PC Lighthouse 类似 Windows 任务管理器的进程查看软件,但比任务管理器更强大,提供的系统信息更全面。下载地址:http://tyclonesoftware.com/
PC Lighthouse 提供:
控制 - 你决定在你的 PC 上运行什么。
信息 - 提供所有运行程序的的即时和累积信息, 包括几个关键用法统计
安全 - 觉察你的 PC 上的任何间谍软件、广告软件、键盘记录程序和恶意跟踪。
PC Lighthouse 允许您:
查看所有运行系统程序和用户程序
终止任何程序
再次阻止任何启动程序
了解每个程序的的 CPU, 内存, 和磁盘用法
识别运行中的窗口和组件……
--------------------------------------
注册名:Baby2008
注册码:1H10188838-697682PCL
--------------------------------------
明码比较,比较懒惰,算法不分析了!
00401699 6A 01 push 1
0040169B 8BCD mov ecx,ebp
0040169D C78424 1C020000 000>mov dword ptr ss:[esp+21C],0
004016A8 E8 5FC10100 call <jmp.&MFC42.#6334_CWnd::UpdateData>
004016AD 8DB5 AC8A0000 lea esi,dword ptr ss:[ebp+8AAC]
004016B3 8BCE mov ecx,esi
004016B5 E8 4CC10100 call <jmp.&MFC42.#6282_CString::TrimLeft>
004016BA 8BCE mov ecx,esi
004016BC E8 3FC10100 call <jmp.&MFC42.#6283_CString::TrimRight>
004016C1 8D9D B08A0000 lea ebx,dword ptr ss:[ebp+8AB0]
004016C7 8BCB mov ecx,ebx
004016C9 E8 38C10100 call <jmp.&MFC42.#6282_CString::TrimLeft>
004016CE 8BCB mov ecx,ebx
004016D0 E8 2BC10100 call <jmp.&MFC42.#6283_CString::TrimRight>
004016D5 8B36 mov esi,dword ptr ds:[esi] ; 用户名
004016D7 8B46 F8 mov eax,dword ptr ds:[esi-8] ; 长度
004016DA 85C0 test eax,eax
004016DC 0F84 4E010000 je PC_Light.00401830 ; Length(用户名)<>0
004016E2 8B03 mov eax,dword ptr ds:[ebx] ; 试炼码
004016E4 8B48 F8 mov ecx,dword ptr ds:[eax-8] ; 长度
004016E7 85C9 test ecx,ecx
004016E9 0F84 41010000 je PC_Light.00401830 ; Length(试炼码)<>0
004016EF 57 push edi
004016F0 8BFE mov edi,esi
004016F2 83C9 FF or ecx,FFFFFFFF
004016F5 33C0 xor eax,eax
004016F7 F2:AE repne scas byte ptr es:[edi]
004016F9 F7D1 not ecx
004016FB 2BF9 sub edi,ecx
004016FD 8D5424 14 lea edx,dword ptr ss:[esp+14]
00401701 8BC1 mov eax,ecx
00401703 8BF7 mov esi,edi
00401705 8BFA mov edi,edx
00401707 C1E9 02 shr ecx,2
0040170A F3:A5 rep movs dword ptr es:[edi],dword ptr ds:[esi]
0040170C 8BC8 mov ecx,eax
0040170E 83E1 03 and ecx,3
00401711 F3:A4 rep movs byte ptr es:[edi],byte ptr ds:[esi]
00401713 8D4C24 14 lea ecx,dword ptr ss:[esp+14] ; 用户名
00401717 51 push ecx
00401718 8BCD mov ecx,ebp
0040171A E8 21020000 call PC_Light.00401940 ; 关键函数,计算注册码
0040171F 8BF8 mov edi,eax ; Eax=注册码
00401721 83C9 FF or ecx,FFFFFFFF
00401724 33C0 xor eax,eax
00401726 8D9424 14010000 lea edx,dword ptr ss:[esp+114]
0040172D F2:AE repne scas byte ptr es:[edi]
0040172F F7D1 not ecx
00401731 2BF9 sub edi,ecx
00401733 8BC1 mov eax,ecx
00401735 8BF7 mov esi,edi
00401737 8BFA mov edi,edx
00401739 C1E9 02 shr ecx,2
0040173C F3:A5 rep movs dword ptr es:[edi],dword ptr ds:[esi] ; ESI=注册码
0040173E 8BC8 mov ecx,eax
00401740 8D8424 14010000 lea eax,dword ptr ss:[esp+114]
00401747 83E1 03 and ecx,3
0040174A F3:A4 rep movs byte ptr es:[edi],byte ptr ds:[esi]
0040174C 8B33 mov esi,dword ptr ds:[ebx]
0040174E 5F pop edi
0040174F 8A10 mov dl,byte ptr ds:[eax]
00401751 8A1E mov bl,byte ptr ds:[esi]
00401753 8ACA mov cl,dl
00401755 3AD3 cmp dl,bl
00401757 75 1E jnz short PC_Light.00401777
00401759 84C9 test cl,cl
0040175B 74 16 je short PC_Light.00401773
0040175D 8A50 01 mov dl,byte ptr ds:[eax+1]
00401760 8A5E 01 mov bl,byte ptr ds:[esi+1]
00401763 8ACA mov cl,dl
00401765 3AD3 cmp dl,bl
00401767 75 0E jnz short PC_Light.00401777
00401769 83C0 02 add eax,2
0040176C 83C6 02 add esi,2
0040176F 84C9 test cl,cl
00401771 ^ 75 DC jnz short PC_Light.0040174F ; 循环比较
00401773 33C0 xor eax,eax
00401775 EB 05 jmp short PC_Light.0040177C
00401777 1BC0 sbb eax,eax
00401779 83D8 FF sbb eax,-1
0040177C 85C0 test eax,eax
0040177E 0F85 81000000 jnz PC_Light.00401805
00401784 50 push eax
00401785 68 24040000 push 424
0040178A 8BCD mov ecx,ebp
0040178C E8 63C00100 call <jmp.&MFC42.#3092_CWnd::GetDlgItem>
00401791 8BC8 mov ecx,eax
00401793 E8 4AC00100 call <jmp.&MFC42.#2642_CWnd::EnableWindow>
00401798 6A 00 push 0
0040179A 68 25040000 push 425
0040179F 8BCD mov ecx,ebp
004017A1 E8 4EC00100 call <jmp.&MFC42.#3092_CWnd::GetDlgItem>
004017A6 8BC8 mov ecx,eax
004017A8 E8 35C00100 call <jmp.&MFC42.#2642_CWnd::EnableWindow>
004017AD 6A 00 push 0
004017AF 68 22040000 push 422
004017B4 8BCD mov ecx,ebp
004017B6 E8 39C00100 call <jmp.&MFC42.#3092_CWnd::GetDlgItem>
004017BB 8BC8 mov ecx,eax
004017BD E8 20C00100 call <jmp.&MFC42.#2642_CWnd::EnableWindow>
004017C2 6A 00 push 0
004017C4 68 2D040000 push 42D
004017C9 8BCD mov ecx,ebp
004017CB E8 24C00100 call <jmp.&MFC42.#3092_CWnd::GetDlgItem>
004017D0 8BC8 mov ecx,eax
004017D2 E8 0BC00100 call <jmp.&MFC42.#2642_CWnd::EnableWindow>
004017D7 6A 00 push 0
004017D9 68 2E040000 push 42E
004017DE 8BCD mov ecx,ebp
004017E0 E8 0FC00100 call <jmp.&MFC42.#3092_CWnd::GetDlgItem>
004017E5 8BC8 mov ecx,eax
004017E7 E8 F6BF0100 call <jmp.&MFC42.#2642_CWnd::EnableWindow>
004017EC 68 20854200 push PC_Light.00428520 ; ASCII "<B>Software Registered</B>. Thank you for purchasing PC Lighthouse!"
004017F1 8D8D BC8B0000 lea ecx,dword ptr ss:[ebp+8BBC]
004017F7 E8 44570100 call PC_Light.00416F40
004017FC C685 B48A0000 01 mov byte ptr ss:[ebp+8AB4],1
00401803 EB 10 jmp short PC_Light.00401815
00401805 68 74844200 push PC_Light.00428474 ; ASCII "<B>Invalid Serial Number</B>. Please check your email receipt to make sure your Name and Serial Number are entered correctly.
<B>Tip: </B>Copy and Paste to avoid typos."
0040180A 8D8D BC8B0000 lea ecx,dword ptr ss:[ebp+8BBC]
00401810 E8 2B570100 call PC_Light.00416F40
00401815 8BCD mov ecx,ebp
00401817 E8 D4040000 call PC_Light.00401CF0
0040181C 85C0 test eax,eax
0040181E 7E 07 jle short PC_Light.00401827
00401820 C685 B48A0000 01 mov byte ptr ss:[ebp+8AB4],1
00401827 6A 00 push 0
00401829 8BCD mov ecx,ebp
0040182B E8 DCBF0100 call <jmp.&MFC42.#6334_CWnd::UpdateData>
00401830 8D4C24 0C lea ecx,dword ptr ss:[esp+C]
00401834 C78424 18020000 FFF>mov dword ptr ss:[esp+218],-1
0040183F E8 68BF0100 call <jmp.&MFC42.#800_CString::~CString>
00401844 8B8C24 10020000 mov ecx,dword ptr ss:[esp+210]
0040184B 5E pop esi
0040184C 5D pop ebp
0040184D 5B pop ebx
0040184E 64:890D 00000000 mov dword ptr fs:[0],ecx
00401855 81C4 10020000 add esp,210
0040185B C3 retn
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)