DLL file cracking time limit Attempt

Background:

Recently, I needed a function to Convert PDF files to word. I found a DLL, but there was a time limit. So I tried the following and used the tool to remove the time limit.

DLL file: 1272word

Tools:

Ida pro advanced6.1 (mainly used for analysis and compilationCodeTo find the key points)

Ollydbg (modify the assembly code in DLL and save it as DLL)

Idea: Find the time judgment position in the DLL disassembly code and skip the time judgment.

Implementation:

Open the DLL file using IDA pro. This tool can graphically display the jump relationships of various methods in the DLL, such:

When the DLL is used in an expired period, a prompt is displayed, such"Clock tempering Detected"Character, inIda, search for this character, such:

The search process is long and experienced people will know that these characters usually have a fixed storage location in the. RDATA or. text section, such

Obviously, the first one is the string we want to find. Double-click it to go to the following interface:

In the yellow areaProgramTo see where it is defined, double-click it, as shown in

Lists the methods in which the character area is called, as shown in figure

Return to the calling position in the program just now. In Ida, you can narrow down the image and follow this method to keep searching for it,

Find out when he started calling this method. For example:

The blue square is the place to enter the prompt. The green square has a judgment. If it is correct, it will go to a usable line.

The method name is loc_1000399e, which solves the problem and prevents the method from entering their parent node. You can directly jump to the 1000399e address.

Change JL loc_10003899 to JMP loc_1000399e on the Orange square. In this way, the time judgment method will not go in. Blocked directly.

After the modification, Ida cannot be directly saved as a DLL. If you can see the modification, it cannot be saved. This requires the ollydbg tool.

In Ida, select JL loc_10003899 and switch to Assembly view.

Find the specific assembly code and copy the code. We started to use ollydbg to modify it.

Open the DLL in ollydbg.

Right-click and start searching for binary text

Locate the following location (sometimes the same location will appear, which requires you to determine whether the location is the same)

Double-click,

Change

Click assemble to modify the code.

Next, we need to save

In the code area, select and change the two sentences.

On this page, right-click and choose Save to output the DLL again.

So far, the DLL time limit will be removed. You can change the local time to test the following :)