Unfortunately, symbols for this build are not available, so we cannot easily locate the `CDefPolicy::Query` method, because none of the methods have any meaningful name (they're all `sub.` because IDA can't name them without symbols). Okay, so what broke for 22000.706? First of all, let's open the new DLL in IDA as well. What is `*((_DWORD *)this + 398)`? I don't know, it probably is some variable (bitmask? 9th bit set) which tells whether this feature is licensed, I think (I haven't studied more in depth how this works). So, instead of checking `*((_DWORD *)this + 398)` against `*((_DWORD *)this + 399)` and seeing that they are equal in our (unlicensed) case (probably), we instead set `*((_DWORD *)this + 398)` to 256. _int64 _fastcall CDefPolicy::Query(CDefPolicy *this, int *a2)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |