首页
社区
课程
招聘
Source Insight4 注册机
发表于: 2023-6-14 00:36 20965

Source Insight4 注册机

2023-6-14 00:36
20965

版本:Source Insight 4.00.0128

关闭随机基址,方便分析。

image-20230613212025090

使用 Spy++ 工具查看输入框控制的属性,根据控制句柄在 GetWindowsTextW() 函数下条件断点。

image-20230613214325058

截获到输入的序列号后,使用 IDA 分析。

序列号检验的函数

软件有提示序列号格式:S4XX-XXXX-XXXX-XXXX

Serial[0] = 'S'
Serial[1] = ‘4’
Serial[2] = ‘T’/‘B’/‘S’/‘U’
Serial[3] = ‘G’,不能是 ‘R’
Serial[6] = ‘R’/‘G’/‘D’/‘F’

这里我们伪造一个序列号:S4SG-ARCD-EFGH-XXXX,后四位可由 sub_514370() 函数生成。

生成后四位的算法

根据算法写注册机

生成的后四位为:”36V6”,最后序列号为:“S4SG-ARCD-EFGH-36V6”。

输入序列号后,填写信息,然后会出现提示信息 "Now activating your license... Please wait...",打开 Fiddler 抓包,发现有发送 HTTP 请求,在 HttpSendRequestW() 函数下断点,发现会调用 HttpQueryInfo() 函数获取返回值的状态码,并判断状态码是否为 200 。但是返回的状态码为 460,所以网络验证不通过,这里可以通过修改指令直接跳过 HttpQueryInfo() 函数,直接给用来判断的变量赋值为 200。这里我们不做修改,因为后面可以通过签名文件实现离线注册。

网页验证通过后,会写注册表和 C:\ProgramData\Source Insight\4.0\si4.lic 文件。

校验 si.lic 文件有三部分:

以下是主要函数:

这个函数返回 0xC8 就表示通过。

校验 Signature 字段就是读取 si.lic 文件中 Signature 块之前的所有字符,去除掉空格和换行后,通过 00402FF0() 函数生成二进制签名数据,然后对 Signature 块中 Value 字段的字符串进行 Base64 解码,生成二进制签名数据。最后比较这两个签名数据是否相同,相同则返回 0xC8。

生成二进制签名数据的函数:

LicenseProperties 块中的 ActId 字段的前四个字符是要和 ActId 表中的各个 ActId 进行比较的,只比较 4 个字符。

ActId 表的内容:

ActId 字段剩余的字符是通过 C 盘的卷 ID 和 Process Token Sid 和计算机名称拼接而成字符串,再通过 00402FF0() 函数生成四个字节的校验码,最后转换为十进制的字符串而生成的。

获取 C 盘卷 ID 的函数

获取 Process Token Sid 的函数

获取计算机名称的函数

拼接 C 盘的卷Id、token、电脑名,生成校验码的函数

通过上述的注册函数的逆向,我们已经知道了 si,lic 文件是如何生成的了。我们可以按照 si,lic 的检验规则写出生成 si,lic 的注册机。然后通过注册机生成的 si.lic 文件实现离线注册。

具体实现代码:

注册通过:

image-20230613235327003

生成 si.lic 文件

代码和工具下载:SourceInsight4 · Boaster/Crack - 码云 - 开源中国 (gitee.com)

参考: https://bbs.kanxue.com/thread-261478.htm#msg_header_h2_4

Source Insight4 破解-软件逆向-看雪-安全社区|安全招聘|kanxue.com

 
 
 
 
 
BOOL __cdecl sub_514BA0(char *szSerial, void *ArgcList_608, void *ArgcList_60C, void *ArgcList_604, int n_1)
{
  char v5; // al
  char v6; // al
  char v7; // al
  char v8; // al
  int v10; // [esp+4h] [ebp-18h] BYREF
  char Destination[20]; // [esp+8h] [ebp-14h] BYREF
 
  _strupr(szSerial);
  if ( strlen(szSerial) != 19 )
    return 0;
  if ( szSerial[4] != '-' )
    return 0;
  if ( szSerial[9] != '-' )
    return 0;
  if ( szSerial[14] != '-' )
    return 0;
  if ( *szSerial != 'S' )
    return 0;
  if ( n_1 )
  {
    v5 = szSerial[6];
    if ( v5 != 'R' && v5 != 'G' && v5 != 'D' && v5 != 'F' )
      return 0;
  }
  v6 = szSerial[1];
  if ( v6 < '0' || v6 > '9' )
    return 0;
  *ArgcList_604 = v6 - '0';                     // *ArgcList_604 = szSerial[1] - '0';
  v7 = szSerial[2];
  switch ( v7 )                                 // *ArgcList_604 = [1 3 0 0]
  {
    case 'T':
      *ArgcList_60C = 1;
      break;
    case 'B':
      *ArgcList_60C = 3;
      break;
    case 'S':
      *ArgcList_60C = 0;
      break;
    case 'U':
      *ArgcList_60C = 0;
      break;
    default:
      return 0;
  }
  v8 = szSerial[3];
  if ( v8 == 'G' )
  {
    *ArgcList_608 = 1;
  }
  else
  {
    if ( v8 != 'R' )
      return 0;
    *ArgcList_608 = 0;
  }
  if ( !n_1 )
    return 1;
  strcpy(Destination, szSerial);
  Destination[15] = 0;
  sub_514370(Destination, 15, &unk_604F70, &v10);// 根据序列号的前 15 位生成后四位
  return *(szSerial + 15) == v10;               // 判断生成的后四位和序列号中的后四位是否相等。
}
BOOL __cdecl sub_514BA0(char *szSerial, void *ArgcList_608, void *ArgcList_60C, void *ArgcList_604, int n_1)
{
  char v5; // al
  char v6; // al
  char v7; // al
  char v8; // al
  int v10; // [esp+4h] [ebp-18h] BYREF
  char Destination[20]; // [esp+8h] [ebp-14h] BYREF
 
  _strupr(szSerial);
  if ( strlen(szSerial) != 19 )
    return 0;
  if ( szSerial[4] != '-' )
    return 0;
  if ( szSerial[9] != '-' )
    return 0;
  if ( szSerial[14] != '-' )
    return 0;
  if ( *szSerial != 'S' )
    return 0;
  if ( n_1 )
  {
    v5 = szSerial[6];
    if ( v5 != 'R' && v5 != 'G' && v5 != 'D' && v5 != 'F' )
      return 0;
  }
  v6 = szSerial[1];
  if ( v6 < '0' || v6 > '9' )
    return 0;
  *ArgcList_604 = v6 - '0';                     // *ArgcList_604 = szSerial[1] - '0';
  v7 = szSerial[2];
  switch ( v7 )                                 // *ArgcList_604 = [1 3 0 0]
  {
    case 'T':
      *ArgcList_60C = 1;
      break;
    case 'B':
      *ArgcList_60C = 3;
      break;
    case 'S':
      *ArgcList_60C = 0;
      break;
    case 'U':
      *ArgcList_60C = 0;
      break;
    default:
      return 0;
  }
  v8 = szSerial[3];
  if ( v8 == 'G' )
  {
    *ArgcList_608 = 1;
  }
  else
  {
    if ( v8 != 'R' )
      return 0;
    *ArgcList_608 = 0;
  }
  if ( !n_1 )
    return 1;
  strcpy(Destination, szSerial);
  Destination[15] = 0;
  sub_514370(Destination, 15, &unk_604F70, &v10);// 根据序列号的前 15 位生成后四位
  return *(szSerial + 15) == v10;               // 判断生成的后四位和序列号中的后四位是否相等。
}
 
 
 
int __cdecl sub_514370(_BYTE *szSerial, unsigned int nSerialLength, char *pTable, int nResult)
{
  unsigned int i; // esi
  unsigned __int8 v5; // cl
  unsigned int j; // eax
  int result; // eax
 
  for ( i = 0; i < 4; *(i + nResult - 1) = byte_604E50[v5 % 26] )
  {
    v5 = pTable[(i + *szSerial)];
    for ( j = 1; j < nSerialLength; ++j )
      v5 = pTable[v5 ^ szSerial[j]];
    result = nResult;
    ++i;
  }
  return result;
}
int __cdecl sub_514370(_BYTE *szSerial, unsigned int nSerialLength, char *pTable, int nResult)
{
  unsigned int i; // esi
  unsigned __int8 v5; // cl
  unsigned int j; // eax
  int result; // eax
 
  for ( i = 0; i < 4; *(i + nResult - 1) = byte_604E50[v5 % 26] )
  {
    v5 = pTable[(i + *szSerial)];
    for ( j = 1; j < nSerialLength; ++j )
      v5 = pTable[v5 ^ szSerial[j]];
    result = nResult;
    ++i;
  }
  return result;
}
unsigned char g_szAlphabetTable[] =
{
  0x4B, 0x56, 0x39, 0x36, 0x47, 0x4D, 0x4A, 0x59, 0x48, 0x37,
  0x51, 0x46, 0x35, 0x54, 0x43, 0x57, 0x34, 0x55, 0x33, 0x58,
  0x5A, 0x50, 0x52, 0x53, 0x44, 0x4E, 0x00
};
 
int __cdecl sub_514370(char* szSerial, unsigned int nSerialLength, char* pTable, char* pLastFourCharacters)
{
    unsigned int i; // esi
    unsigned __int8 v5; // cl
    unsigned int j; // eax
    int result; // eax
 
    for (i = 0; i < 4; *(i + pLastFourCharacters - 1) = g_szAlphabetTable[v5 % 26])
    {
        v5 = pTable[(i + *szSerial)];
        for (j = 1; j < nSerialLength; ++j)
            v5 = pTable[v5 ^ szSerial[j]];
        result = pLastFourCharacters;
        ++i;
    }
    return result;
}
 
int main(int argc, char* argv[])
{
    // "S4SG-XRXX-XXXX-XXXX"
    char szSerial[20] = { 'S', '4', 'S', 'G', '-', 'A', 'R', 'C', 'D', '-', 'E', 'F', 'G', 'H', '-', 'X', 'X', 'X', 'X' , 0 };
    char aryLastFourCharacters[4] = {0};
    sub_514370(szSerial, 15, g_aryTable, &aryLastFourCharacters);
    *(PULONG)(szSerial + 15) = *(PLONG)aryLastFourCharacters;
    printf("Serial: %s", szSerial);
}
unsigned char g_szAlphabetTable[] =
{
  0x4B, 0x56, 0x39, 0x36, 0x47, 0x4D, 0x4A, 0x59, 0x48, 0x37,
  0x51, 0x46, 0x35, 0x54, 0x43, 0x57, 0x34, 0x55, 0x33, 0x58,
  0x5A, 0x50, 0x52, 0x53, 0x44, 0x4E, 0x00
};
 
int __cdecl sub_514370(char* szSerial, unsigned int nSerialLength, char* pTable, char* pLastFourCharacters)
{
    unsigned int i; // esi
    unsigned __int8 v5; // cl
    unsigned int j; // eax
    int result; // eax
 
    for (i = 0; i < 4; *(i + pLastFourCharacters - 1) = g_szAlphabetTable[v5 % 26])
    {
        v5 = pTable[(i + *szSerial)];
        for (j = 1; j < nSerialLength; ++j)
            v5 = pTable[v5 ^ szSerial[j]];
        result = pLastFourCharacters;
        ++i;
    }
    return result;
}
 
int main(int argc, char* argv[])
{
    // "S4SG-XRXX-XXXX-XXXX"
    char szSerial[20] = { 'S', '4', 'S', 'G', '-', 'A', 'R', 'C', 'D', '-', 'E', 'F', 'G', 'H', '-', 'X', 'X', 'X', 'X' , 0 };
    char aryLastFourCharacters[4] = {0};
    sub_514370(szSerial, 15, g_aryTable, &aryLastFourCharacters);
    *(PULONG)(szSerial + 15) = *(PLONG)aryLastFourCharacters;
    printf("Serial: %s", szSerial);
}
int __usercall sub_425860@<eax>(
        char *Str,
        int a3,
        const CHAR *lpMultiByteStr,
        char *lpOptional,
        _BYTE *lpBuffer,
        int a7)
{
  int v6; // ebp MAPDST
  DWORD v7; // edi
  DWORD v8; // ebx
  INTERNET_PORT v9; // si
  void *v10; // eax
  void *v12; // eax
  void *v13; // ebp
  void *v14; // eax
  void *v15; // esi
  int LastError; // eax
  int v18; // [esp+0h] [ebp-11Ch]
  int result; // [esp+Ch] [ebp-110h] BYREF
  DWORD dwNumberOfBytesRead; // [esp+10h] [ebp-10Ch] BYREF
  DWORD dwBufferLength; // [esp+14h] [ebp-108h] BYREF
  HINTERNET hInternet; // [esp+18h] [ebp-104h]
  char v23[256]; // [esp+1Ch] [ebp-100h] BYREF
 
  v7 = strlen(lpOptional);
  result = 0x3E8;
  dwBufferLength = 4;
  v8 = 67420928;
  if ( a3 )
  {
    v8 = 75817728;
    v9 = 443;
  }
  else
  {
    v9 = 80;
  }
  v10 = sub_455BE0("Source Insight", 0, 0, 0, 0);
  hInternet = v10;
  if ( v10 )
  {
    v12 = sub_455D90(v10, Str, v9, 0, 0, 3u, 0, 0);
    v13 = v12;
    if ( v12 )
    {
      v14 = sub_455F60(v12, "POST", lpMultiByteStr, 0, 0, 0, v8, 0);
      v15 = v14;
      if ( v14 )
      {
        sub_456190(v14, "Content-Type: application/x-www-form-urlencoded", 0xFFFFFFFF, 0x20000000u);
        sub_456190(v15, "Accept: text/plain", 0xFFFFFFFF, 0x20000000u);
        sprintf(v23, "Content-length: %d\n", v7);
        sub_456190(v15, v23, 0xFFFFFFFF, 0x20000000u);
        if ( HttpSendRequestW(v15, 0, 0, lpOptional, v7) )
        {
          HttpQueryInfoW(v15, 0x20000013u, &result, &dwBufferLength, 0);
          if ( result == 0xC8 ) // 返回的状态码判断。
          {
            if ( InternetReadFile(v15, lpBuffer, a7 - 1, &dwNumberOfBytesRead) )
            {
              lpBuffer[dwNumberOfBytesRead] = 0;
              result = 0xC8;
            }
            else
            {
              lpBuffer[dwNumberOfBytesRead] = 0;
              sub_413440(0, 0, "InternetReadFile Error", v6);
              result = 1007;
            }
          }
        }
        else
        {
          LastError = GetLastError();
          result = (LastError == 12045) + 1004;
          sub_413440(0, 0, "HttpSendRequest Error %d", LastError);
        }
        InternetCloseHandle(v15);
      }
      else
      {
        sub_413440(0, 0, "HttpOpenRequest failed.", v6);
        result = 1006;
      }
      InternetCloseHandle(v13);
    }
    else
    {
      sub_413440(0, 0, "InternetConnect failed.", v6);
      result = 0x3EA;
    }
    InternetCloseHandle(hInternet);
    return result;
  }
  else
  {
    sub_413440(0, 0, "InternetOpen failed.", v18);
    return 0x3E9;
  }
}
int __usercall sub_425860@<eax>(
        char *Str,
        int a3,
        const CHAR *lpMultiByteStr,
        char *lpOptional,
        _BYTE *lpBuffer,
        int a7)
{
  int v6; // ebp MAPDST
  DWORD v7; // edi
  DWORD v8; // ebx
  INTERNET_PORT v9; // si
  void *v10; // eax
  void *v12; // eax
  void *v13; // ebp
  void *v14; // eax
  void *v15; // esi
  int LastError; // eax
  int v18; // [esp+0h] [ebp-11Ch]
  int result; // [esp+Ch] [ebp-110h] BYREF
  DWORD dwNumberOfBytesRead; // [esp+10h] [ebp-10Ch] BYREF
  DWORD dwBufferLength; // [esp+14h] [ebp-108h] BYREF
  HINTERNET hInternet; // [esp+18h] [ebp-104h]
  char v23[256]; // [esp+1Ch] [ebp-100h] BYREF
 
  v7 = strlen(lpOptional);
  result = 0x3E8;
  dwBufferLength = 4;
  v8 = 67420928;
  if ( a3 )
  {
    v8 = 75817728;
    v9 = 443;
  }
  else
  {
    v9 = 80;
  }
  v10 = sub_455BE0("Source Insight", 0, 0, 0, 0);
  hInternet = v10;
  if ( v10 )
  {
    v12 = sub_455D90(v10, Str, v9, 0, 0, 3u, 0, 0);
    v13 = v12;
    if ( v12 )
    {
      v14 = sub_455F60(v12, "POST", lpMultiByteStr, 0, 0, 0, v8, 0);
      v15 = v14;
      if ( v14 )
      {
        sub_456190(v14, "Content-Type: application/x-www-form-urlencoded", 0xFFFFFFFF, 0x20000000u);
        sub_456190(v15, "Accept: text/plain", 0xFFFFFFFF, 0x20000000u);
        sprintf(v23, "Content-length: %d\n", v7);
        sub_456190(v15, v23, 0xFFFFFFFF, 0x20000000u);
        if ( HttpSendRequestW(v15, 0, 0, lpOptional, v7) )
        {
          HttpQueryInfoW(v15, 0x20000013u, &result, &dwBufferLength, 0);
          if ( result == 0xC8 ) // 返回的状态码判断。
          {
            if ( InternetReadFile(v15, lpBuffer, a7 - 1, &dwNumberOfBytesRead) )
            {
              lpBuffer[dwNumberOfBytesRead] = 0;
              result = 0xC8;
            }
            else
            {
              lpBuffer[dwNumberOfBytesRead] = 0;
              sub_413440(0, 0, "InternetReadFile Error", v6);
              result = 1007;
            }
          }
        }
        else
        {
          LastError = GetLastError();
          result = (LastError == 12045) + 1004;
          sub_413440(0, 0, "HttpSendRequest Error %d", LastError);
        }
        InternetCloseHandle(v15);
      }
      else
      {
        sub_413440(0, 0, "HttpOpenRequest failed.", v6);
        result = 1006;
      }
      InternetCloseHandle(v13);
    }
    else
    {
      sub_413440(0, 0, "InternetConnect failed.", v6);
      result = 0x3EA;
    }
    InternetCloseHandle(hInternet);
    return result;
  }
  else
  {
    sub_413440(0, 0, "InternetOpen failed.", v18);
    return 0x3E9;
  }
}
int __thiscall sub_5171D0(const CHAR *this, int a2)
{
  int result; // eax
  int v4; // [esp+4h] [ebp-3FA4h] BYREF
  int v5[2024]; // [esp+8h] [ebp-3FA0h] BYREF
  char Str[8192]; // [esp+1FA8h] [ebp-2000h] BYREF
 
  memset(Str, 0, sizeof(Str));
  result = sub_515290(this, v5, 0x1FA0);        // 发送 HTTP 数据包进行网络验证
  if ( result == 0xC8 )
  {
    if ( a2 )
    {
      if ( sub_514610(this + 0x75C, &v4, 0x1FA0) == 0xC8 )
        sub_516FF0(this, &v4);
      return 0xC8;
    }
    else
    {                                           // 网页验证完后,会进入这个分支。
      sub_412990();                             // 检查网络验证是否通过
      if ( sub_425C80(&v4, &v5[2023], 0x2000u) && strlen(&v5[2023]) >= 8 // 检查网络验证信息
      {
        sub_516FF0(this, &Str[4]);  // 写注册表
        return sub_5148C0(this + 0x75C, &Str[4]);  // 写 C:\\ProgramData\\Source Insight\\4.0\\si4.lic 文件
      }
      else
      {
        return 0x1D0;                          
      }
    }
  }
  return result;
}
int __thiscall sub_5171D0(const CHAR *this, int a2)
{
  int result; // eax
  int v4; // [esp+4h] [ebp-3FA4h] BYREF
  int v5[2024]; // [esp+8h] [ebp-3FA0h] BYREF
  char Str[8192]; // [esp+1FA8h] [ebp-2000h] BYREF
 
  memset(Str, 0, sizeof(Str));
  result = sub_515290(this, v5, 0x1FA0);        // 发送 HTTP 数据包进行网络验证
  if ( result == 0xC8 )
  {
    if ( a2 )
    {
      if ( sub_514610(this + 0x75C, &v4, 0x1FA0) == 0xC8 )
        sub_516FF0(this, &v4);
      return 0xC8;
    }
    else
    {                                           // 网页验证完后,会进入这个分支。
      sub_412990();                             // 检查网络验证是否通过
      if ( sub_425C80(&v4, &v5[2023], 0x2000u) && strlen(&v5[2023]) >= 8 // 检查网络验证信息
      {
        sub_516FF0(this, &Str[4]);  // 写注册表
        return sub_5148C0(this + 0x75C, &Str[4]);  // 写 C:\\ProgramData\\Source Insight\\4.0\\si4.lic 文件
      }
      else
      {
        return 0x1D0;                          
      }
    }
  }
  return result;
}
00518160      | 81EC 00010000          | sub esp,100                                |
00518166      | 56                     | push esi                                   |
00518167      | 8BF1                   | mov esi,ecx                                |
00518169      | E8 A2CFFFFF            | call sourceinsight4.515110                 |
0051816E      | 68 D0706000            | push sourceinsight4.6070D0                 | 6070D0:"Loading license file"
00518173      | E8 18A8EFFF            | call sourceinsight4.412990                 |
00518178      | 83C4 04                | add esp,4                                  |
0051817B      | 8BCE                   | mov ecx,esi                                |
0051817D      | E8 4EE6FFFF            | call sourceinsight4.5167D0                 | 1. 检查文件中的数据
00518182      | 3D C8000000            | cmp eax,C8                                 |
00518187      | 74 2A                  | je sourceinsight4.5181B3                   |
00518189      | 83BC24 08010000 00     | cmp dword ptr ss:[esp+108],0               |
00518191      | 74 0D                  | je sourceinsight4.5181A0                   |
00518193      | 50                     | push eax                                   |
00518194      | 8BCE                   | mov ecx,esi                                |
00518196      | E8 35CCFFFF            | call sourceinsight4.514DD0                 |
0051819B      | E8 F0AAEFFF            | call sourceinsight4.412C90                 |
005181A0      | 8BCE                   | mov ecx,esi                                |
005181A2      | E8 69CFFFFF            | call sourceinsight4.515110                 |
005181A7      | 33C0                   | xor eax,eax                                |
005181A9      | 5E                     | pop esi                                    |
005181AA      | 81C4 00010000          | add esp,100                                |
005181B0      | C2 0400                | ret 4                                      |
005181B3      | 8B06                   | mov eax,dword ptr ds:[esi]                 |
005181B5      | 83F8 02                | cmp eax,2                                  |
005181B8      | 75 1F                  | jne sourceinsight4.5181D9                  |
005181BA      | 68 A4706000            | push sourceinsight4.6070A4                 | 6070A4:"Deferred Activation license file loaded."
005181BF      | E8 CCA7EFFF            | call sourceinsight4.412990                 |
005181C4      | 83C4 04                | add esp,4                                  |
005181C7      | C706 00000000          | mov dword ptr ds:[esi],0                   |
005181CD      | 33C0                   | xor eax,eax                                |
005181CF      | 5E                     | pop esi                                    |
005181D0      | 81C4 00010000          | add esp,100                                |
005181D6      | C2 0400                | ret 4                                      |
005181D9      | 83F8 03                | cmp eax,3                                  |
005181DC      | 75 2F                  | jne sourceinsight4.51820D                  |
005181DE      | 8D86 3A070000          | lea eax,dword ptr ds:[esi+73A]             |
005181E4      | 50                     | push eax                                   |
005181E5      | 8D8E 5C070000          | lea ecx,dword ptr ds:[esi+75C]             | esi+75C:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
005181EB      | 51                     | push ecx                                   |
005181EC      | E8 9FDDFFFF            | call sourceinsight4.515F90                 | 2. 检查 Signature
005181F1      | 83C4 08                | add esp,8                                  |
005181F4      | 3D C8000000            | cmp eax,C8                                 |
005181F9      | 75 2F                  | jne sourceinsight4.51822A                  |
005181FB      | 8BCE                   | mov ecx,esi                                |
005181FD      | E8 1EF7FFFF            | call sourceinsight4.517920                 | 3. 检查 ActId
00518202      | 85C0                   | test eax,eax                               |
00518204      | 75 4E                  | jne sourceinsight4.518254                  |
00518206      | B8 EB010000            | mov eax,1EB                                |
0051820B      | EB 1D                  | jmp sourceinsight4.51822A                  |
0051820D      | 8D96 3A070000          | lea edx,dword ptr ds:[esi+73A]             |
00518213      | 52                     | push edx                                   |
00518214      | 8D86 5C070000          | lea eax,dword ptr ds:[esi+75C]             | esi+75C:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
0051821A      | 50                     | push eax                                   |
0051821B      | E8 80EBFFFF            | call sourceinsight4.516DA0                 |
00518220      | 83C4 08                | add esp,8                                  |
00518223      | 3D C8000000            | cmp eax,C8                                 |
00518228      | 74 2A                  | je sourceinsight4.518254                   |
0051822A      | 83BC24 08010000 00     | cmp dword ptr ss:[esp+108],0               |
00518232      | 74 0D                  | je sourceinsight4.518241                   |
00518234      | 50                     | push eax                                   |
00518235      | 8BCE                   | mov ecx,esi                                |
00518237      | E8 94CBFFFF            | call sourceinsight4.514DD0                 |
0051823C      | E8 4FAAEFFF            | call sourceinsight4.412C90                 |
00518241      | 8BCE                   | mov ecx,esi                                |
00518243      | E8 C8CEFFFF            | call sourceinsight4.515110                 |
00518248      | 33C0                   | xor eax,eax                                |
0051824A      | 5E                     | pop esi                                    |
0051824B      | 81C4 00010000          | add esp,100                                |
00518251      | C2 0400                | ret 4                                      |
00518254      | 83BE 0C060000 01       | cmp dword ptr ds:[esi+60C],1               |
0051825B      | 57                     | push edi                                   | edi:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
0051825C      | BF DCA25F00            | mov edi,sourceinsight4.5FA2DC              | edi:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic", 5FA2DC:"Trial"
00518261      | 74 05                  | je sourceinsight4.518268                   |
00518263      | BF 80616000            | mov edi,sourceinsight4.606180              | edi:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic", 606180:"Standard"
00518268      | 8D4C24 08              | lea ecx,dword ptr ss:[esp+8]               |
0051826C      | 51                     | push ecx                                   |
0051826D      | 8D8E 1C060000          | lea ecx,dword ptr ds:[esi+61C]             |
00518273      | E8 F869F3FF            | call sourceinsight4.44EC70                 | 生成了一个 date 字符串
00518278      | 8D5424 08              | lea edx,dword ptr ss:[esp+8]               |
0051827C      | 52                     | push edx                                   |
0051827D      | 57                     | push edi                                   | edi:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
0051827E      | 68 7C706000            | push sourceinsight4.60707C                 | 60707C:"License OK: %s License activated %s UTC"
00518283      | E8 08A7EFFF            | call sourceinsight4.412990                 | 生成注册信息
00518288      | 83C4 0C                | add esp,C                                  |
0051828B      | 5F                     | pop edi                                    | edi:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
0051828C      | B8 01000000            | mov eax,1                                  |
00518291      | 5E                     | pop esi                                    |
00518292      | 81C4 00010000          | add esp,100                                |
00518298      | C2 0400                | ret 4                                      |
00518160      | 81EC 00010000          | sub esp,100                                |
00518166      | 56                     | push esi                                   |
00518167      | 8BF1                   | mov esi,ecx                                |
00518169      | E8 A2CFFFFF            | call sourceinsight4.515110                 |
0051816E      | 68 D0706000            | push sourceinsight4.6070D0                 | 6070D0:"Loading license file"
00518173      | E8 18A8EFFF            | call sourceinsight4.412990                 |
00518178      | 83C4 04                | add esp,4                                  |
0051817B      | 8BCE                   | mov ecx,esi                                |
0051817D      | E8 4EE6FFFF            | call sourceinsight4.5167D0                 | 1. 检查文件中的数据
00518182      | 3D C8000000            | cmp eax,C8                                 |
00518187      | 74 2A                  | je sourceinsight4.5181B3                   |
00518189      | 83BC24 08010000 00     | cmp dword ptr ss:[esp+108],0               |
00518191      | 74 0D                  | je sourceinsight4.5181A0                   |
00518193      | 50                     | push eax                                   |
00518194      | 8BCE                   | mov ecx,esi                                |
00518196      | E8 35CCFFFF            | call sourceinsight4.514DD0                 |
0051819B      | E8 F0AAEFFF            | call sourceinsight4.412C90                 |
005181A0      | 8BCE                   | mov ecx,esi                                |
005181A2      | E8 69CFFFFF            | call sourceinsight4.515110                 |
005181A7      | 33C0                   | xor eax,eax                                |
005181A9      | 5E                     | pop esi                                    |
005181AA      | 81C4 00010000          | add esp,100                                |
005181B0      | C2 0400                | ret 4                                      |
005181B3      | 8B06                   | mov eax,dword ptr ds:[esi]                 |
005181B5      | 83F8 02                | cmp eax,2                                  |
005181B8      | 75 1F                  | jne sourceinsight4.5181D9                  |
005181BA      | 68 A4706000            | push sourceinsight4.6070A4                 | 6070A4:"Deferred Activation license file loaded."
005181BF      | E8 CCA7EFFF            | call sourceinsight4.412990                 |
005181C4      | 83C4 04                | add esp,4                                  |
005181C7      | C706 00000000          | mov dword ptr ds:[esi],0                   |
005181CD      | 33C0                   | xor eax,eax                                |
005181CF      | 5E                     | pop esi                                    |
005181D0      | 81C4 00010000          | add esp,100                                |
005181D6      | C2 0400                | ret 4                                      |
005181D9      | 83F8 03                | cmp eax,3                                  |
005181DC      | 75 2F                  | jne sourceinsight4.51820D                  |
005181DE      | 8D86 3A070000          | lea eax,dword ptr ds:[esi+73A]             |
005181E4      | 50                     | push eax                                   |
005181E5      | 8D8E 5C070000          | lea ecx,dword ptr ds:[esi+75C]             | esi+75C:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
005181EB      | 51                     | push ecx                                   |
005181EC      | E8 9FDDFFFF            | call sourceinsight4.515F90                 | 2. 检查 Signature
005181F1      | 83C4 08                | add esp,8                                  |
005181F4      | 3D C8000000            | cmp eax,C8                                 |
005181F9      | 75 2F                  | jne sourceinsight4.51822A                  |
005181FB      | 8BCE                   | mov ecx,esi                                |
005181FD      | E8 1EF7FFFF            | call sourceinsight4.517920                 | 3. 检查 ActId
00518202      | 85C0                   | test eax,eax                               |
00518204      | 75 4E                  | jne sourceinsight4.518254                  |
00518206      | B8 EB010000            | mov eax,1EB                                |
0051820B      | EB 1D                  | jmp sourceinsight4.51822A                  |
0051820D      | 8D96 3A070000          | lea edx,dword ptr ds:[esi+73A]             |
00518213      | 52                     | push edx                                   |
00518214      | 8D86 5C070000          | lea eax,dword ptr ds:[esi+75C]             | esi+75C:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
0051821A      | 50                     | push eax                                   |
0051821B      | E8 80EBFFFF            | call sourceinsight4.516DA0                 |
00518220      | 83C4 08                | add esp,8                                  |
00518223      | 3D C8000000            | cmp eax,C8                                 |
00518228      | 74 2A                  | je sourceinsight4.518254                   |
0051822A      | 83BC24 08010000 00     | cmp dword ptr ss:[esp+108],0               |
00518232      | 74 0D                  | je sourceinsight4.518241                   |
00518234      | 50                     | push eax                                   |
00518235      | 8BCE                   | mov ecx,esi                                |
00518237      | E8 94CBFFFF            | call sourceinsight4.514DD0                 |
0051823C      | E8 4FAAEFFF            | call sourceinsight4.412C90                 |
00518241      | 8BCE                   | mov ecx,esi                                |
00518243      | E8 C8CEFFFF            | call sourceinsight4.515110                 |
00518248      | 33C0                   | xor eax,eax                                |
0051824A      | 5E                     | pop esi                                    |
0051824B      | 81C4 00010000          | add esp,100                                |
00518251      | C2 0400                | ret 4                                      |
00518254      | 83BE 0C060000 01       | cmp dword ptr ds:[esi+60C],1               |
0051825B      | 57                     | push edi                                   | edi:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
0051825C      | BF DCA25F00            | mov edi,sourceinsight4.5FA2DC              | edi:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic", 5FA2DC:"Trial"
00518261      | 74 05                  | je sourceinsight4.518268                   |
00518263      | BF 80616000            | mov edi,sourceinsight4.606180              | edi:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic", 606180:"Standard"
00518268      | 8D4C24 08              | lea ecx,dword ptr ss:[esp+8]               |
0051826C      | 51                     | push ecx                                   |
0051826D      | 8D8E 1C060000          | lea ecx,dword ptr ds:[esi+61C]             |
00518273      | E8 F869F3FF            | call sourceinsight4.44EC70                 | 生成了一个 date 字符串
00518278      | 8D5424 08              | lea edx,dword ptr ss:[esp+8]               |
0051827C      | 52                     | push edx                                   |
0051827D      | 57                     | push edi                                   | edi:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
0051827E      | 68 7C706000            | push sourceinsight4.60707C                 | 60707C:"License OK: %s License activated %s UTC"
00518283      | E8 08A7EFFF            | call sourceinsight4.412990                 | 生成注册信息
00518288      | 83C4 0C                | add esp,C                                  |
0051828B      | 5F                     | pop edi                                    | edi:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
0051828C      | B8 01000000            | mov eax,1                                  |
00518291      | 5E                     | pop esi                                    |
00518292      | 81C4 00010000          | add esp,100                                |
00518298      | C2 0400                | ret 4                                      |
005167D0     | 64:A1 00000000         | mov eax,dword ptr fs:[0]                   | eax:&"ActId"
005167D6     | 6A FF                  | push FFFFFFFF                              |
005167D8     | 68 FB365D00            | push sourceinsight4.5D36FB                 |
005167DD     | 50                     | push eax                                   | eax:&"ActId"
005167DE     | 64:8925 00000000       | mov dword ptr fs:[0],esp                   |
005167E5     | 81EC 10040000          | sub esp,410                                |
005167EB     | 53                     | push ebx                                   |
005167EC     | 56                     | push esi                                   |
005167ED     | 33DB                   | xor ebx,ebx                                |
005167EF     | 57                     | push edi                                   |
005167F0     | 8BF1                   | mov esi,ecx                                |
005167F2     | 33C0                   | xor eax,eax                                | eax:&"ActId"
005167F4     | 895C84 1C              | mov dword ptr ss:[esp+eax*4+1C],ebx        |
005167F8     | 899C84 1C020000        | mov dword ptr ss:[esp+eax*4+21C],ebx       |
005167FF     | 40                     | inc eax                                    | eax:&"ActId"
00516800     | 3D 80000000            | cmp eax,80                                 | eax:&"ActId"
00516805     | 72 ED                  | jb sourceinsight4.5167F4                   |
00516807     | 899C24 24040000        | mov dword ptr ss:[esp+424],ebx             |
0051680E     | 8D4424 1C              | lea eax,dword ptr ss:[esp+1C]              |
00516812     | 50                     | push eax                                   | eax:&"ActId"
00516813     | 8D8E 5C070000          | lea ecx,dword ptr ds:[esi+75C]             | esi+75C:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
00516819     | 51                     | push ecx                                   |
0051681A     | E8 71E9FFFF            | call sourceinsight4.515190                 | 解释文件中数据,并保存。
0051681F     | 83C4 08                | add esp,8                                  |
00516822     | 8D5424 0C              | lea edx,dword ptr ss:[esp+C]               |
00516826     | 52                     | push edx                                   |
00516827     | 68 CCD05E00            | push sourceinsight4.5ED0CC                 | 5ED0CC:"Type"
0051682C     | 8D4C24 24              | lea ecx,dword ptr ss:[esp+24]              | [esp+24]:"ActId"
00516830     | 899E 0C060000          | mov dword ptr ds:[esi+60C],ebx             |
00516836     | E8 85DDFFFF            | call sourceinsight4.5145C0                 | 取出 Type 字段的值
0051683B     | 85C0                   | test eax,eax                               | eax:&"ActId"
0051683D     | 74 58                  | je sourceinsight4.516897                   |
0051683F     | 8B7C24 0C              | mov edi,dword ptr ss:[esp+C]               |
00516843     | 68 DCA25F00            | push sourceinsight4.5FA2DC                 | 5FA2DC:"Trial"
00516848     | 57                     | push edi                                   |
00516849     | E8 DCA50B00            | call sourceinsight4.5D0E2A                 | stricmp(["Type"], "Trial")
0051684E     | 83C4 08                | add esp,8                                  |
00516851     | 85C0                   | test eax,eax                               | eax:&"ActId"
00516853     | 75 0C                  | jne sourceinsight4.516861                  |
00516855     | C786 0C060000 01000000 | mov dword ptr ds:[esi+60C],1               |
0051685F     | EB 36                  | jmp sourceinsight4.516897                  |
00516861     | 68 8C616000            | push sourceinsight4.60618C                 | 60618C:"Beta"
00516866     | 57                     | push edi                                   |
00516867     | E8 BEA50B00            | call sourceinsight4.5D0E2A                 |
0051686C     | 83C4 08                | add esp,8                                  |
0051686F     | 85C0                   | test eax,eax                               | eax:&"ActId"
00516871     | 75 0C                  | jne sourceinsight4.51687F                  |
00516873     | C786 0C060000 03000000 | mov dword ptr ds:[esi+60C],3               |
0051687D     | EB 18                  | jmp sourceinsight4.516897                  |
0051687F     | 68 80616000            | push sourceinsight4.606180                 | 606180:"Standard"
00516884     | 57                     | push edi                                   |
00516885     | E8 A0A50B00            | call sourceinsight4.5D0E2A                 |
0051688A     | 83C4 08                | add esp,8                                  |
0051688D     | 85C0                   | test eax,eax                               | eax:&"ActId"
0051688F     | 75 06                  | jne sourceinsight4.516897                  |
00516891     | 899E 0C060000          | mov dword ptr ds:[esi+60C],ebx             |
00516897     | 8D4424 0C              | lea eax,dword ptr ss:[esp+C]               |
0051689B     | 50                     | push eax                                   | eax:&"ActId"
0051689C     | 68 D0656000            | push sourceinsight4.6065D0                 | 6065D0:"LicensedUser"
005168A1     | 8D4C24 24              | lea ecx,dword ptr ss:[esp+24]              | [esp+24]:"ActId"
005168A5     | E8 16DDFFFF            | call sourceinsight4.5145C0                 | 取出 ["LicensedUser"] 的值
005168AA     | 85C0                   | test eax,eax                               | eax:&"ActId"
005168AC     | 0F84 36030000          | je sourceinsight4.516BE8                   |
005168B2     | 8B4C24 0C              | mov ecx,dword ptr ss:[esp+C]               |
005168B6     | 51                     | push ecx                                   |
005168B7     | 8D96 04010000          | lea edx,dword ptr ds:[esi+104]             |
005168BD     | 52                     | push edx                                   |
005168BE     | E8 BD4E0A00            | call sourceinsight4.5BB780                 | strcpy(edx, ["LicensedUser"])
005168C3     | 83C4 08                | add esp,8                                  |
005168C6     | 8D4424 0C              | lea eax,dword ptr ss:[esp+C]               |
005168CA     | 50                     | push eax                                   | eax:&"ActId"
005168CB     | 68 C0656000            | push sourceinsight4.6065C0                 | 6065C0:"Organization"
005168D0     | 8D4C24 24              | lea ecx,dword ptr ss:[esp+24]              | [esp+24]:"ActId"
005168D4     | E8 E7DCFFFF            | call sourceinsight4.5145C0                 | 取出 ["Organization"] 的值
005168D9     | 85C0                   | test eax,eax                               | eax:&"ActId"
005168DB     | 74 14                  | je sourceinsight4.5168F1                   |
005168DD     | 8B4C24 0C              | mov ecx,dword ptr ss:[esp+C]               |
005168E1     | 51                     | push ecx                                   |
005168E2     | 8D96 04020000          | lea edx,dword ptr ds:[esi+204]             |
005168E8     | 52                     | push edx                                   |
005168E9     | E8 924E0A00            | call sourceinsight4.5BB780                 | strcpy(edx, ["Organization"])
005168EE     | 83C4 08                | add esp,8                                  |
005168F1     | 8D4424 0C              | lea eax,dword ptr ss:[esp+C]               |
005168F5     | 50                     | push eax                                   | eax:&"ActId"
005168F6     | 68 B8656000            | push sourceinsight4.6065B8                 | 6065B8:"Email"
005168FB     | 8D4C24 24              | lea ecx,dword ptr ss:[esp+24]              | [esp+24]:"ActId"
005168FF     | E8 BCDCFFFF            | call sourceinsight4.5145C0                 | 取出 ["Email"] 的值
00516904     | 85C0                   | test eax,eax                               | eax:&"ActId"
00516906     | 74 14                  | je sourceinsight4.51691C                   |
00516908     | 8B4C24 0C              | mov ecx,dword ptr ss:[esp+C]               |
0051690C     | 51                     | push ecx                                   |
0051690D     | 8D96 04030000          | lea edx,dword ptr ds:[esi+304]             |
00516913     | 52                     | push edx                                   |
00516914     | E8 674E0A00            | call sourceinsight4.5BB780                 | strcpy(edx, ["Email"])
00516919     | 83C4 08                | add esp,8                                  |
0051691C     | 8D4424 0C              | lea eax,dword ptr ss:[esp+C]               |
00516920     | 50                     | push eax                                   | eax:&"ActId"
00516921     | 68 B0656000            | push sourceinsight4.6065B0                 | 6065B0:"Serial"
00516926     | 8D4C24 24              | lea ecx,dword ptr ss:[esp+24]              | [esp+24]:"ActId"
0051692A     | E8 91DCFFFF            | call sourceinsight4.5145C0                 | 取出 ["Serial"] 的值
0051692F     | 85C0                   | test eax,eax                               | eax:&"ActId"
00516931     | 0F84 B1020000          | je sourceinsight4.516BE8                   |
00516937     | 8B4C24 0C              | mov ecx,dword ptr ss:[esp+C]               |
0051693B     | 55                     | push ebp                                   |
0051693C     | 51                     | push ecx                                   |
0051693D     | 8D6E 04                | lea ebp,dword ptr ds:[esi+4]               |
00516940     | 55                     | push ebp                                   |
00516941     | E8 3A4E0A00            | call sourceinsight4.5BB780                 | strcpy(edx, ["Serial"])
00516946     | 83C4 08                | add esp,8                                  |
00516949     | 8D5424 10              | lea edx,dword ptr ss:[esp+10]              |
0051694D     | 52                     | push edx                                   |
0051694E     | 68 A8656000            | push sourceinsight4.6065A8                 | 6065A8:"ActId"
00516953     | 8D4C24 28              | lea ecx,dword ptr ss:[esp+28]              | [esp+28]:"Serial"
00516957     | E8 64DCFFFF            | call sourceinsight4.5145C0                 | 取出 ["ActId"] 的值
0051695C     | 85C0                   | test eax,eax                               | eax:&"ActId"
0051695E     | 0F84 66020000          | je sourceinsight4.516BCA                   |
00516964     | 8B4424 10              | mov eax,dword ptr ss:[esp+10]              |
00516968     | 50                     | push eax                                   | eax:&"ActId"
00516969     | 8DBE 3A060000          | lea edi,dword ptr ds:[esi+63A]             |
0051696F     | 57                     | push edi                                   |
00516970     | E8 0B4E0A00            | call sourceinsight4.5BB780                 | strcpy(edx, ["ActId"])
00516975     | 68 7F1B0000            | push 1B7F                                  |
0051697A     | 6A 32                  | push 32                                    |
0051697C     | 6A 04                  | push 4                                     |
0051697E     | 68 701A6500            | push sourceinsight4.651A70                 |
00516983     | 57                     | push edi                                   |
00516984     | E8 E7CBEEFF            | call sourceinsight4.403570                 | 检查 ["ActId"] 的值
00516989     | 33C9                   | xor ecx,ecx                                |
0051698B     | 3BC3                   | cmp eax,ebx                                | eax:&"ActId"
0051698D     | 0F9FC1                 | setg cl                                    |
00516990     | 68 9C656000            | push sourceinsight4.60659C                 | 60659C:"Deferred"
00516995     | 57                     | push edi                                   |
00516996     | 8BD9                   | mov ebx,ecx                                |
00516998     | E8 8DA40B00            | call sourceinsight4.5D0E2A                 | stricmp(["ActId"], "Deferred")
0051699D     | 83C4 24                | add esp,24                                 |
005169A0     | 85C0                   | test eax,eax                               | eax:&"ActId"
005169A2     | 75 38                  | jne sourceinsight4.5169DC                  |
005169A4     | C706 02000000          | mov dword ptr ds:[esi],2                   |
005169AA     | C78424 28040000 FFFFFF | mov dword ptr ss:[esp+428],FFFFFFFF        |
005169B5     | 8D4C24 20              | lea ecx,dword ptr ss:[esp+20]              |
005169B9     | E8 22DBFFFF            | call sourceinsight4.5144E0                 | 释放掉保存的文件数据
005169BE     | B8 C8000000            | mov eax,C8                                 | 返回值为 0XC8,表示通过检查。
005169C3     | 5D                     | pop ebp                                    |
005169C4     | 5F                     | pop edi                                    |
005169C5     | 5E                     | pop esi                                    |
005169C6     | 5B                     | pop ebx                                    |
005169C7     | 8B8C24 10040000        | mov ecx,dword ptr ss:[esp+410]             |
005169CE     | 64:890D 00000000       | mov dword ptr fs:[0],ecx                   |
005169D5     | 81C4 1C040000          | add esp,41C                                |
005169DB     | C3                     | ret                                        | 
005169DC     | 33D2                   | xor edx,edx                                |
005169DE     | 85DB                   | test ebx,ebx                               |
005169E0     | 0F94C2                 | sete dl                                    |
005169E3     | 8D4424 14              | lea eax,dword ptr ss:[esp+14]              |
005169E7     | 8D4C24 18              | lea ecx,dword ptr ss:[esp+18]              |
005169EB     | 52                     | push edx                                   |
005169EC     | 50                     | push eax                                   | eax:&"ActId"
005169ED     | 51                     | push ecx                                   |
005169EE     | 8D5424 28              | lea edx,dword ptr ss:[esp+28]              | [esp+28]:"Serial"
005169F2     | 52                     | push edx                                   |
005169F3     | 55                     | push ebp                                   |
005169F4     | E8 A7E1FFFF            | call sourceinsight4.514BA0                 | 检查 ["Serial"]
005169F9     | 83C4 14                | add esp,14                                 |
005169FC     | 85C0                   | test eax,eax                               | eax:&"ActId"
005169FE     | 74 0C                  | je sourceinsight4.516A0C                   |
00516A00     | 8B4424 18              | mov eax,dword ptr ss:[esp+18]              |
00516A04     | 3B86 0C060000          | cmp eax,dword ptr ds:[esi+60C]             | eax:&"ActId"
00516A0A     | 74 1B                  | je sourceinsight4.516A27                   |
00516A0C     | C78424 28040000 FFFFFF | mov dword ptr ss:[esp+428],FFFFFFFF        |
00516A17     | 8D4C24 20              | lea ecx,dword ptr ss:[esp+20]              |
00516A1B     | E8 C0DAFFFF            | call sourceinsight4.5144E0                 |
00516A20     | B8 EF010000            | mov eax,1EF                                | eax:&"ActId"
00516A25     | EB 9C                  | jmp sourceinsight4.5169C3                  |
00516A27     | 0FB60D 13956500        | movzx ecx,byte ptr ds:[659513]             |
00516A2E     | 8B7C24 14              | mov edi,dword ptr ss:[esp+14]              |
00516A32     | 3BF9                   | cmp edi,ecx                                |
00516A34     | 0F85 BA000000          | jne sourceinsight4.516AF4                  |
00516A3A     | 55                     | push ebp                                   |
00516A3B     | B9 40846600            | mov ecx,sourceinsight4.668440              |
00516A40     | E8 CB6FF4FF            | call sourceinsight4.45DA10                 |
00516A45     | 85C0                   | test eax,eax                               | eax:&"ActId"
00516A47     | 74 1E                  | je sourceinsight4.516A67                   |
00516A49     | C78424 28040000 FFFFFF | mov dword ptr ss:[esp+428],FFFFFFFF        |
00516A54     | 8D4C24 20              | lea ecx,dword ptr ss:[esp+20]              |
00516A58     | E8 83DAFFFF            | call sourceinsight4.5144E0                 |
00516A5D     | B8 CC010000            | mov eax,1CC                                | eax:&"ActId"
00516A62     | E9 5CFFFFFF            | jmp sourceinsight4.5169C3                  |
00516A67     | 85DB                   | test ebx,ebx                               |
00516A69     | 75 37                  | jne sourceinsight4.516AA2                  |
00516A6B     | 8D5424 10              | lea edx,dword ptr ss:[esp+10]              |
00516A6F     | 52                     | push edx                                   |
00516A70     | 68 94656000            | push sourceinsight4.606594                 | 606594:"HWID"
00516A75     | 8D4C24 28              | lea ecx,dword ptr ss:[esp+28]              | [esp+28]:"Serial"
00516A79     | C706 01000000          | mov dword ptr ds:[esi],1                   |
00516A7F     | E8 3CDBFFFF            | call sourceinsight4.5145C0                 |
00516A84     | 85C0                   | test eax,eax                               | eax:&"ActId"
00516A86     | 0F84 3E010000          | je sourceinsight4.516BCA                   |
00516A8C     | 8B4424 10              | mov eax,dword ptr ss:[esp+10]              |
00516A90     | 50                     | push eax                                   | eax:&"ActId"
00516A91     | 8D8E 28060000          | lea ecx,dword ptr ds:[esi+628]             |
00516A97     | 51                     | push ecx                                   |
00516A98     | E8 E34C0A00            | call sourceinsight4.5BB780                 |
00516A9D     | 83C4 08                | add esp,8                                  |
00516AA0     | EB 06                  | jmp sourceinsight4.516AA8                  |
00516AA2     | C706 03000000          | mov dword ptr ds:[esi],3                   |
00516AA8     | 8D5424 10              | lea edx,dword ptr ss:[esp+10]              |
00516AAC     | 52                     | push edx                                   |
00516AAD     | 68 10AC5D00            | push sourceinsight4.5DAC10                 | 5DAC10:"Version"
00516AB2     | 8D4C24 28              | lea ecx,dword ptr ss:[esp+28]              | [esp+28]:"Serial"
00516AB6     | E8 05DBFFFF            | call sourceinsight4.5145C0                 | 取出 ["Version"] 的值
00516ABB     | 85C0                   | test eax,eax                               | eax:&"ActId"
00516ABD     | 0F84 07010000          | je sourceinsight4.516BCA                   |
00516AC3     | 8B4424 10              | mov eax,dword ptr ss:[esp+10]              |
00516AC7     | 8A00                   | mov al,byte ptr ds:[eax]                   | eax:&"ActId"
00516AC9     | 3C 30                  | cmp al,30                                  | 30:'0'
00516ACB     | 0F8C F9000000          | jl sourceinsight4.516BCA                   |
00516AD1     | 3C 39                  | cmp al,39                                  | 39:'9'
00516AD3     | 0F8F F1000000          | jg sourceinsight4.516BCA                   |
00516AD9     | 0FBEC0                 | movsx eax,al                               | eax:&"ActId"
00516ADC     | 83C0 D0                | add eax,FFFFFFD0                           | eax:&"ActId"
00516ADF     | 8986 04060000          | mov dword ptr ds:[esi+604],eax             | eax:&"ActId"
00516AE5     | 0FB60D 13956500        | movzx ecx,byte ptr ds:[659513]             |
00516AEC     | 3BC1                   | cmp eax,ecx                                | eax:&"ActId"
00516AEE     | 75 04                  | jne sourceinsight4.516AF4                  |
00516AF0     | 3BC7                   | cmp eax,edi                                | eax:&"ActId"
00516AF2     | 74 1E                  | je sourceinsight4.516B12                   |
00516AF4     | C78424 28040000 FFFFFF | mov dword ptr ss:[esp+428],FFFFFFFF        |
00516AFF     | 8D4C24 20              | lea ecx,dword ptr ss:[esp+20]              |
00516B03     | E8 D8D9FFFF            | call sourceinsight4.5144E0                 |
00516B08     | B8 EA010000            | mov eax,1EA                                | eax:&"ActId"
00516B0D     | E9 B1FEFFFF            | jmp sourceinsight4.5169C3                  |
00516B12     | 8D5424 10              | lea edx,dword ptr ss:[esp+10]              |
00516B16     | 33DB                   | xor ebx,ebx                                |
00516B18     | 52                     | push edx                                   |
00516B19     | 68 88656000            | push sourceinsight4.606588                 | 606588:"Expiration"
00516B1E     | 8D4C24 28              | lea ecx,dword ptr ss:[esp+28]              | [esp+28]:"Serial"
00516B22     | 899E 18060000          | mov dword ptr ds:[esi+618],ebx             |
00516B28     | 899E 14060000          | mov dword ptr ds:[esi+614],ebx             |
00516B2E     | 899E 10060000          | mov dword ptr ds:[esi+610],ebx             |
00516B34     | E8 87DAFFFF            | call sourceinsight4.5145C0                 | 取出 ["Expiration"] 的值
00516B39     | 85C0                   | test eax,eax                               | eax:&"ActId"
00516B3B     | 74 1F                  | je sourceinsight4.516B5C                   |
00516B3D     | 8B4424 10              | mov eax,dword ptr ss:[esp+10]              |
00516B41     | 50                     | push eax                                   | eax:&"ActId"
00516B42     | 8D8E 10060000          | lea ecx,dword ptr ds:[esi+610]             |
00516B48     | E8 E394F3FF            | call sourceinsight4.450030                 |
00516B4D     | 8D8E 10060000          | lea ecx,dword ptr ds:[esi+610]             |
00516B53     | E8 8881F3FF            | call sourceinsight4.44ECE0                 |
00516B58     | 85C0                   | test eax,eax                               | eax:&"ActId"
00516B5A     | 74 50                  | je sourceinsight4.516BAC                   |
00516B5C     | 8D4C24 10              | lea ecx,dword ptr ss:[esp+10]              |
00516B60     | 51                     | push ecx                                   |
00516B61     | 68 D8A65E00            | push sourceinsight4.5EA6D8                 | 5EA6D8:"Date"
00516B66     | 8D4C24 28              | lea ecx,dword ptr ss:[esp+28]              | [esp+28]:"Serial"
00516B6A     | 899E 24060000          | mov dword ptr ds:[esi+624],ebx             |
00516B70     | 899E 20060000          | mov dword ptr ds:[esi+620],ebx             |
00516B76     | 899E 1C060000          | mov dword ptr ds:[esi+61C],ebx             |
00516B7C     | E8 3FDAFFFF            | call sourceinsight4.5145C0                 | 取出 ["Date"] 的值
00516B81     | 85C0                   | test eax,eax                               | eax:&"ActId"
00516B83     | 0F84 21FEFFFF          | je sourceinsight4.5169AA                   |
00516B89     | 8B5424 10              | mov edx,dword ptr ss:[esp+10]              |
00516B8D     | 52                     | push edx                                   |
00516B8E     | 8D8E 1C060000          | lea ecx,dword ptr ds:[esi+61C]             |
00516B94     | E8 9794F3FF            | call sourceinsight4.450030                 | 检查日期的有效性
00516B99     | 8D8E 1C060000          | lea ecx,dword ptr ds:[esi+61C]             |
00516B9F     | E8 3C81F3FF            | call sourceinsight4.44ECE0                 |
00516BA4     | 85C0                   | test eax,eax                               | 检查年、月、日的有效性
00516BA6     | 0F85 FEFDFFFF          | jne sourceinsight4.5169AA                  |
00516BAC     | C78424 28040000 FFFFFF | mov dword ptr ss:[esp+428],FFFFFFFF        |
00516BB7     | 8D4C24 20              | lea ecx,dword ptr ss:[esp+20]              |
00516BBB     | E8 20D9FFFF            | call sourceinsight4.5144E0                 |
00516BC0     | B8 E3010000            | mov eax,1E3                                | eax:&"ActId"
00516BC5     | E9 F9FDFFFF            | jmp sourceinsight4.5169C3                  |
00516BCA     | C78424 28040000 FFFFFF | mov dword ptr ss:[esp+428],FFFFFFFF        |
00516BD5     | 8D4C24 20              | lea ecx,dword ptr ss:[esp+20]              |
00516BD9     | E8 02D9FFFF            | call sourceinsight4.5144E0                 |
00516BDE     | B8 D5010000            | mov eax,1D5                                | eax:&"ActId"
00516BE3     | E9 DBFDFFFF            | jmp sourceinsight4.5169C3                  |
00516BE8     | C78424 24040000 FFFFFF | mov dword ptr ss:[esp+424],FFFFFFFF        |
00516BF3     | 8D4C24 1C              | lea ecx,dword ptr ss:[esp+1C]              |
00516BF7     | E8 E4D8FFFF            | call sourceinsight4.5144E0                 |
00516BFC     | 8B8C24 1C040000        | mov ecx,dword ptr ss:[esp+41C]             |
00516C03     | 5F                     | pop edi                                    |
00516C04     | 5E                     | pop esi                                    |
00516C05     | B8 D5010000            | mov eax,1D5                                | eax:&"ActId"
00516C0A     | 5B                     | pop ebx                                    |
00516C0B     | 64:890D 00000000       | mov dword ptr fs:[0],ecx                   |
00516C12     | 81C4 1C040000          | add esp,41C                                |
00516C18     | C3                     | ret                                        |
005167D0     | 64:A1 00000000         | mov eax,dword ptr fs:[0]                   | eax:&"ActId"
005167D6     | 6A FF                  | push FFFFFFFF                              |
005167D8     | 68 FB365D00            | push sourceinsight4.5D36FB                 |
005167DD     | 50                     | push eax                                   | eax:&"ActId"
005167DE     | 64:8925 00000000       | mov dword ptr fs:[0],esp                   |
005167E5     | 81EC 10040000          | sub esp,410                                |
005167EB     | 53                     | push ebx                                   |
005167EC     | 56                     | push esi                                   |
005167ED     | 33DB                   | xor ebx,ebx                                |
005167EF     | 57                     | push edi                                   |
005167F0     | 8BF1                   | mov esi,ecx                                |
005167F2     | 33C0                   | xor eax,eax                                | eax:&"ActId"
005167F4     | 895C84 1C              | mov dword ptr ss:[esp+eax*4+1C],ebx        |
005167F8     | 899C84 1C020000        | mov dword ptr ss:[esp+eax*4+21C],ebx       |
005167FF     | 40                     | inc eax                                    | eax:&"ActId"
00516800     | 3D 80000000            | cmp eax,80                                 | eax:&"ActId"
00516805     | 72 ED                  | jb sourceinsight4.5167F4                   |
00516807     | 899C24 24040000        | mov dword ptr ss:[esp+424],ebx             |
0051680E     | 8D4424 1C              | lea eax,dword ptr ss:[esp+1C]              |
00516812     | 50                     | push eax                                   | eax:&"ActId"
00516813     | 8D8E 5C070000          | lea ecx,dword ptr ds:[esi+75C]             | esi+75C:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
00516819     | 51                     | push ecx                                   |
0051681A     | E8 71E9FFFF            | call sourceinsight4.515190                 | 解释文件中数据,并保存。
0051681F     | 83C4 08                | add esp,8                                  |
00516822     | 8D5424 0C              | lea edx,dword ptr ss:[esp+C]               |
00516826     | 52                     | push edx                                   |
00516827     | 68 CCD05E00            | push sourceinsight4.5ED0CC                 | 5ED0CC:"Type"
0051682C     | 8D4C24 24              | lea ecx,dword ptr ss:[esp+24]              | [esp+24]:"ActId"
00516830     | 899E 0C060000          | mov dword ptr ds:[esi+60C],ebx             |
00516836     | E8 85DDFFFF            | call sourceinsight4.5145C0                 | 取出 Type 字段的值
0051683B     | 85C0                   | test eax,eax                               | eax:&"ActId"
0051683D     | 74 58                  | je sourceinsight4.516897                   |
0051683F     | 8B7C24 0C              | mov edi,dword ptr ss:[esp+C]               |
00516843     | 68 DCA25F00            | push sourceinsight4.5FA2DC                 | 5FA2DC:"Trial"
00516848     | 57                     | push edi                                   |
00516849     | E8 DCA50B00            | call sourceinsight4.5D0E2A                 | stricmp(["Type"], "Trial")
0051684E     | 83C4 08                | add esp,8                                  |
00516851     | 85C0                   | test eax,eax                               | eax:&"ActId"
00516853     | 75 0C                  | jne sourceinsight4.516861                  |
00516855     | C786 0C060000 01000000 | mov dword ptr ds:[esi+60C],1               |
0051685F     | EB 36                  | jmp sourceinsight4.516897                  |
00516861     | 68 8C616000            | push sourceinsight4.60618C                 | 60618C:"Beta"
00516866     | 57                     | push edi                                   |
00516867     | E8 BEA50B00            | call sourceinsight4.5D0E2A                 |
0051686C     | 83C4 08                | add esp,8                                  |
0051686F     | 85C0                   | test eax,eax                               | eax:&"ActId"
00516871     | 75 0C                  | jne sourceinsight4.51687F                  |
00516873     | C786 0C060000 03000000 | mov dword ptr ds:[esi+60C],3               |
0051687D     | EB 18                  | jmp sourceinsight4.516897                  |
0051687F     | 68 80616000            | push sourceinsight4.606180                 | 606180:"Standard"
00516884     | 57                     | push edi                                   |
00516885     | E8 A0A50B00            | call sourceinsight4.5D0E2A                 |
0051688A     | 83C4 08                | add esp,8                                  |
0051688D     | 85C0                   | test eax,eax                               | eax:&"ActId"
0051688F     | 75 06                  | jne sourceinsight4.516897                  |
00516891     | 899E 0C060000          | mov dword ptr ds:[esi+60C],ebx             |
00516897     | 8D4424 0C              | lea eax,dword ptr ss:[esp+C]               |
0051689B     | 50                     | push eax                                   | eax:&"ActId"
0051689C     | 68 D0656000            | push sourceinsight4.6065D0                 | 6065D0:"LicensedUser"
005168A1     | 8D4C24 24              | lea ecx,dword ptr ss:[esp+24]              | [esp+24]:"ActId"
005168A5     | E8 16DDFFFF            | call sourceinsight4.5145C0                 | 取出 ["LicensedUser"] 的值
005168AA     | 85C0                   | test eax,eax                               | eax:&"ActId"
005168AC     | 0F84 36030000          | je sourceinsight4.516BE8                   |
005168B2     | 8B4C24 0C              | mov ecx,dword ptr ss:[esp+C]               |
005168B6     | 51                     | push ecx                                   |
005168B7     | 8D96 04010000          | lea edx,dword ptr ds:[esi+104]             |
005168BD     | 52                     | push edx                                   |
005168BE     | E8 BD4E0A00            | call sourceinsight4.5BB780                 | strcpy(edx, ["LicensedUser"])
005168C3     | 83C4 08                | add esp,8                                  |
005168C6     | 8D4424 0C              | lea eax,dword ptr ss:[esp+C]               |
005168CA     | 50                     | push eax                                   | eax:&"ActId"
005168CB     | 68 C0656000            | push sourceinsight4.6065C0                 | 6065C0:"Organization"
005168D0     | 8D4C24 24              | lea ecx,dword ptr ss:[esp+24]              | [esp+24]:"ActId"
005168D4     | E8 E7DCFFFF            | call sourceinsight4.5145C0                 | 取出 ["Organization"] 的值
005168D9     | 85C0                   | test eax,eax                               | eax:&"ActId"
005168DB     | 74 14                  | je sourceinsight4.5168F1                   |
005168DD     | 8B4C24 0C              | mov ecx,dword ptr ss:[esp+C]               |
005168E1     | 51                     | push ecx                                   |
005168E2     | 8D96 04020000          | lea edx,dword ptr ds:[esi+204]             |
005168E8     | 52                     | push edx                                   |
005168E9     | E8 924E0A00            | call sourceinsight4.5BB780                 | strcpy(edx, ["Organization"])
005168EE     | 83C4 08                | add esp,8                                  |
005168F1     | 8D4424 0C              | lea eax,dword ptr ss:[esp+C]               |
005168F5     | 50                     | push eax                                   | eax:&"ActId"
005168F6     | 68 B8656000            | push sourceinsight4.6065B8                 | 6065B8:"Email"
005168FB     | 8D4C24 24              | lea ecx,dword ptr ss:[esp+24]              | [esp+24]:"ActId"
005168FF     | E8 BCDCFFFF            | call sourceinsight4.5145C0                 | 取出 ["Email"] 的值
00516904     | 85C0                   | test eax,eax                               | eax:&"ActId"
00516906     | 74 14                  | je sourceinsight4.51691C                   |
00516908     | 8B4C24 0C              | mov ecx,dword ptr ss:[esp+C]               |
0051690C     | 51                     | push ecx                                   |
0051690D     | 8D96 04030000          | lea edx,dword ptr ds:[esi+304]             |
00516913     | 52                     | push edx                                   |
00516914     | E8 674E0A00            | call sourceinsight4.5BB780                 | strcpy(edx, ["Email"])
00516919     | 83C4 08                | add esp,8                                  |
0051691C     | 8D4424 0C              | lea eax,dword ptr ss:[esp+C]               |
00516920     | 50                     | push eax                                   | eax:&"ActId"
00516921     | 68 B0656000            | push sourceinsight4.6065B0                 | 6065B0:"Serial"
00516926     | 8D4C24 24              | lea ecx,dword ptr ss:[esp+24]              | [esp+24]:"ActId"
0051692A     | E8 91DCFFFF            | call sourceinsight4.5145C0                 | 取出 ["Serial"] 的值
0051692F     | 85C0                   | test eax,eax                               | eax:&"ActId"
00516931     | 0F84 B1020000          | je sourceinsight4.516BE8                   |
00516937     | 8B4C24 0C              | mov ecx,dword ptr ss:[esp+C]               |
0051693B     | 55                     | push ebp                                   |
0051693C     | 51                     | push ecx                                   |
0051693D     | 8D6E 04                | lea ebp,dword ptr ds:[esi+4]               |
00516940     | 55                     | push ebp                                   |
00516941     | E8 3A4E0A00            | call sourceinsight4.5BB780                 | strcpy(edx, ["Serial"])
00516946     | 83C4 08                | add esp,8                                  |
00516949     | 8D5424 10              | lea edx,dword ptr ss:[esp+10]              |
0051694D     | 52                     | push edx                                   |
0051694E     | 68 A8656000            | push sourceinsight4.6065A8                 | 6065A8:"ActId"
00516953     | 8D4C24 28              | lea ecx,dword ptr ss:[esp+28]              | [esp+28]:"Serial"
00516957     | E8 64DCFFFF            | call sourceinsight4.5145C0                 | 取出 ["ActId"] 的值
0051695C     | 85C0                   | test eax,eax                               | eax:&"ActId"
0051695E     | 0F84 66020000          | je sourceinsight4.516BCA                   |
00516964     | 8B4424 10              | mov eax,dword ptr ss:[esp+10]              |
00516968     | 50                     | push eax                                   | eax:&"ActId"
00516969     | 8DBE 3A060000          | lea edi,dword ptr ds:[esi+63A]             |
0051696F     | 57                     | push edi                                   |
00516970     | E8 0B4E0A00            | call sourceinsight4.5BB780                 | strcpy(edx, ["ActId"])
00516975     | 68 7F1B0000            | push 1B7F                                  |
0051697A     | 6A 32                  | push 32                                    |
0051697C     | 6A 04                  | push 4                                     |
0051697E     | 68 701A6500            | push sourceinsight4.651A70                 |
00516983     | 57                     | push edi                                   |
00516984     | E8 E7CBEEFF            | call sourceinsight4.403570                 | 检查 ["ActId"] 的值
00516989     | 33C9                   | xor ecx,ecx                                |
0051698B     | 3BC3                   | cmp eax,ebx                                | eax:&"ActId"
0051698D     | 0F9FC1                 | setg cl                                    |
00516990     | 68 9C656000            | push sourceinsight4.60659C                 | 60659C:"Deferred"
00516995     | 57                     | push edi                                   |
00516996     | 8BD9                   | mov ebx,ecx                                |
00516998     | E8 8DA40B00            | call sourceinsight4.5D0E2A                 | stricmp(["ActId"], "Deferred")
0051699D     | 83C4 24                | add esp,24                                 |
005169A0     | 85C0                   | test eax,eax                               | eax:&"ActId"
005169A2     | 75 38                  | jne sourceinsight4.5169DC                  |
005169A4     | C706 02000000          | mov dword ptr ds:[esi],2                   |
005169AA     | C78424 28040000 FFFFFF | mov dword ptr ss:[esp+428],FFFFFFFF        |
005169B5     | 8D4C24 20              | lea ecx,dword ptr ss:[esp+20]              |
005169B9     | E8 22DBFFFF            | call sourceinsight4.5144E0                 | 释放掉保存的文件数据
005169BE     | B8 C8000000            | mov eax,C8                                 | 返回值为 0XC8,表示通过检查。
005169C3     | 5D                     | pop ebp                                    |
005169C4     | 5F                     | pop edi                                    |
005169C5     | 5E                     | pop esi                                    |
005169C6     | 5B                     | pop ebx                                    |
005169C7     | 8B8C24 10040000        | mov ecx,dword ptr ss:[esp+410]             |
005169CE     | 64:890D 00000000       | mov dword ptr fs:[0],ecx                   |
005169D5     | 81C4 1C040000          | add esp,41C                                |
005169DB     | C3                     | ret                                        | 
005169DC     | 33D2                   | xor edx,edx                                |
005169DE     | 85DB                   | test ebx,ebx                               |
005169E0     | 0F94C2                 | sete dl                                    |
005169E3     | 8D4424 14              | lea eax,dword ptr ss:[esp+14]              |
005169E7     | 8D4C24 18              | lea ecx,dword ptr ss:[esp+18]              |
005169EB     | 52                     | push edx                                   |
005169EC     | 50                     | push eax                                   | eax:&"ActId"
005169ED     | 51                     | push ecx                                   |
005169EE     | 8D5424 28              | lea edx,dword ptr ss:[esp+28]              | [esp+28]:"Serial"
005169F2     | 52                     | push edx                                   |
005169F3     | 55                     | push ebp                                   |
005169F4     | E8 A7E1FFFF            | call sourceinsight4.514BA0                 | 检查 ["Serial"]
005169F9     | 83C4 14                | add esp,14                                 |
005169FC     | 85C0                   | test eax,eax                               | eax:&"ActId"
005169FE     | 74 0C                  | je sourceinsight4.516A0C                   |
00516A00     | 8B4424 18              | mov eax,dword ptr ss:[esp+18]              |
00516A04     | 3B86 0C060000          | cmp eax,dword ptr ds:[esi+60C]             | eax:&"ActId"
00516A0A     | 74 1B                  | je sourceinsight4.516A27                   |
00516A0C     | C78424 28040000 FFFFFF | mov dword ptr ss:[esp+428],FFFFFFFF        |
00516A17     | 8D4C24 20              | lea ecx,dword ptr ss:[esp+20]              |
00516A1B     | E8 C0DAFFFF            | call sourceinsight4.5144E0                 |
00516A20     | B8 EF010000            | mov eax,1EF                                | eax:&"ActId"
00516A25     | EB 9C                  | jmp sourceinsight4.5169C3                  |
00516A27     | 0FB60D 13956500        | movzx ecx,byte ptr ds:[659513]             |
00516A2E     | 8B7C24 14              | mov edi,dword ptr ss:[esp+14]              |
00516A32     | 3BF9                   | cmp edi,ecx                                |
00516A34     | 0F85 BA000000          | jne sourceinsight4.516AF4                  |
00516A3A     | 55                     | push ebp                                   |
00516A3B     | B9 40846600            | mov ecx,sourceinsight4.668440              |
00516A40     | E8 CB6FF4FF            | call sourceinsight4.45DA10                 |
00516A45     | 85C0                   | test eax,eax                               | eax:&"ActId"
00516A47     | 74 1E                  | je sourceinsight4.516A67                   |
00516A49     | C78424 28040000 FFFFFF | mov dword ptr ss:[esp+428],FFFFFFFF        |
00516A54     | 8D4C24 20              | lea ecx,dword ptr ss:[esp+20]              |
00516A58     | E8 83DAFFFF            | call sourceinsight4.5144E0                 |
00516A5D     | B8 CC010000            | mov eax,1CC                                | eax:&"ActId"
00516A62     | E9 5CFFFFFF            | jmp sourceinsight4.5169C3                  |
00516A67     | 85DB                   | test ebx,ebx                               |
00516A69     | 75 37                  | jne sourceinsight4.516AA2                  |
00516A6B     | 8D5424 10              | lea edx,dword ptr ss:[esp+10]              |
00516A6F     | 52                     | push edx                                   |
00516A70     | 68 94656000            | push sourceinsight4.606594                 | 606594:"HWID"
00516A75     | 8D4C24 28              | lea ecx,dword ptr ss:[esp+28]              | [esp+28]:"Serial"
00516A79     | C706 01000000          | mov dword ptr ds:[esi],1                   |
00516A7F     | E8 3CDBFFFF            | call sourceinsight4.5145C0                 |
00516A84     | 85C0                   | test eax,eax                               | eax:&"ActId"
00516A86     | 0F84 3E010000          | je sourceinsight4.516BCA                   |
00516A8C     | 8B4424 10              | mov eax,dword ptr ss:[esp+10]              |
00516A90     | 50                     | push eax                                   | eax:&"ActId"
00516A91     | 8D8E 28060000          | lea ecx,dword ptr ds:[esi+628]             |
00516A97     | 51                     | push ecx                                   |
00516A98     | E8 E34C0A00            | call sourceinsight4.5BB780                 |
00516A9D     | 83C4 08                | add esp,8                                  |
00516AA0     | EB 06                  | jmp sourceinsight4.516AA8                  |
00516AA2     | C706 03000000          | mov dword ptr ds:[esi],3                   |
00516AA8     | 8D5424 10              | lea edx,dword ptr ss:[esp+10]              |
00516AAC     | 52                     | push edx                                   |
00516AAD     | 68 10AC5D00            | push sourceinsight4.5DAC10                 | 5DAC10:"Version"
00516AB2     | 8D4C24 28              | lea ecx,dword ptr ss:[esp+28]              | [esp+28]:"Serial"
00516AB6     | E8 05DBFFFF            | call sourceinsight4.5145C0                 | 取出 ["Version"] 的值
00516ABB     | 85C0                   | test eax,eax                               | eax:&"ActId"
00516ABD     | 0F84 07010000          | je sourceinsight4.516BCA                   |
00516AC3     | 8B4424 10              | mov eax,dword ptr ss:[esp+10]              |
00516AC7     | 8A00                   | mov al,byte ptr ds:[eax]                   | eax:&"ActId"
00516AC9     | 3C 30                  | cmp al,30                                  | 30:'0'
00516ACB     | 0F8C F9000000          | jl sourceinsight4.516BCA                   |
00516AD1     | 3C 39                  | cmp al,39                                  | 39:'9'
00516AD3     | 0F8F F1000000          | jg sourceinsight4.516BCA                   |
00516AD9     | 0FBEC0                 | movsx eax,al                               | eax:&"ActId"
00516ADC     | 83C0 D0                | add eax,FFFFFFD0                           | eax:&"ActId"
00516ADF     | 8986 04060000          | mov dword ptr ds:[esi+604],eax             | eax:&"ActId"
00516AE5     | 0FB60D 13956500        | movzx ecx,byte ptr ds:[659513]             |
00516AEC     | 3BC1                   | cmp eax,ecx                                | eax:&"ActId"
00516AEE     | 75 04                  | jne sourceinsight4.516AF4                  |
00516AF0     | 3BC7                   | cmp eax,edi                                | eax:&"ActId"
00516AF2     | 74 1E                  | je sourceinsight4.516B12                   |
00516AF4     | C78424 28040000 FFFFFF | mov dword ptr ss:[esp+428],FFFFFFFF        |
00516AFF     | 8D4C24 20              | lea ecx,dword ptr ss:[esp+20]              |
00516B03     | E8 D8D9FFFF            | call sourceinsight4.5144E0                 |
00516B08     | B8 EA010000            | mov eax,1EA                                | eax:&"ActId"
00516B0D     | E9 B1FEFFFF            | jmp sourceinsight4.5169C3                  |
00516B12     | 8D5424 10              | lea edx,dword ptr ss:[esp+10]              |
00516B16     | 33DB                   | xor ebx,ebx                                |
00516B18     | 52                     | push edx                                   |
00516B19     | 68 88656000            | push sourceinsight4.606588                 | 606588:"Expiration"
00516B1E     | 8D4C24 28              | lea ecx,dword ptr ss:[esp+28]              | [esp+28]:"Serial"
00516B22     | 899E 18060000          | mov dword ptr ds:[esi+618],ebx             |
00516B28     | 899E 14060000          | mov dword ptr ds:[esi+614],ebx             |
00516B2E     | 899E 10060000          | mov dword ptr ds:[esi+610],ebx             |
00516B34     | E8 87DAFFFF            | call sourceinsight4.5145C0                 | 取出 ["Expiration"] 的值
00516B39     | 85C0                   | test eax,eax                               | eax:&"ActId"
00516B3B     | 74 1F                  | je sourceinsight4.516B5C                   |
00516B3D     | 8B4424 10              | mov eax,dword ptr ss:[esp+10]              |
00516B41     | 50                     | push eax                                   | eax:&"ActId"
00516B42     | 8D8E 10060000          | lea ecx,dword ptr ds:[esi+610]             |
00516B48     | E8 E394F3FF            | call sourceinsight4.450030                 |
00516B4D     | 8D8E 10060000          | lea ecx,dword ptr ds:[esi+610]             |
00516B53     | E8 8881F3FF            | call sourceinsight4.44ECE0                 |
00516B58     | 85C0                   | test eax,eax                               | eax:&"ActId"
00516B5A     | 74 50                  | je sourceinsight4.516BAC                   |
00516B5C     | 8D4C24 10              | lea ecx,dword ptr ss:[esp+10]              |
00516B60     | 51                     | push ecx                                   |
00516B61     | 68 D8A65E00            | push sourceinsight4.5EA6D8                 | 5EA6D8:"Date"
00516B66     | 8D4C24 28              | lea ecx,dword ptr ss:[esp+28]              | [esp+28]:"Serial"
00516B6A     | 899E 24060000          | mov dword ptr ds:[esi+624],ebx             |
00516B70     | 899E 20060000          | mov dword ptr ds:[esi+620],ebx             |
00516B76     | 899E 1C060000          | mov dword ptr ds:[esi+61C],ebx             |
00516B7C     | E8 3FDAFFFF            | call sourceinsight4.5145C0                 | 取出 ["Date"] 的值
00516B81     | 85C0                   | test eax,eax                               | eax:&"ActId"
00516B83     | 0F84 21FEFFFF          | je sourceinsight4.5169AA                   |
00516B89     | 8B5424 10              | mov edx,dword ptr ss:[esp+10]              |
00516B8D     | 52                     | push edx                                   |
00516B8E     | 8D8E 1C060000          | lea ecx,dword ptr ds:[esi+61C]             |
00516B94     | E8 9794F3FF            | call sourceinsight4.450030                 | 检查日期的有效性
00516B99     | 8D8E 1C060000          | lea ecx,dword ptr ds:[esi+61C]             |
00516B9F     | E8 3C81F3FF            | call sourceinsight4.44ECE0                 |
00516BA4     | 85C0                   | test eax,eax                               | 检查年、月、日的有效性
00516BA6     | 0F85 FEFDFFFF          | jne sourceinsight4.5169AA                  |
00516BAC     | C78424 28040000 FFFFFF | mov dword ptr ss:[esp+428],FFFFFFFF        |
00516BB7     | 8D4C24 20              | lea ecx,dword ptr ss:[esp+20]              |
00516BBB     | E8 20D9FFFF            | call sourceinsight4.5144E0                 |
00516BC0     | B8 E3010000            | mov eax,1E3                                | eax:&"ActId"
00516BC5     | E9 F9FDFFFF            | jmp sourceinsight4.5169C3                  |
00516BCA     | C78424 28040000 FFFFFF | mov dword ptr ss:[esp+428],FFFFFFFF        |
00516BD5     | 8D4C24 20              | lea ecx,dword ptr ss:[esp+20]              |
00516BD9     | E8 02D9FFFF            | call sourceinsight4.5144E0                 |
00516BDE     | B8 D5010000            | mov eax,1D5                                | eax:&"ActId"
00516BE3     | E9 DBFDFFFF            | jmp sourceinsight4.5169C3                  |
00516BE8     | C78424 24040000 FFFFFF | mov dword ptr ss:[esp+424],FFFFFFFF        |
00516BF3     | 8D4C24 1C              | lea ecx,dword ptr ss:[esp+1C]              |
00516BF7     | E8 E4D8FFFF            | call sourceinsight4.5144E0                 |
00516BFC     | 8B8C24 1C040000        | mov ecx,dword ptr ss:[esp+41C]             |
00516C03     | 5F                     | pop edi                                    |
00516C04     | 5E                     | pop esi                                    |
00516C05     | B8 D5010000            | mov eax,1D5                                | eax:&"ActId"
00516C0A     | 5B                     | pop ebx                                    |
00516C0B     | 64:890D 00000000       | mov dword ptr fs:[0],ecx                   |
00516C12     | 81C4 1C040000          | add esp,41C                                |
00516C18     | C3                     | ret                                        |
00515F90     | B8 24210000            | mov eax,2124                         |
00515F95     | E8 36850A00            | call sourceinsight4.5BE4D0           |
00515F9A     | 56                     | push esi                             |
00515F9B     | 8BB424 2C210000        | mov esi,dword ptr ss:[esp+212C]      |
00515FA2     | 68 A01F0000            | push 1FA0                            |
00515FA7     | 8D8424 8C010000        | lea eax,dword ptr ss:[esp+18C]       |
00515FAE     | 50                     | push eax                             |
00515FAF     | 56                     | push esi                             |
00515FB0     | E8 5BE6FFFF            | call sourceinsight4.514610           | 打开文件,并读取内容。
00515FB5     | 83C4 0C                | add esp,C                            |
00515FB8     | 3D C8000000            | cmp eax,C8                           |
00515FBD     | 0F85 49010000          | jne sourceinsight4.51610C            |
00515FC3     | 8B8C24 30210000        | mov ecx,dword ptr ss:[esp+2130]      |
00515FCA     | 51                     | push ecx                             | ecx:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
00515FCB     | 8D9424 8C010000        | lea edx,dword ptr ss:[esp+18C]       |
00515FD2     | 52                     | push edx                             |
00515FD3     | E8 88F8FFFF            | call sourceinsight4.515860           |
00515FD8     | 56                     | push esi                             |
00515FD9     | E8 0257F4FF            | call sourceinsight4.45B6E0           | 将文件内容转换为 XML 格式
00515FDE     | 83C4 0C                | add esp,C                            |
00515FE1     | 85C0                   | test eax,eax                         |
00515FE3     | 75 0D                  | jne sourceinsight4.515FF2            |
00515FE5     | B8 CC010000            | mov eax,1CC                          |
00515FEA     | 5E                     | pop esi                              |
00515FEB     | 81C4 24210000          | add esp,2124                         |
00515FF1     | C3                     | ret                                  |
00515FF2     | 68 085E6000            | push sourceinsight4.605E08           | 605E08:"Signature"
00515FF7     | 8BC8                   | mov ecx,eax                          | ecx:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
00515FF9     | E8 722AF4FF            | call sourceinsight4.458A70           | 判断是否有 "Sigature" 字段
00515FFE     | 8BF0                   | mov esi,eax                          |
00516000     | 85F6                   | test esi,esi                         |
00516002     | 74 E1                  | je sourceinsight4.515FE5             |
00516004     | 68 889D5E00            | push sourceinsight4.5E9D88           | 5E9D88:"Value"
00516009     | 8BCE                   | mov ecx,esi                          | ecx:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
0051600B     | E8 4032F4FF            | call sourceinsight4.459250           | 检查 "Value" 是否存在
00516010     | 85C0                   | test eax,eax                         |
00516012     | 74 D1                  | je sourceinsight4.515FE5             |
00516014     | 55                     | push ebp                             |
00516015     | 57                     | push edi                             |
00516016     | 8B78 18                | mov edi,dword ptr ds:[eax+18]        |
00516019     | 8B46 20                | mov eax,dword ptr ds:[esi+20]        |
0051601C     | 8D8C24 90010000        | lea ecx,dword ptr ss:[esp+190]       |
00516023     | 51                     | push ecx                             | ecx:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
00516024     | C68404 94010000 00     | mov byte ptr ss:[esp+eax+194],0      |
0051602C     | E8 AFE8F2FF            | call sourceinsight4.4448E0           |
00516031     | 8BE8                   | mov ebp,eax                          |
00516033     | 83C4 04                | add esp,4                            |
00516036     | 85ED                   | test ebp,ebp                         |
00516038     | 75 0F                  | jne sourceinsight4.516049            |
0051603A     | 5F                     | pop edi                              |
0051603B     | 5D                     | pop ebp                              |
0051603C     | B8 EC010000            | mov eax,1EC                          |
00516041     | 5E                     | pop esi                              |
00516042     | 81C4 24210000          | add esp,2124                         |
00516048     | C3                     | ret                                  |
00516049     | 55                     | push ebp                             |
0051604A     | 8D9424 94010000        | lea edx,dword ptr ss:[esp+194]       |
00516051     | 68 0C606000            | push sourceinsight4.60600C           | 60600C:"\n\r\t "
00516056     | 52                     | push edx                             |
00516057     | E8 14EAF2FF            | call sourceinsight4.444A70           | 取出掉文件数据中的空白字符和换行符
0051605C     | 83C4 0C                | add esp,C                            |
0051605F     | 8D4424 10              | lea eax,dword ptr ss:[esp+10]        |
00516063     | 50                     | push eax                             |
00516064     | 68 80000000            | push 80                              |
00516069     | 68 B0070000            | push 7B0                             |
0051606E     | 55                     | push ebp                             |
0051606F     | E8 6C4E0A00            | call sourceinsight4.5BAEE0           | 计算长度
00516074     | 83C4 04                | add esp,4                            |
00516077     | 40                     | inc eax                              |
00516078     | 50                     | push eax                             |
00516079     | 55                     | push ebp                             |
0051607A     | E8 91D1EEFF            | call sourceinsight4.403210           | 1.
0051607F     | 8D4C24 20              | lea ecx,dword ptr ss:[esp+20]        |
00516083     | 51                     | push ecx                             | ecx:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
00516084     | 8D9424 A8000000        | lea edx,dword ptr ss:[esp+A8]        |
0051608B     | 52                     | push edx                             |
0051608C     | 57                     | push edi                             |
0051608D     | E8 6ECEEEFF            | call sourceinsight4.402F00           | 2. 对 Signature 块中 Value 字段的字符串进行 Base64 解码
00516092     | 83C4 20                | add esp,20                           |
00516095     | 817C24 0C 80000000     | cmp dword ptr ss:[esp+C],80          |
0051609D     | 75 50                  | jne sourceinsight4.5160EF            |
0051609F     | B8 80000000            | mov eax,80                           |
005160A4     | 8D4C24 10              | lea ecx,dword ptr ss:[esp+10]        |
005160A8     | 8DB424 90000000        | lea esi,dword ptr ss:[esp+90]              | esi:EntryPoint
005160AF     | 90                     | nop                                        |
005160B0     | 8B16                   | mov edx,dword ptr ds:[esi]                 | edx:EntryPoint, esi:EntryPoint
005160B2     | 3B11                   | cmp edx,dword ptr ds:[ecx]                 | edx:EntryPoint, ecx:EntryPoint
005160B4     | 75 39                  | jne sourceinsight4_original.5160EF         |
005160B6     | 83E8 04                | sub eax,4                                  |
005160B9     | 83C1 04                | add ecx,4                                  | ecx:EntryPoint
005160BC     | 83C6 04                | add esi,4                                  | esi:EntryPoint
005160BF     | 83F8 04                | cmp eax,4                                  |
005160C2     | 73 EC                  | jae sourceinsight4.5160B0            |
005160C4     | 85C0                   | test eax,eax                         |
005160C6     | 74 20                  | je sourceinsight4.5160E8             |
005160C8     | 8A11                   | mov dl,byte ptr ds:[ecx]             | ecx:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
005160CA     | 3A16                   | cmp dl,byte ptr ds:[esi]             |
005160CC     | 75 21                  | jne sourceinsight4.5160EF            |
005160CE     | 83F8 01                | cmp eax,1                            |
005160D1     | 76 15                  | jbe sourceinsight4.5160E8            |
005160D3     | 8A51 01                | mov dl,byte ptr ds:[ecx+1]           | ecx+1:":\\ProgramData\\Source Insight\\4.0\\si4.lic"
005160D6     | 3A56 01                | cmp dl,byte ptr ds:[esi+1]           |
005160D9     | 75 14                  | jne sourceinsight4.5160EF            |
005160DB     | 83F8 02                | cmp eax,2                            |
005160DE     | 76 08                  | jbe sourceinsight4.5160E8            |
005160E0     | 8A41 02                | mov al,byte ptr ds:[ecx+2]           | ecx+2:"\\ProgramData\\Source Insight\\4.0\\si4.lic"
005160E3     | 3A46 02                | cmp al,byte ptr ds:[esi+2]           |
005160E6     | 75 07                  | jne sourceinsight4.5160EF            |
005160E8     | BE 01000000            | mov esi,1                            |
005160ED     | EB 02                  | jmp sourceinsight4.5160F1            |
005160EF     | 33F6                   | xor esi,esi                          |
005160F1     | 55                     | push ebp                             |
005160F2     | E8 39EDF0FF            | call sourceinsight4.424E30           |
005160F7     | 83C4 04                | add esp,4                            |
005160FA     | 8BC6                   | mov eax,esi                          |
005160FC     | F7D8                   | neg eax                              |
005160FE     | 1BC0                   | sbb eax,eax                          |
00516100     | 25 FAFEFFFF            | and eax,FFFFFEFA                     |
00516105     | 5F                     | pop edi                              |
00516106     | 05 CE010000            | add eax,1CE                          |
0051610B     | 5D                     | pop ebp                              |
0051610C     | 5E                     | pop esi                              |
0051610D     | 81C4 24210000          | add esp,2124                         |
00516113     | C3                     | ret                                  |
00515F90     | B8 24210000            | mov eax,2124                         |
00515F95     | E8 36850A00            | call sourceinsight4.5BE4D0           |
00515F9A     | 56                     | push esi                             |
00515F9B     | 8BB424 2C210000        | mov esi,dword ptr ss:[esp+212C]      |
00515FA2     | 68 A01F0000            | push 1FA0                            |
00515FA7     | 8D8424 8C010000        | lea eax,dword ptr ss:[esp+18C]       |
00515FAE     | 50                     | push eax                             |
00515FAF     | 56                     | push esi                             |
00515FB0     | E8 5BE6FFFF            | call sourceinsight4.514610           | 打开文件,并读取内容。
00515FB5     | 83C4 0C                | add esp,C                            |
00515FB8     | 3D C8000000            | cmp eax,C8                           |
00515FBD     | 0F85 49010000          | jne sourceinsight4.51610C            |
00515FC3     | 8B8C24 30210000        | mov ecx,dword ptr ss:[esp+2130]      |
00515FCA     | 51                     | push ecx                             | ecx:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
00515FCB     | 8D9424 8C010000        | lea edx,dword ptr ss:[esp+18C]       |
00515FD2     | 52                     | push edx                             |
00515FD3     | E8 88F8FFFF            | call sourceinsight4.515860           |
00515FD8     | 56                     | push esi                             |
00515FD9     | E8 0257F4FF            | call sourceinsight4.45B6E0           | 将文件内容转换为 XML 格式
00515FDE     | 83C4 0C                | add esp,C                            |
00515FE1     | 85C0                   | test eax,eax                         |
00515FE3     | 75 0D                  | jne sourceinsight4.515FF2            |
00515FE5     | B8 CC010000            | mov eax,1CC                          |
00515FEA     | 5E                     | pop esi                              |
00515FEB     | 81C4 24210000          | add esp,2124                         |
00515FF1     | C3                     | ret                                  |
00515FF2     | 68 085E6000            | push sourceinsight4.605E08           | 605E08:"Signature"
00515FF7     | 8BC8                   | mov ecx,eax                          | ecx:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
00515FF9     | E8 722AF4FF            | call sourceinsight4.458A70           | 判断是否有 "Sigature" 字段
00515FFE     | 8BF0                   | mov esi,eax                          |
00516000     | 85F6                   | test esi,esi                         |
00516002     | 74 E1                  | je sourceinsight4.515FE5             |
00516004     | 68 889D5E00            | push sourceinsight4.5E9D88           | 5E9D88:"Value"
00516009     | 8BCE                   | mov ecx,esi                          | ecx:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
0051600B     | E8 4032F4FF            | call sourceinsight4.459250           | 检查 "Value" 是否存在
00516010     | 85C0                   | test eax,eax                         |
00516012     | 74 D1                  | je sourceinsight4.515FE5             |
00516014     | 55                     | push ebp                             |
00516015     | 57                     | push edi                             |
00516016     | 8B78 18                | mov edi,dword ptr ds:[eax+18]        |
00516019     | 8B46 20                | mov eax,dword ptr ds:[esi+20]        |
0051601C     | 8D8C24 90010000        | lea ecx,dword ptr ss:[esp+190]       |
00516023     | 51                     | push ecx                             | ecx:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
00516024     | C68404 94010000 00     | mov byte ptr ss:[esp+eax+194],0      |
0051602C     | E8 AFE8F2FF            | call sourceinsight4.4448E0           |
00516031     | 8BE8                   | mov ebp,eax                          |
00516033     | 83C4 04                | add esp,4                            |
00516036     | 85ED                   | test ebp,ebp                         |
00516038     | 75 0F                  | jne sourceinsight4.516049            |
0051603A     | 5F                     | pop edi                              |
0051603B     | 5D                     | pop ebp                              |
0051603C     | B8 EC010000            | mov eax,1EC                          |
00516041     | 5E                     | pop esi                              |
00516042     | 81C4 24210000          | add esp,2124                         |
00516048     | C3                     | ret                                  |
00516049     | 55                     | push ebp                             |
0051604A     | 8D9424 94010000        | lea edx,dword ptr ss:[esp+194]       |
00516051     | 68 0C606000            | push sourceinsight4.60600C           | 60600C:"\n\r\t "
00516056     | 52                     | push edx                             |
00516057     | E8 14EAF2FF            | call sourceinsight4.444A70           | 取出掉文件数据中的空白字符和换行符
0051605C     | 83C4 0C                | add esp,C                            |
0051605F     | 8D4424 10              | lea eax,dword ptr ss:[esp+10]        |
00516063     | 50                     | push eax                             |
00516064     | 68 80000000            | push 80                              |
00516069     | 68 B0070000            | push 7B0                             |
0051606E     | 55                     | push ebp                             |
0051606F     | E8 6C4E0A00            | call sourceinsight4.5BAEE0           | 计算长度
00516074     | 83C4 04                | add esp,4                            |
00516077     | 40                     | inc eax                              |
00516078     | 50                     | push eax                             |
00516079     | 55                     | push ebp                             |
0051607A     | E8 91D1EEFF            | call sourceinsight4.403210           | 1.
0051607F     | 8D4C24 20              | lea ecx,dword ptr ss:[esp+20]        |
00516083     | 51                     | push ecx                             | ecx:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
00516084     | 8D9424 A8000000        | lea edx,dword ptr ss:[esp+A8]        |
0051608B     | 52                     | push edx                             |
0051608C     | 57                     | push edi                             |
0051608D     | E8 6ECEEEFF            | call sourceinsight4.402F00           | 2. 对 Signature 块中 Value 字段的字符串进行 Base64 解码
00516092     | 83C4 20                | add esp,20                           |
00516095     | 817C24 0C 80000000     | cmp dword ptr ss:[esp+C],80          |
0051609D     | 75 50                  | jne sourceinsight4.5160EF            |
0051609F     | B8 80000000            | mov eax,80                           |
005160A4     | 8D4C24 10              | lea ecx,dword ptr ss:[esp+10]        |
005160A8     | 8DB424 90000000        | lea esi,dword ptr ss:[esp+90]              | esi:EntryPoint
005160AF     | 90                     | nop                                        |
005160B0     | 8B16                   | mov edx,dword ptr ds:[esi]                 | edx:EntryPoint, esi:EntryPoint
005160B2     | 3B11                   | cmp edx,dword ptr ds:[ecx]                 | edx:EntryPoint, ecx:EntryPoint
005160B4     | 75 39                  | jne sourceinsight4_original.5160EF         |
005160B6     | 83E8 04                | sub eax,4                                  |
005160B9     | 83C1 04                | add ecx,4                                  | ecx:EntryPoint
005160BC     | 83C6 04                | add esi,4                                  | esi:EntryPoint
005160BF     | 83F8 04                | cmp eax,4                                  |
005160C2     | 73 EC                  | jae sourceinsight4.5160B0            |
005160C4     | 85C0                   | test eax,eax                         |
005160C6     | 74 20                  | je sourceinsight4.5160E8             |
005160C8     | 8A11                   | mov dl,byte ptr ds:[ecx]             | ecx:"C:\\ProgramData\\Source Insight\\4.0\\si4.lic"
005160CA     | 3A16                   | cmp dl,byte ptr ds:[esi]             |
005160CC     | 75 21                  | jne sourceinsight4.5160EF            |
005160CE     | 83F8 01                | cmp eax,1                            |
005160D1     | 76 15                  | jbe sourceinsight4.5160E8            |
005160D3     | 8A51 01                | mov dl,byte ptr ds:[ecx+1]           | ecx+1:":\\ProgramData\\Source Insight\\4.0\\si4.lic"
005160D6     | 3A56 01                | cmp dl,byte ptr ds:[esi+1]           |
005160D9     | 75 14                  | jne sourceinsight4.5160EF            |
005160DB     | 83F8 02                | cmp eax,2                            |
005160DE     | 76 08                  | jbe sourceinsight4.5160E8            |
005160E0     | 8A41 02                | mov al,byte ptr ds:[ecx+2]           | ecx+2:"\\ProgramData\\Source Insight\\4.0\\si4.lic"
005160E3     | 3A46 02                | cmp al,byte ptr ds:[esi+2]           |
005160E6     | 75 07                  | jne sourceinsight4.5160EF            |
005160E8     | BE 01000000            | mov esi,1                            |
005160ED     | EB 02                  | jmp sourceinsight4.5160F1            |
005160EF     | 33F6                   | xor esi,esi                          |
005160F1     | 55                     | push ebp                             |
005160F2     | E8 39EDF0FF            | call sourceinsight4.424E30           |
005160F7     | 83C4 04                | add esp,4                            |
005160FA     | 8BC6                   | mov eax,esi                          |
005160FC     | F7D8                   | neg eax                              |
005160FE     | 1BC0                   | sbb eax,eax                          |
00516100     | 25 FAFEFFFF            | and eax,FFFFFEFA                     |
00516105     | 5F                     | pop edi                              |
00516106     | 05 CE010000            | add eax,1CE                          |
0051610B     | 5D                     | pop ebp                              |

[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 11
支持
分享
最新回复 (24)
雪    币: 3070
活跃值: (30876)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
感谢分享
2023-6-14 09:11
1
雪    币: 770
活跃值: (3821)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
3

我的也是128但是注册不了。

---------------------------

Source Insight

---------------------------

The license file is not valid for this machine.


Please provide a serial number and re-activate the license on this machine.

---------------------------

确定   

---------------------------


最后于 2023-6-14 09:31 被无语了啊~嗝编辑 ,原因:
2023-6-14 09:30
0
雪    币: 2884
活跃值: (2397)
能力值: ( LV5,RANK:60 )
在线值:
发帖
回帖
粉丝
4
无语了啊~嗝 我的也是128但是注册不了。---------------------------Source Insight---------------------------The license file i ...
看看生成 si4.lic 文件
2023-6-14 09:59
0
雪    币: 2951
活跃值: (3767)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
5
感谢楼主分享思路和工具
2023-6-14 12:15
0
雪    币: 4150
活跃值: (2489)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
6
牛逼呀
2023-6-14 12:49
0
雪    币: 185
活跃值: (165)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
7
Source Insight 4.00.0128 可以激活吗?
2023-6-14 15:07
0
雪    币: 185
活跃值: (165)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
8

这种称为完美激活吧!牛啊!

但是有小bug,经常会重新弹出需要再次激活的界面!重新导入下lic就可以了,但是很烦啊,麻烦再改进下!

最后于 2023-6-14 18:32 被cfgrpg编辑 ,原因:
2023-6-14 18:15
0
雪    币: 2884
活跃值: (2397)
能力值: ( LV5,RANK:60 )
在线值:
发帖
回帖
粉丝
9
cfgrpg 这种称为完美激活吧!牛啊!但是有小bug,经常会重新弹出需要再次激活的界面!重新导入下lic就可以了,但是很烦啊,麻烦再改进下!
工具更新了。
2023-6-14 19:18
0
雪    币: 2884
活跃值: (2397)
能力值: ( LV5,RANK:60 )
在线值:
发帖
回帖
粉丝
10
无语了啊~嗝 我的也是128但是注册不了。---------------------------Source Insight---------------------------The license file i ...
你要先打开 Source Insight,然后再点击生成注册信息。看看使用说明。
2023-6-14 22:55
0
雪    币: 770
活跃值: (3821)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
11
耿念 看看生成 si4.lic 文件
有人说可以激活可能我没有享受注册机的运气了 
2023-6-14 22:58
0
雪    币: 770
活跃值: (3821)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
12
耿念 你要先打开 Source Insight,然后再点击生成注册信息。看看使用说明。
好吧。还是我自己的问题。我是先打开注册机的。激活成功了。感谢感谢~~
2023-6-14 22:59
0
雪    币: 770
活跃值: (3821)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
13
其实刚准备去买个正版算了。难得运气刚好楼主发了注册机省了一大笔。感谢感谢
2023-6-14 23:01
0
雪    币: 2884
活跃值: (2397)
能力值: ( LV5,RANK:60 )
在线值:
发帖
回帖
粉丝
14
无语了啊~嗝 其实刚准备去买个正版算了。难得运气刚好楼主发了注册机省了一大笔。感谢感谢
我刚刚更新了工具,还要改写 hosts 文件,你可以去 gitee 上面看看。
2023-6-14 23:07
0
雪    币: 770
活跃值: (3821)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
15
还是不太行。每隔5分钟弹出依次激活信息。可能有暗装或者因为需要控制断网才好使。虽然重新导入就能继续使用但是太麻烦了长期用还是买个正版算了。。
2023-6-14 23:07
0
雪    币: 185
活跃值: (165)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
16
耿念 工具更新了。

我使用的是更新后的版本,修改host的版本。确实会时不时弹出重新激活的对话框

最后于 2023-6-14 23:24 被cfgrpg编辑 ,原因:
2023-6-14 23:23
0
雪    币: 2884
活跃值: (2397)
能力值: ( LV5,RANK:60 )
在线值:
发帖
回帖
粉丝
17
cfgrpg 耿念 工具更新了。 我使用的是更新后的版本,修改host的版本。确实会时不时弹出重新激活的对话框
1. 你检查一下 C:\Windows\System32\drivers\etc\hosts 是否有 "127.0.0.1    sls.sourceinsight.com" 这条记录。
2. 打开 Cmd,执行 "ipconfig /flushdns"。
3. "ping sls.sourceinsight.com" 看看 IP 是否为 127.0.0.1。 
2023-6-15 08:05
0
雪    币: 185
活跃值: (165)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
18
耿念 1. 你检查一下 C:\Windows\System32\drivers\etc\hosts 是否有 "127.0.0.1 sls.sourceinsight.com" 这条 ...

肯定有啊,你的电脑不会弹吗? 难道我开了代理的原因?

2023-6-15 10:03
0
雪    币: 2884
活跃值: (2397)
能力值: ( LV5,RANK:60 )
在线值:
发帖
回帖
粉丝
19
cfgrpg 肯定有啊,你的电脑不会弹吗? 难道我开了代理的原因?
我上传了 UrlDisable 工具到 Gitee,你可以使用 UrlDisable 将 sls.sourceinsight.com 屏蔽掉,就可以了。
2023-6-15 11:34
0
雪    币: 185
活跃值: (165)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
20
耿念 我上传了 UrlDisable 工具到 Gitee,你可以使用 UrlDisable 将 sls.sourceinsight.com 屏蔽掉,就可以了。
确实是因为我开了代理的原因,应该是完美破解了!
2023-6-15 13:39
0
雪    币: 2884
活跃值: (2397)
能力值: ( LV5,RANK:60 )
在线值:
发帖
回帖
粉丝
21

补充:

2023-6-15 23:25
0
雪    币: 89
活跃值: (185)
能力值: ( LV9,RANK:270 )
在线值:
发帖
回帖
粉丝
22
哈哈,完美激活啦,白嫖成功
2023-7-3 16:02
0
雪    币: 12
活跃值: (20)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
23
厉害
2023-7-5 08:47
0
雪    币: 0
活跃值: (35)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
24
大神,最新134好像不行,是官方修正了,还是我用的方式不对
2023-12-24 19:58
0
雪    币: 147
活跃值: (36)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
25
ilovemmbb 大神,最新134好像不行,是官方修正了,还是我用的方式不对
可以激活的。关键是在导入许可文件之前屏蔽 sls.sourceinsight.com 这个域名。只要https://sls.sourceinsight.com/request_activation/  HTTP状态码不返回460都可以成功!
2024-6-24 16:27
0
游客
登录 | 注册 方可回帖
返回
//