全自动共享软件破解器满足你的贪嗔痴
级别: 超级会员

UID: 215916
精华: 0
发帖: 31569
威望: 3587
霏币: 37627.8
活跃度: 32507
技术分: 1480
非凡币: 959
交易值: 0
在线时间: 7632(小时)
注册时间: 2013-03-03
最后登录: 2018-09-18
楼主  发表于: 2018-07-04 11:34:25

【其他交流】 PSDCodecPreferences 1.7 (X64版完美追码)核心跟踪

原创
作者 :发威时刻/冥界3大法王
论坛搜索缩略图解答问题时,意外得知此神器,功能就是: Windows 10, Windows 8.1, Windows 8, and Windows 7 缩略图上时能正常显示PSD、ai等的缩略图
http://www.ardfry.com/psd-codec/ ,本论坛有一个,可惜年久失修,已经不能下载了,于是哥们重新下载一个,顺路破解了,特来分享破解过程:
安装:一路回车+重启 系统
 
看到没?*.PSD的能显示了 ~~ 

由于程序已经被我成功注册了,所以我们要找到保存注册码的地方~~
现在楼下同学,请看图马上作答,你认为它会藏在哪个路径下呢? 回答不出来的得0分,回答正确的+5分,能简单想到对应注册表相关键值路径功能的+15分
 
HKEY_CLASSES_ROOT\CLSID\{01EA983A-60B5-46c9-AA60-55139B4BF47E}\InprocServer32, , C:\Program Files\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\CLSID\{0B17D800-AE60-40A5-AD5B-DE73645A66C6}\InprocServer32, , C:\Program Files\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\CLSID\{3631AB20-5D08-46E2-9810-2F1068E83667}\InprocServer32, , C:\Program Files\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\CLSID\{43341271-304D-40f0-81BB-EBE341997DF2}\InprocServer32, , C:\Program Files\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\CLSID\{49CA2E8A-8AB1-477C-A35D-6A36729774BA}\InprocServer32, , C:\Program Files\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\CLSID\{5A724A2A-F4B5-4449-8299-3EB467DEB642}\InprocServer32, , C:\Program Files\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\CLSID\{7181026D-BE2A-42A4-B1BE-5A86C28EF22B}\InprocServer32, , C:\Program Files\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\CLSID\{74113A70-B605-4A94-8C93-EEE4D9430A19}\InprocServer32, , C:\Program Files\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\CLSID\{8387345B-56BA-4374-B71F-35EF358B79E9}\InprocServer32, , C:\Program Files\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\CLSID\{8bdb5fe9-a31f-403f-a127-e5181d2f311d}\InprocServer32, , C:\Program Files\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\CLSID\{932ECE61-2383-418F-963A-1CE8E8468653}\InprocServer32, , C:\Program Files\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\Installer\Products\5703832713FF78B4DB49C8CF43A7C191, ProductName, PSD Codec by Ardfry Imaging, LLC (64 bit)
HKEY_CLASSES_ROOT\Installer\Products\BB8A226BB77C30F45B21B8076A67B09D, ProductName, PSD Codec by Ardfry Imaging, LLC (32 bit)
HKEY_CLASSES_ROOT\TypeLib\{14B7DAA3-E8E9-4965-8710-02B555E98647}\1.0\0\win32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{01EA983A-60B5-46c9-AA60-55139B4BF47E}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{0B17D800-AE60-40A5-AD5B-DE73645A66C6}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{3631AB20-5D08-46E2-9810-2F1068E83667}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{43341271-304D-40f0-81BB-EBE341997DF2}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{49CA2E8A-8AB1-477C-A35D-6A36729774BA}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{5A724A2A-F4B5-4449-8299-3EB467DEB642}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{60CC0676-D214-4DB4-9782-08DA8EF333C6}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{7181026D-BE2A-42A4-B1BE-5A86C28EF22B}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{74113A70-B605-4A94-8C93-EEE4D9430A19}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{8387345B-56BA-4374-B71F-35EF358B79E9}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{8bdb5fe9-a31f-403f-a127-e5181d2f311d}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{932ECE61-2383-418F-963A-1CE8E8468653}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CLASSES_ROOT\WOW6432Node\TypeLib\{14B7DAA3-E8E9-4965-8710-02B555E98647}\1.0\0\win32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\26, 1, 5c 00 31 00 00 00 00 00 e4 4c 69 0c 10 00 50 53 44 20 43 6f 64 65 63 00 44 00 09 00 04 00 ef be e4 4c 68 0c e4 4c 69 0c 2e 00 00 00 d6 b3 01 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 da 73 00 50 00 53 00 44 00 20 00 43 00 6f 00 64 00 65 00 63 00 00 00 18 00 00 00 
HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\3\0\0\0\0, 19, 92 00 31 00 00 00 00 00 e4 4c 69 0c 10 00 50 53 44 20 43 6f 64 65 63 20 62 79 20 41 72 64 66 72 79 20 49 6d 61 67 69 6e 67 00 68 00 09 00 04 00 ef be e4 4c 68 0c e4 4c 69 0c 2e 00 00 00 87 e4 01 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0d 1f 6f 00 50 00 53 00 44 00 20 00 43 00 6f 00 64 00 65 00 63 00 20 00 62 00 79 00 20 00 41 00 72 00 64 00 66 00 72 00 79 00 20 00 49 00 6d 00 61 00 67 00 69 00 6e 00 67 00 00 00 2a 00 00 00 
HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\4\15, 0, 5c 00 31 00 00 00 00 00 e4 4c 6a 0c 10 00 50 53 44 20 43 6f 64 65 63 00 44 00 09 00 04 00 ef be e4 4c 6a 0c e4 4c 6a 0c 2e 00 00 00 c5 e4 01 00 00 00 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2c 83 a4 00 50 00 53 00 44 00 20 00 43 00 6f 00 64 00 65 00 63 00 00 00 18 00 00 00 
HKEY_CURRENT_USER\SOFTWARE\Cmpdisacm\Options, File_0, C:\Program Files\ArdfryImaging\PSD Codec\PSDCodecPreferences.exe
HKEY_CURRENT_USER\SOFTWARE\Cmpdisacm\Options, File_1, C:\Program Files\ArdfryImaging\PSD Codec\PSDCodecPreferences2.exe
HKEY_CURRENT_USER\SOFTWARE\IvoSoft\ClassicStartMenu\MRU, 0, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSD Codec by Ardfry Imaging\PSD Preferences.lnk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs, 0, 50 00 53 00 44 00 20 00 43 00 6f 00 64 00 65 00 63 00 20 00 62 00 79 00 20 00 41 00 72 00 64 00 66 00 72 00 79 00 20 00 49 00 6d 00 61 00 67 00 69 00 6e 00 67 00 00 00 9e 00 32 00 00 00 00 00 00 00 00 00 00 00 50 53 44 20 43 6f 64 65 63 20 62 79 20 41 72 64 66 72 79 20 49 6d 61 67 69 6e 67 2e 6c 6e 6b 00 70 00 09 00 04 00 ef be 00 00 00 00 00 00 00 00 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 53 00 44 00 20 00 43 00 6f 00 64 00 65 00 63 00 20 00 62 00 79 00 20 00 41 00 72 00 64 00 66 00 72 00 79 00 20 00 49 00 6d 00 61 00 67 00 69 00 6e 00 67 00 2e 00 6c 00 6e 00 6b 00 00 00 2e 00 00 00 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs, 105, 50 00 53 00 44 00 20 00 43 00 6f 00 64 00 65 00 63 00 20 00 62 00 79 00 20 00 41 00 72 00 64 00 66 00 72 00 79 00 20 00 49 00 6d 00 61 00 67 00 69 00 6e 00 67 00 00 00 9e 00 32 00 00 00 00 00 00 00 00 00 00 00 50 53 44 20 43 6f 64 65 63 20 62 79 20 41 72 64 66 72 79 20 49 6d 61 67 69 6e 67 2e 6c 6e 6b 00 70 00 09 00 04 00 ef be 00 00 00 00 00 00 00 00 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 53 00 44 00 20 00 43 00 6f 00 64 00 65 00 63 00 20 00 62 00 79 00 20 00 41 00 72 00 64 00 66 00 72 00 79 00 20 00 49 00 6d 00 61 00 67 00 69 00 6e 00 67 00 2e 00 6c 00 6e 00 6b 00 00 00 2e 00 00 00 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC, 84, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSD Codec by Ardfry Imaging\PSD Preferences.lnk C:\Program Files\ArdfryImaging\PSD Codec\PSDCodecPreferences.exe 
HKEY_CURRENT_USER\SOFTWARE\QtProject\OrganizationDefaults\FileDialog, lastVisited, file:///C:/Program Files/ArdfryImaging/PSD Codec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders, C:\Program Files (x86)\ArdfryImaging\PSD Codec\, 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AFC4A5F53E9B62B4F904F309286ECE05, 5703832713FF78B4DB49C8CF43A7C191, C:\Program Files\ArdfryImaging\PSD Codec\PSDCodecPreferences.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C2FF744C5CB2E394BA382DE743329FF2, BB8A226BB77C30F45B21B8076A67B09D, C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FEF5FA26456D38B42B7150A01CDA1DB9, 5703832713FF78B4DB49C8CF43A7C191, C:\Program Files\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5703832713FF78B4DB49C8CF43A7C191\InstallProperties, DisplayName, PSD Codec by Ardfry Imaging, LLC (64 bit)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BB8A226BB77C30F45B21B8076A67B09D\InstallProperties, DisplayName, PSD Codec by Ardfry Imaging, LLC (32 bit)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {01EA983A-60B5-46c9-AA60-55139B4BF47E}, PSD Codec by Ardfry Imaging, LLC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{72383075-FF31-4B87-BD94-8CFC347A1C19}, DisplayName, PSD Codec by Ardfry Imaging, LLC (64 bit)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ardfry PSD CODEC_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ardfry PSD CODEC_is1, Inno Setup: App Path, C:\Program Files\ArdfryImaging\PSD Codec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ardfry PSD CODEC_is1, InstallLocation, C:\Program Files\ArdfryImaging\PSD Codec\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ardfry PSD CODEC_is1, Inno Setup: Icon Group, PSD Codec by Ardfry Imaging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ardfry PSD CODEC_is1, DisplayName, PSD CODEC Version 1.7.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ardfry PSD CODEC_is1, UninstallString, "C:\Program Files\ArdfryImaging\PSD Codec\unins000.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ardfry PSD CODEC_is1, QuietUninstallString, "C:\Program Files\ArdfryImaging\PSD Codec\unins000.exe" /SILENT
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{01EA983A-60B5-46c9-AA60-55139B4BF47E}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{0B17D800-AE60-40A5-AD5B-DE73645A66C6}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{3631AB20-5D08-46E2-9810-2F1068E83667}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{43341271-304D-40f0-81BB-EBE341997DF2}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{49CA2E8A-8AB1-477C-A35D-6A36729774BA}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{5A724A2A-F4B5-4449-8299-3EB467DEB642}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{60CC0676-D214-4DB4-9782-08DA8EF333C6}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{7181026D-BE2A-42A4-B1BE-5A86C28EF22B}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{74113A70-B605-4A94-8C93-EEE4D9430A19}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{8387345B-56BA-4374-B71F-35EF358B79E9}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{8bdb5fe9-a31f-403f-a127-e5181d2f311d}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{932ECE61-2383-418F-963A-1CE8E8468653}\InprocServer32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\TypeLib\{14B7DAA3-E8E9-4965-8710-02B555E98647}\1.0\0\win32, , C:\Program Files (x86)\ArdfryImaging\PSD Codec\ardfryPSDcodec.dll
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B622A8BB-C77B-4F03-B512-8B70A6760BD9}, DisplayName, PSD Codec by Ardfry Imaging, LLC (32 bit)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatCache, AppCompatCache, 30 00 00 00 09 64 01 00 00 00 00 00 29 0f 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd 06 00 00 63 03 00 00 00 00 00 00 31 30 74 73 a6 10 99 a3 d6 00 00 00 40 00 43 00 3a 00 5c 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 5c 00 49 00 6e 00 73 00 74 00 61 00 6c 00 6c 00 65 00 72 00 5c 00 4d 00 53 00 49 00 36 00 35 00 39 00 39 00 2e 00 74 00 6d 00 70 00 8e 57 53 44 37 13 d4 01 88 00 00 00 00 02 00 00 04 00 00 00 00 00 00 00 00 08 00 00 02 00 00 00 4c 01 00 00 01 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 08 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 04 00 00 00 03 00 00 00 40 00 00 00 04 00 00 00 01 00 00 00 20 00 00 00 04 00 00 00 00 00 00 00 00 01 00 00 04 00 00 00 01 00 00 00 31 30 74 73 70 a7 c2 1f e6 00 00 00 80 00 43 00 3a 00 5c 00 50 00 72 00 6f 00 67 00 72 00 61 00 6d 00 20 00 46 00 69 00 6c 00 65 00 73 00 5c 00 41 00 72 00 64 00 66 00 72 00 79 00 49 00 6d 00 61 00 67 00 69 00 6e 00 67 00 5c 00 50 00 53 00 44 00 20 00 43 00 6f 00 64 00 65 00 63 00 5c 00 50 00 53 00 44 00 43 00 6f 00 64 00 65 00 63 00 50 00 72 00 65 00 66 00 65 00 72 00 65 00 6e 00 63 00 65 00 73 00 2e 00 65 00 78 00 65 00 00 63 08 37 83 74 d2 01 58 00 00 00 00 02 00 00 04 00 00 00 00 00 00 00 00 08 00 00 02 00 00 00 64 86 00 00 01 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 08 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 31 30 74 73 10 42 65 7e d6 00 00 00 40 00 43 00 3a 00 5c 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 5c 00 49 00 6e 00 73 00 74 00 61 00 6c 00 6c 00 65 00 72 00 5c 00 4d 00 53 00 49 00 35 00 46 00 33 00 43 00 2e 00 74 00 6d 00 70 00 98 fb 5b 43 37 13 d4 01 88 00 00 00 00 02 00 00 04 00 00 00 00 00 00 00 00 08 00 00 02 00 00 00 64 86 00 00 01 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 08 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 04 00 00 00 03 00 00 00 40 00 00 00 04 00 00 00 01 00 00 00 20 00 00 00 04 00 00 00 00 00 00 00 00 01 00 00 04 00 00 00 01 00 00 00 31 30 74 73 89 79 3c bc 98 02 00 00 6a 00 43 00 3a 00 5c 00 50 00 72 00 6f 00 67 00 72 00 61 00 6d 00 20 00 46 00 69 00 6c 00 65 00 73 00 5c 00 41 00 72 00 64 00 66 00 72 00 79 00 49 00 6d 00 61 00 67 00 69 00 6e 00 67 00 5c 00 50 00 53 00 44 00 20 00 43 00 6f 00 64 00 65 00 63 00 5c 00 75 00 6e 00 69 00 6e 00 73 00 30 00 30 00 30 00 2e 00 65 00 78 00 65 00 85 63 15 33 37 13 d4 01 20 02 00 00 00 02 00 00 04 00 00 00 00 00 00 00 00 08 00 00 02 00 00 00 4c 01 00 00 01 00 00 00 c8 01 00 00 c0 a6 03 00 94 ae 03 00 32 b1 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

 
接下来,我们找到了A,不认识的同学可以查字典,好好念念~~
整明白之后就知道15天是怎么来的~~
先从时间上破解的可以选择走此路线一试 ~~ 
X)你可以干掉这个键值
Y)也可以从初始时间上下手
Z)也可以从过期时下手
3种方法 可以留给楼下的同学当作今天的回家作业~~

由于先前 忘了放狗 (Revo Uninstaller Pro)做记录,所以注册表的关键键值在什么地方 我也不知道  ~~
所以,我们接着念动咒语~~~~用下面的工具试试
 
毕竟是很老的XP下的程序了,对win10不支持,所以还是没有抓下来 ~~(其实~~  我们该用 Revo Uninstaller Pro的卸载功能把软件卸载了,再监控就板上钉钉了;不过系统要重启2次)
RegSPY也落败了 
么有关系  ~~  我们派中场大将梅西上场 ~~ (这个混蛋,今年表现不算太好)
 
HKEY_CURRENT_USER\SOFTWARE\QDFV 就是我们千方百计想要找的东西啦~~ 
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\QDFV]
"ZZB"=hex:56,24,3c,5b,00,00,00,00
"QDFXZ"=hex:4b,1b,4b,1b,ff
"QDFXZA"=hex:ba,b8,b1,b8,d2,bc,c9,a9,ac,d2,ca,c8,ba,cb,d2,bd,c6,ac,ae,ff这玩意就是作者不想让我们看到的机密信息了 ~~

好在姥爷在X64DBG中曾经印象中看到过~~ 果然是你~~  真的果然是你 ~~   不好意思,又用了句电视剧的台词 ~~ 小狐狸怎么能斗得过老狐狸~~ 
反注册问题我们解决了之后,我们就可以重新来过了 ~~


1,常规流程,我们一般是 打开,并搜索
 
对于注册表键值处设伏,一般我们的下场只有2种,
A,当完成注册后,特定的键值才会被创建,所以一般断不下来 ~~
B,某某软件根键值下下断,可能拦截到部分有用数据
 
由于没有注册表子键值,所以这句势必会跳过 ~~  果然如此 ~~
[C++] 纯文本查看 复制代码[color=white !important]?[table=1039.33px][tr][td][color=initial !important][align=right !important]01
[color=initial !important][align=right !important]02
[color=initial !important][align=right !important]03[color=initial !important][align=right !important]04[color=initial !important][align=right !important]05[color=initial !important][align=right !important]06[color=initial !important][align=right !important]07[color=initial !important][align=right !important]08[color=initial !important][align=right !important]09[color=initial !important][align=right !important]10[color=initial !important][align=right !important]11[color=initial !important][align=right !important]12[color=initial !important][align=right !important]13[color=initial !important][align=right !important]14[color=initial !important][align=right !important]15[color=initial !important][align=right !important]16[color=initial !important][align=right !important]17[color=initial !important][align=right !important]18[color=initial !important][align=right !important]19[color=initial !important][align=right !important]20[color=initial !important][align=right !important]21[color=initial !important][align=right !important]22[color=initial !important][align=right !important]23[/td][td]00007FF742712FD0             | 48 8D | lea rdx,qword ptr ds:[7FF74272E970]       | 00007FF74272E970:"Software\\QDFV"00007FF742712FD7             | 48 8B | mov rcx,qword ptr ss:[rsp+rax*8+68]       | rcx:_local_unwind+8EF800007FF742712FDC             | FF 15 | call qword ptr ds:[<&RegOpenKeyExA>]      |00007FF742712FE2             | 85 C0 | test eax,eax                              |00007FF742712FE4             | 0F 85 | jne psdcodecpreferences.7FF7427132EF      | 果然跳过了 ~~00007FF742712FEA             | 48 8B | mov rbx,qword ptr ss:[rsp+50]             |00007FF742712FEF             | 48 89 | mov qword ptr ss:[rsp+80],rbx             |00007FF742712FF7             | 89 BC | mov dword ptr ss:[rsp+88],edi             |00007FF742712FFE             | 48 C7 | mov qword ptr ss:[rsp+D0],F               |00007FF74271300A             | 48 89 | mov qword ptr ss:[rsp+C8],rdi             |00007FF742713012             | 88 84 | mov byte ptr ss:[rsp+B8],al               |00007FF742713019             | 48 C7 | mov qword ptr ss:[rsp+F0],F               |00007FF742713025             | 48 89 | mov qword ptr ss:[rsp+E8],rdi             |00007FF74271302D             | 88 84 | mov byte ptr ss:[rsp+D8],al               |00007FF742713034             | 48 C7 | mov qword ptr ss:[rsp+B0],F               |00007FF742713040             | 48 89 | mov qword ptr ss:[rsp+A8],rdi             |00007FF742713048             | 88 84 | mov byte ptr ss:[rsp+98],al               |00007FF74271304F             | 88 84 | mov byte ptr ss:[rsp+100],al              |00007FF742713056             | C7 44 | mov dword ptr ss:[rsp+3C],40              | 40:'@'00007FF74271305E             | 4C 8D | lea r9,qword ptr ss:[rsp+3C]              |00007FF742713063             | 4C 8D | lea r8,qword ptr ss:[rsp+100]             |00007FF74271306B             | 48 8D | lea rdx,qword ptr ds:[7FF74272E980]       | 00007FF74272E980:"QDFXZ"00007FF742713072             | 48 8B | mov rcx,rbx                               | rcx:_local_unwind+8EF8[/td][/tr][/table]
2,当这句出来时,我们有三种以上选择
 
a) 字串搜索,结果是搜不到;但文件中确实能找到,我们可以利用偏移地址定位
b)用api来断 ~~  但是DBGX64相关插件用得少不知道
知道的同学说一声你们是如何配置的?赶紧把配置好的工具传给我一份研究下,共同地进步哟~~ 
c)F12暂停法,堆栈中引籽入局  
很多,我们统统 【回车跟随】


[Asm] 纯文本查看 复制代码[color=white !important]?[table=1039.33px][tr][td][color=initial !important][align=right !important]01[color=initial !important][align=right !important]02[color=initial !important][align=right !important]03[color=initial !important][align=right !important]04[color=initial !important][align=right !important]05[color=initial !important][align=right !important]06[color=initial !important][align=right !important]07[color=initial !important][align=right !important]08[color=initial !important][align=right !important]09[color=initial !important][align=right !important]10[color=initial !important][align=right !important]11[color=initial !important][align=right !important]12[color=initial !important][align=right !important]13[color=initial !important][align=right !important]14[color=initial !important][align=right !important]15[color=initial !important][align=right !important]16[color=initial !important][align=right !important]17[color=initial !important][align=right !important]18[color=initial !important][align=right !important]19[color=initial !important][align=right !important]20[color=initial !important][align=right !important]21[color=initial !important][align=right !important]22[color=initial !important][align=right !important]23[/td][td]最后我们来到下面附近 ~~ 00007FF742719172             | E8 C9 | call psdcodecpreferences.7FF742719B40      |00007FF742719177             | 48 8B | mov rbx,qword ptr ss:[rsp+40]              |00007FF74271917C             | 83 7B | cmp dword ptr ds:[rbx-10],40               | 40:'@'00007FF742719180             | 7E 42 | jle psdcodecpreferences.7FF7427191C4       |00007FF742719182             | B9 01 | mov ecx,1                                  |00007FF742719187             | 2B 4B | sub ecx,dword ptr ds:[rbx-8]               |00007FF74271918A             | 8B 43 | mov eax,dword ptr ds:[rbx-C]               |00007FF74271918D             | 83 E8 | sub eax,40                                 |00007FF742719190             | 0B C1 | or eax,ecx                                 |00007FF742719192             | 7D 14 | jge psdcodecpreferences.7FF7427191A8       |00007FF742719194             | BA 40 | mov edx,40                                 | 40:'@'00007FF742719199             | 48 8D | lea rcx,qword ptr ss:[rsp+40]              |00007FF74271919E             | E8 DD | call psdcodecpreferences.7FF742713980      |00007FF7427191A3             | 48 8B | mov rbx,qword ptr ss:[rsp+40]              |00007FF7427191A8             | 83 7B | cmp dword ptr ds:[rbx-C],40                | 40:'@'00007FF7427191AC             | 7D 0B | jge psdcodecpreferences.7FF7427191B9       |00007FF7427191AE             | B9 57 | mov ecx,80070057                           |00007FF7427191B3             | E8 08 | call psdcodecpreferences.7FF742711CC0      |00007FF7427191B8             | CC    | int3                                       |00007FF7427191B9             | C7 43 | mov dword ptr ds:[rbx-10],40               | 40:'@'00007FF7427191C0             | C6 43 | mov byte ptr ds:[rbx+40],0                 | rbx+40:L"hreadMgr"00007FF7427191C4             | 48 8D | lea rdx,qword ptr ds:[7FF74272F2B8]        | 00007FF74272F2B8:"eriksmit@realemail.net"[/td][/tr][/table]
 
最后,当我们来到图中所示的附近时,你首先看到 ABCDEFGH.........一串字符串
接下来,我们看到了 XXXX-XXXX-XXXX-XXXX 的不断循环计算的过程,接下来,我们开车行不多远,我们就看到了我们的假码
[Asm] 纯文本查看 复制代码[color=white !important]?[table=1039.33px][tr][td][color=initial !important][align=right !important]01[color=initial !important][align=right !important]02[color=initial !important][align=right !important]03[color=initial !important][align=right !important]04[color=initial !important][align=right !important]05[color=initial !important][align=right !important]06[color=initial !important][align=right !important]07[color=initial !important][align=right !important]08[color=initial !important][align=right !important]09[color=initial !important][align=right !important]10[color=initial !important][align=right !important]11[color=initial !important][align=right !important]12[color=initial !important][align=right !important]13[color=initial !important][align=right !important]14[color=initial !important][align=right !important]15[color=initial !important][align=right !important]16[color=initial !important][align=right !important]17[color=initial !important][align=right !important]18[color=initial !important][align=right !important]19[color=initial !important][align=right !important]20[color=initial !important][align=right !important]21[color=initial !important][align=right !important]22[color=initial !important][align=right !important]23[color=initial !important][align=right !important]24[color=initial !important][align=right !important]25[color=initial !important][align=right !important]26[color=initial !important][align=right !important]27[color=initial !important][align=right !important]28[/td][td]00007FF74271A1BF             | 4C 8D | lea r8,qword ptr ss:[rsp+28]               | [rsp+28]:"EGNG-C6VS-57E4-B9SQ"00007FF74271A1C4             | 48 8D | lea rdx,qword ptr ss:[rsp+48]              |00007FF74271A1C9             | 48 8D | lea rcx,qword ptr ds:[7FF74272E990]        | rcx:"EGNG-C6VS-57E4-B9SQ", 00007FF74272E990:"PACHA"00007FF74271A1D0             | E8 CB | call psdcodecpreferences.7FF74271A2A0      |00007FF74271A1D5             | 80 3F | cmp byte ptr ds:[rdi],0                    | rdi:"SDF3-DF46-4545-D54F"00007FF74271A1D8             | 75 04 | jne psdcodecpreferences.7FF74271A1DE       |00007FF74271A1DA             | 33 DB | xor ebx,ebx                                |00007FF74271A1DC             | EB 0D | jmp psdcodecpreferences.7FF74271A1EB       |00007FF74271A1DE             | 48 83 | or rbx,FFFFFFFFFFFFFFFF                    |00007FF74271A1E2             | 48 FF | inc rbx                                    |00007FF74271A1E5             | 80 3C | cmp byte ptr ds:[rdi+rbx],0                |00007FF74271A1E9             | 75 F7 | jne psdcodecpreferences.7FF74271A1E2       | 看到上面了吗?可能是真码哟~~00007FF74271A1EB             | 48 8D | lea rcx,qword ptr ss:[rsp+28]              | [rsp+28]:"EGNG-C6VS-57E4-B9SQ"00007FF74271A1F0             | 48 83 | cmp qword ptr ss:[rsp+40],10               |00007FF74271A1F6             | 48 0F | cmovae rcx,qword ptr ss:[rsp+28]           | [rsp+28]:"EGNG-C6VS-57E4-B9SQ"00007FF74271A1FC             | 4C 8B | mov r8,rbx                                 |00007FF74271A1FF             | 48 8B | mov rsi,qword ptr ss:[rsp+38]              |00007FF74271A204             | 48 3B | cmp rsi,rbx                                |00007FF74271A207             | 4C 0F | cmovb r8,rsi                               |00007FF74271A20B             | 4D 85 | test r8,r8                                 |00007FF74271A20E             | 75 04 | jne psdcodecpreferences.7FF74271A214       |00007FF74271A210             | 33 C0 | xor eax,eax                                |00007FF74271A212             | EB 08 | jmp psdcodecpreferences.7FF74271A21C       | 下面那句看到了没?可能是假码哟~~00007FF74271A214             | 48 8B | mov rdx,rdi                                | rdi:"SDF3-DF46-4545-D54F"00007FF74271A217             | E8 84 | call psdcodecpreferences.7FF74271C8A0      |00007FF74271A21C             | 48 98 | cdqe                                       |00007FF74271A21E             | 48 85 | test rax,rax                               | rax:"EGNG-C6VS-57E4-B9SQ"00007FF74271A221             | 75 12 | jne psdcodecpreferences.7FF74271A235       |[/td][/tr][/table]
,以及 00007FF74271937A             | 0F 85 | jne psdcodecpreferences.7FF74271949E       | 貌似这句很关键~~
 
[Asm] 纯文本查看 复制代码[color=white !important]?[table=1039.33px][tr][td][color=initial !important][align=right !important]1[color=initial !important][align=right !important]2[color=initial !important][align=right !important]3[/td][td]00007FF742719373             | E8 B8 | call psdcodecpreferences.7FF74271A130      |00007FF742719378             | 84 C0 | test al,al                                 |00007FF74271937A             | 0F 85 | jne psdcodecpreferences.7FF74271949E       | 貌似这句很关键~~ 结果果然是这句起到关键作用 ~~[/td][/tr][/table]
代码真的很长,上面只找特征部分加以说明 ~~  
 

 


全自动共享软件破解器满足你的贪嗔痴
级别: 超级会员

UID: 215916
精华: 0
发帖: 31569
威望: 3587
霏币: 37627.8
活跃度: 32507
技术分: 1480
非凡币: 959
交易值: 0
在线时间: 7632(小时)
注册时间: 2013-03-03
最后登录: 2018-09-18
1楼  发表于: 2018-07-04 11:35:25
贴子成了奶奶样,效果太棒了~~      
级别: 新手上路
UID: 210996
精华: 0
发帖: 85
威望: 1
霏币: -1931
活跃度: 84
技术分: 0
非凡币: 0
交易值: 0
在线时间: 8(小时)
注册时间: 2012-01-01
最后登录: 2018-07-06
2楼  发表于: 2018-07-06 10:32:34
小白表示看不懂,可否出成品啊
认真做人,认真生活,认真做事。
级别: 资深会员

UID: 18599
精华: 0
发帖: 983
威望: 4425
霏币: 889
活跃度: 1516
技术分: 0
非凡币: 0
交易值: 0
在线时间: 1506(小时)
注册时间: 2004-07-18
最后登录: 2018-09-12
3楼  发表于: 2018-07-06 13:42:01
程序员都会这种操作吗?
级别: 高级会员
UID: 9732
精华: 0
发帖: 1508
威望: 2442
霏币: 3391
活跃度: 1532
技术分: 0
非凡币: 0
交易值: 0
在线时间: 779(小时)
注册时间: 2004-07-06
最后登录: 2018-09-18
4楼  发表于: 2018-07-07 10:59:32
楼主高人啊
级别: 新手上路
UID: 235008
精华: 0
发帖: 103
威望: 1
霏币: 91
活跃度: 93
技术分: 0
非凡币: 0
交易值: 0
在线时间: 20(小时)
注册时间: 2018-06-28
最后登录: 2018-09-18
5楼  发表于: 2018-07-07 21:41:23
精彩 啊。  厉害。
null……
级别: 青铜长老

UID: 3135
精华: 0
发帖: 92112
威望: 17080
霏币: 6084.7
活跃度: 124019
技术分: 266
非凡币: 1
交易值: 0
在线时间: 8454(小时)
注册时间: 2004-06-28
最后登录: 2018-09-17
6楼  发表于: 2018-07-12 23:53:47
发威的反编译分析思路已经趋大成了
级别: 中级会员
UID: 191514
精华: 0
发帖: 8619
威望: 101
霏币: 26138
活跃度: 8149
技术分: 0
非凡币: 500
交易值: 0
在线时间: 372(小时)
注册时间: 2010-01-01
最后登录: 2018-09-18
7楼  发表于: 2018-07-18 10:06:04
这个怎样用的,老大!
级别: 新手上路
UID: 235008
精华: 0
发帖: 103
威望: 1
霏币: 91
活跃度: 93
技术分: 0
非凡币: 0
交易值: 0
在线时间: 20(小时)
注册时间: 2018-06-28
最后登录: 2018-09-18
8楼  发表于: 2018-07-20 13:46:48
哇哦,技术贴。
级别: 中级会员
UID: 159332
精华: 0
发帖: 537
威望: 691
霏币: 23
活跃度: 702
技术分: 0
非凡币: 0
交易值: 0
在线时间: 546(小时)
注册时间: 2005-10-01
最后登录: 2018-09-12
9楼  发表于: 2018-07-22 17:14:36
相当牛逼
趴在这里
级别: 高级会员
UID: 26135
精华: 0
发帖: 212
威望: 1908
霏币: 1752
活跃度: 246
技术分: 0
非凡币: 0
交易值: 0
在线时间: 73(小时)
注册时间: 2004-08-19
最后登录: 2018-09-16
10楼  发表于: 2018-07-28 18:42:33
这个的确有用处,
级别: 新手上路
UID: 235008
精华: 0
发帖: 103
威望: 1
霏币: 91
活跃度: 93
技术分: 0
非凡币: 0
交易值: 0
在线时间: 20(小时)
注册时间: 2018-06-28
最后登录: 2018-09-18
11楼  发表于: 2018-07-28 19:56:47
好复杂啊。
级别: 初级会员
UID: 162825
精华: 0
发帖: 75
威望: 253
霏币: 2028
活跃度: 216
技术分: 0
非凡币: 0
交易值: 0
在线时间: 75(小时)
注册时间: 2005-10-01
最后登录: 2018-09-13
12楼  发表于: 2018-07-30 09:54:12
看得有点吃力,感觉水平很次了。