西门子insight3.10,insight3.11,insight3.09破解(Siemens楼宇自控系统APOGEE Insight)

     (补丁的使用方法补充到http://blog.csdn.net/zhw309/article/details/7357243    )  

     一朋友再搞建筑智能化方面的,说想学习西门子insight3.10软件,公司的狗又不能外借,让我帮忙看看。

     上网仔细搜索该软件的信息,西门子智能楼宇软件insight3.10用的竟然是圣天诺(sentinel)狗,那好吧,两者都没接触过,正好来好好学习学习。

      载入ollydbg,弹出的提醒没有序列号的消息框"There are no Base or Advanced license available,……",按暂停,由此来定位出程序校验序列号的大概地方。可得到0x41b080即为此校验函数,经过多次跟踪后,由IDA可得出如下较清晰的逻辑:

  signed int __fastcall CheckLicenses_zhw(int a1)
{
  const char *ST50_4_0; // ST50_4@0
  char *ST54_4_0; // ST54_4@0
  int ST58_4_0; // ST58_4@0
  int v4; // ecx@1
  int v5; // esi@1
  int v6; // ST54_4@1
  int v7; // ST58_4@1
  void *v8; // ST54_4@3
  unsigned __int32 v9; // ST58_4@3
  HRESULT v11; // eax@14
  unsigned int v12; // ST54_4@14
  unsigned int v13; // ST58_4@14
  int v14; // ST58_4@17
  int v15; // eax@18
  int v16; // ST50_4@20
  int v17; // ST54_4@20
  int v18; // ST58_4@20
  const CHAR *v19; // ST50_4@22
  int v20; // ST54_4@22
  unsigned int v21; // ST58_4@22
  const CHAR *v22; // ST54_4@29
  unsigned int v23; // ST58_4@29
  int v24; // eax@31
  int v25; // eax@32
  int v26; // eax@37
  int v27; // ST58_4@40
  UINT v28; // ST58_4@41
  void *v29; // eax@42
  int v30; // ST58_4@42
  void *v31; // ST58_4@44
  char v32; // al@45
  int v33; // ecx@53
  void *v34; // eax@55
  int v35; // ST58_4@55
  const char *v36; // ST50_4@57
  unsigned int v37; // ST54_4@57
  void *v38; // ST58_4@57
  char v39; // al@58
  int v40; // ecx@65
  void *v41; // eax@67
  int v42; // ST50_4@67
  int v43; // ST54_4@67
  unsigned int v44; // ST58_4@67
  int v45; // eax@68
  const CHAR *v46; // ST50_4@69
  const CHAR *v47; // ST54_4@69
  int v48; // ST58_4@69
  UINT v49; // ST58_4@70
  void *v50; // eax@71
  int v51; // ST58_4@71
  void *v54; // ST58_4@73
  char v55; // al@74
  void *v56; // eax@78
  char v58; // al@81
  UINT v59; // ST50_4@87
  int v60; // ST54_4@87
  int v61; // ST58_4@87
  int v62; // eax@88
  int v63; // ebp@90
  int v64; // ST54_4@90
  const char *v65; // ST58_4@90
  int v66; // ecx@93
  int v67; // ecx@97
  WPARAM v68; // ST54_4@97
  __int32 v69; // ST58_4@97
  char *v70; // ecx@99
  WPARAM v71; // ST54_4@99
  LPARAM v72; // ST58_4@99
  int v73; // ecx@101
  UINT v74; // ST50_4@101
  WPARAM v75; // ST54_4@101
  __int32 v76; // ST58_4@101
  int v77; // ecx@107
  UINT v78; // ST50_4@107
  WPARAM v79; // ST54_4@107
  __int32 v80; // ST58_4@107
  int v81; // ecx@108
  int v82; // eax@109
  HWND v83; // ST4C_4@111
  int v84; // ecx@112
  int v85; // ST54_4@112
  int v87; // eax@5
  const char *v88; // ecx@6
  const char *v89; // ST50_4@13
  unsigned int v90; // ST54_4@13
  unsigned int v91; // ST58_4@13
  void *v92; // eax@17
  int v93; // ecx@20
  const char *v94; // ecx@20
  const char *v95; // ecx@22
  void *v96; // eax@24
  void *v97; // eax@26
  int v98; // ST58_4@29
  int v99; // ST58_4@38
  int v100; // edx@67
  int v101; // ecx@69
  char *v102; // ecx@69
  int v103; // eax@69
  char *v104; // ecx@87
  const char *v105; // ecx@87
  int v106; // ST58_4@90
  int v107; // ST54_4@90
  int v108; // ST58_4@90
  int v109; // ST54_4@90
  int v110; // ST58_4@90
  int v111; // ST58_4@90
  int v112; // ST54_4@90
  int v113; // ST58_4@90
  int v114; // ST58_4@90
  int v115; // ST54_4@90
  int v116; // ST58_4@90
  int v117; // ST58_4@90
  int v118; // ST54_4@90
  int v119; // ST58_4@90
  int v120; // ST58_4@90
  int v121; // ST58_4@90
  int v122; // ST58_4@90
  int v123; // ST58_4@90
  int v124; // eax@90
  int v125; // ebx@90
  int v126; // ST58_4@90
  int v127; // eax@90
  int v128; // ST58_4@90
  const char *v129; // ST54_4@93
  const char *v130; // ST50_4@93
  int v131; // eax@93
  int v132; // ST4C_4@93
  int v133; // eax@93
  int v134; // eax@93
  int v135; // eax@98
  int v136; // eax@100
  int v137; // eax@104
  int v138; // eax@111
  int v139; // eax@114
  char v140; // [sp+8Ch] [bp-D8h]@1
  signed int v141; // [sp+160h] [bp-4h]@1
  int (__stdcall **v142)(char, int, int, int); // [sp+C0h] [bp-A4h]@1
  void *v143; // [sp+6Ch] [bp-F8h]@1
  void *v144; // [sp+74h] [bp-F0h]@2
  char v145; // [sp+9Ch] [bp-C8h]@3
  signed int v146; // [sp+A8h] [bp-BCh]@6
  char *v147; // [sp+70h] [bp-F4h]@13
  char v148; // [sp+80h] [bp-E4h]@22
  char v149; // [sp+88h] [bp-DCh]@22
  int v150; // [sp+BCh] [bp-A8h]@22
  char v151; // [sp+98h] [bp-CCh]@29
  char *v152; // [sp+94h] [bp-D0h]@29
  char v153; // [sp+154h] [bp-10h]@38
  char v154; // [sp+F0h] [bp-74h]@38
  char v155; // [sp+150h] [bp-14h]@38
  LPCSTR lpCaption; // [sp+78h] [bp-ECh]@40
  LPCSTR lpText; // [sp+7Ch] [bp-E8h]@40
  char v158; // [sp+ACh] [bp-B8h]@42
  int v159; // [sp+B0h] [bp-B4h]@44
  char v160; // [sp+84h] [bp-E0h]@90

  v5 = a1;
  CAfwReg__CAfwReg(&v140);
  v141 = 0;
  CAfwIPC__CAfwIPC(&v142);
  v142 = &off_43B198;
  ST58_4_0 = v4;
  v143 = &ST58_4_0;
  ST54_4_0 = "main";
  LOBYTE(v141) = 1;
  CString__CString(&ST58_4_0, ST54_4_0);
  if ( CAfwIPC__AppRuns(&v142, ST58_4_0) )
  {
    ST58_4_0 = 30;
    ST54_4_0 = (char *)10;
    ST50_4_0 = (const char *)v4;
    v144 = &ST50_4_0;
    CString__CString(&ST50_4_0, NewItem);
    CAfwIPC__NavigateTo(&v142, &v144, "main", 0, 0, ST50_4_0, v6, v7);
Program_End_zhw:
    LOBYTE(v141) = 0;
    CAfwIPC___CAfwIPC(&v142);
    v141 = -1;
    CAfwReg___CAfwReg(&v140);
    return 0;
  }
  ST58_4_0 = 0;
  ST54_4_0 = &NewItem[1076];
  CSingleLock__CSingleLock(&v145, v6, v7);
  ST58_4_0 = 50;
  LOBYTE(v141) = 2;
  if ( !CSingleLock__Lock(&v145, v9) )
  {
    LOBYTE(v141) = 1;
    CSingleLock__Unlock(&v145);
    LOBYTE(v141) = 0;
    CAfwIPC___CAfwIPC(&v142);
    v141 = -1;
    CAfwReg___CAfwReg(&v140);
    return 0;
  }
  v87 = *(_DWORD *)(v5 + 520);
  *(_DWORD *)(v5 + 512) = 1;
  if ( !v87 )
  {
    ST58_4_0 = (int)&v146;
    ST54_4_0 = (char *)&v146;
    v143 = &ST54_4_0;
    ST50_4_0 = "Type";
    CString__CString(&ST54_4_0, ST50_4_0);
    ST50_4_0 = v88;
    LOBYTE(v141) = 3;
    v144 = &ST50_4_0;
    CString__CString(&ST50_4_0, "Setup//SoftwareProtection");
    LOBYTE(v141) = 2;
    if ( CAfwReg__GetSystemValue(&v140, -2147483646, ST50_4_0, v8, v9) )
    {
      if ( v146 != 1 )
      {
        ST58_4_0 = 0;
        ST54_4_0 = 0;
        ST50_4_0 = "This is not Commissioning Tool.";
        AfxMessageBox(ST50_4_0, (unsigned int)v8, v9);
        LOBYTE(v141) = 1;
        CSingleLock__Unlock(&v145);
        goto Program_End_zhw;
      }
    }
  }
  CAfwWinApp__InitInstance(v5);
  if ( !*(_DWORD *)(v5 + 520) )
  {
    if ( *(_DWORD *)(v5 + 524) )
    {
      ST58_4_0 = 0;
      ST54_4_0 = 0;
      ST50_4_0 = (const char *)Maybe_Sleep_zhw;
      if ( beginthread(ST50_4_0, v8, v9) == -1 )
      {
        CString__CString(&v147);
        LOBYTE(v141) = 4;
        ST58_4_0 = GetLastError();
        ST54_4_0 = "Failed to start CT thread: %d";
        ST50_4_0 = (const char *)&v147;
        CString__Format(ST50_4_0, v8, v9);
        ST58_4_0 = 0;
        ST54_4_0 = 0;
        ST50_4_0 = v147;
        AfxMessageBox(v89, v90, v91);
        LOBYTE(v141) = 2;
        CString___CString(&v147);
        LOBYTE(v141) = 1;
        CSingleLock__Unlock(&v145);
        LOBYTE(v141) = 0;
        CAfwIPC___CAfwIPC(&v142);
        v141 = -1;
        CAfwReg___CAfwReg(&v140);
        return 0;
      }
    }
  }
  ST58_4_0 = 0;
  ST54_4_0 = 0;
  v11 = CoInitializeEx(v8, v9);
  if ( v11 != -2147417850 && v11 )
  {
    ST58_4_0 = 0;
    ST54_4_0 = 0;
    ST50_4_0 = "Could not initialize COM";
    AfxMessageBox(ST50_4_0, v12, v13);
    LOBYTE(v141) = 1;
    CSingleLock__Unlock(&v145);
    LOBYTE(v141) = 0;
    CAfwIPC___CAfwIPC(&v142);
    v141 = -1;
    CAfwReg___CAfwReg(&v140);
    return 0;
  }
  ST58_4_0 = 128;
  v92 = operator new(v13);
  v143 = v92;
  LOBYTE(v141) = 5;
  if ( v92 )
    v15 = sub_407120();
  else
    v15 = 0;
  LOBYTE(v141) = 2;
  *(_DWORD *)(v5 + 560) = v15;
  maybe_important_zhw();
  ST58_4_0 = v93;
  v143 = &ST58_4_0;
  ST54_4_0 = NewItem;
  CString__CString(&ST58_4_0, v12);
  ST54_4_0 = (char *)128;
  ST50_4_0 = v94;
  v144 = &ST50_4_0;
  LOBYTE(v141) = 6;
  CString__CString(&ST50_4_0, "main");
  LOBYTE(v141) = 2;
  if ( !CAfwWinApp__LoadLanguageDLLs(v5, ST50_4_0, v17, v14) )
  {
    LOBYTE(v141) = 1;
    CSingleLock__Unlock(&v145);
    LOBYTE(v141) = 0;
    CAfwIPC___CAfwIPC(&v142);
    v141 = -1;
    CAfwReg___CAfwReg(&v140);
    return 0;
  }
  CString__CString(&v148);
  LOBYTE(v141) = 7;
  ST58_4_0 = *(_DWORD *)(AfxGetModuleState() + 4) + 476;
  CString__operator_(&v148, v18);
  CString__CString(&v149);
  LOBYTE(v141) = 8;
  ST58_4_0 = (int)&v150;
  ST54_4_0 = (char *)&v150;
  v143 = &ST54_4_0;
  ST50_4_0 = "SplashScreenDisabled";
  CString__CString(&ST54_4_0, v16);
  ST50_4_0 = v95;
  v144 = &ST50_4_0;
  LOBYTE(v141) = 9;
  CString__CString(&ST50_4_0, &v148);
  LOBYTE(v141) = 8;
  if ( CAfwReg__GetAppValue(&v140, -2147483646, v19, v17, v21) )
  {
    if ( v150 )
      goto LABEL_29;
    ST58_4_0 = 124;
    v96 = operator new(v21);
    v143 = v96;
    LOBYTE(v141) = 10;
    if ( v96 )
      goto LABEL_27;
  }
  else
  {
    ST58_4_0 = 124;
    v97 = operator new(v21);
    v143 = v97;
    LOBYTE(v141) = 11;
    if ( v97 )
    {
LABEL_27:
      ST58_4_0 = 0;
      ST54_4_0 = 0;
      ST50_4_0 = (const char *)3000;
      Maybe_CSplash_Thread_zhw(172, v19, v20, v21);
      goto LABEL_28;
    }
  }
LABEL_28:
  LOBYTE(v141) = 8;
LABEL_29:
  ST58_4_0 = *(_DWORD *)(*(_DWORD *)(AfxGetModuleState() + 4) + 116);
  CString__CString(&v151, v21);
  LOBYTE(v141) = 12;
  ST58_4_0 = *(_DWORD *)(*(_DWORD *)(AfxGetModuleState() + 4) + 140);
  CString__CString(&v152, v98);
  LOBYTE(v141) = 13;
  CString__MakeLower(&v151);
  CString__MakeLower(&v152);
  ST58_4_0 = (int)"main";
  ST54_4_0 = v152;
  mbscmp(v20, v98);
  ST58_4_0 = (int)"/test";
  if ( CString__Find(&v151, v23) >= 0 )
    *(_DWORD *)(v5 + 528) = 1;
  v24 = *(_DWORD *)(v5 + 520);
  if ( v24 )
  {
    v25 = v24 - 1;
    if ( v25 )
    {
      if ( v25 == 1 )
      {
        ST58_4_0 = *(_DWORD *)(v5 + 528);
        Maybe_GetComputerNameSBT_DMA_zhw(v23);
      }
    }
    else
    {
      Maybe_GetWorkstationVerboseProductNameString();
    }
  }
  else
  {
    ST58_4_0 = *(_DWORD *)(v5 + 528);
    Maybe_GetComputerNameSBT_Commission_zhw(v23);
  }
  Maybe_CAfwReg_SetAppValue_zhw(); //这里出错了
  v26 = Maybe_Check_Zero_zhw();
  if ( !v26 )
  {
    ST58_4_0 = v26;
    sub_4278F0(v23);
    LOBYTE(v141) = 14;
    ST58_4_0 = sub_40C470();
    CString__operator_(&v153, v99);
    CDialog__DoModal(&v154);
    LOBYTE(v141) = 16;
    CString___CString(&v153);
    LOBYTE(v141) = 15;
    CString___CString(&v155);
    LOBYTE(v141) = 13;
    CDialog___CDialog(&v154);
    LOBYTE(v141) = 12;
    CString___CString(&v152);
    LOBYTE(v141) = 8;
    CString___CString(&v151);
    LOBYTE(v141) = 7;
    CString___CString(&v149);
    LOBYTE(v141) = 2;
    CString___CString(&v148);
    LOBYTE(v141) = 1;
    CSingleLock__Unlock(&v145);
    LOBYTE(v141) = 0;
    CAfwIPC___CAfwIPC(&v142);
    v141 = -1;
    CAfwReg___CAfwReg(&v140);
    return 0;
  }
  if ( !Maybe_Check_Zero1_zhw() )
  {
    CString__CString(&lpCaption);
    LOBYTE(v141) = 17;
    CString__CString(&lpText);
    ST58_4_0 = (int)&lpText;
    LOBYTE(v141) = 18;
    sub_40E210(v23);
    if ( *(_DWORD *)(v5 + 520) == 2 )
    {
      ST58_4_0 = 161;
      CString__LoadStringA(&lpCaption, v27);
    }
    else
    {
      CAfwString__CAfwString(&v147);
      ST58_4_0 = (int)&v158;
      LOBYTE(v141) = 19;
      v29 = *(void **)(GetWorkstationVerboseProductNameString(v27) + 4);
      LOBYTE(v141) = 20;
      if ( !v29 )
        v29 = _C;
      ST58_4_0 = (int)v29;
      ST54_4_0 = (char *)61216;
      ST50_4_0 = (const char *)&v147;
      CAfwString__SubstituteHolders(v19, v22, v30);
      LOBYTE(v141) = 19;
      if ( v159 )
      {
        v32 = *(_BYTE *)(v159 - 1);
        if ( v32 && v32 != -1 )
        {
          *(_BYTE *)(v159 - 1) = v32 - 1;
        }
        else
        {
          ST58_4_0 = v159 - 1;
          operator delete(v31);
        }
      }
      ST58_4_0 = (int)&v147;
      CString__operator_(&lpCaption, v28);
      LOBYTE(v141) = 18;
      CString___CString(&v147);
    }
    ST58_4_0 = 16;
    ST54_4_0 = (char *)lpCaption;
    ST50_4_0 = lpText;
    MessageBoxA(0, v19, v22, v28);
    LOBYTE(v141) = 17;
    CString___CString(&lpText);
    LOBYTE(v141) = 13;
    CString___CString(&lpCaption);
    LOBYTE(v141) = 12;
    CString___CString(&v152);
    LOBYTE(v141) = 8;
    CString___CString(&v151);
    LOBYTE(v141) = 7;
    CString___CString(&v149);
    LOBYTE(v141) = 2;
    CString___CString(&v148);
    LOBYTE(v141) = 1;
    CSingleLock__Unlock(&v145);
    LOBYTE(v141) = 0;
    CAfwIPC___CAfwIPC(&v142);
    v141 = -1;
    CAfwReg___CAfwReg(&v140);
    return 0;
  }
  if ( GetSessionID() && VerifyVersionInfoA_zhw() && !fun_VerifyVersionInfoA_zhw() )
  {
    ST58_4_0 = v33;
    v143 = &ST58_4_0;
    ST54_4_0 = "TermServer";
    CString__CString(&ST58_4_0, v22);
    if ( !CAfwWinApp__GetLicenseValue(v5, v23) )
    {
      CAfwString__CAfwString(&v147);
      ST58_4_0 = (int)&v158;
      LOBYTE(v141) = 21;
      v34 = *(void **)(GetWorkstationProductLineString(v23) + 4);
      LOBYTE(v141) = 22;
      if ( !v34 )
        v34 = _C;
      ST58_4_0 = (int)v34;
      ST54_4_0 = (char *)57682;
      ST50_4_0 = (const char *)&v147;
      CAfwString__SubstituteHolders(v19, v22, v35);
      LOBYTE(v141) = 21;
      if ( v159 )
      {
        v39 = *(_BYTE *)(v159 - 1);
        if ( v39 && v39 != -1 )
        {
          *(_BYTE *)(v159 - 1) = v39 - 1;
        }
        else
        {
          ST58_4_0 = v159 - 1;
          operator delete(v38);
        }
      }
      ST58_4_0 = 0;
      ST54_4_0 = 0;
      ST50_4_0 = v147;
      AfxMessageBox(v36, v37, (unsigned int)v38);
      LOBYTE(v141) = 13;
      CString___CString(&v147);
      LOBYTE(v141) = 12;
      CString___CString(&v152);
      LOBYTE(v141) = 8;
      CString___CString(&v151);
      LOBYTE(v141) = 7;
      CString___CString(&v149);
      LOBYTE(v141) = 2;
      CString___CString(&v148);
      LOBYTE(v141) = 1;
      CSingleLock__Unlock(&v145);
      LOBYTE(v141) = 0;
      CAfwIPC___CAfwIPC(&v142);
      v141 = -1;
      CAfwReg___CAfwReg(&v140);
      return 0;
    }
    if ( CAfwWinApp__IsToolMode(v5) )
    {
      ST58_4_0 = -1;
      ST54_4_0 = 0;
      ST50_4_0 = (const char *)224;
      AfxMessageBox((unsigned int)v19, (unsigned int)v22, v23);
      LOBYTE(v141) = 12;
      CString___CString(&v152);
      LOBYTE(v141) = 8;
      CString___CString(&v151);
      LOBYTE(v141) = 7;
      CString___CString(&v149);
      LOBYTE(v141) = 2;
      CString___CString(&v148);
      LOBYTE(v141) = 1;
      CSingleLock__Unlock(&v145);
      LOBYTE(v141) = 0;
      CAfwIPC___CAfwIPC(&v142);
      v141 = -1;
      CAfwReg___CAfwReg(&v140);
      return 0;
    }
  }
  if ( Maybe_Check_Valid_zhw() )
  {
    ST58_4_0 = v40;
    v143 = &ST58_4_0;
    ST54_4_0 = "main";
    CString__CString(&ST58_4_0, v22);
    if ( Maybe_String_CMP_zhw(v23) )
    {
      v100 = *(_DWORD *)(v5 + 560);
      ST58_4_0 = 0;
      ST54_4_0 = 0;
      ST50_4_0 = 0;
      AfxBeginThread(Maybe_Reg_zhw, v100, 0, v19, v22, v23);
      CWinApp__Enable3dControls(v5);
      ST58_4_0 = 108;
      v41 = operator new(v44);
      v143 = v41;
      LOBYTE(v141) = 29;
      if ( v41 )
      {
        ST58_4_0 = (int)&off_43B978;
        ST54_4_0 = (char *)&off_43B2E0;
        ST50_4_0 = (const char *)&off_43B1A0;
        v45 = CSingleDocTemplate__CSingleDocTemplate(v41, 128, v42, v43, v44);
      }
      else
      {
        v45 = 0;
      }
      ST58_4_0 = v45;
      LOBYTE(v141) = 13;
      CWinApp__AddDocTemplate(v5, v44);
      ST58_4_0 = (int)&v149;
      ST54_4_0 = v104;
      v143 = &ST54_4_0;
      ST50_4_0 = "AfwAppPosition";
      CString__CString(&ST54_4_0, v42);
      ST50_4_0 = v105;
      v144 = &ST50_4_0;
      LOBYTE(v141) = 30;
      CString__CString(&ST50_4_0, &v148);
      LOBYTE(v141) = 13;
      if ( CAfwReg__GetAppValue(&v140, -2147483647, v59, v43, v61) )
      {
        CWinApp__OnFileNew(v5);
        v62 = AfxGetThread();
        if ( v62 )
          (*(int (__thiscall **)(int))(*(_DWORD *)v62 + 124))(v62);
        CString__CString(&lpCaption);
        LOBYTE(v141) = 31;
        CString__CString(&lpText);
        LOBYTE(v141) = 32;
        CString__CString(&v147);
        LOBYTE(v141) = 33;
        CString__CString(&v144);
        LOBYTE(v141) = 34;
        CString__CString(&v160);
        ST58_4_0 = (int)L",";
        ST54_4_0 = (char *)&v143;
        LOBYTE(v141) = 35;
        ST58_4_0 = CString__SpanExcluding(&v149, v60, v61);
        LOBYTE(v141) = 36;
        CString__operator_(&lpCaption, v106);
        LOBYTE(v141) = 35;
        CString___CString(&v143);
        ST58_4_0 = *((_DWORD *)lpCaption - 2) + 1;
        ST54_4_0 = (char *)&v143;
        ST58_4_0 = CString__Mid(&v149, v107, v106);
        LOBYTE(v141) = 37;
        CString__operator_(&v160, v108);
        LOBYTE(v141) = 35;
        CString___CString(&v143);
        ST58_4_0 = (int)L",";
        ST54_4_0 = (char *)&v143;
        ST58_4_0 = CString__SpanExcluding(&v160, v109, v110);
        LOBYTE(v141) = 38;
        CString__operator_(&lpText, v111);
        LOBYTE(v141) = 35;
        CString___CString(&v143);
        ST58_4_0 = *((_DWORD *)lpText - 2) + 1;
        ST54_4_0 = (char *)&v143;
        ST58_4_0 = CString__Mid(&v160, v112, v113);
        LOBYTE(v141) = 39;
        CString__operator_(&v160, v114);
        LOBYTE(v141) = 35;
        CString___CString(&v143);
        ST58_4_0 = (int)L",";
        ST54_4_0 = (char *)&v143;
        ST58_4_0 = CString__SpanExcluding(&v160, v115, v116);
        LOBYTE(v141) = 40;
        CString__operator_(&v147, v117);
        LOBYTE(v141) = 35;
        CString___CString(&v143);
        ST58_4_0 = *((_DWORD *)v147 - 2) + 1;
        ST54_4_0 = (char *)&v143;
        ST58_4_0 = CString__Mid(&v160, v118, v119);
        LOBYTE(v141) = 41;
        CString__operator_(&v160, v120);
        LOBYTE(v141) = 35;
        CString___CString(&v143);
        ST58_4_0 = (int)L",";
        ST54_4_0 = (char *)&v143;
        ST58_4_0 = CString__SpanExcluding(&v160, v64, v121);
        LOBYTE(v141) = 42;
        CString__operator_(&v144, v122);
        LOBYTE(v141) = 35;
        CString___CString(&v143);
        ST58_4_0 = 61;
        v124 = GetSystemMetrics(v123);
        ST58_4_0 = 62;
        v125 = v124;
        v127 = GetSystemMetrics(v126);
        ST58_4_0 = 0;
        v63 = v127;
        ST58_4_0 = CString__GetBuffer(&lpCaption, v128);
        if ( v125 <= atoi(v65) + 10
          || (ST58_4_0 = 0, ST58_4_0 = CString__GetBuffer(&lpText, v65), v63 <= atoi(v65) + 10) )
        {
          ST58_4_0 = (int)L"0";
          CString__operator_(&lpCaption, v65);
          ST58_4_0 = (int)L"0";
          CString__operator_(&lpText, v65);
        }
        ST58_4_0 = 4;
        ST54_4_0 = 0;
        ST54_4_0 = (char *)CString__GetBuffer(&v144, v64);
        ST54_4_0 = (char *)atoi(v129);
        ST50_4_0 = 0;
        ST50_4_0 = (const char *)CString__GetBuffer(&v147, v59);
        ST50_4_0 = (const char *)atoi(v130);
        v131 = CString__GetBuffer(&lpText, 0);
        v132 = atoi((const char *)v131);
        v133 = CString__GetBuffer(&lpCaption, 0);
        v134 = atoi((const char *)v133);
        CWnd__SetWindowPos(*(_DWORD *)(v5 + 32), 0, v134, v132, v59, v60, v61);
        LOBYTE(v141) = 34;
        CString___CString(&v160);
        LOBYTE(v141) = 33;
        CString___CString(&v144);
        LOBYTE(v141) = 32;
        CString___CString(&v147);
        LOBYTE(v141) = 31;
        CString___CString(&lpText);
        LOBYTE(v141) = 13;
        CString___CString(&lpCaption);
      }
      else
      {
        CWinApp__OnFileNew(v5);
      }
      if ( *(_DWORD *)(v5 + 520) != 1 && !*(_DWORD *)(v5 + 524) )
        goto LicenseISWrong_zhw;
      ST58_4_0 = v66;
      v143 = &ST58_4_0;
      ST54_4_0 = "communicationmonitor";
      CString__CString(&ST58_4_0, v60);
      if ( sub_41C630(v61) )
      {
        v135 = *(_DWORD *)(v5 + 32);
        ST58_4_0 = 0;
        ST54_4_0 = 0;
        ST50_4_0 = (const char *)1150;
        PostMessageA(*(HWND *)(v135 + 32), v59, v68, v69);
      }
      ST58_4_0 = v67;
      v144 = &ST58_4_0;
      ST54_4_0 = "alarm";
      CString__CString(&ST58_4_0, v68);
      if ( sub_41C630(v69) )
      {
        v136 = *(_DWORD *)(v5 + 32);
        ST58_4_0 = 0;
        ST54_4_0 = 0;
        ST50_4_0 = (const char *)1147;
        PostMessageA(*(HWND *)(v136 + 32), v59, v71, v72);
      }
      ST58_4_0 = (int)&v143;
      ST54_4_0 = v70;
      v144 = &ST54_4_0;
      ST50_4_0 = "AutoStartGraphics";
      CString__CString(&ST54_4_0, v59);
      ST50_4_0 = (const char *)v73;
      v147 = (char *)&ST50_4_0;
      LOBYTE(v141) = 43;
      CString__CString(&ST50_4_0, &v148);
      LOBYTE(v141) = 13;
      if ( !CAfwReg__GetAppValue(&v140, -2147483647, v74, v71, v72) )
      {
        ST58_4_0 = 0;
        ST54_4_0 = (char *)v73;
        v144 = &ST54_4_0;
        ST50_4_0 = "AutoStartGraphics";
        CString__CString(&ST54_4_0, v74);
        ST50_4_0 = (const char *)v73;
        v147 = (char *)&ST50_4_0;
        LOBYTE(v141) = 44;
        CString__CString(&ST50_4_0, &v148);
        LOBYTE(v141) = 13;
        CAfwReg__SetAppValue(&v140, -2147483647, v74, v75, v76);
      }
      else
      {
        if ( v143 )
        {
          ST58_4_0 = v73;
          v144 = &ST58_4_0;
          ST54_4_0 = "graphic";
          CString__CString(&ST58_4_0, v75);
          if ( sub_41C630(v76) )
          {
            v137 = *(_DWORD *)(v5 + 32);
            ST58_4_0 = 0;
            ST54_4_0 = 0;
            ST50_4_0 = (const char *)1152;
            PostMessageA(*(HWND *)(v137 + 32), v74, v75, v76);
          }
        }
      }
      if ( *(_DWORD *)(v5 + 520) != 1 )
        goto LicenseISWrong_zhw;
      ST58_4_0 = v73;
      v144 = &ST58_4_0;
      ST54_4_0 = NewItem;
      CString__CString(&ST58_4_0, v75);
      ST54_4_0 = (char *)v77;
      LOBYTE(v141) = 45;
      v147 = (char *)&ST54_4_0;
      ST50_4_0 = "Fire ALS3";
      CString__CString(&ST54_4_0, v74);
      ST50_4_0 = 0;
      LOBYTE(v141) = 13;
      if ( (CAfwWinApp__IsLicensed(v5, v78, v79, v76)
         || (ST58_4_0 = v77, v144 = &ST58_4_0, ST54_4_0 = NewItem, CString__CString(&ST58_4_0, v79), ST54_4_0 = (char *)v81, LOBYTE(v141) = 46, v147 = (char *)&ST54_4_0, ST50_4_0 = "XLS", CString__CString(&ST54_4_0, v78), ST50_4_0 = 0, LOBYTE(v141) = 13, CAfwWinApp__IsLicensed(v5, v78, v79, v80)))
        && (v82 = *(_DWORD *)(v5 + 560), v81 = *(_DWORD *)(v82 + 52), v81)
        && (ST58_4_0 = *(_DWORD *)(v82 + 52), v144 = &ST58_4_0, ST54_4_0 = "AlarmBar", CString__CString(&ST58_4_0, v79), sub_41C630(v80)) )
      {
        v138 = *(_DWORD *)(v5 + 32);
        ST58_4_0 = 0;
        ST54_4_0 = 0;
        ST50_4_0 = (const char *)1151;
        v83 = *(HWND *)(v138 + 32);
      }
      else
      {
        ST58_4_0 = v81;
        v144 = &ST58_4_0;
        ST54_4_0 = NewItem;
        CString__CString(&ST58_4_0, v79);
        ST54_4_0 = (char *)v84;
        LOBYTE(v141) = 47;
        v147 = (char *)&ST54_4_0;
        ST50_4_0 = "ALMB";
        CString__CString(&ST54_4_0, v78);
        ST50_4_0 = 0;
        LOBYTE(v141) = 13;
        if ( !CAfwWinApp__IsLicensed(v5, v78, v85, v80)
          || (ST58_4_0 = v84, v144 = &ST58_4_0, ST54_4_0 = "AlarmBar", CString__CString(&ST58_4_0, v79), !sub_41C630(v80)) )
          goto LicenseISWrong_zhw;
        v139 = *(_DWORD *)(v5 + 32);
        ST58_4_0 = 0;
        ST54_4_0 = 0;
        ST50_4_0 = (const char *)1151;
        v83 = *(HWND *)(v139 + 32);
      }
      PostMessageA(v83, v78, v79, v80);
LicenseISWrong_zhw:
      sub_4210F0();
      LOBYTE(v141) = 12;
      CString___CString(&v152);
      LOBYTE(v141) = 8;
      CString___CString(&v151);
      LOBYTE(v141) = 7;
      CString___CString(&v149);
      LOBYTE(v141) = 2;
      CString___CString(&v148);
      LOBYTE(v141) = 1;
      CSingleLock__Unlock(&v145);
      LOBYTE(v141) = 0;
      CAfwIPC___CAfwIPC(&v142);
      v141 = -1;
      CAfwReg___CAfwReg(&v140);
      return 1;
    }
  }
  ST58_4_0 = 3;
  sub_40D8C0(v23);
  CAfwString__CAfwString(&lpText);
  LOBYTE(v141) = 23;
  CAfwString__CAfwString(&lpCaption);
  ST58_4_0 = v101;
  v143 = &ST58_4_0;
  ST54_4_0 = NewItem;
  LOBYTE(v141) = 24;
  CString__CString(&ST58_4_0, v22);
  ST54_4_0 = v102;
  LOBYTE(v141) = 25;
  v144 = &ST54_4_0;
  ST50_4_0 = "DMA";
  CString__CString(&ST54_4_0, v19);
  ST50_4_0 = 0;
  LOBYTE(v141) = 24;
  v103 = sub_4021E0();
  if ( CAfwWinApp__IsLicensed(v103, v46, v47, v48) )
  {
    ST58_4_0 = 162;
    CString__LoadStringA(&lpText, v48);
    ST58_4_0 = 161;
    CString__LoadStringA(&lpCaption, v49);
  }
  else
  {
    ST58_4_0 = (int)&v158;
    v50 = *(void **)(GetWorkstationVerboseProductNameString(v48) + 4);
    LOBYTE(v141) = 27;
    if ( !v50 )
      v50 = _C;
    ST58_4_0 = (int)v50;
    ST54_4_0 = (char *)61216;
    ST50_4_0 = (const char *)&lpCaption;
    CAfwString__SubstituteHolders(v46, v47, v51);
    LOBYTE(v141) = 24;
    if ( v159 )
    {
      v55 = *(_BYTE *)(v159 - 1);
      if ( v55 && v55 != -1 )
      {
        *(_BYTE *)(v159 - 1) = v55 - 1;
      }
      else
      {
        ST58_4_0 = v159 - 1;
        operator delete(v54);
      }
    }
    ST58_4_0 = (int)&v158;
    v56 = *(void **)(GetWorkstationVerboseProductNameString(v54) + 4);
    LOBYTE(v141) = 28;
    if ( !v56 )
      v56 = _C;
    ST58_4_0 = (int)v56;
    ST54_4_0 = (char *)61217;
    ST50_4_0 = (const char *)&lpText;
    CAfwString__SubstituteHolders(v46, v47, v49);
    if ( v159 )
    {
      v58 = *(_BYTE *)(v159 - 1);
      if ( v58 && v58 != -1 )
      {
        *(_BYTE *)(v159 - 1) = v58 - 1;
      }
      else
      {
        ST58_4_0 = v159 - 1;
        operator delete((void *)v49);
      }
    }
  }
  ST58_4_0 = 16;
  ST54_4_0 = (char *)lpCaption;
  ST50_4_0 = lpText;
  MessageBoxA(0, v46, v47, v49);
  LOBYTE(v141) = 23;
  CString___CString(&lpCaption);
  LOBYTE(v141) = 13;
  CString___CString(&lpText);
  LOBYTE(v141) = 12;
  CString___CString(&v152);
  LOBYTE(v141) = 8;
  CString___CString(&v151);
  LOBYTE(v141) = 7;
  CString___CString(&v149);
  LOBYTE(v141) = 2;
  CString___CString(&v148);
  LOBYTE(v141) = 1;
  CSingleLock__Unlock(&v145);
  LOBYTE(v141) = 0;
  CAfwIPC___CAfwIPC(&v142);
  v141 = -1;
  CAfwReg___CAfwReg(&v140);
  return 0;
}

注意力集中在 Maybe_GetWorkstationVerboseProductNameString()这个函数中,挖掘这个函数,果然发现是读取license或dongle的函数,看代码:

int __fastcall Maybe_GetWorkstationVerboseProductNameString(int a1)
{
  int v1; // esi@1
  void *v2; // eax@7
  void *v3; // eax@10
  char v4; // al@13
  void *v5; // ecx@13
  char v7; // ST08_1@2
  int v8; // eax@5
  int v9; // edi@17
  char v10; // [sp+14h] [bp-40h]@1
  signed int v11; // [sp+50h] [bp-4h]@1
  char v12; // [sp+20h] [bp-34h]@1
  signed int v13; // [sp+18h] [bp-3Ch]@1
  char v14; // [sp+38h] [bp-1Ch]@1
  int v15; // [sp-8h] [bp-5Ch]@2
  int *v16; // [sp+1Ch] [bp-38h]@2
  char v17; // [sp+24h] [bp-30h]@2
  char v18; // [sp+28h] [bp-2Ch]@7
  char v19; // [sp+10h] [bp-44h]@10
  int v20; // [sp+2Ch] [bp-28h]@12
  int v21; // [sp+30h] [bp-24h]@17
  int v22; // [sp+34h] [bp-20h]@17

  v1 = a1;
  AfxGetModuleState();
  sub_409A20();
  *(_DWORD *)(v1 + 24) = sub_40CDF0();
  CAfwString__CAfwString(&v10);
  v11 = 0;
  CSysName__CSysName(&v12);
  LOBYTE(v11) = 1;
  v13 = 16;
  if ( GetComputerNameSBT(&v14, (unsigned __int32 *)&v13) )
  {
    CSysName__operator_(&v12, &v14);
    v16 = &v15;
    CString__CString(&v7, (unsigned int)&v17 & -(&v12 != 0));
    sub_40D540(&v16, (char)CSysName___vftable_, v7);
    CString___CString(&v16);
  }
  else
  {
    CSysName__operator_(&v12, L"?");
    CUserName__operator_(v1 + 44, L"?");
  }
  if ( sub_409E80() )
  {
    v2 = *(void **)(GetWorkstationProductLineString(&v18) + 4);
    LOBYTE(v11) = 2;
    if ( !v2 )
      v2 = _C;
    CAfwString__SubstituteHolders(&v10, 61224, v2);
    LOBYTE(v11) = 1;
    std__basic_string_char_std__char_traits_char__std__allocator_char_____Tidy(&v18, 1);
    CString__operator_(v1 + 40, &v10);
  }
  else
  {
    v8 = License_Check_zhw();
    *(_DWORD *)(v1 + 28) = v8;
    if ( v8 )
      CheckLicense_AddApps_zhw();
  }
  CAfwString__CAfwString(&v19);
  LOBYTE(v11) = 3;
  v3 = *(void **)(GetWorkstationVerboseProductNameString(&v18) + 4);
  LOBYTE(v11) = 4;
  if ( !v3 )
    v3 = _C;
  CAfwString__SubstituteHolders(&v19, 61216, v3);
  LOBYTE(v11) = 3;
  if ( v20 )
  {
    v5 = (void *)(v20 - 1);
    v4 = *(_BYTE *)(v20 - 1);
    if ( v4 && v4 != -1 )
      *(_BYTE *)v5 = v4 - 1;
    else
      operator delete(v5);
  }
  v20 = 0;
  v21 = 0;
  v22 = 0;
  CString__operator_(v1 + 60, &v19);
  v9 = *(_DWORD *)(v1 + 24) & *(_DWORD *)(v1 + 28);
  LOBYTE(v11) = 1;
  CString___CString(&v19);
  LOBYTE(v11) = 0;
  CString___CString((unsigned int)&v17 & -(&v12 != 0));
  v11 = -1;
  CString___CString(&v10);
  return v9;
}

看 v8 = License_Check_zhw()函数,问题已经开始越来越明了了,再往里钻一下:

signed int __fastcall License_Check_zhw(int a1)
{
  signed int ST08_4_0; // ST08_4@0
  int ST0C_4_0; // ST0C_4@0
  signed int v3; // ebp@1
  int v4; // esi@1
  signed int v5; // ecx@2
  int v6; // eax@6
  char v7; // zf@8
  void *v9; // eax@28
  int v10; // ST0C_4@28
  int v11; // ecx@30
  void *v12; // ST0C_4@30
  char v13; // al@31
  signed int v14; // ecx@34
  signed int v16; // eax@1
  int v17; // esi@35
  signed int v18; // ecx@35
  int v19; // ST08_4@35
  int v20; // ST0C_4@35
  signed int v21; // ecx@35
  int v22; // ST08_4@35
  int v23; // ST0C_4@35
  signed int v24; // ecx@35
  int v25; // ST08_4@35
  int v26; // ST0C_4@35
  signed int v27; // ecx@35
  int v28; // ST08_4@35
  int v29; // ST08_4@37
  int v30; // [sp+20h] [bp-28h]@1
  signed int *v31; // [sp+28h] [bp-20h]@14
  char v32; // [sp+2Ch] [bp-1Ch]@28
  signed int v33; // [sp+44h] [bp-4h]@28
  char v34; // [sp+24h] [bp-24h]@30
  int v35; // [sp+30h] [bp-18h]@30
  int v36; // [sp+34h] [bp-14h]@37
  int v37; // [sp+38h] [bp-10h]@37

  v4 = a1;
  *(_DWORD *)(a1 + 80) = 0;
  *(_DWORD *)(a1 + 84) = 0;
  *(_DWORD *)(a1 + 88) = 0;
  *(_DWORD *)(a1 + 72) = 0;
  *(_DWORD *)(a1 + 76) = 0;
  *(_DWORD *)(a1 + 68) = 0;
  *(_DWORD *)(a1 + 92) = 0;
  *(_DWORD *)(a1 + 96) = 0;
  *(_DWORD *)(a1 + 104) = 0;
  *(_DWORD *)(a1 + 108) = 0;
  *(_DWORD *)(a1 + 112) = 0;
  *(_DWORD *)(a1 + 116) = 0;
  v30 = *(_DWORD *)(AfxGetModuleState() + 4);
  v16 = sub_40A190();
  v3 = v16;
  if ( !v16 )
  {
    ST0C_4_0 = (int)"Softprot Initialize failed /n";
    goto LABEL_41;
  }
  call_softRequestLicense_zhw();
  if ( !*(_DWORD *)(v4 + 76) )
  {
    call_FindLicense_Fls_zhw();
    if ( !*(_DWORD *)(v4 + 76) )
    {
      if ( !*(_DWORD *)(v4 + 84) )
        call_FindLicense_Combo_zhw();
    }
  }
  v6 = *(_DWORD *)(v4 + 108);
  if ( v6 || *(_DWORD *)(v4 + 104) )
  {
    v3 = 0;
    if ( !v6 )
      goto LABEL_42;
    ST0C_4_0 = 61249;
    CString__LoadStringA(v4 + 40, ST0C_4_0);
    ST0C_4_0 = (int)"Dongle missing!/n";
LABEL_41:
    sub_4070C0(ST0C_4_0);
    goto LABEL_42;
  }
  v7 = *(_DWORD *)(v4 + 76) == 0;
  if ( !*(_DWORD *)(v4 + 76) )
  {
    if ( !*(_DWORD *)(v4 + 84) )
    {
      if ( !*(_DWORD *)(v4 + 72) )
        call_FindLicense_Core_zhw();
    }
    v7 = *(_DWORD *)(v4 + 76) == 0;
  }
  if ( v7 )
  {
    if ( !*(_DWORD *)(v4 + 72) && !*(_DWORD *)(v4 + 84) )
    {
      SoftProtRequest_Set_License_zhw();
      goto LABEL_20;
    }
    ST0C_4_0 = 1;
    ST08_4_0 = v5;
    v31 = &ST08_4_0;
    CString__CString(&ST08_4_0, "ReportScheduler");
    CAfwWinApp__SetLicenseValue(v30, ST08_4_0, ST0C_4_0);
    ST0C_4_0 = (int)"Added Report Scheduler /n";
  }
  else
  {
    ST0C_4_0 = 0;
    ST08_4_0 = v5;
    v31 = &ST08_4_0;
    CString__CString(&ST08_4_0, "ReportScheduler");
    CAfwWinApp__SetLicenseValue(v30, ST08_4_0, ST0C_4_0);
    ST0C_4_0 = (int)"Report Scheduler was not added/n";
  }
  sub_4070C0(ST0C_4_0);
LABEL_20:
  if ( !*(_DWORD *)(v4 + 112) )
  {
    ST0C_4_0 = 61247;
    v3 = 0;
    CString__LoadStringA(v4 + 40, ST0C_4_0);
    ST0C_4_0 = (int)"License file lservrc file not found/n";
    goto LABEL_41;
  }
  Check_License_OtherAll_zhw();
  if ( *(_DWORD *)(v4 + 116) )
  {
    v3 = 0;
  }
  else
  {
    if ( *(_DWORD *)(v4 + 76) || *(_DWORD *)(v4 + 68) || *(_DWORD *)(v4 + 72) || *(_DWORD *)(v4 + 84) )
    {
      v3 = 1;
      if ( COptionsObj__GetProductBrandIdentity() == 2 )
      {
        ST0C_4_0 = 0;
        ST08_4_0 = v14;
        v31 = &ST08_4_0;
        CString__CString(&ST08_4_0, "ALMB");
        v17 = v30;
        CAfwWinApp__SetLicenseValue(v30, ST08_4_0, ST0C_4_0);
        ST0C_4_0 = 0;
        ST08_4_0 = v18;
        v31 = &ST08_4_0;
        CString__CString(&ST08_4_0, "tod");
        CAfwWinApp__SetLicenseValue(v17, v19, v20);
        ST0C_4_0 = 0;
        ST08_4_0 = v21;
        v31 = &ST08_4_0;
        CString__CString(&ST08_4_0, "BACnetServer");
        CAfwWinApp__SetLicenseValue(v17, v22, v23);
        ST0C_4_0 = 0;
        ST08_4_0 = v24;
        v31 = &ST08_4_0;
        CString__CString(&ST08_4_0, "Dialup");
        CAfwWinApp__SetLicenseValue(v17, v25, v26);
        ST0C_4_0 = 1;
        ST08_4_0 = v27;
        v31 = &ST08_4_0;
        CString__CString(&ST08_4_0, "BACnetClient");
        CAfwWinApp__SetLicenseValue(v17, v28, ST0C_4_0);
      }
    }
    else
    {
      v3 = 0;
      ST0C_4_0 = (int)&v32;
      v9 = *(void **)(GetWorkstationVerboseProductNameString(ST0C_4_0) + 4);
      v33 = 0;
      if ( !v9 )
        v9 = _C;
      ST0C_4_0 = (int)v9;
      CString__CString(&v34, v10);
      LOBYTE(v33) = 2;
      if ( v35 )
      {
        v11 = v35 - 1;
        v13 = *(_BYTE *)(v35 - 1);
        if ( v13 && v13 != -1 )
        {
          *(_BYTE *)v11 = v13 - 1;
        }
        else
        {
          ST0C_4_0 = v35 - 1;
          operator delete(v12);
        }
      }
      ST0C_4_0 = v11;
      v31 = &ST0C_4_0;
      ST08_4_0 = (signed int)&v34;
      v35 = 0;
      v36 = 0;
      v37 = 0;
      CString__CString(&ST0C_4_0, ST08_4_0);
      ST08_4_0 = 9;
      sub_40C660(v29, v12);
      ST0C_4_0 = (int)"No licenses found!/n";
      sub_4070C0(ST0C_4_0);
      v33 = -1;
      CString___CString(&v34);
    }
  }
LABEL_42:
  ST0C_4_0 = (int)"End License checks/n/n";
  sub_4070C0(ST0C_4_0);
  return v3;
}

 

 还用得着再说吗,IDA强大的功能使得脉络如此清楚,看它的图形视图的话更显得章节有素,上传图片太麻烦了,这里就不传了,siemense这个软件写得挺好的,思路和程序都很清晰,专业!

 

 

你可能感兴趣的:(逆向工程,破解,byte,c,delete,report,thread)