I am very interested in learning exactly which functions they changed in the Xojo DLL as well. Any tips on how I can figure it out? All the tools I’ve tried so far to either decompile or disassemble either the original or the hacked version have only been able to show me some assembly… and it’s been 20+ years since I’ve had to look at any assembly…
My license check lives in a variety of functions that are included in a module named “auth” which I wrote. At app startup, in the app class there are calls to auth.haveLocalLicense() as well as auth.localLicenseIsValid(). Both return booleans.
You may exactly need to compare byte by byte to find the modificated ranges.
Then look at assembly what lines changed exactly.
As Xojo Inc. may not include function names, we may need to look on assembly to see what function it is.
And you can use a debugger to run your app with the modified VM and use a debugger (Visual Studio) to put break points on those modification to stop there.
And then maybe see stack trace of your app and see where this is called.
Noooo, there is no need to mess with the functions.
You just have to change a single JNZ to JMP when the value is returned (Or any apropriate jump)
SInce the XojoGuiFramework32.dll, this concerns all xojo users, maybe could be usefull to share the cracked Xojo DLL. Even with advice, it is not the same than real people expertise doing the job. For example, Christian has more experience
Create a VM with zero access to the rest of your data, install Xojo on it and a copy of your project, use a build script to replace the dll at run time and step through your code.
If you install Sandboxie, you can install and run an app in a sandbox and observe it working, it is specially useful to observe post mortem results like windows keys changes, dropping hidden packed dlls as Sandboxie shows what it changed. Then, after inspection, you just throw the sand-box away and nothing was changed in your system.
