好友
阅读权限40
听众
最后登录1970-1-1
|
本帖最后由 冥界3大法王 于 2020-4-9 14:07 编辑
前情回顾:绕过 Adobe Audition 登录和许可验证
在上一集中,论坛哥们 xyx0826分析了CreateWindow定位法和控件定位的双线打法。
昨天我也下载了一个安装试了下。
首先,官方网站提供一个1M左右的安装包,纳呢?这种大块头软件怎么可能这么小呢?
所以必然是在线安装的,他们提供了所有产品的联机在线安装,安装过程中下载并安装,并不给你提供安装包文件
你需要抓包,提取。。。
我们还是回到前边说的问题上来吧,我也下载了一个,但是安装后的版本,要比那位哥们的版本高一些
特征码还是可以直接定位到的,昨天一天使用正常(默认7天试用)
今天第2天就出来一个剩余6天的登录提醒窗口了(换言之,也就说,这种窗口出来就有可能意味着破解不完全)
咱是急性子,7天有点漫长,我要它提前过期,查看破解的实际状态,然而,把系统时钟修改到18号,或更远的时间就会出来下面的提示。
配图1
提示我们当前系统时钟异常,然后两个按钮 【退出】【重试】
【退出】当然是程序over了
【重试】则继续跑程序登录流程,循环处理
[Asm] 纯文本查看 复制代码 000000000104A068 | E9 CC020000 | jmp auui.104A339 | 这是上次那哥们的 跳过点1
000000000104A06D | 00FF | add bh,bh |
000000000104A06F | 15 64959700 | adc eax,aubackend.979564 |
000000000104A074 | 8B0D F254EA00 | mov ecx,dword ptr ds:[1EEF56C] |
000000000104A07A | 8905 EC54EA00 | mov dword ptr ds:[1EEF56C],eax |
000000000104A080 | 3BC1 | cmp eax,ecx |
000000000104A082 | 74 1D | je auui.104A0A1 |
000000000104A084 | 41:B0 01 | mov r8b,1 |
000000000104A087 | BA 05000000 | mov edx,5 |
000000000104A08C | 48:8D0D 1DE89900 | lea rcx,qword ptr ds:[19E88B0] | 00000000019E88B0:"AuLog.Shutdown"
000000000104A093 | FF15 4F959700 | call qword ptr ds:[<&?TraceEnabled[url=home.php?mod=space&uid=180752]@deb[/url] |
000000000104A099 | 8805 A071FA00 | mov byte ptr ds:[1FF123F],al |
000000000104A09F | EB 07 | jmp auui.104A0A8 |
000000000104A0A1 | 0FB605 9771FA00 | movzx eax,byte ptr ds:[1FF123F] |
000000000104A0A8 | 84C0 | test al,al |
000000000104A0AA | 0F84 80020000 | je auui.104A330 |
000000000104A0B0 | 4C:8D3D D1E39900 | lea r15,qword ptr ds:[19E8488] | r15:&L"\"C:\\Program Files\\Adobe\\Adobe Audition 2020\\Adobe Audition.exe\""
000000000104A0B7 | 4C:897D 10 | mov qword ptr ss:[rbp+10],r15 |
000000000104A0BB | 48:8D8D 98000000 | lea rcx,qword ptr ss:[rbp+98] |
000000000104A0C2 | FF15 98699700 | call qword ptr ds:[<&??0?$basic_ios@DU |
000000000104A0C8 | 90 | nop |
000000000104A0C9 | 834C24 40 40 | or dword ptr ss:[rsp+40],40 |
000000000104A0CE | 45:33C9 | xor r9d,r9d |
000000000104A0D1 | 45:33C0 | xor r8d,r8d |
000000000104A0D4 | 48:8D55 18 | lea rdx,qword ptr ss:[rbp+18] |
000000000104A0D8 | 48:8D4D 10 | lea rcx,qword ptr ss:[rbp+10] |
000000000104A0DC | FF15 866A9700 | call qword ptr ds:[<&??0?$basic_ostrea |
000000000104A0E2 | 90 | nop |
000000000104A0E3 | 48:8B45 10 | mov rax,qword ptr ss:[rbp+10] |
000000000104A0E7 | 48:6348 04 | movsxd rcx,dword ptr ds:[rax+4] |
000000000104A0EB | 48:8D3D 8EE39900 | lea rdi,qword ptr ds:[<&sub_1046BEC>] |
000000000104A0F2 | 48:897C0D 10 | mov qword ptr ss:[rbp+rcx+10],rdi |
000000000104A0F7 | 48:8B45 10 | mov rax,qword ptr ss:[rbp+10] |
000000000104A0FB | 48:6348 04 | movsxd rcx,dword ptr ds:[rax+4] |
000000000104A0FF | 8D91 78FFFFFF | lea edx,qword ptr ds:[rcx-88] |
000000000104A105 | 89540D 0C | mov dword ptr ss:[rbp+rcx+C],edx |
000000000104A109 | BA 02000000 | mov edx,2 |
000000000104A10E | 48:8D4D 18 | lea rcx,qword ptr ss:[rbp+18] |
000000000104A112 | E8 A9A1FFFF | call <auui.sub_10442C0> |
000000000104A117 | 90 | nop |
000000000104A118 | 48:8D15 91E79900 | lea rdx,qword ptr ds:[19E88B0] | 00000000019E88B0:"AuLog.Shutdown"
000000000104A11F | 48:8D4D 10 | lea rcx,qword ptr ss:[rbp+10] |
000000000104A123 | E8 282BF9FF | call <auui.sub_FDCC50> |
000000000104A128 | 4C:89BD E0020000 | mov qword ptr ss:[rbp+2E0],r15 |
000000000104A12F | 48:8D8D 68030000 | lea rcx,qword ptr ss:[rbp+368] | [rbp+368]:sub_18020A0+90F
000000000104A136 | FF15 24699700 | call qword ptr ds:[<&??0?$basic_ios@DU |
000000000104A13C | 90 | nop |
000000000104A13D | 814C24 40 8000000 | or dword ptr ss:[rsp+40],80 |
000000000104A145 | 45:33C9 | xor r9d,r9d |
000000000104A148 | 45:33C0 | xor r8d,r8d |
000000000104A14B | 48:8D95 E8020000 | lea rdx,qword ptr ss:[rbp+2E8] |
000000000104A152 | 48:8D8D E0020000 | lea rcx,qword ptr ss:[rbp+2E0] |
000000000104A159 | FF15 096A9700 | call qword ptr ds:[<&??0?$basic_ostrea |
000000000104A15F | 90 | nop |
000000000104A160 | 48:8B85 E0020000 | mov rax,qword ptr ss:[rbp+2E0] |
000000000104A167 | 48:6348 04 | movsxd rcx,dword ptr ds:[rax+4] |
000000000104A16B | 48:89BC0D E002000 | mov qword ptr ss:[rbp+rcx+2E0],rdi |
000000000104A173 | 48:8B85 E0020000 | mov rax,qword ptr ss:[rbp+2E0] |
000000000104A17A | 48:6348 04 | movsxd rcx,dword ptr ds:[rax+4] |
000000000104A17E | 8D91 78FFFFFF | lea edx,qword ptr ds:[rcx-88] |
000000000104A184 | 89940D DC020000 | mov dword ptr ss:[rbp+rcx+2DC],edx |
000000000104A18B | BA 02000000 | mov edx,2 |
000000000104A190 | 48:8D8D E8020000 | lea rcx,qword ptr ss:[rbp+2E8] |
000000000104A197 | E8 24A1FFFF | call <auui.sub_10442C0> |
000000000104A19C | 90 | nop |
000000000104A19D | 48:8D15 64E79900 | lea rdx,qword ptr ds:[19E8908] | 00000000019E8908:"Shutting down due to a invalid license..."
000000000104A1A4 | 48:8D8D E0020000 | lea rcx,qword ptr ss:[rbp+2E0] |
000000000104A1AB | E8 A02AF9FF | call <auui.sub_FDCC50> |
000000000104A1B0 | 48:8BC8 | mov rcx,rax |
000000000104A1B3 | 48:8D15 9659FFFF | lea rdx,qword ptr ds:[<sub_103FB50>] |
000000000104A1BA | FF15 B8699700 | call qword ptr ds:[<&??6?$basic_ostrea |
000000000104A1C0 | 48:8D95 E0050000 | lea rdx,qword ptr ss:[rbp+5E0] |
000000000104A1C7 | 48:8D8D E8020000 | lea rcx,qword ptr ss:[rbp+2E8] |
000000000104A1CE | E8 DD910100 | call <auui.sub_10633B0> |
000000000104A1D3 | 90 | nop |
000000000104A1D4 | 48:8D95 C8040000 | lea rdx,qword ptr ss:[rbp+4C8] |
000000000104A1DB | 48:8D4D 18 | lea rcx,qword ptr ss:[rbp+18] |
000000000104A1DF | E8 CC910100 | call <auui.sub_10633B0> |
000000000104A1E4 | 90 | nop |
000000000104A1E5 | 4C:8D85 E0050000 | lea r8,qword ptr ss:[rbp+5E0] |
000000000104A1EC | 48:8D95 C8040000 | lea rdx,qword ptr ss:[rbp+4C8] |
000000000104A1F3 | B9 05000000 | mov ecx,5 |
000000000104A1F8 | FF15 E2939700 | call qword ptr ds:[<&?Trace@debug@dvac |
000000000104A1FE | 90 | nop |
000000000104A1FF | 48:8B95 E0040000 | mov rdx,qword ptr ss:[rbp+4E0] |
000000000104A206 | 48:83FA 10 | cmp rdx,10 |
000000000104A20A | 72 37 | jb auui.104A243 |
000000000104A20C | 48:FFC2 | inc rdx |
000000000104A20F | 48:8B8D C8040000 | mov rcx,qword ptr ss:[rbp+4C8] |
000000000104A216 | 48:8BC1 | mov rax,rcx |
000000000104A219 | 48:81FA 00100000 | cmp rdx,1000 |
000000000104A220 | 72 1C | jb auui.104A23E |
000000000104A222 | 48:83C2 27 | add rdx,27 |
000000000104A226 | 48:8B49 F8 | mov rcx,qword ptr ds:[rcx-8] |
000000000104A22A | 48:2BC1 | sub rax,rcx |
000000000104A22D | 48:83C0 F8 | add rax,FFFFFFFFFFFFFFF8 |
000000000104A231 | 48:83F8 1F | cmp rax,1F |
000000000104A235 | 76 07 | jbe auui.104A23E |
000000000104A237 | FF15 23779700 | call qword ptr ds:[<&_invalid_paramete |
000000000104A23D | CC | int3 |
000000000104A23E | E8 794F8700 | call <auui.sub_18BF1BC> |
000000000104A243 | 66:0F6F05 D59D980 | movdqa xmm0,xmmword ptr ds:[19D4020] |
000000000104A24B | F3:0F7F85 D804000 | movdqu xmmword ptr ss:[rbp+4D8],xmm0 |
000000000104A253 | C685 C8040000 00 | mov byte ptr ss:[rbp+4C8],0 |
000000000104A25A | 48:8B95 F8050000 | mov rdx,qword ptr ss:[rbp+5F8] |
000000000104A261 | 48:83FA 10 | cmp rdx,10 |
000000000104A265 | 72 38 | jb auui.104A29F |
000000000104A267 | 48:FFC2 | inc rdx |
000000000104A26A | 48:8B8D E0050000 | mov rcx,qword ptr ss:[rbp+5E0] |
000000000104A271 | 48:8BC1 | mov rax,rcx |
000000000104A274 | 48:81FA 00100000 | cmp rdx,1000 |
000000000104A27B | 72 1C | jb auui.104A299 |
000000000104A27D | 48:83C2 27 | add rdx,27 |
000000000104A281 | 48:8B49 F8 | mov rcx,qword ptr ds:[rcx-8] |
000000000104A285 | 48:2BC1 | sub rax,rcx |
000000000104A288 | 48:83C0 F8 | add rax,FFFFFFFFFFFFFFF8 |
000000000104A28C | 48:83F8 1F | cmp rax,1F |
000000000104A290 | 76 07 | jbe auui.104A299 |
000000000104A292 | FF15 C8769700 | call qword ptr ds:[<&_invalid_paramete |
000000000104A298 | CC | int3 |
000000000104A299 | E8 1E4F8700 | call <auui.sub_18BF1BC> |
000000000104A29E | 90 | nop |
000000000104A29F | 48:8B85 E0020000 | mov rax,qword ptr ss:[rbp+2E0] |
000000000104A2A6 | 48:6348 04 | movsxd rcx,dword ptr ds:[rax+4] |
000000000104A2AA | 48:89BC0D E002000 | mov qword ptr ss:[rbp+rcx+2E0],rdi |
000000000104A2B2 | 48:8B85 E0020000 | mov rax,qword ptr ss:[rbp+2E0] |
000000000104A2B9 | 48:6348 04 | movsxd rcx,dword ptr ds:[rax+4] |
000000000104A2BD | 8D91 78FFFFFF | lea edx,qword ptr ds:[rcx-88] |
000000000104A2C3 | 89940D DC020000 | mov dword ptr ss:[rbp+rcx+2DC],edx |
000000000104A2CA | 48:8D8D E8020000 | lea rcx,qword ptr ss:[rbp+2E8] |
000000000104A2D1 | E8 BA61F9FF | call <auui.sub_FE0490> |
000000000104A2D6 | 48:8D8D F0020000 | lea rcx,qword ptr ss:[rbp+2F0] |
000000000104A2DD | FF15 8D689700 | call qword ptr ds:[<&??1?$basic_ostrea |
000000000104A2E3 | 48:8D8D 68030000 | lea rcx,qword ptr ss:[rbp+368] | [rbp+368]:sub_18020A0+90F
000000000104A2EA | FF15 48679700 | call qword ptr ds:[<&??1?$basic_ios@GU |
000000000104A2F0 | 90 | nop |
000000000104A2F1 | 48:8B45 10 | mov rax,qword ptr ss:[rbp+10] |
000000000104A2F5 | 48:6348 04 | movsxd rcx,dword ptr ds:[rax+4] |
000000000104A2F9 | 48:897C0D 10 | mov qword ptr ss:[rbp+rcx+10],rdi |
000000000104A2FE | 48:8B45 10 | mov rax,qword ptr ss:[rbp+10] |
000000000104A302 | 48:6348 04 | movsxd rcx,dword ptr ds:[rax+4] |
000000000104A306 | 8D91 78FFFFFF | lea edx,qword ptr ds:[rcx-88] |
000000000104A30C | 89540D 0C | mov dword ptr ss:[rbp+rcx+C],edx |
000000000104A310 | 48:8D4D 18 | lea rcx,qword ptr ss:[rbp+18] |
000000000104A314 | E8 7761F9FF | call <auui.sub_FE0490> |
000000000104A319 | 48:8D4D 20 | lea rcx,qword ptr ss:[rbp+20] |
000000000104A31D | FF15 4D689700 | call qword ptr ds:[<&??1?$basic_ostrea |
000000000104A323 | 48:8D8D 98000000 | lea rcx,qword ptr ss:[rbp+98] |
000000000104A32A | FF15 08679700 | call qword ptr ds:[<&??1?$basic_ios@GU |
000000000104A330 | 48:8B06 | mov rax,qword ptr ds:[rsi] |
000000000104A333 | 48:8BCE | mov rcx,rsi |
000000000104A336 | FF50 18 | call qword ptr ds:[rax+18] |
000000000104A339 | 803D 006FFA00 00 | cmp byte ptr ds:[1FF1240],0
000000000104A340 | E9 64040000 | jmp auui.104A7A9 | 接下来,这里还需要JMP掉 (2)
000000000104A345 | 00E8 | add al,ch |
000000000104A347 | 852C50 | test dword ptr ds:[rax+rdx*2],ebp |
000000000104A34A | 0048 8B | add byte ptr ds:[rax-75],cl |
000000000104A34D | F8 | clc |
000000000104A34E | 48:894424 60 | mov qword ptr ss:[rsp+60],rax |
000000000104A353 | 48:8B10 | mov rdx,qword ptr ds:[rax] |
000000000104A356 | 48:8BC8 | mov rcx,rax |
000000000104A359 | FF52 10 | call qword ptr ds:[rdx+10] |
000000000104A35C | 84C0 | test al,al |
000000000104A35E | 0F84 23040000 | je auui.104A787 |
000000000104A364 | C64424 44 00 | mov byte ptr ss:[rsp+44],0 |
000000000104A369 | 4C:8B07 | mov r8,qword ptr ds:[rdi] |
000000000104A36C | 48:8D95 60060000 | lea rdx,qword ptr ss:[rbp+660] |
000000000104A373 | 48:8BCF | mov rcx,rdi |
000000000104A376 | 41:FF90 80000000 | call qword ptr ds:[r8+80] |
000000000104A37D | 4C:8BE8 | mov r13,rax |
000000000104A380 | 4C:8B07 | mov r8,qword ptr ds:[rdi] |
000000000104A383 | 48:8D95 50050000 | lea rdx,qword ptr ss:[rbp+550] |
000000000104A38A | 48:8BCF | mov rcx,rdi |
000000000104A38D | 41:FF50 78 | call qword ptr ds:[r8+78] |
000000000104A391 | 4C:8BE0 | mov r12,rax |
000000000104A394 | 4C:8B07 | mov r8,qword ptr ds:[rdi] |
000000000104A397 | 48:8D95 30050000 | lea rdx,qword ptr ss:[rbp+530] |
000000000104A39E | 48:8BCF | mov rcx,rdi |
000000000104A3A1 | 41:FF50 70 | call qword ptr ds:[r8+70] |
000000000104A3A5 | 4C:8BF8 | mov r15,rax | r15:&L"\"C:\\Program Files\\Adobe\\Adobe Audition 2020\\Adobe Audition.exe\""
000000000104A3A8 | 4C:8B07 | mov r8,qword ptr ds:[rdi] |
000000000104A3AB | 48:8D95 D0030000 | lea rdx,qword ptr ss:[rbp+3D0] |
000000000104A3B2 | 48:8BCF | mov rcx,rdi |
000000000104A3B5 | 41:FF50 58 | call qword ptr ds:[r8+58] |
000000000104A3B9 | 48:8BD0 | mov rdx,rax |
000000000104A3BC | 48:8D8D 10050000 | lea rcx,qword ptr ss:[rbp+510] |
000000000104A3C3 | FF15 07929700 | call qword ptr ds:[<&?UTF8toStdString@string@dvacore@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$alloca |
000000000104A3C9 | 4C:8BF0 | mov r14,rax |
000000000104A3CC | FF15 A6929700 | call qword ptr ds:[<&?Instance@DebugDatabase@debug@dvacore@@SAAEAV123@XZ>] |
000000000104A3D2 | 48:8BC8 | mov rcx,rax |
000000000104A3D5 | 4C:8D4424 44 | lea r8,qword ptr ss:[rsp+44] |
000000000104A3DA | 48:8D15 3751EA00 | lea rdx,qword ptr ds:[1EEF518] | 0000000001EEF518:&"EnableDebugTraceUsageLogger"
000000000104A3E1 | E8 6AD9FBFF | call <auui.sub_1007D50> |
000000000104A3E6 | 0FB6F0 | movzx esi,al |
000000000104A3E9 | FF15 714E9700 | call qword ptr ds:[<&?IsPrereleaseEnabled@AppConstants@abe@@SA_NXZ>] |
000000000104A3EF | 0FB6F8 | movzx edi,al |
000000000104A3F2 | E8 E9600000 | call <auui.sub_10504E0> |
000000000104A3F7 | 48:8BC8 | mov rcx,rax |
000000000104A3FA | 4C:896C24 38 | mov qword ptr ss:[rsp+38],r13 |
000000000104A3FF | 4C:896424 30 | mov qword ptr ss:[rsp+30],r12 |
000000000104A404 | 4C:897C24 28 | mov qword ptr ss:[rsp+28],r15 |
000000000104A409 | 4C:897424 20 | mov qword ptr ss:[rsp+20],r14 |
000000000104A40E | 44:0FB6CF | movzx r9d,dil |
000000000104A412 | 44:0FB6C6 | movzx r8d,sil |
000000000104A416 | B2 01 | mov dl,1 |
000000000104A418 | FF15 D2319700 | call qword ptr ds:[<&?LateInitialize@UsageLoggerInitializer@app@@SAXPEAX_N11AEBV?$basic_string@DU?$char_tr |
000000000104A41E | 90 | nop |
000000000104A41F | 48:8B95 28050000 | mov rdx,qword ptr ss:[rbp+528] |
000000000104A426 | 48:83FA 10 | cmp rdx,10 |
000000000104A42A | 72 37 | jb auui.104A463 |
000000000104A42C | 48:FFC2 | inc rdx |
000000000104A42F | 48:8B8D 10050000 | mov rcx,qword ptr ss:[rbp+510] |
000000000104A436 | 48:8BC1 | mov rax,rcx |
000000000104A439 | 48:81FA 00100000 | cmp rdx,1000 |
000000000104A440 | 72 1C | jb auui.104A45E |
000000000104A442 | 48:83C2 27 | add rdx,27 |
000000000104A446 | 48:8B49 F8 | mov rcx,qword ptr ds:[rcx-8] |
000000000104A44A | 48:2BC1 | sub rax,rcx |
000000000104A44D | 48:83C0 F8 | add rax,FFFFFFFFFFFFFFF8 |
000000000104A451 | 48:83F8 1F | cmp rax,1F |
000000000104A455 | 76 07 | jbe auui.104A45E |
000000000104A457 | FF15 03759700 | call qword ptr ds:[<&_invalid_parameter_noinfo_noreturn>] |
000000000104A45D | CC | int3 |
000000000104A45E | E8 594D8700 | call <auui.sub_18BF1BC> |
000000000104A463 | 66:0F6F05 B59B9800 | movdqa xmm0,xmmword ptr ds:[19D4020] |
000000000104A46B | F3:0F7F85 20050000 | movdqu xmmword ptr ss:[rbp+520],xmm0 |
000000000104A473 | C685 10050000 00 | mov byte ptr ss:[rbp+510],0 |
000000000104A47A | 48:8B95 48050000 | mov rdx,qword ptr ss:[rbp+548] |
000000000104A481 | 48:83FA 10 | cmp rdx,10 |
000000000104A485 | 72 37 | jb auui.104A4BE |
000000000104A487 | 48:FFC2 | inc rdx |
000000000104A48A | 48:8B8D 30050000 | mov rcx,qword ptr ss:[rbp+530] |
000000000104A491 | 48:8BC1 | mov rax,rcx |
000000000104A494 | 48:81FA 00100000 | cmp rdx,1000 |
000000000104A49B | 72 1C | jb auui.104A4B9 |
000000000104A49D | 48:83C2 27 | add rdx,27 |
000000000104A4A1 | 48:8B49 F8 | mov rcx,qword ptr ds:[rcx-8] |
000000000104A4A5 | 48:2BC1 | sub rax,rcx |
000000000104A4A8 | 48:83C0 F8 | add rax,FFFFFFFFFFFFFFF8 |
000000000104A4AC | 48:83F8 1F | cmp rax,1F |
000000000104A4B0 | 76 07 | jbe auui.104A4B9 |
000000000104A4B2 | FF15 A8749700 | call qword ptr ds:[<&_invalid_parameter_noinfo_noreturn>] |
000000000104A4B8 | CC | int3 |
000000000104A4B9 | E8 FE4C8700 | call <auui.sub_18BF1BC> |
000000000104A4BE | 66:0F6F05 5A9B9800 | movdqa xmm0,xmmword ptr ds:[19D4020] |
000000000104A4C6 | F3:0F7F85 40050000 | movdqu xmmword ptr ss:[rbp+540],xmm0 |
000000000104A4CE | C685 30050000 00 | mov byte ptr ss:[rbp+530],0 |
000000000104A4D5 | 48:8B95 68050000 | mov rdx,qword ptr ss:[rbp+568] |
000000000104A4DC | 48:83FA 10 | cmp rdx,10 |
000000000104A4E0 | 72 37 | jb auui.104A519 |
000000000104A4E2 | 48:FFC2 | inc rdx |
000000000104A4E5 | 48:8B8D 50050000 | mov rcx,qword ptr ss:[rbp+550] |
000000000104A4EC | 48:8BC1 | mov rax,rcx |
000000000104A4EF | 48:81FA 00100000 | cmp rdx,1000 |
000000000104A4F6 | 72 1C | jb auui.104A514 |
000000000104A4F8 | 48:83C2 27 | add rdx,27 |
000000000104A4FC | 48:8B49 F8 | mov rcx,qword ptr ds:[rcx-8] |
000000000104A500 | 48:2BC1 | sub rax,rcx |
000000000104A503 | 48:83C0 F8 | add rax,FFFFFFFFFFFFFFF8 |
000000000104A507 | 48:83F8 1F | cmp rax,1F |
000000000104A50B | 76 07 | jbe auui.104A514 |
000000000104A50D | FF15 4D749700 | call qword ptr ds:[<&_invalid_parameter_noinfo_noreturn>] |
000000000104A513 | CC | int3 |
000000000104A514 | E8 A34C8700 | call <auui.sub_18BF1BC> |
000000000104A519 | 66:0F6F05 FF9A9800 | movdqa xmm0,xmmword ptr ds:[19D4020] |
000000000104A521 | F3:0F7F85 60050000 | movdqu xmmword ptr ss:[rbp+560],xmm0 |
000000000104A529 | C685 50050000 00 | mov byte ptr ss:[rbp+550],0 |
000000000104A530 | 48:8B95 78060000 | mov rdx,qword ptr ss:[rbp+678] |
000000000104A537 | 48:83FA 10 | cmp rdx,10 |
000000000104A53B | 72 37 | jb auui.104A574 |
000000000104A53D | 48:FFC2 | inc rdx |
000000000104A540 | 48:8B8D 60060000 | mov rcx,qword ptr ss:[rbp+660] |
000000000104A547 | 48:8BC1 | mov rax,rcx |
000000000104A54A | 48:81FA 00100000 | cmp rdx,1000 |
000000000104A551 | 72 1C | jb auui.104A56F |
000000000104A553 | 48:83C2 27 | add rdx,27 |
000000000104A557 | 48:8B49 F8 | mov rcx,qword ptr ds:[rcx-8] |
000000000104A55B | 48:2BC1 | sub rax,rcx |
000000000104A55E | 48:83C0 F8 | add rax,FFFFFFFFFFFFFFF8 |
000000000104A562 | 48:83F8 1F | cmp rax,1F |
000000000104A566 | 76 07 | jbe auui.104A56F |
000000000104A568 | FF15 F2739700 | call qword ptr ds:[<&_invalid_parameter_noinfo_noreturn>] |
000000000104A56E | CC | int3 |
000000000104A56F | E8 484C8700 | call <auui.sub_18BF1BC> |
000000000104A574 | 66:0F6F05 A49A9800 | movdqa xmm0,xmmword ptr ds:[19D4020] |
000000000104A57C | 66:0F7F85 30040000 | movdqa xmmword ptr ss:[rbp+430],xmm0 |
000000000104A584 | C685 20040000 00 | mov byte ptr ss:[rbp+420],0 |
000000000104A58B | 66:0F6FC8 | movdqa xmm1,xmm0 |
000000000104A58F | 66:0F7F85 50040000 | movdqa xmmword ptr ss:[rbp+450],xmm0 |
000000000104A597 | C685 40040000 00 | mov byte ptr ss:[rbp+440],0 |
000000000104A59E | 66:0F7F85 70040000 | movdqa xmmword ptr ss:[rbp+470],xmm0 |
000000000104A5A6 | C685 60040000 00 | mov byte ptr ss:[rbp+460],0 |
000000000104A5AD | 48:8B7C24 60 | mov rdi,qword ptr ss:[rsp+60] |
000000000104A5B2 | 48:8B07 | mov rax,qword ptr ds:[rdi] |
000000000104A5B5 | 48:8D95 00060000 | lea rdx,qword ptr ss:[rbp+600] |
000000000104A5BC | 48:8BCF | mov rcx,rdi |
000000000104A5BF | FF50 58 | call qword ptr ds:[rax+58] |
000000000104A5C2 | 48:8BD0 | mov rdx,rax |
000000000104A5C5 | 48:8D8D 20040000 | lea rcx,qword ptr ss:[rbp+420] |
000000000104A5CC | E8 5FC0FFFF | call <auui.sub_1046630> |
000000000104A5D1 | 90 | nop |
000000000104A5D2 | 48:8B95 18060000 | mov rdx,qword ptr ss:[rbp+618] |
000000000104A5D9 | 48:83FA 10 | cmp rdx,10 |
000000000104A5DD | 72 11 | jb auui.104A5F0 |
000000000104A5DF | 48:FFC2 | inc rdx |
000000000104A5E2 | 48:8B8D 00060000 | mov rcx,qword ptr ss:[rbp+600] |
000000000104A5E9 | FF15 19929700 | call qword ptr ds:[<&?Dispose@SmallBlockAllocator@allocator@dvacore@@YAXPEAX_K@Z>] |
000000000104A5EF | 90 | nop |
000000000104A5F0 | 48:8D8D 20060000 | lea rcx,qword ptr ss:[rbp+620] |
000000000104A5F7 | E8 F4B56B00 | call <auui.sub_1705BF0> |
000000000104A5FC | 48:8BD0 | mov rdx,rax |
000000000104A5FF | 48:8D8D 40040000 | lea rcx,qword ptr ss:[rbp+440] |
000000000104A606 | E8 25C0FFFF | call <auui.sub_1046630> |
000000000104A60B | 90 | nop |
000000000104A60C | 48:8B95 38060000 | mov rdx,qword ptr ss:[rbp+638] |
000000000104A613 | 48:83FA 10 | cmp rdx,10 |
000000000104A617 | 72 11 | jb auui.104A62A |
000000000104A619 | 48:FFC2 | inc rdx |
000000000104A61C | 48:8B8D 20060000 | mov rcx,qword ptr ss:[rbp+620] |
000000000104A623 | FF15 DF919700 | call qword ptr ds:[<&?Dispose@SmallBlockAllocator@allocator@dvacore@@YAXPEAX_K@Z>] |
000000000104A629 | 90 | nop |
000000000104A62A | 48:8B07 | mov rax,qword ptr ds:[rdi] |
000000000104A62D | 48:8D95 40060000 | lea rdx,qword ptr ss:[rbp+640] |
000000000104A634 | 48:8BCF | mov rcx,rdi |
000000000104A637 | FF50 70 | call qword ptr ds:[rax+70] |
000000000104A63A | 48:8BF8 | mov rdi,rax |
000000000104A63D | 48:8D85 60040000 | lea rax,qword ptr ss:[rbp+460] |
000000000104A644 | 48:3BC7 | cmp rax,rdi |
000000000104A647 | 74 34 | je auui.104A67D |
000000000104A649 | 48:8D8D 60040000 | lea rcx,qword ptr ss:[rbp+460] |
000000000104A650 | E8 8B5DF9FF | call <auui.sub_FE03E0> |
000000000104A655 | 0F1007 | movups xmm0,xmmword ptr ds:[rdi] |
000000000104A658 | 0F2985 60040000 | movaps xmmword ptr ss:[rbp+460],xmm0 |
000000000104A65F | 0F104F 10 | movups xmm1,xmmword ptr ds:[rdi+10] |
000000000104A663 | 0F298D 70040000 | movaps xmmword ptr ss:[rbp+470],xmm1 |
000000000104A66A | 48:C747 10 00000000 | mov qword ptr ds:[rdi+10],0 |
000000000104A672 | 48:C747 18 0F000000 | mov qword ptr ds:[rdi+18],F |
000000000104A67A | C607 00 | mov byte ptr ds:[rdi],0 |
000000000104A67D | 48:8B95 58060000 | mov rdx,qword ptr ss:[rbp+658] |
000000000104A684 | 48:83FA 10 | cmp rdx,10 |
000000000104A688 | 72 37 | jb auui.104A6C1 |
000000000104A68A | 48:FFC2 | inc rdx |
000000000104A68D | 48:8B8D 40060000 | mov rcx,qword ptr ss:[rbp+640] |
000000000104A694 | 48:8BC1 | mov rax,rcx |
000000000104A697 | 48:81FA 00100000 | cmp rdx,1000 |
000000000104A69E | 72 1C | jb auui.104A6BC |
000000000104A6A0 | 48:83C2 27 | add rdx,27 |
000000000104A6A4 | 48:8B49 F8 | mov rcx,qword ptr ds:[rcx-8] |
000000000104A6A8 | 48:2BC1 | sub rax,rcx |
000000000104A6AB | 48:83C0 F8 | add rax,FFFFFFFFFFFFFFF8 |
000000000104A6AF | 48:83F8 1F | cmp rax,1F |
000000000104A6B3 | 76 07 | jbe auui.104A6BC |
000000000104A6B5 | FF15 A5729700 | call qword ptr ds:[<&_invalid_parameter_noinfo_noreturn>] |
000000000104A6BB | CC | int3 |
000000000104A6BC | E8 FB4A8700 | call <auui.sub_18BF1BC> |
000000000104A6C1 | 48:8D8D 20040000 | lea rcx,qword ptr ss:[rbp+420] |
000000000104A6C8 | FF15 CA779700 | call qword ptr ds:[<&?RegisterLicenseInfo@LicenseInfo@dvaappsupport@@YAXAEBVLicenseInfoData@12@@Z>] |
000000000104A6CE | C605 6B6BFA00 01 | mov byte ptr ds:[1FF1240],1 |
000000000104A6D5 | 48:8B95 78040000 | mov rdx,qword ptr ss:[rbp+478] |
000000000104A6DC | 48:83FA 10 | cmp rdx,10 |
000000000104A6E0 | 72 37 | jb auui.104A719 |
000000000104A6E2 | 48:FFC2 | inc rdx |
000000000104A6E5 | 48:8B8D 60040000 | mov rcx,qword ptr ss:[rbp+460] |
000000000104A6EC | 48:8BC1 | mov rax,rcx |
000000000104A6EF | 48:81FA 00100000 | cmp rdx,1000 |
000000000104A6F6 | 72 1C | jb auui.104A714 |
000000000104A6F8 | 48:83C2 27 | add rdx,27 |
000000000104A6FC | 48:8B49 F8 | mov rcx,qword ptr ds:[rcx-8] |
000000000104A700 | 48:2BC1 | sub rax,rcx |
000000000104A703 | 48:83C0 F8 | add rax,FFFFFFFFFFFFFFF8 |
000000000104A707 | 48:83F8 1F | cmp rax,1F |
000000000104A70B | 76 07 | jbe auui.104A714 |
000000000104A70D | FF15 4D729700 | call qword ptr ds:[<&_invalid_parameter_noinfo_noreturn>] |
000000000104A713 | CC | int3 |
000000000104A714 | E8 A34A8700 | call <auui.sub_18BF1BC> |
000000000104A719 | 66:0F6F05 FF989800 | movdqa xmm0,xmmword ptr ds:[19D4020] |
000000000104A721 | 66:0F7F85 70040000 | movdqa xmmword ptr ss:[rbp+470],xmm0 |
000000000104A729 | C685 60040000 00 | mov byte ptr ss:[rbp+460],0 |
000000000104A730 | 48:8B95 58040000 | mov rdx,qword ptr ss:[rbp+458] |
000000000104A737 | 48:83FA 10 | cmp rdx,10 |
000000000104A73B | 72 10 | jb auui.104A74D |
000000000104A73D | 48:FFC2 | inc rdx |
000000000104A740 | 48:8B8D 40040000 | mov rcx,qword ptr ss:[rbp+440] |
000000000104A747 | FF15 BB909700 | call qword ptr ds:[<&?Dispose@SmallBlockAllocator@allocator@dvacore@@YAXPEAX_K@Z>] |
000000000104A74D | 66:0F6F05 CB989800 | movdqa xmm0,xmmword ptr ds:[19D4020] |
000000000104A755 | 66:0F7F85 50040000 | movdqa xmmword ptr ss:[rbp+450],xmm0 |
000000000104A75D | C685 40040000 00 | mov byte ptr ss:[rbp+440],0 |
000000000104A764 | 48:8B95 38040000 | mov rdx,qword ptr ss:[rbp+438] |
000000000104A76B | 48:83FA 10 | cmp rdx,10 |
000000000104A76F | 72 11 | jb auui.104A782 |
000000000104A771 | 48:FFC2 | inc rdx |
000000000104A774 | 48:8B8D 20040000 | mov rcx,qword ptr ss:[rbp+420] |
000000000104A77B | FF15 87909700 | call qword ptr ds:[<&?Dispose@SmallBlockAllocator@allocator@dvacore@@YAXPEAX_K@Z>] |
000000000104A781 | 90 | nop |
000000000104A782 | 4C:8B7424 70 | mov r14,qword ptr ss:[rsp+70] |
000000000104A787 | FF15 AB519700 | call qword ptr ds:[<&?Instance@CEPManager@acep@@SAAEAV12@XZ>] |
000000000104A78D | 48:8BC8 | mov rcx,rax |
000000000104A790 | FF15 92519700 | call qword ptr ds:[<&?IsInitialized@CEPManager@acep@@QEBA_NXZ>] |
000000000104A796 | 84C0 | test al,al |
000000000104A798 | 74 0F | je auui.104A7A9 |
000000000104A79A | FF15 98519700 | call qword ptr ds:[<&?Instance@CEPManager@acep@@SAAEAV12@XZ>] |
000000000104A7A0 | 48:8BC8 | mov rcx,rax |
000000000104A7A3 | FF15 77519700 | call qword ptr ds:[<&?UpdateHighBeamSessionHandle@CEPManager@acep@@QEAAXXZ>] |
000000000104A7A9 | FF15 A14A9700 | call qword ptr ds:[<&?Get@LockFreeLogger@abe@@SAAEBV?$shared_ptr@VLockFreeLogger@abe@@@boost@@XZ>] |
000000000104A7AF | 48:8B08 | mov rcx,qword ptr ds:[rax] |
000000000104A7B2 | FF15 904A9700 | call qword ptr ds:[<&?ProcessEvents@LockFreeLogger@abe@@QEAAXXZ>] |
000000000104A7B8 | FF15 12999700 | call qword ptr ds:[<&?DoIdleOnAllEnvironments@dvascripting@@YAXXZ>] |
000000000104A7BE | 90 | nop |
000000000104A7BF | 48:85DB | test rbx,rbx |
000000000104A7C2 | 74 16 | je auui.104A7DA |
|
也就是说下面有个锁定登录的流程判断点
(配图2)
然后就可以正常使用了。
[Asm] 纯文本查看 复制代码 000000000119EB69 | 48:8D45 50 | lea rax,qword ptr ss:[rbp+50] | [rbp+50]:&"bcb8ea63-df8e-4267-a750-5df6debe8ec1"
000000000119EB6D | 48:8945 98 | mov qword ptr ss:[rbp-68],rax |
000000000119EB71 | 49:8B0E | mov rcx,qword ptr ds:[r14] | rcx:&"bcb8ea63-df8e-4267-a750-5df6debe8ec1"
000000000119EB74 | E8 A7680400 | call <auui.sub_11E5420> |
000000000119EB79 | 48:8BD0 | mov rdx,rax |
000000000119EB7C | 48:8D4D 50 | lea rcx,qword ptr ss:[rbp+50] | [rbp+50]:&"bcb8ea63-df8e-4267-a750-5df6debe8ec1"
000000000119EB80 | E8 FB3EFFFF | call <auui.sub_1192A80> |
000000000119EB85 | 48:8BD8 | mov rbx,rax |
000000000119EB88 | E8 83CBF8FF | call <auui.sub_112B710> |
000000000119EB8D | 48:8BC8 | mov rcx,rax | rcx:&"bcb8ea63-df8e-4267-a750-5df6debe8ec1"
000000000119EB90 | E8 6BCBF8FF | call <auui.sub_112B700> |
000000000119EB95 | 48:8BC8 | mov rcx,rax | rcx:&"bcb8ea63-df8e-4267-a750-5df6debe8ec1"
000000000119EB98 | 48:8BD3 | mov rdx,rbx |
000000000119EB9B | E8 700DF6FF | call <auui.sub_10FF910> |
000000000119EBA0 | 49:8BCD | mov rcx,r13 | rcx:&"bcb8ea63-df8e-4267-a750-5df6debe8ec1", r13:&"bcb8ea63-df8e-4267-a750-5df6debe8ec1"
000000000119EBA3 | E8 78650400 | call <auui.sub_11E5120> |
000000000119EBA8 | 48:8BC8 | mov rcx,rax | rcx:&"bcb8ea63-df8e-4267-a750-5df6debe8ec1"
000000000119EBAB | E8 A087F5FF | call <auui.sub_10F7350> |
000000000119EBB0 | 48:85C0 | test rax,rax |
000000000119EBB3 | 0F8E BE020000 | jle auui.119EE77 |
000000000119EBB9 | 49:8B0E | mov rcx,qword ptr ds:[r14] | rcx:&"bcb8ea63-df8e-4267-a750-5df6debe8ec1"
000000000119EBBC | E8 5F680400 | call <auui.sub_11E5420> |
000000000119EBC1 | 48:8BC8 | mov rcx,rax | rcx:&"bcb8ea63-df8e-4267-a750-5df6debe8ec1"
000000000119EBC4 | E8 C75D84FF | call <auui.sub_9E4990> |
000000000119EBC9 | 8338 06 | cmp dword ptr ds:[rax],6 |
000000000119EBCC | 0F84 A5020000 | je auui.119EE77 |
000000000119EBD2 | 49:8B0E | mov rcx,qword ptr ds:[r14] | rcx:&"bcb8ea63-df8e-4267-a750-5df6debe8ec1"
000000000119EBD5 | E8 46680400 | call <auui.sub_11E5420> |
000000000119EBDA | 48:8BC8 | mov rcx,rax | rcx:&"bcb8ea63-df8e-4267-a750-5df6debe8ec1"
000000000119EBDD | E8 AE5D84FF | call <auui.sub_9E4990> |
000000000119EBE2 | 8338 05 | cmp dword ptr ds:[rax],5 |
000000000119EBE5 | 0F84 8C020000 | je auui.119EE77 |
000000000119EBEB | 49:8B0E | mov rcx,qword ptr ds:[r14] | rcx:&"bcb8ea63-df8e-4267-a750-5df6debe8ec1"
000000000119EBEE | E8 2D680400 | call <auui.sub_11E5420> |
000000000119EBF3 | 48:8BC8 | mov rcx,rax | rcx:&"bcb8ea63-df8e-4267-a750-5df6debe8ec1"
000000000119EBF6 | E8 955D84FF | call <auui.sub_9E4990> |
000000000119EBFB | 8338 03 | cmp dword ptr ds:[rax],3 |
000000000119EBFE | 74 0F | je auui.119EC0F |
000000000119EC00 | 48:8B45 B8 | mov rax,qword ptr ss:[rbp-48] |
000000000119EC04 | 48:8378 10 00 | cmp qword ptr ds:[rax+10],0 |
000000000119EC09 | E9 69020000 | jmp auui.119EE77 | 第3处修改这里,这里是序列号的验证过程
000000000119EC0E | 0066 0F | add byte ptr ds:[rsi+F],ah |
000000000119EC11 | 6F | outsd |
000000000119EC12 | 05 09541A00 | add eax,1A5409 |
000000000119EC17 | F3:0F7F45 E0 | movdqu xmmword ptr ss:[rbp-20],xmm0 |
000000000119EC1C | C645 D0 00 | mov byte ptr ss:[rbp-30],0 |
000000000119EC20 | 45:33C0 | xor r8d,r8d |
000000000119EC23 | 48:8D15 46441A00 | lea rdx,qword ptr ds:[1343070] |
000000000119EC2A | 48:8D4D D0 | lea rcx,qword ptr ss:[rbp-30] |
000000000119EC2E | E8 9D527BFF | call <auui.sub_953ED0> |
000000000119EC33 | 90 | nop |
000000000119EC34 | 49:8B57 08 | mov rdx,qword ptr ds:[r15+8] | [r15+8]:"Audition1"
000000000119EC38 | 48:8D4D F0 | lea rcx,qword ptr ss:[rbp-10] |
000000000119EC3C | E8 CFC17DFF | call <auui.sub_97AE10> |
000000000119EC41 | 90 | nop |
000000000119EC42 | 49:8B1E | mov rbx,qword ptr ds:[r14] |
000000000119EC45 | 48:8B36 | mov rsi,qword ptr ds:[rsi] |
000000000119EC48 | 48:8BCB | mov rcx,rbx | rcx:&"bcb8ea63-df8e-4267-a750-5df6debe8ec1"
000000000119EC4B | E8 60A67EFF | call <auui.?GetSetupFinishedSignal@ApplicationMenu@aui@@QEAAAEAV?$signal@$$A6AXXZV?$optional_last_value@X@ |
000000000119EC50 | 48:8BF8 | mov rdi,rax |
000000000119EC53 | 48:8BCB | mov rcx,rbx | rcx:&"bcb8ea63-df8e-4267-a750-5df6debe8ec1"
000000000119EC56 | E8 C5670400 | call <auui.sub_11E5420> |
000000000119EC5B | 48:8BC8 | mov rcx,rax | rcx:&"bcb8ea63-df8e-4267-a750-5df6debe8ec1"
000000000119EC5E | E8 BD640400 | call <auui.sub_11E5120> |
000000000119EC63 | 48:8BC8 | mov rcx,rax | rcx:&"bcb8ea63-df8e-4267-a750-5df6debe8ec1"
000000000119EC66 | E8 3587F5FF | call <auui.sub_10F73A0> |
000000000119EC6B | 48:8BD0 | mov rdx,rax |
000000000119EC6E | C64424 28 01 | mov byte ptr ss:[rsp+28],1 |
000000000119EC73 | 48:8D45 D0 | lea rax,qword ptr ss:[rbp-30] |
000000000119EC77 | 48:894424 20 | mov qword ptr ss:[rsp+20],rax |
000000000119EC7C | 4C:8D4D F0 | lea r9,qword ptr ss:[rbp-10] |
000000000119EC80 | 4C:8BC7 | mov r8,rdi |
000000000119EC83 | 48:8B4D 80 | mov rcx,qword ptr ss:[rbp-80] |
000000000119EC87 | FF56 20 | call qword ptr ds:[rsi+20] |
000000000119EC8A | 8BD8 | mov ebx,eax |
000000000119EC8C | 8945 80 | mov dword ptr ss:[rbp-80],eax |
000000000119EC8F | 48:8D4D F0 | lea rcx,qword ptr ss:[rbp-10] |
000000000119EC93 | E8 48177BFF | call <auui.sub_9503E0> |
000000000119EC98 | 90 | nop |
000000000119EC99 | 48:8D4D D0 | lea rcx,qword ptr ss:[rbp-30] |
000000000119EC9D | E8 3E177BFF | call <auui.sub_9503E0> |
000000000119ECA2 | 85DB | test ebx,ebx |
000000000119ECA4 | 0F84 F2010000 | je auui.119EE9C |
下面是x64dbg.exe导出的补丁方案: (文件名:888.1337
内容) 供参考学习。
>auui.dll
00000000000BA068:0F->E9
00000000000BA069:85->CC
00000000000BA06A:CB->02
00000000000BA06B:02->00
00000000000BA340:0F->E9
00000000000BA341:85->64
00000000000BA342:63->04
00000000000BA343:04->00
00000000000C66D5:0F->E9
00000000000C66D6:84->DB
00000000000C66D7:DA->02
00000000000C66D8:02->00
000000000065555F:75->EB |
免费评分
-
查看全部评分
|
[复制链接]
发表于 2020-4-9 15:06
收藏
淘帖
有用
分享到朋友圈
