aspr2.xx_unpacker_v1.15sc.osc

脱壳的人都知道这东西的用处

mov [tmp3], #8B442408C700909090008B44240CC70090909000B801000000C20C00#
add tmp3, 6
mov tmp4, EmuAddr
add tmp4, 20
mov [tmp4], #53697465204C6963656E7365#           //Site license
sub tmp4, imgbase
add tmp4, imgbasefromdisk
mov [tmp3], tmp4
cmp isdll, 1
jne B_GMI_1
mov tmp9, EmuAddr
add tmp9, 6
call DLLASPRAPI

B_GMI_1:
add tmp3, 0A
mov tmp4, EmuAddr
add tmp4, 30
mov [tmp4], #030000000#
sub tmp4, imgbase
add tmp4, imgbasefromdisk
mov [tmp3], tmp4
cmp isdll, 1
jne B_GMI_2
mov tmp9, EmuAddr
add tmp9, 10
call DLLASPRAPI

B_GMI_2:
log EmuAddr, "GetModeInformation  "
scmp caller, "lab84"
je B_GMI_3
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 40
add tmp6, 4
jmp loop8

B_GMI_3:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 40
add tmp6, 8
jmp loop8

//GetHardwareID
B_GHI:
mov tmp3, EmuAddr
mov [tmp3], #B890909000C3#
add tmp3, 1
mov tmp4, EmuAddr
add tmp4, 10
mov [tmp4], #31323334353637382D34343434#
sub tmp4, imgbase
add tmp4, imgbasefromdisk
mov [tmp3], tmp4
log EmuAddr, "GetHardwareID  "
cmp isdll, 1
jne B_GHI_1
mov tmp9, EmuAddr
add tmp9, 1
call DLLASPRAPI

B_GHI_1:
scmp caller, "lab84"
je B_GHI_2
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 20
add tmp6, 4
jmp loop8

B_GHI_2:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 20
add tmp6, 8
jmp loop8

//Asprotect v2.11
loop9:
mov tmp7, AsprAPIloc
scmp caller, "lab84"
je loop9_2
mov tmp1, [tmp6]
GMEMI tmp1, MEMORYOWNER
mov tmp2, $RESULT
cmp tmp2, dllimgbase
jne lab48
mov tmp8, 0    //reset counter

loop9_1:
cmp tmp8, tmp5       //compare all the API in AsprAPIloc?
ja error
mov tmp2, [tmp7]     //AsprAPIloc
cmp tmp1, tmp2
je loop9_3
add tmp7, 4
add tmp8, 1
jmp loop9_1 

loop9_2:
//log tmp6
mov tmp1, [tmp6]
cmp tmp1, 0
je lab48
mov tmp8, [tmp6+4]

//0-GetRegistrationKeys,1-GetRegistrationInformation,2-SaveKey,3-CheckKey
//4-CheckKeyAndDecrypt,5-GetKeyDate,6-GetKeyExpirationDate,7-GetTrialDays
//8-GetTrialExecs,9-GetExpirationDate,A-GetModeInformation,B-GetHardwareID
//C-SetUserKey
loop9_3:
cmp tmp8, 1
je C_GRI
cmp tmp8, 3
je C_CK
cmp tmp8, 4
je C_CKAD
cmp tmp8, 5
je C_GKD
cmp tmp8, 6
je C_GKED
cmp tmp8, 7
je C_GTD
cmp tmp8, 8
je C_GTE
cmp tmp8, 9
je C_GED
cmp tmp8, 0A
je C_GMI
cmp tmp8, 0B
je C_GHI
msg "这个 API 没有模拟"
//pause
scmp caller, "lab84"
je loop9_4
add tmp6, 4
jmp loop9

loop9_4:
add tmp6, 8
jmp loop9

//GetRegistrationInformation
C_GRI:
mov tmp3, EmuAddr
mov [tmp3], #8B442404C700909090008B442408C70090909000B801000000C20800#
add tmp3, 6
mov tmp4, EmuAddr
add tmp4, 20
mov [tmp4], #313131313232323233333333#           //111122223333
sub tmp4, imgbase
add tmp4, imgbasefromdisk
mov [tmp3], tmp4
cmp isdll, 1
jne C_GRI_1
mov tmp9, EmuAddr
add tmp9, 6
call DLLASPRAPI

C_GRI_1:
add tmp3, 0A
mov tmp4, EmuAddr
add tmp4, 30
cmp isdll, 1
jne C_GRI_2
mov tmp9, EmuAddr
add tmp9, 10
call DLLASPRAPI

C_GRI_2:
mov [tmp4], #04000000566F6C58#
add tmp4, 4
sub tmp4, imgbase
add tmp4, imgbasefromdisk
mov [tmp3], tmp4
log EmuAddr, "GetRegistrationInformation  "
scmp caller, "lab84"
je C_GRI_3
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 40
add tmp6, 4
jmp loop9

C_GRI_3:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 40
add tmp6, 8
jmp loop9

//CheckKey
C_CK:
mov tmp3, EmuAddr
mov [tmp3], #B801000000C20800#
log EmuAddr, "CheckKey  "
scmp caller, "lab84"
je C_CK_1
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 10
add tmp6, 4
jmp loop9

C_CK_1:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 10
add tmp6, 8
jmp loop9

//CheckKeyAndDecrypt
C_CKAD:
mov tmp3, EmuAddr
mov [tmp3], #B801000000C20C00#
log EmuAddr, "CheckKeyAndDecrypt  "
scmp caller, "lab84"
je C_CKAD_1
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 10
add tmp6, 4
jmp loop9

C_CKAD_1:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 10
add tmp6, 8
jmp loop9

//GetKeyDate
C_GKD:
mov tmp3, EmuAddr
mov [tmp3], #8B44240866C70001008B44240C66C70001008B44241066C700D707B801000000C20C00#
log EmuAddr, "GetKeyDate  "
scmp caller, "lab84"
je C_GKD_1
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 30
add tmp6, 4
jmp loop9

C_GKD_1:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 30
add tmp6, 8
jmp loop9

//GetKeyExpirationDate
C_GKED:
mov tmp3, EmuAddr
mov [tmp3], #8B44240866C7001E008B44240C66C7000C008B44241066C7006B08B801000000C20C00#
log EmuAddr, "GetKeyExpirationDate  "
scmp caller, "lab84"
je C_GKED_1
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 30
add tmp6, 4
jmp loop9

C_GKED_1:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 30
add tmp6, 8
jmp loop9

//GetTrialDays
C_GTD:
mov tmp3, EmuAddr
mov [tmp3], #8B442404C7001E0000008B442408C7001E000000B801000000C20800#
log EmuAddr, "GetTrialDays  "
scmp caller, "lab84"
je C_GTD_1
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 20
add tmp6, 4
jmp loop9

C_GTD_1:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 20
add tmp6, 8
jmp loop9

//GetTrialExecs
C_GTE:
mov tmp3, EmuAddr
mov [tmp3], #8B442404C7001E0000008B442408C7001E000000B801000000C20800#
log EmuAddr, "GetTrialExecs  "
scmp caller, "lab84"
je C_GTE_1
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 20
add tmp6, 4
jmp loop9

C_GTE_1:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 20
add tmp6, 8
jmp loop9

//GetExpirationDate
C_GED:
mov tmp3, EmuAddr
mov [tmp3], #8B44240866C7001E008B44240C66C7000C008B44241066C7006B08B801000000C20C00#
log EmuAddr, "GetExpirationDate  "
scmp caller, "lab84"
je C_GED_1
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 30
add tmp6, 4
jmp loop9

C_GED_1:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 30
add tmp6, 8
jmp loop9

//GetModeInformation
C_GMI:
mov tmp3, EmuAddr
mov [tmp3], #8B442404C700909090008B442408C70090909000B801000000C20C00#
add tmp3, 6
mov tmp4, EmuAddr
add tmp4, 20
mov [tmp4], #53697465204C6963656E7365#           //Site license
sub tmp4, imgbase
add tmp4, imgbasefromdisk
mov [tmp3], tmp4
cmp isdll, 1
jne C_GMI_1
mov tmp9, EmuAddr
add tmp9, 6
call DLLASPRAPI

C_GMI_1:
add tmp3, 0A
mov tmp4, EmuAddr
add tmp4, 30
mov [tmp4], #030000000#
sub tmp4, imgbase
add tmp4, imgbasefromdisk
mov [tmp3], tmp4
cmp isdll, 1
jne C_GMI_2
mov tmp9, EmuAddr
add tmp9, 10
call DLLASPRAPI

C_GMI_2:
log EmuAddr, "GetModeInformation  "
scmp caller, "lab84"
je C_GMI_3
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 40
add tmp6, 4
jmp loop9

C_GMI_3:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 40
add tmp6, 8
jmp loop9

//GetHardwareID
C_GHI:
mov tmp3, EmuAddr
mov [tmp3], #B890909000C3#
add tmp3, 1
mov tmp4, EmuAddr
add tmp4, 10
mov [tmp4], #31323334353637382D34343434#
sub tmp4, imgbase
add tmp4, imgbasefromdisk
mov [tmp3], tmp4
log EmuAddr, "GetHardwareID  "
cmp isdll, 1
jne C_GHI_1
mov tmp9, EmuAddr
add tmp9, 1
call DLLASPRAPI

C_GHI_1:
scmp caller, "lab84"
je C_GHI_2
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 20
add tmp6, 4
jmp loop9

C_GHI_2:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 20
add tmp6, 8
jmp loop9

//Asprotect 2.3 build04.26
loop10:
mov tmp7, AsprAPIloc
scmp caller, "lab84"
je loop10_2
mov tmp1, [tmp6]
GMEMI tmp1, MEMORYOWNER
mov tmp2, $RESULT
cmp tmp2, dllimgbase
jne lab48
mov tmp8, 0    //reset counter

loop10_1:
cmp tmp8, tmp5       //compare all the API in AsprAPIloc?
ja error
mov tmp2, [tmp7]     //AsprAPIloc
cmp tmp1, tmp2
je loop10_3
add tmp7, 4
add tmp8, 1
jmp loop10_1 

loop10_2:
//log tmp6
mov tmp1, [tmp6]
cmp tmp1, 0
je lab48
mov tmp8, [tmp6+4]

//0-GetRegistrationKeys,1-GetRegistrationInformation,2-RemoveKey,3-CheckKey
//4-CheckKeyAndDecrypt,5-GetKeyDate,6-GetKeyExpirationDate,7-GetTrialDays
//8-GetTrialExecs,9-GetExpirationDate,A-GetModeInformation,B-GetHardwareID
//C-GetHardwareIDEx,D-SetUserKey
loop10_3:
cmp tmp8, 1
je D_GRI
cmp tmp8, 2
je D_RK
cmp tmp8, 3
je D_CK
cmp tmp8, 4
je D_CKAD
cmp tmp8, 5
je D_GKD
cmp tmp8, 6
je D_GKED
cmp tmp8, 7
je D_GTD
cmp tmp8, 8
je D_GTE
cmp tmp8, 9
je D_GED
cmp tmp8, 0A
je D_GMI
cmp tmp8, 0B
je D_GHI
cmp tmp8, 0C
je D_GHIE
msg "这个 API 没有模拟"
//pause
scmp caller, "lab84"
je loop10_4
add tmp6, 4
jmp loop10

loop10_4:
add tmp6, 8
jmp loop10

//GetRegistrationInformation
D_GRI:
mov tmp3, EmuAddr
mov [tmp3], #8B442408C700909090008B44240CC70090909000B801000000C20C00#
add tmp3, 6
mov tmp4, EmuAddr
add tmp4, 20
mov [tmp4], #313131313232323233333333#           //111122223333
sub tmp4, imgbase
add tmp4, imgbasefromdisk
mov [tmp3], tmp4
cmp isdll, 1
jne D_GRI_1
mov tmp9, EmuAddr
add tmp9, 6
call DLLASPRAPI

D_GRI_1:
add tmp3, 0A
mov tmp4, EmuAddr
add tmp4, 30
cmp isdll, 1
jne D_GRI_2
mov tmp9, EmuAddr
add tmp9, 10
call DLLASPRAPI

D_GRI_2:
mov [tmp4], #04000000566F6C58#
add tmp4, 4
sub tmp4, imgbase
add tmp4, imgbasefromdisk
mov [tmp3], tmp4
log EmuAddr, "GetRegistrationInformation  "
scmp caller, "lab84"
je D_GRI_3
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 40
add tmp6, 4
jmp loop10

D_GRI_3:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 40
add tmp6, 8
jmp loop10

//RemoveKey
D_RK:
mov tmp3, EmuAddr
mov [tmp3], #B801000000C20C00#
log EmuAddr, "RemoveKey  "
scmp caller, "lab84"
je D_RK_1
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 10
add tmp6, 4
jmp loop10

D_RK_1:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 10
add tmp6, 8
jmp loop10

//CheckKey
D_CK:
mov tmp3, EmuAddr
mov [tmp3], #B801000000C20C00#
log EmuAddr, "CheckKey  "
scmp caller, "lab84"
je D_CK_1
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 10
add tmp6, 4
jmp loop10

D_CK_1:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 10
add tmp6, 8
jmp loop10

//CheckKeyAndDecrypt
D_CKAD:
mov tmp3, EmuAddr
mov [tmp3], #B801000000C20C00#
log EmuAddr, "CheckKeyAndDecrypt  "
scmp caller, "lab84"
je D_CKAD_1
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 10
add tmp6, 4
jmp loop10

D_CKAD_1:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 10
add tmp6, 8
jmp loop10

//GetKeyDate
D_GKD:
mov tmp3, EmuAddr
mov [tmp3], #8B44240866C70001008B44240C66C70001008B44241066C700D707B801000000C21000#
log EmuAddr, "GetKeyDate  "
scmp caller, "lab84"
je D_GKD_1
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 30
add tmp6, 4
jmp loop10

D_GKD_1:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 30
add tmp6, 8
jmp loop10

//GetKeyExpirationDate
D_GKED:
mov tmp3, EmuAddr
mov [tmp3], #8B44240866C7001E008B44240C66C7000C008B44241066C7006B08B801000000C21000#
log EmuAddr, "GetKeyExpirationDate  "
scmp caller, "lab84"
je D_GKED_1
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 30
add tmp6, 4
jmp loop10

D_GKED_1:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 30
add tmp6, 8
jmp loop10

//GetTrialDays
D_GTD:
mov tmp3, EmuAddr
mov [tmp3], #8B442408C7001E0000008B44240CC7001E000000B801000000C20C00#
log EmuAddr, "GetTrialDays  "
scmp caller, "lab84"
je D_GTD_1
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 20
add tmp6, 4
jmp loop10

D_GTD_1:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 20
add tmp6, 8
jmp loop10

//GetTrialExecs
D_GTE:
mov tmp3, EmuAddr
mov [tmp3], #8B442408C7001E0000008B44240CC7001E000000B801000000C20C00#
log EmuAddr, "GetTrialExecs  "
scmp caller, "lab84"
je D_GTE_1
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 20
add tmp6, 4
jmp loop10

D_GTE_1:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT
add EmuAddr, 20
add tmp6, 8
jmp loop10

//GetExpirationDate
D_GED:
mov tmp3, EmuAddr
mov [tmp3], #8B44240866C7001E008B44240C66C7000C008B44241066C7006B08B801000000C21000#
log EmuAddr, "GetExpirationDate  "
scmp caller, "lab84"
je D_GED_1
mov tmp3, EmuAddr
sub tmp3, imgbase
add tmp3, imgbasefromdisk
mov [tmp6], tmp3
add EmuAddr, 30
add tmp6, 4
jmp loop10

D_GED_1:
eval "jmp 0{EmuAddr}"
asm tmp1, $RESULT