Winlicense3.0打补丁失败
研究了一下Winlicense3.0的过授权换机,在OD里成功过掉了,但是利用大白打补丁无效,请各位老师帮忙看一下怎么打补丁这是程序和补丁工程打包,麻烦大佬看一下错在哪
https://wwfm.lanzouj.com/i7lqE19uwgrg
把20D6AF 改成 20E6AF 就可以了 补丁工具用这种打法是有弊端的。至于为什么,参见这里的示例和回复就知道了,
样本示例:
一个比较特别的WL,谁来挑战下
https://www.52hb.com/thread-58634-1-1.html
(出处: 吾爱汇编)
我编译的补丁:
https://versteckt.lanzouw.com/i7CLP17lvooj
有兴趣你可以用这个所谓的补丁工具处理上面链接提供的这个例子,如果能做到和我编译的补丁效果完全一样:能够进入到真正的功能界面,视为成功,只停留在“cannot find path”提示处不算成功。
:)
https://versteckt.lanzouw.com/isScU19wqm0b
boot 发表于 2023-9-25 21:31
补丁工具用这种打法是有弊端的。至于为什么,参见这里的示例和回复就知道了,
样本示例:
请给出patch数据 本帖最后由 Nooby 于 2023-9-26 22:40 编辑
Rooking 发表于 2023-9-26 08:50
请给出patch数据
7621B2E0CALL 到 WriteProcessMemory 来自 winspool.584A4FEF
hProcess = 000002F4
Address = 0x5CEA68
Buffer = 0019FF1F
BytesToWrite = 0x1
pBytesWritten = NULL
7621B2E0断点位于 KernelBa.WriteProcessMemory
7621B2E0CALL 到 WriteProcessMemory
hProcess = 000002F4
Address = 0x5CEAA1
Buffer = 0019FF38
BytesToWrite = 0x5
pBytesWritten = NULL
7621B2E0断点位于 KernelBa.WriteProcessMemory
7621B2E0CALL 到 WriteProcessMemory
hProcess = 000002F4
Address = 0x5C1DE8
Buffer = 0019FF1E
BytesToWrite = 0x1
pBytesWritten = NULL
7621B2E0断点位于 KernelBa.WriteProcessMemory
7621B2E0CALL 到 WriteProcessMemory
hProcess = 000002F4
Address = 0x5BF16F
Buffer = 0019FF30
BytesToWrite = 0x5
pBytesWritten = NULL
7621B2E0断点位于 KernelBa.WriteProcessMemory
7621B2E0CALL 到 WriteProcessMemory
hProcess = 000002F4
Address = 0x5BF25A
Buffer = 0019FF18
BytesToWrite = 0x2
pBytesWritten = NULL
7621B2E0断点位于 KernelBa.WriteProcessMemory
7621B2E0CALL 到 WriteProcessMemory
hProcess = 000002F4
Address = 0x5BF26E
Buffer = 0019FF28
BytesToWrite = 0x5
pBytesWritten = NULL
7621B2E0断点位于 KernelBa.WriteProcessMemory
7621B2E0CALL 到 WriteProcessMemory
hProcess = 000002F4
Address = 0x5CEE74
Buffer = 0019FF20
BytesToWrite = 0x5
pBytesWritten = NULL7621B2E0CALL 到 WriteProcessMemory 来自 winspool.584A4FEF
hProcess = 000002F4
Address = 0x5CEA68
Buffer = 0019FF1F
BytesToWrite = 0x1
pBytesWritten = NULL
7621B2E0断点位于 KernelBa.WriteProcessMemory
7621B2E0CALL 到 WriteProcessMemory
hProcess = 000002F4
Address = 0x5CEAA1
Buffer = 0019FF38
BytesToWrite = 0x5
pBytesWritten = NULL
7621B2E0断点位于 KernelBa.WriteProcessMemory
7621B2E0CALL 到 WriteProcessMemory
hProcess = 000002F4
Address = 0x5C1DE8
Buffer = 0019FF1E
BytesToWrite = 0x1
pBytesWritten = NULL
7621B2E0断点位于 KernelBa.WriteProcessMemory
7621B2E0CALL 到 WriteProcessMemory
hProcess = 000002F4
Address = 0x5BF16F
Buffer = 0019FF30
BytesToWrite = 0x5
pBytesWritten = NULL
7621B2E0断点位于 KernelBa.WriteProcessMemory
7621B2E0CALL 到 WriteProcessMemory
hProcess = 000002F4
Address = 0x5BF25A
Buffer = 0019FF18
BytesToWrite = 0x2
pBytesWritten = NULL
7621B2E0断点位于 KernelBa.WriteProcessMemory
7621B2E0CALL 到 WriteProcessMemory
hProcess = 000002F4
Address = 0x5BF26E
Buffer = 0019FF28
BytesToWrite = 0x5
pBytesWritten = NULL
7621B2E0断点位于 KernelBa.WriteProcessMemory
7621B2E0CALL 到 WriteProcessMemory
hProcess = 000002F4
Address = 0x5CEE74
Buffer = 0019FF20
BytesToWrite = 0x5
pBytesWritten = NULL
多喝水 发表于 2023-9-25 21:20
把20D6AF 改成 20E6AF 就可以了
你好,请教一下地址+1000的原理是什么? 请问楼主0060E6AF这个断点地址是怎么找到的?
把多喝水 发表于 2023-9-25 21:20
把20D6AF 改成 20E6AF 就可以了,我的理解是不是0060E6AF-基址00400000=0020E6AF? Rooking 发表于 2023-9-26 08:50
请给出patch数据
下面这个例子,是Baymax无法补丁的,样本地址和说明均在下方链接内。有兴趣请移步:
https://www.52hb.com/thread-53958-1-1.html
我通过winspool.drv动态Patch了机器码,但还是存在问题。 在xp虚拟机调试几下,文件就被破坏了,请问是什么原因?
页:
[1]