Auto Debug Professional v5.7.4.13 注册计划

b30wulf · 发表于 2018-7-31 02:54:49

本帖最后由 b30wulf 于 2018-7-31 03:12 编辑

当我为朋友提供KeyGen时，我在计算机上找到了这个。在这里，您可以在自动调整注册方案中找到所有魔术事件的参考点。
我附上了IDA Pro数据库供您调查（我需要删除一些评论和一些私人信息）

[Asm] 纯文本查看 复制代码

KeyMain_myFN    proc near               ; DATA XREF: .rdata:0046A6FC↓o
.text:00402402
.text:00402402 String          = word ptr -240h
.text:00402402 lpString        = dword ptr -10h
.text:00402402 var_C           = dword ptr -0Ch
.text:00402402 var_4           = dword ptr -4
.text:00402402 arg_4           = word ptr  0Ch
.text:00402402
.text:00402402 ; FUNCTION CHUNK AT .text:00467408 SIZE 00000012 BYTES
.text:00402402
.text:00402402 ; __unwind { // loc_467410
.text:00402402                 mov     eax, offset loc_467410
.text:00402407                 call    __EH_prolog     ; 304
.text:0040240C                 sub     esp, 234h
.text:00402412                 and     [ebp+String], 0
.text:0040241A                 push    edi
.text:0040241B                 lea     eax, [ebp+String]
.text:00402421                 push    230h            ; cchMax
.text:00402426                 mov     edi, ecx
.text:00402428                 push    eax             ; lpString
.text:00402429                 push    3F7h            ; nIDDlgItem
.text:0040242E                 push    dword ptr [edi+4] ; hDlg
.text:00402431                 call    ds:GetDlgItemTextW ; 4
.text:00402437                 cmp     [ebp+String], 0
.text:0040243F                 jz      short loc_402494
.text:00402441                 lea     eax, [ebp+String]
.text:00402447                 push    esi
.text:00402448                 push    eax             ; lpString
.text:00402449                 lea     ecx, [ebp+lpString]
.text:0040244C                 call    sub_4024EA      ; 56
.text:00402451 ;   try {
.text:00402451                 and     [ebp+var_4], 0
.text:00402455                 lea     ecx, [ebp+lpString]
.text:00402458                 call    sub_40259B
.text:0040245D                 lea     ecx, [ebp+lpString]
.text:00402460                 call    sub_40254B      ; 4
.text:00402465                 push    [ebp+lpString]  ; lpString
.text:00402468                 mov     ecx, [edi+1Ch]
.text:0040246B                 lea     esi, [edi+1Ch]
.text:0040246E                 call    KeyValidation01_myFN ; #STR: "ProRegInfoBin50"
.text:00402473                 mov     ecx, [esi]
.text:00402475                 mov     eax, [ecx]
.text:00402477                 call    dword ptr [eax]
.text:00402479                 mov     ecx, [esi]
.text:0040247B                 call    Random_myFN     ; 6
.text:00402480                 mov     ecx, [esi]
.text:00402482                 mov     eax, [ecx]
.text:00402484                 call    dword ptr [eax+4]
.text:00402484 ;   } // starts at 402451
.text:00402487                 or      [ebp+var_4], 0FFFFFFFFh
.text:0040248B                 lea     ecx, [ebp+lpString]
.text:0040248E                 call    sub_4019F6      ; 503
.text:00402493                 pop     esi
.text:00402494
.text:00402494 loc_402494:                             ; CODE XREF: KeyMain_myFN+3D↑j
.text:00402494                 mov     eax, [edi+1Ch]
.text:00402497                 mov     eax, [eax+24h]
.text:0040249A                 cmp     dword ptr [eax+4], 0
.text:0040249E                 jz      short loc_4024D9
.text:004024A0                 mov     ecx, [edi+20h]
.text:004024A3                 test    ecx, ecx
.text:004024A5                 jz      short loc_4024AE
.text:004024A7                 push    1
.text:004024A9                 call    sub_401A4B      ; 5
.text:004024AE
.text:004024AE loc_4024AE:                             ; CODE XREF: KeyMain_myFN+A3↑j
.text:004024AE                 push    1F4h            ; dwMilliseconds
.text:004024B3                 call    ds:Sleep        ; 14
.text:004024B9                 mov     ecx, [edi+1Ch]
.text:004024BC                 push    offset sub_41450E ; void *
.text:004024C1                 push    offset sub_413F7A ; void *
.text:004024C6                 call    sub_441B18
.text:004024CB                 movzx   eax, [ebp+arg_4]
.text:004024CF                 push    eax             ; nResult
.text:004024D0                 push    dword ptr [edi+4] ; hDlg
.text:004024D3                 call    ds:EndDialog    ; 32
.text:004024D9
.text:004024D9 loc_4024D9:                             ; CODE XREF: KeyMain_myFN+9C↑j
.text:004024D9                 mov     ecx, [ebp+var_C]
.text:004024DC                 xor     eax, eax
.text:004024DE                 pop     edi
.text:004024DF                 mov     large fs:0, ecx
.text:004024E6                 leave
.text:004024E7                 retn    10h
.text:004024E7 ; } // starts at 402402
.text:004024E7 KeyMain_myFN    endp

And primary key check

[Asm] 纯文本查看 复制代码

 ; #STR: "ProRegInfoBin50"
.text:00440EA9 ; Attributes: bp-based frame
.text:00440EA9
.text:00440EA9 ; int __stdcall KeyValidation01_myFN(LPCWSTR lpString)
.text:00440EA9 KeyValidation01_myFN proc near          ; CODE XREF: KeyMain_myFN+6C↑p
.text:00440EA9
.text:00440EA9 anonymous_0     = byte ptr -300h
.text:00440EA9 var_2F4         = dword ptr -2F4h
.text:00440EA9 Buffer          = word ptr -2A0h
.text:00440EA9 var_29A         = word ptr -29Ah
.text:00440EA9 var_98          = dword ptr -98h
.text:00440EA9 var_90          = byte ptr -90h
.text:00440EA9 var_88          = byte ptr -88h
.text:00440EA9 var_78          = byte ptr -78h
.text: 00440EA9 var_68 = byte ptr -68h 
.text: 00440EA9 var_44 = byte ptr -44h 
.text: 00440EA9 anonymous_1 = dword ptr -40h 
.text: 00440EA9 var_34 = byte ptr -34h 
.text: 00440EA9 var_31 = byte ptr -31h 
.text: 00440EA9 var_2F = byte ptr -2Fh 
.text: 00440EA9 VolumeSerialNumber = dword for -24h 
.text: 00440EA9 var_20 = dword for -20h 
.text: 00440EA9 var_1C = byte for -1Ch 
.text: 00440EA9 var_1B = byte ptr -1Bh 
.text: 00440EA9 var_1A = byte for -1Ah 
.text: 00440EA9 var_19 = byte for -19h 
.text: 00440EA9 var_18 = dword ptr -18h 
.text: 00440EA9 var_14 = dword ptr -14h
.text:00440EA9 cbMultiByte     = dword ptr -10h
.text:00440EA9 var_C           = dword ptr -0Ch
.text:00440EA9 var_4           = dword ptr -4
.text:00440EA9 lpString        = dword ptr  8
.text:00440EA9
.text:00440EA9 ; FUNCTION CHUNK AT .text:00469550 SIZE 00000032 BYTES
.text:00440EA9
.text:00440EA9 ; __unwind { // loc_469578
.text:00440EA9                 mov     eax, offset loc_469578
.text:00440EAE                 call    __EH_prolog     ; 304
.text:00440EB3                 sub     esp, 2E8h
.text:00440EB9                 push    ebx
.text:00440EBA                 push    esi
.text:00440EBB                 mov     esi, ecx
.text:00440EBD                 push    edi
.text:00440EBE                 mov     edi, ds:lstrlenW ; 432
.text:00440EC4                 mov     [ebp+var_20], esi
.text:00440EC7                 lea     eax, [esi+58h]
.text:00440ECA                 push    eax             ; lpString
.text:00440ECB                 call    edi ; lstrlenW  ; 432
.text:00440ECD                 cmp     eax, 10h
.text:00440ED0                 jge     short loc_440ED9
.text:00440ED2                 xor     eax, eax
.text:00440ED4                 jmp     loc_441294
.text:00440ED9 ; ---------------------------------------------------------------------------
.text:00440ED9
.text:00440ED9 loc_440ED9:                             ; CODE XREF: KeyValidation01_myFN+27↑j
.text:00440ED9                 push    [ebp+lpString]  ; lpString
.text:00440EDC                 call    edi ; lstrlenW  ; 432
.text:00440EDE                 mov     [ebp+var_18], eax
.text:00440EE1                 mov     eax, 117h
.text:00440EE6                 cmp     [ebp+var_18], eax
.text:00440EE9                 jnb     short loc_440EEE
.text:00440EEB                 mov     eax, [ebp+var_18]
.text:00440EEE
.text:00440EEE loc_440EEE:                             ; CODE XREF: KeyValidation01_myFN+40↑j
.text:00440EEE                 xor     ebx, ebx
.text:00440EF0                 mov     [ebp+var_14], eax
.text:00440EF3                 cmp     [ebp+lpString], ebx
.text:00440EF6                 jnz     short loc_440EFC
.text:00440EF8                 xor     eax, eax
.text:00440EFA                 jmp     short loc_440F2B
.text:00440EFC ; ---------------------------------------------------------------------------
.text:00440EFC
.text:00440EFC loc_440EFC:                             ; CODE XREF: KeyValidation01_myFN+4D↑j
.text:00440EFC                 push    [ebp+lpString]  ; lpString
.text:00440EFF                 call    edi ; lstrlenW  ; 432
.text:00440F01                 lea     eax, [eax+eax+2]
.text:00440F05                 mov     [ebp+cbMultiByte], eax
.text:00440F08                 add     eax, 3
.text:00440F0B                 and     al, 0FCh
.text:00440F0D                 call    __alloca_probe  ; 67
.text:00440F12                 mov     edi, esp
.text:00440F14                 push    ebx             ; lpUsedDefaultChar
.text:00440F15                 push    ebx             ; lpDefaultChar
.text:00440F16                 push    [ebp+cbMultiByte] ; cbMultiByte
.text:00440F19                 mov     [edi], bl
.text:00440F1B                 push    edi             ; lpMultiByteStr
.text:00440F1C                 push    0FFFFFFFFh      ; cchWideChar
.text:00440F1E                 push    [ebp+lpString]  ; lpWideCharStr
.text:00440F21                 push    ebx             ; dwFlags
.text:00440F22                 push    ebx             ; CodePage
.text:00440F23                 call    ds:WideCharToMultiByte ; 68
.text:00440F29                 mov     eax, edi
.text:00440F2B
.text:00440F2B loc_440F2B:                             ; CODE XREF: KeyValidation01_myFN+51↑j
.text:00440F2B                 push    [ebp+var_14]    ; size_t
.text:00440F2E                 lea     edi, [esi+0FCh]
.text:00440F34                 push    eax             ; char *
.text:00440F35                 push    edi             ; char *
.text:00440F36                 call    _strncpy        ; 9
.text:00440F3B                 mov     eax, 118h
.text:00440F40                 add     esp, 0Ch
.text:00440F43                 cmp     [ebp+var_18], eax
.text:00440F46                 jnb     short loc_440F4B
.text:00440F48                 mov     eax, [ebp+var_18]
.text:00440F4B
.text:00440F4B loc_440F4B:                             ; CODE XREF: KeyValidation01_myFN+9D↑j
.text:00440F4B                 mov     [eax+esi+0FCh], bl
.text:00440F52                 lea     eax, [esi+10Ch]
.text:00440F58                 push    108h            ; size_t
.text:00440F5D                 push    eax             ; void *
.text:00440F5E                 push    dword ptr [esi+0DCh] ; void *
.text:00440F64                 call    _memcpy         ; 75
.text:00440F69                 push    8               ; unsigned int
.text:00440F6B                 call    ??2@YAPAXI@Z    ; 240
.text:00440F70                 add     esp, 10h
.text:00440F73                 mov     [ebp+var_14], eax
.text:00440F76                 cmp     eax, ebx
.text:00440F78 ;   try {
.text:00440F78                 mov     [ebp+var_4], ebx
.text:00440F7B                 jz      short loc_440F89
.text:00440F7D                 mov     ecx, eax
.text:00440F7F                 call    sub_4093CE      ; 17
.text:00440F84                 mov     [ebp+cbMultiByte], eax
.text:00440F87                 jmp     short loc_440F8C
.text:00440F89 ; ---------------------------------------------------------------------------
.text:00440F89
.text:00440F89 loc_440F89:                             ; CODE XREF: KeyValidation01_myFN+D2↑j
.text:00440F89                 mov     [ebp+cbMultiByte], ebx
.text:00440F8C
.text:00440F8C loc_440F8C:                             ; CODE XREF: KeyValidation01_myFN+DE↑j
.text:00440F8C                 mov     ecx, [ebp+cbMultiByte]
.text:00440F8C ;   } // starts at 440F78
.text:00440F8F                 or      [ebp+var_4], 0FFFFFFFFh
.text:00440F93                 lea     eax, [ebp+var_1C]
.text:00440F96                 push    4
.text:00440F98                 push    eax
.text:00440F99                 mov     [ebp+var_1C], 56h ; 'V'
.text:00440F9D                 mov     [ebp+var_1B], 0AFh ; 'ˉ'
.text:00440FA1                 mov     [ebp+var_1A], 4
.text:00440FA5                 mov     [ebp+var_19], 0F5h ; '&#245;'
.text:00440FA9                 call    Blowfish_Init   ; 17
.text:00440FAE                 lea     eax, [ebp+var_44]
.text:00440FB1                 push    eax
.text:00440FB2                 push    edi
.text:00440FB3                 call    dTA_4409C7      ; 3
.text:00440FB8                 mov     ecx, [ebp+cbMultiByte]
.text:00440FBB                 lea     eax, [esi+2F0h]
.text:00440FC1                 push    8
.text:00440FC3                 push    eax
.text:00440FC4                 lea     eax, [ebp+var_44]
.text:00440FC7                 push    eax
.text:00440FC8                 call    sub_409D06      ; 8
.text:00440FCD                 cmp     [ebp+cbMultiByte], ebx
.text:00440FD0                 lea     edi, [esi+0E0h]
.text:00440FD6                 lea     esi, [ebp+var_44]
.text:00440FD9                 movsd
.text:00440FDA                 movsd
.text:00440FDB                 jz      short loc_440FEE
.text:00440FDD                 mov     ecx, [ebp+cbMultiByte]
.text:00440FE0                 call    sub_4093EE      ; 17
.text:00440FE5                 push    [ebp+cbMultiByte]
.text:00440FE8                 call    sub_456326      ; 401
.text:00440FED                 pop     ecx
.text:00440FEE
.text:00440FEE loc_440FEE:                             ; CODE XREF: KeyValidation01_myFN+132↑j
.text:00440FEE                 push    8               ; unsigned int
.text:00440FF0                 call    ??2@YAPAXI@Z    ; 240
.text:00440FF5                 pop     ecx
.text:00440FF6                 mov     [ebp+var_14], eax
.text:00440FF9                 cmp     eax, ebx
.text:00440FFB ;   try {
.text:00440FFB                 mov     [ebp+var_4], 1
.text:00441002                 jz      short loc_441010
.text:00441004                 mov     ecx, eax
.text:00441006                 call    sub_4093CE      ; 17
.text:0044100B                 mov     [ebp+cbMultiByte], eax
.text:0044100E                 jmp     short loc_441013
.text:00441010 ; ---------------------------------------------------------------------------
.text:00441010
.text:00441010 loc_441010:                             ; CODE XREF: KeyValidation01_myFN+159↑j
.text:00441010                 mov     [ebp+cbMultiByte], ebx
.text:00441013
.text:00441013 loc_441013:                             ; CODE XREF: KeyValidation01_myFN+165↑j
.text:00441013                 mov     esi, [ebp+var_20]
.text:00441016                 lea     ecx, [ebp+var_2F4]
.text:0044101C                 push    ebx             ; void *
.text:0044101D                 push    ecx             ; int
.text:0044101D ;   } // starts at 440FFB
.text:0044101E                 or      [ebp+var_4], 0FFFFFFFFh
.text:00441022                 push    10h
.text:00441024                 pop     edi
.text:00441025                 lea     ecx, [esi+0E0h]
.text:0044102B                 push    edi             ; int
.text:0044102C                 lea     eax, [esi+34h]
.text:0044102F                 push    ecx             ; void *
.text:00441030                 push    8               ; int
.text:00441032                 push    eax             ; void *
.text:00441033                 call    AES_MD5_InOut_myFN ; 24
.text:00441038                 mov     ecx, [ebp+cbMultiByte]
.text:0044103B                 lea     eax, [esi+2Ch]
.text:0044103E                 push    edi
.text:0044103F                 push    eax
.text:00441040                 call    Blowfish_Init   ; 17
.text:00441045                 mov     ecx, [ebp+cbMultiByte]
.text:00441048                 lea     eax, [ebp+var_34]
.text:0044104B                 push    edi
.text:0044104C                 push    eax
.text:0044104D                 lea     eax, [esi+0E0h]
.text:00441053                 push    eax
.text:00441054                 call    sub_409C0B      ; 9
.text:00441059                 mov     ecx, [ebp+cbMultiByte]
.text:0044105C                 cmp     ecx, ebx
.text:0044105E                 jz      short loc_44106E
.text:00441060                 call    sub_4093EE      ; 17
.text:00441065                 push    [ebp+cbMultiByte]
.text:00441068                 call    sub_456326      ; 401
.text:0044106D                 pop     ecx
.text:0044106E
.text:0044106E loc_44106E:                             ; CODE XREF: KeyValidation01_myFN+1B5↑j
.text:0044106E                 push    8               ; unsigned int
.text:00441070                 call    ??2@YAPAXI@Z    ; 240
.text:00441075                 pop     ecx
.text:00441076                 mov     [ebp+var_20], eax
.text:00441079                 cmp     eax, ebx
.text:0044107B ;   try {
.text:0044107B                 mov     [ebp+var_4], 2
.text:00441082                 jz      short loc_441090
.text:00441084                 mov     ecx, eax
.text:00441086                 call    sub_4093CE      ; 17
.text:0044108B                 mov     [ebp+cbMultiByte], eax
.text:0044108E                 jmp     short loc_441093
.text:00441090 ; ---------------------------------------------------------------------------
.text:00441090
.text:00441090 loc_441090:                             ; CODE XREF: KeyValidation01_myFN+1D9↑j
.text:00441090                 mov     [ebp+cbMultiByte], ebx
.text:00441093
.text:00441093 loc_441093:                             ; CODE XREF: KeyValidation01_myFN+1E5↑j
.text:00441093                 mov     ecx, [ebp+cbMultiByte]
.text:00441093 ;   } // starts at 44107B
.text:00441096                 or      [ebp+var_4], 0FFFFFFFFh
.text:0044109A                 lea     eax, [ebp+var_34]
.text:0044109D                 push    edi
.text:0044109E                 push    eax
.text:0044109F                 call    Blowfish_Init   ; 17
.text:004410A4                 lea     eax, [ebp+var_98]
.text:004410AA                 push    ebx             ; void *
.text:004410AB                 push    eax             ; int
.text:004410AC                 lea     eax, [esi+0E0h]
.text:004410B2                 push    edi             ; int
.text:004410B3                 push    eax             ; void *
.text:004410B4                 lea     eax, [esi+34h]
.text:004410B7                 push    8               ; int
.text:004410B9                 push    eax             ; void *
.text:004410BA                 call    AES_MD5_InOut_myFN ; 24
.text:004410BF                 mov     ecx, [ebp+cbMultiByte]
.text:004410C2                 lea     eax, [ebp+var_34]
.text:004410C5                 push    edi
.text:004410C6                 push    eax
.text:004410C7                 lea     eax, [esi+2Ch]
.text:004410CA                 push    eax
.text:004410CB                 call    sub_409C0B      ; 9
.text:004410D0                 lea     eax, [ebp+var_88]
.text:004410D6                 push    eax             ; void *
.text:004410D7                 push    ebx             ; int
.text:004410D8                 lea     eax, [esi+2F8h]
.text:004410DE                 push    edi             ; int
.text:004410DF                 push    eax             ; void *
.text:004410E0                 lea     eax, [ebp+var_34]
.text:004410E3                 push    0Ah             ; int
.text:004410E5                 push    eax             ; void *
.text:004410E6                 call    AES_MD5_InOut_myFN ; 24
.text:004410EB                 lea     eax, [ebp+var_78]
.text:004410EE                 push    eax             ; void *
.text:004410EF                 push    ebx             ; int
.text:004410F0                 lea     eax, [esi+30Ch]
.text:004410F6                 push    edi             ; int
.text:004410F7                 push    eax             ; void *
.text:004410F8                 lea     eax, [ebp+var_31]
.text:004410FB                 push    0Ch             ; int
.text:004410FD                 push    eax             ; void *
.text:004410FE                 call    AES_MD5_InOut_myFN ; 24
.text:00441103                 mov     ecx, [ebp+cbMultiByte]
.text:00441106                 cmp     ecx, ebx
.text:00441108                 jz      short loc_441118
.text:0044110A                 call    sub_4093EE      ; 17
.text:0044110F                 push    [ebp+cbMultiByte]
.text:00441112                 call    sub_456326      ; 401
.text:00441117                 pop     ecx
.text:00441118
.text:00441118 loc_441118:                             ; CODE XREF: KeyValidation01_myFN+25F↑j
.text:00441118                 lea     eax, [ebp+var_68]
.text:0044111B                 push    eax             ; void *
.text:0044111C                 push    ebx             ; int
.text:0044111D                 lea     eax, [ebp+var_90]
.text:00441123                 push    edi             ; int
.text:00441124                 push    eax             ; void *
.text:00441125                 lea     eax, [ebp+var_2F]
.text:00441128                 push    4               ; int
.text:0044112A                 push    eax             ; void *
.text:0044112B                 call    AES_MD5_InOut_myFN ; 24
.text:00441130                 push    dword ptr [esi+0F8h] ; void *
.text:00441136                 lea     eax, [ebp+var_88]
.text:0044113C                 push    ebx             ; int
.text:0044113D                 push    edi             ; int
.text:0044113E                 push    dword ptr [esi+0F4h] ; void *
.text:00441144                 push    0Ch             ; int
.text:00441146                 push    eax             ; void *
.text:00441147                 call    AES_MD5_InOut_myFN ; 24
.text:0044114C                 lea     eax, [ebp+Buffer]
.text:00441152                 push    208h            ; uSize
.text:00441157                 push    eax             ; lpBuffer
.text:00441158                 mov     [ebp+VolumeSerialNumber], ebx
.text:0044115B                 call    ds:GetSystemDirectoryW ; 10
.text:00441161                 push    ebx             ; nFileSystemNameSize
.text:00441162                 push    ebx             ; lpFileSystemNameBuffer
.text:00441163                 push    ebx             ; lpFileSystemFlags
.text:00441164                 lea     eax, [ebp+VolumeSerialNumber]
.text:00441167                 push    ebx             ; lpMaximumComponentLength
.text:00441168                 push    eax             ; lpVolumeSerialNumber
.text:00441169                 push    ebx             ; nVolumeNameSize
.text:0044116A                 lea     eax, [ebp+Buffer]
.text:00441170                 push    ebx             ; lpVolumeNameBuffer
.text:00441171                 push    eax             ; lpRootPathName
.text:00441172                 mov     [ebp+var_29A], bx
.text:00441179                 call    ds:GetVolumeInformationW ; 14
.text:0044117F                 push    [ebp+VolumeSerialNumber]
.text:00441182                 lea     eax, [ebp+Buffer]
.text:00441188                 push    offset a08x     ; 4 "%08X"
.text:0044118D                 push    eax             ; LPWSTR
.text:0044118E                 call    ds:wsprintfW    ; 222
.text:00441194                 push    8               ; unsigned int
.text:00441196                 call    ??2@YAPAXI@Z    ; 240
.text:0044119B                 add     esp, 10h
.text:0044119E                 mov     [ebp+var_20], eax
.text:004411A1                 push    3
.text:004411A3                 cmp     eax, ebx
.text:004411A5                 pop     esi
.text:004411A6 ;   try {
.text:004411A6                 mov     [ebp+var_4], esi
.text:004411A9                 jz      short loc_4411B7
.text:004411AB                 mov     ecx, eax
.text:004411AD                 call    sub_4093CE      ; 17
.text:004411B2                 mov     [ebp+cbMultiByte], eax
.text:004411B5                 jmp     short loc_4411BA
.text:004411B7 ; ---------------------------------------------------------------------------
.text:004411B7
.text:004411B7 loc_4411B7:                             ; CODE XREF: KeyValidation01_myFN+300↑j
.text:004411B7                 mov     [ebp+cbMultiByte], ebx
.text:004411B7 ;   } // starts at 4411A6
.text:004411BA
.text:004411BA loc_4411BA:                             ; CODE XREF: KeyValidation01_myFN+30C↑j
.text:004411BA                 or      [ebp+var_4], 0FFFFFFFFh
.text:004411BE                 push    400h            ; size_t
.text:004411C3                 call    _malloc         ; 144
.text:004411C8                 mov     [ebp+var_14], eax
.text:004411CB                 lea     eax, [ebp+Buffer]
.text:004411D1                 test    eax, eax
.text:004411D3                 pop     ecx
.text:004411D4                 jnz     short loc_4411DA
.text:004411D6                 xor     esi, esi
.text:004411D8                 jmp     short loc_44120F
.text:004411DA ; ---------------------------------------------------------------------------
.text:004411DA
.text:004411DA loc_4411DA:                             ; CODE XREF: KeyValidation01_myFN+32B↑j
.text:004411DA                 lea     eax, [ebp+Buffer]
.text:004411E0                 push    eax             ; lpString
.text:004411E1                 call    ds:lstrlenW     ; 432
.text:004411E7                 lea     edi, [eax+eax+2]
.text:004411EB                 mov     eax, edi
.text:004411ED                 add     eax, esi
.text:004411EF                 and     al, 0FCh
.text:004411F1                 call    __alloca_probe  ; 67
.text:004411F6                 mov     esi, esp
.text:004411F8                 push    ebx             ; lpUsedDefaultChar
.text:004411F9                 push    ebx             ; lpDefaultChar
.text:004411FA                 push    edi             ; cbMultiByte
.text:004411FB                 push    esi             ; lpMultiByteStr
.text:004411FC                 lea     eax, [ebp+Buffer]
.text:00441202                 push    0FFFFFFFFh      ; cchWideChar
.text:00441204                 push    eax             ; lpWideCharStr
.text:00441205                 push    ebx             ; dwFlags
.text:00441206                 push    ebx             ; CodePage
.text:00441207                 mov     [esi], bl
.text:00441209                 call    ds:WideCharToMultiByte ; 68
.text:0044120F
.text:0044120F loc_44120F:                             ; CODE XREF: KeyValidation01_myFN+32F↑j
.text:0044120F                 mov     ecx, [ebp+cbMultiByte]
.text:00441212                 push    8
.text:00441214                 push    esi
.text:00441215                 call    Blowfish_Init   ; 17
.text:0044121A                 cmp     [ebp+lpString], ebx
.text:0044121D                 jnz     short loc_441223
.text:0044121F                 xor     esi, esi
.text:00441221                 jmp     short loc_441251
.text:00441223 ; ---------------------------------------------------------------------------
.text:00441223
.text:00441223 loc_441223:                             ; CODE XREF: KeyValidation01_myFN+374↑j
.text:00441223                 push    [ebp+lpString]  ; lpString
.text:00441226                 call    ds:lstrlenW     ; 432
.text:0044122C                 lea     edi, [eax+eax+2]
.text:00441230                 mov     eax, edi
.text:00441232                 add     eax, 3
.text:00441235                 and     al, 0FCh
.text:00441237                 call    __alloca_probe  ; 67
.text:0044123C                 mov     esi, esp
.text:0044123E                 push    ebx             ; lpUsedDefaultChar
.text:0044123F                 push    ebx             ; lpDefaultChar
.text:00441240                 push    edi             ; cbMultiByte
.text:00441241                 push    esi             ; lpMultiByteStr
.text:00441242                 push    0FFFFFFFFh      ; cchWideChar
.text:00441244                 push    [ebp+lpString]  ; lpWideCharStr
.text:00441247                 mov     [esi], bl
.text:00441249                 push    ebx             ; dwFlags
.text:0044124A                 push    ebx             ; CodePage
.text:0044124B                 call    ds:WideCharToMultiByte ; 68
.text:00441251
.text:00441251 loc_441251:                             ; CODE XREF: KeyValidation01_myFN+378↑j
.text:00441251                 push    [ebp+var_18]
.text:00441254                 mov     edi, [ebp+cbMultiByte]
.text:00441257                 mov     ecx, edi
.text:00441259                 push    [ebp+var_14]
.text:0044125C                 push    esi
.text:0044125D                 call    sub_409C0B      ; 9
.text:00441262                 cmp     edi, ebx
.text:00441264                 mov     esi, eax
.text:00441266                 jz      short loc_441276
.text:00441268                 mov     ecx, edi
.text:0044126A                 call    sub_4093EE      ; 17
.text:0044126F                 push    edi
.text:00441270                 call    sub_456326      ; 401
.text:00441275                 pop     ecx
.text:00441276
.text:00441276 loc_441276:                             ; CODE XREF: KeyValidation01_myFN+3BD↑j
.text:00441276                 push    3               ; dwType
.text:00441278                 push    esi             ; cbData
.text:00441279                 push    [ebp+var_14]    ; lpData
.text:0044127C                 push    offset aProreginfobin5 ; 3 "ProRegInfoBin50"
.text:00441281                 call    sub_438F4A      ; 15 #STR: "SOFTWARE\\AutoDebug\\V50\\Auto Debug For Window\\"
.text:00441286                 push    [ebp+var_14]    ; lpMem
.text:00441289                 call    sub_456FF8      ; 206
.text:0044128E                 add     esp, 14h
.text:00441291                 push    1
.text:00441293                 pop     eax
.text:00441294
.text:00441294 loc_441294:                             ; CODE XREF: KeyValidation01_myFN+2B↑j
.text:00441294                 mov     ecx, [ebp+var_C]
.text:00441297                 lea     esp, [ebp-300h]
.text:0044129D                 mov     large fs:0, ecx
.text:004412A4                 pop     edi
.text:004412A5                 pop     esi
.text:004412A6                 pop     ebx
.text:004412A7                 leave
.text:004412A8                 retn    4
.text:004412A8 ; } // starts at 440EA9
.text:004412A8 KeyValidation01_myFN endp

反编译代码

[C] 纯文本查看 复制代码

// #STR: "ProRegInfoBin50"
int __thiscall KeyValidation01_myFN(const WCHAR *this, LPCWSTR lpString)
{
  const WCHAR *v2; // esi
  size_t v4; // eax
  const char *v5; // eax
  int v6; // eax
  void *v7; // esp
  signed int v8; // eax
  _DWORD *v9; // eax
  bool v10; // zf
  _DWORD *v11; // eax
  int v12; // esi
  WCHAR *v13; // eax
  WCHAR *v14; // eax
  char *v15; // esi
  int v16; // eax
  int v17; // edi
  int v18; // eax
  void *v19; // esp
  char *v20; // esi
  int v21; // eax
  int v22; // edi
  int v23; // eax
  void *v24; // esp
  LPVOID *v25; // edi
  unsigned int v26; // esi
  char v27; // [esp+0h] [ebp-300h]
  int v28; // [esp+Ch] [ebp-2F4h]
  WCHAR Buffer; // [esp+60h] [ebp-2A0h]
  __int16 v30; // [esp+66h] [ebp-29Ah]
  int v31; // [esp+268h] [ebp-98h]
  char v32; // [esp+270h] [ebp-90h]
  char v33; // [esp+278h] [ebp-88h]
  char v34; // [esp+288h] [ebp-78h]
  char v35; // [esp+298h] [ebp-68h]
  char v36; // [esp+2BCh] [ebp-44h]
  int v37; // [esp+2C0h] [ebp-40h]
  char v38; // [esp+2CCh] [ebp-34h]
  char v39; // [esp+2CFh] [ebp-31h]
  char v40; // [esp+2D1h] [ebp-2Fh]
  DWORD VolumeSerialNumber; // [esp+2DCh] [ebp-24h]
  const WCHAR *v42; // [esp+2E0h] [ebp-20h]
  char v43; // [esp+2E4h] [ebp-1Ch]
  char v44; // [esp+2E5h] [ebp-1Bh]
  char v45; // [esp+2E6h] [ebp-1Ah]
  char v46; // [esp+2E7h] [ebp-19h]
  unsigned int v47; // [esp+2E8h] [ebp-18h]
  size_t v48; // [esp+2ECh] [ebp-14h]
  int cbMultiByte; // [esp+2F0h] [ebp-10h]
  int v50; // [esp+2FCh] [ebp-4h]

  v2 = this;
  v42 = this;
  if ( lstrlenW(this + 44) < 16 )
    return 0;
  v47 = lstrlenW(lpString);
  v4 = 279;
  if ( v47 < 279 )
    v4 = v47;
  v48 = v4;
  if ( lpString )
  {
    v6 = 2 * lstrlenW(lpString) + 2;
    cbMultiByte = v6;
    v6 += 3;
    LOBYTE(v6) = v6 & 0xFC;
    v7 = alloca(v6);
    v27 = 0;
    WideCharToMultiByte(0, 0, lpString, -1, &v27, cbMultiByte, 0, 0);
    v5 = &v27;
  }
  else
  {
    v5 = 0;
  }
  strncpy((char *)v2 + 252, v5, v48);
  v8 = 280;
  if ( v47 < 0x118 )
    v8 = v47;
  *((_BYTE *)v2 + v8 + 252) = 0;
  memcpy(*((void **)v2 + 55), v2 + 134, 0x108u);
  v9 = operator new(8u);
  v48 = (size_t)v9;
  v50 = 0;
  if ( v9 )
    cbMultiByte = (int)sub_4093CE(v9);
  else
    cbMultiByte = 0;
  v50 = -1;
  v43 = 86;
  v44 = -81;
  v45 = 4;
  v46 = -11;
  Blowfish_Init((_DWORD *)cbMultiByte, (int)&v43, 4);
  dTA_4409C7((_BYTE *)v2 + 252, (int)&v36);
  sub_409D06((_DWORD *)cbMultiByte, (int)&v36, (int)(v2 + 376), 8);
  v10 = cbMultiByte == 0;
  *((_DWORD *)v2 + 56) = *(_DWORD *)&v36;
  *((_DWORD *)v2 + 57) = v37;
  if ( !v10 )
  {
    sub_4093EE((LPVOID *)cbMultiByte);
    sub_456326((LPVOID)cbMultiByte);
  }
  v11 = operator new(8u);
  v48 = (size_t)v11;
  v50 = 1;
  if ( v11 )
    cbMultiByte = (int)sub_4093CE(v11);
  else
    cbMultiByte = 0;
  v12 = (int)v42;
  v50 = -1;
  AES_MD5_InOut_myFN((void *)(v42 + 26), 8, (void *)(v42 + 112), 16, (int)&v28, 0);
  Blowfish_Init((_DWORD *)cbMultiByte, v12 + 44, 16);
  sub_409C0B((_DWORD *)cbMultiByte, (_BYTE *)(v12 + 224), &v38, 16);
  if ( cbMultiByte )
  {
    sub_4093EE((LPVOID *)cbMultiByte);
    sub_456326((LPVOID)cbMultiByte);
  }
  v13 = (WCHAR *)operator new(8u);
  v42 = v13;
  v50 = 2;
  if ( v13 )
    cbMultiByte = (int)sub_4093CE(v13);
  else
    cbMultiByte = 0;
  v50 = -1;
  Blowfish_Init((_DWORD *)cbMultiByte, (int)&v38, 16);
  AES_MD5_InOut_myFN((void *)(v12 + 52), 8, (void *)(v12 + 224), 16, (int)&v31, 0);
  sub_409C0B((_DWORD *)cbMultiByte, (_BYTE *)(v12 + 44), &v38, 16);
  AES_MD5_InOut_myFN(&v38, 10, (void *)(v12 + 760), 16, 0, &v33);
  AES_MD5_InOut_myFN(&v39, 12, (void *)(v12 + 780), 16, 0, &v34);
  if ( cbMultiByte )
  {
    sub_4093EE((LPVOID *)cbMultiByte);
    sub_456326((LPVOID)cbMultiByte);
  }
  AES_MD5_InOut_myFN(&v40, 4, &v32, 16, 0, &v35);
  AES_MD5_InOut_myFN(&v33, 12, *(void **)(v12 + 244), 16, 0, *(void **)(v12 + 248));
  VolumeSerialNumber = 0;
  GetSystemDirectoryW(&Buffer, 0x208u);
  v30 = 0;
  GetVolumeInformationW(&Buffer, 0, 0, &VolumeSerialNumber, 0, 0, 0, 0);
  wsprintfW(&Buffer, L"%08X", VolumeSerialNumber);
  v14 = (WCHAR *)operator new(8u);
  v42 = v14;
  v50 = 3;
  if ( v14 )
    cbMultiByte = (int)sub_4093CE(v14);
  else
    cbMultiByte = 0;
  v50 = -1;
  v48 = (size_t)malloc(0x400u);
  if ( &Buffer )
  {
    v16 = lstrlenW(&Buffer);
    v17 = 2 * v16 + 2;
    v18 = 2 * v16 + 5;
    LOBYTE(v18) = v18 & 0xFC;
    v19 = alloca(v18);
    v15 = &v27;
    v27 = 0;
    WideCharToMultiByte(0, 0, &Buffer, -1, &v27, v17, 0, 0);
  }
  else
  {
    v15 = 0;
  }
  Blowfish_Init((_DWORD *)cbMultiByte, (int)v15, 8);
  if ( lpString )
  {
    v21 = lstrlenW(lpString);
    v22 = 2 * v21 + 2;
    v23 = 2 * v21 + 5;
    LOBYTE(v23) = v23 & 0xFC;
    v24 = alloca(v23);
    v20 = &v27;
    v27 = 0;
    WideCharToMultiByte(0, 0, lpString, -1, &v27, v22, 0, 0);
  }
  else
  {
    v20 = 0;
  }
  v25 = (LPVOID *)cbMultiByte;
  v26 = sub_409C0B((_DWORD *)cbMultiByte, v20, (_BYTE *)v48, v47);
  if ( v25 )
  {
    sub_4093EE(v25);
    sub_456326(v25);
  }
  sub_438F4A(L"ProRegInfoBin50", (BYTE *)v48, v26, 3u);
  sub_456FF8((LPVOID)v48);
  return 1;
}

下载:
https://mega.nz/#!ugsHyBhT!KiwhSHt01fb_jeoWu6P7FHlnScNooKkoy2R79s0DqXg

Nisy · 发表于 2018-8-3 10:25:33

原来论坛前些天公开的这几组key还暗藏彩蛋 ~

		自动登录	找回密码
密码			加入我们

[讨论中..] Auto Debug Professional v5.7.4.13 注册计划

本帖子中包含更多资源

本帖子中包含更多资源