版本:Source Insight 4.00.0128
关闭随机基址,方便分析。
使用 Spy++ 工具查看输入框控制的属性,根据控制句柄在 GetWindowsTextW()
函数下条件断点。
截获到输入的序列号后,使用 IDA 分析。
序列号检验的函数
软件有提示序列号格式:S4XX-XXXX-XXXX-XXXX
Serial[0] = 'S'
Serial[1] = ‘4’
Serial[2] = ‘T’/‘B’/‘S’/‘U’
Serial[3] = ‘G’,不能是 ‘R’
Serial[6] = ‘R’/‘G’/‘D’/‘F’
这里我们伪造一个序列号:S4SG-ARCD-EFGH-XXXX,后四位可由 sub_514370()
函数生成。
生成后四位的算法
根据算法写注册机
生成的后四位为:”36V6”,最后序列号为:“S4SG-ARCD-EFGH-36V6”。
输入序列号后,填写信息,然后会出现提示信息 "Now activating your license... Please wait...",打开 Fiddler 抓包,发现有发送 HTTP 请求,在 HttpSendRequestW()
函数下断点,发现会调用 HttpQueryInfo()
函数获取返回值的状态码,并判断状态码是否为 200 。但是返回的状态码为 460,所以网络验证不通过,这里可以通过修改指令直接跳过 HttpQueryInfo()
函数,直接给用来判断的变量赋值为 200。这里我们不做修改,因为后面可以通过签名文件实现离线注册。
网页验证通过后,会写注册表和 C:\ProgramData\Source Insight\4.0\si4.lic 文件。
校验 si.lic 文件有三部分:
以下是主要函数:
这个函数返回 0xC8 就表示通过。
校验 Signature 字段就是读取 si.lic 文件中 Signature
块之前的所有字符,去除掉空格和换行后,通过 00402FF0() 函数生成二进制签名数据,然后对 Signature 块中 Value 字段的字符串进行 Base64 解码,生成二进制签名数据。最后比较这两个签名数据是否相同,相同则返回 0xC8。
生成二进制签名数据的函数:
LicenseProperties 块中的 ActId 字段的前四个字符是要和 ActId 表中的各个 ActId 进行比较的,只比较 4 个字符。
ActId 表的内容:
ActId 字段剩余的字符是通过 C 盘的卷 ID 和 Process Token Sid 和计算机名称拼接而成字符串,再通过 00402FF0() 函数生成四个字节的校验码,最后转换为十进制的字符串而生成的。
获取 C 盘卷 ID 的函数
获取 Process Token Sid 的函数
获取计算机名称的函数
拼接 C 盘的卷Id、token、电脑名,生成校验码的函数
通过上述的注册函数的逆向,我们已经知道了 si,lic 文件是如何生成的了。我们可以按照 si,lic 的检验规则写出生成 si,lic 的注册机。然后通过注册机生成的 si.lic 文件实现离线注册。
具体实现代码:
注册通过:
生成 si.lic 文件
代码和工具下载:SourceInsight4 · Boaster/Crack - 码云 - 开源中国 (gitee.com)
参考: https://bbs.kanxue.com/thread-261478.htm#msg_header_h2_4
Source Insight4 破解-软件逆向-看雪-安全社区|安全招聘|kanxue.com
BOOL
__cdecl sub_514BA0(char
*
szSerial, void
*
ArgcList_608, void
*
ArgcList_60C, void
*
ArgcList_604,
int
n_1)
{
char v5;
/
/
al
char v6;
/
/
al
char v7;
/
/
al
char v8;
/
/
al
int
v10;
/
/
[esp
+
4h
] [ebp
-
18h
] BYREF
char Destination[
20
];
/
/
[esp
+
8h
] [ebp
-
14h
] BYREF
_strupr(szSerial);
if
( strlen(szSerial) !
=
19
)
return
0
;
if
( szSerial[
4
] !
=
'-'
)
return
0
;
if
( szSerial[
9
] !
=
'-'
)
return
0
;
if
( szSerial[
14
] !
=
'-'
)
return
0
;
if
(
*
szSerial !
=
'S'
)
return
0
;
if
( n_1 )
{
v5
=
szSerial[
6
];
if
( v5 !
=
'R'
&& v5 !
=
'G'
&& v5 !
=
'D'
&& v5 !
=
'F'
)
return
0
;
}
v6
=
szSerial[
1
];
if
( v6 <
'0'
|| v6 >
'9'
)
return
0
;
*
ArgcList_604
=
v6
-
'0'
;
/
/
*
ArgcList_604
=
szSerial[
1
]
-
'0'
;
v7
=
szSerial[
2
];
switch ( v7 )
/
/
*
ArgcList_604
=
[
1
3
0
0
]
{
case
'T'
:
*
ArgcList_60C
=
1
;
break
;
case
'B'
:
*
ArgcList_60C
=
3
;
break
;
case
'S'
:
*
ArgcList_60C
=
0
;
break
;
case
'U'
:
*
ArgcList_60C
=
0
;
break
;
default:
return
0
;
}
v8
=
szSerial[
3
];
if
( v8
=
=
'G'
)
{
*
ArgcList_608
=
1
;
}
else
{
if
( v8 !
=
'R'
)
return
0
;
*
ArgcList_608
=
0
;
}
if
( !n_1 )
return
1
;
strcpy(Destination, szSerial);
Destination[
15
]
=
0
;
sub_514370(Destination,
15
, &unk_604F70, &v10);
/
/
根据序列号的前
15
位生成后四位
return
*
(szSerial
+
15
)
=
=
v10;
/
/
判断生成的后四位和序列号中的后四位是否相等。
}
BOOL
__cdecl sub_514BA0(char
*
szSerial, void
*
ArgcList_608, void
*
ArgcList_60C, void
*
ArgcList_604,
int
n_1)
{
char v5;
/
/
al
char v6;
/
/
al
char v7;
/
/
al
char v8;
/
/
al
int
v10;
/
/
[esp
+
4h
] [ebp
-
18h
] BYREF
char Destination[
20
];
/
/
[esp
+
8h
] [ebp
-
14h
] BYREF
_strupr(szSerial);
if
( strlen(szSerial) !
=
19
)
return
0
;
if
( szSerial[
4
] !
=
'-'
)
return
0
;
if
( szSerial[
9
] !
=
'-'
)
return
0
;
if
( szSerial[
14
] !
=
'-'
)
return
0
;
if
(
*
szSerial !
=
'S'
)
return
0
;
if
( n_1 )
{
v5
=
szSerial[
6
];
if
( v5 !
=
'R'
&& v5 !
=
'G'
&& v5 !
=
'D'
&& v5 !
=
'F'
)
return
0
;
}
v6
=
szSerial[
1
];
if
( v6 <
'0'
|| v6 >
'9'
)
return
0
;
*
ArgcList_604
=
v6
-
'0'
;
/
/
*
ArgcList_604
=
szSerial[
1
]
-
'0'
;
v7
=
szSerial[
2
];
switch ( v7 )
/
/
*
ArgcList_604
=
[
1
3
0
0
]
{
case
'T'
:
*
ArgcList_60C
=
1
;
break
;
case
'B'
:
*
ArgcList_60C
=
3
;
break
;
case
'S'
:
*
ArgcList_60C
=
0
;
break
;
case
'U'
:
*
ArgcList_60C
=
0
;
break
;
default:
return
0
;
}
v8
=
szSerial[
3
];
if
( v8
=
=
'G'
)
{
*
ArgcList_608
=
1
;
}
else
{
if
( v8 !
=
'R'
)
return
0
;
*
ArgcList_608
=
0
;
}
if
( !n_1 )
return
1
;
strcpy(Destination, szSerial);
Destination[
15
]
=
0
;
sub_514370(Destination,
15
, &unk_604F70, &v10);
/
/
根据序列号的前
15
位生成后四位
return
*
(szSerial
+
15
)
=
=
v10;
/
/
判断生成的后四位和序列号中的后四位是否相等。
}
int
__cdecl sub_514370(_BYTE
*
szSerial, unsigned
int
nSerialLength, char
*
pTable,
int
nResult)
{
unsigned
int
i;
/
/
esi
unsigned __int8 v5;
/
/
cl
unsigned
int
j;
/
/
eax
int
result;
/
/
eax
for
( i
=
0
; i <
4
;
*
(i
+
nResult
-
1
)
=
byte_604E50[v5
%
26
] )
{
v5
=
pTable[(i
+
*
szSerial)];
for
( j
=
1
; j < nSerialLength;
+
+
j )
v5
=
pTable[v5 ^ szSerial[j]];
result
=
nResult;
+
+
i;
}
return
result;
}
int
__cdecl sub_514370(_BYTE
*
szSerial, unsigned
int
nSerialLength, char
*
pTable,
int
nResult)
{
unsigned
int
i;
/
/
esi
unsigned __int8 v5;
/
/
cl
unsigned
int
j;
/
/
eax
int
result;
/
/
eax
for
( i
=
0
; i <
4
;
*
(i
+
nResult
-
1
)
=
byte_604E50[v5
%
26
] )
{
v5
=
pTable[(i
+
*
szSerial)];
for
( j
=
1
; j < nSerialLength;
+
+
j )
v5
=
pTable[v5 ^ szSerial[j]];
result
=
nResult;
+
+
i;
}
return
result;
}
unsigned char g_szAlphabetTable[]
=
{
0x4B
,
0x56
,
0x39
,
0x36
,
0x47
,
0x4D
,
0x4A
,
0x59
,
0x48
,
0x37
,
0x51
,
0x46
,
0x35
,
0x54
,
0x43
,
0x57
,
0x34
,
0x55
,
0x33
,
0x58
,
0x5A
,
0x50
,
0x52
,
0x53
,
0x44
,
0x4E
,
0x00
};
int
__cdecl sub_514370(char
*
szSerial, unsigned
int
nSerialLength, char
*
pTable, char
*
pLastFourCharacters)
{
unsigned
int
i;
/
/
esi
unsigned __int8 v5;
/
/
cl
unsigned
int
j;
/
/
eax
int
result;
/
/
eax
for
(i
=
0
; i <
4
;
*
(i
+
pLastFourCharacters
-
1
)
=
g_szAlphabetTable[v5
%
26
])
{
v5
=
pTable[(i
+
*
szSerial)];
for
(j
=
1
; j < nSerialLength;
+
+
j)
v5
=
pTable[v5 ^ szSerial[j]];
result
=
pLastFourCharacters;
+
+
i;
}
return
result;
}
int
main(
int
argc, char
*
argv[])
{
/
/
"S4SG-XRXX-XXXX-XXXX"
char szSerial[
20
]
=
{
'S'
,
'4'
,
'S'
,
'G'
,
'-'
,
'A'
,
'R'
,
'C'
,
'D'
,
'-'
,
'E'
,
'F'
,
'G'
,
'H'
,
'-'
,
'X'
,
'X'
,
'X'
,
'X'
,
0
};
char aryLastFourCharacters[
4
]
=
{
0
};
sub_514370(szSerial,
15
, g_aryTable, &aryLastFourCharacters);
*
(PULONG)(szSerial
+
15
)
=
*
(PLONG)aryLastFourCharacters;
printf(
"Serial: %s"
, szSerial);
}
unsigned char g_szAlphabetTable[]
=
{
0x4B
,
0x56
,
0x39
,
0x36
,
0x47
,
0x4D
,
0x4A
,
0x59
,
0x48
,
0x37
,
0x51
,
0x46
,
0x35
,
0x54
,
0x43
,
0x57
,
0x34
,
0x55
,
0x33
,
0x58
,
0x5A
,
0x50
,
0x52
,
0x53
,
0x44
,
0x4E
,
0x00
};
int
__cdecl sub_514370(char
*
szSerial, unsigned
int
nSerialLength, char
*
pTable, char
*
pLastFourCharacters)
{
unsigned
int
i;
/
/
esi
unsigned __int8 v5;
/
/
cl
unsigned
int
j;
/
/
eax
int
result;
/
/
eax
for
(i
=
0
; i <
4
;
*
(i
+
pLastFourCharacters
-
1
)
=
g_szAlphabetTable[v5
%
26
])
{
v5
=
pTable[(i
+
*
szSerial)];
for
(j
=
1
; j < nSerialLength;
+
+
j)
v5
=
pTable[v5 ^ szSerial[j]];
result
=
pLastFourCharacters;
+
+
i;
}
return
result;
}
int
main(
int
argc, char
*
argv[])
{
/
/
"S4SG-XRXX-XXXX-XXXX"
char szSerial[
20
]
=
{
'S'
,
'4'
,
'S'
,
'G'
,
'-'
,
'A'
,
'R'
,
'C'
,
'D'
,
'-'
,
'E'
,
'F'
,
'G'
,
'H'
,
'-'
,
'X'
,
'X'
,
'X'
,
'X'
,
0
};
char aryLastFourCharacters[
4
]
=
{
0
};
sub_514370(szSerial,
15
, g_aryTable, &aryLastFourCharacters);
*
(PULONG)(szSerial
+
15
)
=
*
(PLONG)aryLastFourCharacters;
printf(
"Serial: %s"
, szSerial);
}
int
__usercall sub_425860@<eax>(
char
*
Str
,
int
a3,
const CHAR
*
lpMultiByteStr,
char
*
lpOptional,
_BYTE
*
lpBuffer,
int
a7)
{
int
v6;
/
/
ebp MAPDST
DWORD v7;
/
/
edi
DWORD v8;
/
/
ebx
INTERNET_PORT v9;
/
/
si
void
*
v10;
/
/
eax
void
*
v12;
/
/
eax
void
*
v13;
/
/
ebp
void
*
v14;
/
/
eax
void
*
v15;
/
/
esi
int
LastError;
/
/
eax
int
v18;
/
/
[esp
+
0h
] [ebp
-
11Ch
]
int
result;
/
/
[esp
+
Ch] [ebp
-
110h
] BYREF
DWORD dwNumberOfBytesRead;
/
/
[esp
+
10h
] [ebp
-
10Ch
] BYREF
DWORD dwBufferLength;
/
/
[esp
+
14h
] [ebp
-
108h
] BYREF
HINTERNET hInternet;
/
/
[esp
+
18h
] [ebp
-
104h
]
char v23[
256
];
/
/
[esp
+
1Ch
] [ebp
-
100h
] BYREF
v7
=
strlen(lpOptional);
result
=
0x3E8
;
dwBufferLength
=
4
;
v8
=
67420928
;
if
( a3 )
{
v8
=
75817728
;
v9
=
443
;
}
else
{
v9
=
80
;
}
v10
=
sub_455BE0(
"Source Insight"
,
0
,
0
,
0
,
0
);
hInternet
=
v10;
if
( v10 )
{
v12
=
sub_455D90(v10,
Str
, v9,
0
,
0
,
3u
,
0
,
0
);
v13
=
v12;
if
( v12 )
{
v14
=
sub_455F60(v12,
"POST"
, lpMultiByteStr,
0
,
0
,
0
, v8,
0
);
v15
=
v14;
if
( v14 )
{
sub_456190(v14,
"Content-Type: application/x-www-form-urlencoded"
,
0xFFFFFFFF
,
0x20000000u
);
sub_456190(v15,
"Accept: text/plain"
,
0xFFFFFFFF
,
0x20000000u
);
sprintf(v23,
"Content-length: %d\n"
, v7);
sub_456190(v15, v23,
0xFFFFFFFF
,
0x20000000u
);
if
( HttpSendRequestW(v15,
0
,
0
, lpOptional, v7) )
{
HttpQueryInfoW(v15,
0x20000013u
, &result, &dwBufferLength,
0
);
if
( result
=
=
0xC8
)
/
/
返回的状态码判断。
{
if
( InternetReadFile(v15, lpBuffer, a7
-
1
, &dwNumberOfBytesRead) )
{
lpBuffer[dwNumberOfBytesRead]
=
0
;
result
=
0xC8
;
}
else
{
lpBuffer[dwNumberOfBytesRead]
=
0
;
sub_413440(
0
,
0
,
"InternetReadFile Error"
, v6);
result
=
1007
;
}
}
}
else
{
LastError
=
GetLastError();
result
=
(LastError
=
=
12045
)
+
1004
;
sub_413440(
0
,
0
,
"HttpSendRequest Error %d"
, LastError);
}
InternetCloseHandle(v15);
}
else
{
sub_413440(
0
,
0
,
"HttpOpenRequest failed."
, v6);
result
=
1006
;
}
InternetCloseHandle(v13);
}
else
{
sub_413440(
0
,
0
,
"InternetConnect failed."
, v6);
result
=
0x3EA
;
}
InternetCloseHandle(hInternet);
return
result;
}
else
{
sub_413440(
0
,
0
,
"InternetOpen failed."
, v18);
return
0x3E9
;
}
}
int
__usercall sub_425860@<eax>(
char
*
Str
,
int
a3,
const CHAR
*
lpMultiByteStr,
char
*
lpOptional,
_BYTE
*
lpBuffer,
int
a7)
{
int
v6;
/
/
ebp MAPDST
DWORD v7;
/
/
edi
DWORD v8;
/
/
ebx
INTERNET_PORT v9;
/
/
si
void
*
v10;
/
/
eax
void
*
v12;
/
/
eax
void
*
v13;
/
/
ebp
void
*
v14;
/
/
eax
void
*
v15;
/
/
esi
int
LastError;
/
/
eax
int
v18;
/
/
[esp
+
0h
] [ebp
-
11Ch
]
int
result;
/
/
[esp
+
Ch] [ebp
-
110h
] BYREF
DWORD dwNumberOfBytesRead;
/
/
[esp
+
10h
] [ebp
-
10Ch
] BYREF
DWORD dwBufferLength;
/
/
[esp
+
14h
] [ebp
-
108h
] BYREF
HINTERNET hInternet;
/
/
[esp
+
18h
] [ebp
-
104h
]
char v23[
256
];
/
/
[esp
+
1Ch
] [ebp
-
100h
] BYREF
v7
=
strlen(lpOptional);
result
=
0x3E8
;
dwBufferLength
=
4
;
v8
=
67420928
;
if
( a3 )
{
v8
=
75817728
;
v9
=
443
;
}
else
{
v9
=
80
;
}
v10
=
sub_455BE0(
"Source Insight"
,
0
,
0
,
0
,
0
);
hInternet
=
v10;
if
( v10 )
{
v12
=
sub_455D90(v10,
Str
, v9,
0
,
0
,
3u
,
0
,
0
);
v13
=
v12;
if
( v12 )
{
v14
=
sub_455F60(v12,
"POST"
, lpMultiByteStr,
0
,
0
,
0
, v8,
0
);
v15
=
v14;
if
( v14 )
{
sub_456190(v14,
"Content-Type: application/x-www-form-urlencoded"
,
0xFFFFFFFF
,
0x20000000u
);
sub_456190(v15,
"Accept: text/plain"
,
0xFFFFFFFF
,
0x20000000u
);
sprintf(v23,
"Content-length: %d\n"
, v7);
sub_456190(v15, v23,
0xFFFFFFFF
,
0x20000000u
);
if
( HttpSendRequestW(v15,
0
,
0
, lpOptional, v7) )
{
HttpQueryInfoW(v15,
0x20000013u
, &result, &dwBufferLength,
0
);
if
( result
=
=
0xC8
)
/
/
返回的状态码判断。
{
if
( InternetReadFile(v15, lpBuffer, a7
-
1
, &dwNumberOfBytesRead) )
{
lpBuffer[dwNumberOfBytesRead]
=
0
;
result
=
0xC8
;
}
else
{
lpBuffer[dwNumberOfBytesRead]
=
0
;
sub_413440(
0
,
0
,
"InternetReadFile Error"
, v6);
result
=
1007
;
}
}
}
else
{
LastError
=
GetLastError();
result
=
(LastError
=
=
12045
)
+
1004
;
sub_413440(
0
,
0
,
"HttpSendRequest Error %d"
, LastError);
}
InternetCloseHandle(v15);
}
else
{
sub_413440(
0
,
0
,
"HttpOpenRequest failed."
, v6);
result
=
1006
;
}
InternetCloseHandle(v13);
}
else
{
sub_413440(
0
,
0
,
"InternetConnect failed."
, v6);
result
=
0x3EA
;
}
InternetCloseHandle(hInternet);
return
result;
}
else
{
sub_413440(
0
,
0
,
"InternetOpen failed."
, v18);
return
0x3E9
;
}
}
int
__thiscall sub_5171D0(const CHAR
*
this,
int
a2)
{
int
result;
/
/
eax
int
v4;
/
/
[esp
+
4h
] [ebp
-
3FA4h
] BYREF
int
v5[
2024
];
/
/
[esp
+
8h
] [ebp
-
3FA0h
] BYREF
char
Str
[
8192
];
/
/
[esp
+
1FA8h
] [ebp
-
2000h
] BYREF
memset(
Str
,
0
, sizeof(
Str
));
result
=
sub_515290(this, v5,
0x1FA0
);
/
/
发送 HTTP 数据包进行网络验证
if
( result
=
=
0xC8
)
{
if
( a2 )
{
if
( sub_514610(this
+
0x75C
, &v4,
0x1FA0
)
=
=
0xC8
)
sub_516FF0(this, &v4);
return
0xC8
;
}
else
{
/
/
网页验证完后,会进入这个分支。
sub_412990();
/
/
检查网络验证是否通过
if
( sub_425C80(&v4, &v5[
2023
],
0x2000u
) && strlen(&v5[
2023
]) >
=
8
)
/
/
检查网络验证信息
{
sub_516FF0(this, &
Str
[
4
]);
/
/
写注册表
return
sub_5148C0(this
+
0x75C
, &
Str
[
4
]);
/
/
写 C:\\ProgramData\\Source Insight\\
4.0
\\si4.lic 文件
}
else
{
return
0x1D0
;
}
}
}
return
result;
}
int
__thiscall sub_5171D0(const CHAR
*
this,
int
a2)
{
int
result;
/
/
eax
int
v4;
/
/
[esp
+
4h
] [ebp
-
3FA4h
] BYREF
int
v5[
2024
];
/
/
[esp
+
8h
] [ebp
-
3FA0h
] BYREF
char
Str
[
8192
];
/
/
[esp
+
1FA8h
] [ebp
-
2000h
] BYREF
memset(
Str
,
0
, sizeof(
Str
));
result
=
sub_515290(this, v5,
0x1FA0
);
/
/
发送 HTTP 数据包进行网络验证
if
( result
=
=
0xC8
)
{
if
( a2 )
{
if
( sub_514610(this
+
0x75C
, &v4,
0x1FA0
)
=
=
0xC8
)
sub_516FF0(this, &v4);
return
0xC8
;
}
else
{
/
/
网页验证完后,会进入这个分支。
sub_412990();
/
/
检查网络验证是否通过
if
( sub_425C80(&v4, &v5[
2023
],
0x2000u
) && strlen(&v5[
2023
]) >
=
8
)
/
/
检查网络验证信息
{
sub_516FF0(this, &
Str
[
4
]);
/
/
写注册表
return
sub_5148C0(this
+
0x75C
, &
Str
[
4
]);
/
/
写 C:\\ProgramData\\Source Insight\\
4.0
\\si4.lic 文件
}
else
{
return
0x1D0
;
}
}
}
return
result;
}
00518160
|
81EC
00010000
| sub esp,
100
|
00518166
|
56
| push esi |
00518167
|
8BF1
| mov esi,ecx |
00518169
| E8 A2CFFFFF | call sourceinsight4.
515110
|
0051816E
|
68
D0706000 | push sourceinsight4.
6070D0
|
6070D0
:
"Loading license file"
00518173
| E8
18A8EFFF
| call sourceinsight4.
412990
|
00518178
|
83C4
04
| add esp,
4
|
0051817B
|
8BCE
| mov ecx,esi |
0051817D
| E8
4EE6FFFF
| call sourceinsight4.
5167D0
|
1.
检查文件中的数据
00518182
|
3D
C8000000 |
cmp
eax,C8 |
00518187
|
74
2A
| je sourceinsight4.
5181B3
|
00518189
|
83BC24
08010000
00
|
cmp
dword ptr ss:[esp
+
108
],
0
|
00518191
|
74
0D
| je sourceinsight4.
5181A0
|
00518193
|
50
| push eax |
00518194
|
8BCE
| mov ecx,esi |
00518196
| E8
35CCFFFF
| call sourceinsight4.
514DD0
|
0051819B
| E8 F0AAEFFF | call sourceinsight4.
412C90
|
005181A0
|
8BCE
| mov ecx,esi |
005181A2
| E8
69CFFFFF
| call sourceinsight4.
515110
|
005181A7
|
33C0
| xor eax,eax |
005181A9
|
5E
| pop esi |
005181AA
|
81C4
00010000
| add esp,
100
|
005181B0
| C2
0400
| ret
4
|
005181B3
|
8B06
| mov eax,dword ptr ds:[esi] |
005181B5
|
83F8
02
|
cmp
eax,
2
|
005181B8
|
75
1F
| jne sourceinsight4.
5181D9
|
005181BA
|
68
A4706000 | push sourceinsight4.
6070A4
|
6070A4
:
"Deferred Activation license file loaded."
005181BF
| E8 CCA7EFFF | call sourceinsight4.
412990
|
005181C4
|
83C4
04
| add esp,
4
|
005181C7
| C706
00000000
| mov dword ptr ds:[esi],
0
|
005181CD
|
33C0
| xor eax,eax |
005181CF
|
5E
| pop esi |
005181D0
|
81C4
00010000
| add esp,
100
|
005181D6
| C2
0400
| ret
4
|
005181D9
|
83F8
03
|
cmp
eax,
3
|
005181DC
|
75
2F
| jne sourceinsight4.
51820D
|
005181DE
|
8D86
3A070000
| lea eax,dword ptr ds:[esi
+
73A
] |
005181E4
|
50
| push eax |
005181E5
|
8D8E
5C070000
| lea ecx,dword ptr ds:[esi
+
75C
] | esi
+
75C
:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
005181EB
|
51
| push ecx |
005181EC
| E8
9FDDFFFF
| call sourceinsight4.
515F90
|
2.
检查 Signature
005181F1
|
83C4
08
| add esp,
8
|
005181F4
|
3D
C8000000 |
cmp
eax,C8 |
005181F9
|
75
2F
| jne sourceinsight4.
51822A
|
005181FB
|
8BCE
| mov ecx,esi |
005181FD
| E8
1EF7FFFF
| call sourceinsight4.
517920
|
3.
检查 ActId
00518202
|
85C0
| test eax,eax |
00518204
|
75
4E
| jne sourceinsight4.
518254
|
00518206
| B8 EB010000 | mov eax,
1EB
|
0051820B
| EB
1D
| jmp sourceinsight4.
51822A
|
0051820D
|
8D96
3A070000
| lea edx,dword ptr ds:[esi
+
73A
] |
00518213
|
52
| push edx |
00518214
|
8D86
5C070000
| lea eax,dword ptr ds:[esi
+
75C
] | esi
+
75C
:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
0051821A
|
50
| push eax |
0051821B
| E8
80EBFFFF
| call sourceinsight4.
516DA0
|
00518220
|
83C4
08
| add esp,
8
|
00518223
|
3D
C8000000 |
cmp
eax,C8 |
00518228
|
74
2A
| je sourceinsight4.
518254
|
0051822A
|
83BC24
08010000
00
|
cmp
dword ptr ss:[esp
+
108
],
0
|
00518232
|
74
0D
| je sourceinsight4.
518241
|
00518234
|
50
| push eax |
00518235
|
8BCE
| mov ecx,esi |
00518237
| E8
94CBFFFF
| call sourceinsight4.
514DD0
|
0051823C
| E8
4FAAEFFF
| call sourceinsight4.
412C90
|
00518241
|
8BCE
| mov ecx,esi |
00518243
| E8 C8CEFFFF | call sourceinsight4.
515110
|
00518248
|
33C0
| xor eax,eax |
0051824A
|
5E
| pop esi |
0051824B
|
81C4
00010000
| add esp,
100
|
00518251
| C2
0400
| ret
4
|
00518254
|
83BE
0C060000
01
|
cmp
dword ptr ds:[esi
+
60C
],
1
|
0051825B
|
57
| push edi | edi:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
0051825C
| BF DCA25F00 | mov edi,sourceinsight4.
5FA2DC
| edi:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
,
5FA2DC
:
"Trial"
00518261
|
74
05
| je sourceinsight4.
518268
|
00518263
| BF
80616000
| mov edi,sourceinsight4.
606180
| edi:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
,
606180
:
"Standard"
00518268
|
8D4C24
08
| lea ecx,dword ptr ss:[esp
+
8
] |
0051826C
|
51
| push ecx |
0051826D
|
8D8E
1C060000
| lea ecx,dword ptr ds:[esi
+
61C
] |
00518273
| E8 F869F3FF | call sourceinsight4.
44EC70
| 生成了一个 date 字符串
00518278
|
8D5424
08
| lea edx,dword ptr ss:[esp
+
8
] |
0051827C
|
52
| push edx |
0051827D
|
57
| push edi | edi:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
0051827E
|
68
7C706000
| push sourceinsight4.
60707C
|
60707C
:
"License OK: %s License activated %s UTC"
00518283
| E8
08A7EFFF
| call sourceinsight4.
412990
| 生成注册信息
00518288
|
83C4
0C
| add esp,C |
0051828B
|
5F
| pop edi | edi:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
0051828C
| B8
01000000
| mov eax,
1
|
00518291
|
5E
| pop esi |
00518292
|
81C4
00010000
| add esp,
100
|
00518298
| C2
0400
| ret
4
|
00518160
|
81EC
00010000
| sub esp,
100
|
00518166
|
56
| push esi |
00518167
|
8BF1
| mov esi,ecx |
00518169
| E8 A2CFFFFF | call sourceinsight4.
515110
|
0051816E
|
68
D0706000 | push sourceinsight4.
6070D0
|
6070D0
:
"Loading license file"
00518173
| E8
18A8EFFF
| call sourceinsight4.
412990
|
00518178
|
83C4
04
| add esp,
4
|
0051817B
|
8BCE
| mov ecx,esi |
0051817D
| E8
4EE6FFFF
| call sourceinsight4.
5167D0
|
1.
检查文件中的数据
00518182
|
3D
C8000000 |
cmp
eax,C8 |
00518187
|
74
2A
| je sourceinsight4.
5181B3
|
00518189
|
83BC24
08010000
00
|
cmp
dword ptr ss:[esp
+
108
],
0
|
00518191
|
74
0D
| je sourceinsight4.
5181A0
|
00518193
|
50
| push eax |
00518194
|
8BCE
| mov ecx,esi |
00518196
| E8
35CCFFFF
| call sourceinsight4.
514DD0
|
0051819B
| E8 F0AAEFFF | call sourceinsight4.
412C90
|
005181A0
|
8BCE
| mov ecx,esi |
005181A2
| E8
69CFFFFF
| call sourceinsight4.
515110
|
005181A7
|
33C0
| xor eax,eax |
005181A9
|
5E
| pop esi |
005181AA
|
81C4
00010000
| add esp,
100
|
005181B0
| C2
0400
| ret
4
|
005181B3
|
8B06
| mov eax,dword ptr ds:[esi] |
005181B5
|
83F8
02
|
cmp
eax,
2
|
005181B8
|
75
1F
| jne sourceinsight4.
5181D9
|
005181BA
|
68
A4706000 | push sourceinsight4.
6070A4
|
6070A4
:
"Deferred Activation license file loaded."
005181BF
| E8 CCA7EFFF | call sourceinsight4.
412990
|
005181C4
|
83C4
04
| add esp,
4
|
005181C7
| C706
00000000
| mov dword ptr ds:[esi],
0
|
005181CD
|
33C0
| xor eax,eax |
005181CF
|
5E
| pop esi |
005181D0
|
81C4
00010000
| add esp,
100
|
005181D6
| C2
0400
| ret
4
|
005181D9
|
83F8
03
|
cmp
eax,
3
|
005181DC
|
75
2F
| jne sourceinsight4.
51820D
|
005181DE
|
8D86
3A070000
| lea eax,dword ptr ds:[esi
+
73A
] |
005181E4
|
50
| push eax |
005181E5
|
8D8E
5C070000
| lea ecx,dword ptr ds:[esi
+
75C
] | esi
+
75C
:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
005181EB
|
51
| push ecx |
005181EC
| E8
9FDDFFFF
| call sourceinsight4.
515F90
|
2.
检查 Signature
005181F1
|
83C4
08
| add esp,
8
|
005181F4
|
3D
C8000000 |
cmp
eax,C8 |
005181F9
|
75
2F
| jne sourceinsight4.
51822A
|
005181FB
|
8BCE
| mov ecx,esi |
005181FD
| E8
1EF7FFFF
| call sourceinsight4.
517920
|
3.
检查 ActId
00518202
|
85C0
| test eax,eax |
00518204
|
75
4E
| jne sourceinsight4.
518254
|
00518206
| B8 EB010000 | mov eax,
1EB
|
0051820B
| EB
1D
| jmp sourceinsight4.
51822A
|
0051820D
|
8D96
3A070000
| lea edx,dword ptr ds:[esi
+
73A
] |
00518213
|
52
| push edx |
00518214
|
8D86
5C070000
| lea eax,dword ptr ds:[esi
+
75C
] | esi
+
75C
:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
0051821A
|
50
| push eax |
0051821B
| E8
80EBFFFF
| call sourceinsight4.
516DA0
|
00518220
|
83C4
08
| add esp,
8
|
00518223
|
3D
C8000000 |
cmp
eax,C8 |
00518228
|
74
2A
| je sourceinsight4.
518254
|
0051822A
|
83BC24
08010000
00
|
cmp
dword ptr ss:[esp
+
108
],
0
|
00518232
|
74
0D
| je sourceinsight4.
518241
|
00518234
|
50
| push eax |
00518235
|
8BCE
| mov ecx,esi |
00518237
| E8
94CBFFFF
| call sourceinsight4.
514DD0
|
0051823C
| E8
4FAAEFFF
| call sourceinsight4.
412C90
|
00518241
|
8BCE
| mov ecx,esi |
00518243
| E8 C8CEFFFF | call sourceinsight4.
515110
|
00518248
|
33C0
| xor eax,eax |
0051824A
|
5E
| pop esi |
0051824B
|
81C4
00010000
| add esp,
100
|
00518251
| C2
0400
| ret
4
|
00518254
|
83BE
0C060000
01
|
cmp
dword ptr ds:[esi
+
60C
],
1
|
0051825B
|
57
| push edi | edi:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
0051825C
| BF DCA25F00 | mov edi,sourceinsight4.
5FA2DC
| edi:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
,
5FA2DC
:
"Trial"
00518261
|
74
05
| je sourceinsight4.
518268
|
00518263
| BF
80616000
| mov edi,sourceinsight4.
606180
| edi:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
,
606180
:
"Standard"
00518268
|
8D4C24
08
| lea ecx,dword ptr ss:[esp
+
8
] |
0051826C
|
51
| push ecx |
0051826D
|
8D8E
1C060000
| lea ecx,dword ptr ds:[esi
+
61C
] |
00518273
| E8 F869F3FF | call sourceinsight4.
44EC70
| 生成了一个 date 字符串
00518278
|
8D5424
08
| lea edx,dword ptr ss:[esp
+
8
] |
0051827C
|
52
| push edx |
0051827D
|
57
| push edi | edi:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
0051827E
|
68
7C706000
| push sourceinsight4.
60707C
|
60707C
:
"License OK: %s License activated %s UTC"
00518283
| E8
08A7EFFF
| call sourceinsight4.
412990
| 生成注册信息
00518288
|
83C4
0C
| add esp,C |
0051828B
|
5F
| pop edi | edi:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
0051828C
| B8
01000000
| mov eax,
1
|
00518291
|
5E
| pop esi |
00518292
|
81C4
00010000
| add esp,
100
|
00518298
| C2
0400
| ret
4
|
005167D0
|
64
:A1
00000000
| mov eax,dword ptr fs:[
0
] | eax:&
"ActId"
005167D6
|
6A
FF | push FFFFFFFF |
005167D8
|
68
FB365D00 | push sourceinsight4.
5D36FB
|
005167DD
|
50
| push eax | eax:&
"ActId"
005167DE
|
64
:
8925
00000000
| mov dword ptr fs:[
0
],esp |
005167E5
|
81EC
10040000
| sub esp,
410
|
005167EB
|
53
| push ebx |
005167EC
|
56
| push esi |
005167ED
|
33DB
| xor ebx,ebx |
005167EF
|
57
| push edi |
005167F0
|
8BF1
| mov esi,ecx |
005167F2
|
33C0
| xor eax,eax | eax:&
"ActId"
005167F4
|
895C84
1C
| mov dword ptr ss:[esp
+
eax
*
4
+
1C
],ebx |
005167F8
|
899C84
1C020000
| mov dword ptr ss:[esp
+
eax
*
4
+
21C
],ebx |
005167FF
|
40
| inc eax | eax:&
"ActId"
00516800
|
3D
80000000
|
cmp
eax,
80
| eax:&
"ActId"
00516805
|
72
ED | jb sourceinsight4.
5167F4
|
00516807
|
899C24
24040000
| mov dword ptr ss:[esp
+
424
],ebx |
0051680E
|
8D4424
1C
| lea eax,dword ptr ss:[esp
+
1C
] |
00516812
|
50
| push eax | eax:&
"ActId"
00516813
|
8D8E
5C070000
| lea ecx,dword ptr ds:[esi
+
75C
] | esi
+
75C
:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
00516819
|
51
| push ecx |
0051681A
| E8
71E9FFFF
| call sourceinsight4.
515190
| 解释文件中数据,并保存。
0051681F
|
83C4
08
| add esp,
8
|
00516822
|
8D5424
0C
| lea edx,dword ptr ss:[esp
+
C] |
00516826
|
52
| push edx |
00516827
|
68
CCD05E00 | push sourceinsight4.
5ED0CC
|
5ED0CC
:
"Type"
0051682C
|
8D4C24
24
| lea ecx,dword ptr ss:[esp
+
24
] | [esp
+
24
]:
"ActId"
00516830
|
899E
0C060000
| mov dword ptr ds:[esi
+
60C
],ebx |
00516836
| E8
85DDFFFF
| call sourceinsight4.
5145C0
| 取出
Type
字段的值
0051683B
|
85C0
| test eax,eax | eax:&
"ActId"
0051683D
|
74
58
| je sourceinsight4.
516897
|
0051683F
|
8B7C24
0C
| mov edi,dword ptr ss:[esp
+
C] |
00516843
|
68
DCA25F00 | push sourceinsight4.
5FA2DC
|
5FA2DC
:
"Trial"
00516848
|
57
| push edi |
00516849
| E8 DCA50B00 | call sourceinsight4.
5D0E2A
| stricmp([
"Type"
],
"Trial"
)
0051684E
|
83C4
08
| add esp,
8
|
00516851
|
85C0
| test eax,eax | eax:&
"ActId"
00516853
|
75
0C
| jne sourceinsight4.
516861
|
00516855
| C786
0C060000
01000000
| mov dword ptr ds:[esi
+
60C
],
1
|
0051685F
| EB
36
| jmp sourceinsight4.
516897
|
00516861
|
68
8C616000
| push sourceinsight4.
60618C
|
60618C
:
"Beta"
00516866
|
57
| push edi |
00516867
| E8 BEA50B00 | call sourceinsight4.
5D0E2A
|
0051686C
|
83C4
08
| add esp,
8
|
0051686F
|
85C0
| test eax,eax | eax:&
"ActId"
00516871
|
75
0C
| jne sourceinsight4.
51687F
|
00516873
| C786
0C060000
03000000
| mov dword ptr ds:[esi
+
60C
],
3
|
0051687D
| EB
18
| jmp sourceinsight4.
516897
|
0051687F
|
68
80616000
| push sourceinsight4.
606180
|
606180
:
"Standard"
00516884
|
57
| push edi |
00516885
| E8 A0A50B00 | call sourceinsight4.
5D0E2A
|
0051688A
|
83C4
08
| add esp,
8
|
0051688D
|
85C0
| test eax,eax | eax:&
"ActId"
0051688F
|
75
06
| jne sourceinsight4.
516897
|
00516891
|
899E
0C060000
| mov dword ptr ds:[esi
+
60C
],ebx |
00516897
|
8D4424
0C
| lea eax,dword ptr ss:[esp
+
C] |
0051689B
|
50
| push eax | eax:&
"ActId"
0051689C
|
68
D0656000 | push sourceinsight4.
6065D0
|
6065D0
:
"LicensedUser"
005168A1
|
8D4C24
24
| lea ecx,dword ptr ss:[esp
+
24
] | [esp
+
24
]:
"ActId"
005168A5
| E8
16DDFFFF
| call sourceinsight4.
5145C0
| 取出 [
"LicensedUser"
] 的值
005168AA
|
85C0
| test eax,eax | eax:&
"ActId"
005168AC
|
0F84
36030000
| je sourceinsight4.
516BE8
|
005168B2
|
8B4C24
0C
| mov ecx,dword ptr ss:[esp
+
C] |
005168B6
|
51
| push ecx |
005168B7
|
8D96
04010000
| lea edx,dword ptr ds:[esi
+
104
] |
005168BD
|
52
| push edx |
005168BE
| E8 BD4E0A00 | call sourceinsight4.
5BB780
| strcpy(edx, [
"LicensedUser"
])
005168C3
|
83C4
08
| add esp,
8
|
005168C6
|
8D4424
0C
| lea eax,dword ptr ss:[esp
+
C] |
005168CA
|
50
| push eax | eax:&
"ActId"
005168CB
|
68
C0656000 | push sourceinsight4.
6065C0
|
6065C0
:
"Organization"
005168D0
|
8D4C24
24
| lea ecx,dword ptr ss:[esp
+
24
] | [esp
+
24
]:
"ActId"
005168D4
| E8 E7DCFFFF | call sourceinsight4.
5145C0
| 取出 [
"Organization"
] 的值
005168D9
|
85C0
| test eax,eax | eax:&
"ActId"
005168DB
|
74
14
| je sourceinsight4.
5168F1
|
005168DD
|
8B4C24
0C
| mov ecx,dword ptr ss:[esp
+
C] |
005168E1
|
51
| push ecx |
005168E2
|
8D96
04020000
| lea edx,dword ptr ds:[esi
+
204
] |
005168E8
|
52
| push edx |
005168E9
| E8
924E0A00
| call sourceinsight4.
5BB780
| strcpy(edx, [
"Organization"
])
005168EE
|
83C4
08
| add esp,
8
|
005168F1
|
8D4424
0C
| lea eax,dword ptr ss:[esp
+
C] |
005168F5
|
50
| push eax | eax:&
"ActId"
005168F6
|
68
B8656000 | push sourceinsight4.
6065B8
|
6065B8
:
"Email"
005168FB
|
8D4C24
24
| lea ecx,dword ptr ss:[esp
+
24
] | [esp
+
24
]:
"ActId"
005168FF
| E8 BCDCFFFF | call sourceinsight4.
5145C0
| 取出 [
"Email"
] 的值
00516904
|
85C0
| test eax,eax | eax:&
"ActId"
00516906
|
74
14
| je sourceinsight4.
51691C
|
00516908
|
8B4C24
0C
| mov ecx,dword ptr ss:[esp
+
C] |
0051690C
|
51
| push ecx |
0051690D
|
8D96
04030000
| lea edx,dword ptr ds:[esi
+
304
] |
00516913
|
52
| push edx |
00516914
| E8
674E0A00
| call sourceinsight4.
5BB780
| strcpy(edx, [
"Email"
])
00516919
|
83C4
08
| add esp,
8
|
0051691C
|
8D4424
0C
| lea eax,dword ptr ss:[esp
+
C] |
00516920
|
50
| push eax | eax:&
"ActId"
00516921
|
68
B0656000 | push sourceinsight4.
6065B0
|
6065B0
:
"Serial"
00516926
|
8D4C24
24
| lea ecx,dword ptr ss:[esp
+
24
] | [esp
+
24
]:
"ActId"
0051692A
| E8
91DCFFFF
| call sourceinsight4.
5145C0
| 取出 [
"Serial"
] 的值
0051692F
|
85C0
| test eax,eax | eax:&
"ActId"
00516931
|
0F84
B1020000 | je sourceinsight4.
516BE8
|
00516937
|
8B4C24
0C
| mov ecx,dword ptr ss:[esp
+
C] |
0051693B
|
55
| push ebp |
0051693C
|
51
| push ecx |
0051693D
|
8D6E
04
| lea ebp,dword ptr ds:[esi
+
4
] |
00516940
|
55
| push ebp |
00516941
| E8
3A4E0A00
| call sourceinsight4.
5BB780
| strcpy(edx, [
"Serial"
])
00516946
|
83C4
08
| add esp,
8
|
00516949
|
8D5424
10
| lea edx,dword ptr ss:[esp
+
10
] |
0051694D
|
52
| push edx |
0051694E
|
68
A8656000 | push sourceinsight4.
6065A8
|
6065A8
:
"ActId"
00516953
|
8D4C24
28
| lea ecx,dword ptr ss:[esp
+
28
] | [esp
+
28
]:
"Serial"
00516957
| E8
64DCFFFF
| call sourceinsight4.
5145C0
| 取出 [
"ActId"
] 的值
0051695C
|
85C0
| test eax,eax | eax:&
"ActId"
0051695E
|
0F84
66020000
| je sourceinsight4.
516BCA
|
00516964
|
8B4424
10
| mov eax,dword ptr ss:[esp
+
10
] |
00516968
|
50
| push eax | eax:&
"ActId"
00516969
|
8DBE
3A060000
| lea edi,dword ptr ds:[esi
+
63A
] |
0051696F
|
57
| push edi |
00516970
| E8
0B4E0A00
| call sourceinsight4.
5BB780
| strcpy(edx, [
"ActId"
])
00516975
|
68
7F1B0000
| push
1B7F
|
0051697A
|
6A
32
| push
32
|
0051697C
|
6A
04
| push
4
|
0051697E
|
68
701A6500
| push sourceinsight4.
651A70
|
00516983
|
57
| push edi |
00516984
| E8 E7CBEEFF | call sourceinsight4.
403570
| 检查 [
"ActId"
] 的值
00516989
|
33C9
| xor ecx,ecx |
0051698B
|
3BC3
|
cmp
eax,ebx | eax:&
"ActId"
0051698D
|
0F9FC1
| setg cl |
00516990
|
68
9C656000
| push sourceinsight4.
60659C
|
60659C
:
"Deferred"
00516995
|
57
| push edi |
00516996
|
8BD9
| mov ebx,ecx |
00516998
| E8
8DA40B00
| call sourceinsight4.
5D0E2A
| stricmp([
"ActId"
],
"Deferred"
)
0051699D
|
83C4
24
| add esp,
24
|
005169A0
|
85C0
| test eax,eax | eax:&
"ActId"
005169A2
|
75
38
| jne sourceinsight4.
5169DC
|
005169A4
| C706
02000000
| mov dword ptr ds:[esi],
2
|
005169AA
| C78424
28040000
FFFFFF | mov dword ptr ss:[esp
+
428
],FFFFFFFF |
005169B5
|
8D4C24
20
| lea ecx,dword ptr ss:[esp
+
20
] |
005169B9
| E8
22DBFFFF
| call sourceinsight4.
5144E0
| 释放掉保存的文件数据
005169BE
| B8 C8000000 | mov eax,C8 | 返回值为
0XC8
,表示通过检查。
005169C3
|
5D
| pop ebp |
005169C4
|
5F
| pop edi |
005169C5
|
5E
| pop esi |
005169C6
|
5B
| pop ebx |
005169C7
|
8B8C24
10040000
| mov ecx,dword ptr ss:[esp
+
410
] |
005169CE
|
64
:
890D
00000000
| mov dword ptr fs:[
0
],ecx |
005169D5
|
81C4
1C040000
| add esp,
41C
|
005169DB
| C3 | ret |
005169DC
|
33D2
| xor edx,edx |
005169DE
|
85DB
| test ebx,ebx |
005169E0
|
0F94C2
| sete dl |
005169E3
|
8D4424
14
| lea eax,dword ptr ss:[esp
+
14
] |
005169E7
|
8D4C24
18
| lea ecx,dword ptr ss:[esp
+
18
] |
005169EB
|
52
| push edx |
005169EC
|
50
| push eax | eax:&
"ActId"
005169ED
|
51
| push ecx |
005169EE
|
8D5424
28
| lea edx,dword ptr ss:[esp
+
28
] | [esp
+
28
]:
"Serial"
005169F2
|
52
| push edx |
005169F3
|
55
| push ebp |
005169F4
| E8 A7E1FFFF | call sourceinsight4.
514BA0
| 检查 [
"Serial"
]
005169F9
|
83C4
14
| add esp,
14
|
005169FC
|
85C0
| test eax,eax | eax:&
"ActId"
005169FE
|
74
0C
| je sourceinsight4.
516A0C
|
00516A00
|
8B4424
18
| mov eax,dword ptr ss:[esp
+
18
] |
00516A04
|
3B86
0C060000
|
cmp
eax,dword ptr ds:[esi
+
60C
] | eax:&
"ActId"
00516A0A
|
74
1B
| je sourceinsight4.
516A27
|
00516A0C
| C78424
28040000
FFFFFF | mov dword ptr ss:[esp
+
428
],FFFFFFFF |
00516A17
|
8D4C24
20
| lea ecx,dword ptr ss:[esp
+
20
] |
00516A1B
| E8 C0DAFFFF | call sourceinsight4.
5144E0
|
00516A20
| B8 EF010000 | mov eax,
1EF
| eax:&
"ActId"
00516A25
| EB
9C
| jmp sourceinsight4.
5169C3
|
00516A27
|
0FB60D
13956500
| movzx ecx,byte ptr ds:[
659513
] |
00516A2E
|
8B7C24
14
| mov edi,dword ptr ss:[esp
+
14
] |
00516A32
|
3BF9
|
cmp
edi,ecx |
00516A34
|
0F85
BA000000 | jne sourceinsight4.
516AF4
|
00516A3A
|
55
| push ebp |
00516A3B
| B9
40846600
| mov ecx,sourceinsight4.
668440
|
00516A40
| E8 CB6FF4FF | call sourceinsight4.
45DA10
|
00516A45
|
85C0
| test eax,eax | eax:&
"ActId"
00516A47
|
74
1E
| je sourceinsight4.
516A67
|
00516A49
| C78424
28040000
FFFFFF | mov dword ptr ss:[esp
+
428
],FFFFFFFF |
00516A54
|
8D4C24
20
| lea ecx,dword ptr ss:[esp
+
20
] |
00516A58
| E8
83DAFFFF
| call sourceinsight4.
5144E0
|
00516A5D
| B8 CC010000 | mov eax,
1CC
| eax:&
"ActId"
00516A62
| E9
5CFFFFFF
| jmp sourceinsight4.
5169C3
|
00516A67
|
85DB
| test ebx,ebx |
00516A69
|
75
37
| jne sourceinsight4.
516AA2
|
00516A6B
|
8D5424
10
| lea edx,dword ptr ss:[esp
+
10
] |
00516A6F
|
52
| push edx |
00516A70
|
68
94656000
| push sourceinsight4.
606594
|
606594
:
"HWID"
00516A75
|
8D4C24
28
| lea ecx,dword ptr ss:[esp
+
28
] | [esp
+
28
]:
"Serial"
00516A79
| C706
01000000
| mov dword ptr ds:[esi],
1
|
00516A7F
| E8
3CDBFFFF
| call sourceinsight4.
5145C0
|
00516A84
|
85C0
| test eax,eax | eax:&
"ActId"
00516A86
|
0F84
3E010000
| je sourceinsight4.
516BCA
|
00516A8C
|
8B4424
10
| mov eax,dword ptr ss:[esp
+
10
] |
00516A90
|
50
| push eax | eax:&
"ActId"
00516A91
|
8D8E
28060000
| lea ecx,dword ptr ds:[esi
+
628
] |
00516A97
|
51
| push ecx |
00516A98
| E8 E34C0A00 | call sourceinsight4.
5BB780
|
00516A9D
|
83C4
08
| add esp,
8
|
00516AA0
| EB
06
| jmp sourceinsight4.
516AA8
|
00516AA2
| C706
03000000
| mov dword ptr ds:[esi],
3
|
00516AA8
|
8D5424
10
| lea edx,dword ptr ss:[esp
+
10
] |
00516AAC
|
52
| push edx |
00516AAD
|
68
10AC5D00
| push sourceinsight4.
5DAC10
|
5DAC10
:
"Version"
00516AB2
|
8D4C24
28
| lea ecx,dword ptr ss:[esp
+
28
] | [esp
+
28
]:
"Serial"
00516AB6
| E8
05DBFFFF
| call sourceinsight4.
5145C0
| 取出 [
"Version"
] 的值
00516ABB
|
85C0
| test eax,eax | eax:&
"ActId"
00516ABD
|
0F84
07010000
| je sourceinsight4.
516BCA
|
00516AC3
|
8B4424
10
| mov eax,dword ptr ss:[esp
+
10
] |
00516AC7
|
8A00
| mov al,byte ptr ds:[eax] | eax:&
"ActId"
00516AC9
|
3C
30
|
cmp
al,
30
|
30
:
'0'
00516ACB
|
0F8C
F9000000 | jl sourceinsight4.
516BCA
|
00516AD1
|
3C
39
|
cmp
al,
39
|
39
:
'9'
00516AD3
|
0F8F
F1000000 | jg sourceinsight4.
516BCA
|
00516AD9
|
0FBEC0
| movsx eax,al | eax:&
"ActId"
00516ADC
|
83C0
D0 | add eax,FFFFFFD0 | eax:&
"ActId"
00516ADF
|
8986
04060000
| mov dword ptr ds:[esi
+
604
],eax | eax:&
"ActId"
00516AE5
|
0FB60D
13956500
| movzx ecx,byte ptr ds:[
659513
] |
00516AEC
|
3BC1
|
cmp
eax,ecx | eax:&
"ActId"
00516AEE
|
75
04
| jne sourceinsight4.
516AF4
|
00516AF0
|
3BC7
|
cmp
eax,edi | eax:&
"ActId"
00516AF2
|
74
1E
| je sourceinsight4.
516B12
|
00516AF4
| C78424
28040000
FFFFFF | mov dword ptr ss:[esp
+
428
],FFFFFFFF |
00516AFF
|
8D4C24
20
| lea ecx,dword ptr ss:[esp
+
20
] |
00516B03
| E8 D8D9FFFF | call sourceinsight4.
5144E0
|
00516B08
| B8 EA010000 | mov eax,
1EA
| eax:&
"ActId"
00516B0D
| E9 B1FEFFFF | jmp sourceinsight4.
5169C3
|
00516B12
|
8D5424
10
| lea edx,dword ptr ss:[esp
+
10
] |
00516B16
|
33DB
| xor ebx,ebx |
00516B18
|
52
| push edx |
00516B19
|
68
88656000
| push sourceinsight4.
606588
|
606588
:
"Expiration"
00516B1E
|
8D4C24
28
| lea ecx,dword ptr ss:[esp
+
28
] | [esp
+
28
]:
"Serial"
00516B22
|
899E
18060000
| mov dword ptr ds:[esi
+
618
],ebx |
00516B28
|
899E
14060000
| mov dword ptr ds:[esi
+
614
],ebx |
00516B2E
|
899E
10060000
| mov dword ptr ds:[esi
+
610
],ebx |
00516B34
| E8
87DAFFFF
| call sourceinsight4.
5145C0
| 取出 [
"Expiration"
] 的值
00516B39
|
85C0
| test eax,eax | eax:&
"ActId"
00516B3B
|
74
1F
| je sourceinsight4.
516B5C
|
00516B3D
|
8B4424
10
| mov eax,dword ptr ss:[esp
+
10
] |
00516B41
|
50
| push eax | eax:&
"ActId"
00516B42
|
8D8E
10060000
| lea ecx,dword ptr ds:[esi
+
610
] |
00516B48
| E8 E394F3FF | call sourceinsight4.
450030
|
00516B4D
|
8D8E
10060000
| lea ecx,dword ptr ds:[esi
+
610
] |
00516B53
| E8
8881F3FF
| call sourceinsight4.
44ECE0
|
00516B58
|
85C0
| test eax,eax | eax:&
"ActId"
00516B5A
|
74
50
| je sourceinsight4.
516BAC
|
00516B5C
|
8D4C24
10
| lea ecx,dword ptr ss:[esp
+
10
] |
00516B60
|
51
| push ecx |
00516B61
|
68
D8A65E00 | push sourceinsight4.
5EA6D8
|
5EA6D8
:
"Date"
00516B66
|
8D4C24
28
| lea ecx,dword ptr ss:[esp
+
28
] | [esp
+
28
]:
"Serial"
00516B6A
|
899E
24060000
| mov dword ptr ds:[esi
+
624
],ebx |
00516B70
|
899E
20060000
| mov dword ptr ds:[esi
+
620
],ebx |
00516B76
|
899E
1C060000
| mov dword ptr ds:[esi
+
61C
],ebx |
00516B7C
| E8
3FDAFFFF
| call sourceinsight4.
5145C0
| 取出 [
"Date"
] 的值
00516B81
|
85C0
| test eax,eax | eax:&
"ActId"
00516B83
|
0F84
21FEFFFF
| je sourceinsight4.
5169AA
|
00516B89
|
8B5424
10
| mov edx,dword ptr ss:[esp
+
10
] |
00516B8D
|
52
| push edx |
00516B8E
|
8D8E
1C060000
| lea ecx,dword ptr ds:[esi
+
61C
] |
00516B94
| E8
9794F3FF
| call sourceinsight4.
450030
| 检查日期的有效性
00516B99
|
8D8E
1C060000
| lea ecx,dword ptr ds:[esi
+
61C
] |
00516B9F
| E8
3C81F3FF
| call sourceinsight4.
44ECE0
|
00516BA4
|
85C0
| test eax,eax | 检查年、月、日的有效性
00516BA6
|
0F85
FEFDFFFF | jne sourceinsight4.
5169AA
|
00516BAC
| C78424
28040000
FFFFFF | mov dword ptr ss:[esp
+
428
],FFFFFFFF |
00516BB7
|
8D4C24
20
| lea ecx,dword ptr ss:[esp
+
20
] |
00516BBB
| E8
20D9FFFF
| call sourceinsight4.
5144E0
|
00516BC0
| B8 E3010000 | mov eax,
1E3
| eax:&
"ActId"
00516BC5
| E9 F9FDFFFF | jmp sourceinsight4.
5169C3
|
00516BCA
| C78424
28040000
FFFFFF | mov dword ptr ss:[esp
+
428
],FFFFFFFF |
00516BD5
|
8D4C24
20
| lea ecx,dword ptr ss:[esp
+
20
] |
00516BD9
| E8
02D9FFFF
| call sourceinsight4.
5144E0
|
00516BDE
| B8 D5010000 | mov eax,
1D5
| eax:&
"ActId"
00516BE3
| E9 DBFDFFFF | jmp sourceinsight4.
5169C3
|
00516BE8
| C78424
24040000
FFFFFF | mov dword ptr ss:[esp
+
424
],FFFFFFFF |
00516BF3
|
8D4C24
1C
| lea ecx,dword ptr ss:[esp
+
1C
] |
00516BF7
| E8 E4D8FFFF | call sourceinsight4.
5144E0
|
00516BFC
|
8B8C24
1C040000
| mov ecx,dword ptr ss:[esp
+
41C
] |
00516C03
|
5F
| pop edi |
00516C04
|
5E
| pop esi |
00516C05
| B8 D5010000 | mov eax,
1D5
| eax:&
"ActId"
00516C0A
|
5B
| pop ebx |
00516C0B
|
64
:
890D
00000000
| mov dword ptr fs:[
0
],ecx |
00516C12
|
81C4
1C040000
| add esp,
41C
|
00516C18
| C3 | ret |
005167D0
|
64
:A1
00000000
| mov eax,dword ptr fs:[
0
] | eax:&
"ActId"
005167D6
|
6A
FF | push FFFFFFFF |
005167D8
|
68
FB365D00 | push sourceinsight4.
5D36FB
|
005167DD
|
50
| push eax | eax:&
"ActId"
005167DE
|
64
:
8925
00000000
| mov dword ptr fs:[
0
],esp |
005167E5
|
81EC
10040000
| sub esp,
410
|
005167EB
|
53
| push ebx |
005167EC
|
56
| push esi |
005167ED
|
33DB
| xor ebx,ebx |
005167EF
|
57
| push edi |
005167F0
|
8BF1
| mov esi,ecx |
005167F2
|
33C0
| xor eax,eax | eax:&
"ActId"
005167F4
|
895C84
1C
| mov dword ptr ss:[esp
+
eax
*
4
+
1C
],ebx |
005167F8
|
899C84
1C020000
| mov dword ptr ss:[esp
+
eax
*
4
+
21C
],ebx |
005167FF
|
40
| inc eax | eax:&
"ActId"
00516800
|
3D
80000000
|
cmp
eax,
80
| eax:&
"ActId"
00516805
|
72
ED | jb sourceinsight4.
5167F4
|
00516807
|
899C24
24040000
| mov dword ptr ss:[esp
+
424
],ebx |
0051680E
|
8D4424
1C
| lea eax,dword ptr ss:[esp
+
1C
] |
00516812
|
50
| push eax | eax:&
"ActId"
00516813
|
8D8E
5C070000
| lea ecx,dword ptr ds:[esi
+
75C
] | esi
+
75C
:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
00516819
|
51
| push ecx |
0051681A
| E8
71E9FFFF
| call sourceinsight4.
515190
| 解释文件中数据,并保存。
0051681F
|
83C4
08
| add esp,
8
|
00516822
|
8D5424
0C
| lea edx,dword ptr ss:[esp
+
C] |
00516826
|
52
| push edx |
00516827
|
68
CCD05E00 | push sourceinsight4.
5ED0CC
|
5ED0CC
:
"Type"
0051682C
|
8D4C24
24
| lea ecx,dword ptr ss:[esp
+
24
] | [esp
+
24
]:
"ActId"
00516830
|
899E
0C060000
| mov dword ptr ds:[esi
+
60C
],ebx |
00516836
| E8
85DDFFFF
| call sourceinsight4.
5145C0
| 取出
Type
字段的值
0051683B
|
85C0
| test eax,eax | eax:&
"ActId"
0051683D
|
74
58
| je sourceinsight4.
516897
|
0051683F
|
8B7C24
0C
| mov edi,dword ptr ss:[esp
+
C] |
00516843
|
68
DCA25F00 | push sourceinsight4.
5FA2DC
|
5FA2DC
:
"Trial"
00516848
|
57
| push edi |
00516849
| E8 DCA50B00 | call sourceinsight4.
5D0E2A
| stricmp([
"Type"
],
"Trial"
)
0051684E
|
83C4
08
| add esp,
8
|
00516851
|
85C0
| test eax,eax | eax:&
"ActId"
00516853
|
75
0C
| jne sourceinsight4.
516861
|
00516855
| C786
0C060000
01000000
| mov dword ptr ds:[esi
+
60C
],
1
|
0051685F
| EB
36
| jmp sourceinsight4.
516897
|
00516861
|
68
8C616000
| push sourceinsight4.
60618C
|
60618C
:
"Beta"
00516866
|
57
| push edi |
00516867
| E8 BEA50B00 | call sourceinsight4.
5D0E2A
|
0051686C
|
83C4
08
| add esp,
8
|
0051686F
|
85C0
| test eax,eax | eax:&
"ActId"
00516871
|
75
0C
| jne sourceinsight4.
51687F
|
00516873
| C786
0C060000
03000000
| mov dword ptr ds:[esi
+
60C
],
3
|
0051687D
| EB
18
| jmp sourceinsight4.
516897
|
0051687F
|
68
80616000
| push sourceinsight4.
606180
|
606180
:
"Standard"
00516884
|
57
| push edi |
00516885
| E8 A0A50B00 | call sourceinsight4.
5D0E2A
|
0051688A
|
83C4
08
| add esp,
8
|
0051688D
|
85C0
| test eax,eax | eax:&
"ActId"
0051688F
|
75
06
| jne sourceinsight4.
516897
|
00516891
|
899E
0C060000
| mov dword ptr ds:[esi
+
60C
],ebx |
00516897
|
8D4424
0C
| lea eax,dword ptr ss:[esp
+
C] |
0051689B
|
50
| push eax | eax:&
"ActId"
0051689C
|
68
D0656000 | push sourceinsight4.
6065D0
|
6065D0
:
"LicensedUser"
005168A1
|
8D4C24
24
| lea ecx,dword ptr ss:[esp
+
24
] | [esp
+
24
]:
"ActId"
005168A5
| E8
16DDFFFF
| call sourceinsight4.
5145C0
| 取出 [
"LicensedUser"
] 的值
005168AA
|
85C0
| test eax,eax | eax:&
"ActId"
005168AC
|
0F84
36030000
| je sourceinsight4.
516BE8
|
005168B2
|
8B4C24
0C
| mov ecx,dword ptr ss:[esp
+
C] |
005168B6
|
51
| push ecx |
005168B7
|
8D96
04010000
| lea edx,dword ptr ds:[esi
+
104
] |
005168BD
|
52
| push edx |
005168BE
| E8 BD4E0A00 | call sourceinsight4.
5BB780
| strcpy(edx, [
"LicensedUser"
])
005168C3
|
83C4
08
| add esp,
8
|
005168C6
|
8D4424
0C
| lea eax,dword ptr ss:[esp
+
C] |
005168CA
|
50
| push eax | eax:&
"ActId"
005168CB
|
68
C0656000 | push sourceinsight4.
6065C0
|
6065C0
:
"Organization"
005168D0
|
8D4C24
24
| lea ecx,dword ptr ss:[esp
+
24
] | [esp
+
24
]:
"ActId"
005168D4
| E8 E7DCFFFF | call sourceinsight4.
5145C0
| 取出 [
"Organization"
] 的值
005168D9
|
85C0
| test eax,eax | eax:&
"ActId"
005168DB
|
74
14
| je sourceinsight4.
5168F1
|
005168DD
|
8B4C24
0C
| mov ecx,dword ptr ss:[esp
+
C] |
005168E1
|
51
| push ecx |
005168E2
|
8D96
04020000
| lea edx,dword ptr ds:[esi
+
204
] |
005168E8
|
52
| push edx |
005168E9
| E8
924E0A00
| call sourceinsight4.
5BB780
| strcpy(edx, [
"Organization"
])
005168EE
|
83C4
08
| add esp,
8
|
005168F1
|
8D4424
0C
| lea eax,dword ptr ss:[esp
+
C] |
005168F5
|
50
| push eax | eax:&
"ActId"
005168F6
|
68
B8656000 | push sourceinsight4.
6065B8
|
6065B8
:
"Email"
005168FB
|
8D4C24
24
| lea ecx,dword ptr ss:[esp
+
24
] | [esp
+
24
]:
"ActId"
005168FF
| E8 BCDCFFFF | call sourceinsight4.
5145C0
| 取出 [
"Email"
] 的值
00516904
|
85C0
| test eax,eax | eax:&
"ActId"
00516906
|
74
14
| je sourceinsight4.
51691C
|
00516908
|
8B4C24
0C
| mov ecx,dword ptr ss:[esp
+
C] |
0051690C
|
51
| push ecx |
0051690D
|
8D96
04030000
| lea edx,dword ptr ds:[esi
+
304
] |
00516913
|
52
| push edx |
00516914
| E8
674E0A00
| call sourceinsight4.
5BB780
| strcpy(edx, [
"Email"
])
00516919
|
83C4
08
| add esp,
8
|
0051691C
|
8D4424
0C
| lea eax,dword ptr ss:[esp
+
C] |
00516920
|
50
| push eax | eax:&
"ActId"
00516921
|
68
B0656000 | push sourceinsight4.
6065B0
|
6065B0
:
"Serial"
00516926
|
8D4C24
24
| lea ecx,dword ptr ss:[esp
+
24
] | [esp
+
24
]:
"ActId"
0051692A
| E8
91DCFFFF
| call sourceinsight4.
5145C0
| 取出 [
"Serial"
] 的值
0051692F
|
85C0
| test eax,eax | eax:&
"ActId"
00516931
|
0F84
B1020000 | je sourceinsight4.
516BE8
|
00516937
|
8B4C24
0C
| mov ecx,dword ptr ss:[esp
+
C] |
0051693B
|
55
| push ebp |
0051693C
|
51
| push ecx |
0051693D
|
8D6E
04
| lea ebp,dword ptr ds:[esi
+
4
] |
00516940
|
55
| push ebp |
00516941
| E8
3A4E0A00
| call sourceinsight4.
5BB780
| strcpy(edx, [
"Serial"
])
00516946
|
83C4
08
| add esp,
8
|
00516949
|
8D5424
10
| lea edx,dword ptr ss:[esp
+
10
] |
0051694D
|
52
| push edx |
0051694E
|
68
A8656000 | push sourceinsight4.
6065A8
|
6065A8
:
"ActId"
00516953
|
8D4C24
28
| lea ecx,dword ptr ss:[esp
+
28
] | [esp
+
28
]:
"Serial"
00516957
| E8
64DCFFFF
| call sourceinsight4.
5145C0
| 取出 [
"ActId"
] 的值
0051695C
|
85C0
| test eax,eax | eax:&
"ActId"
0051695E
|
0F84
66020000
| je sourceinsight4.
516BCA
|
00516964
|
8B4424
10
| mov eax,dword ptr ss:[esp
+
10
] |
00516968
|
50
| push eax | eax:&
"ActId"
00516969
|
8DBE
3A060000
| lea edi,dword ptr ds:[esi
+
63A
] |
0051696F
|
57
| push edi |
00516970
| E8
0B4E0A00
| call sourceinsight4.
5BB780
| strcpy(edx, [
"ActId"
])
00516975
|
68
7F1B0000
| push
1B7F
|
0051697A
|
6A
32
| push
32
|
0051697C
|
6A
04
| push
4
|
0051697E
|
68
701A6500
| push sourceinsight4.
651A70
|
00516983
|
57
| push edi |
00516984
| E8 E7CBEEFF | call sourceinsight4.
403570
| 检查 [
"ActId"
] 的值
00516989
|
33C9
| xor ecx,ecx |
0051698B
|
3BC3
|
cmp
eax,ebx | eax:&
"ActId"
0051698D
|
0F9FC1
| setg cl |
00516990
|
68
9C656000
| push sourceinsight4.
60659C
|
60659C
:
"Deferred"
00516995
|
57
| push edi |
00516996
|
8BD9
| mov ebx,ecx |
00516998
| E8
8DA40B00
| call sourceinsight4.
5D0E2A
| stricmp([
"ActId"
],
"Deferred"
)
0051699D
|
83C4
24
| add esp,
24
|
005169A0
|
85C0
| test eax,eax | eax:&
"ActId"
005169A2
|
75
38
| jne sourceinsight4.
5169DC
|
005169A4
| C706
02000000
| mov dword ptr ds:[esi],
2
|
005169AA
| C78424
28040000
FFFFFF | mov dword ptr ss:[esp
+
428
],FFFFFFFF |
005169B5
|
8D4C24
20
| lea ecx,dword ptr ss:[esp
+
20
] |
005169B9
| E8
22DBFFFF
| call sourceinsight4.
5144E0
| 释放掉保存的文件数据
005169BE
| B8 C8000000 | mov eax,C8 | 返回值为
0XC8
,表示通过检查。
005169C3
|
5D
| pop ebp |
005169C4
|
5F
| pop edi |
005169C5
|
5E
| pop esi |
005169C6
|
5B
| pop ebx |
005169C7
|
8B8C24
10040000
| mov ecx,dword ptr ss:[esp
+
410
] |
005169CE
|
64
:
890D
00000000
| mov dword ptr fs:[
0
],ecx |
005169D5
|
81C4
1C040000
| add esp,
41C
|
005169DB
| C3 | ret |
005169DC
|
33D2
| xor edx,edx |
005169DE
|
85DB
| test ebx,ebx |
005169E0
|
0F94C2
| sete dl |
005169E3
|
8D4424
14
| lea eax,dword ptr ss:[esp
+
14
] |
005169E7
|
8D4C24
18
| lea ecx,dword ptr ss:[esp
+
18
] |
005169EB
|
52
| push edx |
005169EC
|
50
| push eax | eax:&
"ActId"
005169ED
|
51
| push ecx |
005169EE
|
8D5424
28
| lea edx,dword ptr ss:[esp
+
28
] | [esp
+
28
]:
"Serial"
005169F2
|
52
| push edx |
005169F3
|
55
| push ebp |
005169F4
| E8 A7E1FFFF | call sourceinsight4.
514BA0
| 检查 [
"Serial"
]
005169F9
|
83C4
14
| add esp,
14
|
005169FC
|
85C0
| test eax,eax | eax:&
"ActId"
005169FE
|
74
0C
| je sourceinsight4.
516A0C
|
00516A00
|
8B4424
18
| mov eax,dword ptr ss:[esp
+
18
] |
00516A04
|
3B86
0C060000
|
cmp
eax,dword ptr ds:[esi
+
60C
] | eax:&
"ActId"
00516A0A
|
74
1B
| je sourceinsight4.
516A27
|
00516A0C
| C78424
28040000
FFFFFF | mov dword ptr ss:[esp
+
428
],FFFFFFFF |
00516A17
|
8D4C24
20
| lea ecx,dword ptr ss:[esp
+
20
] |
00516A1B
| E8 C0DAFFFF | call sourceinsight4.
5144E0
|
00516A20
| B8 EF010000 | mov eax,
1EF
| eax:&
"ActId"
00516A25
| EB
9C
| jmp sourceinsight4.
5169C3
|
00516A27
|
0FB60D
13956500
| movzx ecx,byte ptr ds:[
659513
] |
00516A2E
|
8B7C24
14
| mov edi,dword ptr ss:[esp
+
14
] |
00516A32
|
3BF9
|
cmp
edi,ecx |
00516A34
|
0F85
BA000000 | jne sourceinsight4.
516AF4
|
00516A3A
|
55
| push ebp |
00516A3B
| B9
40846600
| mov ecx,sourceinsight4.
668440
|
00516A40
| E8 CB6FF4FF | call sourceinsight4.
45DA10
|
00516A45
|
85C0
| test eax,eax | eax:&
"ActId"
00516A47
|
74
1E
| je sourceinsight4.
516A67
|
00516A49
| C78424
28040000
FFFFFF | mov dword ptr ss:[esp
+
428
],FFFFFFFF |
00516A54
|
8D4C24
20
| lea ecx,dword ptr ss:[esp
+
20
] |
00516A58
| E8
83DAFFFF
| call sourceinsight4.
5144E0
|
00516A5D
| B8 CC010000 | mov eax,
1CC
| eax:&
"ActId"
00516A62
| E9
5CFFFFFF
| jmp sourceinsight4.
5169C3
|
00516A67
|
85DB
| test ebx,ebx |
00516A69
|
75
37
| jne sourceinsight4.
516AA2
|
00516A6B
|
8D5424
10
| lea edx,dword ptr ss:[esp
+
10
] |
00516A6F
|
52
| push edx |
00516A70
|
68
94656000
| push sourceinsight4.
606594
|
606594
:
"HWID"
00516A75
|
8D4C24
28
| lea ecx,dword ptr ss:[esp
+
28
] | [esp
+
28
]:
"Serial"
00516A79
| C706
01000000
| mov dword ptr ds:[esi],
1
|
00516A7F
| E8
3CDBFFFF
| call sourceinsight4.
5145C0
|
00516A84
|
85C0
| test eax,eax | eax:&
"ActId"
00516A86
|
0F84
3E010000
| je sourceinsight4.
516BCA
|
00516A8C
|
8B4424
10
| mov eax,dword ptr ss:[esp
+
10
] |
00516A90
|
50
| push eax | eax:&
"ActId"
00516A91
|
8D8E
28060000
| lea ecx,dword ptr ds:[esi
+
628
] |
00516A97
|
51
| push ecx |
00516A98
| E8 E34C0A00 | call sourceinsight4.
5BB780
|
00516A9D
|
83C4
08
| add esp,
8
|
00516AA0
| EB
06
| jmp sourceinsight4.
516AA8
|
00516AA2
| C706
03000000
| mov dword ptr ds:[esi],
3
|
00516AA8
|
8D5424
10
| lea edx,dword ptr ss:[esp
+
10
] |
00516AAC
|
52
| push edx |
00516AAD
|
68
10AC5D00
| push sourceinsight4.
5DAC10
|
5DAC10
:
"Version"
00516AB2
|
8D4C24
28
| lea ecx,dword ptr ss:[esp
+
28
] | [esp
+
28
]:
"Serial"
00516AB6
| E8
05DBFFFF
| call sourceinsight4.
5145C0
| 取出 [
"Version"
] 的值
00516ABB
|
85C0
| test eax,eax | eax:&
"ActId"
00516ABD
|
0F84
07010000
| je sourceinsight4.
516BCA
|
00516AC3
|
8B4424
10
| mov eax,dword ptr ss:[esp
+
10
] |
00516AC7
|
8A00
| mov al,byte ptr ds:[eax] | eax:&
"ActId"
00516AC9
|
3C
30
|
cmp
al,
30
|
30
:
'0'
00516ACB
|
0F8C
F9000000 | jl sourceinsight4.
516BCA
|
00516AD1
|
3C
39
|
cmp
al,
39
|
39
:
'9'
00516AD3
|
0F8F
F1000000 | jg sourceinsight4.
516BCA
|
00516AD9
|
0FBEC0
| movsx eax,al | eax:&
"ActId"
00516ADC
|
83C0
D0 | add eax,FFFFFFD0 | eax:&
"ActId"
00516ADF
|
8986
04060000
| mov dword ptr ds:[esi
+
604
],eax | eax:&
"ActId"
00516AE5
|
0FB60D
13956500
| movzx ecx,byte ptr ds:[
659513
] |
00516AEC
|
3BC1
|
cmp
eax,ecx | eax:&
"ActId"
00516AEE
|
75
04
| jne sourceinsight4.
516AF4
|
00516AF0
|
3BC7
|
cmp
eax,edi | eax:&
"ActId"
00516AF2
|
74
1E
| je sourceinsight4.
516B12
|
00516AF4
| C78424
28040000
FFFFFF | mov dword ptr ss:[esp
+
428
],FFFFFFFF |
00516AFF
|
8D4C24
20
| lea ecx,dword ptr ss:[esp
+
20
] |
00516B03
| E8 D8D9FFFF | call sourceinsight4.
5144E0
|
00516B08
| B8 EA010000 | mov eax,
1EA
| eax:&
"ActId"
00516B0D
| E9 B1FEFFFF | jmp sourceinsight4.
5169C3
|
00516B12
|
8D5424
10
| lea edx,dword ptr ss:[esp
+
10
] |
00516B16
|
33DB
| xor ebx,ebx |
00516B18
|
52
| push edx |
00516B19
|
68
88656000
| push sourceinsight4.
606588
|
606588
:
"Expiration"
00516B1E
|
8D4C24
28
| lea ecx,dword ptr ss:[esp
+
28
] | [esp
+
28
]:
"Serial"
00516B22
|
899E
18060000
| mov dword ptr ds:[esi
+
618
],ebx |
00516B28
|
899E
14060000
| mov dword ptr ds:[esi
+
614
],ebx |
00516B2E
|
899E
10060000
| mov dword ptr ds:[esi
+
610
],ebx |
00516B34
| E8
87DAFFFF
| call sourceinsight4.
5145C0
| 取出 [
"Expiration"
] 的值
00516B39
|
85C0
| test eax,eax | eax:&
"ActId"
00516B3B
|
74
1F
| je sourceinsight4.
516B5C
|
00516B3D
|
8B4424
10
| mov eax,dword ptr ss:[esp
+
10
] |
00516B41
|
50
| push eax | eax:&
"ActId"
00516B42
|
8D8E
10060000
| lea ecx,dword ptr ds:[esi
+
610
] |
00516B48
| E8 E394F3FF | call sourceinsight4.
450030
|
00516B4D
|
8D8E
10060000
| lea ecx,dword ptr ds:[esi
+
610
] |
00516B53
| E8
8881F3FF
| call sourceinsight4.
44ECE0
|
00516B58
|
85C0
| test eax,eax | eax:&
"ActId"
00516B5A
|
74
50
| je sourceinsight4.
516BAC
|
00516B5C
|
8D4C24
10
| lea ecx,dword ptr ss:[esp
+
10
] |
00516B60
|
51
| push ecx |
00516B61
|
68
D8A65E00 | push sourceinsight4.
5EA6D8
|
5EA6D8
:
"Date"
00516B66
|
8D4C24
28
| lea ecx,dword ptr ss:[esp
+
28
] | [esp
+
28
]:
"Serial"
00516B6A
|
899E
24060000
| mov dword ptr ds:[esi
+
624
],ebx |
00516B70
|
899E
20060000
| mov dword ptr ds:[esi
+
620
],ebx |
00516B76
|
899E
1C060000
| mov dword ptr ds:[esi
+
61C
],ebx |
00516B7C
| E8
3FDAFFFF
| call sourceinsight4.
5145C0
| 取出 [
"Date"
] 的值
00516B81
|
85C0
| test eax,eax | eax:&
"ActId"
00516B83
|
0F84
21FEFFFF
| je sourceinsight4.
5169AA
|
00516B89
|
8B5424
10
| mov edx,dword ptr ss:[esp
+
10
] |
00516B8D
|
52
| push edx |
00516B8E
|
8D8E
1C060000
| lea ecx,dword ptr ds:[esi
+
61C
] |
00516B94
| E8
9794F3FF
| call sourceinsight4.
450030
| 检查日期的有效性
00516B99
|
8D8E
1C060000
| lea ecx,dword ptr ds:[esi
+
61C
] |
00516B9F
| E8
3C81F3FF
| call sourceinsight4.
44ECE0
|
00516BA4
|
85C0
| test eax,eax | 检查年、月、日的有效性
00516BA6
|
0F85
FEFDFFFF | jne sourceinsight4.
5169AA
|
00516BAC
| C78424
28040000
FFFFFF | mov dword ptr ss:[esp
+
428
],FFFFFFFF |
00516BB7
|
8D4C24
20
| lea ecx,dword ptr ss:[esp
+
20
] |
00516BBB
| E8
20D9FFFF
| call sourceinsight4.
5144E0
|
00516BC0
| B8 E3010000 | mov eax,
1E3
| eax:&
"ActId"
00516BC5
| E9 F9FDFFFF | jmp sourceinsight4.
5169C3
|
00516BCA
| C78424
28040000
FFFFFF | mov dword ptr ss:[esp
+
428
],FFFFFFFF |
00516BD5
|
8D4C24
20
| lea ecx,dword ptr ss:[esp
+
20
] |
00516BD9
| E8
02D9FFFF
| call sourceinsight4.
5144E0
|
00516BDE
| B8 D5010000 | mov eax,
1D5
| eax:&
"ActId"
00516BE3
| E9 DBFDFFFF | jmp sourceinsight4.
5169C3
|
00516BE8
| C78424
24040000
FFFFFF | mov dword ptr ss:[esp
+
424
],FFFFFFFF |
00516BF3
|
8D4C24
1C
| lea ecx,dword ptr ss:[esp
+
1C
] |
00516BF7
| E8 E4D8FFFF | call sourceinsight4.
5144E0
|
00516BFC
|
8B8C24
1C040000
| mov ecx,dword ptr ss:[esp
+
41C
] |
00516C03
|
5F
| pop edi |
00516C04
|
5E
| pop esi |
00516C05
| B8 D5010000 | mov eax,
1D5
| eax:&
"ActId"
00516C0A
|
5B
| pop ebx |
00516C0B
|
64
:
890D
00000000
| mov dword ptr fs:[
0
],ecx |
00516C12
|
81C4
1C040000
| add esp,
41C
|
00516C18
| C3 | ret |
00515F90
| B8
24210000
| mov eax,
2124
|
00515F95
| E8
36850A00
| call sourceinsight4.
5BE4D0
|
00515F9A
|
56
| push esi |
00515F9B
|
8BB424
2C210000
| mov esi,dword ptr ss:[esp
+
212C
] |
00515FA2
|
68
A01F0000 | push
1FA0
|
00515FA7
|
8D8424
8C010000
| lea eax,dword ptr ss:[esp
+
18C
] |
00515FAE
|
50
| push eax |
00515FAF
|
56
| push esi |
00515FB0
| E8
5BE6FFFF
| call sourceinsight4.
514610
| 打开文件,并读取内容。
00515FB5
|
83C4
0C
| add esp,C |
00515FB8
|
3D
C8000000 |
cmp
eax,C8 |
00515FBD
|
0F85
49010000
| jne sourceinsight4.
51610C
|
00515FC3
|
8B8C24
30210000
| mov ecx,dword ptr ss:[esp
+
2130
] |
00515FCA
|
51
| push ecx | ecx:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
00515FCB
|
8D9424
8C010000
| lea edx,dword ptr ss:[esp
+
18C
] |
00515FD2
|
52
| push edx |
00515FD3
| E8
88F8FFFF
| call sourceinsight4.
515860
|
00515FD8
|
56
| push esi |
00515FD9
| E8
0257F4FF
| call sourceinsight4.
45B6E0
| 将文件内容转换为 XML 格式
00515FDE
|
83C4
0C
| add esp,C |
00515FE1
|
85C0
| test eax,eax |
00515FE3
|
75
0D
| jne sourceinsight4.
515FF2
|
00515FE5
| B8 CC010000 | mov eax,
1CC
|
00515FEA
|
5E
| pop esi |
00515FEB
|
81C4
24210000
| add esp,
2124
|
00515FF1
| C3 | ret |
00515FF2
|
68
085E6000
| push sourceinsight4.
605E08
|
605E08
:
"Signature"
00515FF7
|
8BC8
| mov ecx,eax | ecx:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
00515FF9
| E8
722AF4FF
| call sourceinsight4.
458A70
| 判断是否有
"Sigature"
字段
00515FFE
|
8BF0
| mov esi,eax |
00516000
|
85F6
| test esi,esi |
00516002
|
74
E1 | je sourceinsight4.
515FE5
|
00516004
|
68
889D5E00
| push sourceinsight4.
5E9D88
|
5E9D88
:
"Value"
00516009
|
8BCE
| mov ecx,esi | ecx:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
0051600B
| E8
4032F4FF
| call sourceinsight4.
459250
| 检查
"Value"
是否存在
00516010
|
85C0
| test eax,eax |
00516012
|
74
D1 | je sourceinsight4.
515FE5
|
00516014
|
55
| push ebp |
00516015
|
57
| push edi |
00516016
|
8B78
18
| mov edi,dword ptr ds:[eax
+
18
] |
00516019
|
8B46
20
| mov eax,dword ptr ds:[esi
+
20
] |
0051601C
|
8D8C24
90010000
| lea ecx,dword ptr ss:[esp
+
190
] |
00516023
|
51
| push ecx | ecx:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
00516024
| C68404
94010000
00
| mov byte ptr ss:[esp
+
eax
+
194
],
0
|
0051602C
| E8 AFE8F2FF | call sourceinsight4.
4448E0
|
00516031
|
8BE8
| mov ebp,eax |
00516033
|
83C4
04
| add esp,
4
|
00516036
|
85ED
| test ebp,ebp |
00516038
|
75
0F
| jne sourceinsight4.
516049
|
0051603A
|
5F
| pop edi |
0051603B
|
5D
| pop ebp |
0051603C
| B8 EC010000 | mov eax,
1EC
|
00516041
|
5E
| pop esi |
00516042
|
81C4
24210000
| add esp,
2124
|
00516048
| C3 | ret |
00516049
|
55
| push ebp |
0051604A
|
8D9424
94010000
| lea edx,dword ptr ss:[esp
+
194
] |
00516051
|
68
0C606000
| push sourceinsight4.
60600C
|
60600C
:
"\n\r\t "
00516056
|
52
| push edx |
00516057
| E8
14EAF2FF
| call sourceinsight4.
444A70
| 取出掉文件数据中的空白字符和换行符
0051605C
|
83C4
0C
| add esp,C |
0051605F
|
8D4424
10
| lea eax,dword ptr ss:[esp
+
10
] |
00516063
|
50
| push eax |
00516064
|
68
80000000
| push
80
|
00516069
|
68
B0070000 | push
7B0
|
0051606E
|
55
| push ebp |
0051606F
| E8
6C4E0A00
| call sourceinsight4.
5BAEE0
| 计算长度
00516074
|
83C4
04
| add esp,
4
|
00516077
|
40
| inc eax |
00516078
|
50
| push eax |
00516079
|
55
| push ebp |
0051607A
| E8
91D1EEFF
| call sourceinsight4.
403210
|
1.
0051607F
|
8D4C24
20
| lea ecx,dword ptr ss:[esp
+
20
] |
00516083
|
51
| push ecx | ecx:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
00516084
|
8D9424
A8000000 | lea edx,dword ptr ss:[esp
+
A8] |
0051608B
|
52
| push edx |
0051608C
|
57
| push edi |
0051608D
| E8
6ECEEEFF
| call sourceinsight4.
402F00
|
2.
对 Signature 块中 Value 字段的字符串进行 Base64 解码
00516092
|
83C4
20
| add esp,
20
|
00516095
|
817C24
0C
80000000
|
cmp
dword ptr ss:[esp
+
C],
80
|
0051609D
|
75
50
| jne sourceinsight4.
5160EF
|
0051609F
| B8
80000000
| mov eax,
80
|
005160A4
|
8D4C24
10
| lea ecx,dword ptr ss:[esp
+
10
] |
005160A8
|
8DB424
90000000
| lea esi,dword ptr ss:[esp
+
90
] | esi:EntryPoint
005160AF
|
90
| nop |
005160B0
|
8B16
| mov edx,dword ptr ds:[esi] | edx:EntryPoint, esi:EntryPoint
005160B2
|
3B11
|
cmp
edx,dword ptr ds:[ecx] | edx:EntryPoint, ecx:EntryPoint
005160B4
|
75
39
| jne sourceinsight4_original.
5160EF
|
005160B6
|
83E8
04
| sub eax,
4
|
005160B9
|
83C1
04
| add ecx,
4
| ecx:EntryPoint
005160BC
|
83C6
04
| add esi,
4
| esi:EntryPoint
005160BF
|
83F8
04
|
cmp
eax,
4
|
005160C2
|
73
EC | jae sourceinsight4.
5160B0
|
005160C4
|
85C0
| test eax,eax |
005160C6
|
74
20
| je sourceinsight4.
5160E8
|
005160C8
|
8A11
| mov dl,byte ptr ds:[ecx] | ecx:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
005160CA
|
3A16
|
cmp
dl,byte ptr ds:[esi] |
005160CC
|
75
21
| jne sourceinsight4.
5160EF
|
005160CE
|
83F8
01
|
cmp
eax,
1
|
005160D1
|
76
15
| jbe sourceinsight4.
5160E8
|
005160D3
|
8A51
01
| mov dl,byte ptr ds:[ecx
+
1
] | ecx
+
1
:
":\\ProgramData\\Source Insight\\4.0\\si4.lic"
005160D6
|
3A56
01
|
cmp
dl,byte ptr ds:[esi
+
1
] |
005160D9
|
75
14
| jne sourceinsight4.
5160EF
|
005160DB
|
83F8
02
|
cmp
eax,
2
|
005160DE
|
76
08
| jbe sourceinsight4.
5160E8
|
005160E0
|
8A41
02
| mov al,byte ptr ds:[ecx
+
2
] | ecx
+
2
:
"\\ProgramData\\Source Insight\\4.0\\si4.lic"
005160E3
|
3A46
02
|
cmp
al,byte ptr ds:[esi
+
2
] |
005160E6
|
75
07
| jne sourceinsight4.
5160EF
|
005160E8
| BE
01000000
| mov esi,
1
|
005160ED
| EB
02
| jmp sourceinsight4.
5160F1
|
005160EF
|
33F6
| xor esi,esi |
005160F1
|
55
| push ebp |
005160F2
| E8
39EDF0FF
| call sourceinsight4.
424E30
|
005160F7
|
83C4
04
| add esp,
4
|
005160FA
|
8BC6
| mov eax,esi |
005160FC
| F7D8 | neg eax |
005160FE
|
1BC0
| sbb eax,eax |
00516100
|
25
FAFEFFFF |
and
eax,FFFFFEFA |
00516105
|
5F
| pop edi |
00516106
|
05
CE010000 | add eax,
1CE
|
0051610B
|
5D
| pop ebp |
0051610C
|
5E
| pop esi |
0051610D
|
81C4
24210000
| add esp,
2124
|
00516113
| C3 | ret |
00515F90
| B8
24210000
| mov eax,
2124
|
00515F95
| E8
36850A00
| call sourceinsight4.
5BE4D0
|
00515F9A
|
56
| push esi |
00515F9B
|
8BB424
2C210000
| mov esi,dword ptr ss:[esp
+
212C
] |
00515FA2
|
68
A01F0000 | push
1FA0
|
00515FA7
|
8D8424
8C010000
| lea eax,dword ptr ss:[esp
+
18C
] |
00515FAE
|
50
| push eax |
00515FAF
|
56
| push esi |
00515FB0
| E8
5BE6FFFF
| call sourceinsight4.
514610
| 打开文件,并读取内容。
00515FB5
|
83C4
0C
| add esp,C |
00515FB8
|
3D
C8000000 |
cmp
eax,C8 |
00515FBD
|
0F85
49010000
| jne sourceinsight4.
51610C
|
00515FC3
|
8B8C24
30210000
| mov ecx,dword ptr ss:[esp
+
2130
] |
00515FCA
|
51
| push ecx | ecx:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
00515FCB
|
8D9424
8C010000
| lea edx,dword ptr ss:[esp
+
18C
] |
00515FD2
|
52
| push edx |
00515FD3
| E8
88F8FFFF
| call sourceinsight4.
515860
|
00515FD8
|
56
| push esi |
00515FD9
| E8
0257F4FF
| call sourceinsight4.
45B6E0
| 将文件内容转换为 XML 格式
00515FDE
|
83C4
0C
| add esp,C |
00515FE1
|
85C0
| test eax,eax |
00515FE3
|
75
0D
| jne sourceinsight4.
515FF2
|
00515FE5
| B8 CC010000 | mov eax,
1CC
|
00515FEA
|
5E
| pop esi |
00515FEB
|
81C4
24210000
| add esp,
2124
|
00515FF1
| C3 | ret |
00515FF2
|
68
085E6000
| push sourceinsight4.
605E08
|
605E08
:
"Signature"
00515FF7
|
8BC8
| mov ecx,eax | ecx:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
00515FF9
| E8
722AF4FF
| call sourceinsight4.
458A70
| 判断是否有
"Sigature"
字段
00515FFE
|
8BF0
| mov esi,eax |
00516000
|
85F6
| test esi,esi |
00516002
|
74
E1 | je sourceinsight4.
515FE5
|
00516004
|
68
889D5E00
| push sourceinsight4.
5E9D88
|
5E9D88
:
"Value"
00516009
|
8BCE
| mov ecx,esi | ecx:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
0051600B
| E8
4032F4FF
| call sourceinsight4.
459250
| 检查
"Value"
是否存在
00516010
|
85C0
| test eax,eax |
00516012
|
74
D1 | je sourceinsight4.
515FE5
|
00516014
|
55
| push ebp |
00516015
|
57
| push edi |
00516016
|
8B78
18
| mov edi,dword ptr ds:[eax
+
18
] |
00516019
|
8B46
20
| mov eax,dword ptr ds:[esi
+
20
] |
0051601C
|
8D8C24
90010000
| lea ecx,dword ptr ss:[esp
+
190
] |
00516023
|
51
| push ecx | ecx:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
00516024
| C68404
94010000
00
| mov byte ptr ss:[esp
+
eax
+
194
],
0
|
0051602C
| E8 AFE8F2FF | call sourceinsight4.
4448E0
|
00516031
|
8BE8
| mov ebp,eax |
00516033
|
83C4
04
| add esp,
4
|
00516036
|
85ED
| test ebp,ebp |
00516038
|
75
0F
| jne sourceinsight4.
516049
|
0051603A
|
5F
| pop edi |
0051603B
|
5D
| pop ebp |
0051603C
| B8 EC010000 | mov eax,
1EC
|
00516041
|
5E
| pop esi |
00516042
|
81C4
24210000
| add esp,
2124
|
00516048
| C3 | ret |
00516049
|
55
| push ebp |
0051604A
|
8D9424
94010000
| lea edx,dword ptr ss:[esp
+
194
] |
00516051
|
68
0C606000
| push sourceinsight4.
60600C
|
60600C
:
"\n\r\t "
00516056
|
52
| push edx |
00516057
| E8
14EAF2FF
| call sourceinsight4.
444A70
| 取出掉文件数据中的空白字符和换行符
0051605C
|
83C4
0C
| add esp,C |
0051605F
|
8D4424
10
| lea eax,dword ptr ss:[esp
+
10
] |
00516063
|
50
| push eax |
00516064
|
68
80000000
| push
80
|
00516069
|
68
B0070000 | push
7B0
|
0051606E
|
55
| push ebp |
0051606F
| E8
6C4E0A00
| call sourceinsight4.
5BAEE0
| 计算长度
00516074
|
83C4
04
| add esp,
4
|
00516077
|
40
| inc eax |
00516078
|
50
| push eax |
00516079
|
55
| push ebp |
0051607A
| E8
91D1EEFF
| call sourceinsight4.
403210
|
1.
0051607F
|
8D4C24
20
| lea ecx,dword ptr ss:[esp
+
20
] |
00516083
|
51
| push ecx | ecx:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
00516084
|
8D9424
A8000000 | lea edx,dword ptr ss:[esp
+
A8] |
0051608B
|
52
| push edx |
0051608C
|
57
| push edi |
0051608D
| E8
6ECEEEFF
| call sourceinsight4.
402F00
|
2.
对 Signature 块中 Value 字段的字符串进行 Base64 解码
00516092
|
83C4
20
| add esp,
20
|
00516095
|
817C24
0C
80000000
|
cmp
dword ptr ss:[esp
+
C],
80
|
0051609D
|
75
50
| jne sourceinsight4.
5160EF
|
0051609F
| B8
80000000
| mov eax,
80
|
005160A4
|
8D4C24
10
| lea ecx,dword ptr ss:[esp
+
10
] |
005160A8
|
8DB424
90000000
| lea esi,dword ptr ss:[esp
+
90
] | esi:EntryPoint
005160AF
|
90
| nop |
005160B0
|
8B16
| mov edx,dword ptr ds:[esi] | edx:EntryPoint, esi:EntryPoint
005160B2
|
3B11
|
cmp
edx,dword ptr ds:[ecx] | edx:EntryPoint, ecx:EntryPoint
005160B4
|
75
39
| jne sourceinsight4_original.
5160EF
|
005160B6
|
83E8
04
| sub eax,
4
|
005160B9
|
83C1
04
| add ecx,
4
| ecx:EntryPoint
005160BC
|
83C6
04
| add esi,
4
| esi:EntryPoint
005160BF
|
83F8
04
|
cmp
eax,
4
|
005160C2
|
73
EC | jae sourceinsight4.
5160B0
|
005160C4
|
85C0
| test eax,eax |
005160C6
|
74
20
| je sourceinsight4.
5160E8
|
005160C8
|
8A11
| mov dl,byte ptr ds:[ecx] | ecx:
"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
005160CA
|
3A16
|
cmp
dl,byte ptr ds:[esi] |
005160CC
|
75
21
| jne sourceinsight4.
5160EF
|
005160CE
|
83F8
01
|
cmp
eax,
1
|
005160D1
|
76
15
| jbe sourceinsight4.
5160E8
|
005160D3
|
8A51
01
| mov dl,byte ptr ds:[ecx
+
1
] | ecx
+
1
:
":\\ProgramData\\Source Insight\\4.0\\si4.lic"
005160D6
|
3A56
01
|
cmp
dl,byte ptr ds:[esi
+
1
] |
005160D9
|
75
14
| jne sourceinsight4.
5160EF
|
005160DB
|
83F8
02
|
cmp
eax,
2
|
005160DE
|
76
08
| jbe sourceinsight4.
5160E8
|
005160E0
|
8A41
02
| mov al,byte ptr ds:[ecx
+
2
] | ecx
+
2
:
"\\ProgramData\\Source Insight\\4.0\\si4.lic"
005160E3
|
3A46
02
|
cmp
al,byte ptr ds:[esi
+
2
] |
005160E6
|
75
07
| jne sourceinsight4.
5160EF
|
005160E8
| BE
01000000
| mov esi,
1
|
005160ED
| EB
02
| jmp sourceinsight4.
5160F1
|
005160EF
|
33F6
| xor esi,esi |
005160F1
|
55
| push ebp |
005160F2
| E8
39EDF0FF
| call sourceinsight4.
424E30
|
005160F7
|
83C4
04
| add esp,
4
|
005160FA
|
8BC6
| mov eax,esi |
005160FC
| F7D8 | neg eax |
005160FE
|
1BC0
| sbb eax,eax |
00516100
|
25
FAFEFFFF |
and
eax,FFFFFEFA |
00516105
|
5F
| pop edi |
00516106
|
05
CE010000 | add eax,
1CE
|
0051610B
|
5D
| pop ebp |
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课