此文是为了向大流氓思杰马克丁示威!
请大家看清思杰马克丁的狰狞面目:
https://bbs.kafan.cn/thread-2091302-1-1.html
https://bbs.kafan.cn/thread-2095728-1-1.html
I D A出征,寸草都不生。
马克丁不死,圣战绝不止!
20190104更新
Navicat Premium 12(12.1.11)
64 bit
该版本相较之前的版本有较大变化,不再是修改navicat.exe,而是修改与navicat.exe在同一文件夹下的libcc.dll(1.1.0.0)进行破解,
180782C06: 74 31->EB 31
jz short loc_180782C39->jmp short loc_180782C39
20180805更新
Navicat Premium 12(navicat.exe,12.0.29)
64 bit
Entry Point(EP):023EED60
MD5(Original):5866F953D3480B0D4760489F221D46FA
MD5(Patched ):5AAF2477C39A5CF1ACE70AFA89B32FD9
(EP+4DF)023EF23F:75 0D -> 90 90
jnz short loc_23EF24E -> nop nop
(EP+5BF)023EF31F:77 1E -> EB 1E
ja short loc_23EF33F -> jmp short loc_23EF33F
注意,这个版本相较以前要增加一处修改;
012871F5(EP-1167B6B):
0F 85 EF 00 00 00 -> E9 F0 00 00 00 00
jnz loc_12872EA -> jmp loc_12872EA
首选工具:IDA,OllyDBG,x32dbg,x64dbg,Exeinfope
(注意:0x01319820+0x00400000(ImageBase)=0x01719820)
建议你将本文下载下来,并进行转发和搬运,因为思杰马克丁会疯狂地贼喊捉贼要求删文,我们要团结起来,对抗流氓!
以下是Navicat(Windows版,32_64)全系列patch方法,软件升级后,这些地址都会变化,
但是关键修改点(特征代码)相对于入口点(Entry Point,EP)的偏移量却基本不变,
所以,找到主程序的入口点后,再加上偏移量(比如0x353,0x3CC,0x519,0x5E3),应该能找到特征代码。
32 bit程序的特征代码:
01719B6B A1 E4 A0 74 01 mov eax, off_174A0E4
01719B70 80 38 27 cmp byte ptr [eax], 27h
01719B73(75 09) jnz short loc_1719B7E
01719B75 33 C0 xor eax, eax
01719B77 E8 48 FB F9 FF call sub_16B96C4
01719B7C EB 62 jmp short loc_1719BE0
······
01719BE0 A1 E4 A0 74 01 mov eax, off_174A0E4
01719BE5 0F B6 00 movzx eax, byte ptr [eax]
01719BE8 04 D8 add al, 0D8h
01719BEA 2C 03 sub al, 3
01719BEC(73 0C) jnb short loc_1719BFA
01719BEE 8B 03 mov eax, [ebx]
01719BF0 E8 0B 37 F3 FE call sub_64D300
01719BF5 E9 90 01 00 00 jmp loc_1719D8A
--------
64 bit程序的特征代码:
021066BF 48 8B 05 8A 21 22 00 mov rax, cs:off_2328850
021066C6 80 38 27 cmp byte ptr [rax], 27h
021066C9(75 0D) jnz short loc_21066D8
021066CB 48 33 C9 xor rcx, rcx
021066CE E8 2D C6 F5 FF call sub_2062D00
021066D3 E9 AA 00 00 00 jmp loc_2106782
······
02106782 48 8B 05 C7 20 22 00 mov rax, cs:off_2328850
02106789 48 0F B6 08 movzx rcx, byte ptr [rax]
0210678D 80 E9 28 sub cl, 28h
02106790 80 F9 07 cmp cl, 7
02106793(77 13) ja short loc_21067A8
02106795 B0 01 mov al, 1
02106797 D3 E0 shl eax, cl
02106799 48 0F B6 0D 97 03 00 00 movzx rcx, cs:byte_2106B38
021067A1 84 C8 test al, cl
021067A3 0F 95 C0 setnz al
021067A6 EB 03 jmp short loc_21067AB
--------
Navicat 12 for MariaDB(navicat.exe,12.0.18)
32 bit
Entry Point(EP):016FA7A0
MD5(Original):D9FBC3348E9B2964AF75A7F88BA9C571
MD5(Patched ):4FF79A3CA2819B36A33A4DABD6E8B0FD
(EP+353)016FAAF3:75 09 -> 90 90
jnz short loc_16FAAFE -> nop nop
(EP+3CC)016FAB6C:73 0C -> EB 0C
jnb short loc_16FAB7A -> jmp short loc_16FAB7A
----
64 bit
Entry Point(EP):020E1AD0
MD5(Original):68DE134E513A1DCF88E6169A880F41BD
MD5(Patched ):164B8C728E512BB3318D806D45C250FB
(EP+519)020E1FE9:75 0D -> 90 90
jnz short loc_20E1FF8 -> nop nop
(EP+5E3)020E20B3:77 13 -> EB 13
ja short loc_20E20C8 -> jmp short loc_20E20C8
----
Navicat 12 for MySQL(navicat.exe,12.0.18)
32 bit
Entry Point(EP):01719820
MD5(Original):AF5E037E1D5C874D5E99AA7879D5BA21
MD5(Patched ):71C8D1512630DE11B69A1C3FFEF282EB
(EP+353)01719B73:75 09 -> 90 90
jnz short loc_1719B7E -> nop nop
(EP+3CC)01719BEC:73 0C -> EB 0C
jnb short loc_1719BFA -> jmp short loc_1719BFA
----
64 bit
Entry Point(EP):021061B0
MD5(Original):FAF83ACB83576FABE80F5269F0FB6F4F
MD5(Patched ):0FBF57E1BC8FFB6F34F4E4E0A2552535
(EP+519)021066C9:75 0D -> 90 90
jnz short loc_21066D8 -> nop nop
(EP+5E3)02106793:77 13 -> EB 13
ja short loc_21067A8 -> jmp short loc_21067A8
----
Navicat 12 for Oracle(navicat.exe,12.0.18)
32 bit
Entry Point(EP):0174B7CC
MD5(Original):F179BCCC8016B8A252A4BFA7102CBE89
MD5(Patched ):903BAEA3AC2395438955FAEE6D0F949C
(EP+353)0174BB1F:75 09 -> 90 90
jnz short loc_174BB2A -> nop nop
(EP+3CC)0174BB98:73 0C -> EB 0C
jnb short loc_174BBA6 -> jmp short loc_174BBA6
----
64 bit
Entry Point(EP):0214EDF0
MD5(Original):54083319E2A5530B1551E61A336E8E2E
MD5(Patched ):9F3A8BA574915A56242578C1861CD4EA
(EP+519)0214F309:75 0D -> 90 90
jnz short loc_214F318 -> nop nop
(EP+5E3)0214F3D3:77 13 -> EB 13
ja short loc_214F3E8 -> jmp short loc_214F3E8
----
Navicat 12 for PostgreSQL(navicat.exe,12.0.18)
32 bit
Entry Point(EP):01741790
MD5(Original):81F1E4454E410731A05012901781DC02
MD5(Patched ):037F2556450F4779F99F79F569BC702C
(EP+353)01741AE3:75 09 -> 90 90
jnz short loc_1741AEE -> nop nop
(EP+3CC)01741B5C:73 0C -> EB 0C
jnb short loc_1741B6A -> jmp short loc_1741B6A
----
64 bit
Entry Point(EP):02142A00
MD5(Original):789B2F248460F6B30FC392D7ED7A3304
MD5(Patched ):14CDAA7C6773C5CD5E0CFC1C069900E4
(EP+519)02142F19:75 0D -> 90 90
jnz short loc_2142F28 -> nop nop
(EP+5E3)02142FE3:77 13 -> EB 13
ja short loc_2142FF8 -> jmp short loc_2142FF8
----
Navicat 12 for SQL Server(navicat.exe,12.0.18)
32 bit
Entry Point(EP):01789790
MD5(Original):B724CD8420B702C22D16C65F50DAA94B
MD5(Patched ):AF505E2BBE682BEBBD69E6E261BF61A7
(EP+353)01789AE3:75 09 -> 90 90
jnz short loc_1789AEE -> nop nop
(EP+3CC)01789B5C:73 0C -> EB 0C
jnb short loc_1789B6A -> jmp short loc_1789B6A
----
64 bit
Entry Point(EP):021A6EA0
MD5(Original):B91BF2106E0A4F6385F0D1E74815FC62
MD5(Patched ):B916E5A9C8CC3B7B3136FE76DCB3E8D7
(EP+519)021A73B9:75 0D -> 90 90
jnz short loc_21A73C8 -> nop nop
(EP+5E3)021A7483:77 13 -> EB 13
ja short loc_21A7498 -> jmp short loc_21A7498
----
Navicat 12 for SQLite(navicat.exe,12.0.18)
32 bit
Entry Point(EP):016BE790
MD5(Original):E3DD10FBC882149DD2D0A02E2DB24349
MD5(Patched ):02AFB1D7527A9B1036D77AA54C1CC64A
(EP+353)016BEAE3:75 09 -> 90 90
jnz short loc_16BEAEE -> nop nop
(EP+3CC)016BEB5C:73 0C -> EB 0C
jnb short loc_16BEB6A -> jmp short loc_16BEB6A
----
64 bit
Entry Point(EP):02093F30
MD5(Original):84D59697EFAEBF23E772F274180DDC19
MD5(Patched ):C0CEEEED75AC098D1DDEC50EFCF38851
(EP+519)02094449:75 0D -> 90 90
jnz short loc_2094458 -> nop nop
(EP+5E3)02094513:77 13 -> EB 13
ja short loc_2094528 -> jmp short loc_2094528
----
Navicat Data Modeler(modeler.exe,2.1.12)
32 bit
Entry Point(EP):00DBECA4
MD5(Original):BBF94F6FF5C22269F1D7179757762E9D
MD5(Patched ):01F807AD68E8393E3A20639DE36E3603
(EP+24D)00DBEEF1:75 09 -> 90 90
jnz short loc_DBEEFC -> nop nop
(EP+2BC)00DBEF60:73 0C -> EB 0C
jnb short loc_DBEF6E -> jmp short loc_DBEF6E
----
64 bit
Entry Point(EP):012E0700
MD5(Original):328CAD931B7CF098A0CF9F500C9A062A
MD5(Patched ):1D9DBFFAD5E19E85C3B3B57D9A73216D
(EP+37D)012E0A7D:75 0D -> 90 90
jnz short loc_12E0A8C -> nop nop
(EP+43B)012E0B3B:77 13 -> EB 13
ja short loc_12E0B50 -> jmp short loc_12E0B50
----
Navicat Premium 12(navicat.exe,12.0.18)
32 bit
Entry Point(EP):0191D85C
MD5(Original):93350440DEC6314EDFB4E6D276279538
MD5(Patched ):C5522ADCDD893337102FD72ABE13BD47
(EP+353)0191DBAF:75 09 -> 90 90
jnz short loc_191DBBA -> nop nop
(EP+3CC)0191DC28:73 0C -> EB 0C
jnb short loc_191DC36 -> jmp short loc_191DC36
----
64 bit
Entry Point(EP):023CA180
MD5(Original):ECB007645786E37DA38A71A12763321E
MD5(Patched ):1BE752EA8C3B89F8DFDAF63A3A5A13E3
(EP+519)023CA699:75 0D -> 90 90
jnz short loc_23CA6A8 -> nop nop
(EP+5F9)023CA779:77 1E -> EB 1E
ja short loc_23CA799 -> jmp short loc_23CA799
----
Navicat Premium Essentials 12(navicat.exe,12.0.18)
32 bit
Entry Point(EP):01683A6C
MD5(Original):BC738D6BC658FB212517F7B4955A8E4C
MD5(Patched ):B97720ABDCFB28CC5CD5B3C86210F398
(EP+34C)01683DB8:75 09 -> 90 90
jnz short loc_1683DC3 -> jz short loc_1683DC3
(EP+3C5)01683E31:73 0C -> EB 0C
jnb short loc_1683E3F -> jmp short loc_1683E3F
----
64 bit
Entry Point(EP):01FEBA40
MD5(Original):F0328566A14527B954873E54EF57474D
MD5(Patched ):1053539FAB18252842AF3707319F24FE
(EP+50C)01FEBF4C:75 0D -> 90 90
jnz short loc_1FEBF5B -> nop nop
(EP+5EC)01FEC02C:77 1E -> EB 1E
ja short loc_1FEC04C -> jmp short loc_1FEC04C
----
Navicat Report Viewer(rviewer.exe,3.2.8)
32 bit
Entry Point(EP):00F207C0
MD5(Original):BC3138EC4B1D91529459CA78BD753A95
MD5(Patched ):86E75214EC06763F0AA492B70245CA09
(EP+28B)00F20A4B:75 09 -> 90 90
jnz short loc_F20A56 -> nop nop
(EP+2FA)00F20ABA:73 0C -> EB 0C
jnb short loc_F20AC8 -> jmp short loc_F20AC8
----
64 bit
Entry Point(EP):014C5DD0
MD5(Original):1F8DBAE152B28FCDD278B6C7EE99B05C
MD5(Patched ):1B26B2CD35802EECE257DD302A8341B7
(EP+409)014C61D9:75 0D -> 90 90
jnz short loc_14C61E8 -> nop nop
(EP+4C7)014C6297:77 13 -> EB 13
ja short loc_14C62AC -> jmp short loc_14C62AC
----
