Auto Debug Professional v5.7.4.13 注册计划
本帖最后由 b30wulf 于 2018-7-31 03:12 编辑当我为朋友提供keygen时,我在计算机上找到了这个。 在这里,您可以在自动调整注册方案中找到所有魔术事件的参考点。
我附上了IDA Pro数据库供您调查(我需要删除一些评论和一些私人信息)
KeyMain_myFN proc near ; DATA XREF: .rdata:0046A6FC↓o
.text:00402402
.text:00402402 String = word ptr -240h
.text:00402402 lpString = dword ptr -10h
.text:00402402 var_C = dword ptr -0Ch
.text:00402402 var_4 = dword ptr -4
.text:00402402 arg_4 = word ptr0Ch
.text:00402402
.text:00402402 ; FUNCTION CHUNK AT .text:00467408 SIZE 00000012 BYTES
.text:00402402
.text:00402402 ; __unwind { // loc_467410
.text:00402402 mov eax, offset loc_467410
.text:00402407 call __EH_prolog ; 304
.text:0040240C sub esp, 234h
.text:00402412 and , 0
.text:0040241A push edi
.text:0040241B lea eax,
.text:00402421 push 230h ; cchMax
.text:00402426 mov edi, ecx
.text:00402428 push eax ; lpString
.text:00402429 push 3F7h ; nIDDlgItem
.text:0040242E push dword ptr ; hDlg
.text:00402431 call ds:GetDlgItemTextW ; 4
.text:00402437 cmp , 0
.text:0040243F jz short loc_402494
.text:00402441 lea eax,
.text:00402447 push esi
.text:00402448 push eax ; lpString
.text:00402449 lea ecx,
.text:0040244C call sub_4024EA ; 56
.text:00402451 ; try {
.text:00402451 and , 0
.text:00402455 lea ecx,
.text:00402458 call sub_40259B
.text:0040245D lea ecx,
.text:00402460 call sub_40254B ; 4
.text:00402465 push ; lpString
.text:00402468 mov ecx,
.text:0040246B lea esi,
.text:0040246E call KeyValidation01_myFN ; #STR: "ProRegInfoBin50"
.text:00402473 mov ecx,
.text:00402475 mov eax,
.text:00402477 call dword ptr
.text:00402479 mov ecx,
.text:0040247B call Random_myFN ; 6
.text:00402480 mov ecx,
.text:00402482 mov eax,
.text:00402484 call dword ptr
.text:00402484 ; } // starts at 402451
.text:00402487 or , 0FFFFFFFFh
.text:0040248B lea ecx,
.text:0040248E call sub_4019F6 ; 503
.text:00402493 pop esi
.text:00402494
.text:00402494 loc_402494: ; CODE XREF: KeyMain_myFN+3D↑j
.text:00402494 mov eax,
.text:00402497 mov eax,
.text:0040249A cmp dword ptr , 0
.text:0040249E jz short loc_4024D9
.text:004024A0 mov ecx,
.text:004024A3 test ecx, ecx
.text:004024A5 jz short loc_4024AE
.text:004024A7 push 1
.text:004024A9 call sub_401A4B ; 5
.text:004024AE
.text:004024AE loc_4024AE: ; CODE XREF: KeyMain_myFN+A3↑j
.text:004024AE push 1F4h ; dwMilliseconds
.text:004024B3 call ds:Sleep ; 14
.text:004024B9 mov ecx,
.text:004024BC push offset sub_41450E ; void *
.text:004024C1 push offset sub_413F7A ; void *
.text:004024C6 call sub_441B18
.text:004024CB movzx eax,
.text:004024CF push eax ; nResult
.text:004024D0 push dword ptr ; hDlg
.text:004024D3 call ds:EndDialog ; 32
.text:004024D9
.text:004024D9 loc_4024D9: ; CODE XREF: KeyMain_myFN+9C↑j
.text:004024D9 mov ecx,
.text:004024DC xor eax, eax
.text:004024DE pop edi
.text:004024DF mov large fs:0, ecx
.text:004024E6 leave
.text:004024E7 retn 10h
.text:004024E7 ; } // starts at 402402
.text:004024E7 KeyMain_myFN endp
And primary key check
; #STR: "ProRegInfoBin50"
.text:00440EA9 ; Attributes: bp-based frame
.text:00440EA9
.text:00440EA9 ; int __stdcall KeyValidation01_myFN(LPCWSTR lpString)
.text:00440EA9 KeyValidation01_myFN proc near ; CODE XREF: KeyMain_myFN+6C↑p
.text:00440EA9
.text:00440EA9 anonymous_0 = byte ptr -300h
.text:00440EA9 var_2F4 = dword ptr -2F4h
.text:00440EA9 Buffer = word ptr -2A0h
.text:00440EA9 var_29A = word ptr -29Ah
.text:00440EA9 var_98 = dword ptr -98h
.text:00440EA9 var_90 = byte ptr -90h
.text:00440EA9 var_88 = byte ptr -88h
.text:00440EA9 var_78 = byte ptr -78h
.text: 00440EA9 var_68 = byte ptr -68h
.text: 00440EA9 var_44 = byte ptr -44h
.text: 00440EA9 anonymous_1 = dword ptr -40h
.text: 00440EA9 var_34 = byte ptr -34h
.text: 00440EA9 var_31 = byte ptr -31h
.text: 00440EA9 var_2F = byte ptr -2Fh
.text: 00440EA9 VolumeSerialNumber = dword for -24h
.text: 00440EA9 var_20 = dword for -20h
.text: 00440EA9 var_1C = byte for -1Ch
.text: 00440EA9 var_1B = byte ptr -1Bh
.text: 00440EA9 var_1A = byte for -1Ah
.text: 00440EA9 var_19 = byte for -19h
.text: 00440EA9 var_18 = dword ptr -18h
.text: 00440EA9 var_14 = dword ptr -14h
.text:00440EA9 cbMultiByte = dword ptr -10h
.text:00440EA9 var_C = dword ptr -0Ch
.text:00440EA9 var_4 = dword ptr -4
.text:00440EA9 lpString = dword ptr8
.text:00440EA9
.text:00440EA9 ; FUNCTION CHUNK AT .text:00469550 SIZE 00000032 BYTES
.text:00440EA9
.text:00440EA9 ; __unwind { // loc_469578
.text:00440EA9 mov eax, offset loc_469578
.text:00440EAE call __EH_prolog ; 304
.text:00440EB3 sub esp, 2E8h
.text:00440EB9 push ebx
.text:00440EBA push esi
.text:00440EBB mov esi, ecx
.text:00440EBD push edi
.text:00440EBE mov edi, ds:lstrlenW ; 432
.text:00440EC4 mov , esi
.text:00440EC7 lea eax,
.text:00440ECA push eax ; lpString
.text:00440ECB call edi ; lstrlenW; 432
.text:00440ECD cmp eax, 10h
.text:00440ED0 jge short loc_440ED9
.text:00440ED2 xor eax, eax
.text:00440ED4 jmp loc_441294
.text:00440ED9 ; ---------------------------------------------------------------------------
.text:00440ED9
.text:00440ED9 loc_440ED9: ; CODE XREF: KeyValidation01_myFN+27↑j
.text:00440ED9 push ; lpString
.text:00440EDC call edi ; lstrlenW; 432
.text:00440EDE mov , eax
.text:00440EE1 mov eax, 117h
.text:00440EE6 cmp , eax
.text:00440EE9 jnb short loc_440EEE
.text:00440EEB mov eax,
.text:00440EEE
.text:00440EEE loc_440EEE: ; CODE XREF: KeyValidation01_myFN+40↑j
.text:00440EEE xor ebx, ebx
.text:00440EF0 mov , eax
.text:00440EF3 cmp , ebx
.text:00440EF6 jnz short loc_440EFC
.text:00440EF8 xor eax, eax
.text:00440EFA jmp short loc_440F2B
.text:00440EFC ; ---------------------------------------------------------------------------
.text:00440EFC
.text:00440EFC loc_440EFC: ; CODE XREF: KeyValidation01_myFN+4D↑j
.text:00440EFC push ; lpString
.text:00440EFF call edi ; lstrlenW; 432
.text:00440F01 lea eax,
.text:00440F05 mov , eax
.text:00440F08 add eax, 3
.text:00440F0B and al, 0FCh
.text:00440F0D call __alloca_probe; 67
.text:00440F12 mov edi, esp
.text:00440F14 push ebx ; lpUsedDefaultChar
.text:00440F15 push ebx ; lpDefaultChar
.text:00440F16 push ; cbMultiByte
.text:00440F19 mov , bl
.text:00440F1B push edi ; lpMultiByteStr
.text:00440F1C push 0FFFFFFFFh ; cchWideChar
.text:00440F1E push ; lpWideCharStr
.text:00440F21 push ebx ; dwFlags
.text:00440F22 push ebx ; CodePage
.text:00440F23 call ds:WideCharToMultiByte ; 68
.text:00440F29 mov eax, edi
.text:00440F2B
.text:00440F2B loc_440F2B: ; CODE XREF: KeyValidation01_myFN+51↑j
.text:00440F2B push ; size_t
.text:00440F2E lea edi,
.text:00440F34 push eax ; char *
.text:00440F35 push edi ; char *
.text:00440F36 call _strncpy ; 9
.text:00440F3B mov eax, 118h
.text:00440F40 add esp, 0Ch
.text:00440F43 cmp , eax
.text:00440F46 jnb short loc_440F4B
.text:00440F48 mov eax,
.text:00440F4B
.text:00440F4B loc_440F4B: ; CODE XREF: KeyValidation01_myFN+9D↑j
.text:00440F4B mov , bl
.text:00440F52 lea eax,
.text:00440F58 push 108h ; size_t
.text:00440F5D push eax ; void *
.text:00440F5E push dword ptr ; void *
.text:00440F64 call _memcpy ; 75
.text:00440F69 push 8 ; unsigned int
.text:00440F6B call ??2@YAPAXI@Z ; 240
.text:00440F70 add esp, 10h
.text:00440F73 mov , eax
.text:00440F76 cmp eax, ebx
.text:00440F78 ; try {
.text:00440F78 mov , ebx
.text:00440F7B jz short loc_440F89
.text:00440F7D mov ecx, eax
.text:00440F7F call sub_4093CE ; 17
.text:00440F84 mov , eax
.text:00440F87 jmp short loc_440F8C
.text:00440F89 ; ---------------------------------------------------------------------------
.text:00440F89
.text:00440F89 loc_440F89: ; CODE XREF: KeyValidation01_myFN+D2↑j
.text:00440F89 mov , ebx
.text:00440F8C
.text:00440F8C loc_440F8C: ; CODE XREF: KeyValidation01_myFN+DE↑j
.text:00440F8C mov ecx,
.text:00440F8C ; } // starts at 440F78
.text:00440F8F or , 0FFFFFFFFh
.text:00440F93 lea eax,
.text:00440F96 push 4
.text:00440F98 push eax
.text:00440F99 mov , 56h ; 'V'
.text:00440F9D mov , 0AFh ; 'ˉ'
.text:00440FA1 mov , 4
.text:00440FA5 mov , 0F5h ; 'õ'
.text:00440FA9 call Blowfish_Init ; 17
.text:00440FAE lea eax,
.text:00440FB1 push eax
.text:00440FB2 push edi
.text:00440FB3 call dTA_4409C7 ; 3
.text:00440FB8 mov ecx,
.text:00440FBB lea eax,
.text:00440FC1 push 8
.text:00440FC3 push eax
.text:00440FC4 lea eax,
.text:00440FC7 push eax
.text:00440FC8 call sub_409D06 ; 8
.text:00440FCD cmp , ebx
.text:00440FD0 lea edi,
.text:00440FD6 lea esi,
.text:00440FD9 movsd
.text:00440FDA movsd
.text:00440FDB jz short loc_440FEE
.text:00440FDD mov ecx,
.text:00440FE0 call sub_4093EE ; 17
.text:00440FE5 push
.text:00440FE8 call sub_456326 ; 401
.text:00440FED pop ecx
.text:00440FEE
.text:00440FEE loc_440FEE: ; CODE XREF: KeyValidation01_myFN+132↑j
.text:00440FEE push 8 ; unsigned int
.text:00440FF0 call ??2@YAPAXI@Z ; 240
.text:00440FF5 pop ecx
.text:00440FF6 mov , eax
.text:00440FF9 cmp eax, ebx
.text:00440FFB ; try {
.text:00440FFB mov , 1
.text:00441002 jz short loc_441010
.text:00441004 mov ecx, eax
.text:00441006 call sub_4093CE ; 17
.text:0044100B mov , eax
.text:0044100E jmp short loc_441013
.text:00441010 ; ---------------------------------------------------------------------------
.text:00441010
.text:00441010 loc_441010: ; CODE XREF: KeyValidation01_myFN+159↑j
.text:00441010 mov , ebx
.text:00441013
.text:00441013 loc_441013: ; CODE XREF: KeyValidation01_myFN+165↑j
.text:00441013 mov esi,
.text:00441016 lea ecx,
.text:0044101C push ebx ; void *
.text:0044101D push ecx ; int
.text:0044101D ; } // starts at 440FFB
.text:0044101E or , 0FFFFFFFFh
.text:00441022 push 10h
.text:00441024 pop edi
.text:00441025 lea ecx,
.text:0044102B push edi ; int
.text:0044102C lea eax,
.text:0044102F push ecx ; void *
.text:00441030 push 8 ; int
.text:00441032 push eax ; void *
.text:00441033 call AES_MD5_InOut_myFN ; 24
.text:00441038 mov ecx,
.text:0044103B lea eax,
.text:0044103E push edi
.text:0044103F push eax
.text:00441040 call Blowfish_Init ; 17
.text:00441045 mov ecx,
.text:00441048 lea eax,
.text:0044104B push edi
.text:0044104C push eax
.text:0044104D lea eax,
.text:00441053 push eax
.text:00441054 call sub_409C0B ; 9
.text:00441059 mov ecx,
.text:0044105C cmp ecx, ebx
.text:0044105E jz short loc_44106E
.text:00441060 call sub_4093EE ; 17
.text:00441065 push
.text:00441068 call sub_456326 ; 401
.text:0044106D pop ecx
.text:0044106E
.text:0044106E loc_44106E: ; CODE XREF: KeyValidation01_myFN+1B5↑j
.text:0044106E push 8 ; unsigned int
.text:00441070 call ??2@YAPAXI@Z ; 240
.text:00441075 pop ecx
.text:00441076 mov , eax
.text:00441079 cmp eax, ebx
.text:0044107B ; try {
.text:0044107B mov , 2
.text:00441082 jz short loc_441090
.text:00441084 mov ecx, eax
.text:00441086 call sub_4093CE ; 17
.text:0044108B mov , eax
.text:0044108E jmp short loc_441093
.text:00441090 ; ---------------------------------------------------------------------------
.text:00441090
.text:00441090 loc_441090: ; CODE XREF: KeyValidation01_myFN+1D9↑j
.text:00441090 mov , ebx
.text:00441093
.text:00441093 loc_441093: ; CODE XREF: KeyValidation01_myFN+1E5↑j
.text:00441093 mov ecx,
.text:00441093 ; } // starts at 44107B
.text:00441096 or , 0FFFFFFFFh
.text:0044109A lea eax,
.text:0044109D push edi
.text:0044109E push eax
.text:0044109F call Blowfish_Init ; 17
.text:004410A4 lea eax,
.text:004410AA push ebx ; void *
.text:004410AB push eax ; int
.text:004410AC lea eax,
.text:004410B2 push edi ; int
.text:004410B3 push eax ; void *
.text:004410B4 lea eax,
.text:004410B7 push 8 ; int
.text:004410B9 push eax ; void *
.text:004410BA call AES_MD5_InOut_myFN ; 24
.text:004410BF mov ecx,
.text:004410C2 lea eax,
.text:004410C5 push edi
.text:004410C6 push eax
.text:004410C7 lea eax,
.text:004410CA push eax
.text:004410CB call sub_409C0B ; 9
.text:004410D0 lea eax,
.text:004410D6 push eax ; void *
.text:004410D7 push ebx ; int
.text:004410D8 lea eax,
.text:004410DE push edi ; int
.text:004410DF push eax ; void *
.text:004410E0 lea eax,
.text:004410E3 push 0Ah ; int
.text:004410E5 push eax ; void *
.text:004410E6 call AES_MD5_InOut_myFN ; 24
.text:004410EB lea eax,
.text:004410EE push eax ; void *
.text:004410EF push ebx ; int
.text:004410F0 lea eax,
.text:004410F6 push edi ; int
.text:004410F7 push eax ; void *
.text:004410F8 lea eax,
.text:004410FB push 0Ch ; int
.text:004410FD push eax ; void *
.text:004410FE call AES_MD5_InOut_myFN ; 24
.text:00441103 mov ecx,
.text:00441106 cmp ecx, ebx
.text:00441108 jz short loc_441118
.text:0044110A call sub_4093EE ; 17
.text:0044110F push
.text:00441112 call sub_456326 ; 401
.text:00441117 pop ecx
.text:00441118
.text:00441118 loc_441118: ; CODE XREF: KeyValidation01_myFN+25F↑j
.text:00441118 lea eax,
.text:0044111B push eax ; void *
.text:0044111C push ebx ; int
.text:0044111D lea eax,
.text:00441123 push edi ; int
.text:00441124 push eax ; void *
.text:00441125 lea eax,
.text:00441128 push 4 ; int
.text:0044112A push eax ; void *
.text:0044112B call AES_MD5_InOut_myFN ; 24
.text:00441130 push dword ptr ; void *
.text:00441136 lea eax,
.text:0044113C push ebx ; int
.text:0044113D push edi ; int
.text:0044113E push dword ptr ; void *
.text:00441144 push 0Ch ; int
.text:00441146 push eax ; void *
.text:00441147 call AES_MD5_InOut_myFN ; 24
.text:0044114C lea eax,
.text:00441152 push 208h ; uSize
.text:00441157 push eax ; lpBuffer
.text:00441158 mov , ebx
.text:0044115B call ds:GetSystemDirectoryW ; 10
.text:00441161 push ebx ; nFileSystemNameSize
.text:00441162 push ebx ; lpFileSystemNameBuffer
.text:00441163 push ebx ; lpFileSystemFlags
.text:00441164 lea eax,
.text:00441167 push ebx ; lpMaximumComponentLength
.text:00441168 push eax ; lpVolumeSerialNumber
.text:00441169 push ebx ; nVolumeNameSize
.text:0044116A lea eax,
.text:00441170 push ebx ; lpVolumeNameBuffer
.text:00441171 push eax ; lpRootPathName
.text:00441172 mov , bx
.text:00441179 call ds:GetVolumeInformationW ; 14
.text:0044117F push
.text:00441182 lea eax,
.text:00441188 push offset a08x ; 4 "%08X"
.text:0044118D push eax ; LPWSTR
.text:0044118E call ds:wsprintfW ; 222
.text:00441194 push 8 ; unsigned int
.text:00441196 call ??2@YAPAXI@Z ; 240
.text:0044119B add esp, 10h
.text:0044119E mov , eax
.text:004411A1 push 3
.text:004411A3 cmp eax, ebx
.text:004411A5 pop esi
.text:004411A6 ; try {
.text:004411A6 mov , esi
.text:004411A9 jz short loc_4411B7
.text:004411AB mov ecx, eax
.text:004411AD call sub_4093CE ; 17
.text:004411B2 mov , eax
.text:004411B5 jmp short loc_4411BA
.text:004411B7 ; ---------------------------------------------------------------------------
.text:004411B7
.text:004411B7 loc_4411B7: ; CODE XREF: KeyValidation01_myFN+300↑j
.text:004411B7 mov , ebx
.text:004411B7 ; } // starts at 4411A6
.text:004411BA
.text:004411BA loc_4411BA: ; CODE XREF: KeyValidation01_myFN+30C↑j
.text:004411BA or , 0FFFFFFFFh
.text:004411BE push 400h ; size_t
.text:004411C3 call _malloc ; 144
.text:004411C8 mov , eax
.text:004411CB lea eax,
.text:004411D1 test eax, eax
.text:004411D3 pop ecx
.text:004411D4 jnz short loc_4411DA
.text:004411D6 xor esi, esi
.text:004411D8 jmp short loc_44120F
.text:004411DA ; ---------------------------------------------------------------------------
.text:004411DA
.text:004411DA loc_4411DA: ; CODE XREF: KeyValidation01_myFN+32B↑j
.text:004411DA lea eax,
.text:004411E0 push eax ; lpString
.text:004411E1 call ds:lstrlenW ; 432
.text:004411E7 lea edi,
.text:004411EB mov eax, edi
.text:004411ED add eax, esi
.text:004411EF and al, 0FCh
.text:004411F1 call __alloca_probe; 67
.text:004411F6 mov esi, esp
.text:004411F8 push ebx ; lpUsedDefaultChar
.text:004411F9 push ebx ; lpDefaultChar
.text:004411FA push edi ; cbMultiByte
.text:004411FB push esi ; lpMultiByteStr
.text:004411FC lea eax,
.text:00441202 push 0FFFFFFFFh ; cchWideChar
.text:00441204 push eax ; lpWideCharStr
.text:00441205 push ebx ; dwFlags
.text:00441206 push ebx ; CodePage
.text:00441207 mov , bl
.text:00441209 call ds:WideCharToMultiByte ; 68
.text:0044120F
.text:0044120F loc_44120F: ; CODE XREF: KeyValidation01_myFN+32F↑j
.text:0044120F mov ecx,
.text:00441212 push 8
.text:00441214 push esi
.text:00441215 call Blowfish_Init ; 17
.text:0044121A cmp , ebx
.text:0044121D jnz short loc_441223
.text:0044121F xor esi, esi
.text:00441221 jmp short loc_441251
.text:00441223 ; ---------------------------------------------------------------------------
.text:00441223
.text:00441223 loc_441223: ; CODE XREF: KeyValidation01_myFN+374↑j
.text:00441223 push ; lpString
.text:00441226 call ds:lstrlenW ; 432
.text:0044122C lea edi,
.text:00441230 mov eax, edi
.text:00441232 add eax, 3
.text:00441235 and al, 0FCh
.text:00441237 call __alloca_probe; 67
.text:0044123C mov esi, esp
.text:0044123E push ebx ; lpUsedDefaultChar
.text:0044123F push ebx ; lpDefaultChar
.text:00441240 push edi ; cbMultiByte
.text:00441241 push esi ; lpMultiByteStr
.text:00441242 push 0FFFFFFFFh ; cchWideChar
.text:00441244 push ; lpWideCharStr
.text:00441247 mov , bl
.text:00441249 push ebx ; dwFlags
.text:0044124A push ebx ; CodePage
.text:0044124B call ds:WideCharToMultiByte ; 68
.text:00441251
.text:00441251 loc_441251: ; CODE XREF: KeyValidation01_myFN+378↑j
.text:00441251 push
.text:00441254 mov edi,
.text:00441257 mov ecx, edi
.text:00441259 push
.text:0044125C push esi
.text:0044125D call sub_409C0B ; 9
.text:00441262 cmp edi, ebx
.text:00441264 mov esi, eax
.text:00441266 jz short loc_441276
.text:00441268 mov ecx, edi
.text:0044126A call sub_4093EE ; 17
.text:0044126F push edi
.text:00441270 call sub_456326 ; 401
.text:00441275 pop ecx
.text:00441276
.text:00441276 loc_441276: ; CODE XREF: KeyValidation01_myFN+3BD↑j
.text:00441276 push 3 ; dwType
.text:00441278 push esi ; cbData
.text:00441279 push ; lpData
.text:0044127C push offset aProreginfobin5 ; 3 "ProRegInfoBin50"
.text:00441281 call sub_438F4A ; 15 #STR: "SOFTWARE\\AutoDebug\\V50\\Auto Debug For Window\\"
.text:00441286 push ; lpMem
.text:00441289 call sub_456FF8 ; 206
.text:0044128E add esp, 14h
.text:00441291 push 1
.text:00441293 pop eax
.text:00441294
.text:00441294 loc_441294: ; CODE XREF: KeyValidation01_myFN+2B↑j
.text:00441294 mov ecx,
.text:00441297 lea esp,
.text:0044129D mov large fs:0, ecx
.text:004412A4 pop edi
.text:004412A5 pop esi
.text:004412A6 pop ebx
.text:004412A7 leave
.text:004412A8 retn 4
.text:004412A8 ; } // starts at 440EA9
.text:004412A8 KeyValidation01_myFN endp
反编译代码
// #STR: "ProRegInfoBin50"
int __thiscall KeyValidation01_myFN(const WCHAR *this, LPCWSTR lpString)
{
const WCHAR *v2; // esi
size_t v4; // eax
const char *v5; // eax
int v6; // eax
void *v7; // esp
signed int v8; // eax
_DWORD *v9; // eax
bool v10; // zf
_DWORD *v11; // eax
int v12; // esi
WCHAR *v13; // eax
WCHAR *v14; // eax
char *v15; // esi
int v16; // eax
int v17; // edi
int v18; // eax
void *v19; // esp
char *v20; // esi
int v21; // eax
int v22; // edi
int v23; // eax
void *v24; // esp
LPVOID *v25; // edi
unsigned int v26; // esi
char v27; //
int v28; //
WCHAR Buffer; //
__int16 v30; //
int v31; //
char v32; //
char v33; //
char v34; //
char v35; //
char v36; //
int v37; //
char v38; //
char v39; //
char v40; //
DWORD VolumeSerialNumber; //
const WCHAR *v42; //
char v43; //
char v44; //
char v45; //
char v46; //
unsigned int v47; //
size_t v48; //
int cbMultiByte; //
int v50; //
v2 = this;
v42 = this;
if ( lstrlenW(this + 44) < 16 )
return 0;
v47 = lstrlenW(lpString);
v4 = 279;
if ( v47 < 279 )
v4 = v47;
v48 = v4;
if ( lpString )
{
v6 = 2 * lstrlenW(lpString) + 2;
cbMultiByte = v6;
v6 += 3;
LOBYTE(v6) = v6 & 0xFC;
v7 = alloca(v6);
v27 = 0;
WideCharToMultiByte(0, 0, lpString, -1, &v27, cbMultiByte, 0, 0);
v5 = &v27;
}
else
{
v5 = 0;
}
strncpy((char *)v2 + 252, v5, v48);
v8 = 280;
if ( v47 < 0x118 )
v8 = v47;
*((_BYTE *)v2 + v8 + 252) = 0;
memcpy(*((void **)v2 + 55), v2 + 134, 0x108u);
v9 = operator new(8u);
v48 = (size_t)v9;
v50 = 0;
if ( v9 )
cbMultiByte = (int)sub_4093CE(v9);
else
cbMultiByte = 0;
v50 = -1;
v43 = 86;
v44 = -81;
v45 = 4;
v46 = -11;
Blowfish_Init((_DWORD *)cbMultiByte, (int)&v43, 4);
dTA_4409C7((_BYTE *)v2 + 252, (int)&v36);
sub_409D06((_DWORD *)cbMultiByte, (int)&v36, (int)(v2 + 376), 8);
v10 = cbMultiByte == 0;
*((_DWORD *)v2 + 56) = *(_DWORD *)&v36;
*((_DWORD *)v2 + 57) = v37;
if ( !v10 )
{
sub_4093EE((LPVOID *)cbMultiByte);
sub_456326((LPVOID)cbMultiByte);
}
v11 = operator new(8u);
v48 = (size_t)v11;
v50 = 1;
if ( v11 )
cbMultiByte = (int)sub_4093CE(v11);
else
cbMultiByte = 0;
v12 = (int)v42;
v50 = -1;
AES_MD5_InOut_myFN((void *)(v42 + 26), 8, (void *)(v42 + 112), 16, (int)&v28, 0);
Blowfish_Init((_DWORD *)cbMultiByte, v12 + 44, 16);
sub_409C0B((_DWORD *)cbMultiByte, (_BYTE *)(v12 + 224), &v38, 16);
if ( cbMultiByte )
{
sub_4093EE((LPVOID *)cbMultiByte);
sub_456326((LPVOID)cbMultiByte);
}
v13 = (WCHAR *)operator new(8u);
v42 = v13;
v50 = 2;
if ( v13 )
cbMultiByte = (int)sub_4093CE(v13);
else
cbMultiByte = 0;
v50 = -1;
Blowfish_Init((_DWORD *)cbMultiByte, (int)&v38, 16);
AES_MD5_InOut_myFN((void *)(v12 + 52), 8, (void *)(v12 + 224), 16, (int)&v31, 0);
sub_409C0B((_DWORD *)cbMultiByte, (_BYTE *)(v12 + 44), &v38, 16);
AES_MD5_InOut_myFN(&v38, 10, (void *)(v12 + 760), 16, 0, &v33);
AES_MD5_InOut_myFN(&v39, 12, (void *)(v12 + 780), 16, 0, &v34);
if ( cbMultiByte )
{
sub_4093EE((LPVOID *)cbMultiByte);
sub_456326((LPVOID)cbMultiByte);
}
AES_MD5_InOut_myFN(&v40, 4, &v32, 16, 0, &v35);
AES_MD5_InOut_myFN(&v33, 12, *(void **)(v12 + 244), 16, 0, *(void **)(v12 + 248));
VolumeSerialNumber = 0;
GetSystemDirectoryW(&Buffer, 0x208u);
v30 = 0;
GetVolumeInformationW(&Buffer, 0, 0, &VolumeSerialNumber, 0, 0, 0, 0);
wsprintfW(&Buffer, L"%08X", VolumeSerialNumber);
v14 = (WCHAR *)operator new(8u);
v42 = v14;
v50 = 3;
if ( v14 )
cbMultiByte = (int)sub_4093CE(v14);
else
cbMultiByte = 0;
v50 = -1;
v48 = (size_t)malloc(0x400u);
if ( &Buffer )
{
v16 = lstrlenW(&Buffer);
v17 = 2 * v16 + 2;
v18 = 2 * v16 + 5;
LOBYTE(v18) = v18 & 0xFC;
v19 = alloca(v18);
v15 = &v27;
v27 = 0;
WideCharToMultiByte(0, 0, &Buffer, -1, &v27, v17, 0, 0);
}
else
{
v15 = 0;
}
Blowfish_Init((_DWORD *)cbMultiByte, (int)v15, 8);
if ( lpString )
{
v21 = lstrlenW(lpString);
v22 = 2 * v21 + 2;
v23 = 2 * v21 + 5;
LOBYTE(v23) = v23 & 0xFC;
v24 = alloca(v23);
v20 = &v27;
v27 = 0;
WideCharToMultiByte(0, 0, lpString, -1, &v27, v22, 0, 0);
}
else
{
v20 = 0;
}
v25 = (LPVOID *)cbMultiByte;
v26 = sub_409C0B((_DWORD *)cbMultiByte, v20, (_BYTE *)v48, v47);
if ( v25 )
{
sub_4093EE(v25);
sub_456326(v25);
}
sub_438F4A(L"ProRegInfoBin50", (BYTE *)v48, v26, 3u);
sub_456FF8((LPVOID)v48);
return 1;
}
下载:
https://mega.nz/#!ugsHyBhT!KiwhSHt01fb_jeoWu6P7FHlnScNooKkoy2R79s0DqXg
原来论坛前些天公开的这几组key还暗藏彩蛋 ~
页:
[1]