-
Notifications
You must be signed in to change notification settings - Fork 110
/
Copy pathmain.asm
1209 lines (1048 loc) · 45 KB
/
main.asm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
; +-----------------------------------------------------------------------+
; | |
; | This is a keygen for 010 Editor |
; | |
; | http://www.sweetscape.com/download/010editor/ |
; | |
; +-----------------------------------------------------------------------+
; +-----------------------------------------------------------------------+
; | |
; | *WARNING* |
; | |
; | FOR EDUCATIONAL PURPOSES ONLY |
; | |
; | I did it for fun ! |
; | IF YOU LIKE IT PLEASE BUY IT |
; | |
; +-----------------------------------------------------------------------+
; Boxes using ASCII Characters look beautiful :-)
; +-----------------------------------------------------------------------+
; | AUTHOR |
; +-----------------------------------------------------------------------+
; | _______ ____ ________ ________ ____ |
; | ___ __\ _ \______/_ / __ \___ ___/ __ \/_ | |
; | \ \/ / /_\ \_ __ \ \____ /\ \/ /\____ / | | |
; | > <\ \_/ \ | \/ | / / > < / / | | |
; | /__/\_ \\_____ /__| |___| /____/ /__/\_ \ /____/ |___| |
; | \/ \/ \/ |
; +-----------------------------------------------------------------------+
; The above ascii art is generated using http://patorjk.com/software/taag
; This Program is only 6260 bytes !
; I wrote the keygen first in C, using Visual Studio 2017
; The Binary Produced by Visual Studio is 68,608 Bytes
; So, I wrote it using Flat Assembler (FASM)
; Usage Instructions
; +-----------------------------------------------------------------------+
; | USAGE |
; +-----------------------------------------------------------------------+
; | |
; | 1. Download Flat Assembler (FASM) |
; | URL : https://flatassembler.net/download.php |
; | |
; | 2. Assemble the Source Code |
; | -> fasm [filename].asm |
; | |
; | 3. Execute the Executable File |
; | |
; +-----------------------------------------------------------------------+
; Format of the License Key generated by this program
; +-----------------------------------------------------------------------+
; | LICENSE FORMAT |
; +-----------------------------------------------------------------------+
; | |
; | The License Key is Formatted as follows |
; | AABB-CCDD-EEFF-GGHH-IIJJ |
; | 1. AA, BB, ..., JJ are Hexadecimal Values |
; | 2. DD is 0xAC |
; | 3. Any License can be valid for atmost 983 years |
; | |
; +-----------------------------------------------------------------------+
; +-----------------------------------------------------------------------+
; | LICENSE TYPES |
; +-----------------------------------------------------------------------+
; | |
; | 1. Single User License |
; | 2. N User License, where 1 < N < 1000 |
; | 3. 1000 User License (Site License) |
; | |
; +-----------------------------------------------------------------------+
; We Need to Execute in Windows SubSystem
;
; Win32 Template
; Written by x0r19x91
;
; Date : 22:47 29-08-2018
;
format PE GUI 6.0
entry initialize
include '\fasm\include\win32ax.inc'
macro init_dll dll_id, dll_name, [func_name]
{
common
label dll_id
.size = 0
.dll db dll_name, 0
label .functions
forward
.size = .size + 1
forward
dd func_name, fn#func_name
forward
label func_name dword
.str db `func_name, 0
forward
label fn#func_name dword
dd 0
}
macro push [reg] { forward push reg }
macro pop [reg] { reverse pop reg }
macro load_dll [dll_id]
{
forward
push ebx
push esi
push edx
local ..next, ..load_loop
..next:
mov eax, esp
invoke fnLoadLibraryEx, dll_id#.dll, 0, 0
mov esi, eax
xor ebx, ebx
..load_loop:
invoke fnGetProcAddress, esi, dword [dll_id#.functions+ebx*8]
mov edx, [dll_id#.functions+ebx*8+4]
mov [edx], eax
inc ebx
cmp ebx, dll_id#.size
jl ..load_loop
pop edx
pop esi
pop ebx
}
; +-----------------------------------------------------------------------+
; | |
; | Control Identifiers |
; | |
; +-----------------------------------------------------------------------+
IDD_MAIN_DIALOG = 1729
IDC_TEXT_NAME = 0x01
IDC_TEXT_USERS = 0x02
IDC_SPIN_USERS = 0x03
IDC_BTN_COPY = 0x04
IDC_BTN_CLRREG = 0x05
IDC_BTN_INFO = 0x06
IDC_LABEL_SERIAL = 0x07
IDC_DATE_DAYS = 0x0A
UDM_SETRANGE32 = 0x46f
GDTR_MIN = 0x001
GDTR_MAX = 0x002
LANGUAGE_ID = LANG_ENGLISH or SUBLANG_ENGLISH_US
FORMAT_FLAGS = FORMAT_MESSAGE_ALLOCATE_BUFFER \
or FORMAT_MESSAGE_FROM_STRING \
or FORMAT_MESSAGE_ARGUMENT_ARRAY
DELETE_FLAGS = 0x00010000 or KEY_QUERY_VALUE \
or KEY_ENUMERATE_SUB_KEYS
; +-----------------------------------------------------------------------+
; | |
; | Global Data |
; | |
; +-----------------------------------------------------------------------+
section '.data' data readable writeable
fnGetProcAddress dd 0
fnLoadLibraryEx dd 0
szMsgBoxTitle db 'Info', 0 ; Our Message Box Title
szHex db '0123456789ABCDEF' ; Hexadecimal translation table
szLicense rb 25 ; Stores the formatted license key
szBytes rb 10 ; Stores the raw bytes of license key
hHeap dd ? ; Handle to the heap of this process
hTextName dd ? ; Handle to text box labeled 'Name'
hTextUsers dd ? ; Handle to text box labeled 'Users'
hSpinUsers dd ? ; Handle to up-down control for 'Users'
hBtnCopy dd ? ; Handle to 'Copy' button
hBtnInfo dd ? ; Handle to 'Info' button
hBtnClr dd ? ; Handle to 'Clear Registry' button
hStaticSerial dd ? ; Handle to the label inside the 'License Info' frame
hDatePicker dd ? ; Handle to the date picker for license validity
sysCurrDate SYSTEMTIME ?
sysStartDate SYSTEMTIME ?
sysEndDate SYSTEMTIME 3000, 12, 3, 31, 23, 59, 59, 0
sysFileTime dq ?
;
; Declaring imports in a dll
; init_dll [dll_id], [dll_name], [function_1], [function_2], ...
;
; For Example
; init_dll user32, 'user32.dll', MessageBoxTimeoutA
; init_dll kernel32, 'kernel32.dll', ExitProcess
;
init_dll kernel32, 'kernel32.dll',\
FormatMessageA, ExitProcess, GlobalAlloc, GlobalLock,\
HeapAlloc, HeapFree, LocalFree, GetLocalTime,\
SystemTimeToFileTime, FileTimeToSystemTime,\
GlobalUnlock, FileTimeToLocalFileTime
init_dll advapi32, 'advapi32.dll',\
RegOpenKeyExA, RegDeleteTreeA, RegCloseKey, RegQueryValueExA
init_dll ntdll, 'ntdll.dll', NtQuerySystemTime
init_dll user32, 'user32.dll',\
SendMessageA, OpenClipboard, EmptyClipboard, GetDlgItem,\
SetClipboardData, CloseClipboard, DialogBoxIndirectParamA,\
PostQuitMessage, GetDlgItemInt, MessageBoxA
; Path to Registry Key for querying the existence of a registered user
; Also used for deleting the 'CLASSES' SubKey
szPath db 'SOFTWARE\SweetScape\010 Editor', 0
; Format String for displaying the registered user information
; when 'Info' button is clicked
szRegMsg db "Registered to '%1!s!'%nLicense Key: %2!s!", 0
szNameKey db 'Name', 0
szPassword db 'Password', 0
; Message to display when 010 Editor is Unregistered
szUnregistered db '010 Editor is currently UNREGISTERED !'
db 10
db 'Please Register it !', 0
; Message to display when 010 Editor is not installed
szNotInstalled db "You haven't yet installed 010 Editor !"
db 10, 10
db 'Download 010 Editor : http://www.sweetscape.com/download/010editor/', 0
szMessages dd szNotInstalled, szUnregistered
; Used for Calculating bytes at offset 4, 5, 6, 7 in the license key
rawBytes dd 969622712, 594890599, 1593930257, 1052452058, 890701766, 1677293387, 394424968
dd 266815521, 1532978959, 1211194088, 2019260265, 729421127, 953225874, 1117854514
dd 892543556, 2000911200, 514538256, 1400963072, 486675118, 1862498216, 1136668818
dd 758909582, 1653935295, 821063674, 888606944, 687085563, 890056597, 1513495898
dd 365692427, 184357836, 677395407, 863045227, 818746596, 391985767, 1842768403
dd 758385145, 1478392706, 1985112985, 1552765320, 746944881, 368385984, 1758203153
dd 1240817244, 660489060, 756944316, 1290697955, 844453952, 288239112, 1769473626
dd 1922176006, 826636519, 391520695, 1081548223, 1069693142, 1244729994, 766313326
dd 1101031894, 624951698, 14501479, 1794907983, 1460682958, 1660839647, 1104890686
dd 897721119, 1442187162, 480708164, 454443986, 1064446153, 1595150448, 1041527979
dd 1145775470, 1399869657, 255985995, 802693350, 2005610078, 1897360642, 2146073193
dd 1538606632, 431647857, 964049561, 395138253, 19164808, 856904574, 730737943
dd 708645054, 1506870658, 933323739, 819349658, 1780571206, 236747382, 533160167
dd 2042104933, 670325172, 2040165158, 1354372994, 705785180, 1669754395, 1066536508
dd 1426207888, 1437950089, 741941201, 796931522, 1694313338, 1290302874, 1367672048
dd 2039808424, 1062939821, 954597728, 1668694488, 859122242, 1369582617, 140269649
dd 53024683, 729221831, 816609203, 736893191, 55706320, 262747091, 1629838835, 581764799
dd 1488480625, 1607077349, 1879925846, 1453945819, 1521965565, 856558562, 1530662365
dd 1230847072, 1404918182, 1281256849, 1238970765, 272453753, 1640907491, 2127893021
dd 350314733, 556617458, 654390256, 1648581270, 531062411, 1862873022, 1241517385
dd 1471028336, 5121143, 1444839026, 1183580211, 1573659650, 2018540230, 1487873223
dd 234237236, 898254600, 1023090193, 728843548, 2007454357, 1451820833, 267351539
dd 302982385, 26807015, 865879122, 664886158, 195503981, 1625037691, 1330347906
dd 1742434311, 1330272217, 1645368040, 542321916, 1782121222, 411042851, 435386250
dd 1176704752, 1454246199, 1136813916, 1707755005, 224415730, 201138891, 989750331
dd 1006010278, 1147286905, 406860280, 840388503, 1282017578, 1605698145, 23396724
dd 862145265, 1898780916, 1855549801, 1571519230, 2083204840, 1859876276, 1602449334
dd 1009413590, 690816450, 86131931, 345661263, 1565025600, 857544170, 1329948960
dd 1211787679, 994381573, 991984748, 1956475134, 1098146294, 1655714289, 659576699
dd 689116467, 1485584392, 451884118, 255590636, 2108114754, 1266252396, 1589326471
dd 2019907768, 15552498, 1651075358, 614606175, 1656823678, 797605325, 1681594366
dd 2005080248, 624648446, 884695971, 1526931791, 1595240948, 439447199, 2060396292
dd 680093752, 409028215, 469068267, 195583689, 1791650630, 507724330, 1364025102
dd 1094582668, 813049577, 32316922, 1240756058, 1176200235, 2104494066, 325396055
dd 1796606917, 1709197385, 525495836, 1510101430, 735526761, 767523533, 1374043776
dd 1559389967, 567085571, 1560216161, 867042846, 1001796703, 1568754293, 628841972
dd 173812827, 379868455, 384973125
; Template for dialog box
tmpDialog dd DS_SETFONT or DS_FIXEDSYS or WS_CAPTION or WS_SYSMENU
dd 0
dw 13
dw 100, 100, 260, 114
align 2
dw 0
dw 0
du '010 Editor KeyGen', 0
dw 8
du 'MS Shell Dlg 2', 0
align 4
dd ES_LEFT+ES_AUTOHSCROLL+WS_CHILD+WS_VISIBLE+WS_BORDER+WS_TABSTOP
dd 0
dw 34,12,69,12
dw IDC_TEXT_NAME
dw -1, 0x81
dw 0, 0
align 4
dd WS_VISIBLE+WS_TABSTOP
dd 0
dw 153,23,90,14
dw IDC_DATE_DAYS
du 'SysDateTimePick32', 0
dw 0, 0
align 4
dd ES_LEFT+ES_AUTOHSCROLL+WS_CHILD+WS_VISIBLE+WS_BORDER+WS_TABSTOP+ES_NUMBER
dd 0
dw 34,32,60,14
dw IDC_TEXT_USERS
dw -1, 0x81
dw 0, 0
align 4
dd WS_CHILD or WS_VISIBLE or WS_TABSTOP or BS_PUSHBUTTON
dd 0
dw 72,93,50,14
dw IDC_BTN_COPY
du -1, 0x80
du 'Copy', 0
dw 0
align 4
dd WS_CHILD or WS_VISIBLE or WS_TABSTOP or BS_PUSHBUTTON
dd 0
dw 203,93,50,14
dw IDC_BTN_INFO
du -1, 0x80
du 'Info', 0
dw 0
align 4
dd WS_CHILD or WS_VISIBLE or WS_TABSTOP or BS_PUSHBUTTON
dd 0
dw 7,93,59,14
dw IDC_BTN_CLRREG
du -1, 0x80
du 'Clear Registry', 0
dw 0
align 4
dd SS_LEFT+WS_CHILD+WS_VISIBLE+WS_GROUP
dd 0
dw 7,15,19,8
dw -1
du -1, 0x82
du 'Name', 0
dw 0
align 4
dd SS_LEFT+WS_CHILD+WS_VISIBLE+WS_GROUP
dd 0
dw 7,35,19,8
dw -1
du -1, 0x82
du 'Users', 0
dw 0
align 4
dd UDS_SETBUDDYINT+UDS_ARROWKEYS+WS_CHILD+WS_VISIBLE
dd 0
dw 93,32,12,14
dw IDC_SPIN_USERS
du 'msctls_updown32', 0
dw 0, 0
align 4
dd BS_GROUPBOX+WS_CHILD+WS_VISIBLE
dd 0
dw 7,50,245,36
dw -1
du -1, 0x80
du 'License Info', 0
dw 0
align 4
dd SS_CENTER+WS_CHILD+WS_VISIBLE+WS_GROUP
dd 0
dw 70,64,120,12
dw IDC_LABEL_SERIAL
du -1, 0x82
dw 0, 0
align 4
dd BS_GROUPBOX+WS_CHILD+WS_VISIBLE
dd 0
dw 109,11,143,34
dw -1
du -1, 0x80
du 'Validity', 0
dw 0
align 4
dd SS_LEFT+WS_CHILD+WS_VISIBLE+WS_GROUP
dd 0
dw 117,26,29,8
dw -1
du -1, 0x82
du 'End Date', 0
dw 0
; +-----------------------------------------------------------------------+
; | |
; | Text Section |
; | |
; +-----------------------------------------------------------------------+
section '.text' code executable
GET_PROC_ADDRESS = 0x8f900864
LOAD_LIBRARY = 0x00635164
KERNEL32_HASH = 0x29A1244C
jenkins_hash:
push ebx
xor eax, eax
@@:
movzx ebx, byte [esi]
or bl, bl
jz @f
add eax, ebx
mov ebx, eax
shl ebx, 10
add eax, ebx
mov ebx, eax
shr ebx, 6
xor eax, ebx
inc esi
jmp @b
@@:
mov ebx, eax
shl ebx, 3
add eax, ebx
mov ebx, eax
shr ebx, 11
xor eax, ebx
mov ebx, eax
shl ebx, 15
add eax, ebx
pop ebx
ret
hash:
push ebx
xor eax, eax
sub esi, 2
@@:
inc esi
inc esi
movzx ebx, word [esi]
or ebx, ebx
jz .ret
ror eax, 9
xor eax, ebx
cmp ebx, 0x61
jl @b
cmp ebx, 0x7b
jge @b
xor eax, ebx
sub ebx, 0x20
xor eax, ebx
jmp @b
.ret:
pop ebx
ret
initialize:
mov eax, [fs:0x30]
mov eax, [eax+12]
mov ebx, [eax+0x1c]
.find:
mov esi, [ebx+0x20]
call hash
cmp eax, KERNEL32_HASH
jz .found
mov ebx, [ebx]
jmp .find
.found:
mov ebx, [ebx+8]
mov eax, [ebx+0x3c]
mov eax, [eax+ebx+24+96]
add eax, ebx
push eax
mov ecx, [eax+24]
mov ebp, [eax+32] ; name table
mov edx, [eax+36] ; ordinal table
add edx, ebx
add ebp, ebx
xor edi, edi
.search_loop:
mov esi, [ebp]
add esi, ebx
call jenkins_hash
cmp eax, LOAD_LIBRARY
jnz .is_proc_addr
inc edi
movzx eax, word [edx]
mov [fnLoadLibraryEx], eax
jmp .next_func
.is_proc_addr:
cmp eax, GET_PROC_ADDRESS
jnz .next_func
inc edi
movzx eax, word [edx]
mov [fnGetProcAddress], eax
.next_func:
add edx, 2
add ebp, 4
cmp edi, 2
jz @f
dec ecx
jnz .search_loop
@@:
pop edi
mov edx, [edi+28]
add edx, ebx
mov eax, [fnLoadLibraryEx]
mov ecx, [edx+eax*4]
add ecx, ebx
mov [fnLoadLibraryEx], ecx
mov eax, [fnGetProcAddress]
mov ecx, [edx+eax*4]
add ecx, ebx
mov [fnGetProcAddress], ecx
jmp main
; +-----------------------------------------------------------------------+
; | |
; | Function : to_upper |
; | Arguments : %bl |
; | %bl -> Character (0 - 255) |
; | Returns : %bl |
; | |
; +-----------------------------------------------------------------------+
; | |
; | Convert a lowercase character in %bl to its uppercase equivalent |
; | |
; +-----------------------------------------------------------------------+
to_upper:
cmp bl, 97
jl @f
cmp bl, 122
jg @f
sub ebx, 32
@@:
ret
; +-----------------------------------------------------------------------+
; | |
; | Function : get_last_block |
; | Arguments : %edi, %esi, %edx |
; | %edi -> Pointer to a String |
; | %esi -> # days left for license to become invalid |
; | %edx -> # Users |
; | Returns : %eax |
; | |
; +-----------------------------------------------------------------------+
; | |
; | Computes EE, FF, GG, HH and returns 0xHHGGFFEE |
; | See @LICENSE FORMAT above |
; | |
; +-----------------------------------------------------------------------+
get_last_block:
push ebx
push ecx
xor ebx, ebx
mov ecx, esi
shl ecx, 4
lea esi, [esi+ecx]
mov ecx, edx
shl edx, 4
neg ecx
lea edx, [edx+ecx]
mov ecx, ebx
mov eax, ebx
@@:
movzx ebx, byte [edi]
or bl, bl
jz @f
call to_upper
add eax, [rawBytes+ebx*4]
xor eax, [rawBytes+ebx*4+52]
imul eax, [rawBytes+ebx*4+188]
mov ebx, esi
movzx ebx, bl
add eax, [rawBytes+ebx*4]
mov ebx, edx
movzx ebx, bl
add eax, [rawBytes+ebx*4]
mov ebx, ecx
movzx ebx, bl
add eax, [rawBytes+ebx*4]
lea ecx, [ecx+19]
lea esi, [esi+9]
lea edx, [edx+13]
inc edi
jmp @b
@@:
pop ecx
pop ebx
ret
; +-----------------------------------------------------------------------+
; | |
; | Function : get_days |
; | Arguments : %edi |
; | %edi -> # days left for license to become invalid |
; | Returns : %eax |
; | |
; +-----------------------------------------------------------------------+
; | |
; | Computes the following |
; | |
; | M = 0x1845c8a0ce512957 |
; | T = _time64(0) |
; | M *= _mktime64(_localtime64(&T)) |
; | M >>= 77 |
; | return M |
; | |
; | i.e., |
; | return mktime64(_localtime64(&T)) / 86400 |
; | which is the number of days since January 1, 1970 at 00:00 |
; | |
; +-----------------------------------------------------------------------+
get_days:
push ebx
push eax
push eax
lea ebx, [esp]
push eax
push eax
invoke fnNtQuerySystemTime, ebx
invoke fnFileTimeToLocalFileTime, ebx, esp
pop eax
pop edx
pop ebx
pop ebx
shrd eax, edx, 14
shr edx, 14
mov ebx, 0x324a9a7
div ebx
xor edx, edx
lea eax, [eax+edi-134774]
pop ebx
ret
; +-----------------------------------------------------------------------+
; | |
; | Function : generate_license_key |
; | Arguments : %edi, %esi, %edx |
; | %edi -> Pointer to String (User Name) |
; | %esi -> Number of Users |
; | %edx -> Number of Years of Validity |
; | Return : none |
; | |
; +-----------------------------------------------------------------------+
; | |
; | Computes the License Key bytes in 'szBytes' array |
; | and the formatted license key in 'szLicense' array |
; | |
; +-----------------------------------------------------------------------+
generate_license_key:
push edi
push esi
push edx
push ebx
push ecx
mov edi, edx
call get_days
mov ecx, eax
mov ebx, 17
imul ebx
xor eax, 0xE53167
add eax, 0x2C175
xor eax, 0x794c5f
mov ebx, esi
imul ebx, 11
xor ebx, 0x3421
sub ebx, 0x4D30
xor ebx, 0x7892
mov edi, [esp+16]
mov esi, ecx
mov edx, [esp+12]
push eax
call get_last_block
mov ecx, ebx
pop edx
push ebx
mov [szBytes+3], 0xAC
mov [szBytes+4], al
mov ebx, edx
xor bh, al
mov [szBytes+8], bh
mov [szBytes+5], ah
bswap edx
xor dh, ah
mov [szBytes+9], dh
pop ebx
xor cl, ah
mov [szBytes+2], cl
bswap eax
mov [szBytes+6], ah
mov ecx, edx
bswap ecx
xor cl, ah
mov [szBytes], cl
mov [szBytes+7], al
xor bh, al
mov [szBytes+1], bh
mov eax, '----'
mov edi, szLicense
stosd
stosd
stosd
stosd
stosd
stosd
xor ebx, ebx
sub edi, 24
@@:
xor edx, edx
movzx edx, [szBytes+ebx]
mov ecx, edx
shr dl, 4
mov ah, [szHex+edx]
and cl, 0xf
mov al, [szHex+ecx]
inc ebx
shl eax, 16
movzx edx, [szBytes+ebx]
mov ecx, edx
shr dl, 4
mov ah, [szHex+edx]
and cl, 0xf
mov al, [szHex+ecx]
bswap eax
stosd
inc edi
inc ebx
cmp ebx, 10
jl @b
pop ecx
pop ebx
pop edx
pop esi
pop edi
ret
; +-----------------------------------------------------------------------+
; | |
; | Called when the 'Copy' button is clicked |
; | |
; | Copies the displayed license key to clipboard |
; | |
; +-----------------------------------------------------------------------+
copy_license:
invoke fnSendMessageA, [hStaticSerial], WM_GETTEXTLENGTH, 0, 0
and eax, eax
jz .ret
push ebx
push esi
inc eax
mov ebx, eax
invoke fnOpenClipboard, ebp
invoke fnEmptyClipboard
invoke fnGlobalAlloc, GHND, ebx
mov esi, eax
invoke fnGlobalLock, eax
push eax
invoke fnSendMessageA, [hStaticSerial], WM_GETTEXT, ebx, eax
call [fnGlobalUnlock]
invoke fnSetClipboardData, CF_TEXT, esi
invoke fnCloseClipboard
pop esi
pop ebx
.ret:
mov eax, 1
ret
; +-----------------------------------------------------------------------+
; | |
; | WM_CLOSE Event Handler |
; | |
; +-----------------------------------------------------------------------+
on_close:
invoke fnPostQuitMessage, 0
jmp copy_license.ret
; +-----------------------------------------------------------------------+
; | |
; | WM_INITDIALOG Event Handler |
; | |
; +-----------------------------------------------------------------------+
on_init_dialog:
mov eax, [fs:0x30]
mov eax, [eax+0x18]
mov [hHeap], eax
invoke fnGetLocalTime, sysCurrDate
mov edi, sysFileTime
invoke fnSystemTimeToFileTime, sysCurrDate, edi
add dword [edi], 0x2a69c000
adc dword [edi+4], 0xc9
invoke fnFileTimeToSystemTime, edi, sysStartDate
; Store the Handles of the required controls
invoke fnGetDlgItem, ebp, IDC_TEXT_NAME
mov [hTextName], eax
invoke fnGetDlgItem, ebp, IDC_TEXT_USERS
mov [hTextUsers], eax
invoke fnGetDlgItem, ebp, IDC_SPIN_USERS
mov [hSpinUsers], eax
invoke fnGetDlgItem, ebp, IDC_LABEL_SERIAL
mov [hStaticSerial], eax
invoke fnGetDlgItem, ebp, IDC_BTN_COPY
mov [hBtnCopy], eax
invoke fnGetDlgItem, ebp, IDC_BTN_INFO
mov [hBtnInfo], eax
invoke fnGetDlgItem, ebp, IDC_BTN_CLRREG
mov [hBtnClr], eax
invoke fnGetDlgItem, ebp, IDC_DATE_DAYS
mov [hDatePicker], eax
invoke fnSendMessageA, [hSpinUsers], UDM_SETBUDDY, [hTextUsers], 0
invoke fnSendMessageA, [hSpinUsers], UDM_SETRANGE32, 1, 0x3e8
invoke fnSendMessageA, [hSpinUsers], UDM_SETPOS, 0, 1
invoke fnSendMessageA, [hTextUsers], EM_SETLIMITTEXT, 4, 0
invoke fnSendMessageA, [hDatePicker], DTM_SETRANGE, 3, sysStartDate
call $+22
db 'ddd, MMM d, yyyy', 0
invoke fnSendMessageA, [hDatePicker], DTM_SETFORMAT, 0
; Prefer short jumps :-)
jmp clear_license_display.ret
; +-----------------------------------------------------------------------+
; | |
; | Clear the contents of the label that displays the license key |
; | EFLAGS.CF indicates whether memory is allocated from heap |
; | If so, we need to free it |
; | |
; +-----------------------------------------------------------------------+
clear_license_display:
jnc @f
invoke fnHeapFree, [hHeap], 0, edi
@@:
lea eax, [szLicense+24]
invoke fnSendMessageA, [hStaticSerial], WM_SETTEXT, 0, eax
.ret:
mov eax, 1
ret
; +-----------------------------------------------------------------------+
; | |
; | EN_CHANGE Event Handler |
; | |
; +-----------------------------------------------------------------------+
update_license_key:
invoke fnSendMessageA, [hTextName], WM_GETTEXTLENGTH, 0, 0
or eax, eax
clc
; ---------------------------------------------
; Is the Number of Characters in UserName = 0 ?
; ---------------------------------------------
jz clear_license_display
inc eax
mov esi, eax
; -----------------------------------------
; Allocate Len(username)+1 bytes from heap
; -----------------------------------------
invoke fnHeapAlloc, [hHeap], HEAP_ZERO_MEMORY, eax
or eax, eax
stc
; --------------------
; Allocation Failed ?
; --------------------
jz clear_license_display
mov edi, eax
invoke fnSendMessageA, [hTextName], WM_GETTEXT, esi, eax
invoke fnGetDlgItemInt, ebp, IDC_TEXT_USERS, NULL, FALSE
mov ebx, eax
invoke fnSendMessageA, [hDatePicker], DTM_GETSYSTEMTIME, 0, sysStartDate
test eax, eax
stc
js clear_license_display
; -------------------------------------------
; Check Whether 1 <= Number of Users <= 1000
; -------------------------------------------
cmp ebx, 1
jl clear_license_display
cmp ebx, 1000
jg clear_license_display
; Get The Number of Days from the Selected Date
push edi
invoke fnSystemTimeToFileTime, sysStartDate, sysFileTime
mov esi, dword [sysFileTime]
mov edi, dword [sysFileTime+4]
invoke fnSystemTimeToFileTime, sysCurrDate, sysFileTime
sub esi, dword [sysFileTime]
sbb edi, dword [sysFileTime+4]
add esi, 0x2a69c000
adc edi, 0xc9
shrd esi, edi, 14
shr edi, 14
mov eax, esi
mov edx, edi
mov edi, 0x324a9a7
div edi
pop edi
mov esi, ebx
mov edx, eax
; -------------------------------------------------
; All parameters are valid, generate license key
; and display it
; -------------------------------------------------
call generate_license_key
invoke fnSendMessageA, [hStaticSerial], WM_SETTEXT, 0, szLicense
; -----------------------------------------------
; Free the memory allocated for storing username
; -----------------------------------------------
invoke fnHeapFree, [hHeap], 0, edi
jmp on_notify.ret
; +-----------------------------------------------------------------------+
; | |
; | WM_NOTIFY Event Handler |
; | |
; +-----------------------------------------------------------------------+
on_notify:
mov eax, [esp+12]
cmp eax, IDC_DATE_DAYS
; Is WM_NOTIFY sent by the Date Picker Control ?
jnz on_notify.ret
mov eax, [esp+16]
mov eax, [eax+8]
cmp eax, DTN_DATETIMECHANGE
; Selected Date changed ?
jz update_license_key
.ret:
mov eax, 1