0046DF04 sub_46DF04 proc near ; CODE XREF: EXECryptor_GetTria

1. 0046DF04 sub_46DF04 proc near ; CODE XREF: EXECryptor_GetTrialDaysLeft:loc_46F2B9p
2. 0046DF04 ; 00470473p
3. 0046DF04 ; sub_4707C4+83p
4. 0046DF04 ; DATA XREF: sub_472564+C5o
5. 0046DF04 ; sub_472564+D2o
6. 0046DF04 ; sub_472564+DCo
7. 0046DF04 ; ProtectFile+1674o
8. 0046DF04 ; ProtectFile+20D2o
9. 0046DF04
10. 0046DF04 var_64 = dword ptr -64h
11. 0046DF04 var_60 = dword ptr -60h
12. 0046DF04 var_5C = dword ptr -5Ch
13. 0046DF04 var_54 = dword ptr -54h
14. 0046DF04 var_50 = dword ptr -50h
15. 0046DF04 FatTime = word ptr -3Ch
16. 0046DF04 var_38 = dword ptr -38h
17. 0046DF04 var_34 = dword ptr -34h
18. 0046DF04 var_2C = dword ptr -2Ch
19. 0046DF04 var_28 = dword ptr -28h
20. 0046DF04 FileTime = FILETIME ptr -24h
21. 0046DF04 ReturnCode = dword ptr -1Ch
22. 0046DF04 ExitTime = _FILETIME ptr -18h
23. 0046DF04 CreationTime = _FILETIME ptr -10h
24. 0046DF04 lParam = dword ptr -8
25. 0046DF04 var_4 = dword ptr -4
26. 0046DF04
27. 0046DF04 push ebp
28. 0046DF05 mov ebp, esp
29. 0046DF07 add esp, 0FFFFFFA4h
30. 0046DF0A call sub_46B6D0
31. 0046DF0A
32. 0046DF0F test al, al
33. 0046DF11 jz go_on_5
34. 0046DF11
35. 0046DF17 mov [ebp+lParam], 0FFFFFFFFh
36. 0046DF1E mov [ebp+var_4], 7FFFFFFFh
37. 0046DF25 call GetCurrentProcessId_
38. 0046DF25
39. 0046DF2A mov ds:ProcessId, eax
40. 0046DF2F xor eax, eax
41. 0046DF31 mov ds:dword_6E0268, eax
42. 0046DF36 call sub_46A85C
43. 0046DF36
44. 0046DF3B test al, al
45. 0046DF3D jz short loc_46DF50
46. 0046DF3D
47. 0046DF3F lea eax, [ebp+lParam]
48. 0046DF42 push eax ; lParam
49. 0046DF43 lea eax, sub_46DD14
50. 0046DF49 push eax ; lpEnumFunc
51. 0046DF4A call EnumWindows_
52. 0046DF4A
53. 0046DF4F retn
54. 0046DF4F
55. 0046DF50 ; ---------------------------------------------------------------------------
56. 0046DF50
57. 0046DF50 loc_46DF50: ; CODE XREF: sub_46DF04+39j
58. 0046DF50 call sub_46A85C
59. 0046DF50
60. 0046DF55 test al, al
61. 0046DF57 jz short loc_46DF63
62. 0046DF57
63. 0046DF59 lea eax, [ebp+FileTime]
64. 0046DF5C push eax ; lpSystemTimeAsFileTime
65. 0046DF5D call GetSystemTimeAsFileTime_
66. 0046DF5D
67. 0046DF62 retn
68. 0046DF62
69. 0046DF63 ; ---------------------------------------------------------------------------
70. 0046DF63
71. 0046DF63 loc_46DF63: ; CODE XREF: sub_46DF04+53j
72. 0046DF63 call sub_46A85C
73. 0046DF63
74. 0046DF68 test al, al
75. 0046DF6A jz short loc_46DF9A
76. 0046DF6A
77. 0046DF6C mov [ebp+var_2C], 0
78. 0046DF73 mov [ebp+var_28], 0
79. 0046DF7A push 0
80. 0046DF7C push 20h
81. 0046DF7E lea eax, [ebp+var_5C]
82. 0046DF81 push eax
83. 0046DF82 push 3
84. 0046DF84 call NtQuerySystemInformation_
85. 0046DF84
86. 0046DF89 test eax, eax
87. 0046DF8B jnz short locret_46DF99
88. 0046DF8B
89. 0046DF8D mov eax, [ebp+var_54]
90. 0046DF90 mov [ebp+var_2C], eax
91. 0046DF93 mov eax, [ebp+var_50]
92. 0046DF96 mov [ebp+var_28], eax
93. 0046DF96
94. 0046DF99
95. 0046DF99 locret_46DF99: ; CODE XREF: sub_46DF04+87j
96. 0046DF99 retn
97. 0046DF99
98. 0046DF9A ; ---------------------------------------------------------------------------
99. 0046DF9A
100. 0046DF9A loc_46DF9A: ; CODE XREF: sub_46DF04+66j
101. 0046DF9A call sub_46A85C
102. 0046DF9A
103. 0046DF9F test al, al
104. 0046DFA1 jz short loc_46DFEB
105. 0046DFA1
106. 0046DFA3 mov eax, [ebp+FileTime.dwLowDateTime]
107. 0046DFA6 mov edx, [ebp+FileTime.dwHighDateTime]
108. 0046DFA9 push edx
109. 0046DFAA push eax
110. 0046DFAB call GetTickCount_
111. 0046DFAB
112. 0046DFB0 xor edx, edx
113. 0046DFB2 push edx
114. 0046DFB3 push eax
115. 0046DFB4 push 0
116. 0046DFB6 push 10000
117. 0046DFBB call ImulValues
118. 0046DFBB
119. 0046DFC0 sub [esp+64h+var_64], eax
120. 0046DFC3 sbb [esp+64h+var_60], edx
121. 0046DFC7 pop eax
122. 0046DFC8 pop edx
123. 0046DFC9 mov [ebp+var_38], eax
124. 0046DFCC mov [ebp+var_34], edx
125. 0046DFCF lea eax, [ebp+ExitTime]
126. 0046DFD2 push eax ; lpUserTime
127. 0046DFD3 lea eax, [ebp+ExitTime]
128. 0046DFD6 push eax ; lpKernelTime
129. 0046DFD7 lea eax, [ebp+ExitTime]
130. 0046DFDA push eax ; lpExitTime
131. 0046DFDB lea eax, [ebp+CreationTime]
132. 0046DFDE push eax ; lpCreationTime
133. 0046DFDF call GetCurrentProcess_
134. 0046DFDF
135. 0046DFE4 push eax ; hProcess
136. 0046DFE5 call GetProcessTimes_
137. 0046DFE5
138. 0046DFEA retn
139. 0046DFEA
140. 0046DFEB ; ---------------------------------------------------------------------------
141. 0046DFEB
142. 0046DFEB loc_46DFEB: ; CODE XREF: sub_46DF04+9Dj
143. 0046DFEB cmp [ebp+var_28], 0
144. 0046DFEF jnz short loc_46DFF5
145. 0046DFEF
146. 0046DFF1 cmp [ebp+var_2C], 0
147. 0046DFF1
148. 0046DFF5
149. 0046DFF5 loc_46DFF5: ; CODE XREF: sub_46DF04+EBj
150. 0046DFF5 jz short go_on_1
151. 0046DFF5
152. 0046DFF7 push [ebp+var_28]
153. 0046DFFA push [ebp+var_2C]
154. 0046DFFD push [ebp+FileTime.dwHighDateTime]
155. 0046E000 push [ebp+FileTime.dwLowDateTime]
156. 0046E003 call sub_46DDDC
157. 0046E003
158. 0046E008 test al, al
159. 0046E00A jnz short go_on_1
160. 0046E00A
161. 0046E00C
162. 0046E00C bad_boy_1:
163. 0046E00C call DisplayError_ClockManipulationDetected
164. 0046E00C
165. 0046E011 movzx eax, ax
166. 0046E014 mov [ebp+ReturnCode], eax
167. 0046E017 jmp exit
168. 0046E017
169. 0046E01C ; ---------------------------------------------------------------------------
170. 0046E01C
171. 0046E01C go_on_1: ; CODE XREF: sub_46DF04:loc_46DFF5j
172. 0046E01C ; sub_46DF04+106j
173. 0046E01C cmp [ebp+var_4], 7FFFFFFFh
174. 0046E023 jnz short loc_46E029
175. 0046E023
176. 0046E025 cmp [ebp+lParam], 0FFFFFFFFh
177. 0046E025
178. 0046E029
179. 0046E029 loc_46E029: ; CODE XREF: sub_46DF04+11Fj
180. 0046E029 jz short go_on_4
181. 0046E029
182. 0046E02B mov eax, [ebp+FileTime.dwLowDateTime]
183. 0046E02E mov edx, [ebp+FileTime.dwHighDateTime]
184. 0046E031 cmp edx, [ebp+var_4]
185. 0046E034 jnz short loc_46E03D
186. 0046E034
187. 0046E036 cmp eax, [ebp+lParam]
188. 0046E039 jnb short go_on_2
189. 0046E039
190. 0046E03B jmp short bad_boy_2
191. 0046E03B
192. 0046E03D ; ---------------------------------------------------------------------------
193. 0046E03D
194. 0046E03D loc_46E03D: ; CODE XREF: sub_46DF04+130j
195. 0046E03D jge short go_on_2
196. 0046E03D
197. 0046E03F
198. 0046E03F bad_boy_2: ; CODE XREF: sub_46DF04+137j
199. 0046E03F call DisplayError_ClockManipulationDetected
200. 0046E03F
201. 0046E044 movzx eax, ax
202. 0046E047 mov [ebp+ReturnCode], eax
203. 0046E04A jmp exit
204. 0046E04A
205. 0046E04F ; ---------------------------------------------------------------------------
206. 0046E04F
207. 0046E04F go_on_2: ; CODE XREF: sub_46DF04+135j
208. 0046E04F ; sub_46DF04:loc_46E03Dj
209. 0046E04F mov eax, [ebp+CreationTime.dwLowDateTime]
210. 0046E052 mov edx, [ebp+CreationTime.dwHighDateTime]
211. 0046E055 cmp edx, [ebp+var_4]
212. 0046E058 jnz short loc_46E061
213. 0046E058
214. 0046E05A cmp eax, [ebp+lParam]
215. 0046E05D jnb short go_on_3
216. 0046E05D
217. 0046E05F jmp short bad_boy_3
218. 0046E05F
219. 0046E061 ; ---------------------------------------------------------------------------
220. 0046E061
221. 0046E061 loc_46E061: ; CODE XREF: sub_46DF04+154j
222. 0046E061 jge short go_on_3
223. 0046E061
224. 0046E063
225. 0046E063 bad_boy_3: ; CODE XREF: sub_46DF04+15Bj
226. 0046E063 call DisplayError_ClockManipulationDetected
227. 0046E063
228. 0046E068 movzx eax, ax
229. 0046E06B mov [ebp+ReturnCode], eax
230. 0046E06E jmp exit
231. 0046E06E
232. 0046E073 ; ---------------------------------------------------------------------------
233. 0046E073
234. 0046E073 go_on_3: ; CODE XREF: sub_46DF04+159j
235. 0046E073 ; sub_46DF04:loc_46E061j
236. 0046E073 mov eax, [ebp+lParam]
237. 0046E076 mov edx, [ebp+var_4]
238. 0046E079 add edx, 100h
239. 0046E07F cmp edx, [ebp+var_34]
240. 0046E082 jnz short loc_46E08B
241. 0046E082
242. 0046E084 cmp eax, [ebp+var_38]
243. 0046E087 jnb short go_on_4
244. 0046E087
245. 0046E089 jmp short bad_boy_4
246. 0046E089
247. 0046E08B ; ---------------------------------------------------------------------------
248. 0046E08B
249. 0046E08B loc_46E08B: ; CODE XREF: sub_46DF04+17Ej
250. 0046E08B jge short go_on_4
251. 0046E08B
252. 0046E08D
253. 0046E08D bad_boy_4: ; CODE XREF: sub_46DF04+185j
254. 0046E08D call DisplayError_ClockManipulationDetected
255. 0046E08D
256. 0046E092 movzx eax, ax
257. 0046E095 mov [ebp+ReturnCode], eax
258. 0046E098 jmp short exit
259. 0046E098
260. 0046E09A ; ---------------------------------------------------------------------------
261. 0046E09A
262. 0046E09A go_on_4: ; CODE XREF: sub_46DF04:loc_46E029j
263. 0046E09A ; sub_46DF04+183j
264. 0046E09A ; sub_46DF04:loc_46E08Bj
265. 0046E09A mov eax, [ebp+FileTime.dwLowDateTime]
266. 0046E09D mov edx, [ebp+FileTime.dwHighDateTime]
267. 0046E0A0 add edx, 100h
268. 0046E0A6 cmp edx, [ebp+CreationTime.dwHighDateTime]
269. 0046E0A9 jnz short loc_46E0B2
270. 0046E0A9
271. 0046E0AB cmp eax, [ebp+CreationTime.dwLowDateTime]
272. 0046E0AE jnb short loc_46E0D4
273. 0046E0AE
274. 0046E0B0 jmp short bad_boy_5
275. 0046E0B0
276. 0046E0B2 ; ---------------------------------------------------------------------------
277. 0046E0B2
278. 0046E0B2 loc_46E0B2: ; CODE XREF: sub_46DF04+1A5j
279. 0046E0B2 jge short loc_46E0D4
280. 0046E0B2
281. 0046E0B4
282. 0046E0B4 bad_boy_5: ; CODE XREF: sub_46DF04+1ACj
283. 0046E0B4 call DisplayError_ClockManipulationDetected
284. 0046E0B4
285. 0046E0B9 movzx eax, ax
286. 0046E0BC mov [ebp+ReturnCode], eax
287. 0046E0BF jmp short exit
288. 0046E0BF
289. 0046E0C1 ; ---------------------------------------------------------------------------
290. 0046E0C1
291. 0046E0C1 go_on_5: ; CODE XREF: sub_46DF04+Dj
292. 0046E0C1 call sub_46A85C
293. 0046E0C1
294. 0046E0C6 test al, al
295. 0046E0C8 jz short loc_46E0D4
296. 0046E0C8
297. 0046E0CA lea eax, [ebp+FileTime]
298. 0046E0CD push eax ; lpSystemTimeAsFileTime
299. 0046E0CE call GetSystemTimeAsFileTime_
300. 0046E0CE
301. 0046E0D3 retn
302. 0046E0D3
303. 0046E0D4 ; ---------------------------------------------------------------------------
304. 0046E0D4
305. 0046E0D4 loc_46E0D4: ; CODE XREF: sub_46DF04+1AAj
306. 0046E0D4 ; sub_46DF04:loc_46E0B2j
307. 0046E0D4 ; sub_46DF04+1C4j
308. 0046E0D4 call sub_46A85C
309. 0046E0D4
310. 0046E0D9 test al, al
311. 0046E0DB jz short pre_exit
312. 0046E0DB
313. 0046E0DD lea eax, [ebp+FileTime]
314. 0046E0E0 push eax ; lpLocalFileTime
315. 0046E0E1 lea eax, [ebp+FileTime]
316. 0046E0E4 push eax ; lpFileTime
317. 0046E0E5 call FileTimeToLocalFileTime_
318. 0046E0E5
319. 0046E0EA lea eax, [ebp+FatTime]
320. 0046E0ED push eax ; lpFatTime
321. 0046E0EE lea eax, [ebp-3Ah]
322. 0046E0F1 push eax ; lpFatDate
323. 0046E0F2 lea eax, [ebp+FileTime]
324. 0046E0F5 push eax ; lpFileTime
325. 0046E0F6 call FileTimeToDosDateTime_
326. 0046E0F6
327. 0046E0FB retn
328. 0046E0FB
329. 0046E0FC ; ---------------------------------------------------------------------------
330. 0046E0FC
331. 0046E0FC pre_exit: ; CODE XREF: sub_46DF04+1D7j
332. 0046E0FC movzx eax, word ptr [ebp-3Ah]
333. 0046E100 mov [ebp+ReturnCode], eax
334. 0046E100
335. 0046E103
336. 0046E103 exit: ; CODE XREF: sub_46DF04+113j
337. 0046E103 ; sub_46DF04+146j
338. 0046E103 ; sub_46DF04+16Aj
339. 0046E103 ; sub_46DF04+194j
340. 0046E103 ; sub_46DF04+1BBj
341. 0046E103 mov eax, [ebp+ReturnCode]
342. 0046E106 mov esp, ebp
343. 0046E108 pop ebp
344. 0046E109 retn
345. 0046E109
346. 0046E109 sub_46DF04 endp