未来已来

破解LoadRunner:How to skip LoadRunner license manager(转)

上一篇 / 下一篇  2008-11-06 13:55:04 / 个人分类:性能测试

Necessary Tools

WinDbg(Debugging Tools for Windows – Microsoft FREE utility to debug programs)

IDA32(InteractiveDisassembler– to reverse binaries toasmsource)

Hiew32(Hex editor – to change binaries)

Assembler language knowledgeJ

Short brief

I’ll skip all my wrong attempts to find real initialization/license checking code block (it took almost two days to get to the right program point to start thinking on) and as usual,itswas mostly done by intuition.

After reversing lm70.dll, I get very good source file with excellent function names and some links to interesting string variables, like “Init”, “CheckRWAccess”, etc. After investigation of such string variables, I found a function which makes “current operation” logs with status flag indications, so it was a real debug output (mbdevelopers forgot to remove). The function makes output depending on “debug switch” on/off, so set to “true” to get operations results output in file ("C:\Documents and Settings\<user>\Local Settings\Temp\lm60trc.txt”). The most interesting is – all functions return only error codes (“0” all fine or “<> 0” on error)! Going thru “CheckRWAccess” the functions, I noticed some codesequence which fillssome memory block with non-logic data, but before procedure ends, that non-logic block was decoded into different license database files names (cfgamp.dlls). After that I’ve changed my PC timer for 20 days forward. When investigating “Init” function results, I set results to “0”, but LoadRunner tells me “you have last day to evaluate program”. Nice… It was due tocfgampthe license database being encoded with sub-status – “you have one day left”. Finally, determined complete solution with no time restrictions and no message boxes.

Done withLRLauncher, but when executingLRController– it hangs on user amount – another procedure another check, so previous lookup methoddon`thelp much. After that I restored Temporary license to get closer look atLRControllerwork. On user amount > 25 it shows license warning message box – excellent, lets start fromMessageBoxAfunction. By setting breakpoint onMessageBoxI get program point, where this message box called and un-winded execution until found where is condition checked “licensed max amount <=current_user_num”. It was single procedure called from lm70!Testfunction. After I set that procedure to return “0 (all fine)” it works with 100 users w/o problems.

 

Note:to get more detailed brief you need to install at least IDA32 orWinDbg.


TAG: 性能测试

引用 删除 wwtao   /   2009-08-06 15:02:29
5
 

评分:0

我来说两句

Open Toolbar