简介:
ESET NOD32 是世界排名第三的杀毒软件,其以轻快巧著称,下载地址 :
http://www.skycn.com/soft/37962.html
这个小工具的作用是自动从网上ESET ID发布页获取最新ID,然后用ID到官方进行验证,验证可用就写入本地注册表来修改ESET的ID信息。
本程序涉及了wininet 函数库,AOGO的正则表达式的使用,托盘气泡提示,配置文件的读取等等,希望对大家有所帮助!
另外程序可能存在各种BUG,欢迎测试告知,谢谢!
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; Programmed by nohacks, nohacks@163.com
; Website: http://hi.baidu.com/nohacks
; Win32 ASM is Masm
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 版本信息
; Eset_Nohacks_AUTOID V1.0 - ESET ID自动获取填写工具(适用2.x和3.x版本)
;
; nohacks 2009年 6 月 26 日
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.586
.model flat, stdcall ;32 bit memory model
option casemap :none ;case sensitive
include ESET_AUTOID.inc
include Express.inc
includelib Express.lib
;#########################################################################
.Const
RegEset30 db "SOFTWARE\Eset\ESET Security\CurrentVersion\Plugins\01000400\Profiles\@My profile\",0
RegEset27 db "SOFTWARE\Eset\Nod\CurrentVersion\Modules\Update\Settings\Config000\Settings\",0
Express db 'username?*[%]{[a-z]+-[0-9]+}?*<\>>password?*[%]{[a-z,0-9]+}',0
.data
PassBytes db 97, 214, 212, 233, 221, 240, 251, 242, 91, 100, 53, 173, 183, 200, 25, 117, 236, 49, 43, 188
UserPass db '%s--%s',0
template db '%1d',0
ininame db ".\ESET_AUTOID.ini",0
Section db "SETUP",0
keyname db "ECHO",0
myecho db "NO",0
.data?
hInstance dd ?
Winhwnd dd ?
hwnd dd ?
@echo dd ?
@hKey dd ?
lpRet POINT 10 dup(<?>)
iCount dd ?
iecho db 10 dup(0)
note mNOTIFYICONDATA <>
;#########################################################################
.code
start:
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke InitCommonControls
invoke GetPrivateProfileString,addr Section,addr keyname,addr myecho,addr iecho ,size iecho ,addr ininame
invoke lstrlen, addr iecho
invoke CharUpperBuff,addr iecho ,eax
invoke lstrcmp,addr iecho,CTEXT("OFF")
.IF EAX==0
mov @echo,0
.else
mov @echo,1
.endif
invoke DialogBoxParam,hInstance,IDD_DIALOG1,NULL,addr DlgProc,NULL
invoke ExitProcess,0
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;文本串去空格拷贝过程, 参数:输入文本,输出缓存
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Trim proc uses esi edi ecx edx ebx , lpstr,Buffer
mov esi,lpstr
mov edi ,Buffer
xor ecx,ecx
xor edx,edx
.while TRUE
mov al,20h
mov ah ,byte ptr[esi+ecx]
.if ah==al
inc edx
.else
mov ebx, ecx
sub ebx,edx
mov byte ptr[edi+ebx],ah
.if ah==0
ret
.endif
.endif
inc ecx
.endw
ret
Trim endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;调试用,信息框显示数值 参数:标题,待显示数值
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
debugbox proc text:dword,dwDword:dword
LOCAL posBuffer[10]:byte
invoke wsprintf,addr posBuffer,addr template,dwDword
invoke MessageBox, NULL, addr posBuffer, text, MB_OK
debugbox endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;正则表达式取子文本,参数:POINT地址,输出缓存,缓存大小
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
GetRetString proc uses edx , lpPOINT,lpRetString,iSize
mov edx,lpPOINT
mov eax,[edx].POINT.y
sub eax,[edx].POINT.x
.if eax>iSize
mov eax,iSize
.endif
push eax
invoke RtlMoveMemory,lpRetString,[edx].POINT.x,eax
pop eax
mov edx,lpRetString
mov BYTE ptr [edx+eax],0
ret
GetRetString endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;NOD32_ID验证过程,参数:用户名,密码
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
TestID proc uses edx lpuser:dword,lppass:dword
LOCAL hOpen,hConnect,hRequest,dwSize,status
invoke InternetOpen,CTEXT("nohacks_autoid"),INTERNET_OPEN_TYPE_PRECONFIG,NULL,NULL,0
mov hOpen,eax
.IF eax==0
invoke InternetCloseHandle,hOpen
mov eax,-1
ret
.endif
invoke InternetConnect,hOpen,CTEXT("download.eset.com"),INTERNET_DEFAULT_HTTP_PORT,lpuser,lppass,INTERNET_SERVICE_HTTP,0,0
mov hConnect,eax
.IF eax==0
invoke InternetCloseHandle,hOpen
invoke InternetCloseHandle,hConnect
mov eax,-1
ret
.endif
invoke HttpOpenRequest,hConnect, CTEXT("GET"),CTEXT("/download/win"),NULL, NULL, 0, INTERNET_FLAG_KEEP_CONNECTION, 0
mov hRequest,eax
.IF eax==0
invoke InternetCloseHandle,hOpen
invoke InternetCloseHandle,hConnect
invoke HttpEndRequest ,hRequest,NULL, NULL,NULL
mov eax,-1
ret
.endif
invoke HttpSendRequest ,hRequest,NULL,0,NULL,0
.IF eax==0
invoke InternetCloseHandle,hOpen
invoke InternetCloseHandle,hConnect
invoke HttpEndRequest ,hRequest,NULL, NULL,NULL
mov eax,-1
ret
.endif
mov dwSize,4
mov status,0
invoke HttpQueryInfo,hRequest,HTTP_QUERY_STATUS_CODE + HTTP_QUERY_FLAG_NUMBER , addr status , addr dwSize , 0
.IF eax==0
invoke InternetCloseHandle,hOpen
invoke InternetCloseHandle,hConnect
invoke HttpEndRequest ,hRequest,NULL, NULL,NULL
mov eax,-1
ret
.endif
invoke InternetCloseHandle,hOpen
invoke InternetCloseHandle,hConnect
invoke InternetCloseHandle,hRequest
invoke HttpEndRequest ,hRequest,NULL, NULL,NULL
;invoke debugbox,CTEXT("status"),status
.if status!=0
.if status!=401
; invoke debugbox,CTEXT("status"),status
mov eax,TRUE
ret
.endif
.endif
xor eax,eax
ret
TestID endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;向系统托盘中写入图标 输入:窗口句柄 图标id 自定义消息 图标句柄 显示文本 标题
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_ProcTaskQiPao proc _hWnd,_dwId,_dwWm,_hIcon,_szBuffer,_szTitle
local @stNid:mNOTIFYICONDATA
.if @echo==0
ret
.endif
mov @stNid.cbSize,sizeof mNOTIFYICONDATA
push _hWnd
pop @stNid.hwnd
push _dwId
pop @stNid.uID
mov @stNid.uFlags, NIF_INFO
push _dwWm
pop @stNid.uCallbackMessage
push _hIcon
pop @stNid.hIcon
mov @stNid.dwInfoFlags,0
mov @stNid.uTimeoutOrVersion,3000
;invoke lstrcpy,addr @stNid.szTip,_szText
invoke lstrcpy,addr @stNid.szInfo,_szBuffer
invoke lstrcpy,addr @stNid.szInfoTitle,_szTitle
invoke Shell_NotifyIcon,NIM_MODIFY,addr @stNid
ret
_ProcTaskQiPao endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;ESET ID 密码加密过程,参数:源码,输出缓存
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
EnCode proc uses edi ebx lpEnCode,lpEnDestBuff
xor edi,edi
lea eax,PassBytes
mov edx,lpEnCode
mov ebx,lpEnDestBuff
.while edi < 10
mov cl,BYTE ptr [edx+edi] ;把密码逐位移到CL
xor cl,BYTE ptr [eax+edi*2] ;;关键代码: 与编码奇数位进行位异或运算
mov BYTE ptr [ebx+edi*2],cl ;奇数位移到缓存
mov cl,BYTE ptr [eax+edi*2-1] ;偶数位移到缓存
mov BYTE ptr [ebx+edi*2-1] ,cl
inc edi
.endw
mov eax,ebx
ret
EnCode endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;ESET ID 密码解密过程,参数:源码,输出缓存
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
DeCode proc uses edi ebx lpEnCode,lpDeDestBuff
xor edi,edi
lea eax,PassBytes
mov edx,lpEnCode
mov ebx,lpDeDestBuff
.while edi < 10
mov cl,BYTE ptr [edx+edi*2] ;把加密后的密码奇数位移到CL
xor cl,BYTE ptr [eax+edi*2] ;关键代码: 与编码奇数位进行位异或运算
mov BYTE ptr [ebx+edi],cl ;奇数位移到缓存
inc edi
.endw
mov eax,ebx
ret
DeCode endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;ESET ID获取过程,返回地址,参数:分发页网址 ,输出用户名,输出密码,获取个数上限,可以为空,默认100
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
GetEsetid proc uses ebx edx, url, lpUser,lpPass,ldNum
LOCAL hOpen,hOpenUrl,dwSize,status,@pMemory,@lpcdData,@start,@end
LOCAL @lpUser[20]:BYTE
LOCAL @lpPass[20]:BYTE
LOCAL @Pass[20]:BYTE
LOCAL @TEMP[100]:BYTE
;开始获取ID分发页源码
invoke InternetOpen,CTEXT("nohacks_autoid"),INTERNET_OPEN_TYPE_PRECONFIG,NULL,NULL,0
.IF eax==0
invoke InternetCloseHandle,hOpen
mov eax,-1
ret
.endif
mov hOpen,eax
invoke InternetOpenUrl,hOpen,url,NULL,0,INTERNET_FLAG_TRANSFER_BINARY+INTERNET_FLAG_PRAGMA_NOCACHE,0
.IF eax==0
invoke InternetCloseHandle,hOpen
invoke InternetCloseHandle,hOpenUrl
mov eax,-1
ret
.endif
mov hOpenUrl,eax
mov dwSize,4
mov status,0
invoke HttpQueryInfo,hOpenUrl,HTTP_QUERY_CONTENT_LENGTH + HTTP_QUERY_FLAG_NUMBER , addr status , addr dwSize , 0
.IF eax==0
invoke InternetCloseHandle,hOpen
invoke InternetCloseHandle,hOpenUrl
mov eax,-1
ret
.endif
invoke GlobalAlloc,0, status+1
mov @pMemory,eax
.if (!eax)
mov eax,-2
ret
.endif
invoke RtlZeroMemory ,@pMemory,status+1
;成功获取ID分发页源码,保存在申请的空间 @pMemory
invoke InternetReadFile,hOpenUrl, @pMemory,status,addr @lpcdData
.if (!eax)
mov eax,-3
ret
.endif
invoke InternetCloseHandle,hOpen
invoke InternetCloseHandle,hOpenUrl
;DebugCode: invoke debugbox,CTEXT("status"),status
;===========开始循环获取验证ID===================
;设置搜索开始地址
push @pMemory
pop @start
;设置搜索结束地址
mov eax,status
add eax,@pMemory
mov @end,eax
.if ldNum==NULL
mov ldNum,100
.endif
.WHILE ldNum>0
dec ldNum
mov iCount,3
invoke ExpressSearch,0,@start,@end,addr Express,addr lpRet,addr iCount,EF_USEEXPRESS
.BREAK .if (eax==0)
;后移开始地址到本次找到的位置尾
push lpRet.y
pop @start
.if SDWORD ptr eax>0
invoke RtlZeroMemory ,addr @lpUser,sizeof @lpUser
invoke RtlZeroMemory ,addr @lpPass,sizeof @lpPass
invoke GetRetString,addr lpRet[sizeof POINT],addr @lpUser,sizeof @lpUser-1
invoke GetRetString,addr lpRet[sizeof POINT*2],addr @lpPass,sizeof @lpPass-1
;输出提示
invoke wsprintf,addr @TEMP,addr UserPass ,addr @lpUser,addr @lpPass
invoke _ProcTaskQiPao,Winhwnd,0,WM_NOTIFYICON ,hwnd,addr @TEMP ,CTEXT("正在验证网络ID")
invoke TestID,addr @lpUser ,addr @lpPass
.if (eax)
invoke Trim, addr @lpUser ,lpUser
invoke Trim, addr @lpPass ,lpPass
;释放申请内存
invoke GlobalFree, @pMemory
mov eax ,TRUE
ret
.endif
.endif
.endw
invoke GlobalFree, @pMemory
mov eax ,FALSE
ret
GetEsetid endp
DlgProc proc hWin:HWND,uMsg:UINT,wParam:WPARAM,lParam:LPARAM
LOCAL @lpType,@lpcdData
LOCAL hOpen,hOpenUrl,@pMemory
LOCAL dwSize,status
LOCAL @lpUser[20]:BYTE
LOCAL @lpPass[20]:BYTE
LOCAL @Pass[20]:BYTE
LOCAL @TEMP[100]:BYTE
LOCAL temp
push hWin
pop Winhwnd
mov eax,uMsg
.if eax==WM_INITDIALOG ;if 1
invoke LoadIcon,hInstance,1
mov hwnd,eax
mov note.cbSize,sizeof mNOTIFYICONDATA
push hWin
pop note.hwnd
mov note.uID,IDI_TRAY
mov note.uFlags,NIF_ICON+NIF_MESSAGE+NIF_TIP
mov note.uCallbackMessage,WM_SHELLNOTIFY
push hwnd
pop note.hIcon
invoke lstrcpy,addr note.szTip,CTEXT("ESET NOD32 ID自动升级工具")
invoke Shell_NotifyIcon,NIM_ADD,addr note
; 开始读注册表
invoke RegOpenKeyEx,HKEY_LOCAL_MACHINE, addr RegEset30,\
NULL, KEY_ALL_ACCESS,ADDR @hKey
.if eax == ERROR_SUCCESS
;读取ESET本地用户名
regurl:
invoke RtlZeroMemory ,addr @lpUser,sizeof @lpUser
invoke RegQueryValueEx,@hKey,CTEXT("username"), 0,ADDR @lpType,NULL,addr @lpcdData
invoke RegQueryValueEx,@hKey,CTEXT("username"), 0,ADDR @lpType,ADDR @lpUser,addr @lpcdData
; REG_SZ,REG_BINARY
.if @lpcdData < 2
jmp IdNull
.endif
;读取ESET本地密码
invoke RtlZeroMemory ,addr @lpPass,sizeof @lpPass
invoke RegQueryValueEx,@hKey,CTEXT("password"), 0,ADDR @lpType,NULL,addr @lpcdData
invoke RegQueryValueEx,@hKey,CTEXT("password"),0,ADDR @lpType,ADDR @lpPass,addr @lpcdData
.if @lpcdData < 2
jmp IdNull
.endif
;解密
invoke RtlZeroMemory ,addr @Pass,11
invoke DeCode,addr @lpPass,addr @Pass
invoke wsprintf,addr @TEMP,addr UserPass ,addr @lpUser,addr @Pass
;输出提示
invoke _ProcTaskQiPao,hWin,0,WM_NOTIFYICON ,hwnd,ADDR @TEMP,CTEXT("正在验证ESET本地ID")
;联网验证ID
invoke TestID ,addr @lpUser,addr @Pass
.if eax==-1
invoke _ProcTaskQiPao,Winhwnd,0,WM_NOTIFYICON ,hwnd,ADDR @TEMP,CTEXT("连接官网时发生错误,请检查网络!")
invoke Sleep,500
jmp exit
.endif
.IF eax==TRUE
invoke _ProcTaskQiPao,hWin,0,WM_NOTIFYICON ,hwnd,ADDR @TEMP,CTEXT("本机ESET ID有效!")
invoke Sleep,100
jmp exit
.else
IdNull:
invoke _ProcTaskQiPao,hWin,0,WM_NOTIFYICON ,hwnd,CTEXT("http://www.eset.org.cn"),CTEXT("本机ESET ID无效,获取ID自分发页:")
;数据清零
invoke RtlZeroMemory ,addr @lpUser,sizeof @lpUser
invoke RtlZeroMemory ,addr @lpPass,sizeof @lpPass
;获取有效ID
invoke GetEsetid ,CTEXT("http://www.eset.org.cn"),addr @lpUser,addr @lpPass,10
.if eax
;写到注册表用户名
invoke lstrlen, addr @lpUser
invoke RegSetValueEx,@hKey,CTEXT("username"),0,REG_SZ,addr @lpUser,eax
;解密写入密码
invoke EnCode,addr @lpPass,addr @Pass
invoke RegSetValueEx,@hKey,CTEXT("password"), 0,REG_BINARY,addr @Pass , 20
.if (!eax)
;输出成功提示
invoke _ProcTaskQiPao,Winhwnd,0,WM_NOTIFYICON ,hwnd,ADDR @TEMP,CTEXT("有效ID已存入电脑!")
invoke Sleep,100
.else
invoke _ProcTaskQiPao,Winhwnd,0,WM_NOTIFYICON ,hwnd,ADDR @TEMP,CTEXT("ID存入电脑时发生错误,请检查!")
invoke Sleep,500
.endif
jmp exit
.else
invoke _ProcTaskQiPao,Winhwnd,0,WM_NOTIFYICON ,hwnd,ADDR @TEMP,CTEXT("获取ID错误,请检查网络!")
invoke Sleep,500
jmp exit
.endif
.endif
.else
invoke RegOpenKeyEx,HKEY_LOCAL_MACHINE, addr RegEset27,\
NULL, KEY_ALL_ACCESS,ADDR @hKey
.if eax == ERROR_SUCCESS
jmp regurl
.else
invoke MessageBox,NULL,CTEXT("本机没有安装ESET NOD32 "),CTEXT("提示"),MB_ICONERROR+MB_OK
;invoke _ProcTaskQiPao,hWin,0,WM_NOTIFYICON ,hwnd,CTEXT("本机没有安装ESET NOD32 "),CTEXT("提示")
;invoke Sleep,500
jmp exit
.endif
.endif
.elseif eax==WM_COMMAND
.elseif eax==WM_CLOSE
exit:
invoke RegCloseKey,@hKey
invoke Shell_NotifyIcon,NIM_DELETE,addr note
invoke EndDialog,hWin,0
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
DlgProc endp
end start
==========ESET_NOHACKS_AUTOID.ini=========
[SETUP]
ECHO=ON
;OFF 关闭气泡提示
;ON 显示气泡提示
==========
[课程]Linux pwn 探索篇!
