简介:
ESET NOD32 是世界排名第三的杀毒软件,其以轻快巧著称,下载地址 :http://www.skycn.com/soft/37962.html
这个小工具的作用是自动从网上ESET ID发布页获取最新ID,然后用ID到官方进行验证,验证可用就写入本地注册表来修改ESET的ID信息。
本程序涉及了wininet 函数库,AOGO的正则表达式的使用,托盘气泡提示,配置文件的读取等等,希望对大家有所帮助!
另外程序可能存在各种BUG,欢迎测试告知,谢谢!
代码:
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ; Programmed by nohacks, nohacks@163.com ; Website: http://hi.baidu.com/nohacks ; Win32 ASM is Masm ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ; 版本信息 ; Eset_Nohacks_AUTOID V1.0 - ESET ID自动获取填写工具(适用2.x和3.x版本) ; ; nohacks 2009年 6 月 26 日 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> .586 .model flat, stdcall ;32 bit memory model option casemap :none ;case sensitive include ESET_AUTOID.inc include Express.inc includelib Express.lib ;######################################################################### .Const RegEset30 db "SOFTWARE\Eset\ESET Security\CurrentVersion\Plugins\01000400\Profiles\@My profile\",0 RegEset27 db "SOFTWARE\Eset\Nod\CurrentVersion\Modules\Update\Settings\Config000\Settings\",0 Express db 'username?*[%]{[a-z]+-[0-9]+}?*<\>>password?*[%]{[a-z,0-9]+}',0 .data PassBytes db 97, 214, 212, 233, 221, 240, 251, 242, 91, 100, 53, 173, 183, 200, 25, 117, 236, 49, 43, 188 UserPass db '%s--%s',0 template db '%1d',0 ininame db ".\ESET_AUTOID.ini",0 Section db "SETUP",0 keyname db "ECHO",0 myecho db "NO",0 .data? hInstance dd ? Winhwnd dd ? hwnd dd ? @echo dd ? @hKey dd ? lpRet POINT 10 dup(<?>) iCount dd ? iecho db 10 dup(0) note mNOTIFYICONDATA <> ;######################################################################### .code start: invoke GetModuleHandle,NULL mov hInstance,eax invoke InitCommonControls invoke GetPrivateProfileString,addr Section,addr keyname,addr myecho,addr iecho ,size iecho ,addr ininame invoke lstrlen, addr iecho invoke CharUpperBuff,addr iecho ,eax invoke lstrcmp,addr iecho,CTEXT("OFF") .IF EAX==0 mov @echo,0 .else mov @echo,1 .endif invoke DialogBoxParam,hInstance,IDD_DIALOG1,NULL,addr DlgProc,NULL invoke ExitProcess,0 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ;文本串去空格拷贝过程, 参数:输入文本,输出缓存 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Trim proc uses esi edi ecx edx ebx , lpstr,Buffer mov esi,lpstr mov edi ,Buffer xor ecx,ecx xor edx,edx .while TRUE mov al,20h mov ah ,byte ptr[esi+ecx] .if ah==al inc edx .else mov ebx, ecx sub ebx,edx mov byte ptr[edi+ebx],ah .if ah==0 ret .endif .endif inc ecx .endw ret Trim endp ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ;调试用,信息框显示数值 参数:标题,待显示数值 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> debugbox proc text:dword,dwDword:dword LOCAL posBuffer[10]:byte invoke wsprintf,addr posBuffer,addr template,dwDword invoke MessageBox, NULL, addr posBuffer, text, MB_OK debugbox endp ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ;正则表达式取子文本,参数:POINT地址,输出缓存,缓存大小 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> GetRetString proc uses edx , lpPOINT,lpRetString,iSize mov edx,lpPOINT mov eax,[edx].POINT.y sub eax,[edx].POINT.x .if eax>iSize mov eax,iSize .endif push eax invoke RtlMoveMemory,lpRetString,[edx].POINT.x,eax pop eax mov edx,lpRetString mov BYTE ptr [edx+eax],0 ret GetRetString endp ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ;NOD32_ID验证过程,参数:用户名,密码 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> TestID proc uses edx lpuser:dword,lppass:dword LOCAL hOpen,hConnect,hRequest,dwSize,status invoke InternetOpen,CTEXT("nohacks_autoid"),INTERNET_OPEN_TYPE_PRECONFIG,NULL,NULL,0 mov hOpen,eax .IF eax==0 invoke InternetCloseHandle,hOpen mov eax,-1 ret .endif invoke InternetConnect,hOpen,CTEXT("download.eset.com"),INTERNET_DEFAULT_HTTP_PORT,lpuser,lppass,INTERNET_SERVICE_HTTP,0,0 mov hConnect,eax .IF eax==0 invoke InternetCloseHandle,hOpen invoke InternetCloseHandle,hConnect mov eax,-1 ret .endif invoke HttpOpenRequest,hConnect, CTEXT("GET"),CTEXT("/download/win"),NULL, NULL, 0, INTERNET_FLAG_KEEP_CONNECTION, 0 mov hRequest,eax .IF eax==0 invoke InternetCloseHandle,hOpen invoke InternetCloseHandle,hConnect invoke HttpEndRequest ,hRequest,NULL, NULL,NULL mov eax,-1 ret .endif invoke HttpSendRequest ,hRequest,NULL,0,NULL,0 .IF eax==0 invoke InternetCloseHandle,hOpen invoke InternetCloseHandle,hConnect invoke HttpEndRequest ,hRequest,NULL, NULL,NULL mov eax,-1 ret .endif mov dwSize,4 mov status,0 invoke HttpQueryInfo,hRequest,HTTP_QUERY_STATUS_CODE + HTTP_QUERY_FLAG_NUMBER , addr status , addr dwSize , 0 .IF eax==0 invoke InternetCloseHandle,hOpen invoke InternetCloseHandle,hConnect invoke HttpEndRequest ,hRequest,NULL, NULL,NULL mov eax,-1 ret .endif invoke InternetCloseHandle,hOpen invoke InternetCloseHandle,hConnect invoke InternetCloseHandle,hRequest invoke HttpEndRequest ,hRequest,NULL, NULL,NULL ;invoke debugbox,CTEXT("status"),status .if status!=0 .if status!=401 ; invoke debugbox,CTEXT("status"),status mov eax,TRUE ret .endif .endif xor eax,eax ret TestID endp ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ;向系统托盘中写入图标 输入:窗口句柄 图标id 自定义消息 图标句柄 显示文本 标题 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> _ProcTaskQiPao proc _hWnd,_dwId,_dwWm,_hIcon,_szBuffer,_szTitle local @stNid:mNOTIFYICONDATA .if @echo==0 ret .endif mov @stNid.cbSize,sizeof mNOTIFYICONDATA push _hWnd pop @stNid.hwnd push _dwId pop @stNid.uID mov @stNid.uFlags, NIF_INFO push _dwWm pop @stNid.uCallbackMessage push _hIcon pop @stNid.hIcon mov @stNid.dwInfoFlags,0 mov @stNid.uTimeoutOrVersion,3000 ;invoke lstrcpy,addr @stNid.szTip,_szText invoke lstrcpy,addr @stNid.szInfo,_szBuffer invoke lstrcpy,addr @stNid.szInfoTitle,_szTitle invoke Shell_NotifyIcon,NIM_MODIFY,addr @stNid ret _ProcTaskQiPao endp ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ;ESET ID 密码加密过程,参数:源码,输出缓存 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> EnCode proc uses edi ebx lpEnCode,lpEnDestBuff xor edi,edi lea eax,PassBytes mov edx,lpEnCode mov ebx,lpEnDestBuff .while edi < 10 mov cl,BYTE ptr [edx+edi] ;把密码逐位移到CL xor cl,BYTE ptr [eax+edi*2] ;;关键代码: 与编码奇数位进行位异或运算 mov BYTE ptr [ebx+edi*2],cl ;奇数位移到缓存 mov cl,BYTE ptr [eax+edi*2-1] ;偶数位移到缓存 mov BYTE ptr [ebx+edi*2-1] ,cl inc edi .endw mov eax,ebx ret EnCode endp ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ;ESET ID 密码解密过程,参数:源码,输出缓存 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> DeCode proc uses edi ebx lpEnCode,lpDeDestBuff xor edi,edi lea eax,PassBytes mov edx,lpEnCode mov ebx,lpDeDestBuff .while edi < 10 mov cl,BYTE ptr [edx+edi*2] ;把加密后的密码奇数位移到CL xor cl,BYTE ptr [eax+edi*2] ;关键代码: 与编码奇数位进行位异或运算 mov BYTE ptr [ebx+edi],cl ;奇数位移到缓存 inc edi .endw mov eax,ebx ret DeCode endp ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ;ESET ID获取过程,返回地址,参数:分发页网址 ,输出用户名,输出密码,获取个数上限,可以为空,默认100 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> GetEsetid proc uses ebx edx, url, lpUser,lpPass,ldNum LOCAL hOpen,hOpenUrl,dwSize,status,@pMemory,@lpcdData,@start,@end LOCAL @lpUser[20]:BYTE LOCAL @lpPass[20]:BYTE LOCAL @Pass[20]:BYTE LOCAL @TEMP[100]:BYTE ;开始获取ID分发页源码 invoke InternetOpen,CTEXT("nohacks_autoid"),INTERNET_OPEN_TYPE_PRECONFIG,NULL,NULL,0 .IF eax==0 invoke InternetCloseHandle,hOpen mov eax,-1 ret .endif mov hOpen,eax invoke InternetOpenUrl,hOpen,url,NULL,0,INTERNET_FLAG_TRANSFER_BINARY+INTERNET_FLAG_PRAGMA_NOCACHE,0 .IF eax==0 invoke InternetCloseHandle,hOpen invoke InternetCloseHandle,hOpenUrl mov eax,-1 ret .endif mov hOpenUrl,eax mov dwSize,4 mov status,0 invoke HttpQueryInfo,hOpenUrl,HTTP_QUERY_CONTENT_LENGTH + HTTP_QUERY_FLAG_NUMBER , addr status , addr dwSize , 0 .IF eax==0 invoke InternetCloseHandle,hOpen invoke InternetCloseHandle,hOpenUrl mov eax,-1 ret .endif invoke GlobalAlloc,0, status+1 mov @pMemory,eax .if (!eax) mov eax,-2 ret .endif invoke RtlZeroMemory ,@pMemory,status+1 ;成功获取ID分发页源码,保存在申请的空间 @pMemory invoke InternetReadFile,hOpenUrl, @pMemory,status,addr @lpcdData .if (!eax) mov eax,-3 ret .endif invoke InternetCloseHandle,hOpen invoke InternetCloseHandle,hOpenUrl ;DebugCode: invoke debugbox,CTEXT("status"),status ;===========开始循环获取验证ID=================== ;设置搜索开始地址 push @pMemory pop @start ;设置搜索结束地址 mov eax,status add eax,@pMemory mov @end,eax .if ldNum==NULL mov ldNum,100 .endif .WHILE ldNum>0 dec ldNum mov iCount,3 invoke ExpressSearch,0,@start,@end,addr Express,addr lpRet,addr iCount,EF_USEEXPRESS .BREAK .if (eax==0) ;后移开始地址到本次找到的位置尾 push lpRet.y pop @start .if SDWORD ptr eax>0 invoke RtlZeroMemory ,addr @lpUser,sizeof @lpUser invoke RtlZeroMemory ,addr @lpPass,sizeof @lpPass invoke GetRetString,addr lpRet[sizeof POINT],addr @lpUser,sizeof @lpUser-1 invoke GetRetString,addr lpRet[sizeof POINT*2],addr @lpPass,sizeof @lpPass-1 ;输出提示 invoke wsprintf,addr @TEMP,addr UserPass ,addr @lpUser,addr @lpPass invoke _ProcTaskQiPao,Winhwnd,0,WM_NOTIFYICON ,hwnd,addr @TEMP ,CTEXT("正在验证网络ID") invoke TestID,addr @lpUser ,addr @lpPass .if (eax) invoke Trim, addr @lpUser ,lpUser invoke Trim, addr @lpPass ,lpPass ;释放申请内存 invoke GlobalFree, @pMemory mov eax ,TRUE ret .endif .endif .endw invoke GlobalFree, @pMemory mov eax ,FALSE ret GetEsetid endp DlgProc proc hWin:HWND,uMsg:UINT,wParam:WPARAM,lParam:LPARAM LOCAL @lpType,@lpcdData LOCAL hOpen,hOpenUrl,@pMemory LOCAL dwSize,status LOCAL @lpUser[20]:BYTE LOCAL @lpPass[20]:BYTE LOCAL @Pass[20]:BYTE LOCAL @TEMP[100]:BYTE LOCAL temp push hWin pop Winhwnd mov eax,uMsg .if eax==WM_INITDIALOG ;if 1 invoke LoadIcon,hInstance,1 mov hwnd,eax mov note.cbSize,sizeof mNOTIFYICONDATA push hWin pop note.hwnd mov note.uID,IDI_TRAY mov note.uFlags,NIF_ICON+NIF_MESSAGE+NIF_TIP mov note.uCallbackMessage,WM_SHELLNOTIFY push hwnd pop note.hIcon invoke lstrcpy,addr note.szTip,CTEXT("ESET NOD32 ID自动升级工具") invoke Shell_NotifyIcon,NIM_ADD,addr note ; 开始读注册表 invoke RegOpenKeyEx,HKEY_LOCAL_MACHINE, addr RegEset30,\ NULL, KEY_ALL_ACCESS,ADDR @hKey .if eax == ERROR_SUCCESS ;读取ESET本地用户名 regurl: invoke RtlZeroMemory ,addr @lpUser,sizeof @lpUser invoke RegQueryValueEx,@hKey,CTEXT("username"), 0,ADDR @lpType,NULL,addr @lpcdData invoke RegQueryValueEx,@hKey,CTEXT("username"), 0,ADDR @lpType,ADDR @lpUser,addr @lpcdData ; REG_SZ,REG_BINARY .if @lpcdData < 2 jmp IdNull .endif ;读取ESET本地密码 invoke RtlZeroMemory ,addr @lpPass,sizeof @lpPass invoke RegQueryValueEx,@hKey,CTEXT("password"), 0,ADDR @lpType,NULL,addr @lpcdData invoke RegQueryValueEx,@hKey,CTEXT("password"),0,ADDR @lpType,ADDR @lpPass,addr @lpcdData .if @lpcdData < 2 jmp IdNull .endif ;解密 invoke RtlZeroMemory ,addr @Pass,11 invoke DeCode,addr @lpPass,addr @Pass invoke wsprintf,addr @TEMP,addr UserPass ,addr @lpUser,addr @Pass ;输出提示 invoke _ProcTaskQiPao,hWin,0,WM_NOTIFYICON ,hwnd,ADDR @TEMP,CTEXT("正在验证ESET本地ID") ;联网验证ID invoke TestID ,addr @lpUser,addr @Pass .if eax==-1 invoke _ProcTaskQiPao,Winhwnd,0,WM_NOTIFYICON ,hwnd,ADDR @TEMP,CTEXT("连接官网时发生错误,请检查网络!") invoke Sleep,500 jmp exit .endif .IF eax==TRUE invoke _ProcTaskQiPao,hWin,0,WM_NOTIFYICON ,hwnd,ADDR @TEMP,CTEXT("本机ESET ID有效!") invoke Sleep,100 jmp exit .else IdNull: invoke _ProcTaskQiPao,hWin,0,WM_NOTIFYICON ,hwnd,CTEXT("http://www.eset.org.cn"),CTEXT("本机ESET ID无效,获取ID自分发页:") ;数据清零 invoke RtlZeroMemory ,addr @lpUser,sizeof @lpUser invoke RtlZeroMemory ,addr @lpPass,sizeof @lpPass ;获取有效ID invoke GetEsetid ,CTEXT("http://www.eset.org.cn"),addr @lpUser,addr @lpPass,10 .if eax ;写到注册表用户名 invoke lstrlen, addr @lpUser invoke RegSetValueEx,@hKey,CTEXT("username"),0,REG_SZ,addr @lpUser,eax ;解密写入密码 invoke EnCode,addr @lpPass,addr @Pass invoke RegSetValueEx,@hKey,CTEXT("password"), 0,REG_BINARY,addr @Pass , 20 .if (!eax) ;输出成功提示 invoke _ProcTaskQiPao,Winhwnd,0,WM_NOTIFYICON ,hwnd,ADDR @TEMP,CTEXT("有效ID已存入电脑!") invoke Sleep,100 .else invoke _ProcTaskQiPao,Winhwnd,0,WM_NOTIFYICON ,hwnd,ADDR @TEMP,CTEXT("ID存入电脑时发生错误,请检查!") invoke Sleep,500 .endif jmp exit .else invoke _ProcTaskQiPao,Winhwnd,0,WM_NOTIFYICON ,hwnd,ADDR @TEMP,CTEXT("获取ID错误,请检查网络!") invoke Sleep,500 jmp exit .endif .endif .else invoke RegOpenKeyEx,HKEY_LOCAL_MACHINE, addr RegEset27,\ NULL, KEY_ALL_ACCESS,ADDR @hKey .if eax == ERROR_SUCCESS jmp regurl .else invoke MessageBox,NULL,CTEXT("本机没有安装ESET NOD32 "),CTEXT("提示"),MB_ICONERROR+MB_OK ;invoke _ProcTaskQiPao,hWin,0,WM_NOTIFYICON ,hwnd,CTEXT("本机没有安装ESET NOD32 "),CTEXT("提示") ;invoke Sleep,500 jmp exit .endif .endif .elseif eax==WM_COMMAND .elseif eax==WM_CLOSE exit: invoke RegCloseKey,@hKey invoke Shell_NotifyIcon,NIM_DELETE,addr note invoke EndDialog,hWin,0 .else mov eax,FALSE ret .endif mov eax,TRUE ret DlgProc endp end start
[SETUP]
ECHO=ON
;OFF 关闭气泡提示
;ON 显示气泡提示
==========