E1|.68 B4C94300 PUSH pas.0043C9B4 ; |Default = "1"
0040A0E6|.68 30C94300 PUSH pas.0043C930 ; |Key = "StrCmpPas"
0040A0EB|.F3:AB REP STOS DWORD PTR ES: ; |
0040A0ED|.68 20C94300 PUSH pas.0043C920 ; |Section = "WinSetStrCmp"
0040A0F2|.FF15 DC024300 CALL DWORD PTR DS:[<&KERNEL32.GetProfile>; \GetProfileStringA
0040A0F8|.83F8 01 CMP EAX,1
0040A0FB|.7F 3A JG SHORT pas.0040A137
0040A0FD|.68 CC864400 PUSH pas.004486CC
0040A102|.E8 BF980000 CALL pas.004139C6
0040A107|.A1 CC864400 MOV EAX,DWORD PTR DS:
0040A10C|.83C4 04 ADD ESP,4
0040A10F|.50 PUSH EAX
0040A110|.68 60CB4300 PUSH pas.0043CB60 ;ASCII "%lu"
0040A115|.68 00694400 PUSH pas.00446900 ;ASCII "30343B393438"
0040A11A|.E8 C7930000 CALL pas.004134E6
0040A11F|.83C4 0C ADD ESP,0C
0040A122|.68 00694400 PUSH pas.00446900 ; /String = "30343B393438"
0040A127|.68 30C94300 PUSH pas.0043C930 ; |Key = "StrCmpPas"
0040A12C|.68 20C94300 PUSH pas.0043C920 ; |Section = "WinSetStrCmp"
0040A131|.FF15 E0024300 CALL DWORD PTR DS:[<&KERNEL32.WriteProfi>; \WriteProfileStringA
0040A137|>B9 40000000 MOV ECX,40
0040A13C|.33C0 XOR EAX,EAX
0040A13E|.BF 00734400 MOV EDI,pas.00447300 ;ASCII "303 43B 393 438"
0040A143|.68 00734400 PUSH pas.00447300 ;ASCII "303 43B 393 438"
0040A148|.68 D8B24300 PUSH pas.0043B2D8 ;ASCII "Popup Ad Stopper"
0040A14D|.68 0C614400 PUSH pas.0044610C ;ASCII "qwert"
0040A152|.F3:AB REP STOS DWORD PTR ES:
0040A154|.E8 C7DAFFFF CALL pas.00407C20
0040A159|.68 2CB24300 PUSH pas.0043B22C ;ASCII "Software\ElectraSoft\Applications\pas"
0040A15E|.6A 20 PUSH 20
0040A160|.68 B0B24300 PUSH pas.0043B2B0
0040A165|.B9 08000000 MOV ECX,8
0040A16A|.33C0 XOR EAX,EAX
0040A16C|.BF B0B24300 MOV EDI,pas.0043B2B0
0040A171|.68 B0B24300 PUSH pas.0043B2B0
0040A176|.68 F4C74300 PUSH pas.0043C7F4 ;ASCII "CurrentUserStatus"
0040A17B|.F3:AB REP STOS DWORD PTR ES:
0040A17D|.68 B8B44300 PUSH pas.0043B4B8 ;ASCII "Configure"
0040A182|.E8 09CDFFFF CALL pas.00406E90
0040A187|.68 00734400 PUSH pas.00447300 ;ASCII "303 43B 393 438"
0040A18C|.891D A4664400 MOV DWORD PTR DS:,EBX
0040A192|.E8 49DAFFFF CALL pas.00407BE0
0040A197|.68 B0B24300 PUSH pas.0043B2B0
0040A19C|.E8 3FDAFFFF CALL pas.00407BE0
0040A1A1|.BF 00734400 MOV EDI,pas.00447300 ;ASCII "303 43B 393 438"
0040A1A6|.83C9 FF OR ECX,FFFFFFFF
0040A1A9|.33C0 XOR EAX,EAX
0040A1AB|.83C4 2C ADD ESP,2C
0040A1AE|.F2:AE REPNE SCAS BYTE PTR ES:
0040A1B0|.F7D1 NOT ECX
0040A1B2|.49 DEC ECX
0040A1B3|.BF 00734400 MOV EDI,pas.00447300 ;ASCII "303 43B 393 438"
0040A1B8|.BE B0B24300 MOV ESI,pas.0043B2B0
0040A1BD|.33D2 XOR EDX,EDX
0040A1BF|.F3:A6 REPE CMPS BYTE PTR ES:,BYTE PTR DS:>
0040A1C1|.5E POP ESI
0040A1C2|.75 38 JNZ SHORT pas.0040A1FC
0040A1C4|.BF B0B24300 MOV EDI,pas.0043B2B0
0040A1C9|.83C9 FF OR ECX,FFFFFFFF
0040A1CC|.F2:AE REPNE SCAS BYTE PTR ES:
0040A1CE|.F7D1 NOT ECX
0040A1D0|.49 DEC ECX
0040A1D1|.BF 00734400 MOV EDI,pas.00447300 ;ASCII "303 43B 393 438"
0040A1D6|.8BD1 MOV EDX,ECX
0040A1D8|.83C9 FF OR ECX,FFFFFFFF
0040A1DB|.F2:AE REPNE SCAS BYTE PTR ES:
0040A1DD|.F7D1 NOT ECX
0040A1DF|.49 DEC ECX
0040A1E0|.3BD1 CMP EDX,ECX
0040A1E2|.75 18 JNZ SHORT pas.0040A1FC
0040A1E4|.6A 01 PUSH 1
0040A1E6|.53 PUSH EBX
0040A1E7|.C705 A4664400>MOV DWORD PTR DS:,1
0040A1F1|.E8 EAD6FFFF CALL pas.004078E0
0040A1F6|.83C4 08 ADD ESP,8
0040A1F9|.5F POP EDI
0040A1FA|.5B POP EBX
0040A1FB|.C3 RETN
0040A1FC|>68 2CB24300 PUSH pas.0043B22C ;ASCII "Software\ElectraSoft\Applications\pas"
0040A201|.68 00080000 PUSH 800
0040A206|.68 00694400 PUSH pas.00446900 ;ASCII "30343B393438"
0040A20B|.B9 00020000 MOV ECX,200
0040A210|.33C0 XOR EAX,EAX
0040A212|.BF 00694400 MOV EDI,pas.00446900 ;ASCII "30343B393438"
0040A217|.68 00694400 PUSH pas.00446900 ;ASCII "30343B393438"
0040A21C|.68 08C84300 PUSH pas.0043C808 ;ASCII "CurrentUserTmpReg"
0040A221|.F3:AB REP STOS DWORD PTR ES:
0040A223|.68 B8B44300 PUSH pas.0043B4B8 ;ASCII "Configure"
0040A228|.E8 63CCFFFF CALL pas.00406E90
0040A22D|.68 00694400 PUSH pas.00446900 ;ASCII "30343B393438"
0040A232|.E8 89E5FFFF CALL pas.004087C0
0040A237|.83C4 1C ADD ESP,1C
0040A23A|.85C0 TEST EAX,EAX
0040A23C|.7E 6E JLE SHORT pas.0040A2AC
0040A23E|.BF 50C84300 MOV EDI,pas.0043C850 ;ASCII "T1M1PPAS"
0040A243|.83C9 FF OR ECX,FFFFFFFF
0040A246|.33C0 XOR EAX,EAX
0040A248|.F2:AE REPNE SCAS BYTE PTR ES:
0040A24A|.F7D1 NOT ECX
0040A24C|.49 DEC ECX
0040A24D|.81C1 00694400 ADD ECX,pas.00446900 ;ASCII "30343B393438"
0040A253|.51 PUSH ECX
0040A254|.E8 49980000 CALL pas.00413AA2
0040A259|.68 C0864400 PUSH pas.004486C0
0040A25E|.A3 BC864400 MOV DWORD PTR DS:,EAX
0040A263|.E8 5E970000 CALL pas.004139C6
0040A268|.A1 C0864400 MOV EAX,DWORD PTR DS:
0040A26D|.8B0D BC864400 MOV ECX,DWORD PTR DS:
0040A273|.83C4 08 ADD ESP,8
0040A276|.8D90 80DD0B00 LEA EDX,DWORD PTR DS:
0040A27C|.3BCA CMP ECX,EDX
0040A27E|.73 22 JNB SHORT pas.0040A2A2
0040A280|.3BC1 CMP EAX,ECX
0040A282|.73 1E JNB SHORT pas.0040A2A2
0040A284|.6A 01 PUSH 1
0040A286|.53 PUSH EBX
0040A287|.C705 A4664400>MOV DWORD PTR DS:,2
0040A291|.891D A8864400 MOV DWORD PTR DS:,EBX
0040A297|.E8 44D6FFFF CALL pas.004078E0
0040A29C|.83C4 08 ADD ESP,8
0040A29F|.5F POP EDI
0040A2A0|.5B POP EBX
0040A2A1|.C3 RETN
0040A2A2|>C705 A8864400>MOV DWORD PTR DS:,1
0040A2AC|>6A 01 PUSH 1
0040A2AE|.53 PUSH EBX
0040A2AF|.E8 2CD6FFFF CALL pas.004078E0
0040A2B4|.83C4 08 ADD ESP,8
0040A2B7|.5F POP EDI
0040A2B8|.5B POP EBX
0040A2B9\.C3 RETN 没看懂是什么...我很晕...我是菜鸟一只.. 我也没看懂,到底是什么意思啊! 下来软件自己跟一下学习!谢谢! 只看是不能明白了,还是自己动手跟遍吧,谢谢lz了…… 原帖由 惜雪 于 2008-2-13 16:26 发表 https://www.chinapyg.com/images/common/back.gif
只看是不能明白了,还是自己动手跟遍吧,谢谢lz了……
我也是啊
页:
[1]