image.png (49.72 KB, 下载次数: 0)
下载附件
2023-4-8 22:20 上传
但是,有两种情况:
才能进入软件界面。。。不然嘿嘿,只有再见!
第1种情况,申请注册。。还是甭费时间不考虑了,所以我们点下面的输入注册码
image.png (60.94 KB, 下载次数: 0)
下载附件
2023-4-8 22:30 上传
这是注册码输入错误的界面
image.png (63.37 KB, 下载次数: 0)
下载附件
2023-4-8 22:22 上传
这是后面爆破成功后,才会出现的界面
[color=]就出来了这个,随便输入个注册码,就会出来
记录一下错误信息
image.png (17.97 KB, 下载次数: 0)
下载附件
2023-4-8 22:23 上传
再点就出来这,还是进不到界面
设法找到有联系的模块名【对应的文件是哪个?】是否出现了某信息?
方法用很多,譬如用TC,譬如用16进制编辑器等等。
[Asm] 纯文本查看 复制代码00007FF9B0E18757 | FF50 30 | call qword ptr ds:[rax+30] |
00007FF9B0E1875A | 84C0 | test al,al |
00007FF9B0E1875C | 0F84 9E020000 | je tsclicensing.7FF9B0E18A00 | 1)nop 才能见到注册码
00007FF9B0E18762 | 45:33E4 | xor r12d,r12d |
00007FF9B0E18765 | 4C:8965 C0 | mov qword ptr ss:[rbp-40],r12 |
00007FF9B0E18769 | 4C:8965 D0 | mov qword ptr ss:[rbp-30],r12 |
00007FF9B0E1876D | 48:C745 D8 0F000000 | mov qword ptr ss:[rbp-28],F |
00007FF9B0E18775 | 44:8865 C0 | mov byte ptr ss:[rbp-40],r12b |
00007FF9B0E18779 | 49:8B4E 38 | mov rcx,qword ptr ds:[r14+38] | r14+38:"les()"
00007FF9B0E1877D | 48:8B01 | mov rax,qword ptr ds:[rcx] |
00007FF9B0E18780 | 48:8D55 C0 | lea rdx,qword ptr ss:[rbp-40] |
00007FF9B0E18784 | FF50 10 | call qword ptr ds:[rax+10] |
00007FF9B0E18787 | 0F57C0 | xorps xmm0,xmm0 |
00007FF9B0E1878A | F3:0F7F4424 58 | movdqu xmmword ptr ss:[rsp+58],xmm0 |
00007FF9B0E18790 | 49:8B4F 08 | mov rcx,qword ptr ds:[r15+8] |
00007FF9B0E18794 | 48:85C9 | test rcx,rcx |
00007FF9B0E18797 | 74 08 | je tsclicensing.7FF9B0E187A1 |
00007FF9B0E18799 | F0:FF41 08 | lock inc dword ptr ds:[rcx+8] |
00007FF9B0E1879D | 49:8B4F 08 | mov rcx,qword ptr ds:[r15+8] |
00007FF9B0E187A1 | 49:8B07 | mov rax,qword ptr ds:[r15] |
00007FF9B0E187A4 | 48:894424 58 | mov qword ptr ss:[rsp+58],rax |
00007FF9B0E187A9 | 48:894C24 60 | mov qword ptr ss:[rsp+60],rcx |
00007FF9B0E187AE | 4C:8D45 C0 | lea r8,qword ptr ss:[rbp-40] |
00007FF9B0E187B2 | 48:8D5424 58 | lea rdx,qword ptr ss:[rsp+58] |
00007FF9B0E187B7 | 49:8BCE | mov rcx,r14 | r14:&"HcA麳+乳4"
00007FF9B0E187BA | E8 C1050000 | call tsclicensing.7FF9B0E18D80 |
00007FF9B0E187BF | 84C0 | test al,al |
00007FF9B0E187C1 | 0F84 F8000000 | je tsclicensing.7FF9B0E188BF |
00007FF9B0E187C7 | 49:8B8E 08010000 | mov rcx,qword ptr ds:[r14+108] | r14+108:"filesystem::filesystem_error: "
00007FF9B0E187CE | 48:8B01 | mov rax,qword ptr ds:[rcx] |
00007FF9B0E187D1 | FF50 30 | call qword ptr ds:[rax+30] |
00007FF9B0E187D4 | 49:8B4E 18 | mov rcx,qword ptr ds:[r14+18] | r14+18:"nCommonHelper::DeleteLicensingFiles()"
00007FF9B0E187D8 | 48:8B01 | mov rax,qword ptr ds:[rcx] |
00007FF9B0E187DB | FF50 40 | call qword ptr ds:[rax+40] |
00007FF9B0E187DE | 0F57C0 | xorps xmm0,xmm0 |
00007FF9B0E187E1 | F3:0F7F4424 48 | movdqu xmmword ptr ss:[rsp+48],xmm0 |
00007FF9B0E187E7 | 49:8B4F 08 | mov rcx,qword ptr ds:[r15+8] |
00007FF9B0E187EB | 48:85C9 | test rcx,rcx |
00007FF9B0E187EE | 74 08 | je tsclicensing.7FF9B0E187F8 |
00007FF9B0E187F0 | F0:FF41 08 | lock inc dword ptr ds:[rcx+8] |
00007FF9B0E187F4 | 49:8B4F 08 | mov rcx,qword ptr ds:[r15+8] |
00007FF9B0E187F8 | 49:8B07 | mov rax,qword ptr ds:[r15] |
00007FF9B0E187FB | 48:894424 48 | mov qword ptr ss:[rsp+48],rax |
00007FF9B0E18800 | 48:894C24 50 | mov qword ptr ss:[rsp+50],rcx |
00007FF9B0E18805 | 4C:8D4424 48 | lea r8,qword ptr ss:[rsp+48] |
00007FF9B0E1880A | 49:8BD5 | mov rdx,r13 |
00007FF9B0E1880D | 49:8BCE | mov rcx,r14 | r14:&"HcA麳+乳4"
00007FF9B0E18810 | E8 9BF6FFFF | call tsclicensing.7FF9B0E17EB0 |
00007FF9B0E18815 | 90 | nop |
00007FF9B0E18816 | 48:8B55 D8 | mov rdx,qword ptr ss:[rbp-28] |
00007FF9B0E1881A | 48:83FA 10 | cmp rdx,10 |
00007FF9B0E1881E | 72 34 | jb tsclicensing.7FF9B0E18854 |
00007FF9B0E18820 | 48:FFC2 | inc rdx |
00007FF9B0E18823 | 48:8B4D C0 | mov rcx,qword ptr ss:[rbp-40] |
00007FF9B0E18827 | 48:8BC1 | mov rax,rcx |
00007FF9B0E1882A | 48:81FA 00100000 | cmp rdx,1000 |
00007FF9B0E18831 | 72 1C | jb tsclicensing.7FF9B0E1884F |
00007FF9B0E18833 | 48:83C2 27 | add rdx,27 |
00007FF9B0E18837 | 48:8B49 F8 | mov rcx,qword ptr ds:[rcx-8] |
00007FF9B0E1883B | 48:2BC1 | sub rax,rcx |
00007FF9B0E1883E | 48:83C0 F8 | add rax,FFFFFFFFFFFFFFF8 |
00007FF9B0E18842 | 48:83F8 1F | cmp rax,1F |
00007FF9B0E18846 | 76 07 | jbe tsclicensing.7FF9B0E1884F |
00007FF9B0E18848 | FF15 F2B42500 | call qword ptr ds:[
继续向下走,就会发现NOP之后,我们键入的注册码再次出现。
截图
代码比较长,我们抓关键的看下吧。
[Asm] 纯文本查看 复制代码00007FF9B0E73819 | E8 A2931E00 | call tsclicensing.7FF9B105CBC0 |
00007FF9B0E7381E | 48:C745 30 30000000 | mov qword ptr ss:[rbp+30],30 | 30:'0'
00007FF9B0E73826 | 48:C745 38 3F000000 | mov qword ptr ss:[rbp+38],3F | 3F:'?'
00007FF9B0E7382E | 0F1005 0BB52000 | movups xmm0,xmmword ptr ds:[7FF9B107ED40] | 00007FF9B107ED40:"NalpeironActivation::CheckLicenseStatus() called"
00007FF9B0E73835 | 0F1100 | movups xmmword ptr ds:[rax],xmm0 |
00007FF9B0E73838 | 0F100D 11B52000 | movups xmm1,xmmword ptr ds:[7FF9B107ED50] | 00007FF9B107ED50:"ion::CheckLicenseStatus() called"
00007FF9B0E7383F | 0F1148 10 | movups xmmword ptr ds:[rax+10],xmm1 |
00007FF9B0E73843 | 0F1005 16B52000 | movups xmm0,xmmword ptr ds:[7FF9B107ED60] | 00007FF9B107ED60:"eStatus() called"
00007FF9B0E7384A | 0F1140 20 | movups xmmword ptr ds:[rax+20],xmm0 |
00007FF9B0E7384E | 44:8878 30 | mov byte ptr ds:[rax+30],r15b |
00007FF9B0E73852 | 48:8945 20 | mov qword ptr ss:[rbp+20],rax |
00007FF9B0E73856 | 48:8D55 20 | lea rdx,qword ptr ss:[rbp+20] |
00007FF9B0E7385A | 48:8BCF | mov rcx,rdi |
00007FF9B0E7385D | FFD3 | call rbx |
00007FF9B0E7385F | 90 | nop |
00007FF9B0E73860 | 48:8B55 38 | mov rdx,qword ptr ss:[rbp+38] |
00007FF9B0E73864 | 48:83FA 10 | cmp rdx,10 |
00007FF9B0E73868 | 72 34 | jb tsclicensing.7FF9B0E7389E |
00007FF9B0E7386A | 48:FFC2 | inc rdx |
00007FF9B0E7386D | 48:8B4D 20 | mov rcx,qword ptr ss:[rbp+20] |
00007FF9B0E73871 | 48:8BC1 | mov rax,rcx |
00007FF9B0E73874 | 48:81FA 00100000 | cmp rdx,1000 |
00007FF9B0E7387B | 72 1C | jb tsclicensing.7FF9B0E73899 |
00007FF9B0E7387D | 48:83C2 27 | add rdx,27 |
00007FF9B0E73881 | 48:8B49 F8 | mov rcx,qword ptr ds:[rcx-8] |
00007FF9B0E73885 | 48:2BC1 | sub rax,rcx |
00007FF9B0E73888 | 48:83C0 F8 | add rax,FFFFFFFFFFFFFFF8 |
00007FF9B0E7388C | 48:83F8 1F | cmp rax,1F |
00007FF9B0E73890 | 76 07 | jbe tsclicensing.7FF9B0E73899 |
00007FF9B0E73892 | FF15 A8042000 | call qword ptr ds:[JMP
00007FF9B0E73ADD | F6C1 20 | test cl,20 |
00007FF9B0E73AE0 | 74 23 | je tsclicensing.7FF9B0E73B05 | =========》JMP
00007FF9B0E73AE2 | 48:8B4424 78 | mov rax,qword ptr ss:[rsp+78] |
00007FF9B0E73AE7 | 4C:8B00 | mov r8,qword ptr ds:[rax] |
00007FF9B0E73AEA | 4D:85C0 | test r8,r8 |
00007FF9B0E73AED | 74 16 | je tsclicensing.7FF9B0E73B05 |
00007FF9B0E73AEF | 48:8B4424 58 | mov rax,qword ptr ss:[rsp+58] |
00007FF9B0E73AF4 | 48:8B10 | mov rdx,qword ptr ds:[rax] |
00007FF9B0E73AF7 | 4C:3B45 A0 | cmp r8,qword ptr ss:[rbp-60] |
00007FF9B0E73AFB | 4C:0F4245 A0 | cmovb r8,qword ptr ss:[rbp-60] |
00007FF9B0E73B00 | 4C:2BC2 | sub r8,rdx |
00007FF9B0E73B03 | EB 31 | jmp tsclicensing.7FF9B0E73B36 |
00007FF9B0E73B05 | F6C1 04 | test cl,4 |
00007FF9B0E73B08 | 75 24 | jne tsclicensing.7FF9B0E73B2E | =========》JMP
00007FF9B0E73B0A | 48:8B4424 70 | mov rax,qword ptr ss:[rsp+70] |
00007FF9B0E73B0F | 48:8B08 | mov rcx,qword ptr ds:[rax] |
00007FF9B0E73B12 | 48:85C9 | test rcx,rcx |
00007FF9B0E73B15 | 74 17 | je tsclicensing.7FF9B0E73B2E |
00007FF9B0E73B17 | 48:8B4424 50 | mov rax,qword ptr ss:[rsp+50] |
00007FF9B0E73B1C | 48:8B10 | mov rdx,qword ptr ds:[rax] |
00007FF9B0E73B1F | 48:8B45 88 | mov rax,qword ptr ss:[rbp-78] |
00007FF9B0E73B23 | 4C:6300 | movsxd r8,dword ptr ds:[rax] |
00007FF9B0E73B26 | 4C:2BC2 | sub r8,rdx |
00007FF9B0E73B29 | 4C:03C1 | add r8,rcx |
00007FF9B0E73B2C | EB 08 | jmp tsclicensing.7FF9B0E73B36 |
00007FF9B0E73B2E | 4C:8B45 28 | mov r8,qword ptr ss:[rbp+28] |
检测完授权状态后,我们就凭感觉改着走着瞧吧
[Asm] 纯文本查看 复制代码00007FF9B0E765EE | 74 3D | je tsclicensing.7FF9B0E7662D |
00007FF9B0E765F0 | 48:8B85 98000000 | mov rax,qword ptr ss:[rbp+98] |
00007FF9B0E765F7 | 4C:8B00 | mov r8,qword ptr ds:[rax] |
00007FF9B0E765FA | 4D:85C0 | test r8,r8 |
00007FF9B0E765FD | 74 2E | je tsclicensing.7FF9B0E7662D | =====>jmp
00007FF9B0E765FF | 48:8B45 78 | mov rax,qword ptr ss:[rbp+78] |
00007FF9B0E76603 | 48:8B10 | mov rdx,qword ptr ds:[rax] |
00007FF9B0E76606 | 48:8995 40010000 | mov qword ptr ss:[rbp+140],rdx |
00007FF9B0E7660D | 4C:894424 58 | mov qword ptr ss:[rsp+58],r8 |
00007FF9B0E76612 | 4C:3B85 C0000000 | cmp r8,qword ptr ss:[rbp+C0] |
00007FF9B0E76619 | 4C:0F4285 C0000000 | cmovb r8,qword ptr ss:[rbp+C0] |
00007FF9B0E76621 | 4C:2BC2 | sub r8,rdx |
00007FF9B0E76624 | 4C:8985 48010000 | mov qword ptr ss:[rbp+148],r8 |
00007FF9B0E7662B | EB 49 | jmp tsclicensing.7FF9B0E76676 |
00007FF9B0E7662D | F6C1 04 | test cl,4 |
00007FF9B0E76630 | 75 36 | jne tsclicensing.7FF9B0E76668 |
00007FF9B0E76632 | 48:8B85 90000000 | mov rax,qword ptr ss:[rbp+90] |
00007FF9B0E76639 | 48:8B08 | mov rcx,qword ptr ds:[rax] |
00007FF9B0E7663C | 48:85C9 | test rcx,rcx |
00007FF9B0E7663F | 74 27 | je tsclicensing.7FF9B0E76668 |
00007FF9B0E76641 | 48:8B45 70 | mov rax,qword ptr ss:[rbp+70] |
00007FF9B0E76645 | 48:8B10 | mov rdx,qword ptr ds:[rax] |
00007FF9B0E76648 | 48:8995 40010000 | mov qword ptr ss:[rbp+140],rdx |
00007FF9B0E7664F | 48:8B85 A8000000 | mov rax,qword ptr ss:[rbp+A8] |
00007FF9B0E76656 | 4C:6300 | movsxd r8,dword ptr ds:[rax] |
00007FF9B0E76659 | 4C:2BC2 | sub r8,rdx |
00007FF9B0E7665C | 4C:03C1 | add r8,rcx |
00007FF9B0E7665F | 4C:8985 48010000 | mov qword ptr ss:[rbp+148],r8 |
00007FF9B0E76666 | EB 0E | jmp tsclicensing.7FF9B0E76676 |
00007FF9B0E76668 | 4C:8B85 48010000 | mov r8,qword ptr ss:[rbp+148] |
00007FF9B0E7666F | 48:8B95 40010000 | mov rdx,qword ptr ss:[rbp+140] |
00007FF9B0E76676 | 48:85D2 | test rdx,rdx |
00007FF9B0E76679 | 74 0D | je tsclicensing.7FF9B0E76688 |
00007FF9B0E7667B | 48:8D8D 60010000 | lea rcx,qword ptr ss:[rbp+160] |
00007FF9B0E76682 | E8 7982F8FF | call tsclicensing.7FF9B0DFE900 |
00007FF9B0E76687 | 90 | nop |
00007FF9B0E76688 | 48:8D95 60010000 | lea rdx,qword ptr ss:[rbp+160] |
00007FF9B0E7668F | 48:8BCB | mov rcx,rbx |
00007FF9B0E76692 | 41:FFD7 | call r15 |
00007FF9B0E76695 | 90 | nop |
00007FF9B0E76696 | 48:8B95 78010000 | mov rdx,qword ptr ss:[rbp+178] |
00007FF9B0E7669D | 48:83FA 10 | cmp rdx,10 |
00007FF9B0E766A1 | 72 37 | jb tsclicensing.7FF9B0E766DA |
00007FF9B0E766A3 | 48:FFC2 | inc rdx |
00007FF9B0E766A6 | 48:8B8D 60010000 | mov rcx,qword ptr ss:[rbp+160] |
00007FF9B0E766AD | 48:8BC1 | mov rax,rcx |
00007FF9B0E766B0 | 48:81FA 00100000 | cmp rdx,1000 |
00007FF9B0E766B7 | 72 1C | jb tsclicensing.7FF9B0E766D5 |
00007FF9B0E766B9 | 48:83C2 27 | add rdx,27 |
00007FF9B0E766BD | 48:8B49 F8 | mov rcx,qword ptr ds:[rcx-8] |
00007FF9B0E766C1 | 48:2BC1 | sub rax,rcx |
00007FF9B0E766C4 | 48:83C0 F8 | add rax,FFFFFFFFFFFFFFF8 |
00007FF9B0E766C8 | 48:83F8 1F | cmp rax,1F |
00007FF9B0E766CC | 76 07 | jbe tsclicensing.7FF9B0E766D5 |
00007FF9B0E766CE | FF15 6CD61F00 | call qword ptr ds:[转到离线授权
00007FF9B0E766EB | 48:8D05 CE112000 | lea rax,qword ptr ds:[7FF9B10778C0] |
00007FF9B0E766F2 | 48:894424 60 | mov qword ptr ss:[rsp+60],rax |
00007FF9B0E766F7 | 48:8D4D E8 | lea rcx,qword ptr ss:[rbp-18] |
00007FF9B0E766FB | FF15 AFCC1F00 | call qword ptr ds:[因为下面是服务器,所以JMP
00007FF9B0E76805 | F6C1 20 | test cl,20 |
00007FF9B0E76808 | 74 21 | je tsclicensing.7FF9B0E7682B |
00007FF9B0E7680A | 48:8B45 A8 | mov rax,qword ptr ss:[rbp-58] |
00007FF9B0E7680E | 4C:8B00 | mov r8,qword ptr ds:[rax] |
00007FF9B0E76811 | 4D:85C0 | test r8,r8 |
00007FF9B0E76814 | 74 15 | je tsclicensing.7FF9B0E7682B |
00007FF9B0E76816 | 48:8B45 88 | mov rax,qword ptr ss:[rbp-78] |
00007FF9B0E7681A | 48:8B10 | mov rdx,qword ptr ds:[rax] |
00007FF9B0E7681D | 4C:3B45 D0 | cmp r8,qword ptr ss:[rbp-30] |
00007FF9B0E76821 | 4C:0F4245 D0 | cmovb r8,qword ptr ss:[rbp-30] |
00007FF9B0E76826 | 4C:2BC2 | sub r8,rdx |
00007FF9B0E76829 | EB 35 | jmp tsclicensing.7FF9B0E76860 |
00007FF9B0E7682B | F6C1 04 | test cl,4 |
00007FF9B0E7682E | 75 22 | jne tsclicensing.7FF9B0E76852 |
00007FF9B0E76830 | 48:8B45 A0 | mov rax,qword ptr ss:[rbp-60] |
00007FF9B0E76834 | 48:8B08 | mov rcx,qword ptr ds:[rax] |
00007FF9B0E76837 | 48:85C9 | test rcx,rcx |
00007FF9B0E7683A | 74 16 | je tsclicensing.7FF9B0E76852 |
00007FF9B0E7683C | 48:8B45 80 | mov rax,qword ptr ss:[rbp-80] |
00007FF9B0E76840 | 48:8B10 | mov rdx,qword ptr ds:[rax] |
00007FF9B0E76843 | 48:8B45 B8 | mov rax,qword ptr ss:[rbp-48] | [rbp-48]:&"HcA麳+乳4"
00007FF9B0E76847 | 4C:6300 | movsxd r8,dword ptr ds:[rax] |
00007FF9B0E7684A | 4C:2BC2 | sub r8,rdx |
00007FF9B0E7684D | 4C:03C1 | add r8,rcx |
00007FF9B0E76850 | EB 0E | jmp tsclicensing.7FF9B0E76860 |
00007FF9B0E76852 | 4C:8B85 48010000 | mov r8,qword ptr ss:[rbp+148] |
00007FF9B0E76859 | 48:8B95 40010000 | mov rdx,qword ptr ss:[rbp+140] |
00007FF9B0E76860 | 48:85D2 | test rdx,rdx |
00007FF9B0E76863 | 74 0D | je tsclicensing.7FF9B0E76872 |
00007FF9B0E76865 | 48:8D8D 60010000 | lea rcx,qword ptr ss:[rbp+160] |
00007FF9B0E7686C | E8 8F80F8FF | call tsclicensing.7FF9B0DFE900 |
00007FF9B0E76871 | 90 | nop |
00007FF9B0E76872 | 48:8D95 60010000 | lea rdx,qword ptr ss:[rbp+160] |
00007FF9B0E76879 | 48:8BCB | mov rcx,rbx |
00007FF9B0E7687C | 41:FFD6 | call r14 |
00007FF9B0E7687F | 90 | nop |
00007FF9B0E76880 | 48:8B95 78010000 | mov rdx,qword ptr ss:[rbp+178] |
00007FF9B0E76887 | 48:83FA 10 | cmp rdx,10 |
00007FF9B0E7688B | 72 37 | jb tsclicensing.7FF9B0E768C4 |
00007FF9B0E7688D | 48:FFC2 | inc rdx |
00007FF9B0E76890 | 48:8B8D 60010000 | mov rcx,qword ptr ss:[rbp+160] |
00007FF9B0E76897 | 48:8BC1 | mov rax,rcx |
00007FF9B0E7689A | 48:81FA 00100000 | cmp rdx,1000 |
00007FF9B0E768A1 | 72 1C | jb tsclicensing.7FF9B0E768BF |
00007FF9B0E768A3 | 48:83C2 27 | add rdx,27 |
00007FF9B0E768A7 | 48:8B49 F8 | mov rcx,qword ptr ds:[rcx-8] |
00007FF9B0E768AB | 48:2BC1 | sub rax,rcx |
00007FF9B0E768AE | 48:83C0 F8 | add rax,FFFFFFFFFFFFFFF8 |
00007FF9B0E768B2 | 48:83F8 1F | cmp rax,1F |
00007FF9B0E768B6 | 76 07 | jbe tsclicensing.7FF9B0E768BF |
00007FF9B0E768B8 | FF15 82D41F00 | call qword ptr ds:[NOP了才能显示注册成功
00007FF9B0E768D5 | E8 16A7F8FF | call tsclicensing.7FF9B0E00FF0 |
00007FF9B0E768DA | 48:8BF8 | mov rdi,rax |
00007FF9B0E768DD | 48:8B00 | mov rax,qword ptr ds:[rax] |
00007FF9B0E768E0 | 48:8B58 20 | mov rbx,qword ptr ds:[rax+20] |
00007FF9B0E768E4 | 48:89B5 40010000 | mov qword ptr ss:[rbp+140],rsi |
00007FF9B0E768EB | 48:89B5 50010000 | mov qword ptr ss:[rbp+150],rsi |
00007FF9B0E768F2 | 48:C785 58010000 0F000 | mov qword ptr ss:[rbp+158],F |
00007FF9B0E768FD | C685 40010000 00 | mov byte ptr ss:[rbp+140],0 |
00007FF9B0E76904 | B9 60000000 | mov ecx,60 | 60:'`'
00007FF9B0E76909 | E8 B2621E00 | call tsclicensing.7FF9B105CBC0 |
00007FF9B0E7690E | 48:8BC8 | mov rcx,rax |
00007FF9B0E76911 | 48:C785 50010000 55000 | mov qword ptr ss:[rbp+150],55 | 55:'U'
00007FF9B0E7691C | 48:C785 58010000 5F000 | mov qword ptr ss:[rbp+158],5F | 5F:'_'
00007FF9B0E76927 | 0F2805 12882000 | movaps xmm0,xmmword ptr ds:[7FF9B107F140] | 00007FF9B107F140:"NalpeironActivation::UnlockWithLicenseCode() succeeded. Valid license found in cache."
00007FF9B0E7692E | 0F1100 | movups xmmword ptr ds:[rax],xmm0 |
00007FF9B0E76931 | 0F280D 18882000 | movaps xmm1,xmmword ptr ds:[7FF9B107F150] | 00007FF9B107F150:"ion::UnlockWithLicenseCode() succeeded. Valid license found in cache."
00007FF9B0E76938 | 0F1148 10 | movups xmmword ptr ds:[rax+10],xmm1 |
00007FF9B0E7693C | 0F2805 1D882000 | movaps xmm0,xmmword ptr ds:[7FF9B107F160] | 00007FF9B107F160:"icenseCode() succeeded. Valid license found in cache."
00007FF9B0E76943 | 0F1140 20 | movups xmmword ptr ds:[rax+20],xmm0 |
00007FF9B0E76947 | 0F280D 22882000 | movaps xmm1,xmmword ptr ds:[7FF9B107F170] | 00007FF9B107F170:"ceeded. Valid license found in cache."
00007FF9B0E7694E | 0F1148 30 | movups xmmword ptr ds:[rax+30],xmm1 |
00007FF9B0E76952 | 0F2805 27882000 | movaps xmm0,xmmword ptr ds:[7FF9B107F180] | 00007FF9B107F180:"cense found in cache."
00007FF9B0E76959 | 0F1140 40 | movups xmmword ptr ds:[rax+40],xmm0 | rax+40:"$ActivationsAllowed"
00007FF9B0E7695D | 8B05 2D882000 | mov eax,dword ptr ds:[7FF9B107F190] | 00007FF9B107F190:"ache."
00007FF9B0E76963 | 8941 50 | mov dword ptr ds:[rcx+50],eax |
00007FF9B0E76966 | 0FB605 27882000 | movzx eax,byte ptr ds:[7FF9B107F194] |
00007FF9B0E7696D | 8841 54 | mov byte ptr ds:[rcx+54],al |
00007FF9B0E76970 | C641 55 00 | mov byte ptr ds:[rcx+55],0 |
00007FF9B0E76974 | 48:898D 40010000 | mov qword ptr ss:[rbp+140],rcx |
00007FF9B0E7697B | 48:8D95 40010000 | lea rdx,qword ptr ss:[rbp+140] |
00007FF9B0E76982 | 48:8BCF | mov rcx,rdi |
截图
如果前面爆破的都通过了。。
image.png (73.04 KB, 下载次数: 0)
下载附件
2023-4-8 21:44 上传
就会出来这
显然:
最后继续修改,最终我们见到如下界面:
image.png (66.43 KB, 下载次数: 0)
下载附件
2023-4-8 21:46 上传
翻译一下就是决不要忘记你的注册码
登录保存你的注册码
打开进界面
image.png (102.02 KB, 下载次数: 0)
下载附件
2023-4-8 22:44 上传
选择一个配置和使用人群就真的进界面了。
image.png (59.9 KB, 下载次数: 0)
下载附件
2023-4-8 22:45 上传
最终进到界面就是这个样子的。
