For this tutorial we will be using Mirial Softphone which is a HD video conferencing application. This tutorial is for educational purposes only, so please do not use this to create or distribute a cracked copy of the software.

When you first install the application, it prompts you for a license file. After installing the license you have 30 days to evaluate the application. The expiration date is displayed on this screen; in our case it is March 15, 2011.

Step 1

Trial applications usually store license information in either the registry or on the file system. Since this application prompted us for a license file, we know that it uses the file system. Start up the 32-bit version of API Monitor and enable API’s from the File Management category.

Step 2

Select Hook Process from the File menu to start monitoring the application.

API Monitor will start monitoring and displaying API calls. The application should now display a message indicating that it is an evaluation version. Hit cancel to quit the application.

Step 3

Now that we have captured the API calls made by the application, we need to find the one that reads the license file. Scan through the calls in the API summary view until you find the right one.

The application is reading from mirial.lic file. The name suggests that it might be a license file, so let’s open it up.

We’ve located the license file and it has the expiration date in it.

Step 4

Modify the expiration date in the license file to 2012-03-15 and save the file. Now launch the application again. The application should now display an error indicating that the license is invalid. Hit cancel to quit the application.

Step 5

Our next step is to start debugging the application right after it has read the license file. From Step 3, we know that the application uses CreateFileA to open the file and ReadFile to read the file. Setup a Breakpoint on CreateFileA and launch the application in API Monitor. The breakpoint will be hit multiple times; continue until you reach the one that opens the license file.

Switch back to API Monitor and enable a post-call breakpoint on the ReadFile API and disable the CreateFileA breakpoint. Now hit Continue to let the application run. API Monitor should now display the ReadFile breakpoint.

Now hit the Break button to have API Monitor generate a breakpoint in the application. You should now be able to attach to the application using a debugger.

Step 6

Your debugger should now display disassembled instructions from the application

If you look at the call stack, you’ll notice that the current frame is in apimonitor-drv-x86.sys. Use the debugger to step out until you reach code in the application.

Step 7

The debugger is currently at a location right after the application has finished reading the license file and before it checks the validity of the license. We need to locate the code that performs this check and disable it.

The most common software crack is the modification of an application’s binary to cause or prevent a specific key branch in the program’s execution. This is accomplished by reverse engineering the compiled program code using a debugger such as SoftICE, OllyDbg, GDB, or MacsBug until the software cracker reaches the subroutine that contains the primary method of protecting the software (or by disassembling an executable file with a program such as IDA). The binary is then modified using the debugger or a hex editor in a manner that replaces a prior branching opcode with its complement or a NOP opcode so the key branch will either always execute a specific subroutine or skip over it. – Wikipedia

Stepping though some of the code, we come across this location which looks like a possible match to the code we’re looking for.

Step 8

The value of register eax is 0, right after the function call. Let’s modify the value to 1 and continue running the application. The application displays a different error message this time; instead of an invalid license, the application is telling us that it is unable to locate the file.

Step 9

Now that we have pinpointed the location where the application checks for a valid license, all we need to do is to play around with the values and jmp instructions to find one that works. In this case, inverting the jump instruction from je to jne tells the application that it has a valid license file. Running the application with the modified code displays our new expiration date of March 15, 2012.

Discuss this article here: http://www.rohitab.com/discuss/topic/37059-using-api-monitor-to-crack-copy-protected-software/

API Monitor---------------Using API Monitor to crack copy protected software的更多相关文章

  1. Benchmark result without MONITOR running: Benchmark result with MONITOR running (redis-cli monitor > /dev/null): 吞吐量 下降约1半 Redis监控工具,命令和调优

    https://redis.io/commands/monitor In this particular case, running a single MONITOR client can reduc ...

  2. HTML5之本地文件系统API - File System API

    HTML5之本地文件系统API - File System API 新的HTML5标准给我们带来了大量的新特性和惊喜,例如,画图的画布Canvas,多媒体的audio和video等等.除了上面我们提到 ...

  3. Python API vs C++ API of TensorRT

    Python API vs C++ API of TensorRT 本质上,C++ API和Python API应该在支持您的需求方面接近相同.pythonapi的主要优点是数据预处理和后处理都很容易 ...

  4. 用API网关把API管起来

    最开始只是想找个API网关防止API被恶意请求,找了一圈发现基于Nginx的OpenResty(Lua语言)扩展模块Orange挺好(也找了Kong,但是感觉复杂了点没用),还偷懒用Vagrant结合 ...

  5. lumen 构建api(dingo api)

    什么是 API API(Application Programming Interface,应用程序编程接口)是一些预先定义的函数,目的是提供应用程序与开发人员基于某软件或硬件得以访问一组例程的能力, ...

  6. ASP.NET Core Web API 开发-RESTful API实现

    ASP.NET Core Web API 开发-RESTful API实现 REST 介绍: 符合REST设计风格的Web API称为RESTful API. 具象状态传输(英文:Representa ...

  7. 通过beego快速创建一个Restful风格API项目及API文档自动化

    通过beego快速创建一个Restful风格API项目及API文档自动化 本文演示如何快速(一分钟内,不写一行代码)的根据数据库及表创建一个Restful风格的API项目,及提供便于在线测试API的界 ...

  8. 返璞归真 asp.net mvc (11) - asp.net mvc 4.0 新特性之自宿主 Web API, 在 WebForm 中提供 Web API, 通过 Web API 上传文件, .net 4.5 带来的更方便的异步操作

    原文:返璞归真 asp.net mvc (11) - asp.net mvc 4.0 新特性之自宿主 Web API, 在 WebForm 中提供 Web API, 通过 Web API 上传文件, ...

  9. 【百度地图API】百度API卫星图使用方法和卫星图对比工具

    原文:[百度地图API]百度API卫星图使用方法和卫星图对比工具 百度地图API推出卫星图接口也有一个月啦~ 本文除了介绍如何使用百度地图API来操作卫星图外,还顺带制作了个卫星图对比工具. 一.百度 ...

随机推荐

  1. BZOJ 1010 玩具装箱toy(斜率优化DP)

    题目链接:http://www.lydsy.com/JudgeOnline/problem.php?id=1010 题目大意:P教授要去看奥运,但是他舍不下他的玩具,于是他决定把所有的玩具运到北京.他 ...

  2. Decode Ways——动态规划

    A message containing letters from A-Z is being encoded to numbers using the following mapping: 'A' - ...

  3. SEO:查找网站的百度收录情况和如何让百度快速收录

    查询收录的工具地址: http://tool.chinaz.com/baidu/entry/ 如何让百度快速收录: 一.大家都熟知的百度网站提交,只需要提交网站的首页即可.以前做完这一步就被百度收录的 ...

  4. Raspberry Pi Finder

    这是 meelo 原创的 玩转树莓派 系列文章 作为一名新手,你可能苦恼与如何寻找树莓派的IP地址.要想寻找IP地址,在不同的连接状况下,的方法是不一样的,这在其它教程里有作详细介绍(使用路由器连接树 ...

  5. 【JBPM4】任务节点-任务分配swimlane

    swimlane泳道,几个任务受理人相同的任务节点,可以划分为一个泳道 JPDL <?xml version="1.0" encoding="UTF-8" ...

  6. c# 发送web请求

    我们目前涉及到的现有的接收请求方式有三种, 第一种: 页面式的Form表单 第二种: 服务的webservice形式的xml 第三个: restful风格的post包体json 第一种比较老,博客园的 ...

  7. 这种文件别打开, 大小不足1KB, 却可以让你电脑瘫痪

    今年6月份,抖音表白代码火了,不足1kb的txt文件,玩出了新花样.可是你知道吗,这种非常“浪漫”的表白方式,其实存在着很大的风险,甚至会让你的电脑直接瘫痪. 首先,先说一下所谓的表白代码是怎么回事. ...

  8. 基于node的前端页面实时更新。呦吼~

    学习了gulp,webpack后越发觉得前端开发万分的有趣,首当其冲的就是解决了狂按f5的尴尬. 当我们按下ctrl+s保存后页面自动更新了,我就觉得我f5键在隐隐的发笑. 1.node_npm_li ...

  9. 6.Spark streaming技术内幕 : Job动态生成原理与源码解析

    原创文章,转载请注明:转载自 周岳飞博客(http://www.cnblogs.com/zhouyf/)   Spark streaming 程序的运行过程是将DStream的操作转化成RDD的操作, ...

  10. Sonar常见的审查结果

    格式:问题名字+问题出现的次数 Resources should be closed2 资源未关闭,打开发现有两处用到的IO流没有关闭 Conditions should not unconditio ...