(补丁的使用方法补充到http://blog.csdn.net/zhw309/article/details/7357243 )
一朋友再搞建筑智能化方面的,说想学习西门子insight3.10软件,公司的狗又不能外借,让我帮忙看看。
上网仔细搜索该软件的信息,西门子智能楼宇软件insight3.10用的竟然是圣天诺(sentinel)狗,那好吧,两者都没接触过,正好来好好学习学习。
载入ollydbg,弹出的提醒没有序列号的消息框"There are no Base or Advanced license available,……",按暂停,由此来定位出程序校验序列号的大概地方。可得到0x41b080即为此校验函数,经过多次跟踪后,由IDA可得出如下较清晰的逻辑:
signed int __fastcall CheckLicenses_zhw(int a1)
{
const char *ST50_4_0; // ST50_4@0
char *ST54_4_0; // ST54_4@0
int ST58_4_0; // ST58_4@0
int v4; // ecx@1
int v5; // esi@1
int v6; // ST54_4@1
int v7; // ST58_4@1
void *v8; // ST54_4@3
unsigned __int32 v9; // ST58_4@3
HRESULT v11; // eax@14
unsigned int v12; // ST54_4@14
unsigned int v13; // ST58_4@14
int v14; // ST58_4@17
int v15; // eax@18
int v16; // ST50_4@20
int v17; // ST54_4@20
int v18; // ST58_4@20
const CHAR *v19; // ST50_4@22
int v20; // ST54_4@22
unsigned int v21; // ST58_4@22
const CHAR *v22; // ST54_4@29
unsigned int v23; // ST58_4@29
int v24; // eax@31
int v25; // eax@32
int v26; // eax@37
int v27; // ST58_4@40
UINT v28; // ST58_4@41
void *v29; // eax@42
int v30; // ST58_4@42
void *v31; // ST58_4@44
char v32; // al@45
int v33; // ecx@53
void *v34; // eax@55
int v35; // ST58_4@55
const char *v36; // ST50_4@57
unsigned int v37; // ST54_4@57
void *v38; // ST58_4@57
char v39; // al@58
int v40; // ecx@65
void *v41; // eax@67
int v42; // ST50_4@67
int v43; // ST54_4@67
unsigned int v44; // ST58_4@67
int v45; // eax@68
const CHAR *v46; // ST50_4@69
const CHAR *v47; // ST54_4@69
int v48; // ST58_4@69
UINT v49; // ST58_4@70
void *v50; // eax@71
int v51; // ST58_4@71
void *v54; // ST58_4@73
char v55; // al@74
void *v56; // eax@78
char v58; // al@81
UINT v59; // ST50_4@87
int v60; // ST54_4@87
int v61; // ST58_4@87
int v62; // eax@88
int v63; // ebp@90
int v64; // ST54_4@90
const char *v65; // ST58_4@90
int v66; // ecx@93
int v67; // ecx@97
WPARAM v68; // ST54_4@97
__int32 v69; // ST58_4@97
char *v70; // ecx@99
WPARAM v71; // ST54_4@99
LPARAM v72; // ST58_4@99
int v73; // ecx@101
UINT v74; // ST50_4@101
WPARAM v75; // ST54_4@101
__int32 v76; // ST58_4@101
int v77; // ecx@107
UINT v78; // ST50_4@107
WPARAM v79; // ST54_4@107
__int32 v80; // ST58_4@107
int v81; // ecx@108
int v82; // eax@109
HWND v83; // ST4C_4@111
int v84; // ecx@112
int v85; // ST54_4@112
int v87; // eax@5
const char *v88; // ecx@6
const char *v89; // ST50_4@13
unsigned int v90; // ST54_4@13
unsigned int v91; // ST58_4@13
void *v92; // eax@17
int v93; // ecx@20
const char *v94; // ecx@20
const char *v95; // ecx@22
void *v96; // eax@24
void *v97; // eax@26
int v98; // ST58_4@29
int v99; // ST58_4@38
int v100; // edx@67
int v101; // ecx@69
char *v102; // ecx@69
int v103; // eax@69
char *v104; // ecx@87
const char *v105; // ecx@87
int v106; // ST58_4@90
int v107; // ST54_4@90
int v108; // ST58_4@90
int v109; // ST54_4@90
int v110; // ST58_4@90
int v111; // ST58_4@90
int v112; // ST54_4@90
int v113; // ST58_4@90
int v114; // ST58_4@90
int v115; // ST54_4@90
int v116; // ST58_4@90
int v117; // ST58_4@90
int v118; // ST54_4@90
int v119; // ST58_4@90
int v120; // ST58_4@90
int v121; // ST58_4@90
int v122; // ST58_4@90
int v123; // ST58_4@90
int v124; // eax@90
int v125; // ebx@90
int v126; // ST58_4@90
int v127; // eax@90
int v128; // ST58_4@90
const char *v129; // ST54_4@93
const char *v130; // ST50_4@93
int v131; // eax@93
int v132; // ST4C_4@93
int v133; // eax@93
int v134; // eax@93
int v135; // eax@98
int v136; // eax@100
int v137; // eax@104
int v138; // eax@111
int v139; // eax@114
char v140; // [sp+8Ch] [bp-D8h]@1
signed int v141; // [sp+160h] [bp-4h]@1
int (__stdcall **v142)(char, int, int, int); // [sp+C0h] [bp-A4h]@1
void *v143; // [sp+6Ch] [bp-F8h]@1
void *v144; // [sp+74h] [bp-F0h]@2
char v145; // [sp+9Ch] [bp-C8h]@3
signed int v146; // [sp+A8h] [bp-BCh]@6
char *v147; // [sp+70h] [bp-F4h]@13
char v148; // [sp+80h] [bp-E4h]@22
char v149; // [sp+88h] [bp-DCh]@22
int v150; // [sp+BCh] [bp-A8h]@22
char v151; // [sp+98h] [bp-CCh]@29
char *v152; // [sp+94h] [bp-D0h]@29
char v153; // [sp+154h] [bp-10h]@38
char v154; // [sp+F0h] [bp-74h]@38
char v155; // [sp+150h] [bp-14h]@38
LPCSTR lpCaption; // [sp+78h] [bp-ECh]@40
LPCSTR lpText; // [sp+7Ch] [bp-E8h]@40
char v158; // [sp+ACh] [bp-B8h]@42
int v159; // [sp+B0h] [bp-B4h]@44
char v160; // [sp+84h] [bp-E0h]@90
v5 = a1;
CAfwReg__CAfwReg(&v140);
v141 = 0;
CAfwIPC__CAfwIPC(&v142);
v142 = &off_43B198;
ST58_4_0 = v4;
v143 = &ST58_4_0;
ST54_4_0 = "main";
LOBYTE(v141) = 1;
CString__CString(&ST58_4_0, ST54_4_0);
if ( CAfwIPC__AppRuns(&v142, ST58_4_0) )
{
ST58_4_0 = 30;
ST54_4_0 = (char *)10;
ST50_4_0 = (const char *)v4;
v144 = &ST50_4_0;
CString__CString(&ST50_4_0, NewItem);
CAfwIPC__NavigateTo(&v142, &v144, "main", 0, 0, ST50_4_0, v6, v7);
Program_End_zhw:
LOBYTE(v141) = 0;
CAfwIPC___CAfwIPC(&v142);
v141 = -1;
CAfwReg___CAfwReg(&v140);
return 0;
}
ST58_4_0 = 0;
ST54_4_0 = &NewItem[1076];
CSingleLock__CSingleLock(&v145, v6, v7);
ST58_4_0 = 50;
LOBYTE(v141) = 2;
if ( !CSingleLock__Lock(&v145, v9) )
{
LOBYTE(v141) = 1;
CSingleLock__Unlock(&v145);
LOBYTE(v141) = 0;
CAfwIPC___CAfwIPC(&v142);
v141 = -1;
CAfwReg___CAfwReg(&v140);
return 0;
}
v87 = *(_DWORD *)(v5 + 520);
*(_DWORD *)(v5 + 512) = 1;
if ( !v87 )
{
ST58_4_0 = (int)&v146;
ST54_4_0 = (char *)&v146;
v143 = &ST54_4_0;
ST50_4_0 = "Type";
CString__CString(&ST54_4_0, ST50_4_0);
ST50_4_0 = v88;
LOBYTE(v141) = 3;
v144 = &ST50_4_0;
CString__CString(&ST50_4_0, "Setup//SoftwareProtection");
LOBYTE(v141) = 2;
if ( CAfwReg__GetSystemValue(&v140, -2147483646, ST50_4_0, v8, v9) )
{
if ( v146 != 1 )
{
ST58_4_0 = 0;
ST54_4_0 = 0;
ST50_4_0 = "This is not Commissioning Tool.";
AfxMessageBox(ST50_4_0, (unsigned int)v8, v9);
LOBYTE(v141) = 1;
CSingleLock__Unlock(&v145);
goto Program_End_zhw;
}
}
}
CAfwWinApp__InitInstance(v5);
if ( !*(_DWORD *)(v5 + 520) )
{
if ( *(_DWORD *)(v5 + 524) )
{
ST58_4_0 = 0;
ST54_4_0 = 0;
ST50_4_0 = (const char *)Maybe_Sleep_zhw;
if ( beginthread(ST50_4_0, v8, v9) == -1 )
{
CString__CString(&v147);
LOBYTE(v141) = 4;
ST58_4_0 = GetLastError();
ST54_4_0 = "Failed to start CT thread: %d";
ST50_4_0 = (const char *)&v147;
CString__Format(ST50_4_0, v8, v9);
ST58_4_0 = 0;
ST54_4_0 = 0;
ST50_4_0 = v147;
AfxMessageBox(v89, v90, v91);
LOBYTE(v141) = 2;
CString___CString(&v147);
LOBYTE(v141) = 1;
CSingleLock__Unlock(&v145);
LOBYTE(v141) = 0;
CAfwIPC___CAfwIPC(&v142);
v141 = -1;
CAfwReg___CAfwReg(&v140);
return 0;
}
}
}
ST58_4_0 = 0;
ST54_4_0 = 0;
v11 = CoInitializeEx(v8, v9);
if ( v11 != -2147417850 && v11 )
{
ST58_4_0 = 0;
ST54_4_0 = 0;
ST50_4_0 = "Could not initialize COM";
AfxMessageBox(ST50_4_0, v12, v13);
LOBYTE(v141) = 1;
CSingleLock__Unlock(&v145);
LOBYTE(v141) = 0;
CAfwIPC___CAfwIPC(&v142);
v141 = -1;
CAfwReg___CAfwReg(&v140);
return 0;
}
ST58_4_0 = 128;
v92 = operator new(v13);
v143 = v92;
LOBYTE(v141) = 5;
if ( v92 )
v15 = sub_407120();
else
v15 = 0;
LOBYTE(v141) = 2;
*(_DWORD *)(v5 + 560) = v15;
maybe_important_zhw();
ST58_4_0 = v93;
v143 = &ST58_4_0;
ST54_4_0 = NewItem;
CString__CString(&ST58_4_0, v12);
ST54_4_0 = (char *)128;
ST50_4_0 = v94;
v144 = &ST50_4_0;
LOBYTE(v141) = 6;
CString__CString(&ST50_4_0, "main");
LOBYTE(v141) = 2;
if ( !CAfwWinApp__LoadLanguageDLLs(v5, ST50_4_0, v17, v14) )
{
LOBYTE(v141) = 1;
CSingleLock__Unlock(&v145);
LOBYTE(v141) = 0;
CAfwIPC___CAfwIPC(&v142);
v141 = -1;
CAfwReg___CAfwReg(&v140);
return 0;
}
CString__CString(&v148);
LOBYTE(v141) = 7;
ST58_4_0 = *(_DWORD *)(AfxGetModuleState() + 4) + 476;
CString__operator_(&v148, v18);
CString__CString(&v149);
LOBYTE(v141) = 8;
ST58_4_0 = (int)&v150;
ST54_4_0 = (char *)&v150;
v143 = &ST54_4_0;
ST50_4_0 = "SplashScreenDisabled";
CString__CString(&ST54_4_0, v16);
ST50_4_0 = v95;
v144 = &ST50_4_0;
LOBYTE(v141) = 9;
CString__CString(&ST50_4_0, &v148);
LOBYTE(v141) = 8;
if ( CAfwReg__GetAppValue(&v140, -2147483646, v19, v17, v21) )
{
if ( v150 )
goto LABEL_29;
ST58_4_0 = 124;
v96 = operator new(v21);
v143 = v96;
LOBYTE(v141) = 10;
if ( v96 )
goto LABEL_27;
}
else
{
ST58_4_0 = 124;
v97 = operator new(v21);
v143 = v97;
LOBYTE(v141) = 11;
if ( v97 )
{
LABEL_27:
ST58_4_0 = 0;
ST54_4_0 = 0;
ST50_4_0 = (const char *)3000;
Maybe_CSplash_Thread_zhw(172, v19, v20, v21);
goto LABEL_28;
}
}
LABEL_28:
LOBYTE(v141) = 8;
LABEL_29:
ST58_4_0 = *(_DWORD *)(*(_DWORD *)(AfxGetModuleState() + 4) + 116);
CString__CString(&v151, v21);
LOBYTE(v141) = 12;
ST58_4_0 = *(_DWORD *)(*(_DWORD *)(AfxGetModuleState() + 4) + 140);
CString__CString(&v152, v98);
LOBYTE(v141) = 13;
CString__MakeLower(&v151);
CString__MakeLower(&v152);
ST58_4_0 = (int)"main";
ST54_4_0 = v152;
mbscmp(v20, v98);
ST58_4_0 = (int)"/test";
if ( CString__Find(&v151, v23) >= 0 )
*(_DWORD *)(v5 + 528) = 1;
v24 = *(_DWORD *)(v5 + 520);
if ( v24 )
{
v25 = v24 - 1;
if ( v25 )
{
if ( v25 == 1 )
{
ST58_4_0 = *(_DWORD *)(v5 + 528);
Maybe_GetComputerNameSBT_DMA_zhw(v23);
}
}
else
{
Maybe_GetWorkstationVerboseProductNameString();
}
}
else
{
ST58_4_0 = *(_DWORD *)(v5 + 528);
Maybe_GetComputerNameSBT_Commission_zhw(v23);
}
Maybe_CAfwReg_SetAppValue_zhw(); //这里出错了
v26 = Maybe_Check_Zero_zhw();
if ( !v26 )
{
ST58_4_0 = v26;
sub_4278F0(v23);
LOBYTE(v141) = 14;
ST58_4_0 = sub_40C470();
CString__operator_(&v153, v99);
CDialog__DoModal(&v154);
LOBYTE(v141) = 16;
CString___CString(&v153);
LOBYTE(v141) = 15;
CString___CString(&v155);
LOBYTE(v141) = 13;
CDialog___CDialog(&v154);
LOBYTE(v141) = 12;
CString___CString(&v152);
LOBYTE(v141) = 8;
CString___CString(&v151);
LOBYTE(v141) = 7;
CString___CString(&v149);
LOBYTE(v141) = 2;
CString___CString(&v148);
LOBYTE(v141) = 1;
CSingleLock__Unlock(&v145);
LOBYTE(v141) = 0;
CAfwIPC___CAfwIPC(&v142);
v141 = -1;
CAfwReg___CAfwReg(&v140);
return 0;
}
if ( !Maybe_Check_Zero1_zhw() )
{
CString__CString(&lpCaption);
LOBYTE(v141) = 17;
CString__CString(&lpText);
ST58_4_0 = (int)&lpText;
LOBYTE(v141) = 18;
sub_40E210(v23);
if ( *(_DWORD *)(v5 + 520) == 2 )
{
ST58_4_0 = 161;
CString__LoadStringA(&lpCaption, v27);
}
else
{
CAfwString__CAfwString(&v147);
ST58_4_0 = (int)&v158;
LOBYTE(v141) = 19;
v29 = *(void **)(GetWorkstationVerboseProductNameString(v27) + 4);
LOBYTE(v141) = 20;
if ( !v29 )
v29 = _C;
ST58_4_0 = (int)v29;
ST54_4_0 = (char *)61216;
ST50_4_0 = (const char *)&v147;
CAfwString__SubstituteHolders(v19, v22, v30);
LOBYTE(v141) = 19;
if ( v159 )
{
v32 = *(_BYTE *)(v159 - 1);
if ( v32 && v32 != -1 )
{
*(_BYTE *)(v159 - 1) = v32 - 1;
}
else
{
ST58_4_0 = v159 - 1;
operator delete(v31);
}
}
ST58_4_0 = (int)&v147;
CString__operator_(&lpCaption, v28);
LOBYTE(v141) = 18;
CString___CString(&v147);
}
ST58_4_0 = 16;
ST54_4_0 = (char *)lpCaption;
ST50_4_0 = lpText;
MessageBoxA(0, v19, v22, v28);
LOBYTE(v141) = 17;
CString___CString(&lpText);
LOBYTE(v141) = 13;
CString___CString(&lpCaption);
LOBYTE(v141) = 12;
CString___CString(&v152);
LOBYTE(v141) = 8;
CString___CString(&v151);
LOBYTE(v141) = 7;
CString___CString(&v149);
LOBYTE(v141) = 2;
CString___CString(&v148);
LOBYTE(v141) = 1;
CSingleLock__Unlock(&v145);
LOBYTE(v141) = 0;
CAfwIPC___CAfwIPC(&v142);
v141 = -1;
CAfwReg___CAfwReg(&v140);
return 0;
}
if ( GetSessionID() && VerifyVersionInfoA_zhw() && !fun_VerifyVersionInfoA_zhw() )
{
ST58_4_0 = v33;
v143 = &ST58_4_0;
ST54_4_0 = "TermServer";
CString__CString(&ST58_4_0, v22);
if ( !CAfwWinApp__GetLicenseValue(v5, v23) )
{
CAfwString__CAfwString(&v147);
ST58_4_0 = (int)&v158;
LOBYTE(v141) = 21;
v34 = *(void **)(GetWorkstationProductLineString(v23) + 4);
LOBYTE(v141) = 22;
if ( !v34 )
v34 = _C;
ST58_4_0 = (int)v34;
ST54_4_0 = (char *)57682;
ST50_4_0 = (const char *)&v147;
CAfwString__SubstituteHolders(v19, v22, v35);
LOBYTE(v141) = 21;
if ( v159 )
{
v39 = *(_BYTE *)(v159 - 1);
if ( v39 && v39 != -1 )
{
*(_BYTE *)(v159 - 1) = v39 - 1;
}
else
{
ST58_4_0 = v159 - 1;
operator delete(v38);
}
}
ST58_4_0 = 0;
ST54_4_0 = 0;
ST50_4_0 = v147;
AfxMessageBox(v36, v37, (unsigned int)v38);
LOBYTE(v141) = 13;
CString___CString(&v147);
LOBYTE(v141) = 12;
CString___CString(&v152);
LOBYTE(v141) = 8;
CString___CString(&v151);
LOBYTE(v141) = 7;
CString___CString(&v149);
LOBYTE(v141) = 2;
CString___CString(&v148);
LOBYTE(v141) = 1;
CSingleLock__Unlock(&v145);
LOBYTE(v141) = 0;
CAfwIPC___CAfwIPC(&v142);
v141 = -1;
CAfwReg___CAfwReg(&v140);
return 0;
}
if ( CAfwWinApp__IsToolMode(v5) )
{
ST58_4_0 = -1;
ST54_4_0 = 0;
ST50_4_0 = (const char *)224;
AfxMessageBox((unsigned int)v19, (unsigned int)v22, v23);
LOBYTE(v141) = 12;
CString___CString(&v152);
LOBYTE(v141) = 8;
CString___CString(&v151);
LOBYTE(v141) = 7;
CString___CString(&v149);
LOBYTE(v141) = 2;
CString___CString(&v148);
LOBYTE(v141) = 1;
CSingleLock__Unlock(&v145);
LOBYTE(v141) = 0;
CAfwIPC___CAfwIPC(&v142);
v141 = -1;
CAfwReg___CAfwReg(&v140);
return 0;
}
}
if ( Maybe_Check_Valid_zhw() )
{
ST58_4_0 = v40;
v143 = &ST58_4_0;
ST54_4_0 = "main";
CString__CString(&ST58_4_0, v22);
if ( Maybe_String_CMP_zhw(v23) )
{
v100 = *(_DWORD *)(v5 + 560);
ST58_4_0 = 0;
ST54_4_0 = 0;
ST50_4_0 = 0;
AfxBeginThread(Maybe_Reg_zhw, v100, 0, v19, v22, v23);
CWinApp__Enable3dControls(v5);
ST58_4_0 = 108;
v41 = operator new(v44);
v143 = v41;
LOBYTE(v141) = 29;
if ( v41 )
{
ST58_4_0 = (int)&off_43B978;
ST54_4_0 = (char *)&off_43B2E0;
ST50_4_0 = (const char *)&off_43B1A0;
v45 = CSingleDocTemplate__CSingleDocTemplate(v41, 128, v42, v43, v44);
}
else
{
v45 = 0;
}
ST58_4_0 = v45;
LOBYTE(v141) = 13;
CWinApp__AddDocTemplate(v5, v44);
ST58_4_0 = (int)&v149;
ST54_4_0 = v104;
v143 = &ST54_4_0;
ST50_4_0 = "AfwAppPosition";
CString__CString(&ST54_4_0, v42);
ST50_4_0 = v105;
v144 = &ST50_4_0;
LOBYTE(v141) = 30;
CString__CString(&ST50_4_0, &v148);
LOBYTE(v141) = 13;
if ( CAfwReg__GetAppValue(&v140, -2147483647, v59, v43, v61) )
{
CWinApp__OnFileNew(v5);
v62 = AfxGetThread();
if ( v62 )
(*(int (__thiscall **)(int))(*(_DWORD *)v62 + 124))(v62);
CString__CString(&lpCaption);
LOBYTE(v141) = 31;
CString__CString(&lpText);
LOBYTE(v141) = 32;
CString__CString(&v147);
LOBYTE(v141) = 33;
CString__CString(&v144);
LOBYTE(v141) = 34;
CString__CString(&v160);
ST58_4_0 = (int)L",";
ST54_4_0 = (char *)&v143;
LOBYTE(v141) = 35;
ST58_4_0 = CString__SpanExcluding(&v149, v60, v61);
LOBYTE(v141) = 36;
CString__operator_(&lpCaption, v106);
LOBYTE(v141) = 35;
CString___CString(&v143);
ST58_4_0 = *((_DWORD *)lpCaption - 2) + 1;
ST54_4_0 = (char *)&v143;
ST58_4_0 = CString__Mid(&v149, v107, v106);
LOBYTE(v141) = 37;
CString__operator_(&v160, v108);
LOBYTE(v141) = 35;
CString___CString(&v143);
ST58_4_0 = (int)L",";
ST54_4_0 = (char *)&v143;
ST58_4_0 = CString__SpanExcluding(&v160, v109, v110);
LOBYTE(v141) = 38;
CString__operator_(&lpText, v111);
LOBYTE(v141) = 35;
CString___CString(&v143);
ST58_4_0 = *((_DWORD *)lpText - 2) + 1;
ST54_4_0 = (char *)&v143;
ST58_4_0 = CString__Mid(&v160, v112, v113);
LOBYTE(v141) = 39;
CString__operator_(&v160, v114);
LOBYTE(v141) = 35;
CString___CString(&v143);
ST58_4_0 = (int)L",";
ST54_4_0 = (char *)&v143;
ST58_4_0 = CString__SpanExcluding(&v160, v115, v116);
LOBYTE(v141) = 40;
CString__operator_(&v147, v117);
LOBYTE(v141) = 35;
CString___CString(&v143);
ST58_4_0 = *((_DWORD *)v147 - 2) + 1;
ST54_4_0 = (char *)&v143;
ST58_4_0 = CString__Mid(&v160, v118, v119);
LOBYTE(v141) = 41;
CString__operator_(&v160, v120);
LOBYTE(v141) = 35;
CString___CString(&v143);
ST58_4_0 = (int)L",";
ST54_4_0 = (char *)&v143;
ST58_4_0 = CString__SpanExcluding(&v160, v64, v121);
LOBYTE(v141) = 42;
CString__operator_(&v144, v122);
LOBYTE(v141) = 35;
CString___CString(&v143);
ST58_4_0 = 61;
v124 = GetSystemMetrics(v123);
ST58_4_0 = 62;
v125 = v124;
v127 = GetSystemMetrics(v126);
ST58_4_0 = 0;
v63 = v127;
ST58_4_0 = CString__GetBuffer(&lpCaption, v128);
if ( v125 <= atoi(v65) + 10
|| (ST58_4_0 = 0, ST58_4_0 = CString__GetBuffer(&lpText, v65), v63 <= atoi(v65) + 10) )
{
ST58_4_0 = (int)L"0";
CString__operator_(&lpCaption, v65);
ST58_4_0 = (int)L"0";
CString__operator_(&lpText, v65);
}
ST58_4_0 = 4;
ST54_4_0 = 0;
ST54_4_0 = (char *)CString__GetBuffer(&v144, v64);
ST54_4_0 = (char *)atoi(v129);
ST50_4_0 = 0;
ST50_4_0 = (const char *)CString__GetBuffer(&v147, v59);
ST50_4_0 = (const char *)atoi(v130);
v131 = CString__GetBuffer(&lpText, 0);
v132 = atoi((const char *)v131);
v133 = CString__GetBuffer(&lpCaption, 0);
v134 = atoi((const char *)v133);
CWnd__SetWindowPos(*(_DWORD *)(v5 + 32), 0, v134, v132, v59, v60, v61);
LOBYTE(v141) = 34;
CString___CString(&v160);
LOBYTE(v141) = 33;
CString___CString(&v144);
LOBYTE(v141) = 32;
CString___CString(&v147);
LOBYTE(v141) = 31;
CString___CString(&lpText);
LOBYTE(v141) = 13;
CString___CString(&lpCaption);
}
else
{
CWinApp__OnFileNew(v5);
}
if ( *(_DWORD *)(v5 + 520) != 1 && !*(_DWORD *)(v5 + 524) )
goto LicenseISWrong_zhw;
ST58_4_0 = v66;
v143 = &ST58_4_0;
ST54_4_0 = "communicationmonitor";
CString__CString(&ST58_4_0, v60);
if ( sub_41C630(v61) )
{
v135 = *(_DWORD *)(v5 + 32);
ST58_4_0 = 0;
ST54_4_0 = 0;
ST50_4_0 = (const char *)1150;
PostMessageA(*(HWND *)(v135 + 32), v59, v68, v69);
}
ST58_4_0 = v67;
v144 = &ST58_4_0;
ST54_4_0 = "alarm";
CString__CString(&ST58_4_0, v68);
if ( sub_41C630(v69) )
{
v136 = *(_DWORD *)(v5 + 32);
ST58_4_0 = 0;
ST54_4_0 = 0;
ST50_4_0 = (const char *)1147;
PostMessageA(*(HWND *)(v136 + 32), v59, v71, v72);
}
ST58_4_0 = (int)&v143;
ST54_4_0 = v70;
v144 = &ST54_4_0;
ST50_4_0 = "AutoStartGraphics";
CString__CString(&ST54_4_0, v59);
ST50_4_0 = (const char *)v73;
v147 = (char *)&ST50_4_0;
LOBYTE(v141) = 43;
CString__CString(&ST50_4_0, &v148);
LOBYTE(v141) = 13;
if ( !CAfwReg__GetAppValue(&v140, -2147483647, v74, v71, v72) )
{
ST58_4_0 = 0;
ST54_4_0 = (char *)v73;
v144 = &ST54_4_0;
ST50_4_0 = "AutoStartGraphics";
CString__CString(&ST54_4_0, v74);
ST50_4_0 = (const char *)v73;
v147 = (char *)&ST50_4_0;
LOBYTE(v141) = 44;
CString__CString(&ST50_4_0, &v148);
LOBYTE(v141) = 13;
CAfwReg__SetAppValue(&v140, -2147483647, v74, v75, v76);
}
else
{
if ( v143 )
{
ST58_4_0 = v73;
v144 = &ST58_4_0;
ST54_4_0 = "graphic";
CString__CString(&ST58_4_0, v75);
if ( sub_41C630(v76) )
{
v137 = *(_DWORD *)(v5 + 32);
ST58_4_0 = 0;
ST54_4_0 = 0;
ST50_4_0 = (const char *)1152;
PostMessageA(*(HWND *)(v137 + 32), v74, v75, v76);
}
}
}
if ( *(_DWORD *)(v5 + 520) != 1 )
goto LicenseISWrong_zhw;
ST58_4_0 = v73;
v144 = &ST58_4_0;
ST54_4_0 = NewItem;
CString__CString(&ST58_4_0, v75);
ST54_4_0 = (char *)v77;
LOBYTE(v141) = 45;
v147 = (char *)&ST54_4_0;
ST50_4_0 = "Fire ALS3";
CString__CString(&ST54_4_0, v74);
ST50_4_0 = 0;
LOBYTE(v141) = 13;
if ( (CAfwWinApp__IsLicensed(v5, v78, v79, v76)
|| (ST58_4_0 = v77, v144 = &ST58_4_0, ST54_4_0 = NewItem, CString__CString(&ST58_4_0, v79), ST54_4_0 = (char *)v81, LOBYTE(v141) = 46, v147 = (char *)&ST54_4_0, ST50_4_0 = "XLS", CString__CString(&ST54_4_0, v78), ST50_4_0 = 0, LOBYTE(v141) = 13, CAfwWinApp__IsLicensed(v5, v78, v79, v80)))
&& (v82 = *(_DWORD *)(v5 + 560), v81 = *(_DWORD *)(v82 + 52), v81)
&& (ST58_4_0 = *(_DWORD *)(v82 + 52), v144 = &ST58_4_0, ST54_4_0 = "AlarmBar", CString__CString(&ST58_4_0, v79), sub_41C630(v80)) )
{
v138 = *(_DWORD *)(v5 + 32);
ST58_4_0 = 0;
ST54_4_0 = 0;
ST50_4_0 = (const char *)1151;
v83 = *(HWND *)(v138 + 32);
}
else
{
ST58_4_0 = v81;
v144 = &ST58_4_0;
ST54_4_0 = NewItem;
CString__CString(&ST58_4_0, v79);
ST54_4_0 = (char *)v84;
LOBYTE(v141) = 47;
v147 = (char *)&ST54_4_0;
ST50_4_0 = "ALMB";
CString__CString(&ST54_4_0, v78);
ST50_4_0 = 0;
LOBYTE(v141) = 13;
if ( !CAfwWinApp__IsLicensed(v5, v78, v85, v80)
|| (ST58_4_0 = v84, v144 = &ST58_4_0, ST54_4_0 = "AlarmBar", CString__CString(&ST58_4_0, v79), !sub_41C630(v80)) )
goto LicenseISWrong_zhw;
v139 = *(_DWORD *)(v5 + 32);
ST58_4_0 = 0;
ST54_4_0 = 0;
ST50_4_0 = (const char *)1151;
v83 = *(HWND *)(v139 + 32);
}
PostMessageA(v83, v78, v79, v80);
LicenseISWrong_zhw:
sub_4210F0();
LOBYTE(v141) = 12;
CString___CString(&v152);
LOBYTE(v141) = 8;
CString___CString(&v151);
LOBYTE(v141) = 7;
CString___CString(&v149);
LOBYTE(v141) = 2;
CString___CString(&v148);
LOBYTE(v141) = 1;
CSingleLock__Unlock(&v145);
LOBYTE(v141) = 0;
CAfwIPC___CAfwIPC(&v142);
v141 = -1;
CAfwReg___CAfwReg(&v140);
return 1;
}
}
ST58_4_0 = 3;
sub_40D8C0(v23);
CAfwString__CAfwString(&lpText);
LOBYTE(v141) = 23;
CAfwString__CAfwString(&lpCaption);
ST58_4_0 = v101;
v143 = &ST58_4_0;
ST54_4_0 = NewItem;
LOBYTE(v141) = 24;
CString__CString(&ST58_4_0, v22);
ST54_4_0 = v102;
LOBYTE(v141) = 25;
v144 = &ST54_4_0;
ST50_4_0 = "DMA";
CString__CString(&ST54_4_0, v19);
ST50_4_0 = 0;
LOBYTE(v141) = 24;
v103 = sub_4021E0();
if ( CAfwWinApp__IsLicensed(v103, v46, v47, v48) )
{
ST58_4_0 = 162;
CString__LoadStringA(&lpText, v48);
ST58_4_0 = 161;
CString__LoadStringA(&lpCaption, v49);
}
else
{
ST58_4_0 = (int)&v158;
v50 = *(void **)(GetWorkstationVerboseProductNameString(v48) + 4);
LOBYTE(v141) = 27;
if ( !v50 )
v50 = _C;
ST58_4_0 = (int)v50;
ST54_4_0 = (char *)61216;
ST50_4_0 = (const char *)&lpCaption;
CAfwString__SubstituteHolders(v46, v47, v51);
LOBYTE(v141) = 24;
if ( v159 )
{
v55 = *(_BYTE *)(v159 - 1);
if ( v55 && v55 != -1 )
{
*(_BYTE *)(v159 - 1) = v55 - 1;
}
else
{
ST58_4_0 = v159 - 1;
operator delete(v54);
}
}
ST58_4_0 = (int)&v158;
v56 = *(void **)(GetWorkstationVerboseProductNameString(v54) + 4);
LOBYTE(v141) = 28;
if ( !v56 )
v56 = _C;
ST58_4_0 = (int)v56;
ST54_4_0 = (char *)61217;
ST50_4_0 = (const char *)&lpText;
CAfwString__SubstituteHolders(v46, v47, v49);
if ( v159 )
{
v58 = *(_BYTE *)(v159 - 1);
if ( v58 && v58 != -1 )
{
*(_BYTE *)(v159 - 1) = v58 - 1;
}
else
{
ST58_4_0 = v159 - 1;
operator delete((void *)v49);
}
}
}
ST58_4_0 = 16;
ST54_4_0 = (char *)lpCaption;
ST50_4_0 = lpText;
MessageBoxA(0, v46, v47, v49);
LOBYTE(v141) = 23;
CString___CString(&lpCaption);
LOBYTE(v141) = 13;
CString___CString(&lpText);
LOBYTE(v141) = 12;
CString___CString(&v152);
LOBYTE(v141) = 8;
CString___CString(&v151);
LOBYTE(v141) = 7;
CString___CString(&v149);
LOBYTE(v141) = 2;
CString___CString(&v148);
LOBYTE(v141) = 1;
CSingleLock__Unlock(&v145);
LOBYTE(v141) = 0;
CAfwIPC___CAfwIPC(&v142);
v141 = -1;
CAfwReg___CAfwReg(&v140);
return 0;
}
注意力集中在 Maybe_GetWorkstationVerboseProductNameString()这个函数中,挖掘这个函数,果然发现是读取license或dongle的函数,看代码:
int __fastcall Maybe_GetWorkstationVerboseProductNameString(int a1)
{
int v1; // esi@1
void *v2; // eax@7
void *v3; // eax@10
char v4; // al@13
void *v5; // ecx@13
char v7; // ST08_1@2
int v8; // eax@5
int v9; // edi@17
char v10; // [sp+14h] [bp-40h]@1
signed int v11; // [sp+50h] [bp-4h]@1
char v12; // [sp+20h] [bp-34h]@1
signed int v13; // [sp+18h] [bp-3Ch]@1
char v14; // [sp+38h] [bp-1Ch]@1
int v15; // [sp-8h] [bp-5Ch]@2
int *v16; // [sp+1Ch] [bp-38h]@2
char v17; // [sp+24h] [bp-30h]@2
char v18; // [sp+28h] [bp-2Ch]@7
char v19; // [sp+10h] [bp-44h]@10
int v20; // [sp+2Ch] [bp-28h]@12
int v21; // [sp+30h] [bp-24h]@17
int v22; // [sp+34h] [bp-20h]@17
v1 = a1;
AfxGetModuleState();
sub_409A20();
*(_DWORD *)(v1 + 24) = sub_40CDF0();
CAfwString__CAfwString(&v10);
v11 = 0;
CSysName__CSysName(&v12);
LOBYTE(v11) = 1;
v13 = 16;
if ( GetComputerNameSBT(&v14, (unsigned __int32 *)&v13) )
{
CSysName__operator_(&v12, &v14);
v16 = &v15;
CString__CString(&v7, (unsigned int)&v17 & -(&v12 != 0));
sub_40D540(&v16, (char)CSysName___vftable_, v7);
CString___CString(&v16);
}
else
{
CSysName__operator_(&v12, L"?");
CUserName__operator_(v1 + 44, L"?");
}
if ( sub_409E80() )
{
v2 = *(void **)(GetWorkstationProductLineString(&v18) + 4);
LOBYTE(v11) = 2;
if ( !v2 )
v2 = _C;
CAfwString__SubstituteHolders(&v10, 61224, v2);
LOBYTE(v11) = 1;
std__basic_string_char_std__char_traits_char__std__allocator_char_____Tidy(&v18, 1);
CString__operator_(v1 + 40, &v10);
}
else
{
v8 = License_Check_zhw();
*(_DWORD *)(v1 + 28) = v8;
if ( v8 )
CheckLicense_AddApps_zhw();
}
CAfwString__CAfwString(&v19);
LOBYTE(v11) = 3;
v3 = *(void **)(GetWorkstationVerboseProductNameString(&v18) + 4);
LOBYTE(v11) = 4;
if ( !v3 )
v3 = _C;
CAfwString__SubstituteHolders(&v19, 61216, v3);
LOBYTE(v11) = 3;
if ( v20 )
{
v5 = (void *)(v20 - 1);
v4 = *(_BYTE *)(v20 - 1);
if ( v4 && v4 != -1 )
*(_BYTE *)v5 = v4 - 1;
else
operator delete(v5);
}
v20 = 0;
v21 = 0;
v22 = 0;
CString__operator_(v1 + 60, &v19);
v9 = *(_DWORD *)(v1 + 24) & *(_DWORD *)(v1 + 28);
LOBYTE(v11) = 1;
CString___CString(&v19);
LOBYTE(v11) = 0;
CString___CString((unsigned int)&v17 & -(&v12 != 0));
v11 = -1;
CString___CString(&v10);
return v9;
}
看 v8 = License_Check_zhw()函数,问题已经开始越来越明了了,再往里钻一下:
signed int __fastcall License_Check_zhw(int a1)
{
signed int ST08_4_0; // ST08_4@0
int ST0C_4_0; // ST0C_4@0
signed int v3; // ebp@1
int v4; // esi@1
signed int v5; // ecx@2
int v6; // eax@6
char v7; // zf@8
void *v9; // eax@28
int v10; // ST0C_4@28
int v11; // ecx@30
void *v12; // ST0C_4@30
char v13; // al@31
signed int v14; // ecx@34
signed int v16; // eax@1
int v17; // esi@35
signed int v18; // ecx@35
int v19; // ST08_4@35
int v20; // ST0C_4@35
signed int v21; // ecx@35
int v22; // ST08_4@35
int v23; // ST0C_4@35
signed int v24; // ecx@35
int v25; // ST08_4@35
int v26; // ST0C_4@35
signed int v27; // ecx@35
int v28; // ST08_4@35
int v29; // ST08_4@37
int v30; // [sp+20h] [bp-28h]@1
signed int *v31; // [sp+28h] [bp-20h]@14
char v32; // [sp+2Ch] [bp-1Ch]@28
signed int v33; // [sp+44h] [bp-4h]@28
char v34; // [sp+24h] [bp-24h]@30
int v35; // [sp+30h] [bp-18h]@30
int v36; // [sp+34h] [bp-14h]@37
int v37; // [sp+38h] [bp-10h]@37
v4 = a1;
*(_DWORD *)(a1 + 80) = 0;
*(_DWORD *)(a1 + 84) = 0;
*(_DWORD *)(a1 + 88) = 0;
*(_DWORD *)(a1 + 72) = 0;
*(_DWORD *)(a1 + 76) = 0;
*(_DWORD *)(a1 + 68) = 0;
*(_DWORD *)(a1 + 92) = 0;
*(_DWORD *)(a1 + 96) = 0;
*(_DWORD *)(a1 + 104) = 0;
*(_DWORD *)(a1 + 108) = 0;
*(_DWORD *)(a1 + 112) = 0;
*(_DWORD *)(a1 + 116) = 0;
v30 = *(_DWORD *)(AfxGetModuleState() + 4);
v16 = sub_40A190();
v3 = v16;
if ( !v16 )
{
ST0C_4_0 = (int)"Softprot Initialize failed /n";
goto LABEL_41;
}
call_softRequestLicense_zhw();
if ( !*(_DWORD *)(v4 + 76) )
{
call_FindLicense_Fls_zhw();
if ( !*(_DWORD *)(v4 + 76) )
{
if ( !*(_DWORD *)(v4 + 84) )
call_FindLicense_Combo_zhw();
}
}
v6 = *(_DWORD *)(v4 + 108);
if ( v6 || *(_DWORD *)(v4 + 104) )
{
v3 = 0;
if ( !v6 )
goto LABEL_42;
ST0C_4_0 = 61249;
CString__LoadStringA(v4 + 40, ST0C_4_0);
ST0C_4_0 = (int)"Dongle missing!/n";
LABEL_41:
sub_4070C0(ST0C_4_0);
goto LABEL_42;
}
v7 = *(_DWORD *)(v4 + 76) == 0;
if ( !*(_DWORD *)(v4 + 76) )
{
if ( !*(_DWORD *)(v4 + 84) )
{
if ( !*(_DWORD *)(v4 + 72) )
call_FindLicense_Core_zhw();
}
v7 = *(_DWORD *)(v4 + 76) == 0;
}
if ( v7 )
{
if ( !*(_DWORD *)(v4 + 72) && !*(_DWORD *)(v4 + 84) )
{
SoftProtRequest_Set_License_zhw();
goto LABEL_20;
}
ST0C_4_0 = 1;
ST08_4_0 = v5;
v31 = &ST08_4_0;
CString__CString(&ST08_4_0, "ReportScheduler");
CAfwWinApp__SetLicenseValue(v30, ST08_4_0, ST0C_4_0);
ST0C_4_0 = (int)"Added Report Scheduler /n";
}
else
{
ST0C_4_0 = 0;
ST08_4_0 = v5;
v31 = &ST08_4_0;
CString__CString(&ST08_4_0, "ReportScheduler");
CAfwWinApp__SetLicenseValue(v30, ST08_4_0, ST0C_4_0);
ST0C_4_0 = (int)"Report Scheduler was not added/n";
}
sub_4070C0(ST0C_4_0);
LABEL_20:
if ( !*(_DWORD *)(v4 + 112) )
{
ST0C_4_0 = 61247;
v3 = 0;
CString__LoadStringA(v4 + 40, ST0C_4_0);
ST0C_4_0 = (int)"License file lservrc file not found/n";
goto LABEL_41;
}
Check_License_OtherAll_zhw();
if ( *(_DWORD *)(v4 + 116) )
{
v3 = 0;
}
else
{
if ( *(_DWORD *)(v4 + 76) || *(_DWORD *)(v4 + 68) || *(_DWORD *)(v4 + 72) || *(_DWORD *)(v4 + 84) )
{
v3 = 1;
if ( COptionsObj__GetProductBrandIdentity() == 2 )
{
ST0C_4_0 = 0;
ST08_4_0 = v14;
v31 = &ST08_4_0;
CString__CString(&ST08_4_0, "ALMB");
v17 = v30;
CAfwWinApp__SetLicenseValue(v30, ST08_4_0, ST0C_4_0);
ST0C_4_0 = 0;
ST08_4_0 = v18;
v31 = &ST08_4_0;
CString__CString(&ST08_4_0, "tod");
CAfwWinApp__SetLicenseValue(v17, v19, v20);
ST0C_4_0 = 0;
ST08_4_0 = v21;
v31 = &ST08_4_0;
CString__CString(&ST08_4_0, "BACnetServer");
CAfwWinApp__SetLicenseValue(v17, v22, v23);
ST0C_4_0 = 0;
ST08_4_0 = v24;
v31 = &ST08_4_0;
CString__CString(&ST08_4_0, "Dialup");
CAfwWinApp__SetLicenseValue(v17, v25, v26);
ST0C_4_0 = 1;
ST08_4_0 = v27;
v31 = &ST08_4_0;
CString__CString(&ST08_4_0, "BACnetClient");
CAfwWinApp__SetLicenseValue(v17, v28, ST0C_4_0);
}
}
else
{
v3 = 0;
ST0C_4_0 = (int)&v32;
v9 = *(void **)(GetWorkstationVerboseProductNameString(ST0C_4_0) + 4);
v33 = 0;
if ( !v9 )
v9 = _C;
ST0C_4_0 = (int)v9;
CString__CString(&v34, v10);
LOBYTE(v33) = 2;
if ( v35 )
{
v11 = v35 - 1;
v13 = *(_BYTE *)(v35 - 1);
if ( v13 && v13 != -1 )
{
*(_BYTE *)v11 = v13 - 1;
}
else
{
ST0C_4_0 = v35 - 1;
operator delete(v12);
}
}
ST0C_4_0 = v11;
v31 = &ST0C_4_0;
ST08_4_0 = (signed int)&v34;
v35 = 0;
v36 = 0;
v37 = 0;
CString__CString(&ST0C_4_0, ST08_4_0);
ST08_4_0 = 9;
sub_40C660(v29, v12);
ST0C_4_0 = (int)"No licenses found!/n";
sub_4070C0(ST0C_4_0);
v33 = -1;
CString___CString(&v34);
}
}
LABEL_42:
ST0C_4_0 = (int)"End License checks/n/n";
sub_4070C0(ST0C_4_0);
return v3;
}
还用得着再说吗,IDA强大的功能使得脉络如此清楚,看它的图形视图的话更显得章节有素,上传图片太麻烦了,这里就不传了,siemense这个软件写得挺好的,思路和程序都很清晰,专业!