{
  "RadStudionVersions": [
  {
      "Name": "RAD Studio 11.0 Alexandria",
      "Ver": "28.0.42600.6491",
      "BDSVersion": "22.0",
      "LicVerStr": "11",
      "LicHostPID": 8222,
      "LicHostSKU": 52,
      "LicDelphiPID": 2028,
      "LicCBuilderPID": 4025,
  ]
}
library shfolder;

uses
  Windows;
{$R *.res}

var

  ModHandle: THandle;
  SysPath: PChar;
  pSHGetFolderPathA: Pointer;
  pSHGetFolderPathW: Pointer;
  AdrValueCmp, FinalizeArrayAdr: DWORD;
  TrustPatched: Boolean;
  TrustPatchData: array [0 .. 4] of byte = (
    $33,
    $C0,
    $C2,
    $0C,
    $00
  );

procedure SHGetFolderPathA;
asm
  jmp pSHGetFolderPathA
end;

procedure SHGetFolderPathW;
asm
  jmp pSHGetFolderPathW
end;
procedure AsmCode;
asm
		push eax
		mov eax, AdrValueCmp
		cmp eax, [esp + 4]
		jne @done
		mov eax, [ebp + 2Ch]
		mov byte ptr[eax], 1
	@done:
		pop eax
		jmp FinalizeArrayAdr
end;
//procedure AsmCode;
//asm
//  push eax
//  mov eax, AdrValueCmp
//  cmp eax, dword ptr [esp+$4]
//  jnz @LeaveASm
//  mov eax, dword ptr [ebp-$2C]
//  mov byte ptr [eax], $1
//@LeaveASm:
//  pop eax
//  jmp FinalizeArrayAdr
//end;

function PatchTrustVerify: Boolean;
var
  HdlTrust: THandle;
  ApiAddress: Pointer;
  vOldProtect: DWORD;
begin
  HdlTrust := LoadLibrary('wintrust.dll');
  if HdlTrust <> 0 then
  begin
    ApiAddress := GetProcAddress(HdlTrust, 'WinVerifyTrust');
    if ApiAddress <> nil then
    begin
      VirtualProtect(ApiAddress, 5, PAGE_EXECUTE_READWRITE, @vOldProtect);
      Move(TrustPatchData[0], ApiAddress^, 5);
      VirtualProtect(ApiAddress, 5, vOldProtect, @vOldProtect);
    end;
    ApiAddress := GetProcAddress(HdlTrust, 'WinVerifyTrustEx');
    if ApiAddress <> nil then
    begin
      VirtualProtect(ApiAddress, 5, PAGE_EXECUTE_READWRITE, @vOldProtect);
      Move(TrustPatchData[0], ApiAddress^, 5);
      VirtualProtect(ApiAddress, 5, vOldProtect, @vOldProtect);
    end;
    TrustPatched := True;
  end
  else
    TrustPatched := False;
  Result := TrustPatched;
end;

procedure PatchRadioStudio;
var
  HModule: THandle;
  ModuleCrc, vOldProtect: DWORD;
  ModName: array [0 .. MAX_PATH] of WideChar;
  pModName: PWideChar;
  AdrValueMod: PDWORD;
begin
  HModule := GetModuleHandleW(nil);
//  DisableThreadLibraryCalls(HModule);
  GetModuleFileNameW(HModule, ModName, Length(ModName));
  pModName := @ModName[0];
  while pModName^ <> #0 do
  begin
    Inc(pModName);
  end;
  while pModName^ <> #$5C do
  begin
    Dec(pModName);
  end;
  Inc(pModName);
  if lstrcmpiW(pModName, 'bds.exe') = 0 then
  begin
//    ModuleCrc := CalcFileCRC(ModName);
//    if ModuleCrc = $1EB2EB86 then // CRC32 Value of bds.exe
    begin                      //53B65鈥�
      AdrValueCmp := HModule + $1FBD6;//{$1FBD6} // 琛ヤ竵 璺宠浆FinalizeArray
      AdrValueMod := ptr(HModule + $fce94); //FinalizeArray鐢虫槑
      // &rtl250.System::FinalizeArray
      FinalizeArrayAdr := AdrValueMod^;
      // get the real FinalizeArray api address
      VirtualProtect(AdrValueMod, 4, PAGE_EXECUTE_READWRITE, @vOldProtect);
      AdrValueMod^ := DWORD(@AsmCode); // set a hook of the api
      VirtualProtect(AdrValueMod, 4, vOldProtect, @vOldProtect);
    end;
  end;
  if lstrcmpiW(pModName, 'LicenseManager.exe') = 0 then
  begin
//    ModuleCrc := CalcFileCRC(ModName);
//    if ModuleCrc = $1EB2EB86 then // CRC32 Value of bds.exe
    begin
      AdrValueCmp := HModule + $14A95E;//{$14A95E}; // 琛ヤ竵 璺宠浆FinalizeArray
      AdrValueMod := ptr(HModule + $4BB750); //FinalizeArray鐢虫槑  
      // &rtl250.System::FinalizeArray
      FinalizeArrayAdr := AdrValueMod^;
      // get the real FinalizeArray api address
      VirtualProtect(AdrValueMod, 4, PAGE_EXECUTE_READWRITE, @vOldProtect);
      AdrValueMod^ := DWORD(@AsmCode); // set a hook of the api
      VirtualProtect(AdrValueMod, 4, vOldProtect, @vOldProtect);
    end;
  end;
end;

exports
  SHGetFolderPathW,
  SHGetFolderPathA;

procedure LoadSysVersion;
begin
  GetMem(SysPath, MAX_PATH);
  GetSystemDirectory(SysPath, MAX_PATH);
  SysPath := lstrcat(SysPath, '\shfolder.dll');

  ModHandle := LoadLibrary(SysPath);
  if ModHandle > 0 then
  begin
    pSHGetFolderPathA := GetProcAddress(ModHandle, 'SHGetFolderPathA');
    pSHGetFolderPathW := GetProcAddress(ModHandle, 'SHGetFolderPathW');
    PatchRadioStudio;
  end;
end;

procedure DllMainEntry(dwResaon: DWORD);
begin
  case dwResaon of
    DLL_PROCESS_DETACH:
      ;
    DLL_PROCESS_ATTACH:
      LoadSysVersion;
    DLL_THREAD_ATTACH:
      if not TrustPatched then
        PatchTrustVerify;
    DLL_THREAD_DETACH:
      if not TrustPatched then
        PatchTrustVerify;
  end;
end;

begin
  DllProc := @DllMainEntry;
  DllMainEntry(DLL_PROCESS_ATTACH);
end.
x1.00