View Single Post
  #7  
Old 10-27-2021, 21:16
p4r4d0x p4r4d0x is offline
Friend
 
Join Date: Jul 2012
Location: https://www.youtube.com/watch?v=GoCOg8ZzUfg
Posts: 142
Rept. Given: 95
Rept. Rcvd 21 Times in 11 Posts
Thanks Given: 396
Thanks Rcvd at 146 Times in 64 Posts
p4r4d0x Reputation: 21
Exclamation

Patch is not correct at me dosent patch nothing!!

from the dll that supposed to patch is getting called this api ttsUnclaimLicense
Before has another one validation of the license tssclaimLicense sub 14
Code:
100046F9 | 8B45 18                  | mov eax,dword ptr ss:[ebp+18]           |
100046FC | 8945 FC                  | mov dword ptr ss:[ebp-4],eax            |
100046FF | 75 44                    | jne loqsapi5.10004745                   | 
10004701 | 8B3D B0010110            | mov edi,dword ptr ds:[<&ttsClaimLicense |
10004707 | 8D45 F0                  | lea eax,dword ptr ss:[ebp-10]           |
1000470A | 50                       | push eax                                |
1000470B | FFB6 90240000            | push dword ptr ds:[esi+2490]            |
10004711 | FFD7                     | call edi                                |
10004713 | 85C0                     | test eax,eax                            |
10004715 | 74 2E                    | je loqsapi5.10004745                    |
10004717 | 837D F0 FF               | cmp dword ptr ss:[ebp-10],FFFFFFFF      |
Code:
03FB84D0 | 81EC 18060000            | sub esp,618                             |
03FB84D6 | 8D4424 00                | lea eax,dword ptr ss:[esp]              |
03FB84DA | 56                       | push esi                                |
03FB84DB | 50                       | push eax                                |
03FB84DC | E8 37C90500              | call <JMP.&Ordinal#257>                 |
03FB84E1 | 8BB424 24060000          | mov esi,dword ptr ss:[esp+624]          |
03FB84E8 | 83C4 04                  | add esp,4                               |
03FB84EB | 85F6                     | test esi,esi                            |
03FB84ED | 74 46                    | je loqtts6.3FB8535                      |
03FB84EF | 813E 1ACCCAF0            | cmp dword ptr ds:[esi],F0CACC1A         |
03FB84F5 | 75 3E                    | jne loqtts6.3FB8535                     |
03FB84F7 | 8B4E 04                  | mov ecx,dword ptr ds:[esi+4]            |
03FB84FA | 68 C0A30304              | push loqtts6.403A3C0                    | 403A3C0:"* API CALL: ttsUnclaimLicense\n"
03FB84FF | C681 DC4E0000 00         | mov byte ptr ds:[ecx+4EDC],0            |
03FB8506 | 8B56 04                  | mov edx,dword ptr ds:[esi+4]            |
03FB8509 | 81C2 C84C0000            | add edx,4CC8                            |
03FB850F | 52                       | push edx                                |
03FB8510 | 6A 02                    | push 2                                  |
03FB8512 | E8 FBC80500              | call <JMP.&Ordinal#74>                  |
03FB8517 | 8B8424 30060000          | mov eax,dword ptr ss:[esp+630]          |
03FB851E | 8B4E 04                  | mov ecx,dword ptr ds:[esi+4]            |
03FB8521 | 50                       | push eax                                |
03FB8522 | 51                       | push ecx                                |
03FB8523 | E8 98770000              | call loqtts6.3FBFCC0                    |
03FB8528 | 83C4 14                  | add esp,14                              |
03FB852B | 5E                       | pop esi                                 |
03FB852C | 81C4 18060000            | add esp,618                             |
03FB8532 | C2 0800                  | ret 8                                   |
03FB8535 | 8D5424 04                | lea edx,dword ptr ss:[esp+4]            |
03FB8539 | 68 E0A30204              | push loqtts6.402A3E0                    | 402A3E0:"Invalid instance handle. This instance has not been initialized\n"
03FB853E | 52                       | push edx                                |
03FB853F | 6A 01                    | push 1                                  |
03FB8541 | E8 CCC80500              | call <JMP.&Ordinal#74>                  |
03FB8546 | 83C4 0C                  | add esp,C                               |
03FB8549 | B8 030006E0              | mov eax,E0060003                        |
03FB854E | 5E                       | pop esi                                 |
03FB854F | 81C4 18060000            | add esp,618                             |
03FB8555 | C2 0800                  | ret 8                                   |
Code:
DebugString: "* API CALL: ttsDone"
DebugString: "(pid:05004) #001 -"
DebugString: "* API CALL: ttsUnclaimLicense"
DebugString: "(pid:05004) #001 -"
DebugString: "* AUDIO: 0 bytes rendered"
DebugString: "(pid:05004) #001 -"
DebugString: "* LICENSING: Duration of this utterance: 0 msec"
DebugString: "(pid:05004) #001 -"
DebugString: "* LICENSING: Channel ready!"
Anyway it has to be repatched to work properly

UnclaimLicense comes when u selecting Roberto

Last edited by p4r4d0x; 10-27-2021 at 21:28.
Reply With Quote