This paper focuses on how to manually blast IAR EWARM 6 X and license generation. The purpose is to share with you. The second is to record the process so that you can cope with future IAR updates. The second is to correct the deficiencies if there are experts looking at it.
IAR embedded workbench 8051 10.20.1 perfect installation Special Edition (with registered machine + cracking tutorial)
- Type:Programming tools
- Language:Simplified Chinese
IAR embedded workbench for 8051 (development tool) series registration machine free Special Edition
- Type:Programming tools
- Language:Simplified Chinese
1、 IAR embedded workbench ide processing
Find common\bin\licensemanager Exe file. This file is the IAR authorization management program. Each time you start IAR, you will run this program to check whether it is authorized. Change its name (PS: you can delete it directly). In this way, a dialog box will pop up to prompt that running the licensemanager fails. Here’s how to start.
Od directly loads iaridepm Exe, set the breakpoint BP messageboxa, F9 runs, and the breakpoint is user32 Messageboxa, ctrl+f9 prompt dialog box appears, click OK, ctrl+f9, F8 until iaridepm Exe code segment. The following code is found:
Obviously, a process is created to run the licensemanager Exe program, when the licensemanager When the EXE program is not found, the process creation fails, and a prompt dialog box pops up. You can simply retun the function. First, scroll down to find the function end return code:
Then scroll up to find the function receipt code:
Select the function entry line and press the spacebar to directly modify it to the function return code, that is: Retn
It should be noted here that checking the function return code is to ensure stack balance. The principle of stack balance is not described in detail.
However, it is useless to modify in OD. Use UltraEdit or WinHex to open iaridepm Exe, search the hexadecimal data of the original function entry attachment, and then replace it according to the modified data,
I won’t elaborate on the specific steps. I’ll search by myself.
After this process, run IAR directly, and there will be no prompt dialog box. However, the IAR is not cracked. When you compile a project, you will be prompted:
Fatal Error[LMS001]: No license found. Use the IAR License Manager to resolve the problem.[LicenseCheck:126.96.36.1994, RMS:8.5.0.0021, Feature:ARM.EW.COMPILER,
2、 Iccarm Exe processing
Find arm\bin\iccarm Exe program, OD load, search the string, and find “must request at least one license.”, Navigate to the code line:
Disconnect at the function entry, press F9 to run the program and reach the breakpoint. Alt+k opens the call stack form, analyzes the stack layer by layer, and finds the suspicious Code:
First judge whether the return value eax is 2. If it is not 2, ECX is set to 0. Then judge whether eax is 0. If eax=0, cl=1. If eax= 0 then cl=0 and finally returned at eax=cl
Continue to analyze the call stack and find that it is OK only when 1 is returned here, that is, the return value eax of the previous function must be =0,
Therefore, the function entry for one disconnection is changed to:
Press F9 to run the program. If you find an internal error, reload it, locate the location you just modified, modify the code, and disconnect. Press F9 to run and disconnect. Press ctrl+f9 several times to come here:
Break down at this function entry, reload the program, and repeat the above steps. F9 runs here, and F8 runs step by step. An error will be prompted after the function at the break position in the above figure is executed,
Cut off at this position, reload the program, repeat the above steps, cut off here, press F7 to follow, and find the suspicious code after analysis:
After many times of analysis, it is found that when al=1 here, the program runs successfully. Therefore, the function above test can be executed by setting al to 1. After pressing F7 twice, the function entry can be changed to the following code.
After modifying the above two points, it is found that iccarm Exe can run successfully without prompting unauthorized. Use the tool to modify iccarm Exe save
After this step, open the project with IAR, and it can be compiled successfully. But the simulation cannot be debugged online.
3、 Simulation dynamic library processing
IAR EWARM supports a variety of online simulations. The corresponding dynamic libraries can be found under arm\bin in the installation directory. After analysis, it is found that only the following dynamic libraries detect the authorization status:
The above dynamic libraries only need to install the second step and modify the first position. The key string is “must request at least one license.”
After this step, IAR can be simulated and debugged online.
3、 Ilinkarm Exe processing
After careful inspection, it is found that arm\bin\linkarm Exe this file also has authorization verification. The verification method is very simple. Load OD, search the string, and find “license”.
The following suspicious string was found in this file: “this product is not licensed for Misra C checking”
The blasting method is the same as that in the previous step. Just modify one place. The key string is “must request at least one license.”
4、 Authorization file registration
License download address:https://www.jb51.net/softs/537080.html
|430||IAR Embedded Workbench for Texas Instruments 430 5.60|
|8051||IAR Embedded Workbench for 8051 8.30|
|ARM||IAR Embedded Workbench for ARM 6.70|
|AVR||IAR Embedded Workbench for Atmel AVR 6.30|
|STM8||IAR Embedded Workbench for STMicroelectronics STM8 1.42|
Copy the corresponding folder to the specified directory:
XP: C:\Documents and Settings\All Users\Application Data\IARSystems\LicenseManagement\LicensePackages\
If the path does not exist, create the path manually.
The patch program is not required for license authorization.