ANTS Performance Profiler 11&ANTS Memory Profiler 11漏洞分析

虽然进程和dll使用了SmartAssembly加密了，但是不影响调试，使用dnspy可以直接调试。通过最开始的登录对话框顺藤摸瓜可以轻松找到RedGate.Client.ActivationPlugin.Shared.LicenceInformation等关键信息。通过简单调试可以发现只需要简单的修改RedGate.Client.ActivationPlugin.Shared.LicenceInformation的几个函数就可以达到目的。

1. 修改LicenceState属性(get_LicenseState方法)为：

public LicenceState LicenceState
{
    get
    {
        return LicenceState.Licensed;
    }
}

2. 找到构造函数，修改成：

public LicenceInformation(LicenceState licenceState, string description, IEnumerable<LicensedProduct> licencedProducts, IEnumerable<IUsageConstraint> usageConstraints, DateTime? expiry)
{
    this.LicensedProducts = new List<LicensedProduct>(licencedProducts ?? Enumerable.Empty<LicensedProduct>());
    this.UsageConstraints = usageConstraints;
    this.LicenceExpiry = expiry;
    this.Description = description;
    if (this.LicensedProducts.Contains(null))
    {
        throw new ArgumentException("Contained null", "licencedProducts");
    }
}

3. 找到方法FeaturesForProduct：

public IEnumerable<ProductFeature> FeaturesForProduct(ProductInformation product)
{
    return new ProductFeature[]
    {
        new ProductFeature("professional")
    };
}

保存RedGate.Client.ActivationPluginShim.dll即可

 ----

原版试用安装包

链接: https://pan.baidu.com/s/1Wji6PcuI6TehBgYKdiwAoA?pwd=m9w4 提取码: m9w4