教你不花一籽不登录爆破注册"斯纳吉特2023"
本帖最后由 冥界3大法王 于 2023-4-8 22:46 编辑打开软件后,我们发现一上来就来个15天试用
但是,有两种情况:
[*]你得登录才给你试用
[*]你有注册码激活后
才能进入软件界面。。。不然嘿嘿,只有再见!
https://static.52pojie.cn/static/image/hrline/2.gif
第1种情况,申请注册。。还是甭费时间不考虑了,所以我们点下面的输入注册码
这是注册码输入错误的界面
这是后面爆破成功后,才会出现的界面
就出来了这个,随便输入个注册码,就会出来
记录一下错误信息
再点就出来这,还是进不到界面
设法找到有联系的模块名【对应的文件是哪个?】是否出现了某信息?
方法用很多,譬如用TC,譬如用16进制编辑器等等。
00007FF9B0E18757 | FF50 30 | call qword ptr ds: |
00007FF9B0E1875A | 84C0 | test al,al |
00007FF9B0E1875C | 0F84 9E020000 | je tsclicensing.7FF9B0E18A00 | 1)nop 才能见到注册码
00007FF9B0E18762 | 45:33E4 | xor r12d,r12d |
00007FF9B0E18765 | 4C:8965 C0 | mov qword ptr ss:,r12 |
00007FF9B0E18769 | 4C:8965 D0 | mov qword ptr ss:,r12 |
00007FF9B0E1876D | 48:C745 D8 0F000000 | mov qword ptr ss:,F |
00007FF9B0E18775 | 44:8865 C0 | mov byte ptr ss:,r12b |
00007FF9B0E18779 | 49:8B4E 38 | mov rcx,qword ptr ds: | r14+38:"les()"
00007FF9B0E1877D | 48:8B01 | mov rax,qword ptr ds: |
00007FF9B0E18780 | 48:8D55 C0 | lea rdx,qword ptr ss: |
00007FF9B0E18784 | FF50 10 | call qword ptr ds: |
00007FF9B0E18787 | 0F57C0 | xorps xmm0,xmm0 |
00007FF9B0E1878A | F3:0F7F4424 58 | movdqu xmmword ptr ss:,xmm0 |
00007FF9B0E18790 | 49:8B4F 08 | mov rcx,qword ptr ds: |
00007FF9B0E18794 | 48:85C9 | test rcx,rcx |
00007FF9B0E18797 | 74 08 | je tsclicensing.7FF9B0E187A1 |
00007FF9B0E18799 | F0:FF41 08 | lock inc dword ptr ds: |
00007FF9B0E1879D | 49:8B4F 08 | mov rcx,qword ptr ds: |
00007FF9B0E187A1 | 49:8B07 | mov rax,qword ptr ds: |
00007FF9B0E187A4 | 48:894424 58 | mov qword ptr ss:,rax |
00007FF9B0E187A9 | 48:894C24 60 | mov qword ptr ss:,rcx |
00007FF9B0E187AE | 4C:8D45 C0 | lea r8,qword ptr ss: |
00007FF9B0E187B2 | 48:8D5424 58 | lea rdx,qword ptr ss: |
00007FF9B0E187B7 | 49:8BCE | mov rcx,r14 | r14:&"HcA麳+乳4"
00007FF9B0E187BA | E8 C1050000 | call tsclicensing.7FF9B0E18D80 |
00007FF9B0E187BF | 84C0 | test al,al |
00007FF9B0E187C1 | 0F84 F8000000 | je tsclicensing.7FF9B0E188BF |
00007FF9B0E187C7 | 49:8B8E 08010000 | mov rcx,qword ptr ds: | r14+108:"filesystem::filesystem_error: "
00007FF9B0E187CE | 48:8B01 | mov rax,qword ptr ds: |
00007FF9B0E187D1 | FF50 30 | call qword ptr ds: |
00007FF9B0E187D4 | 49:8B4E 18 | mov rcx,qword ptr ds: | r14+18:"nCommonHelper::DeleteLicensingFiles()"
00007FF9B0E187D8 | 48:8B01 | mov rax,qword ptr ds: |
00007FF9B0E187DB | FF50 40 | call qword ptr ds: |
00007FF9B0E187DE | 0F57C0 | xorps xmm0,xmm0 |
00007FF9B0E187E1 | F3:0F7F4424 48 | movdqu xmmword ptr ss:,xmm0 |
00007FF9B0E187E7 | 49:8B4F 08 | mov rcx,qword ptr ds: |
00007FF9B0E187EB | 48:85C9 | test rcx,rcx |
00007FF9B0E187EE | 74 08 | je tsclicensing.7FF9B0E187F8 |
00007FF9B0E187F0 | F0:FF41 08 | lock inc dword ptr ds: |
00007FF9B0E187F4 | 49:8B4F 08 | mov rcx,qword ptr ds: |
00007FF9B0E187F8 | 49:8B07 | mov rax,qword ptr ds: |
00007FF9B0E187FB | 48:894424 48 | mov qword ptr ss:,rax |
00007FF9B0E18800 | 48:894C24 50 | mov qword ptr ss:,rcx |
00007FF9B0E18805 | 4C:8D4424 48 | lea r8,qword ptr ss: |
00007FF9B0E1880A | 49:8BD5 | mov rdx,r13 |
00007FF9B0E1880D | 49:8BCE | mov rcx,r14 | r14:&"HcA麳+乳4"
00007FF9B0E18810 | E8 9BF6FFFF | call tsclicensing.7FF9B0E17EB0 |
00007FF9B0E18815 | 90 | nop |
00007FF9B0E18816 | 48:8B55 D8 | mov rdx,qword ptr ss: |
00007FF9B0E1881A | 48:83FA 10 | cmp rdx,10 |
00007FF9B0E1881E | 72 34 | jb tsclicensing.7FF9B0E18854 |
00007FF9B0E18820 | 48:FFC2 | inc rdx |
00007FF9B0E18823 | 48:8B4D C0 | mov rcx,qword ptr ss: |
00007FF9B0E18827 | 48:8BC1 | mov rax,rcx |
00007FF9B0E1882A | 48:81FA 00100000 | cmp rdx,1000 |
00007FF9B0E18831 | 72 1C | jb tsclicensing.7FF9B0E1884F |
00007FF9B0E18833 | 48:83C2 27 | add rdx,27 |
00007FF9B0E18837 | 48:8B49 F8 | mov rcx,qword ptr ds: |
00007FF9B0E1883B | 48:2BC1 | sub rax,rcx |
00007FF9B0E1883E | 48:83C0 F8 | add rax,FFFFFFFFFFFFFFF8 |
00007FF9B0E18842 | 48:83F8 1F | cmp rax,1F |
00007FF9B0E18846 | 76 07 | jbe tsclicensing.7FF9B0E1884F |
00007FF9B0E18848 | FF15 F2B42500 | call qword ptr ds:[<&_invalid_parameter_n |
00007FF9B0E1884E | CC | int3 |
00007FF9B0E1884F | E8 A8432400 | call tsclicensing.7FF9B105CBFC |
00007FF9B0E18854 | 4C:8965 D0 | mov qword ptr ss:,r12 |
00007FF9B0E18858 | 48:C745 D8 0F000000 | mov qword ptr ss:,F |
00007FF9B0E18860 | C645 C0 00 | mov byte ptr ss:,0 |
00007FF9B0E18864 | 48:8B55 F8 | mov rdx,qword ptr ss: |
00007FF9B0E18868 | 48:83FA 10 | cmp rdx,10 |
00007FF9B0E1886C | 72 34 | jb tsclicensing.7FF9B0E188A2 |
00007FF9B0E1886E | 48:FFC2 | inc rdx |
00007FF9B0E18871 | 48:8B4D E0 | mov rcx,qword ptr ss: |
00007FF9B0E18875 | 48:8BC1 | mov rax,rcx |
00007FF9B0E18878 | 48:81FA 00100000 | cmp rdx,1000 |
00007FF9B0E1887F | 72 1C | jb tsclicensing.7FF9B0E1889D |
00007FF9B0E18881 | 48:83C2 27 | add rdx,27 |
00007FF9B0E18885 | 48:8B49 F8 | mov rcx,qword ptr ds: |
00007FF9B0E18889 | 48:2BC1 | sub rax,rcx |
00007FF9B0E1888C | 48:83C0 F8 | add rax,FFFFFFFFFFFFFFF8 |
00007FF9B0E18890 | 48:83F8 1F | cmp rax,1F |
00007FF9B0E18894 | 76 07 | jbe tsclicensing.7FF9B0E1889D |
00007FF9B0E18896 | FF15 A4B42500 | call qword ptr ds:[<&_invalid_parameter_n |
00007FF9B0E1889C | CC | int3 |
00007FF9B0E1889D | E8 5A432400 | call tsclicensing.7FF9B105CBFC |
00007FF9B0E188A2 | 4C:8965 F0 | mov qword ptr ss:,r12 |
00007FF9B0E188A6 | 48:C745 F8 0F000000 | mov qword ptr ss:,F |
00007FF9B0E188AE | C645 E0 00 | mov byte ptr ss:,0 |
00007FF9B0E188B2 | 49:8BCF | mov rcx,r15 |
00007FF9B0E188B5 | E8 7683FEFF | call tsclicensing.7FF9B0E00C30 |
00007FF9B0E188BA | E9 30020000 | jmp tsclicensing.7FF9B0E18AEF |
00007FF9B0E188BF | 44:896424 40 | mov dword ptr ss:,r12d |
00007FF9B0E188C4 | 41:C686 18010000 01 | mov byte ptr ds:,1 | r14+118:"system_error: "
00007FF9B0E188CC | 49:8B8E C8000000 | mov rcx,qword ptr ds: | r14+C8:" a licensing file due to file system error.\r\n\tfile: "
00007FF9B0E188D3 | 48:8B01 | mov rax,qword ptr ds: |
00007FF9B0E188D6 | FF50 08 | call qword ptr ds: |
00007FF9B0E188D9 | 84C0 | test al,al |
00007FF9B0E188DB | 74 27 | je tsclicensing.7FF9B0E18904 |
00007FF9B0E188DD | 49:8B4E 18 | mov rcx,qword ptr ds: | r14+18:"nCommonHelper::DeleteLicensingFiles()"
00007FF9B0E188E1 | 48:8B01 | mov rax,qword ptr ds: |
00007FF9B0E188E4 | FF50 10 | call qword ptr ds: |
00007FF9B0E188E7 | 49:8B4E 18 | mov rcx,qword ptr ds: | r14+18:"nCommonHelper::DeleteLicensingFiles()"
00007FF9B0E188EB | 48:8B01 | mov rax,qword ptr ds: |
00007FF9B0E188EE | FF50 30 | call qword ptr ds: |
00007FF9B0E188F1 | 84C0 | test al,al |
00007FF9B0E188F3 | 75 0F | jne tsclicensing.7FF9B0E18904 |
00007FF9B0E188F5 | C74424 40 FCFFFFFF | mov dword ptr ss:,FFFFFFFC |
00007FF9B0E188FD | 41:8886 18010000 | mov byte ptr ds:,al | r14+118:"system_error: "
00007FF9B0E18904 | 49:8BB6 F8000000 | mov rsi,qword ptr ds: | r14+F8:"le: "
00007FF9B0E1890B | 48:8B06 | mov rax,qword ptr ds: |
00007FF9B0E1890E | 48:8B78 08 | mov rdi,qword ptr ds: |
00007FF9B0E18912 | 48:8D4424 78 | lea rax,qword ptr ss: |
00007FF9B0E18917 | 48:894424 48 | mov qword ptr ss:,rax |
00007FF9B0E1891C | 4C:896424 78 | mov qword ptr ss:,r12 |
00007FF9B0E18921 | 4C:8965 88 | mov qword ptr ss:,r12 |
00007FF9B0E18925 | 48:C745 90 0F000000 | mov qword ptr ss:,F |
00007FF9B0E1892D | 49:8B0F | mov rcx,qword ptr ds: |
00007FF9B0E18930 | 48:8B01 | mov rax,qword ptr ds: |
00007FF9B0E18933 | FF50 18 | call qword ptr ds: |
00007FF9B0E18936 | 8BD8 | mov ebx,eax |
00007FF9B0E18938 | 49:8B4E 38 | mov rcx,qword ptr ds: | r14+38:"les()"
00007FF9B0E1893C | 48:8B11 | mov rdx,qword ptr ds: |
00007FF9B0E1893F | 4C:8B42 08 | mov r8,qword ptr ds: |
00007FF9B0E18943 | B2 01 | mov dl,1 |
00007FF9B0E18945 | 41:FFD0 | call r8 |
00007FF9B0E18948 | 90 | nop |
00007FF9B0E18949 | 48:8D4C24 78 | lea rcx,qword ptr ss: |
00007FF9B0E1894E | 48:894C24 30 | mov qword ptr ss:,rcx |
00007FF9B0E18953 | 44:896424 28 | mov dword ptr ss:,r12d |
00007FF9B0E18958 | 895C24 20 | mov dword ptr ss:,ebx |
00007FF9B0E1895C | 44:8B4C24 40 | mov r9d,dword ptr ss: |
00007FF9B0E18961 | 44:8BC0 | mov r8d,eax |
00007FF9B0E18964 | 49:8BD5 | mov rdx,r13 |
00007FF9B0E18967 | 48:8BCE | mov rcx,rsi |
00007FF9B0E1896A | FFD7 | call rdi |
00007FF9B0E1896C | 90 | nop |
00007FF9B0E1896D | 48:8B55 D8 | mov rdx,qword ptr ss: |
00007FF9B0E18971 | 48:83FA 10 | cmp rdx,10 |
00007FF9B0E18975 | 72 34 | jb tsclicensing.7FF9B0E189AB |
00007FF9B0E18977 | 48:FFC2 | inc rdx |
00007FF9B0E1897A | 48:8B4D C0 | mov rcx,qword ptr ss: |
00007FF9B0E1897E | 48:8BC1 | mov rax,rcx |
00007FF9B0E18981 | 48:81FA 00100000 | cmp rdx,1000 |
00007FF9B0E18988 | 72 1C | jb tsclicensing.7FF9B0E189A6 |
00007FF9B0E1898A | 48:83C2 27 | add rdx,27 |
00007FF9B0E1898E | 48:8B49 F8 | mov rcx,qword ptr ds: |
00007FF9B0E18992 | 48:2BC1 | sub rax,rcx |
00007FF9B0E18995 | 48:83C0 F8 | add rax,FFFFFFFFFFFFFFF8 |
00007FF9B0E18999 | 48:83F8 1F | cmp rax,1F |
00007FF9B0E1899D | 76 07 | jbe tsclicensing.7FF9B0E189A6 |
00007FF9B0E1899F | FF15 9BB32500 | call qword ptr ds:[<&_invalid_parameter_n |
00007FF9B0E189A5 | CC | int3 |
00007FF9B0E189A6 | E8 51422400 | call tsclicensing.7FF9B105CBFC |
00007FF9B0E189AB | 4C:8965 D0 | mov qword ptr ss:,r12 |
00007FF9B0E189AF | 48:C745 D8 0F000000 | mov qword ptr ss:,F |
00007FF9B0E189B7 | C645 C0 00 | mov byte ptr ss:,0 |
00007FF9B0E189BB | 48:8B55 F8 | mov rdx,qword ptr ss: |
00007FF9B0E189BF | 48:83FA 10 | cmp rdx,10 |
00007FF9B0E189C3 | 0F82 D9FEFFFF | jb tsclicensing.7FF9B0E188A2 |
00007FF9B0E189C9 | 48:FFC2 | inc rdx |
00007FF9B0E189CC | 48:8B4D E0 | mov rcx,qword ptr ss: |
00007FF9B0E189D0 | 48:8BC1 | mov rax,rcx |
00007FF9B0E189D3 | 48:81FA 00100000 | cmp rdx,1000 |
00007FF9B0E189DA | 0F82 BDFEFFFF | jb tsclicensing.7FF9B0E1889D |
00007FF9B0E189E0 | 48:83C2 27 | add rdx,27 |
00007FF9B0E189E4 | 48:8B49 F8 | mov rcx,qword ptr ds: |
00007FF9B0E189E8 | 48:2BC1 | sub rax,rcx |
00007FF9B0E189EB | 48:83C0 F8 | add rax,FFFFFFFFFFFFFFF8 |
00007FF9B0E189EF | 48:83F8 1F | cmp rax,1F |
00007FF9B0E189F3 | 0F86 A4FEFFFF | jbe tsclicensing.7FF9B0E1889D |
00007FF9B0E189F9 | FF15 41B32500 | call qword ptr ds:[<&_invalid_parameter_n |
00007FF9B0E189FF | 90 | nop |
00007FF9B0E18A00 | 49:8B4E 18 | mov rcx,qword ptr ds: | r14+18:"nCommonHelper::DeleteLicensingFiles()"
https://static.52pojie.cn/static/image/hrline/2.gif
继续向下走,就会发现NOP之后,我们键入的注册码再次出现。
截图
代码比较长,我们抓关键的看下吧。
00007FF9B0E73819 | E8 A2931E00 | call tsclicensing.7FF9B105CBC0 |
00007FF9B0E7381E | 48:C745 30 30000000 | mov qword ptr ss:,30 | 30:'0'
00007FF9B0E73826 | 48:C745 38 3F000000 | mov qword ptr ss:,3F | 3F:'?'
00007FF9B0E7382E | 0F1005 0BB52000 | movups xmm0,xmmword ptr ds: | 00007FF9B107ED40:"NalpeironActivation::CheckLicenseStatus() called"
00007FF9B0E73835 | 0F1100 | movups xmmword ptr ds:,xmm0 |
00007FF9B0E73838 | 0F100D 11B52000 | movups xmm1,xmmword ptr ds: | 00007FF9B107ED50:"ion::CheckLicenseStatus() called"
00007FF9B0E7383F | 0F1148 10 | movups xmmword ptr ds:,xmm1 |
00007FF9B0E73843 | 0F1005 16B52000 | movups xmm0,xmmword ptr ds: | 00007FF9B107ED60:"eStatus() called"
00007FF9B0E7384A | 0F1140 20 | movups xmmword ptr ds:,xmm0 |
00007FF9B0E7384E | 44:8878 30 | mov byte ptr ds:,r15b |
00007FF9B0E73852 | 48:8945 20 | mov qword ptr ss:,rax |
00007FF9B0E73856 | 48:8D55 20 | lea rdx,qword ptr ss: |
00007FF9B0E7385A | 48:8BCF | mov rcx,rdi |
00007FF9B0E7385D | FFD3 | call rbx |
00007FF9B0E7385F | 90 | nop |
00007FF9B0E73860 | 48:8B55 38 | mov rdx,qword ptr ss: |
00007FF9B0E73864 | 48:83FA 10 | cmp rdx,10 |
00007FF9B0E73868 | 72 34 | jb tsclicensing.7FF9B0E7389E |
00007FF9B0E7386A | 48:FFC2 | inc rdx |
00007FF9B0E7386D | 48:8B4D 20 | mov rcx,qword ptr ss: |
00007FF9B0E73871 | 48:8BC1 | mov rax,rcx |
00007FF9B0E73874 | 48:81FA 00100000 | cmp rdx,1000 |
00007FF9B0E7387B | 72 1C | jb tsclicensing.7FF9B0E73899 |
00007FF9B0E7387D | 48:83C2 27 | add rdx,27 |
00007FF9B0E73881 | 48:8B49 F8 | mov rcx,qword ptr ds: |
00007FF9B0E73885 | 48:2BC1 | sub rax,rcx |
00007FF9B0E73888 | 48:83C0 F8 | add rax,FFFFFFFFFFFFFFF8 |
00007FF9B0E7388C | 48:83F8 1F | cmp rax,1F |
00007FF9B0E73890 | 76 07 | jbe tsclicensing.7FF9B0E73899 |
00007FF9B0E73892 | FF15 A8042000 | call qword ptr ds:[<&_invalid_parameter_n |
00007FF9B0E73898 | CC | int3 |
00007FF9B0E73899 | E8 5E931E00 | call tsclicensing.7FF9B105CBFC |
00007FF9B0E7389E | 49:8B4E 58 | mov rcx,qword ptr ds: | r14+58:"ing file: "
00007FF9B0E738A2 | 48:8B01 | mov rax,qword ptr ds: |
00007FF9B0E738A5 | 4C:8B05 54A53100 | mov r8,qword ptr ds: |
00007FF9B0E738AC | 48:8BD6 | mov rdx,rsi |
00007FF9B0E738AF | FF90 C0000000 | call qword ptr ds: |
00007FF9B0E738B5 | 8BD8 | mov ebx,eax |
00007FF9B0E738B7 | 2B1D 4BA53100 | sub ebx,dword ptr ds: |
00007FF9B0E738BD | 48:8D05 FC3F2000 | lea rax,qword ptr ds: |
00007FF9B0E738C4 | 48:894424 30 | mov qword ptr ss:,rax |
00007FF9B0E738C9 | 48:8D4D B8 | lea rcx,qword ptr ss: | :&"HcA麳+乳4"
00007FF9B0E738CD | FF15 DDFA1F00 | call qword ptr ds:[<&??0?$basic_ios@DU?$c |
00007FF9B0E738D3 | 90 | nop |
00007FF9B0E738D4 | C74424 20 01000000 | mov dword ptr ss:,1 |
00007FF9B0E738DC | 45:33C9 | xor r9d,r9d |
00007FF9B0E738DF | 45:33C0 | xor r8d,r8d |
00007FF9B0E738E2 | 48:8D5424 38 | lea rdx,qword ptr ss: |
00007FF9B0E738E7 | 48:8D4C24 30 | lea rcx,qword ptr ss: |
00007FF9B0E738EC | FF15 5EFC1F00 | call qword ptr ds:[<&??0?$basic_ostream@D |
00007FF9B0E738F2 | 90 | nop |
00007FF9B0E738F3 | 48:8B4424 30 | mov rax,qword ptr ss: |
00007FF9B0E738F8 | 48:6348 04 | movsxd rcx,dword ptr ds: |
00007FF9B0E738FC | 4C:8D35 B53F2000 | lea r14,qword ptr ds: | r14:&"HcA麳+乳4", 00007FF9B10778B8:&"HcA麳+乳4"
00007FF9B0E73903 | 4C:89740C 30 | mov qword ptr ss:,r14 |
00007FF9B0E73908 | 48:8B4424 30 | mov rax,qword ptr ss: |
00007FF9B0E7390D | 48:6348 04 | movsxd rcx,dword ptr ds: |
00007FF9B0E73911 | 8D91 78FFFFFF | lea edx,qword ptr ds: |
00007FF9B0E73917 | 89540C 2C | mov dword ptr ss:,edx |
00007FF9B0E7391B | 48:8D4C24 38 | lea rcx,qword ptr ss: |
00007FF9B0E73920 | FF15 42FA1F00 | call qword ptr ds:[<&??0?$basic_streambuf |
00007FF9B0E73926 | 48:8D05 0B3F2000 | lea rax,qword ptr ds: |
00007FF9B0E7392D | 48:894424 38 | mov qword ptr ss:,rax |
00007FF9B0E73932 | 4C:897D A0 | mov qword ptr ss:,r15 |
00007FF9B0E73936 | C745 A8 04000000 | mov dword ptr ss:,4 |
00007FF9B0E7393D | 48:8D15 4CB42000 | lea rdx,qword ptr ds: | 00007FF9B107ED90:"NSLGetLicenseStatus returned "
00007FF9B0E73944 | 48:8D4C24 30 | lea rcx,qword ptr ss: |
00007FF9B0E73949 | E8 72E0F9FF | call tsclicensing.7FF9B0E119C0 |
00007FF9B0E7394E | 8BD3 | mov edx,ebx |
00007FF9B0E73950 | 48:8BC8 | mov rcx,rax |
00007FF9B0E73953 | FF15 17FC1F00 | call qword ptr ds:[<&??6?$basic_ostream@D |
00007FF9B0E73959 | 48:8BC8 | mov rcx,rax |
00007FF9B0E7395C | 48:8D15 15B42000 | lea rdx,qword ptr ds: | 00007FF9B107ED78:" and License Status is "
00007FF9B0E73963 | E8 58E0F9FF | call tsclicensing.7FF9B0E119C0 |
00007FF9B0E73968 | 8B16 | mov edx,dword ptr ds: |
00007FF9B0E7396A | 48:8BC8 | mov rcx,rax |
00007FF9B0E7396D | FF15 FDFB1F00 | call qword ptr ds:[<&??6?$basic_ostream@D |
00007FF9B0E73973 | 85DB | test ebx,ebx |
00007FF9B0E73975 | 0F88 F8000000 | js tsclicensing.7FF9B0E73A73 |
00007FF9B0E7397B | 833E 00 | cmp dword ptr ds:,0 |
00007FF9B0E7397E | 0F8C EF000000 | jl tsclicensing.7FF9B0E73A73 |
00007FF9B0E73984 | E8 67D6F8FF | call tsclicensing.7FF9B0E00FF0 |
00007FF9B0E73989 | 48:8BD8 | mov rbx,rax |
00007FF9B0E7398C | 48:8B08 | mov rcx,qword ptr ds: |
00007FF9B0E7398F | 48:8B79 20 | mov rdi,qword ptr ds: |
00007FF9B0E73993 | 4C:897D 40 | mov qword ptr ss:,r15 |
00007FF9B0E73997 | 4C:897D 50 | mov qword ptr ss:,r15 |
00007FF9B0E7399B | 48:C745 58 0F000000 | mov qword ptr ss:,F |
00007FF9B0E739A3 | C645 40 00 | mov byte ptr ss:,0 |
00007FF9B0E739A7 | C74424 20 11000000 | mov dword ptr ss:,11 |
00007FF9B0E739AF | 0F57C0 | xorps xmm0,xmm0 |
00007FF9B0E739B2 | 0F1145 20 | movups xmmword ptr ss:,xmm0 |
00007FF9B0E739B6 | 8B4D A8 | mov ecx,dword ptr ss: |
00007FF9B0E739B9 | 8BC1 | mov eax,ecx |
00007FF9B0E739BB | 24 22 | and al,22 |
00007FF9B0E739BD | 3C 02 | cmp al,2 |
00007FF9B0E739BF | 74 23 | je tsclicensing.7FF9B0E739E4 |
00007FF9B0E739C1 | 48:8B4424 78 | mov rax,qword ptr ss: |
00007FF9B0E739C6 | 4C:8B00 | mov r8,qword ptr ds: |
00007FF9B0E739C9 | 4D:85C0 | test r8,r8 |
00007FF9B0E739CC | 74 16 | je tsclicensing.7FF9B0E739E4 |
00007FF9B0E739CE | 48:8B4424 58 | mov rax,qword ptr ss: |
00007FF9B0E739D3 | 48:8B10 | mov rdx,qword ptr ds: |
00007FF9B0E739D6 | 4C:3B45 A0 | cmp r8,qword ptr ss: |
00007FF9B0E739DA | 4C:0F4245 A0 | cmovb r8,qword ptr ss: |
00007FF9B0E739DF | 4C:2BC2 | sub r8,rdx |
00007FF9B0E739E2 | EB 31 | jmp tsclicensing.7FF9B0E73A15 |
00007FF9B0E739E4 | F6C1 04 | test cl,4 |
00007FF9B0E739E7 | 75 24 | jne tsclicensing.7FF9B0E73A0D |
00007FF9B0E739E9 | 48:8B4424 70 | mov rax,qword ptr ss: |
00007FF9B0E739EE | 48:8B08 | mov rcx,qword ptr ds: |
00007FF9B0E739F1 | 48:85C9 | test rcx,rcx |
00007FF9B0E739F4 | 74 17 | je tsclicensing.7FF9B0E73A0D |
00007FF9B0E739F6 | 48:8B4424 50 | mov rax,qword ptr ss: |
00007FF9B0E739FB | 48:8B10 | mov rdx,qword ptr ds: |
00007FF9B0E739FE | 48:8B45 88 | mov rax,qword ptr ss: |
00007FF9B0E73A02 | 4C:6300 | movsxd r8,dword ptr ds: |
00007FF9B0E73A05 | 4C:2BC2 | sub r8,rdx |
00007FF9B0E73A08 | 4C:03C1 | add r8,rcx |
00007FF9B0E73A0B | EB 08 | jmp tsclicensing.7FF9B0E73A15 |
00007FF9B0E73A0D | 4C:8B45 28 | mov r8,qword ptr ss: |
00007FF9B0E73A11 | 48:8B55 20 | mov rdx,qword ptr ss: |
00007FF9B0E73A15 | 48:85D2 | test rdx,rdx |
00007FF9B0E73A18 | 74 0A | je tsclicensing.7FF9B0E73A24 |
00007FF9B0E73A1A | 48:8D4D 40 | lea rcx,qword ptr ss: |
00007FF9B0E73A1E | E8 DDAEF8FF | call tsclicensing.7FF9B0DFE900 |
00007FF9B0E73A23 | 90 | nop |
00007FF9B0E73A24 | 48:8D55 40 | lea rdx,qword ptr ss: |
00007FF9B0E73A28 | 48:8BCB | mov rcx,rbx |
00007FF9B0E73A2B | FFD7 | call rdi |
00007FF9B0E73A2D | 90 | nop |
00007FF9B0E73A2E | 48:8B55 58 | mov rdx,qword ptr ss: |
00007FF9B0E73A32 | 48:83FA 10 | cmp rdx,10 |
00007FF9B0E73A36 | 72 34 | jb tsclicensing.7FF9B0E73A6C |
00007FF9B0E73A38 | 48:FFC2 | inc rdx |
00007FF9B0E73A3B | 48:8B4D 40 | mov rcx,qword ptr ss: |
00007FF9B0E73A3F | 48:8BC1 | mov rax,rcx |
00007FF9B0E73A42 | 48:81FA 00100000 | cmp rdx,1000 |
00007FF9B0E73A49 | 72 1C | jb tsclicensing.7FF9B0E73A67 |
00007FF9B0E73A4B | 48:83C2 27 | add rdx,27 |
00007FF9B0E73A4F | 48:8B49 F8 | mov rcx,qword ptr ds: |
00007FF9B0E73A53 | 48:2BC1 | sub rax,rcx |
00007FF9B0E73A56 | 48:83C0 F8 | add rax,FFFFFFFFFFFFFFF8 |
00007FF9B0E73A5A | 48:83F8 1F | cmp rax,1F |
00007FF9B0E73A5E | 76 07 | jbe tsclicensing.7FF9B0E73A67 |
00007FF9B0E73A60 | FF15 DA022000 | call qword ptr ds:[<&_invalid_parameter_n |
00007FF9B0E73A66 | CC | int3 |
00007FF9B0E73A67 | E8 90911E00 | call tsclicensing.7FF9B105CBFC |
00007FF9B0E73A6C | B3 01 | mov bl,1 |
00007FF9B0E73A6E | E9 1C010000 | jmp tsclicensing.7FF9B0E73B8F |
00007FF9B0E73A73 | 48:8B1D B6A33100 | mov rbx,qword ptr ds: |
00007FF9B0E73A7A | 48:85DB | test rbx,rbx |
00007FF9B0E73A7D | 75 2C | jne tsclicensing.7FF9B0E73AAB |
00007FF9B0E73A7F | 8D4B 18 | lea ecx,qword ptr ds: |
00007FF9B0E73A82 | E8 39911E00 | call tsclicensing.7FF9B105CBC0 |
00007FF9B0E73A87 | 48:8BD8 | mov rbx,rax |
00007FF9B0E73A8A | 48:894424 20 | mov qword ptr ss:,rax |
00007FF9B0E73A8F | 48:85C0 | test rax,rax |
00007FF9B0E73A92 | 74 0D | je tsclicensing.7FF9B0E73AA1 |
00007FF9B0E73A94 | 4C:8920 | mov qword ptr ds:,r12 |
00007FF9B0E73A97 | 4C:8978 08 | mov qword ptr ds:,r15 |
00007FF9B0E73A9B | 4C:8978 10 | mov qword ptr ds:,r15 |
00007FF9B0E73A9F | EB 03 | jmp tsclicensing.7FF9B0E73AA4 |
00007FF9B0E73AA1 | 49:8BDF | mov rbx,r15 |
00007FF9B0E73AA4 | 48:891D 85A33100 | mov qword ptr ds:,rbx |
00007FF9B0E73AAB | 48:8B03 | mov rax,qword ptr ds: |
00007FF9B0E73AAE | 48:8B78 30 | mov rdi,qword ptr ds: |
00007FF9B0E73AB2 | 4C:897D 40 | mov qword ptr ss:,r15 |
00007FF9B0E73AB6 | 4C:897D 50 | mov qword ptr ss:,r15 |
00007FF9B0E73ABA | 48:C745 58 0F000000 | mov qword ptr ss:,F |
00007FF9B0E73AC2 | C645 40 00 | mov byte ptr ss:,0 |
00007FF9B0E73AC6 | C74424 20 05000000 | mov dword ptr ss:,5 |
00007FF9B0E73ACE | 0F57C0 | xorps xmm0,xmm0 |
00007FF9B0E73AD1 | 0F1145 20 | movups xmmword ptr ss:,xmm0 |
00007FF9B0E73AD5 | 8B4D A8 | mov ecx,dword ptr ss: |
00007FF9B0E73AD8 | F6C1 02 | test cl,2 | 断下!
00007FF9B0E73ADB | 74 05 | je tsclicensing.7FF9B0E73AE2 | ========>JMP
00007FF9B0E73ADD | F6C1 20 | test cl,20 |
00007FF9B0E73AE0 | 74 23 | je tsclicensing.7FF9B0E73B05 | =========》JMP
00007FF9B0E73AE2 | 48:8B4424 78 | mov rax,qword ptr ss: |
00007FF9B0E73AE7 | 4C:8B00 | mov r8,qword ptr ds: |
00007FF9B0E73AEA | 4D:85C0 | test r8,r8 |
00007FF9B0E73AED | 74 16 | je tsclicensing.7FF9B0E73B05 |
00007FF9B0E73AEF | 48:8B4424 58 | mov rax,qword ptr ss: |
00007FF9B0E73AF4 | 48:8B10 | mov rdx,qword ptr ds: |
00007FF9B0E73AF7 | 4C:3B45 A0 | cmp r8,qword ptr ss: |
00007FF9B0E73AFB | 4C:0F4245 A0 | cmovb r8,qword ptr ss: |
00007FF9B0E73B00 | 4C:2BC2 | sub r8,rdx |
00007FF9B0E73B03 | EB 31 | jmp tsclicensing.7FF9B0E73B36 |
00007FF9B0E73B05 | F6C1 04 | test cl,4 |
00007FF9B0E73B08 | 75 24 | jne tsclicensing.7FF9B0E73B2E | =========》JMP
00007FF9B0E73B0A | 48:8B4424 70 | mov rax,qword ptr ss: |
00007FF9B0E73B0F | 48:8B08 | mov rcx,qword ptr ds: |
00007FF9B0E73B12 | 48:85C9 | test rcx,rcx |
00007FF9B0E73B15 | 74 17 | je tsclicensing.7FF9B0E73B2E |
00007FF9B0E73B17 | 48:8B4424 50 | mov rax,qword ptr ss: |
00007FF9B0E73B1C | 48:8B10 | mov rdx,qword ptr ds: |
00007FF9B0E73B1F | 48:8B45 88 | mov rax,qword ptr ss: |
00007FF9B0E73B23 | 4C:6300 | movsxd r8,dword ptr ds: |
00007FF9B0E73B26 | 4C:2BC2 | sub r8,rdx |
00007FF9B0E73B29 | 4C:03C1 | add r8,rcx |
00007FF9B0E73B2C | EB 08 | jmp tsclicensing.7FF9B0E73B36 |
00007FF9B0E73B2E | 4C:8B45 28 | mov r8,qword ptr ss: |
检测完授权状态后,我们就凭感觉改着走着瞧吧
https://static.52pojie.cn/static/image/hrline/2.gif
00007FF9B0E765EE | 74 3D | je tsclicensing.7FF9B0E7662D |
00007FF9B0E765F0 | 48:8B85 98000000 | mov rax,qword ptr ss: |
00007FF9B0E765F7 | 4C:8B00 | mov r8,qword ptr ds: |
00007FF9B0E765FA | 4D:85C0 | test r8,r8 |
00007FF9B0E765FD | 74 2E | je tsclicensing.7FF9B0E7662D | =====>jmp
00007FF9B0E765FF | 48:8B45 78 | mov rax,qword ptr ss: |
00007FF9B0E76603 | 48:8B10 | mov rdx,qword ptr ds: |
00007FF9B0E76606 | 48:8995 40010000 | mov qword ptr ss:,rdx |
00007FF9B0E7660D | 4C:894424 58 | mov qword ptr ss:,r8 |
00007FF9B0E76612 | 4C:3B85 C0000000 | cmp r8,qword ptr ss: |
00007FF9B0E76619 | 4C:0F4285 C0000000 | cmovb r8,qword ptr ss: |
00007FF9B0E76621 | 4C:2BC2 | sub r8,rdx |
00007FF9B0E76624 | 4C:8985 48010000 | mov qword ptr ss:,r8 |
00007FF9B0E7662B | EB 49 | jmp tsclicensing.7FF9B0E76676 |
00007FF9B0E7662D | F6C1 04 | test cl,4 |
00007FF9B0E76630 | 75 36 | jne tsclicensing.7FF9B0E76668 |
00007FF9B0E76632 | 48:8B85 90000000 | mov rax,qword ptr ss: |
00007FF9B0E76639 | 48:8B08 | mov rcx,qword ptr ds: |
00007FF9B0E7663C | 48:85C9 | test rcx,rcx |
00007FF9B0E7663F | 74 27 | je tsclicensing.7FF9B0E76668 |
00007FF9B0E76641 | 48:8B45 70 | mov rax,qword ptr ss: |
00007FF9B0E76645 | 48:8B10 | mov rdx,qword ptr ds: |
00007FF9B0E76648 | 48:8995 40010000 | mov qword ptr ss:,rdx |
00007FF9B0E7664F | 48:8B85 A8000000 | mov rax,qword ptr ss: |
00007FF9B0E76656 | 4C:6300 | movsxd r8,dword ptr ds: |
00007FF9B0E76659 | 4C:2BC2 | sub r8,rdx |
00007FF9B0E7665C | 4C:03C1 | add r8,rcx |
00007FF9B0E7665F | 4C:8985 48010000 | mov qword ptr ss:,r8 |
00007FF9B0E76666 | EB 0E | jmp tsclicensing.7FF9B0E76676 |
00007FF9B0E76668 | 4C:8B85 48010000 | mov r8,qword ptr ss: |
00007FF9B0E7666F | 48:8B95 40010000 | mov rdx,qword ptr ss: |
00007FF9B0E76676 | 48:85D2 | test rdx,rdx |
00007FF9B0E76679 | 74 0D | je tsclicensing.7FF9B0E76688 |
00007FF9B0E7667B | 48:8D8D 60010000 | lea rcx,qword ptr ss: |
00007FF9B0E76682 | E8 7982F8FF | call tsclicensing.7FF9B0DFE900 |
00007FF9B0E76687 | 90 | nop |
00007FF9B0E76688 | 48:8D95 60010000 | lea rdx,qword ptr ss: |
00007FF9B0E7668F | 48:8BCB | mov rcx,rbx |
00007FF9B0E76692 | 41:FFD7 | call r15 |
00007FF9B0E76695 | 90 | nop |
00007FF9B0E76696 | 48:8B95 78010000 | mov rdx,qword ptr ss: |
00007FF9B0E7669D | 48:83FA 10 | cmp rdx,10 |
00007FF9B0E766A1 | 72 37 | jb tsclicensing.7FF9B0E766DA |
00007FF9B0E766A3 | 48:FFC2 | inc rdx |
00007FF9B0E766A6 | 48:8B8D 60010000 | mov rcx,qword ptr ss: |
00007FF9B0E766AD | 48:8BC1 | mov rax,rcx |
00007FF9B0E766B0 | 48:81FA 00100000 | cmp rdx,1000 |
00007FF9B0E766B7 | 72 1C | jb tsclicensing.7FF9B0E766D5 |
00007FF9B0E766B9 | 48:83C2 27 | add rdx,27 |
00007FF9B0E766BD | 48:8B49 F8 | mov rcx,qword ptr ds: |
00007FF9B0E766C1 | 48:2BC1 | sub rax,rcx |
00007FF9B0E766C4 | 48:83C0 F8 | add rax,FFFFFFFFFFFFFFF8 |
00007FF9B0E766C8 | 48:83F8 1F | cmp rax,1F |
00007FF9B0E766CC | 76 07 | jbe tsclicensing.7FF9B0E766D5 |
00007FF9B0E766CE | FF15 6CD61F00 | call qword ptr ds:[<&_invalid_parameter_n |
00007FF9B0E766D4 | CC | int3 |
00007FF9B0E766D5 | E8 22651E00 | call tsclicensing.7FF9B105CBFC |
00007FF9B0E766DA | 48:8B07 | mov rax,qword ptr ds: |
00007FF9B0E766DD | 48:8BCF | mov rcx,rdi |
00007FF9B0E766E0 | FF50 38 | call qword ptr ds: |
00007FF9B0E766E3 | 84C0 | test al,al |
00007FF9B0E766E5 | 0F85 38040000 | jne tsclicensing.7FF9B0E76B23 | ======>转到离线授权
00007FF9B0E766EB | 48:8D05 CE112000 | lea rax,qword ptr ds: |
00007FF9B0E766F2 | 48:894424 60 | mov qword ptr ss:,rax |
00007FF9B0E766F7 | 48:8D4D E8 | lea rcx,qword ptr ss: |
00007FF9B0E766FB | FF15 AFCC1F00 | call qword ptr ds:[<&??0?$basic_ios@DU?$c |
00007FF9B0E76701 | 90 | nop |
00007FF9B0E76702 | C74424 30 0B000000 | mov dword ptr ss:,B | B:'\v'
00007FF9B0E7670A | 45:33C9 | xor r9d,r9d |
00007FF9B0E7670D | 45:33C0 | xor r8d,r8d |
00007FF9B0E76710 | 48:8D5424 68 | lea rdx,qword ptr ss: |
00007FF9B0E76715 | 48:8D4C24 60 | lea rcx,qword ptr ss: |
00007FF9B0E7671A | FF15 30CE1F00 | call qword ptr ds:[<&??0?$basic_ostream@D |
00007FF9B0E76720 | 90 | nop |
00007FF9B0E76721 | 48:8B4424 60 | mov rax,qword ptr ss: |
00007FF9B0E76726 | 48:6348 04 | movsxd rcx,dword ptr ds: |
00007FF9B0E7672A | 4C:8D3D 87112000 | lea r15,qword ptr ds: | 00007FF9B10778B8:&"HcA麳+乳4"
00007FF9B0E76731 | 4C:897C0C 60 | mov qword ptr ss:,r15 |
00007FF9B0E76736 | 48:8B4424 60 | mov rax,qword ptr ss: |
00007FF9B0E7673B | 48:6348 04 | movsxd rcx,dword ptr ds: |
00007FF9B0E7673F | 8D91 78FFFFFF | lea edx,qword ptr ds: |
00007FF9B0E76745 | 89540C 5C | mov dword ptr ss:,edx |
00007FF9B0E76749 | 48:8D4C24 68 | lea rcx,qword ptr ss: |
00007FF9B0E7674E | FF15 14CC1F00 | call qword ptr ds:[<&??0?$basic_streambuf |
00007FF9B0E76754 | 48:8D05 DD102000 | lea rax,qword ptr ds: |
00007FF9B0E7675B | 48:894424 68 | mov qword ptr ss:,rax |
00007FF9B0E76760 | 48:8975 D0 | mov qword ptr ss:,rsi |
00007FF9B0E76764 | C745 D8 04000000 | mov dword ptr ss:,4 |
00007FF9B0E7676B | 48:8D15 5E892000 | lea rdx,qword ptr ds: | 00007FF9B107F0D0:"NalpeironActivation::UnlockWithLicenseCode() cannot reach nalpeiron server. Attempting to use cached license."
00007FF9B0E76772 | 48:8D4C24 60 | lea rcx,qword ptr ss: |
00007FF9B0E76777 | E8 44B2F9FF | call tsclicensing.7FF9B0E119C0 |
00007FF9B0E7677C | 48:8B1D AD763100 | mov rbx,qword ptr ds: |
00007FF9B0E76783 | 48:85DB | test rbx,rbx |
00007FF9B0E76786 | 75 33 | jne tsclicensing.7FF9B0E767BB | ???1
00007FF9B0E76788 | 8D4B 18 | lea ecx,qword ptr ds: |
00007FF9B0E7678B | E8 30641E00 | call tsclicensing.7FF9B105CBC0 |
00007FF9B0E76790 | 48:8BD8 | mov rbx,rax |
00007FF9B0E76793 | 48:894424 58 | mov qword ptr ss:,rax |
00007FF9B0E76798 | 48:85C0 | test rax,rax |
00007FF9B0E7679B | 74 14 | je tsclicensing.7FF9B0E767B1 |
00007FF9B0E7679D | 48:8D05 54E81F00 | lea rax,qword ptr ds: |
00007FF9B0E767A4 | 48:8903 | mov qword ptr ds:,rax |
00007FF9B0E767A7 | 48:8973 08 | mov qword ptr ds:,rsi |
00007FF9B0E767AB | 48:8973 10 | mov qword ptr ds:,rsi |
00007FF9B0E767AF | EB 03 | jmp tsclicensing.7FF9B0E767B4 |
00007FF9B0E767B1 | 48:8BDE | mov rbx,rsi |
00007FF9B0E767B4 | 48:891D 75763100 | mov qword ptr ds:,rbx |
00007FF9B0E767BB | 48:8B03 | mov rax,qword ptr ds: |
00007FF9B0E767BE | 4C:8B70 30 | mov r14,qword ptr ds: | r14:&"HcA麳+乳4"
00007FF9B0E767C2 | 48:89B5 60010000 | mov qword ptr ss:,rsi |
00007FF9B0E767C9 | 48:89B5 70010000 | mov qword ptr ss:,rsi |
00007FF9B0E767D0 | 48:C785 78010000 0F000 | mov qword ptr ss:,F |
00007FF9B0E767DB | C685 60010000 00 | mov byte ptr ss:,0 |
00007FF9B0E767E2 | C74424 30 2B000000 | mov dword ptr ss:,2B | 2B:'+'
00007FF9B0E767EA | 0F57C0 | xorps xmm0,xmm0 |
00007FF9B0E767ED | 33C0 | xor eax,eax |
00007FF9B0E767EF | 0F1185 40010000 | movups xmmword ptr ss:,xmm0 |
00007FF9B0E767F6 | 48:8985 50010000 | mov qword ptr ss:,rax |
00007FF9B0E767FD | 8B4D D8 | mov ecx,dword ptr ss: |
00007FF9B0E76800 | F6C1 02 | test cl,2 |
00007FF9B0E76803 | 74 05 | je tsclicensing.7FF9B0E7680A | ==>因为下面是服务器,所以JMP
00007FF9B0E76805 | F6C1 20 | test cl,20 |
00007FF9B0E76808 | 74 21 | je tsclicensing.7FF9B0E7682B |
00007FF9B0E7680A | 48:8B45 A8 | mov rax,qword ptr ss: |
00007FF9B0E7680E | 4C:8B00 | mov r8,qword ptr ds: |
00007FF9B0E76811 | 4D:85C0 | test r8,r8 |
00007FF9B0E76814 | 74 15 | je tsclicensing.7FF9B0E7682B |
00007FF9B0E76816 | 48:8B45 88 | mov rax,qword ptr ss: |
00007FF9B0E7681A | 48:8B10 | mov rdx,qword ptr ds: |
00007FF9B0E7681D | 4C:3B45 D0 | cmp r8,qword ptr ss: |
00007FF9B0E76821 | 4C:0F4245 D0 | cmovb r8,qword ptr ss: |
00007FF9B0E76826 | 4C:2BC2 | sub r8,rdx |
00007FF9B0E76829 | EB 35 | jmp tsclicensing.7FF9B0E76860 |
00007FF9B0E7682B | F6C1 04 | test cl,4 |
00007FF9B0E7682E | 75 22 | jne tsclicensing.7FF9B0E76852 |
00007FF9B0E76830 | 48:8B45 A0 | mov rax,qword ptr ss: |
00007FF9B0E76834 | 48:8B08 | mov rcx,qword ptr ds: |
00007FF9B0E76837 | 48:85C9 | test rcx,rcx |
00007FF9B0E7683A | 74 16 | je tsclicensing.7FF9B0E76852 |
00007FF9B0E7683C | 48:8B45 80 | mov rax,qword ptr ss: |
00007FF9B0E76840 | 48:8B10 | mov rdx,qword ptr ds: |
00007FF9B0E76843 | 48:8B45 B8 | mov rax,qword ptr ss: | :&"HcA麳+乳4"
00007FF9B0E76847 | 4C:6300 | movsxd r8,dword ptr ds: |
00007FF9B0E7684A | 4C:2BC2 | sub r8,rdx |
00007FF9B0E7684D | 4C:03C1 | add r8,rcx |
00007FF9B0E76850 | EB 0E | jmp tsclicensing.7FF9B0E76860 |
00007FF9B0E76852 | 4C:8B85 48010000 | mov r8,qword ptr ss: |
00007FF9B0E76859 | 48:8B95 40010000 | mov rdx,qword ptr ss: |
00007FF9B0E76860 | 48:85D2 | test rdx,rdx |
00007FF9B0E76863 | 74 0D | je tsclicensing.7FF9B0E76872 |
00007FF9B0E76865 | 48:8D8D 60010000 | lea rcx,qword ptr ss: |
00007FF9B0E7686C | E8 8F80F8FF | call tsclicensing.7FF9B0DFE900 |
00007FF9B0E76871 | 90 | nop |
00007FF9B0E76872 | 48:8D95 60010000 | lea rdx,qword ptr ss: |
00007FF9B0E76879 | 48:8BCB | mov rcx,rbx |
00007FF9B0E7687C | 41:FFD6 | call r14 |
00007FF9B0E7687F | 90 | nop |
00007FF9B0E76880 | 48:8B95 78010000 | mov rdx,qword ptr ss: |
00007FF9B0E76887 | 48:83FA 10 | cmp rdx,10 |
00007FF9B0E7688B | 72 37 | jb tsclicensing.7FF9B0E768C4 |
00007FF9B0E7688D | 48:FFC2 | inc rdx |
00007FF9B0E76890 | 48:8B8D 60010000 | mov rcx,qword ptr ss: |
00007FF9B0E76897 | 48:8BC1 | mov rax,rcx |
00007FF9B0E7689A | 48:81FA 00100000 | cmp rdx,1000 |
00007FF9B0E768A1 | 72 1C | jb tsclicensing.7FF9B0E768BF |
00007FF9B0E768A3 | 48:83C2 27 | add rdx,27 |
00007FF9B0E768A7 | 48:8B49 F8 | mov rcx,qword ptr ds: |
00007FF9B0E768AB | 48:2BC1 | sub rax,rcx |
00007FF9B0E768AE | 48:83C0 F8 | add rax,FFFFFFFFFFFFFFF8 |
00007FF9B0E768B2 | 48:83F8 1F | cmp rax,1F |
00007FF9B0E768B6 | 76 07 | jbe tsclicensing.7FF9B0E768BF |
00007FF9B0E768B8 | FF15 82D41F00 | call qword ptr ds:[<&_invalid_parameter_n |
00007FF9B0E768BE | CC | int3 |
00007FF9B0E768BF | E8 38631E00 | call tsclicensing.7FF9B105CBFC |
00007FF9B0E768C4 | 48:8B07 | mov rax,qword ptr ds: |
00007FF9B0E768C7 | 48:8BCF | mov rcx,rdi |
00007FF9B0E768CA | FF50 30 | call qword ptr ds: |
00007FF9B0E768CD | 84C0 | test al,al |
00007FF9B0E768CF | 0F84 00010000 | je tsclicensing.7FF9B0E769D5 | ========>NOP了才能显示注册成功
00007FF9B0E768D5 | E8 16A7F8FF | call tsclicensing.7FF9B0E00FF0 |
00007FF9B0E768DA | 48:8BF8 | mov rdi,rax |
00007FF9B0E768DD | 48:8B00 | mov rax,qword ptr ds: |
00007FF9B0E768E0 | 48:8B58 20 | mov rbx,qword ptr ds: |
00007FF9B0E768E4 | 48:89B5 40010000 | mov qword ptr ss:,rsi |
00007FF9B0E768EB | 48:89B5 50010000 | mov qword ptr ss:,rsi |
00007FF9B0E768F2 | 48:C785 58010000 0F000 | mov qword ptr ss:,F |
00007FF9B0E768FD | C685 40010000 00 | mov byte ptr ss:,0 |
00007FF9B0E76904 | B9 60000000 | mov ecx,60 | 60:'`'
00007FF9B0E76909 | E8 B2621E00 | call tsclicensing.7FF9B105CBC0 |
00007FF9B0E7690E | 48:8BC8 | mov rcx,rax |
00007FF9B0E76911 | 48:C785 50010000 55000 | mov qword ptr ss:,55 | 55:'U'
00007FF9B0E7691C | 48:C785 58010000 5F000 | mov qword ptr ss:,5F | 5F:'_'
00007FF9B0E76927 | 0F2805 12882000 | movaps xmm0,xmmword ptr ds: | 00007FF9B107F140:"NalpeironActivation::UnlockWithLicenseCode() succeeded. Valid license found in cache."
00007FF9B0E7692E | 0F1100 | movups xmmword ptr ds:,xmm0 |
00007FF9B0E76931 | 0F280D 18882000 | movaps xmm1,xmmword ptr ds: | 00007FF9B107F150:"ion::UnlockWithLicenseCode() succeeded. Valid license found in cache."
00007FF9B0E76938 | 0F1148 10 | movups xmmword ptr ds:,xmm1 |
00007FF9B0E7693C | 0F2805 1D882000 | movaps xmm0,xmmword ptr ds: | 00007FF9B107F160:"icenseCode() succeeded. Valid license found in cache."
00007FF9B0E76943 | 0F1140 20 | movups xmmword ptr ds:,xmm0 |
00007FF9B0E76947 | 0F280D 22882000 | movaps xmm1,xmmword ptr ds: | 00007FF9B107F170:"ceeded. Valid license found in cache."
00007FF9B0E7694E | 0F1148 30 | movups xmmword ptr ds:,xmm1 |
00007FF9B0E76952 | 0F2805 27882000 | movaps xmm0,xmmword ptr ds: | 00007FF9B107F180:"cense found in cache."
00007FF9B0E76959 | 0F1140 40 | movups xmmword ptr ds:,xmm0 | rax+40:"$ActivationsAllowed"
00007FF9B0E7695D | 8B05 2D882000 | mov eax,dword ptr ds: | 00007FF9B107F190:"ache."
00007FF9B0E76963 | 8941 50 | mov dword ptr ds:,eax |
00007FF9B0E76966 | 0FB605 27882000 | movzx eax,byte ptr ds: |
00007FF9B0E7696D | 8841 54 | mov byte ptr ds:,al |
00007FF9B0E76970 | C641 55 00 | mov byte ptr ds:,0 |
00007FF9B0E76974 | 48:898D 40010000 | mov qword ptr ss:,rcx |
00007FF9B0E7697B | 48:8D95 40010000 | lea rdx,qword ptr ss: |
00007FF9B0E76982 | 48:8BCF | mov rcx,rdi |
截图
如果前面爆破的都通过了。。
就会出来这
显然:
[*]要么在线注册
[*]要么离线注册
所以,我们继续修改我们的程序流程,让它死活都得走离线激活分支
最后继续修改,最终我们见到如下界面:
翻译一下就是决不要忘记你的注册码
登录保存你的注册码
打开进界面
选择一个配置和使用人群就真的进界面了。
最终进到界面就是这个样子的。 本帖最后由 冥界3大法王 于 2023-4-9 09:56 编辑
接下来调整几轮上面的流程之后,就会爆破成功,进界面没啥问题了,但会出来这个
接下来,我们可以把试用时间改一下
会发生过期么? 管它呢,反正一并查看修改一下,就基本完工不影响使用了。
新版本像伏羲高级pdf编辑器 和 ABBYY FineReader16一样都是同一个公司的,因此有ocr功能
又发现一个新问题,【未注册版】
再注册一下,又处于永久试用状态,毕竟我们使用的是cache successfu 注册成功的
新版本不如上个版本爆破的完美,竟然多了重启验证
换言之也就是重启后某处执行了xor指令(清空了注册码)
00007FF9B1CA3A7D | 75 2C | jne tsclicensing.7FF9B1CA3AAB | ===>NOP了这里!因为下面是清掉授权状态
00007FF9B1CA3A7F | 8D4B 18 | lea ecx,qword ptr ds: |
00007FF9B1CA3A82 | E8 39911E00 | call tsclicensing.7FF9B1E8CBC0 |
00007FF9B1CA3A87 | 48:8BD8 | mov rbx,rax |
00007FF9B1CA3A8A | 48:894424 20 | mov qword ptr ss:,rax |
00007FF9B1CA3A8F | 48:85C0 | test rax,rax |
00007FF9B1CA3A92 | 74 0D | je tsclicensing.7FF9B1CA3AA1 |
00007FF9B1CA3A94 | 4C:8920 | mov qword ptr ds:,r12 |
00007FF9B1CA3A97 | 4C:8978 08 | mov qword ptr ds:,r15 |
00007FF9B1CA3A9B | 4C:8978 10 | mov qword ptr ds:,r15 | :"NSLGetLicenseStatus returned 0 and License Status is -1"
00007FF9B1CA3A9F | EB 03 | jmp tsclicensing.7FF9B1CA3AA4 |
00007FF9B1CA3AA1 | 49:8BDF | mov rbx,r15 |
00007FF9B1CA3AA4 | 48:891D 85A33100 | mov qword ptr ds:,rbx |
00007FF9B1CA3AAB | 48:8B03 | mov rax,qword ptr ds: |
00007FF9B1CA3AAE | 48:8B78 30 | mov rdi,qword ptr ds: |
00007FF9B1CA3AB2 | 4C:897D 40 | mov qword ptr ss:,r15 | :"NalpeironActivation::ClearCredentials() succeeded"
好吧,就至此结束了。
感谢大佬分享,学习一下 脑子好痒 感觉要长东西了+ 楼主真厉害啊 百度了一下, 这个软件是干嘛的 学习一下,感谢分享 我不懂。看到主界面,我就知道这是存密码图片资料加密工具。 虽然不懂,但是感觉很厉害