R Folder Guard 5.1STD
by 6767 [BCG]
d/l: http://gt.onlinedown.net/down/fgstd.exe. (606k)
tools: SoftIce
它的注册检查好象不严格,所以两次莫名其妙的注册成功。好在还可以Unregister,有意思。
姓名不支持数字,长度应大于5,大小写无关。注册码长度不要小于10。
.....
* Reference To: USER32.GetDlgItem, Ord:0105h
|
:10019757 FF1588530210 Call dword ptr
[10025388]
:1001975D 50
push eax
* Reference To: USER32.SetFocus, Ord:0233h
|
:1001975E FF1548530210 Call dword ptr
[10025348]
:10019764 E94A010000 jmp 100198B3
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10019751(C)
|
:10019769 8BCE
mov ecx, esi
* Reference To: FGuard32.?IsOldRegInfo@ri2@@QAEHXZ
|
:1001976B E895140000 call 1001AC05
<- 检查黑名单
:10019770 85C0
test eax, eax <-
不在其上则eax=0
:10019772 741F
je 10019793
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:100197D9(C)
|
:10019774 685BABFFFF push FFFFAB5B
* Possible Reference to String Resource ID=00052: "&Unlock"
|
:10019779 6A34
push 00000034
:1001977B 57
push edi
* Reference To: FGuard32.?Msg@@YAHPAUHWND__@@IHZZ
|
:1001977C E8FB8EFFFF call 1001267C
:10019781 83C40C
add esp, 0000000C
:10019784 83F806
cmp eax, 00000006
:10019787 75CA
jne 10019753
:10019789 57
push edi
:1001978A 8BCE
mov ecx, esi
* Reference To: FGuard32.?DoUpgradeThis@ri2@@QAEHPAUHWND__@@@Z
|
:1001978C E886160000 call 1001AE17
:10019791 EBC0
jmp 10019753
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:10019772(C)
|
:10019793 8BCE
mov ecx, esi
* Reference To: FGuard32.?iv1@ri2@@QAEHXZ
|
:10019795 E809120000 call 1001A9A3
<- (1)检查Code[1]到Code[4]
:1001979A 85C0
test eax, eax <-
正确则eax=1
:1001979C 7512
jne 100197B0
:1001979E 6861ABFFFF push FFFFAB61
:100197A3 6A30
push 00000030
:100197A5 57
push edi
* Reference To: FGuard32.?Msg@@YAHPAUHWND__@@IHZZ
|
:100197A6 E8D18EFFFF call 1001267C
:100197AB 83C40C
add esp, 0000000C
:100197AE EBA3
jmp 10019753
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1001979C(C)
|
:100197B0 8BCE
mov ecx, esi
* Reference To: FGuard32.?iv2@ri2@@QAEHXZ
|
:100197B2 E806120000 call 1001A9BD
<- (2)检查Code[7]、Code[8]
:100197B7 85C0
test eax, eax <-
正确则eax=1
<- 找到这些后我就注册了,好奇怪
:100197B9 7515
jne 100197D0
:100197BB 6863ABFFFF push FFFFAB63
:100197C0 6A30
push 00000030
:100197C2 57
push edi
* Reference To: FGuard32.?Msg@@YAHPAUHWND__@@IHZZ
|
:100197C3 E8B48EFFFF call 1001267C
:100197C8 83C40C
add esp, 0000000C
:100197CB FF7518
push [ebp+18]
:100197CE EB86
jmp 10019756
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:100197B9(C)
|
:100197D0 8BCE
mov ecx, esi
* Reference To: FGuard32.?iu2@ri2@@QAEHXZ
|
:100197D2 E841140000 call 1001AC18
:100197D7 85C0
test eax, eax
:100197D9 7599
jne 10019774
:100197DB 685FABFFFF push FFFFAB5F
(1)
Exported fn(): ?iv1@ri2@@QAEHXZ - Ord:05EAh
:1001A9A3 8B4170
mov eax, dword ptr [ecx+70]
:1001A9A6 83C142
add ecx, 00000042
:1001A9A9 FF7040
push [eax+40]
:1001A9AC FF703C
push [eax+3C]
:1001A9AF 8A4030
mov al, byte ptr [eax+30]
:1001A9B2 50
push eax
:1001A9B3 51
push ecx
* Reference To: FGuard32.?riivc2@@YAHPBDDHH@Z
|
:1001A9B4 E8E7F7FFFF call 1001A1A0
<- trace into
:1001A9B9 83C410
add esp, 00000010
:1001A9BC C3
ret
* Referenced by a CALL at Address:
|:1001A9B4
|
Exported fn(): ?riivc2@@YAHPBDDHH@Z - Ord:0612h
:1001A1A0 55
push ebp
:1001A1A1 8BEC
mov ebp, esp
:1001A1A3 83EC20
sub esp, 00000020
:1001A1A6 8B4508
mov eax, dword ptr [ebp+08]
:1001A1A9 8A08
mov cl, byte ptr [eax] <-
:1001A1AB 3A4D0C
cmp cl, byte ptr [ebp+0C] <- Code[1]
:1001A1AE 7404
je 1001A1B4
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:1001A1D6(C), :1001A1E9(C)
|
:1001A1B0 33C0
xor eax, eax
<- unRegister Flag
:1001A1B2 C9
leave
:1001A1B3 C3
ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1001A1AE(C)
|
:1001A1B4 8D4DE0
lea ecx, dword ptr [ebp-20]
* Possible Reference to String Resource ID=00032: "On empty password"
|
:1001A1B7 6A20
push 00000020
:1001A1B9 51
push ecx
:1001A1BA 6A00
push 00000000
:1001A1BC 6A00
push 00000000
:1001A1BE 50
push eax
:1001A1BF E832FFFFFF call 1001A0F6
:1001A1C4 FF7510
push [ebp+10]
:1001A1C7 8D45E3
lea eax, dword ptr [ebp-1D]
:1001A1CA 50
push eax
:1001A1CB E8CFFEFFFF call 1001A09F
:1001A1D0 83C41C
add esp, 0000001C
:1001A1D3 3845E1
cmp byte ptr [ebp-1F], al <- Code[2]
:1001A1D6 75D8
jne 1001A1B0
:1001A1D8 FF7514
push [ebp+14]
:1001A1DB 8D45E3
lea eax, dword ptr [ebp-1D]
:1001A1DE 50
push eax
:1001A1DF E8BBFEFFFF call 1001A09F
:1001A1E4 3845E2
cmp byte ptr [ebp-1E], al
:1001A1E7 59
pop ecx
:1001A1E8 59
pop ecx
:1001A1E9 75C5
jne 1001A1B0
:1001A1EB 33C0
xor eax, eax
:1001A1ED 807DE339 cmp
byte ptr [ebp-1D], 39 <- Code[3]
:1001A1F1 0F94C0
sete al
:1001A1F4 C9
leave
:1001A1F5 C3
ret
(2)
* Referenced by a CALL at Addresses:
|:100197B2 , :1001A9EC , :1001AC5E
|
Exported fn(): ?iv2@ri2@@QAEHXZ - Ord:05EBh
:1001A9BD 8B4170
mov eax, dword ptr [ecx+70]
:1001A9C0 FF7038
push [eax+38]
:1001A9C3 6A01
push 00000001
:1001A9C5 FF7034
push [eax+34]
:1001A9C8 8D4142
lea eax, dword ptr [ecx+42]
:1001A9CB 6A00
push 00000000
:1001A9CD 50
push eax
:1001A9CE 668B4140 mov
ax, word ptr [ecx+40]
:1001A9D2 50
push eax
:1001A9D3 51
push ecx
* Reference To: FGuard32.?riivn2@@YAHPBDG0HHHH@Z
|
:1001A9D4 E81DF8FFFF call 1001A1F6
<- trace into it
:1001A9D9 83C41C
add esp, 0000001C
:1001A9DC C3
ret
* Referenced by a CALL at Addresses:
|:1001A9D4 , :1001AA25
|
Exported fn(): ?riivn2@@YAHPBDG0HHHH@Z - Ord:0613h
:1001A1F6 55
push ebp
:1001A1F7 8BEC
mov ebp, esp
:1001A1F9 83EC64
sub esp, 00000064
:1001A1FC 56
push esi
:1001A1FD 57
push edi
:1001A1FE 8D45DC
lea eax, dword ptr [ebp-24]
* Possible StringData Ref from Data Obj ->"00"
|
:1001A201 BEC8B10310 mov esi,
1003B1C8
:1001A206 8D7DFC
lea edi, dword ptr [ebp-04]
:1001A209 6A20
push 00000020
:1001A20B 50
push eax
:1001A20C 6A00
push 00000000
:1001A20E 66A5
movsw
:1001A210 6A00
push 00000000
:1001A212 FF7510
push [ebp+10]
:1001A215 A4
movsb
:1001A216 E8DBFEFFFF call 1001A0F6
:1001A21B 8A45E0
mov al, byte ptr [ebp-20]
* Possible Reference to String Resource ID=00064: "Cannot accept the registration
information you have entered."
|
:1001A21E 6A40
push 00000040
:1001A220 8845FC
mov byte ptr [ebp-04], al
:1001A223 8A45E1
mov al, byte ptr [ebp-1F]
:1001A226 8845FD
mov byte ptr [ebp-03], al
:1001A229 8D459C
lea eax, dword ptr [ebp-64]
:1001A22C 50
push eax
:1001A22D 8D45FC
lea eax, dword ptr [ebp-04]
:1001A230 50
push eax
:1001A231 FF750C
push [ebp+0C]
:1001A234 FF7508
push [ebp+08]
:1001A237 E8BAFEFFFF call 1001A0F6
:1001A23C FF7518
push [ebp+18]
:1001A23F 8D459C
lea eax, dword ptr [ebp-64]
:1001A242 50
push eax
:1001A243 E857FEFFFF call 1001A09F
:1001A248 8B4D14
mov ecx, dword ptr [ebp+14]
:1001A24B 83C430
add esp, 00000030
:1001A24E 38440DE2 cmp
byte ptr [ebp+ecx-1E], al <- Code[7]
:1001A252 5F
pop edi
:1001A253 5E
pop esi
:1001A254 7404
je 1001A25A
:1001A256 33C0
xor eax, eax
:1001A258 C9
leave
:1001A259 C3
ret
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:1001A254(C)
|
:1001A25A FF7520
push [ebp+20]
:1001A25D 8D459C
lea eax, dword ptr [ebp-64]
:1001A260 50
push eax
:1001A261 E839FEFFFF call 1001A09F
:1001A266 8B551C
mov edx, dword ptr [ebp+1C]
:1001A269 59
pop ecx
:1001A26A 59
pop ecx
:1001A26B 33C9
xor ecx, ecx
:1001A26D 384415E2 cmp
byte ptr [ebp+edx-1E], al <- Code[8]
:1001A271 0F94C1
sete cl
:1001A274 8BC1
mov eax, ecx
:1001A276 C9
leave
:1001A277 C3
ret
注册信息保存在:
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\WinAbility\Folder Guard\Setup\1]
"Info"=.....
- 标 题:R Folder Guard 5.1STD (11千字)
- 作 者:6767[BCG]
- 时 间:2001-7-2 14:08:00
- 链 接:http://bbs.pediy.com