- UID
- 5376
注册时间2005-12-18
阅读权限10
最后登录1970-1-1
周游历练
该用户从未签到
|
Popup Ad Stopper 08.02.08
http://sccrc.onlinedown.net/down/passx.zip
注册文件
[HKEY_LOCAL_MACHINE\SOFTWARE\ElectraSoft\Applications\pas\Configure]
"CurrentRegisterName"="qwert"
"CurrentUserStatus"="30343B393438"
"CurrentRegisterEmailAddr"="[email protected]"
"ModuleTuccType"="0"
"WinInteraction"="201"
"StopPopupAds"="1"
"StopMessageBoxes"="0"
"StopMsngrSrvcPopups"="0"
"AutoStart"="1"
"HideInTrayOnStartup"="0"
"UseSystemTray"="1"
"WantToolTips"="1"
"NetworkAdapter"="100000"
[HKEY_LOCAL_MACHINE\SOFTWARE\ElectraSoft\Applications\pas\Handles]
"TransHandle"="0"
004460b8 0044610c 硬件断点
断点
地址 模块 激活 反汇编 注释
004070E8 pas 始终 REPNE SCAS BYTE PTR ES:[EDI]
00409071 pas 始终 PUSH pas.0044610C
00409E20 pas 始终 PUSH EBX
00409E2E pas 始终 REPNE SCAS BYTE PTR ES:[EDI]
00413590 pas 始终 INC ESI
004146EB pas 始终 JE SHORT pas.004146F1
004276C4 pas 始终 PUSH EBP
004276C7 pas 始终 MOV EAX,DWORD PTR DS:[ECX+34]
004468FC 00 33 30 33 34 33 36 33 43 33 38 33 35 .3034363C3835
0040A0D0 |. 33C0 XOR EAX,EAX
0040A0D2 |. BF 00694400 MOV EDI,pas.00446900 ; ASCII "1202869240"
0040A0D7 |. 68 80000000 PUSH 80 ; /BufSize = 80 (128.)
0040A0DC |. 68 00694400 PUSH pas.00446900 ; |ReturnBuffer = pas.00446900
0040A0E1 |. 68 B4C94300 PUSH pas.0043C9B4 ; |Default = "1"
0040A0E6 |. 68 30C94300 PUSH pas.0043C930 ; |Key = "StrCmpPas"
0040A0EB |. F3:AB REP STOS DWORD PTR ES:[EDI] ; |
0040A0ED |. 68 20C94300 PUSH pas.0043C920 ; |Section = "WinSetStrCmp"
0040A0F2 |. FF15 DC024300 CALL DWORD PTR DS:[<&KERNEL32.GetProfile>; \GetProfileStringA
0040A0F8 |. 83F8 01 CMP EAX,1
0040A0FB |. 7F 3A JG SHORT pas.0040A137
0040A0FD |. 68 CC864400 PUSH pas.004486CC
0040A102 |. E8 BF980000 CALL pas.004139C6
0040A107 |. A1 CC864400 MOV EAX,DWORD PTR DS:[4486CC]
0040A10C |. 83C4 04 ADD ESP,4
0040A10F |. 50 PUSH EAX
0040A110 |. 68 60CB4300 PUSH pas.0043CB60 ; ASCII "%lu"
0040A115 |. 68 00694400 PUSH pas.00446900 ; ASCII "1202869240"
0040A11A |. E8 C7930000 CALL pas.004134E6
0040A11F |. 83C4 0C ADD ESP,0C
0040A122 |. 68 00694400 PUSH pas.00446900 ; /String = "1202869240"
0040A127 |. 68 30C94300 PUSH pas.0043C930 ; |Key = "StrCmpPas"
0040A12C |. 68 20C94300 PUSH pas.0043C920 ; |Section = "WinSetStrCmp"
0040A131 |. FF15 E0024300 CALL DWORD PTR DS:[<&KERNEL32.WriteProfi>; \WriteProfileStringA
0040A160 |. 68 B0B24300 PUSH pas.0043B2B0
EDX 00446901 ASCII "0343B393438"
EDI 00447400 pas.00447400
EIP 0040A160 pas.0040A160
ST6 empty 1.0000000000000000000
ST7 empty 1.0000000000000000000
00409F40 /$ A0 0C614400 MOV AL,BYTE PTR DS:[44610C]
00409F45 |. 53 PUSH EBX
00409F46 |. 33DB XOR EBX,EBX
00409F48 |. 57 PUSH EDI
00409F49 |. 3AC3 CMP AL,BL
00409F4B |. 75 12 JNZ SHORT pas.00409F5F
00409F4D |. 381D B8604400 CMP BYTE PTR DS:[4460B8],BL
00409F53 |. 75 0A JNZ SHORT pas.00409F5F
00409F55 |. B9 C0674400 MOV ECX,pas.004467C0
00409F5A |. E8 33A10100 CALL pas.00424092
00409F5F |> A1 A0664400 MOV EAX,DWORD PTR DS:[4466A0]
00409F64 |. 56 PUSH ESI
00409F65 |. 53 PUSH EBX
00409F66 |. 68 0C614400 PUSH pas.0044610C ; ASCII "qwert"
00409F6B |. 50 PUSH EAX
00409F6C |. E8 1FFEFFFF CALL pas.00409D90
00409F71 |. 83C4 0C ADD ESP,0C
00409F74 |. 83F8 01 CMP EAX,1
00409F77 |. 0F84 92000000 JE pas.0040A00F
00409F7D |. 68 D8B24300 PUSH pas.0043B2D8 ; ASCII "Popup Ad Stopper"
00409F82 |. 68 38D34300 PUSH pas.0043D338 ; ASCII "%s, Your Name for Product Registration Purposes"
00409F87 |. 68 60854400 PUSH pas.00448560
00409F8C |. E8 55950000 CALL pas.004134E6
00409F91 |. BF E8C74300 MOV EDI,pas.0043C7E8 ; ASCII "&Continue"
00409F96 |. 83C9 FF OR ECX,FFFFFFFF
00409F99 |. 33C0 XOR EAX,EAX
00409F9B |. 881D 40754400 MOV BYTE PTR DS:[447540],BL
00409FA1 |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]
00409FA3 |. F7D1 NOT ECX
00409FA5 |. 2BF9 SUB EDI,ECX
00409FA7 |. 68 98C54300 PUSH pas.0043C598 ; ASCII "Enter your [tech-support] name or your company name:
This name will be used when you need tech-support or want to register Popup Ad Stopper with ElectraSoft.
Typing your name correctly here will ensure that you will receive excellent t"...
00409FAC |. 8BD1 MOV EDX,ECX
00409FAE |. 8BF7 MOV ESI,EDI
00409FB0 |. BF 50754400 MOV EDI,pas.00447550
00409FB5 |. 68 0C614400 PUSH pas.0044610C ; ASCII "qwert"
00409FBA |. C1E9 02 SHR ECX,2
00409FBD |. F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
00409FBF |. 8BCA MOV ECX,EDX
00409FC1 |. 83E1 03 AND ECX,3
00409FC4 |. F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[>
00409FC6 |. E8 75E9FFFF CALL pas.00408940
00409FCB |. A1 A0664400 MOV EAX,DWORD PTR DS:[4466A0]
00409FD0 |. 6A 01 PUSH 1
00409FD2 |. 68 0C614400 PUSH pas.0044610C ; ASCII "qwert"
00409FD7 |. 50 PUSH EAX
00409FD8 |. E8 B3FDFFFF CALL pas.00409D90
00409FDD |. 83C4 20 ADD ESP,20
00409FE0 |. 83F8 01 CMP EAX,1
00409FE3 |. 74 2A JE SHORT pas.0040A00F
00409FE5 |> 68 98C54300 /PUSH pas.0043C598 ; ASCII "Enter your [tech-support] name or your company name:
This name will be used when you need tech-support or want to register Popup Ad Stopper with ElectraSoft.
Typing your name correctly here will ensure that you will receive excellent t"...
00409FEA |. 68 0C614400 |PUSH pas.0044610C ; ASCII "qwert"
00409FEF |. E8 4CE9FFFF |CALL pas.00408940
00409FF4 |. 8B0D A0664400 |MOV ECX,DWORD PTR DS:[4466A0]
00409FFA |. 6A 01 |PUSH 1
00409FFC |. 68 0C614400 |PUSH pas.0044610C ; ASCII "qwert"
0040A001 |. 51 |PUSH ECX
0040A002 |. E8 89FDFFFF |CALL pas.00409D90
0040A007 |. 83C4 14 |ADD ESP,14
0040A00A |. 83F8 01 |CMP EAX,1
0040A00D |.^ 75 D6 \JNZ SHORT pas.00409FE5
0040A00F |> 8B15 A0664400 MOV EDX,DWORD PTR DS:[4466A0]
0040A015 |. 53 PUSH EBX
0040A016 |. 68 B8604400 PUSH pas.004460B8 ; ASCII "[email protected]"
0040A01B |. 52 PUSH EDX
0040A01C |. E8 FFFDFFFF CALL pas.00409E20
0040A021 |. 83C4 0C ADD ESP,0C
0040A024 |. 83F8 01 CMP EAX,1
0040A027 |. 0F84 93000000 JE pas.0040A0C0
0040A02D |. 68 D8B24300 PUSH pas.0043B2D8 ; ASCII "Popup Ad Stopper"
0040A032 |. 68 FCD24300 PUSH pas.0043D2FC ; ASCII "%s, Your Email Address for Product Registration Purposes"
0040A037 |. 68 60854400 PUSH pas.00448560
0040A03C |. E8 A5940000 CALL pas.004134E6
0040A041 |. BF E8C74300 MOV EDI,pas.0043C7E8 ; ASCII "&Continue"
0040A046 |. 83C9 FF OR ECX,FFFFFFFF
0040A049 |. 33C0 XOR EAX,EAX
0040A04B |. 881D 40754400 MOV BYTE PTR DS:[447540],BL
0040A051 |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]
0040A053 |. F7D1 NOT ECX
0040A055 |. 2BF9 SUB EDI,ECX
0040A057 |. 68 BCC64300 PUSH pas.0043C6BC ; ASCII "Enter your [tech-support] email address:
This email address will be used when you need tech-support or want to register Popup Ad Stopper with ElectraSoft.
Typing your email address correctly here will ensure that you will receive excel"...
0040A05C |. 8BC1 MOV EAX,ECX
0040A05E |. 8BF7 MOV ESI,EDI
0040A060 |. BF 50754400 MOV EDI,pas.00447550
0040A065 |. 68 B8604400 PUSH pas.004460B8 ; ASCII "[email protected]"
0040A06A |. C1E9 02 SHR ECX,2
0040A06D |. F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
0040A06F |. 8BC8 MOV ECX,EAX
0040A071 |. 83E1 03 AND ECX,3
0040A074 |. F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[>
0040A076 |. E8 C5E8FFFF CALL pas.00408940
0040A07B |. 8B0D A0664400 MOV ECX,DWORD PTR DS:[4466A0]
0040A081 |. 6A 01 PUSH 1
0040A083 |. 68 B8604400 PUSH pas.004460B8 ; ASCII "[email protected]"
0040A088 |. 51 PUSH ECX
0040A089 |. E8 92FDFFFF CALL pas.00409E20
0040A08E |. 83C4 20 ADD ESP,20
0040A091 |. 83F8 01 CMP EAX,1
0040A094 |. 74 2A JE SHORT pas.0040A0C0
0040A096 |> 68 BCC64300 /PUSH pas.0043C6BC ; ASCII "Enter your [tech-support] email address:
This email address will be used when you need tech-support or want to register Popup Ad Stopper with ElectraSoft.
Typing your email address correctly here will ensure that you will receive excel"...
0040A09B |. 68 B8604400 |PUSH pas.004460B8 ; ASCII "[email protected]"
0040A0A0 |. E8 9BE8FFFF |CALL pas.00408940
0040A0A5 |. 8B15 A0664400 |MOV EDX,DWORD PTR DS:[4466A0]
0040A0AB |. 6A 01 |PUSH 1
0040A0AD |. 68 B8604400 |PUSH pas.004460B8 ; ASCII "[email protected]"
0040A0B2 |. 52 |PUSH EDX
0040A0B3 |. E8 68FDFFFF |CALL pas.00409E20
0040A0B8 |. 83C4 14 |ADD ESP,14
0040A0BB |. 83F8 01 |CMP EAX,1
0040A0BE |.^ 75 D6 \JNZ SHORT pas.0040A096
0040A0C0 |> 53 PUSH EBX
0040A0C1 |. 6A 01 PUSH 1
0040A0C3 |. E8 18D8FFFF CALL pas.004078E0
0040A0C8 |. 83C4 08 ADD ESP,8
0040A0CB |. B9 00020000 MOV ECX,200
0040A0D0 |. 33C0 XOR EAX,EAX
0040A0D2 |. BF 00694400 MOV EDI,pas.00446900 ; ASCII "30343B393438"
0040A0D7 |. 68 80000000 PUSH 80 ; /BufSize = 80 (128.)
0040A0DC |. 68 00694400 PUSH pas.00446900 ; |ReturnBuffer = pas.00446900
0040A0E1 |. 68 B4C94300 PUSH pas.0043C9B4 ; |Default = "1"
0040A0E6 |. 68 30C94300 PUSH pas.0043C930 ; |Key = "StrCmpPas"
0040A0EB |. F3:AB REP STOS DWORD PTR ES:[EDI] ; |
0040A0ED |. 68 20C94300 PUSH pas.0043C920 ; |Section = "WinSetStrCmp"
0040A0F2 |. FF15 DC024300 CALL DWORD PTR DS:[<&KERNEL32.GetProfile>; \GetProfileStringA
0040A0F8 |. 83F8 01 CMP EAX,1
0040A0FB |. 7F 3A JG SHORT pas.0040A137
0040A0FD |. 68 CC864400 PUSH pas.004486CC
0040A102 |. E8 BF980000 CALL pas.004139C6
0040A107 |. A1 CC864400 MOV EAX,DWORD PTR DS:[4486CC]
0040A10C |. 83C4 04 ADD ESP,4
0040A10F |. 50 PUSH EAX
0040A110 |. 68 60CB4300 PUSH pas.0043CB60 ; ASCII "%lu"
0040A115 |. 68 00694400 PUSH pas.00446900 ; ASCII "30343B393438"
0040A11A |. E8 C7930000 CALL pas.004134E6
0040A11F |. 83C4 0C ADD ESP,0C
0040A122 |. 68 00694400 PUSH pas.00446900 ; /String = "30343B393438"
0040A127 |. 68 30C94300 PUSH pas.0043C930 ; |Key = "StrCmpPas"
0040A12C |. 68 20C94300 PUSH pas.0043C920 ; |Section = "WinSetStrCmp"
0040A131 |. FF15 E0024300 CALL DWORD PTR DS:[<&KERNEL32.WriteProfi>; \WriteProfileStringA
0040A137 |> B9 40000000 MOV ECX,40
0040A13C |. 33C0 XOR EAX,EAX
0040A13E |. BF 00734400 MOV EDI,pas.00447300 ; ASCII "303 43B 393 438"
0040A143 |. 68 00734400 PUSH pas.00447300 ; ASCII "303 43B 393 438"
0040A148 |. 68 D8B24300 PUSH pas.0043B2D8 ; ASCII "Popup Ad Stopper"
0040A14D |. 68 0C614400 PUSH pas.0044610C ; ASCII "qwert"
0040A152 |. F3:AB REP STOS DWORD PTR ES:[EDI]
0040A154 |. E8 C7DAFFFF CALL pas.00407C20
0040A159 |. 68 2CB24300 PUSH pas.0043B22C ; ASCII "Software\ElectraSoft\Applications\pas"
0040A15E |. 6A 20 PUSH 20
0040A160 |. 68 B0B24300 PUSH pas.0043B2B0
0040A165 |. B9 08000000 MOV ECX,8
0040A16A |. 33C0 XOR EAX,EAX
0040A16C |. BF B0B24300 MOV EDI,pas.0043B2B0
0040A171 |. 68 B0B24300 PUSH pas.0043B2B0
0040A176 |. 68 F4C74300 PUSH pas.0043C7F4 ; ASCII "CurrentUserStatus"
0040A17B |. F3:AB REP STOS DWORD PTR ES:[EDI]
0040A17D |. 68 B8B44300 PUSH pas.0043B4B8 ; ASCII "Configure"
0040A182 |. E8 09CDFFFF CALL pas.00406E90
0040A187 |. 68 00734400 PUSH pas.00447300 ; ASCII "303 43B 393 438"
0040A18C |. 891D A4664400 MOV DWORD PTR DS:[4466A4],EBX
0040A192 |. E8 49DAFFFF CALL pas.00407BE0
0040A197 |. 68 B0B24300 PUSH pas.0043B2B0
0040A19C |. E8 3FDAFFFF CALL pas.00407BE0
0040A1A1 |. BF 00734400 MOV EDI,pas.00447300 ; ASCII "303 43B 393 438"
0040A1A6 |. 83C9 FF OR ECX,FFFFFFFF
0040A1A9 |. 33C0 XOR EAX,EAX
0040A1AB |. 83C4 2C ADD ESP,2C
0040A1AE |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]
0040A1B0 |. F7D1 NOT ECX
0040A1B2 |. 49 DEC ECX
0040A1B3 |. BF 00734400 MOV EDI,pas.00447300 ; ASCII "303 43B 393 438"
0040A1B8 |. BE B0B24300 MOV ESI,pas.0043B2B0
0040A1BD |. 33D2 XOR EDX,EDX
0040A1BF |. F3:A6 REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
0040A1C1 |. 5E POP ESI
0040A1C2 |. 75 38 JNZ SHORT pas.0040A1FC
0040A1C4 |. BF B0B24300 MOV EDI,pas.0043B2B0
0040A1C9 |. 83C9 FF OR ECX,FFFFFFFF
0040A1CC |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]
0040A1CE |. F7D1 NOT ECX
0040A1D0 |. 49 DEC ECX
0040A1D1 |. BF 00734400 MOV EDI,pas.00447300 ; ASCII "303 43B 393 438"
0040A1D6 |. 8BD1 MOV EDX,ECX
0040A1D8 |. 83C9 FF OR ECX,FFFFFFFF
0040A1DB |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]
0040A1DD |. F7D1 NOT ECX
0040A1DF |. 49 DEC ECX
0040A1E0 |. 3BD1 CMP EDX,ECX
0040A1E2 |. 75 18 JNZ SHORT pas.0040A1FC
0040A1E4 |. 6A 01 PUSH 1
0040A1E6 |. 53 PUSH EBX
0040A1E7 |. C705 A4664400>MOV DWORD PTR DS:[4466A4],1
0040A1F1 |. E8 EAD6FFFF CALL pas.004078E0
0040A1F6 |. 83C4 08 ADD ESP,8
0040A1F9 |. 5F POP EDI
0040A1FA |. 5B POP EBX
0040A1FB |. C3 RETN
0040A1FC |> 68 2CB24300 PUSH pas.0043B22C ; ASCII "Software\ElectraSoft\Applications\pas"
0040A201 |. 68 00080000 PUSH 800
0040A206 |. 68 00694400 PUSH pas.00446900 ; ASCII "30343B393438"
0040A20B |. B9 00020000 MOV ECX,200
0040A210 |. 33C0 XOR EAX,EAX
0040A212 |. BF 00694400 MOV EDI,pas.00446900 ; ASCII "30343B393438"
0040A217 |. 68 00694400 PUSH pas.00446900 ; ASCII "30343B393438"
0040A21C |. 68 08C84300 PUSH pas.0043C808 ; ASCII "CurrentUserTmpReg"
0040A221 |. F3:AB REP STOS DWORD PTR ES:[EDI]
0040A223 |. 68 B8B44300 PUSH pas.0043B4B8 ; ASCII "Configure"
0040A228 |. E8 63CCFFFF CALL pas.00406E90
0040A22D |. 68 00694400 PUSH pas.00446900 ; ASCII "30343B393438"
0040A232 |. E8 89E5FFFF CALL pas.004087C0
0040A237 |. 83C4 1C ADD ESP,1C
0040A23A |. 85C0 TEST EAX,EAX
0040A23C |. 7E 6E JLE SHORT pas.0040A2AC
0040A23E |. BF 50C84300 MOV EDI,pas.0043C850 ; ASCII "T1M1PPAS"
0040A243 |. 83C9 FF OR ECX,FFFFFFFF
0040A246 |. 33C0 XOR EAX,EAX
0040A248 |. F2:AE REPNE SCAS BYTE PTR ES:[EDI]
0040A24A |. F7D1 NOT ECX
0040A24C |. 49 DEC ECX
0040A24D |. 81C1 00694400 ADD ECX,pas.00446900 ; ASCII "30343B393438"
0040A253 |. 51 PUSH ECX
0040A254 |. E8 49980000 CALL pas.00413AA2
0040A259 |. 68 C0864400 PUSH pas.004486C0
0040A25E |. A3 BC864400 MOV DWORD PTR DS:[4486BC],EAX
0040A263 |. E8 5E970000 CALL pas.004139C6
0040A268 |. A1 C0864400 MOV EAX,DWORD PTR DS:[4486C0]
0040A26D |. 8B0D BC864400 MOV ECX,DWORD PTR DS:[4486BC]
0040A273 |. 83C4 08 ADD ESP,8
0040A276 |. 8D90 80DD0B00 LEA EDX,DWORD PTR DS:[EAX+BDD80]
0040A27C |. 3BCA CMP ECX,EDX
0040A27E |. 73 22 JNB SHORT pas.0040A2A2
0040A280 |. 3BC1 CMP EAX,ECX
0040A282 |. 73 1E JNB SHORT pas.0040A2A2
0040A284 |. 6A 01 PUSH 1
0040A286 |. 53 PUSH EBX
0040A287 |. C705 A4664400>MOV DWORD PTR DS:[4466A4],2
0040A291 |. 891D A8864400 MOV DWORD PTR DS:[4486A8],EBX
0040A297 |. E8 44D6FFFF CALL pas.004078E0
0040A29C |. 83C4 08 ADD ESP,8
0040A29F |. 5F POP EDI
0040A2A0 |. 5B POP EBX
0040A2A1 |. C3 RETN
0040A2A2 |> C705 A8864400>MOV DWORD PTR DS:[4486A8],1
0040A2AC |> 6A 01 PUSH 1
0040A2AE |. 53 PUSH EBX
0040A2AF |. E8 2CD6FFFF CALL pas.004078E0
0040A2B4 |. 83C4 08 ADD ESP,8
0040A2B7 |. 5F POP EDI
0040A2B8 |. 5B POP EBX
0040A2B9 \. C3 RETN |
|
IP卡
发表于 2008-2-13 11:11:29
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2008-2-13 11:22:30
发表于 2008-2-13 16:08:41
