📄 aspr2.xx_unpacker_v1.15sc.osc
字号:
je lab35_3
//length of 1st cmd = 2
mov tmp6, [tmp5], 2
cmp tmp6, 1EB
je lab35_2
cmp tmp6, 2EB
jne lab35_4
lab35_2:
mov tmp3, [tmp5+1], 1
add tmp4, tmp3
add tmp4, tmp5
eval "jmp 0{tmp4}"
asm tmp1, $RESULT
jmp lab36_1
//length of 1st cmd = 1
lab35_3:
mov tmp3, [tmp5]
and tmp3, 00F0FFF0
cmp tmp3, 0EBF0 //"prefix ??", "jmp ???????"
jne lab35_4
mov tmp3, [tmp5+2], 1
add tmp3, tmp5
add tmp3, tmp4
add tmp3, 2
eval "jmp 0{tmp3}"
asm tmp1, $RESULT
jmp lab36_1
//2nd cmd after call reg
lab35_4:
mov tmp6, tmp5
add tmp6, tmp4
opcode tmp6
mov tmp8, $RESULT_2 //length of 2nd cmd after call reg
mov tmp2, tmp4
add tmp4, tmp8
cmp tmp8, 2
je lab35_5
cmp tmp8, 3
je lab35_7
cmp tmp4, 3
jae copybyte
jmp lab35_9
//length of 2nd cmd = 2
lab35_5:
mov tmp3, [tmp6], 2
cmp tmp3, 1EB
je lab35_6
cmp tmp3, 2EB
je lab35_6
cmp tmp4, 3
jae copybyte
jmp lab35_9
lab35_6:
opcode tmp5
mov tmp3, $RESULT_1
eval "{tmp3}"
asm tmp1, $RESULT
add tmp1, tmp8
mov tmp3, 0 //For Odbgscript compatibility
mov tmp3, [tmp6+1], 1
add tmp2, tmp3
add tmp2, tmp8
add tmp2, tmp5
eval "jmp 0{tmp2}"
asm tmp1, $RESULT
jmp lab36_1
//length of 2nd cmd = 3
lab35_7:
mov tmp3, [tmp6+1], 2
cmp tmp3, 1EB
je lab35_8
cmp tmp3, 2EB
je lab35_8
cmp tmp4, 3
jae copybyte
jmp lab35_9
lab35_8:
opcode tmp5
mov tmp3, $RESULT_1
eval "{tmp3}"
asm tmp1, $RESULT
add tmp1, tmp8
mov tmp3, 0 //For Odbgscript compatibility
mov tmp3, [tmp6+2], 1
add tmp2, tmp3
add tmp2, tmp8
add tmp2, tmp5
eval "jmp 0{tmp2}"
asm tmp1, $RESULT
jmp lab36_1
//3rd cmd after call reg
lab35_9:
mov tmp7, tmp6
add tmp7, tmp8
opcode tmp7
mov tmp9, $RESULT_2 //length of 3rd cmd after call reg
add tmp4, tmp9
cmp tmp9, 2
je lab35_10
cmp tmp9, 3
je lab35_12
jmp copybyte
//length of 3rd cmd = 2
lab35_10:
mov tmp3, [tmp7], 2
cmp tmp3, 1EB
je lab35_11
cmp tmp3, 2EB
je lab35_11
jmp copybyte
lab35_11:
mov tmp3, [tmp5], 2
mov [tmp1], tmp3
add tmp1, 2
mov tmp3, [tmp7+1], 1
add tmp2, tmp3
add tmp2, tmp8
add tmp2, tmp9
add tmp2, tmp5
eval "jmp 0{tmp2}"
asm tmp1, $RESULT
jmp lab36_1
//length of 3rd cmd = 3
lab35_12:
mov tmp3, [tmp7+1], 2
cmp tmp3, 1EB
je lab35_13
cmp tmp3, 2EB
je lab35_13
jmp copybyte
lab35_13:
mov tmp3, [tmp5], 2
mov [tmp1], tmp3
add tmp1, 2
mov tmp3, [tmp7+2], 1
add tmp2, tmp3
add tmp2, tmp8
add tmp2, tmp9
add tmp2, tmp5
eval "jmp 0{tmp2}"
asm tmp1, $RESULT
jmp lab36_1
//one command to copy
lab35_14:
cmp tmp4, 3
jne copybyte
//length of 1st cmd = 3
mov tmp3, [tmp5+1]
and tmp3, 0F0FF
cmp tmp3, EB
je lab35_15
jmp copybyte
lab35_15:
mov tmp3, [tmp5+2], 1
add tmp3, tmp5
add tmp3, tmp4
eval "jmp 0{tmp3}"
asm tmp1, $RESULT
jmp lab36_1
copybyte:
mov tmp6, tmp5 //paddr4+2
mov tmp7, tmp1 //patch addr in freeloc
mov tmp3, tmp4 //ttl bytes to copy
shr tmp3, 2
mov tmp2, tmp3
shl tmp2, 2
cmp tmp4, tmp2
je copybyte_1
add tmp3, 1
copybyte_1:
cmp tmp3, 0
je lab36
mov tmp2, [tmp6]
mov [tmp7], tmp2
sub tmp3, 1
add tmp6, 4
add tmp7, 4
jmp copybyte_1
lab36:
add tmp1, tmp4
add tmp5, tmp4
eval "jmp 0{tmp5}"
asm tmp1, $RESULT
lab36_1:
mov tmp1, freeloc
add tmp1, 70
eval "jmp 0{tmp1}"
asm paddr4, $RESULT
//
mov tmp1, freeloc
add tmp1, D2
mov tmp2, freeloc
add tmp2, 100
mov [tmp1], tmp2
add tmp1, 7 //D9
add tmp2, 4
mov [tmp1], tmp2
add tmp1, 5 //DE
mov tmp2, paddr5
sub tmp2, 2
mov tmp3, tmp2
add tmp2, ori6
add tmp2, 6
eval "jmp 0{tmp2}"
asm tmp1, $RESULT
mov tmp1, freeloc
add tmp1, D0
eval "jz 0{tmp1}"
asm tmp3, $RESULT
//for move data
mov tmp1, freeloc
add tmp1, 0A1 //A1
mov tmp2, dataloc
add tmp2, 2000
mov [tmp1], tmp2
add tmp1, 5 //A6
mov [tmp1], countaddr
add tmp1, 5 //AB
mov tmp2, dataendaddr
sub tmp2, tablea
add tmp2, 8
shr tmp2, 2
mov [tmp1], tmp2
add tmp1, 7 //B2
mov [tmp1], countaddr
add tmp1, 6 //B8
mov tmp2, dataendaddr
sub tmp2, tablea
shr tmp2, 3
mov [tmp1], tmp2
add tmp1, 7 //BF
mov tmp2, countaddr
add tmp2, 8
mov [tmp1], tmp2
mov tmp7, eip
mov eip, freeloc
mov tmp1, freeloc
add tmp1, C5 //end point
bp tmp1
eob lab36_2
eoe lab36_2
esto
lab36_2:
cmp eip, tmp1
je lab36_3
esto
lab36_3:
//msg "Delphi 初始化表修复完毕"
bc tmp1
//Restore original code
mov tmp2, paddr1
mov [tmp2], ori1
add tmp2, 4
mov [tmp2], ori2
mov tmp2, paddr4
mov [tmp2], ori3
add tmp2, 4
mov [tmp2], ori4
add tmp2, 4
mov [tmp2], ori5
mov [paddr5], ori6
mov caller1, "nil"
mov eip, tmp7
fill freeloc, 110, 00
jmp lab41_1
lab41:
cob
coe
rtr
lab41_1:
cmp type3API, 0
je lab46
//fix type3 API
mov tmp4, APIpoint3
sub tmp4, 100
find tmp4, #05FF000000508BC3#
mov tmp1, $RESULT
cmp tmp1, 0
je error
add tmp1, 8
GCI tmp1, DESTINATION
mov func1, $RESULT
//log func1
add tmp1, 5
find tmp1, #8BC3E8??#
mov tmp2, $RESULT
cmp tmp2, 0
je error
add tmp2, 2
GCI tmp2, DESTINATION
mov func2, $RESULT
//log func2
add tmp2, 5
find tmp2, #8BC3E8??#
mov tmp1, $RESULT
cmp tmp1, 0
je error
add tmp1, 2
GCI tmp1, DESTINATION
mov func3, $RESULT
//log func3
mov tmp3, [tmp1-D], 1
cmp tmp3, 50
je lab42
mov v1.32, 1
//log v1.32
lab42:
mov tmp1, freeloc
mov [tmp1], #60BB6806CA00BD000DC4008B73548D7B408B43188945608B83E000000089453433C08A078D04408B4C83688BC6FFD18B#
add tmp1, 30 //30
mov [tmp1], #C8034B24038BE000000033C08A47098D04408B5483688BC6FFD2807B20000F854C0100003C010F8544010000894D7033#
add tmp1, 30 //60
mov [tmp1], #C08A47078D04408B5483688BC6FFD289452433C08A47088D04408B5483688BC6FFD289452833C08A47028D04408B5483#
add tmp1, 30 //90
mov [tmp1], #688BC6FFD289453C33C08A47068D04408B5483688BC6FFD28845408B83E000000001453C8B453C5033C08A454005FF00#
add tmp1, 30 //C0
mov [tmp1], #0000508BC3E85A6A03008BC88B53108BC3E8725803008B552403553403D08955248B55282B55342BD089552833C08A47#
add tmp1, 30 //F0
mov [tmp1], #038D04408B5483688BC6FFD28945348B83E000000001453433C08A47018D04408B5483688BC6FFD28845388D452C5066#
add tmp1, 30 //120
mov [tmp1], #8B4D24668B55288BC3E8126503008B552C0393E0000000909090909060E82E00000066B9FF153E8A4538363A434A7405#
add tmp1, 30 //150
mov [tmp1], #6681C100108B457066890883C002893061EB3A00000000000000000000000090BEE02150003916740D83C60481FE3C2A#
add tmp1, 30 //180
mov [tmp1], #0210770FEBEF81EE0000400081C600004000C390900000000000000000FF4568FF4D6003B3E4000000837D60000F876D#
add tmp1, 30 //1B0
mov [tmp1], #FEFFFF6190#
mov tmp1, freeloc
mov tmp2, freeloc
add tmp2, 0D00 //freeloc+D00
mov tmp3, freeloc
add tmp3, 0D68 //freeloc+D68
add tmp1, 2 //2
mov [tmp1], EBXaddr
add tmp1, 5 //7
mov [tmp1], tmp2
add tmp1, BE //C5
eval "call 0{func1}"
asm tmp1, $RESULT
add tmp1, 0C //D1
eval "call 0{func2}"
asm tmp1, $RESULT
add tmp1, 58 //129
eval "call 0{func3}"
asm tmp1, $RESULT
add tmp1, 48 //171
mov [tmp1], iatstartaddr
add tmp1, D //17E
mov [tmp1], iatendaddr
add tmp1, A //188
mov [tmp1], imgbase
add tmp1, 6 //18E
mov [tmp1], imgbasefromdisk
add tmp1, 5 //193 error point
mov tmp5, tmp1
bp tmp5
add tmp1, 21 //1B4 end point
mov tmp6, tmp1
bp tmp6
mov tmp7, eip //store eip
cmp v1.32, 1
jne lab43
mov tmp1, freeloc
add tmp1, 11B //freeloc+11B
mov [tmp1], #90909090#
add tmp1, 13 //freeloc+12E
mov [tmp1], #8BD090909090909090#
lab43:
mov eip, freeloc
eob lab44
eoe lab44
run
lab44:
cmp eip, tmp5 //error
je lab60
cmp eip, tmp6 //OK
je lab45
jmp error
lab45:
bc tmp5
bc tmp6
//msg "type3 API 修复完毕"
//pause
mov type3count, [tmp3]
//log type3count
fill freeloc, 0E00, 00
mov eip, tmp7 //restore eip
lab46:
cmp AsprAPIloc, 0
je lab52
cmp Aspr1stthunk, 0 //VB app ?
je lab52
mov count, 120 //Need free space 120 bytes for 2.xx
call FindEMUAddr
//$$$ fix Asprotect API $$$
lab46_1:
//chk number of API
mov tmp5, 0 //counter
mov tmp6, Aspr1stthunk
mov tmp1, AsprAPIloc
add tmp1, 4
mov caller, "lab46_1"
lab46_2:
mov tmp2, [tmp1]
GMEMI tmp2, MEMORYOWNER
mov tmp3, $RESULT
cmp tmp3, dllimgbase
jne lab46_3
add tmp5, 1
add tmp1, 4
jmp lab46_2
lab46_3:
log tmp5, "这版的 Asprotect 其 SDk API 总数 = "
lab47:
mov tmp10, 0
cmp tmp5, 0B
je loop8
cmp tmp5, 0C
je loop9
cmp tmp5, 0D
je loop10
msg "未知的 Asprotect SDK API"
jmp error
//Asprotect 2.3 build01.14
loop8:
mov tmp7, AsprAPIloc
scmp caller, "lab84"
je loop8_2
mov tmp1, [tmp6]
GMEMI tmp1, MEMORYOWNER
mov tmp2, $RESULT
cmp tmp2, dllimgbase
jne lab48
mov tmp8, 0 //reset counter
loop8_1:
cmp tmp8, tmp5 //compare all the API in AsprAPIloc?
ja error
mov tmp2, [tmp7] //AsprAPIloc
cmp tmp1, tmp2
je loop8_3
add tmp7, 4
add tmp8, 1
jmp loop8_1
loop8_2:
mov tmp1, [tmp6]
cmp tmp1, 0
je lab48
mov tmp8, [tmp6+4]
//0-GetRegistrationKeys,1-GetRegistrationInformation,2-CheckKey,3-CheckKeyAndDecrypt
//4-GetKeyDate,5-GetKeyExpirationDate,6-GetTrialDays,7-GetTrialExecs
//8-GetExpirationDate,9-GetModeInformation,A-GetHardwareID,B-SetUserKey
loop8_3:
cmp tmp8, 1
je B_GRI
cmp tmp8, 2
je B_CK
cmp tmp8, 3
je B_CKAD
cmp tmp8, 4
je B_GKD
cmp tmp8, 5
je B_GKED
cmp tmp8, 6
je B_GTD
cmp tmp8, 7
je B_GTE
cmp tmp8, 8
je B_GED
cmp tmp8, 9
je B_GMI
cmp tmp8, 0A
je B_GHI
msg "这个 API 没有模拟"
//pause
scmp caller, "lab84"
je loop8_4
add tmp6, 4
jmp loop8
loop8_4:
add tmp6, 8
jmp loop8
//GetRegistrationInformation
B_GRI:
mov tmp3, EmuAddr
mov [tmp3], #8B442408C700909090008B44240CC70090909000B801000000C20C00#
add tmp3, 6
mov tmp4, EmuAddr
add tmp4, 20
mov [tmp4], #313131313232323233333333# //111122223333
sub tmp4, imgbase
add tmp4, imgbasefromdisk
mov [tmp3], tmp4
cmp isdll, 1
jne B_GRI_1
mov tmp9, EmuAddr
add tmp9, 6
call DLLASPRAPI
B_GRI_1:
add tmp3, 0A
mov tmp4, EmuAddr
add tmp4, 30
cmp isdll, 1
jne B_GRI_2
mov tmp9, EmuAddr
add tmp9, 10
call DLLASPRAPI
B_GRI_2:
mov [tmp4], #04000000566F6C58#
add tmp4, 4
sub tmp4, imgbase
add tmp4, imgbasefromdisk
mov [tmp3], tmp4
log EmuAddr, "GetRegistrationInformation "
scmp caller, "lab84"
je B_GRI_3
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 40
add tmp6, 4
jmp loop8
B_GRI_3:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 40
add tmp6, 8
jmp loop8
//CheckKey
B_CK:
mov tmp3, EmuAddr
mov [tmp3], #B801000000C20C00#
log EmuAddr, "CheckKey "
scmp caller, "lab84"
je B_CK_1
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 10
add tmp6, 4
jmp loop8
B_CK_1:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 10
add tmp6, 8
jmp loop8
//CheckKeyAndDecrypt
B_CKAD:
mov tmp3, EmuAddr
mov [tmp3], #B801000000C20C00#
log EmuAddr, "CheckKeyAndDecrypt "
scmp caller, "lab84"
je B_CKAD_1
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 10
add tmp6, 4
jmp loop8
B_CKAD_1:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 10
add tmp6, 8
jmp loop8
//GetKeyDate
B_GKD:
mov tmp3, EmuAddr
mov [tmp3], #8B44240866C70001008B44240C66C70001008B44241066C700D707B801000000C21000#
log EmuAddr, "GetKeyDate "
scmp caller, "lab84"
je B_GKD_1
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 30
add tmp6, 4
jmp loop8
B_GKD_1:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 30
add tmp6, 8
jmp loop8
//GetKeyExpirationDate
B_GKED:
mov tmp3, EmuAddr
mov [tmp3], #8B44240866C7001E008B44240C66C7000C008B44241066C7006B08B801000000C21000#
log EmuAddr, "GetKeyExpirationDate "
scmp caller, "lab84"
je B_GKED_1
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 30
add tmp6, 4
jmp loop8
B_GKED_1:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 30
add tmp6, 8
jmp loop8
//GetTrialDays
B_GTD:
mov tmp3, EmuAddr
mov [tmp3], #8B442408C7001E0000008B44240CC7001E000000B801000000C20C00#
log EmuAddr, "GetTrialDays "
scmp caller, "lab84"
je B_GTD_1
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 20
add tmp6, 4
jmp loop8
B_GTD_1:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 20
add tmp6, 8
jmp loop8
//GetTrialExecs
B_GTE:
mov tmp3, EmuAddr
mov [tmp3], #8B442408C7001E0000008B44240CC7001E000000B801000000C20C00#
log EmuAddr, "GetTrialExecs "
scmp caller, "lab84"
je B_GTE_1
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 20
add tmp6, 4
jmp loop8
B_GTE_1:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 20
add tmp6, 8
jmp loop8
//GetExpirationDate
B_GED:
mov tmp3, EmuAddr
mov [tmp3], #8B44240866C7001E008B44240C66C7000C008B44241066C7006B08B801000000C21000#
log EmuAddr, "GetExpirationDate "
scmp caller, "lab84"
je B_GED_1
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 30
add tmp6, 4
jmp loop8
B_GED_1:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 30
add tmp6, 8
jmp loop8
//GetModeInformation
B_GMI:
mov tmp3, EmuAddr
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -