FlexNet / FlexLM with Java

[java3ever]

Yes you are right, the application uses JNI to access native functions...

Like

Code:

private native String getLicenseNumber(final CPointer p0, final String p1) throws FlNativeException;

However I cannot find the actual DLL this is referring to - How can I find out?


//EDIT:
Attached "DLL Export Viewer" and searched for the Java stubs, managed to find the x64 dll. I will now search in the setups files for a 32bit version, this would make the RE a little easier, doesn't it?


//EDIT 2:
Well, IDA doesn't seem to like the lib.

Code:

.text:0000000180006370     ; __unwind { // __GSHandlerCheck_EH
.text:0000000180006370 000                 sub     rsp, 108h
.text:0000000180006377 108                 mov     [rsp+108h+var_90], 0FFFFFFFFFFFFFFFEh
.text:0000000180006380 108                 mov     rax, cs:qword_180172E78
.text:0000000180006387 108                 xor     rax, rsp
.text:000000018000638A 108                 mov     [rsp+108h+var_10], rax
.text:0000000180006392 108                 mov     [rsp+108h+var_D8], rcx
.text:0000000180006397
.text:0000000180006397     loc_180006397:                          ; DATA XREF: .rdata:0000000180112E1C↓o
.text:0000000180006397     ;   try {                               ; struct JNIEnv_ *
.text:0000000180006397 108                 mov     rdx, r8
.text:000000018000639A 108                 call    ?getWsPtr@flbase@@YAPEAXPEAUJNIEnv_@@PEAV_jobject@@@Z ; flbase::getWsPtr(JNIEnv_ *,_jobject *)
.text:000000018000639F 108                 mov     rcx, rax        ; this
.text:00000001800063A2 108                 call    ?blockInternal@License@@QEAAXXZ ; License::blockInternal(void)
.text:00000001800063A7 108                 nop
.text:00000001800063A8
.text:00000001800063A8     loc_1800063A8:                          ; CODE XREF: sub_1800C4F8D+26↓j
.text:00000001800063A8                                             ; sub_1800C4FCD+122↓j ...
.text:00000001800063A8 108                 mov     rcx, [rsp+108h+var_10]
.text:00000001800063B0 108                 xor     rcx, rsp        ; StackCookie
.text:00000001800063B3 108                 call    __security_check_cookie
.text:00000001800063B8 108                 add     rsp, 108h
.text:00000001800063BF 000                 retn
.text:00000001800063BF     ; ---------------------------------------------------------------------------
.text:00000001800063C0 000                 db 0CCh
.text:00000001800063C0     ;   } // starts at 180006397
.text:00000001800063C0     ; } // starts at 180006370
.text:00000001800063C0     Java_com_comsol_nativejni_util_FlLicense_blockInternal endp ; sp-analysis failed

I don't unterstand, why the sp-analysis fails.
When the retn instruction is executed, the Stack Pointer is 0 again, so no offset...
But why does IDA state that the sp-analysis fails?

[sendersu]

usually the name of native dll is in the same java module (.class)
AFAIK java does not use Import table records for this purpose

[java3ever]

Yeah, I found the entry in the class file.

I now need help with the reverse engineering stuff.

I still don't understand why IDA complains about the stack pointer...