Shortnote
OmniGraphSketcher is a tool to manipulate and display datasets - even allowing you to manually correct data-points by hand. The protection is easily circumvented as the application relies on two subroutines to determine whether the fully-working trial has already expired.
First point of interest is around address 0x64de0, in the initialisation routine where the license is checked.
meth_static_OZZuul_initialize: 00064de0 55 push ebp 00064de1 89E5 mov ebp, esp 00064de3 57 push edi 00064de4 56 push esi 00064de5 53 push ebx 00064de6 83EC4C sub esp, 0x4C 00064de9 8B4508 mov eax, dword [ss:ebp+0x8] 00064dec 8945E0 mov dword [ss:ebp+0xFFFFFFFFFFFFFFE0], eax 00064def A1084E0B00 mov eax, dword [ds:0xB4E08] 00064df4 8945E4 mov dword [ss:ebp+0xFFFFFFFFFFFFFFE4], eax 00064df7 8D55E0 lea edx, dword [ss:ebp+0xFFFFFFFFFFFFFFE0] 00064dfa A1B0190B00 mov eax, dword [ds:objc_msg_initialize] 00064dff 89442404 mov dword [ss:esp+0x4], eax 00064e03 891424 mov dword [ss:esp], edx 00064e06 E861560400 call imp___symbol_stub__objc_msgSendSuper 00064e0b 803D78EB0A0000 cmp byte [ds:0xAEB78], 0x0 00064e12 90 nop 00064e13 90 nop 00064e14 83C44C add esp, 0x4C 00064e17 5B pop ebx 00064e18 5E pop esi 00064e19 5F pop edi 00064e1a C9 leave 00064e1b C3 ret
The next point of interest is in the subroutine around0x68010 that checks whether a license file exists. Without this modification, the program bails out claiming that no valid license file has been found and thus a new document cannot be created.
sub_68010: 00068010 55 push ebp ; XREF=0x3fa0, 0x67ea, 0x687a, 0x68fb, 0x662db 00068011 89E5 mov ebp, esp 00068013 57 push edi ... 000684b1 890424 mov dword [ss:esp], eax 000684b4 E8AD1F0400 call imp___symbol_stub__objc_msgSend 000684b9 89C3 mov ebx, eax 000684bb 85C0 test eax, eax 000684bd E916000000 jmp 0x684D8 ... 000684d8 31C0 xor eax, eax ; XREF=0x684bd, 0x6865f, 0x686a2 000684da 8945E0 mov dword [ss:ebp+0xFFFFFFFFFFFFFFE0], eax 000684dd 8B45E0 mov eax, dword [ss:ebp+0xFFFFFFFFFFFFFFE0] 000684e0 85C0 test eax, eax 000684e2 E948020000 jmp 0x6872F ... 0006872f C705C4E50A0002000000 mov dword [ds:0xAE5C4], 0x2 ; XREF=0x684e2 00068739 A1E8B30A00 mov eax, dword [ds:0xAB3E8] 0006873e E88DACFFFF call sub_633d0 00068743 8945DC mov dword [ss:ebp+0xFFFFFFFFFFFFFFDC], eax 00068746 8B5DDC mov ebx, dword [ss:ebp+0xFFFFFFFFFFFFFFDC] ...
The last modification checks for a valid license. This is perhaps optional since it may be part of the validation process when a new license is registered with the application.
sub_68ce0: 00068ce0 55 push ebp ; XREF=0x6586d, 0x69292, 0x694f2 00068ce1 89E5 mov ebp, esp 00068ce3 57 push edi 00068ce4 56 push esi 00068ce5 53 push ebx 00068ce6 83EC3C sub esp, 0x3C 00068ce9 803DDCEB0A0000 cmp byte [ds:0xAEBDC], 0x0 00068cf0 E9B1010000 jmp 0x68EA6 ... 00068ea6 83C43C add esp, 0x3C ; XREF=0x68cf0 00068ea9 5B pop ebx 00068eaa 5E pop esi 00068eab 5F pop edi 00068eac C9 leave 00068ead C3 ret 00068eae 6690 nop
For the contact, copyright, license, warranty and privacy terms for the usage of this website please see the contact, license, privacy, copyright.