文件下载:链接:https://pan.baidu.com/s/1xSZBiSF7R465iB3r2x0Tow 提取码:sujd
使用方法:安装 Source Insight4 后,将 exe 文件放到 Source Insight4 的安装目录。将 si.lic 放到 C:\ProgramData\Source Insight\4.0 目录下。
版本:Source Insight 4.00.0126
修改 PE,关闭随机基址。
对获取文件框文本的 API 下断点,输入序列号,断点命中在 GetWindowsTextW()
函数。
序列号格式检验的函数
序列号长度:19
序列号格式:XXXX-XXXX-XXXX-XXXX
Serial[0] = 'S'
Serial[1] = [0-9] => ArgcList_604 = szSerial[1] - '0' = 4
Serial[2] = [T B S U] => ArgcList_60C = [1 3 0 0] = 1
Serial[3] = G => *ArgcList_608 = 1
Serial[6] = [R G D F]
根据规则乱造一个序列号:S4SG-ARCD-EFGH-XXXX,后四位可有 sub_514370()
函数生成。
生成后四位的算法
根据算法写注册机
生成的后四位为:”36V6”,最后序列号为:“S4SG-ARCD-EFGH-36V6”。
输入序列号后,填写信息,然后会出现提示信息 "Now activating your license... Please wait...",打开 Fiddler 抓包,发现有发请求,但是返回的数据包里面没有可用信息。这时可以对 HttpSendRequestW()
函数下断点。
网络验证关键代码
发送请求后,会通过 HttpQueryInfoW()
获取返回的信息。获取的值等于 0xC8,则表示网页验证通过。这里我们直接修改二进制,让 HttpQueryInfoW()
函数的 result
参数被赋值为 0xC8。
生成请求数据包的函数
网页验证通过后,会修改注册表和 C:\ProgramData\Source Insight\4.0\si.lic 文件。
如果是正版的序列号,返回的 HTTP 数据包会有数据,给我们回写到注册表和 C:\ProgramData\Source Insight\4.0\si.lic 的文件中。但是这里我们没有数据,所以这里我们修改二进制将 return 0x1D0
改为 return 0xC8
。
将 C:\ProgramData\Source Insight\4.0\si.lic 的内容进行 XML 格式化,并对文件中各个字段的数据进行检查。
si.lic 文件中 ActId
字段的值为 Deferred
,无法通过 call sourceinsight4.403570
的 ActId 的检验。进入到 sourceinsight4.403570
函数内部后,sub_403240()
会返回一张存有很多 ActId 的表,那 ActId 表的第一项和 si.lic 文件中 ActId 字段的值进行比较。这里我们直接将软件内的 ActId 拷贝到 si.lic 文件中。
比较 ActId 字段的值的代码
修改 si.lic 中的 ActId 字段。
读取 si.lic 文件的内容,去除掉空白字符,通过 call sourceinsight4.403210
生成校验码1,然后再使用去除掉空白字符的文件内容和 “Value” 字段的值通过 call sourceinsight4.402F00
函数生成校验码2,对比两个校验码。相同则验证通过,否则验证失败。
这里我们将验证码比较部分,去除掉验证码不相同的判断。
改为
硬件设备的检验的关键代码
call sourceinsight4.516EE0
会根据软件信息、token、硬件信息等生成一个序列,然后将这个序列会和一个 "44D35B3608E5C603D775C76216F555E000D04B6718E33E93F35887A8A360D2F468E313DC7B3E047E08F10A51B75561B5L55576B63BF2D7750F09557AF661F14849F94F2652A903A10E9074E61EA4FE7E83A6F5090AD61F3F365D1C67DA22A478FA17" 的序列做比较。相同,则验证通过。
这里我们将函数的返回 eax 改为 1,表示验证通过。
破解成功
BOOL
__cdecl sub_514BA0(char
*
szSerial, void
*
ArgcList_608, void
*
ArgcList_60C, void
*
ArgcList_604,
int
n_1)
{
char v5;
/
/
al
char v6;
/
/
al
char v7;
/
/
al
char v8;
/
/
al
int
v10;
/
/
[esp
+
4h
] [ebp
-
18h
] BYREF
char Destination[
20
];
/
/
[esp
+
8h
] [ebp
-
14h
] BYREF
_strupr(szSerial);
if
( strlen(szSerial) !
=
19
)
return
0
;
if
( szSerial[
4
] !
=
'-'
)
return
0
;
if
( szSerial[
9
] !
=
'-'
)
return
0
;
if
( szSerial[
14
] !
=
'-'
)
return
0
;
if
(
*
szSerial !
=
'S'
)
return
0
;
if
( n_1 )
{
v5
=
szSerial[
6
];
if
( v5 !
=
'R'
&& v5 !
=
'G'
&& v5 !
=
'D'
&& v5 !
=
'F'
)
return
0
;
}
v6
=
szSerial[
1
];
if
( v6 <
'0'
|| v6 >
'9'
)
return
0
;
*
ArgcList_604
=
v6
-
'0'
;
/
/
*
ArgcList_604
=
szSerial[
1
]
-
'0'
;
v7
=
szSerial[
2
];
switch ( v7 )
/
/
*
ArgcList_604
=
[
1
3
0
0
]
{
case
'T'
:
*
ArgcList_60C
=
1
;
break
;
case
'B'
:
*
ArgcList_60C
=
3
;
break
;
case
'S'
:
*
ArgcList_60C
=
0
;
break
;
case
'U'
:
*
ArgcList_60C
=
0
;
break
;
default:
return
0
;
}
v8
=
szSerial[
3
];
if
( v8
=
=
'G'
)
{
*
ArgcList_608
=
1
;
}
else
{
if
( v8 !
=
'R'
)
return
0
;
*
ArgcList_608
=
0
;
}
if
( !n_1 )
return
1
;
strcpy(Destination, szSerial);
Destination[
15
]
=
0
;
sub_514370(Destination,
15
, &unk_604F70, &v10);
/
/
根据序列号的前
15
位生成后四位
return
*
(szSerial
+
15
)
=
=
v10;
/
/
判断生成的后四位和序列号中的后四位是否相等。
}
BOOL
__cdecl sub_514BA0(char
*
szSerial, void
*
ArgcList_608, void
*
ArgcList_60C, void
*
ArgcList_604,
int
n_1)
{
char v5;
/
/
al
char v6;
/
/
al
char v7;
/
/
al
char v8;
/
/
al
int
v10;
/
/
[esp
+
4h
] [ebp
-
18h
] BYREF
char Destination[
20
];
/
/
[esp
+
8h
] [ebp
-
14h
] BYREF
_strupr(szSerial);
if
( strlen(szSerial) !
=
19
)
return
0
;
if
( szSerial[
4
] !
=
'-'
)
return
0
;
if
( szSerial[
9
] !
=
'-'
)
return
0
;
if
( szSerial[
14
] !
=
'-'
)
return
0
;
if
(
*
szSerial !
=
'S'
)
return
0
;
if
( n_1 )
{
v5
=
szSerial[
6
];
if
( v5 !
=
'R'
&& v5 !
=
'G'
&& v5 !
=
'D'
&& v5 !
=
'F'
)
return
0
;
}
v6
=
szSerial[
1
];
if
( v6 <
'0'
|| v6 >
'9'
)
return
0
;
*
ArgcList_604
=
v6
-
'0'
;
/
/
*
ArgcList_604
=
szSerial[
1
]
-
'0'
;
v7
=
szSerial[
2
];
switch ( v7 )
/
/
*
ArgcList_604
=
[
1
3
0
0
]
{
case
'T'
:
*
ArgcList_60C
=
1
;
break
;
case
'B'
:
*
ArgcList_60C
=
3
;
break
;
case
'S'
:
*
ArgcList_60C
=
0
;
break
;
case
'U'
:
*
ArgcList_60C
=
0
;
break
;
default:
return
0
;
}
v8
=
szSerial[
3
];
if
( v8
=
=
'G'
)
{
*
ArgcList_608
=
1
;
}
else
{
if
( v8 !
=
'R'
)
return
0
;
*
ArgcList_608
=
0
;
}
if
( !n_1 )
return
1
;
strcpy(Destination, szSerial);
Destination[
15
]
=
0
;
sub_514370(Destination,
15
, &unk_604F70, &v10);
/
/
根据序列号的前
15
位生成后四位
return
*
(szSerial
+
15
)
=
=
v10;
/
/
判断生成的后四位和序列号中的后四位是否相等。
}
int
__cdecl sub_514370(_BYTE
*
szSerial, unsigned
int
nSerialLength, char
*
pTable,
int
nResult)
{
unsigned
int
i;
/
/
esi
unsigned __int8 v5;
/
/
cl
unsigned
int
j;
/
/
eax
int
result;
/
/
eax
for
( i
=
0
; i <
4
;
*
(i
+
nResult
-
1
)
=
byte_604E50[v5
%
26
] )
{
v5
=
pTable[(i
+
*
szSerial)];
for
( j
=
1
; j < nSerialLength;
+
+
j )
v5
=
pTable[v5 ^ szSerial[j]];
result
=
nResult;
+
+
i;
}
return
result;
}
int
__cdecl sub_514370(_BYTE
*
szSerial, unsigned
int
nSerialLength, char
*
pTable,
int
nResult)
{
unsigned
int
i;
/
/
esi
unsigned __int8 v5;
/
/
cl
unsigned
int
j;
/
/
eax
int
result;
/
/
eax
for
( i
=
0
; i <
4
;
*
(i
+
nResult
-
1
)
=
byte_604E50[v5
%
26
] )
{
v5
=
pTable[(i
+
*
szSerial)];
for
( j
=
1
; j < nSerialLength;
+
+
j )
v5
=
pTable[v5 ^ szSerial[j]];
result
=
nResult;
+
+
i;
}
return
result;
}
unsigned char g_szAlphabetTable[]
=
{
0x4B
,
0x56
,
0x39
,
0x36
,
0x47
,
0x4D
,
0x4A
,
0x59
,
0x48
,
0x37
,
0x51
,
0x46
,
0x35
,
0x54
,
0x43
,
0x57
,
0x34
,
0x55
,
0x33
,
0x58
,
0x5A
,
0x50
,
0x52
,
0x53
,
0x44
,
0x4E
,
0x00
};
int
__cdecl sub_514370(char
*
szSerial, unsigned
int
nSerialLength, char
*
pTable, char
*
pLastFourCharacters)
{
unsigned
int
i;
/
/
esi
unsigned __int8 v5;
/
/
cl
unsigned
int
j;
/
/
eax
int
result;
/
/
eax
for
(i
=
0
; i <
4
;
*
(i
+
pLastFourCharacters
-
1
)
=
g_szAlphabetTable[v5
%
26
])
{
v5
=
pTable[(i
+
*
szSerial)];
for
(j
=
1
; j < nSerialLength;
+
+
j)
v5
=
pTable[v5 ^ szSerial[j]];
result
=
pLastFourCharacters;
+
+
i;
}
return
result;
}
int
main(
int
argc, char
*
argv[])
{
/
/
"S4SG-XRXX-XXXX-XXXX"
char szSerial[
20
]
=
{
'S'
,
'4'
,
'S'
,
'G'
,
'-'
,
'A'
,
'R'
,
'C'
,
'D'
,
'-'
,
'E'
,
'F'
,
'G'
,
'H'
,
'-'
,
'X'
,
'X'
,
'X'
,
'X'
,
0
};
char aryLastFourCharacters[
4
]
=
{
0
};
sub_514370(szSerial,
15
, g_aryTable, &aryLastFourCharacters);
*
(PULONG)(szSerial
+
15
)
=
*
(PLONG)aryLastFourCharacters;
printf(
"Serial: %s"
, szSerial);
}
unsigned char g_szAlphabetTable[]
=
{
0x4B
,
0x56
,
0x39
,
0x36
,
0x47
,
0x4D
,
0x4A
,
0x59
,
0x48
,
0x37
,
0x51
,
0x46
,
0x35
,
0x54
,
0x43
,
0x57
,
0x34
,
0x55
,
0x33
,
0x58
,
0x5A
,
0x50
,
0x52
,
0x53
,
0x44
,
0x4E
,
0x00
};
int
__cdecl sub_514370(char
*
szSerial, unsigned
int
nSerialLength, char
*
pTable, char
*
pLastFourCharacters)
{
unsigned
int
i;
/
/
esi
unsigned __int8 v5;
/
/
cl
unsigned
int
j;
/
/
eax
int
result;
/
/
eax
for
(i
=
0
; i <
4
;
*
(i
+
pLastFourCharacters
-
1
)
=
g_szAlphabetTable[v5
%
26
])
{
v5
=
pTable[(i
+
*
szSerial)];
for
(j
=
1
; j < nSerialLength;
+
+
j)
v5
=
pTable[v5 ^ szSerial[j]];
result
=
pLastFourCharacters;
+
+
i;
}
return
result;
}
int
main(
int
argc, char
*
argv[])
{
/
/
"S4SG-XRXX-XXXX-XXXX"
char szSerial[
20
]
=
{
'S'
,
'4'
,
'S'
,
'G'
,
'-'
,
'A'
,
'R'
,
'C'
,
'D'
,
'-'
,
'E'
,
'F'
,
'G'
,
'H'
,
'-'
,
'X'
,
'X'
,
'X'
,
'X'
,
0
};
char aryLastFourCharacters[
4
]
=
{
0
};
sub_514370(szSerial,
15
, g_aryTable, &aryLastFourCharacters);
*
(PULONG)(szSerial
+
15
)
=
*
(PLONG)aryLastFourCharacters;
printf(
"Serial: %s"
, szSerial);
}
int
__usercall sub_425860@<eax>(
char
*
Str
,
int
a3,
const CHAR
*
lpMultiByteStr,
char
*
lpOptional,
_BYTE
*
lpBuffer,
int
a7)
{
int
v6;
/
/
ebp MAPDST
DWORD v7;
/
/
edi
DWORD v8;
/
/
ebx
INTERNET_PORT v9;
/
/
si
void
*
v10;
/
/
eax
void
*
v12;
/
/
eax
void
*
v13;
/
/
ebp
void
*
v14;
/
/
eax
void
*
v15;
/
/
esi
int
LastError;
/
/
eax
int
v18;
/
/
[esp
+
0h
] [ebp
-
11Ch
]
int
result;
/
/
[esp
+
Ch] [ebp
-
110h
] BYREF
DWORD dwNumberOfBytesRead;
/
/
[esp
+
10h
] [ebp
-
10Ch
] BYREF
DWORD dwBufferLength;
/
/
[esp
+
14h
] [ebp
-
108h
] BYREF
HINTERNET hInternet;
/
/
[esp
+
18h
] [ebp
-
104h
]
char v23[
256
];
/
/
[esp
+
1Ch
] [ebp
-
100h
] BYREF
v7
=
strlen(lpOptional);
result
=
0x3E8
;
dwBufferLength
=
4
;
v8
=
67420928
;
if
( a3 )
{
v8
=
75817728
;
v9
=
443
;
}
else
{
v9
=
80
;
}
v10
=
sub_455BE0(
"Source Insight"
,
0
,
0
,
0
,
0
);
hInternet
=
v10;
if
( v10 )
{
v12
=
sub_455D90(v10,
Str
, v9,
0
,
0
,
3u
,
0
,
0
);
v13
=
v12;
if
( v12 )
{
v14
=
sub_455F60(v12,
"POST"
, lpMultiByteStr,
0
,
0
,
0
, v8,
0
);
v15
=
v14;
if
( v14 )
{
sub_456190(v14,
"Content-Type: application/x-www-form-urlencoded"
,
0xFFFFFFFF
,
0x20000000u
);
sub_456190(v15,
"Accept: text/plain"
,
0xFFFFFFFF
,
0x20000000u
);
sprintf(v23,
"Content-length: %d\n"
, v7);
sub_456190(v15, v23,
0xFFFFFFFF
,
0x20000000u
);
if
( HttpSendRequestW(v15,
0
,
0
, lpOptional, v7) )
{
HttpQueryInfoW(v15,
0x20000013u
, &result, &dwBufferLength,
0
);
if
( result
=
=
0xC8
)
/
/
网络验证通过的分支。
{
if
( InternetReadFile(v15, lpBuffer, a7
-
1
, &dwNumberOfBytesRead) )
{
lpBuffer[dwNumberOfBytesRead]
=
0
;
result
=
0xC8
;
}
else
{
lpBuffer[dwNumberOfBytesRead]
=
0
;
sub_413440(
0
,
0
,
"InternetReadFile Error"
, v6);
result
=
1007
;
}
}
}
else
{
LastError
=
GetLastError();
result
=
(LastError
=
=
12045
)
+
1004
;
sub_413440(
0
,
0
,
"HttpSendRequest Error %d"
, LastError);
}
InternetCloseHandle(v15);
}
else
{
sub_413440(
0
,
0
,
"HttpOpenRequest failed."
, v6);
result
=
1006
;
}
InternetCloseHandle(v13);
}
else
{
sub_413440(
0
,
0
,
"InternetConnect failed."
, v6);
result
=
0x3EA
;
}
InternetCloseHandle(hInternet);
return
result;
}
else
{
sub_413440(
0
,
0
,
"InternetOpen failed."
, v18);
return
0x3E9
;
}
}
int
__usercall sub_425860@<eax>(
char
*
Str
,
int
a3,
const CHAR
*
lpMultiByteStr,
char
*
lpOptional,
_BYTE
*
lpBuffer,
int
a7)
{
int
v6;
/
/
ebp MAPDST
DWORD v7;
/
/
edi
DWORD v8;
/
/
ebx
INTERNET_PORT v9;
/
/
si
void
*
v10;
/
/
eax
void
*
v12;
/
/
eax
void
*
v13;
/
/
ebp
void
*
v14;
/
/
eax
void
*
v15;
/
/
esi
int
LastError;
/
/
eax
int
v18;
/
/
[esp
+
0h
] [ebp
-
11Ch
]
int
result;
/
/
[esp
+
Ch] [ebp
-
110h
] BYREF
DWORD dwNumberOfBytesRead;
/
/
[esp
+
10h
] [ebp
-
10Ch
] BYREF
DWORD dwBufferLength;
/
/
[esp
+
14h
] [ebp
-
108h
] BYREF
HINTERNET hInternet;
/
/
[esp
+
18h
] [ebp
-
104h
]
char v23[
256
];
/
/
[esp
+
1Ch
] [ebp
-
100h
] BYREF
v7
=
strlen(lpOptional);
result
=
0x3E8
;
dwBufferLength
=
4
;
v8
=
67420928
;
if
( a3 )
{
v8
=
75817728
;
v9
=
443
;
}
else
{
v9
=
80
;
}
v10
=
sub_455BE0(
"Source Insight"
,
0
,
0
,
0
,
0
);
hInternet
=
v10;
if
( v10 )
{
v12
=
sub_455D90(v10,
Str
, v9,
0
,
0
,
3u
,
0
,
0
);
v13
=
v12;
if
( v12 )
{
v14
=
sub_455F60(v12,
"POST"
, lpMultiByteStr,
0
,
0
,
0
, v8,
0
);
v15
=
v14;
if
( v14 )
{
sub_456190(v14,
"Content-Type: application/x-www-form-urlencoded"
,
0xFFFFFFFF
,
0x20000000u
);
sub_456190(v15,
"Accept: text/plain"
,
0xFFFFFFFF
,
0x20000000u
);
sprintf(v23,
"Content-length: %d\n"
, v7);
sub_456190(v15, v23,
0xFFFFFFFF
,
0x20000000u
);
if
( HttpSendRequestW(v15,
0
,
0
, lpOptional, v7) )
{
HttpQueryInfoW(v15,
0x20000013u
, &result, &dwBufferLength,
0
);
if
( result
=
=
0xC8
)
/
/
网络验证通过的分支。
{
if
( InternetReadFile(v15, lpBuffer, a7
-
1
, &dwNumberOfBytesRead) )
{
lpBuffer[dwNumberOfBytesRead]
=
0
;
result
=
0xC8
;
}
else
{
lpBuffer[dwNumberOfBytesRead]
=
0
;
sub_413440(
0
,
0
,
"InternetReadFile Error"
, v6);
result
=
1007
;
}
}
}
else
{
LastError
=
GetLastError();
result
=
(LastError
=
=
12045
)
+
1004
;
sub_413440(
0
,
0
,
"HttpSendRequest Error %d"
, LastError);
}
InternetCloseHandle(v15);
}
else
{
sub_413440(
0
,
0
,
"HttpOpenRequest failed."
, v6);
result
=
1006
;
}
InternetCloseHandle(v13);
}
else
{
sub_413440(
0
,
0
,
"InternetConnect failed."
, v6);
result
=
0x3EA
;
}
InternetCloseHandle(hInternet);
return
result;
}
else
{
sub_413440(
0
,
0
,
"InternetOpen failed."
, v18);
return
0x3E9
;
}
}
00425A0D
| BB C8000000 | mov ebx,C8 |
00425A12
|
895C24
10
| mov dword ptr ss:[esp
+
10
],ebx | 将 [esp
+
10
] 改为 C8
00425A0D
| BB C8000000 | mov ebx,C8 |
00425A12
|
895C24
10
| mov dword ptr ss:[esp
+
10
],ebx | 将 [esp
+
10
] 改为 C8
int
__thiscall sub_515290(_DWORD
*
this, char
*
pBuffer,
int
n_1FA0)
{
BOOL
v4;
/
/
ebp
char
*
pPackage;
/
/
eax
char
*
pPackage2;
/
/
esi
int
result;
/
/
eax
int
dwNumberOfProcessors;
/
/
eax
int
v9;
/
/
eax
int
v10;
/
/
edi
char v11[
12
];
/
/
[esp
+
Ch] [ebp
-
20Ch
] BYREF
char
Buffer
[
256
];
/
/
[esp
+
18h
] [ebp
-
200h
] BYREF
char v13[
256
];
/
/
[esp
+
118h
] [ebp
-
100h
] BYREF
int
v14;
/
/
[esp
+
224h
] [ebp
+
Ch]
v4
=
this[
387
]
=
=
1
;
pPackage
=
sub_425300(
0x2000u
,
0
);
pPackage2
=
pPackage;
if
( !pPackage )
return
492
;
*
pPackage
=
0
;
sub_425E70(
"serial"
, this
+
4
, pPackage,
0x2000
);
sub_425F00(
"product_version_major"
, HIBYTE(dword_659510), pPackage2,
0x2000
);
sub_425F00(
"product_version_minor"
, BYTE2(dword_659510), pPackage2,
0x2000
);
sub_425F00(
"product_version_build"
, dword_659510, pPackage2,
0x2000
);
sub_425E70(
"user_name"
, this
+
260
, pPackage2,
0x2000
);
sub_425E70(
"user_org"
, this
+
516
, pPackage2,
0x2000
);
sub_425E70(
"user_email"
, this
+
772
, pPackage2,
0x2000
);
sub_425E70(
"prevserial"
, this
+
1028
, pPackage2,
0x2000
);
sub_425E70(
"upgradeserial"
, this
+
1284
, pPackage2,
0x2000
);
if
( v14 )
{
dwNumberOfProcessors
=
12
;
}
else
{
dwNumberOfProcessors
=
SystemInfo.dwNumberOfProcessors;
if
( SystemInfo.dwNumberOfProcessors
=
=
12
)
dwNumberOfProcessors
=
8
;
}
sub_425F00(
"cpu_count"
, dwNumberOfProcessors, pPackage2,
0x2000
);
if
(
*
this
=
=
3
)
sub_425E70(
"localactivation"
,
"true"
, pPackage2,
0x2000
);
else
sub_425E70(
"localactivation"
,
"false"
, pPackage2,
0x2000
);
sub_425E70(
"usersid"
, this
+
2412
, pPackage2,
0x2000
);
sub_425E70(
"volumeid"
, this
+
2156
, pPackage2,
0x2000
);
sub_425E70(
"compname"
, this
+
2668
, pPackage2,
0x2000
);
_itoa_s(this[
731
],
Buffer
,
0xFFu
,
10
);
sub_425E70(
"os_version_major"
,
Buffer
, pPackage2,
0x2000
);
_itoa_s(this[
732
],
Buffer
,
0xFFu
,
10
);
sub_425E70(
"os_version_minor"
,
Buffer
, pPackage2,
0x2000
);
_itoa_s(this[
733
],
Buffer
,
0xFFu
,
10
);
sub_425E70(
"os_version_build"
,
Buffer
, pPackage2,
0x2000
);
if
( this[
734
] )
sub_425E70(
"os_server"
,
"true"
, pPackage2,
0x2000
);
else
sub_425E70(
"os_server"
,
"false"
, pPackage2,
0x2000
);
sub_425E70(
"app_type"
,
"release"
, pPackage2,
0x2000
);
sub_514880(v11);
sub_425E70(
"requestid"
, v11, pPackage2,
0x2000
);
sub_5143E0(v11, v13);
sub_425E70(
"local_time"
, v13, pPackage2,
0x2000
);
if
( !v4 ||
*
(this
+
4
) )
v9
=
(sub_425860)(this[
535
],
1
, this[
0x218
], pPackage2, pBuffer, n_1FA0);
/
/
发送数据包
/
request_activation
/
else
v9
=
(sub_425860)(this[
535
],
1
, this[
0x219
], pPackage2, pBuffer, n_1FA0);
/
/
发送数据包
/
create_trial_license
/
v10
=
v9;
sub_412C90();
/
/
清理数据
sub_424E30(pPackage2);
/
/
释放缓冲区
result
=
v10;
switch ( v10 )
{
case
0x3E9
:
result
=
465
;
break
;
case
0x3EA
:
result
=
466
;
break
;
case
0x3EB
:
case
0x3EE
:
result
=
467
;
break
;
case
0x3EC
:
result
=
480
;
break
;
case
0x3ED
:
result
=
496
;
break
;
case
0x3EF
:
result
=
484
;
break
;
default:
return
result;
}
return
result;
}
int
__thiscall sub_515290(_DWORD
*
this, char
*
pBuffer,
int
n_1FA0)
{
BOOL
v4;
/
/
ebp
char
*
pPackage;
/
/
eax
char
*
pPackage2;
/
/
esi
int
result;
/
/
eax
int
dwNumberOfProcessors;
/
/
eax
int
v9;
/
/
eax
int
v10;
/
/
edi
char v11[
12
];
/
/
[esp
+
Ch] [ebp
-
20Ch
] BYREF
char
Buffer
[
256
];
/
/
[esp
+
18h
] [ebp
-
200h
] BYREF
char v13[
256
];
/
/
[esp
+
118h
] [ebp
-
100h
] BYREF
int
v14;
/
/
[esp
+
224h
] [ebp
+
Ch]
v4
=
this[
387
]
=
=
1
;
pPackage
=
sub_425300(
0x2000u
,
0
);
pPackage2
=
pPackage;
if
( !pPackage )
return
492
;
*
pPackage
=
0
;
sub_425E70(
"serial"
, this
+
4
, pPackage,
0x2000
);
sub_425F00(
"product_version_major"
, HIBYTE(dword_659510), pPackage2,
0x2000
);
sub_425F00(
"product_version_minor"
, BYTE2(dword_659510), pPackage2,
0x2000
);
sub_425F00(
"product_version_build"
, dword_659510, pPackage2,
0x2000
);
sub_425E70(
"user_name"
, this
+
260
, pPackage2,
0x2000
);
sub_425E70(
"user_org"
, this
+
516
, pPackage2,
0x2000
);
sub_425E70(
"user_email"
, this
+
772
, pPackage2,
0x2000
);
sub_425E70(
"prevserial"
, this
+
1028
, pPackage2,
0x2000
);
sub_425E70(
"upgradeserial"
, this
+
1284
, pPackage2,
0x2000
);
if
( v14 )
{
dwNumberOfProcessors
=
12
;
}
else
{
dwNumberOfProcessors
=
SystemInfo.dwNumberOfProcessors;
if
( SystemInfo.dwNumberOfProcessors
=
=
12
)
dwNumberOfProcessors
=
8
;
}
sub_425F00(
"cpu_count"
, dwNumberOfProcessors, pPackage2,
0x2000
);
if
(
*
this
=
=
3
)
sub_425E70(
"localactivation"
,
"true"
, pPackage2,
0x2000
);
else
sub_425E70(
"localactivation"
,
"false"
, pPackage2,
0x2000
);
sub_425E70(
"usersid"
, this
+
2412
, pPackage2,
0x2000
);
sub_425E70(
"volumeid"
, this
+
2156
, pPackage2,
0x2000
);
sub_425E70(
"compname"
, this
+
2668
, pPackage2,
0x2000
);
_itoa_s(this[
731
],
Buffer
,
0xFFu
,
10
);
sub_425E70(
"os_version_major"
,
Buffer
, pPackage2,
0x2000
);
_itoa_s(this[
732
],
Buffer
,
0xFFu
,
10
);
sub_425E70(
"os_version_minor"
,
Buffer
, pPackage2,
0x2000
);
_itoa_s(this[
733
],
Buffer
,
0xFFu
,
10
);
sub_425E70(
"os_version_build"
,
Buffer
, pPackage2,
0x2000
);
if
( this[
734
] )
sub_425E70(
"os_server"
,
"true"
, pPackage2,
0x2000
);
else
sub_425E70(
"os_server"
,
"false"
, pPackage2,
0x2000
);
sub_425E70(
"app_type"
,
"release"
, pPackage2,
0x2000
);
sub_514880(v11);
sub_425E70(
"requestid"
, v11, pPackage2,
0x2000
);
sub_5143E0(v11, v13);
sub_425E70(
"local_time"
, v13, pPackage2,
0x2000
);
if
( !v4 ||
*
(this
+
4
) )
v9
=
(sub_425860)(this[
535
],
1
, this[
0x218
], pPackage2, pBuffer, n_1FA0);
/
/
发送数据包
/
request_activation
/
else
v9
=
(sub_425860)(this[
535
],
1
, this[
0x219
], pPackage2, pBuffer, n_1FA0);
/
/
发送数据包
/
create_trial_license
/
v10
=
v9;
sub_412C90();
/
/
清理数据
sub_424E30(pPackage2);
/
/
释放缓冲区
result
=
v10;
switch ( v10 )
{
case
0x3E9
:
result
=
465
;
break
;
case
0x3EA
:
result
=
466
;
break
;
case
0x3EB
:
case
0x3EE
:
result
=
467
;
break
;
case
0x3EC
:
result
=
480
;
break
;
case
0x3ED
:
result
=
496
;
break
;
case
0x3EF
:
result
=
484
;
break
;
default:
return
result;
}
return
result;
}
int
__thiscall sub_5171D0(const CHAR
*
this,
int
a2)
{
int
result;
/
/
eax
int
v4;
/
/
[esp
+
4h
] [ebp
-
3FA4h
] BYREF
int
v5[
2024
];
/
/
[esp
+
8h
] [ebp
-
3FA0h
] BYREF
char
Str
[
8192
];
/
/
[esp
+
1FA8h
] [ebp
-
2000h
] BYREF
memset(
Str
,
0
, sizeof(
Str
));
result
=
sub_515290(this, v5,
0x1FA0
);
/
/
网络验证
if
( result
=
=
0xC8
)
{
if
( a2 )
{
if
( sub_514610(this
+
0x75C
, &v4,
0x1FA0
)
=
=
0xC8
)
sub_516FF0(this, &v4);
return
0xC8
;
}
else
{
/
/
网页验证完后,会进入这个分支。
sub_412990();
/
/
生成注册信息写到 FileHandle 为
3
的文件中。
if
( sub_425C80(&v4, &v5[
2023
],
0x2000u
) && strlen(&v5[
2023
]) >
=
8
)
/
/
v5 是服务器返回的东西。这里我们的 v5 是空的。
{
sub_516FF0(this, &
Str
[
4
]);
/
/
写注册表
return
sub_5148C0(this
+
0x75C
, &
Str
[
4
]);
/
/
写 si.lic 文件
}
else
{
return
0x1D0
;
/
/
修改返回值为 C8
}
}
}
return
result;
}
int
__thiscall sub_5171D0(const CHAR
*
this,
int
a2)
{
int
result;
/
/
eax
int
v4;
/
/
[esp
+
4h
] [ebp
-
3FA4h
] BYREF
int
v5[
2024
];
/
/
[esp
+
8h
] [ebp
-
3FA0h
] BYREF
char
Str
[
8192
];
/
/
[esp
+
1FA8h
] [ebp
-
2000h
] BYREF
memset(
Str
,
0
, sizeof(
Str
));
result
=
sub_515290(this, v5,
0x1FA0
);
/
/
网络验证
if
( result
=
=
0xC8
)
{
if
( a2 )
{
if
( sub_514610(this
+
0x75C
, &v4,
0x1FA0
)
=
=
0xC8
)
sub_516FF0(this, &v4);
return
0xC8
;
}
else
{
/
/
网页验证完后,会进入这个分支。
sub_412990();
/
/
生成注册信息写到 FileHandle 为
3
的文件中。
if
( sub_425C80(&v4, &v5[
2023
],
0x2000u
) && strlen(&v5[
2023
]) >
=
8
)
/
/
v5 是服务器返回的东西。这里我们的 v5 是空的。
{
sub_516FF0(this, &
Str
[
4
]);
/
/
写注册表
return
sub_5148C0(this
+
0x75C
, &
Str
[
4
]);
/
/
写 si.lic 文件
}
else
{
return
0x1D0
;
/
/
修改返回值为 C8
}
}
}
return
result;
}
00517282
| B8 C8000000 | mov eax,C8 |
00517282
| B8 C8000000 | mov eax,C8 |
005167D0
|
64
:A1
00000000
| mov eax,dword ptr fs:[
0
] | eax:&
"ActId"
005167D6
|
6A
FF | push FFFFFFFF |
005167D8
|
68
FB365D00 | push sourceinsight4.
5D36FB
|
005167DD
|
50
| push eax | eax:&
"ActId"
005167DE
|
64
:
8925
00000000
| mov dword ptr fs:[
0
],esp |
005167E5
|
81EC
10040000
| sub esp,
410
|
005167EB
|
53
| push ebx |
005167EC
|
56
| push esi |
005167ED
|
33DB
| xor ebx,ebx |
005167EF
|
57
| push edi |
005167F0
|
8BF1
| mov esi,ecx |
005167F2
|
33C0
| xor eax,eax | eax:&
"ActId"
005167F4
|
895C84
1C
| mov dword ptr ss:[esp
+
eax
*
4
+
1C
],ebx |
005167F8
|
899C84
1C020000
| mov dword ptr ss:[esp
+
eax
*
4
+
21C
],ebx |
005167FF
|
40
| inc eax | eax:&
"ActId"
00516800
|
3D
80000000
|
cmp
eax,
80
| eax:&
"ActId"
00516805
|
72
ED | jb sourceinsight4.
5167F4
|
00516807
|
899C24
24040000
| mov dword ptr ss:[esp
+
424
],ebx |
0051680E
|
8D4424
1C
| lea eax,dword ptr ss:[esp
+
1C
] |
00516812
|
50
| push eax | eax:&
"ActId"
00516813
|
8D8E
5C070000
| lea ecx,dword ptr ds:[esi
+
75C
] | esi
+
75C
:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
00516819
|
51
| push ecx |
0051681A
| E8
71E9FFFF
| call sourceinsight4.
515190
| 解释文件中数据,并保存。
0051681F
|
83C4
08
| add esp,
8
|
00516822
|
8D5424
0C
| lea edx,dword ptr ss:[esp
+
C] |
00516826
|
52
| push edx |
00516827
|
68
CCD05E00 | push sourceinsight4.
5ED0CC
|
5ED0CC
:
"Type"
0051682C
|
8D4C24
24
| lea ecx,dword ptr ss:[esp
+
24
] | [esp
+
24
]:
"ActId"
00516830
|
899E
0C060000
| mov dword ptr ds:[esi
+
60C
],ebx |
00516836
| E8
85DDFFFF
| call sourceinsight4.
5145C0
| 取出
Type
字段的值
0051683B
|
85C0
| test eax,eax | eax:&
"ActId"
0051683D
|
74
58
| je sourceinsight4.
516897
|
0051683F
|
8B7C24
0C
| mov edi,dword ptr ss:[esp
+
C] |
00516843
|
68
DCA25F00 | push sourceinsight4.
5FA2DC
|
5FA2DC
:
"Trial"
00516848
|
57
| push edi |
00516849
| E8 DCA50B00 | call sourceinsight4.
5D0E2A
| stricmp([
"Type"
],
"Trial"
)
0051684E
|
83C4
08
| add esp,
8
|
00516851
|
85C0
| test eax,eax | eax:&
"ActId"
00516853
|
75
0C
| jne sourceinsight4.
516861
|
00516855
| C786
0C060000
01000000
| mov dword ptr ds:[esi
+
60C
],
1
|
0051685F
| EB
36
| jmp sourceinsight4.
516897
|
00516861
|
68
8C616000
| push sourceinsight4.
60618C
|
60618C
:
"Beta"
00516866
|
57
| push edi |
00516867
| E8 BEA50B00 | call sourceinsight4.
5D0E2A
|
0051686C
|
83C4
08
| add esp,
8
|
0051686F
|
85C0
| test eax,eax | eax:&
"ActId"
00516871
|
75
0C
| jne sourceinsight4.
51687F
|
00516873
| C786
0C060000
03000000
| mov dword ptr ds:[esi
+
60C
],
3
|
0051687D
| EB
18
| jmp sourceinsight4.
516897
|
0051687F
|
68
80616000
| push sourceinsight4.
606180
|
606180
:
"Standard"
00516884
|
57
| push edi |
00516885
| E8 A0A50B00 | call sourceinsight4.
5D0E2A
|
0051688A
|
83C4
08
| add esp,
8
|
0051688D
|
85C0
| test eax,eax | eax:&
"ActId"
0051688F
|
75
06
| jne sourceinsight4.
516897
|
00516891
|
899E
0C060000
| mov dword ptr ds:[esi
+
60C
],ebx |
00516897
|
8D4424
0C
| lea eax,dword ptr ss:[esp
+
C] |
0051689B
|
50
| push eax | eax:&
"ActId"
0051689C
|
68
D0656000 | push sourceinsight4.
6065D0
|
6065D0
:
"LicensedUser"
005168A1
|
8D4C24
24
| lea ecx,dword ptr ss:[esp
+
24
] | [esp
+
24
]:
"ActId"
005168A5
| E8
16DDFFFF
| call sourceinsight4.
5145C0
| 取出 [
"LicensedUser"
] 的值
005168AA
|
85C0
| test eax,eax | eax:&
"ActId"
005168AC
|
0F84
36030000
| je sourceinsight4.
516BE8
|
005168B2
|
8B4C24
0C
| mov ecx,dword ptr ss:[esp
+
C] |
005168B6
|
51
| push ecx |
005168B7
|
8D96
04010000
| lea edx,dword ptr ds:[esi
+
104
] |
005168BD
|
52
| push edx |
005168BE
| E8 BD4E0A00 | call sourceinsight4.
5BB780
| strcpy(edx, [
"LicensedUser"
])
005168C3
|
83C4
08
| add esp,
8
|
005168C6
|
8D4424
0C
| lea eax,dword ptr ss:[esp
+
C] |
005168CA
|
50
| push eax | eax:&
"ActId"
005168CB
|
68
C0656000 | push sourceinsight4.
6065C0
|
6065C0
:
"Organization"
005168D0
|
8D4C24
24
| lea ecx,dword ptr ss:[esp
+
24
] | [esp
+
24
]:
"ActId"
005168D4
| E8 E7DCFFFF | call sourceinsight4.
5145C0
| 取出 [
"Organization"
] 的值
005168D9
|
85C0
| test eax,eax | eax:&
"ActId"
005168DB
|
74
14
| je sourceinsight4.
5168F1
|
005168DD
|
8B4C24
0C
| mov ecx,dword ptr ss:[esp
+
C] |
005168E1
|
51
| push ecx |
005168E2
|
8D96
04020000
| lea edx,dword ptr ds:[esi
+
204
] |
005168E8
|
52
| push edx |
005168E9
| E8
924E0A00
| call sourceinsight4.
5BB780
| strcpy(edx, [
"Organization"
])
005168EE
|
83C4
08
| add esp,
8
|
005168F1
|
8D4424
0C
| lea eax,dword ptr ss:[esp
+
C] |
005168F5
|
50
| push eax | eax:&
"ActId"
005168F6
|
68
B8656000 | push sourceinsight4.
6065B8
|
6065B8
:
"Email"
005168FB
|
8D4C24
24
| lea ecx,dword ptr ss:[esp
+
24
] | [esp
+
24
]:
"ActId"
005168FF
| E8 BCDCFFFF | call sourceinsight4.
5145C0
| 取出 [
"Email"
] 的值
00516904
|
85C0
| test eax,eax | eax:&
"ActId"
00516906
|
74
14
| je sourceinsight4.
51691C
|
00516908
|
8B4C24
0C
| mov ecx,dword ptr ss:[esp
+
C] |
0051690C
|
51
| push ecx |
0051690D
|
8D96
04030000
| lea edx,dword ptr ds:[esi
+
304
] |
00516913
|
52
| push edx |
00516914
| E8
674E0A00
| call sourceinsight4.
5BB780
| strcpy(edx, [
"Email"
])
00516919
|
83C4
08
| add esp,
8
|
0051691C
|
8D4424
0C
| lea eax,dword ptr ss:[esp
+
C] |
00516920
|
50
| push eax | eax:&
"ActId"
00516921
|
68
B0656000 | push sourceinsight4.
6065B0
|
6065B0
:
"Serial"
00516926
|
8D4C24
24
| lea ecx,dword ptr ss:[esp
+
24
] | [esp
+
24
]:
"ActId"
0051692A
| E8
91DCFFFF
| call sourceinsight4.
5145C0
| 取出 [
"Serial"
] 的值
0051692F
|
85C0
| test eax,eax | eax:&
"ActId"
00516931
|
0F84
B1020000 | je sourceinsight4.
516BE8
|
00516937
|
8B4C24
0C
| mov ecx,dword ptr ss:[esp
+
C] |
0051693B
|
55
| push ebp |
0051693C
|
51
| push ecx |
0051693D
|
8D6E
04
| lea ebp,dword ptr ds:[esi
+
4
] |
00516940
|
55
| push ebp |
00516941
| E8
3A4E0A00
| call sourceinsight4.
5BB780
| strcpy(edx, [
"Serial"
])
00516946
|
83C4
08
| add esp,
8
|
00516949
|
8D5424
10
| lea edx,dword ptr ss:[esp
+
10
] |
0051694D
|
52
| push edx |
0051694E
|
68
A8656000 | push sourceinsight4.
6065A8
|
6065A8
:
"ActId"
00516953
|
8D4C24
28
| lea ecx,dword ptr ss:[esp
+
28
] | [esp
+
28
]:
"Serial"
00516957
| E8
64DCFFFF
| call sourceinsight4.
5145C0
| 取出 [
"ActId"
] 的值
0051695C
|
85C0
| test eax,eax | eax:&
"ActId"
0051695E
|
0F84
66020000
| je sourceinsight4.
516BCA
|
00516964
|
8B4424
10
| mov eax,dword ptr ss:[esp
+
10
] |
00516968
|
50
| push eax | eax:&
"ActId"
00516969
|
8DBE
3A060000
| lea edi,dword ptr ds:[esi
+
63A
] |
0051696F
|
57
| push edi |
00516970
| E8
0B4E0A00
| call sourceinsight4.
5BB780
| strcpy(edx, [
"ActId"
])
00516975
|
68
7F1B0000
| push
1B7F
|
0051697A
|
6A
32
| push
32
|
0051697C
|
6A
04
| push
4
|
0051697E
|
68
701A6500
| push sourceinsight4.
651A70
|
00516983
|
57
| push edi |
00516984
| E8 E7CBEEFF | call sourceinsight4.
403570
| 检查 [
"ActId"
] 的值
00516989
|
33C9
| xor ecx,ecx |
0051698B
|
3BC3
|
cmp
eax,ebx | eax:&
"ActId"
0051698D
|
0F9FC1
| setg cl |
00516990
|
68
9C656000
| push sourceinsight4.
60659C
|
60659C
:
"Deferred"
00516995
|
57
| push edi |
00516996
|
8BD9
| mov ebx,ecx |
00516998
| E8
8DA40B00
| call sourceinsight4.
5D0E2A
| stricmp([
"ActId"
],
"Deferred"
)
0051699D
|
83C4
24
| add esp,
24
|
005169A0
|
85C0
| test eax,eax | eax:&
"ActId"
005169A2
|
75
38
| jne sourceinsight4.
5169DC
|
005169A4
| C706
02000000
| mov dword ptr ds:[esi],
2
|
005169AA
| C78424
28040000
FFFFFF | mov dword ptr ss:[esp
+
428
],FFFFFFFF |
005169B5
|
8D4C24
20
| lea ecx,dword ptr ss:[esp
+
20
] |
005169B9
| E8
22DBFFFF
| call sourceinsight4.
5144E0
| 释放掉保存的文件数据
005169BE
| B8 C8000000 | mov eax,C8 | eax:&
"ActId"
005169C3
|
5D
| pop ebp |
005169C4
|
5F
| pop edi |
005169C5
|
5E
| pop esi |
005169C6
|
5B
| pop ebx |
005169C7
|
8B8C24
10040000
| mov ecx,dword ptr ss:[esp
+
410
] |
005169CE
|
64
:
890D
00000000
| mov dword ptr fs:[
0
],ecx |
005169D5
|
81C4
1C040000
| add esp,
41C
|
005169DB
| C3 | ret |
005169DC
|
33D2
| xor edx,edx |
005169DE
|
85DB
| test ebx,ebx |
005169E0
|
0F94C2
| sete dl |
005169E3
|
8D4424
14
| lea eax,dword ptr ss:[esp
+
14
] |
005169E7
|
8D4C24
18
| lea ecx,dword ptr ss:[esp
+
18
] |
005169EB
|
52
| push edx |
005169EC
|
50
| push eax | eax:&
"ActId"
005169ED
|
51
| push ecx |
005169EE
|
8D5424
28
| lea edx,dword ptr ss:[esp
+
28
] | [esp
+
28
]:
"Serial"
005169F2
|
52
| push edx |
005169F3
|
55
| push ebp |
005169F4
| E8 A7E1FFFF | call sourceinsight4.
514BA0
| 检查 [
"Serial"
]
005169F9
|
83C4
14
| add esp,
14
|
005169FC
|
85C0
| test eax,eax | eax:&
"ActId"
005169FE
|
74
0C
| je sourceinsight4.
516A0C
|
00516A00
|
8B4424
18
| mov eax,dword ptr ss:[esp
+
18
] |
00516A04
|
3B86
0C060000
|
cmp
eax,dword ptr ds:[esi
+
60C
] | eax:&
"ActId"
00516A0A
|
74
1B
| je sourceinsight4.
516A27
|
00516A0C
| C78424
28040000
FFFFFF | mov dword ptr ss:[esp
+
428
],FFFFFFFF |
00516A17
|
8D4C24
20
| lea ecx,dword ptr ss:[esp
+
20
] |
00516A1B
| E8 C0DAFFFF | call sourceinsight4.
5144E0
|
00516A20
| B8 EF010000 | mov eax,
1EF
| eax:&
"ActId"
00516A25
| EB
9C
| jmp sourceinsight4.
5169C3
|
00516A27
|
0FB60D
13956500
| movzx ecx,byte ptr ds:[
659513
] |
00516A2E
|
8B7C24
14
| mov edi,dword ptr ss:[esp
+
14
] |
00516A32
|
3BF9
|
cmp
edi,ecx |
00516A34
|
0F85
BA000000 | jne sourceinsight4.
516AF4
|
00516A3A
|
55
| push ebp |
00516A3B
| B9
40846600
| mov ecx,sourceinsight4.
668440
|
00516A40
| E8 CB6FF4FF | call sourceinsight4.
45DA10
|
00516A45
|
85C0
| test eax,eax | eax:&
"ActId"
00516A47
|
74
1E
| je sourceinsight4.
516A67
|
00516A49
| C78424
28040000
FFFFFF | mov dword ptr ss:[esp
+
428
],FFFFFFFF |
00516A54
|
8D4C24
20
| lea ecx,dword ptr ss:[esp
+
20
] |
00516A58
| E8
83DAFFFF
| call sourceinsight4.
5144E0
|
00516A5D
| B8 CC010000 | mov eax,
1CC
| eax:&
"ActId"
00516A62
| E9
5CFFFFFF
| jmp sourceinsight4.
5169C3
|
00516A67
|
85DB
| test ebx,ebx |
00516A69
|
75
37
| jne sourceinsight4.
516AA2
|
00516A6B
|
8D5424
10
| lea edx,dword ptr ss:[esp
+
10
] |
00516A6F
|
52
| push edx |
00516A70
|
68
94656000
| push sourceinsight4.
606594
|
606594
:
"HWID"
00516A75
|
8D4C24
28
| lea ecx,dword ptr ss:[esp
+
28
] | [esp
+
28
]:
"Serial"
00516A79
| C706
01000000
| mov dword ptr ds:[esi],
1
|
00516A7F
| E8
3CDBFFFF
| call sourceinsight4.
5145C0
|
00516A84
|
85C0
| test eax,eax | eax:&
"ActId"
00516A86
|
0F84
3E010000
| je sourceinsight4.
516BCA
|
00516A8C
|
8B4424
10
| mov eax,dword ptr ss:[esp
+
10
] |
00516A90
|
50
| push eax | eax:&
"ActId"
00516A91
|
8D8E
28060000
| lea ecx,dword ptr ds:[esi
+
628
] |
00516A97
|
51
| push ecx |
00516A98
| E8 E34C0A00 | call sourceinsight4.
5BB780
|
00516A9D
|
83C4
08
| add esp,
8
|
00516AA0
| EB
06
| jmp sourceinsight4.
516AA8
|
00516AA2
| C706
03000000
| mov dword ptr ds:[esi],
3
|
00516AA8
|
8D5424
10
| lea edx,dword ptr ss:[esp
+
10
] |
00516AAC
|
52
| push edx |
00516AAD
|
68
10AC5D00
| push sourceinsight4.
5DAC10
|
5DAC10
:
"Version"
00516AB2
|
8D4C24
28
| lea ecx,dword ptr ss:[esp
+
28
] | [esp
+
28
]:
"Serial"
00516AB6
| E8
05DBFFFF
| call sourceinsight4.
5145C0
| 取出 [
"Version"
] 的值
00516ABB
|
85C0
| test eax,eax | eax:&
"ActId"
00516ABD
|
0F84
07010000
| je sourceinsight4.
516BCA
|
00516AC3
|
8B4424
10
| mov eax,dword ptr ss:[esp
+
10
] |
00516AC7
|
8A00
| mov al,byte ptr ds:[eax] | eax:&
"ActId"
00516AC9
|
3C
30
|
cmp
al,
30
|
30
:
'0'
00516ACB
|
0F8C
F9000000 | jl sourceinsight4.
516BCA
|
00516AD1
|
3C
39
|
cmp
al,
39
|
39
:
'9'
00516AD3
|
0F8F
F1000000 | jg sourceinsight4.
516BCA
|
00516AD9
|
0FBEC0
| movsx eax,al | eax:&
"ActId"
00516ADC
|
83C0
D0 | add eax,FFFFFFD0 | eax:&
"ActId"
00516ADF
|
8986
04060000
| mov dword ptr ds:[esi
+
604
],eax | eax:&
"ActId"
00516AE5
|
0FB60D
13956500
| movzx ecx,byte ptr ds:[
659513
] |
00516AEC
|
3BC1
|
cmp
eax,ecx | eax:&
"ActId"
00516AEE
|
75
04
| jne sourceinsight4.
516AF4
|
00516AF0
|
3BC7
|
cmp
eax,edi | eax:&
"ActId"
00516AF2
|
74
1E
| je sourceinsight4.
516B12
|
00516AF4
| C78424
28040000
FFFFFF | mov dword ptr ss:[esp
+
428
],FFFFFFFF |
00516AFF
|
8D4C24
20
| lea ecx,dword ptr ss:[esp
+
20
] |
00516B03
| E8 D8D9FFFF | call sourceinsight4.
5144E0
|
00516B08
| B8 EA010000 | mov eax,
1EA
| eax:&
"ActId"
00516B0D
| E9 B1FEFFFF | jmp sourceinsight4.
5169C3
|
00516B12
|
8D5424
10
| lea edx,dword ptr ss:[esp
+
10
] |
00516B16
|
33DB
| xor ebx,ebx |
00516B18
|
52
| push edx |
00516B19
|
68
88656000
| push sourceinsight4.
606588
|
606588
:
"Expiration"
00516B1E
|
8D4C24
28
| lea ecx,dword ptr ss:[esp
+
28
] | [esp
+
28
]:
"Serial"
00516B22
|
899E
18060000
| mov dword ptr ds:[esi
+
618
],ebx |
00516B28
|
899E
14060000
| mov dword ptr ds:[esi
+
614
],ebx |
00516B2E
|
899E
10060000
| mov dword ptr ds:[esi
+
610
],ebx |
00516B34
| E8
87DAFFFF
| call sourceinsight4.
5145C0
| 取出 [
"Expiration"
] 的值
00516B39
|
85C0
| test eax,eax | eax:&
"ActId"
00516B3B
|
74
1F
| je sourceinsight4.
516B5C
|
00516B3D
|
8B4424
10
| mov eax,dword ptr ss:[esp
+
10
] |
00516B41
|
50
| push eax | eax:&
"ActId"
00516B42
|
8D8E
10060000
| lea ecx,dword ptr ds:[esi
+
610
] |
00516B48
| E8 E394F3FF | call sourceinsight4.
450030
|
00516B4D
|
8D8E
10060000
| lea ecx,dword ptr ds:[esi
+
610
] |
00516B53
| E8
8881F3FF
| call sourceinsight4.
44ECE0
|
00516B58
|
85C0
| test eax,eax | eax:&
"ActId"
00516B5A
|
74
50
| je sourceinsight4.
516BAC
|
00516B5C
|
8D4C24
10
| lea ecx,dword ptr ss:[esp
+
10
] |
00516B60
|
51
| push ecx |
00516B61
|
68
D8A65E00 | push sourceinsight4.
5EA6D8
|
5EA6D8
:
"Date"
00516B66
|
8D4C24
28
| lea ecx,dword ptr ss:[esp
+
28
] | [esp
+
28
]:
"Serial"
00516B6A
|
899E
24060000
| mov dword ptr ds:[esi
+
624
],ebx |
00516B70
|
899E
20060000
| mov dword ptr ds:[esi
+
620
],ebx |
00516B76
|
899E
1C060000
| mov dword ptr ds:[esi
+
61C
],ebx |
00516B7C
| E8
3FDAFFFF
| call sourceinsight4.
5145C0
| 取出 [
"Date"
] 的值
00516B81
|
85C0
| test eax,eax | eax:&
"ActId"
00516B83
|
0F84
21FEFFFF
| je sourceinsight4.
5169AA
|
00516B89
|
8B5424
10
| mov edx,dword ptr ss:[esp
+
10
] |
00516B8D
|
52
| push edx |
00516B8E
|
8D8E
1C060000
| lea ecx,dword ptr ds:[esi
+
61C
] |
00516B94
| E8
9794F3FF
| call sourceinsight4.
450030
| 检查日期的有效性
00516B99
|
8D8E
1C060000
| lea ecx,dword ptr ds:[esi
+
61C
] |
00516B9F
| E8
3C81F3FF
| call sourceinsight4.
44ECE0
|
00516BA4
|
85C0
| test eax,eax | 检查年、月、日的有效性
00516BA6
|
0F85
FEFDFFFF | jne sourceinsight4.
5169AA
|
00516BAC
| C78424
28040000
FFFFFF | mov dword ptr ss:[esp
+
428
],FFFFFFFF |
00516BB7
|
8D4C24
20
| lea ecx,dword ptr ss:[esp
+
20
] |
00516BBB
| E8
20D9FFFF
| call sourceinsight4.
5144E0
|
00516BC0
| B8 E3010000 | mov eax,
1E3
| eax:&
"ActId"
00516BC5
| E9 F9FDFFFF | jmp sourceinsight4.
5169C3
|
00516BCA
| C78424
28040000
FFFFFF | mov dword ptr ss:[esp
+
428
],FFFFFFFF |
00516BD5
|
8D4C24
20
| lea ecx,dword ptr ss:[esp
+
20
] |
00516BD9
| E8
02D9FFFF
| call sourceinsight4.
5144E0
|
00516BDE
| B8 D5010000 | mov eax,
1D5
| eax:&
"ActId"
00516BE3
| E9 DBFDFFFF | jmp sourceinsight4.
5169C3
|
00516BE8
| C78424
24040000
FFFFFF | mov dword ptr ss:[esp
+
424
],FFFFFFFF |
00516BF3
|
8D4C24
1C
| lea ecx,dword ptr ss:[esp
+
1C
] |
00516BF7
| E8 E4D8FFFF | call sourceinsight4.
5144E0
|
00516BFC
|
8B8C24
1C040000
| mov ecx,dword ptr ss:[esp
+
41C
] |
00516C03
|
5F
| pop edi |
00516C04
|
5E
| pop esi |
00516C05
| B8 D5010000 | mov eax,
1D5
| eax:&
"ActId"
00516C0A
|
5B
| pop ebx |
00516C0B
|
64
:
890D
00000000
| mov dword ptr fs:[
0
],ecx |
00516C12
|
81C4
1C040000
| add esp,
41C
|
00516C18
| C3 | ret |
005167D0
|
64
:A1
00000000
| mov eax,dword ptr fs:[
0
] | eax:&
"ActId"
005167D6
|
6A
FF | push FFFFFFFF |
005167D8
|
68
FB365D00 | push sourceinsight4.
5D36FB
|
005167DD
|
50
| push eax | eax:&
"ActId"
005167DE
|
64
:
8925
00000000
| mov dword ptr fs:[
0
],esp |
005167E5
|
81EC
10040000
| sub esp,
410
|
005167EB
|
53
| push ebx |
005167EC
|
56
| push esi |
005167ED
|
33DB
| xor ebx,ebx |
005167EF
|
57
| push edi |
005167F0
|
8BF1
| mov esi,ecx |
005167F2
|
33C0
| xor eax,eax | eax:&
"ActId"
005167F4
|
895C84
1C
| mov dword ptr ss:[esp
+
eax
*
4
+
1C
],ebx |
005167F8
|
899C84
1C020000
| mov dword ptr ss:[esp
+
eax
*
4
+
21C
],ebx |
005167FF
|
40
| inc eax | eax:&
"ActId"
00516800
|
3D
80000000
|
cmp
eax,
80
| eax:&
"ActId"
00516805
|
72
ED | jb sourceinsight4.
5167F4
|
00516807
|
899C24
24040000
| mov dword ptr ss:[esp
+
424
],ebx |
0051680E
|
8D4424
1C
| lea eax,dword ptr ss:[esp
+
1C
] |
00516812
|
50
| push eax | eax:&
"ActId"
00516813
|
8D8E
5C070000
| lea ecx,dword ptr ds:[esi
+
75C
] | esi
+
75C
:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
00516819
|
51
| push ecx |
0051681A
| E8
71E9FFFF
| call sourceinsight4.
515190
| 解释文件中数据,并保存。
0051681F
|
83C4
08
| add esp,
8
|
00516822
|
8D5424
0C
| lea edx,dword ptr ss:[esp
+
C] |
00516826
|
52
| push edx |
00516827
|
68
CCD05E00 | push sourceinsight4.
5ED0CC
|
5ED0CC
:
"Type"
0051682C
|
8D4C24
24
| lea ecx,dword ptr ss:[esp
+
24
] | [esp
+
24
]:
"ActId"
00516830
|
899E
0C060000
| mov dword ptr ds:[esi
+
60C
],ebx |
00516836
| E8
85DDFFFF
| call sourceinsight4.
5145C0
| 取出
Type
字段的值
0051683B
|
85C0
| test eax,eax | eax:&
"ActId"
0051683D
|
74
58
| je sourceinsight4.
516897
|
0051683F
|
8B7C24
0C
| mov edi,dword ptr ss:[esp
+
C] |
00516843
|
68
DCA25F00 | push sourceinsight4.
5FA2DC
|
5FA2DC
:
"Trial"
00516848
|
57
| push edi |
00516849
| E8 DCA50B00 | call sourceinsight4.
5D0E2A
| stricmp([
"Type"
],
"Trial"
)
0051684E
|
83C4
08
| add esp,
8
|
00516851
|
85C0
| test eax,eax | eax:&
"ActId"
00516853
|
75
0C
| jne sourceinsight4.
516861
|
00516855
| C786
0C060000
01000000
| mov dword ptr ds:[esi
+
60C
],
1
|
0051685F
| EB
36
| jmp sourceinsight4.
516897
|
00516861
|
68
8C616000
| push sourceinsight4.
60618C
|
60618C
:
"Beta"
00516866
|
57
| push edi |
00516867
| E8 BEA50B00 | call sourceinsight4.
5D0E2A
|
0051686C
|
83C4
08
| add esp,
8
|
0051686F
|
85C0
| test eax,eax | eax:&
"ActId"
00516871
|
75
0C
| jne sourceinsight4.
51687F
|
00516873
| C786
0C060000
03000000
| mov dword ptr ds:[esi
+
60C
],
3
|
0051687D
| EB
18
| jmp sourceinsight4.
516897
|
0051687F
|
68
80616000
| push sourceinsight4.
606180
|
606180
:
"Standard"
00516884
|
57
| push edi |
00516885
| E8 A0A50B00 | call sourceinsight4.
5D0E2A
|
0051688A
|
83C4
08
| add esp,
8
|
0051688D
|
85C0
| test eax,eax | eax:&
"ActId"
0051688F
|
75
06
| jne sourceinsight4.
516897
|
00516891
|
899E
0C060000
| mov dword ptr ds:[esi
+
60C
],ebx |
00516897
|
8D4424
0C
| lea eax,dword ptr ss:[esp
+
C] |
0051689B
|
50
| push eax | eax:&
"ActId"
0051689C
|
68
D0656000 | push sourceinsight4.
6065D0
|
6065D0
:
"LicensedUser"
005168A1
|
8D4C24
24
| lea ecx,dword ptr ss:[esp
+
24
] | [esp
+
24
]:
"ActId"
005168A5
| E8
16DDFFFF
| call sourceinsight4.
5145C0
| 取出 [
"LicensedUser"
] 的值
005168AA
|
85C0
| test eax,eax | eax:&
"ActId"
005168AC
|
0F84
36030000
| je sourceinsight4.
516BE8
|
005168B2
|
8B4C24
0C
| mov ecx,dword ptr ss:[esp
+
C] |
005168B6
|
51
| push ecx |
005168B7
|
8D96
04010000
| lea edx,dword ptr ds:[esi
+
104
] |
005168BD
|
52
| push edx |
005168BE
| E8 BD4E0A00 | call sourceinsight4.
5BB780
| strcpy(edx, [
"LicensedUser"
])
005168C3
|
83C4
08
| add esp,
8
|
005168C6
|
8D4424
0C
| lea eax,dword ptr ss:[esp
+
C] |
005168CA
|
50
| push eax | eax:&
"ActId"
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!