街角_祝福

导航

静态库破解

工具

  1. notepad++
  2. HxD Hex Editor(16进制编辑器)
  3. dumpbin (Visual Studio自带)
  4. lib (Visual Studio自带)

步骤

  1. 导出obj文件名列表:lib /LIST sqlapiusd.lib > liblist.txt
  2. 解压出obj文件:mkdir objs & lib sqlapiusd.lib /EXTRACT:.\objs\SQLAPI.obj
  3. 查找目标函数:按函数名或其他关键字查找出对应的目标obj文件
  4. 显示obj文件详情(可选):dumpbin /ALL SQLAPI.obj
  5. 反编译obj文件为汇编:dumpbin /disasm SQLAPI.obj > SQLAPI.asm 查看相应的代码并确定修改项
  6. 使用16进制编辑器根据代码字节定位到目标函数,如'85 C0 75 1F 6A 00 8B 0D 00 00 00 00'
  7. 根据汇编指令和机器码的对应关系,修改机器码指令75 -> 74并保存
  8. 保存修改的obj到lib文件:lib /OUT:sqlapiusd.lib ../sqlapiusd.lib SQLAPI.obj

参考

熟练工手操

;从lib库解压出目标OBJ文件
D:\lib\crack>lib sqlapisd.lib /EXTRACT:SQLAPI.OBJ
Microsoft (R) Library Manager Version 14.27.29111.0
Copyright (C) Microsoft Corporation.  All rights reserved.

;从汇编代码确认修改代码位置及内容
D:\lib\crack>dumpbin /disasm SQLAPI.obj > SQLAPI.asm

;修改后的OBJ文件再次反编译出汇编代码,比对确认修改结果
D:\lib\crack>dumpbin /disasm SQLAPI.obj > SQLAPI-u.asm

; 对比结果
; 修改前的SQLAPI.asm代码
?CheckTrial@@YAXXZ (void __cdecl CheckTrial(void)):
  0000A5F0: 55                 push        ebp
  0000A5F1: 8B EC              mov         ebp,esp
  0000A5F3: 0F B6 05 00 00 00  movzx       eax,byte ptr [?bCheckedTrial@?1??CheckTrial@@YAXXZ@4_NA]
            00
  0000A5FA: 85 C0              test        eax,eax
  0000A5FC: 75 1F              jne         0000A61D
  0000A5FE: 6A 00              push        0
  0000A600: 8B 0D 00 00 00 00  mov         ecx,dword ptr [?sTrialCaption@@3PBDB]
  0000A606: 51                 push        ecx
  0000A607: 8B 15 00 00 00 00  mov         edx,dword ptr [?sTrialText@@3PBDB]
  0000A60D: 52                 push        edx
  0000A60E: 6A 00              push        0
  0000A610: FF 15 00 00 00 00  call        dword ptr [__imp__MessageBoxA@16]
  0000A616: C6 05 00 00 00 00  mov         byte ptr [?bCheckedTrial@?1??CheckTrial@@YAXXZ@4_NA],1
            01
  0000A61D: 5D                 pop         ebp
  0000A61E: C3                 ret
  0000A61F: CC                 int         3
; 修改后的SQLAPI-u.asm代码
?CheckTrial@@YAXXZ (void __cdecl CheckTrial(void)):
  0000A5F0: 55                 push        ebp
  0000A5F1: 8B EC              mov         ebp,esp
  0000A5F3: 0F B6 05 00 00 00  movzx       eax,byte ptr [?bCheckedTrial@?1??CheckTrial@@YAXXZ@4_NA]
            00
  0000A5FA: 85 C0              test        eax,eax
  0000A5FC: 74 1F              je          0000A61D
  0000A5FE: 6A 00              push        0
  0000A600: 8B 0D 00 00 00 00  mov         ecx,dword ptr [?sTrialCaption@@3PBDB]
  0000A606: 51                 push        ecx
  0000A607: 8B 15 00 00 00 00  mov         edx,dword ptr [?sTrialText@@3PBDB]
  0000A60D: 52                 push        edx
  0000A60E: 6A 00              push        0
  0000A610: FF 15 00 00 00 00  call        dword ptr [__imp__MessageBoxA@16]
  0000A616: C6 05 00 00 00 00  mov         byte ptr [?bCheckedTrial@?1??CheckTrial@@YAXXZ@4_NA],1
            01
  0000A61D: 5D                 pop         ebp
  0000A61E: C3                 ret
  0000A61F: CC                 int         3

; 打包修改后的代码
D:\lib\crack>lib /OUT:sqlapisd-u.lib ./sqlapisd.lib SQLAPI.OBJ
Microsoft (R) Library Manager Version 14.27.29111.0
Copyright (C) Microsoft Corporation.  All rights reserved.

Replacing SQLAPI.OBJ

posted on 2023-07-13 20:22  街角_祝福  阅读(172)  评论(0编辑  收藏  举报