chenx221/Reverse
1
0
Fork 0
Code Pull Requests Activity

solved new crackme

Browse Source
This commit is contained in:
Chenx221 2024-10-08 16:13:27 +08:00
parent 49d92c4071
commit b0660021d3
Signed by: chenx221
GPG Key ID: D7A9EC07024C3021
14 changed files with 1255 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
blackice_crackme_1/BlackIce Crackme #1.exe Normal file
View File

Binary file not shown.

BIN
blackice_crackme_1/BlackIce Crackme #1_Patched.exe Normal file
View File

Binary file not shown.

13
blackice_crackme_1/Readme.txt Normal file
View File

@ -0,0 +1,13 @@
BlackIce CRACKME #1
(i don't have any fancy ascii stuff :( oh well)
Name: BlackIce Crackme #1
Targets: Enable the 'CHECK' button, Get the correct serial for your name/nick
Rules: none really, Try to make a keylogger before resorting to patching
Comments: This is the first crackme i have made, so i not really sure how gd it is. I can crack it and i am a nOOb but then again i wrote it :P
Written in vb6 compilled into NATIVE code

23
blackice_crackme_1/keygen/keygen1.deps.json Normal file
View File

@ -0,0 +1,23 @@
{
"runtimeTarget": {
"name": ".NETCoreApp,Version=v8.0",
"signature": ""
},
"compilationOptions": {},
"targets": {
".NETCoreApp,Version=v8.0": {
"keygen1/1.0.0": {
"runtime": {
"keygen1.dll": {}
}
}
}
},
"libraries": {
"keygen1/1.0.0": {
"type": "project",
"serviceable": false,
"sha512": ""
}
}
}

BIN
blackice_crackme_1/keygen/keygen1.dll Normal file
View File

Binary file not shown.

BIN
blackice_crackme_1/keygen/keygen1.exe Normal file
View File

Binary file not shown.

19
blackice_crackme_1/keygen/keygen1.runtimeconfig.json Normal file
View File

@ -0,0 +1,19 @@
{
"runtimeOptions": {
"tfm": "net8.0",
"frameworks": [
{
"name": "Microsoft.NETCore.App",
"version": "8.0.0"
},
{
"name": "Microsoft.WindowsDesktop.App",
"version": "8.0.0"
}
],
"configProperties": {
"System.Reflection.Metadata.MetadataUpdater.IsSupported": false,
"System.Runtime.Serialization.EnableUnsafeBinaryFormatterSerialization": true
}
}
}

520
blackice_crackme_1/solve.md Normal file
View File

@ -0,0 +1,520 @@
启用Check按钮
```
1324h:00->01
```
计算Serial
```c#
private static string? GenerateKey(string name)
{
return string.Concat(name.Select(c => (c * name.Length).ToString("X")));
}
```
将Name的每一位字符*Name长度的十六进制值组合起来大写就是Serial了另外Name至少4位
详情:
```assembly
00401E10 | 55 | push ebp | CheckBtn
00401E11 | 8BEC | mov ebp,esp |
00401E13 | 83EC 0C | sub esp,C |
00401E16 | 68 E6104000 | push <JMP.&__vbaExceptHandler> |
00401E1B | 64:A1 00000000 | mov eax,dword ptr fs:[0] |
00401E21 | 50 | push eax |
00401E22 | 64:8925 00000000 | mov dword ptr fs:[0],esp |
00401E29 | 81EC 34010000 | sub esp,134 |
00401E2F | 53 | push ebx |
00401E30 | 56 | push esi |
00401E31 | 57 | push edi |
00401E32 | 8965 F4 | mov dword ptr ss:[ebp-C],esp |
00401E35 | C745 F8 D0104000 | mov dword ptr ss:[ebp-8],blackice crackme # |
00401E3C | 8B7D 08 | mov edi,dword ptr ss:[ebp+8] |
00401E3F | 8BC7 | mov eax,edi |
00401E41 | 83E0 01 | and eax,1 |
00401E44 | 8945 FC | mov dword ptr ss:[ebp-4],eax |
00401E47 | 83E7 FE | and edi,FFFFFFFE |
00401E4A | 57 | push edi |
00401E4B | 897D 08 | mov dword ptr ss:[ebp+8],edi |
00401E4E | 8B0F | mov ecx,dword ptr ds:[edi] |
00401E50 | FF51 04 | call dword ptr ds:[ecx+4] |
00401E53 | 8B17 | mov edx,dword ptr ds:[edi] |
00401E55 | 33F6 | xor esi,esi |
00401E57 | 57 | push edi |
00401E58 | 8975 DC | mov dword ptr ss:[ebp-24],esi |
00401E5B | 8975 CC | mov dword ptr ss:[ebp-34],esi | [ebp-34]:"Pj"
00401E5E | 8975 BC | mov dword ptr ss:[ebp-44],esi | [ebp-44]:int __stdcall DialogBox2(struct HWND__*, struct HWND__*, int, int)+1BA
00401E61 | 8975 AC | mov dword ptr ss:[ebp-54],esi |
00401E64 | 8975 9C | mov dword ptr ss:[ebp-64],esi | [ebp-64]:@HMValidateHandleNoSecure@8+47
00401E67 | 8975 8C | mov dword ptr ss:[ebp-74],esi |
00401E6A | 8975 88 | mov dword ptr ss:[ebp-78],esi |
00401E6D | 8975 84 | mov dword ptr ss:[ebp-7C],esi |
00401E70 | 8975 80 | mov dword ptr ss:[ebp-80],esi |
00401E73 | 89B5 7CFFFFFF | mov dword ptr ss:[ebp-84],esi |
00401E79 | 89B5 6CFFFFFF | mov dword ptr ss:[ebp-94],esi | [ebp-94]:_PeekMessageW@20+1B1
00401E7F | 89B5 5CFFFFFF | mov dword ptr ss:[ebp-A4],esi |
00401E85 | 89B5 4CFFFFFF | mov dword ptr ss:[ebp-B4],esi | [ebp-B4]:CtfImeProcessKey+1960
00401E8B | 89B5 3CFFFFFF | mov dword ptr ss:[ebp-C4],esi |
00401E91 | 89B5 2CFFFFFF | mov dword ptr ss:[ebp-D4],esi |
00401E97 | 89B5 1CFFFFFF | mov dword ptr ss:[ebp-E4],esi | [ebp-E4]:int __stdcall _PeekMessage(struct tagMSG *, struct HWND__*, unsigned int, unsigned int, unsigned int, unsigned int, int)+EB
00401E9D | 89B5 DCFEFFFF | mov dword ptr ss:[ebp-124],esi |
00401EA3 | 89B5 CCFEFFFF | mov dword ptr ss:[ebp-134],esi |
00401EA9 | FF92 FC020000 | call dword ptr ds:[edx+2FC] |
00401EAF | 50 | push eax |
00401EB0 | 8D45 80 | lea eax,dword ptr ss:[ebp-80] |
00401EB3 | 50 | push eax |
00401EB4 | FF15 38104000 | call dword ptr ds:[<__vbaObjSet>] |
00401EBA | 8BD8 | mov ebx,eax |
00401EBC | 8D55 88 | lea edx,dword ptr ss:[ebp-78] |
00401EBF | 52 | push edx |
00401EC0 | 53 | push ebx |
00401EC1 | 8B0B | mov ecx,dword ptr ds:[ebx] |
00401EC3 | FF91 A0000000 | call dword ptr ds:[ecx+A0] |
00401EC9 | 3BC6 | cmp eax,esi |
00401ECB | DBE2 | fnclex |
00401ECD | 7D 12 | jge blackice crackme #1_patched.401EE1 |
00401ECF | 68 A0000000 | push A0 |
00401ED4 | 68 681B4000 | push blackice crackme #1_patched.401B68 |
00401ED9 | 53 | push ebx |
00401EDA | 50 | push eax |
00401EDB | FF15 2C104000 | call dword ptr ds:[<__vbaHresultCheckObj>] |
00401EE1 | 8B45 88 | mov eax,dword ptr ss:[ebp-78] | [ebp-78]: Name
00401EE4 | 50 | push eax |
00401EE5 | FF15 14104000 | call dword ptr ds:[<__vbaLenBstr>] |
00401EEB | 33DB | xor ebx,ebx |
00401EED | 83F8 04 | cmp eax,4 | Name长度需大于等于4
00401EF0 | 0F9CC3 | setl bl |
00401EF3 | 8D4D 88 | lea ecx,dword ptr ss:[ebp-78] |
00401EF6 | F7DB | neg ebx |
00401EF8 | FF15 C4104000 | call dword ptr ds:[<__vbaFreeStr>] |
00401EFE | 8D4D 80 | lea ecx,dword ptr ss:[ebp-80] |
00401F01 | FF15 C8104000 | call dword ptr ds:[<__vbaFreeObj>] |
00401F07 | 66:3BDE | cmp bx,si |
00401F0A | 0F84 98000000 | je <blackice crackme #1_patched.Next#1> |
00401F10 | B9 04000280 | mov ecx,80020004 | Fail
00401F15 | B8 0A000000 | mov eax,A | 0A:'\n'
00401F1A | 898D 44FFFFFF | mov dword ptr ss:[ebp-BC],ecx |
00401F20 | 898D 54FFFFFF | mov dword ptr ss:[ebp-AC],ecx |
00401F26 | 898D 64FFFFFF | mov dword ptr ss:[ebp-9C],ecx |
00401F2C | 8D95 2CFFFFFF | lea edx,dword ptr ss:[ebp-D4] |
00401F32 | 8D8D 6CFFFFFF | lea ecx,dword ptr ss:[ebp-94] | [ebp-94]:_PeekMessageW@20+1B1
00401F38 | 8985 3CFFFFFF | mov dword ptr ss:[ebp-C4],eax |
00401F3E | 8985 4CFFFFFF | mov dword ptr ss:[ebp-B4],eax | [ebp-B4]:CtfImeProcessKey+1960
00401F44 | 8985 5CFFFFFF | mov dword ptr ss:[ebp-A4],eax |
00401F4A | C785 34FFFFFF 7C1B40 | mov dword ptr ss:[ebp-CC],blackice crackme | 401B7C:L"more than 4 lettters please"
00401F54 | C785 2CFFFFFF 080000 | mov dword ptr ss:[ebp-D4],8 |
00401F5E | FF15 A8104000 | call dword ptr ds:[<__vbaVarDup>] |
00401F64 | 8D8D 3CFFFFFF | lea ecx,dword ptr ss:[ebp-C4] |
00401F6A | 8D95 4CFFFFFF | lea edx,dword ptr ss:[ebp-B4] | [ebp-B4]:CtfImeProcessKey+1960
00401F70 | 51 | push ecx |
00401F71 | 8D85 5CFFFFFF | lea eax,dword ptr ss:[ebp-A4] |
00401F77 | 52 | push edx |
00401F78 | 50 | push eax |
00401F79 | 8D8D 6CFFFFFF | lea ecx,dword ptr ss:[ebp-94] | [ebp-94]:_PeekMessageW@20+1B1
00401F7F | 56 | push esi |
00401F80 | 51 | push ecx |
00401F81 | FF15 3C104000 | call dword ptr ds:[<Ordinal#595>] |
00401F87 | 8D95 3CFFFFFF | lea edx,dword ptr ss:[ebp-C4] |
00401F8D | 8D85 4CFFFFFF | lea eax,dword ptr ss:[ebp-B4] | [ebp-B4]:CtfImeProcessKey+1960
00401F93 | 52 | push edx |
00401F94 | 8D8D 5CFFFFFF | lea ecx,dword ptr ss:[ebp-A4] |
00401F9A | 50 | push eax |
00401F9B | 8D95 6CFFFFFF | lea edx,dword ptr ss:[ebp-94] | [ebp-94]:_PeekMessageW@20+1B1
00401FA1 | 51 | push ecx |
00401FA2 | 52 | push edx |
00401FA3 | E9 C1040000 | jmp blackice crackme #1_patched.402469 |
00401FA8 | 8B07 | mov eax,dword ptr ds:[edi] |
00401FAA | 57 | push edi |
00401FAB | FF90 FC020000 | call dword ptr ds:[eax+2FC] |
00401FB1 | 8D4D 80 | lea ecx,dword ptr ss:[ebp-80] |
00401FB4 | 50 | push eax |
00401FB5 | 51 | push ecx |
00401FB6 | FF15 38104000 | call dword ptr ds:[<__vbaObjSet>] |
00401FBC | 8BD8 | mov ebx,eax |
00401FBE | 8D45 88 | lea eax,dword ptr ss:[ebp-78] |
00401FC1 | 50 | push eax |
00401FC2 | 53 | push ebx |
00401FC3 | 8B13 | mov edx,dword ptr ds:[ebx] |
00401FC5 | FF92 A0000000 | call dword ptr ds:[edx+A0] |
00401FCB | 3BC6 | cmp eax,esi |
00401FCD | DBE2 | fnclex |
00401FCF | 7D 12 | jge blackice crackme #1_patched.401FE3 |
00401FD1 | 68 A0000000 | push A0 |
00401FD6 | 68 681B4000 | push blackice crackme #1_patched.401B68 |
00401FDB | 53 | push ebx |
00401FDC | 50 | push eax |
00401FDD | FF15 2C104000 | call dword ptr ds:[<__vbaHresultCheckObj>] |
00401FE3 | 8B4D 88 | mov ecx,dword ptr ss:[ebp-78] | [ebp-78]: Name
00401FE6 | 51 | push ecx |
00401FE7 | FF15 14104000 | call dword ptr ds:[<__vbaLenBstr>] |
00401FED | 8B1D 0C104000 | mov ebx,dword ptr ds:[<__vbaVarMove>] |
00401FF3 | 8D95 2CFFFFFF | lea edx,dword ptr ss:[ebp-D4] |
00401FF9 | 8D4D CC | lea ecx,dword ptr ss:[ebp-34] | -34:length
00401FFC | 8985 34FFFFFF | mov dword ptr ss:[ebp-CC],eax |
00402002 | C785 2CFFFFFF 030000 | mov dword ptr ss:[ebp-D4],3 |
0040200C | FFD3 | call ebx | ebx:__vbaVarMove
0040200E | 8D4D 88 | lea ecx,dword ptr ss:[ebp-78] |
00402011 | FF15 C4104000 | call dword ptr ds:[<__vbaFreeStr>] |
00402017 | 8D4D 80 | lea ecx,dword ptr ss:[ebp-80] |
0040201A | FF15 C8104000 | call dword ptr ds:[<__vbaFreeObj>] |
00402020 | B8 02000000 | mov eax,2 |
00402025 | B9 01000000 | mov ecx,1 |
0040202A | 8985 2CFFFFFF | mov dword ptr ss:[ebp-D4],eax |
00402030 | 8985 1CFFFFFF | mov dword ptr ss:[ebp-E4],eax | [ebp-E4]:int __stdcall _PeekMessage(struct tagMSG *, struct HWND__*, unsigned int, unsigned int, unsigned int, unsigned int, int)+EB
00402036 | 8D95 2CFFFFFF | lea edx,dword ptr ss:[ebp-D4] |
0040203C | 898D 34FFFFFF | mov dword ptr ss:[ebp-CC],ecx |
00402042 | 898D 24FFFFFF | mov dword ptr ss:[ebp-DC],ecx |
00402048 | 8D45 CC | lea eax,dword ptr ss:[ebp-34] | length
0040204B | 52 | push edx |
0040204C | 8D8D 1CFFFFFF | lea ecx,dword ptr ss:[ebp-E4] | [ebp-E4]:int __stdcall _PeekMessage(struct tagMSG *, struct HWND__*, unsigned int, unsigned int, unsigned int, unsigned int, int)+EB
00402052 | 50 | push eax |
00402053 | 8D95 CCFEFFFF | lea edx,dword ptr ss:[ebp-134] |
00402059 | 51 | push ecx |
0040205A | 8D85 DCFEFFFF | lea eax,dword ptr ss:[ebp-124] |
00402060 | 52 | push edx |
00402061 | 8D4D AC | lea ecx,dword ptr ss:[ebp-54] |
00402064 | 50 | push eax |
00402065 | 51 | push ecx |
00402066 | FF15 34104000 | call dword ptr ds:[<__vbaVarForInit>] |
0040206C | 3BC6 | cmp eax,esi | Loop eax init 1
0040206E | 0F84 3E020000 | je <blackice crackme #1_patched.Next#2> |
00402074 | 8B17 | mov edx,dword ptr ds:[edi] |
00402076 | 57 | push edi |
00402077 | FF92 FC020000 | call dword ptr ds:[edx+2FC] |
0040207D | 50 | push eax |
0040207E | 8D45 80 | lea eax,dword ptr ss:[ebp-80] |
00402081 | 50 | push eax |
00402082 | FF15 38104000 | call dword ptr ds:[<__vbaObjSet>] |
00402088 | 8BF0 | mov esi,eax |
0040208A | 8D55 88 | lea edx,dword ptr ss:[ebp-78] | [ebp-78]:Name
0040208D | 52 | push edx |
0040208E | 56 | push esi |
0040208F | 8B0E | mov ecx,dword ptr ds:[esi] |
00402091 | FF91 A0000000 | call dword ptr ds:[ecx+A0] |
00402097 | 85C0 | test eax,eax |
00402099 | DBE2 | fnclex |
0040209B | 7D 12 | jge blackice crackme #1_patched.4020AF |
0040209D | 68 A0000000 | push A0 |
004020A2 | 68 681B4000 | push blackice crackme #1_patched.401B68 |
004020A7 | 56 | push esi |
004020A8 | 50 | push eax |
004020A9 | FF15 2C104000 | call dword ptr ds:[<__vbaHresultCheckObj>] |
004020AF | 8B07 | mov eax,dword ptr ds:[edi] |
004020B1 | 57 | push edi |
004020B2 | FF90 FC020000 | call dword ptr ds:[eax+2FC] |
004020B8 | 8D8D 7CFFFFFF | lea ecx,dword ptr ss:[ebp-84] |
004020BE | 50 | push eax |
004020BF | 51 | push ecx |
004020C0 | FF15 38104000 | call dword ptr ds:[<__vbaObjSet>] |
004020C6 | 8BF0 | mov esi,eax |
004020C8 | 8D45 84 | lea eax,dword ptr ss:[ebp-7C] | [ebp-7C]:Name
004020CB | 50 | push eax |
004020CC | 56 | push esi |
004020CD | 8B16 | mov edx,dword ptr ds:[esi] |
004020CF | FF92 A0000000 | call dword ptr ds:[edx+A0] |
004020D5 | 85C0 | test eax,eax |
004020D7 | DBE2 | fnclex |
004020D9 | 7D 12 | jge blackice crackme #1_patched.4020ED |
004020DB | 68 A0000000 | push A0 |
004020E0 | 68 681B4000 | push blackice crackme #1_patched.401B68 |
004020E5 | 56 | push esi |
004020E6 | 50 | push eax |
004020E7 | FF15 2C104000 | call dword ptr ds:[<__vbaHresultCheckObj>] |
004020ED | 8B4D 84 | mov ecx,dword ptr ss:[ebp-7C] |
004020F0 | 51 | push ecx |
004020F1 | FF15 14104000 | call dword ptr ds:[<__vbaLenBstr>] |
004020F7 | 8985 34FFFFFF | mov dword ptr ss:[ebp-CC],eax | -CC:length
004020FD | 8B45 88 | mov eax,dword ptr ss:[ebp-78] |
00402100 | 8985 54FFFFFF | mov dword ptr ss:[ebp-AC],eax |
00402106 | 8D95 2CFFFFFF | lea edx,dword ptr ss:[ebp-D4] | -D4:length var
0040210C | 8D45 AC | lea eax,dword ptr ss:[ebp-54] |
0040210F | 52 | push edx |
00402110 | 8D8D 6CFFFFFF | lea ecx,dword ptr ss:[ebp-94] | [ebp-94]:_PeekMessageW@20+1B1
00402116 | 50 | push eax |
00402117 | 51 | push ecx |
00402118 | C785 2CFFFFFF 030000 | mov dword ptr ss:[ebp-D4],3 |
00402122 | C785 24FFFFFF 010000 | mov dword ptr ss:[ebp-DC],1 |
0040212C | C785 1CFFFFFF 020000 | mov dword ptr ss:[ebp-E4],2 | [ebp-E4]:int __stdcall _PeekMessage(struct tagMSG *, struct HWND__*, unsigned int, unsigned int, unsigned int, unsigned int, int)+EB
00402136 | C745 88 00000000 | mov dword ptr ss:[ebp-78],0 |
0040213D | C785 4CFFFFFF 080000 | mov dword ptr ss:[ebp-B4],8 | [ebp-B4]:CtfImeProcessKey+1960
00402147 | FF15 00104000 | call dword ptr ds:[<__vbaVarSub>] | length-index
0040214D | 50 | push eax |
0040214E | 8D95 1CFFFFFF | lea edx,dword ptr ss:[ebp-E4] | [ebp-E4]:int __stdcall _PeekMessage(struct tagMSG *, struct HWND__*, unsigned int, unsigned int, unsigned int, unsigned int, int)+EB
00402154 | 8D85 5CFFFFFF | lea eax,dword ptr ss:[ebp-A4] |
0040215A | 52 | push edx |
0040215B | 50 | push eax |
0040215C | FF15 A4104000 | call dword ptr ds:[<__vbaVarAdd>] | length+1
00402162 | 50 | push eax |
00402163 | FF15 A0104000 | call dword ptr ds:[<__vbaI4Var>] |
00402169 | 8D8D 4CFFFFFF | lea ecx,dword ptr ss:[ebp-B4] | [ebp-B4]:CtfImeProcessKey+1960
0040216F | 50 | push eax | length
00402170 | 8D95 3CFFFFFF | lea edx,dword ptr ss:[ebp-C4] |
00402176 | 51 | push ecx | Name
00402177 | 52 | push edx |
00402178 | FF15 B0104000 | call dword ptr ds:[<Ordinal#619>] | right(Name,length)
0040217E | 8D95 3CFFFFFF | lea edx,dword ptr ss:[ebp-C4] |
00402184 | 8D4D DC | lea ecx,dword ptr ss:[ebp-24] |
00402187 | FFD3 | call ebx |
00402189 | 8D4D 84 | lea ecx,dword ptr ss:[ebp-7C] |
0040218C | FF15 C4104000 | call dword ptr ds:[<__vbaFreeStr>] |
00402192 | 8D85 7CFFFFFF | lea eax,dword ptr ss:[ebp-84] |
00402198 | 8D4D 80 | lea ecx,dword ptr ss:[ebp-80] |
0040219B | 50 | push eax |
0040219C | 51 | push ecx |
0040219D | 6A 02 | push 2 |
0040219F | FF15 20104000 | call dword ptr ds:[<__vbaFreeObjList>] |
004021A5 | 8D95 5CFFFFFF | lea edx,dword ptr ss:[ebp-A4] |
004021AB | 8D85 4CFFFFFF | lea eax,dword ptr ss:[ebp-B4] | [ebp-B4]:CtfImeProcessKey+1960
004021B1 | 52 | push edx |
004021B2 | 50 | push eax |
004021B3 | 6A 02 | push 2 |
004021B5 | FF15 18104000 | call dword ptr ds:[<__vbaFreeVarList>] |
004021BB | 8B0F | mov ecx,dword ptr ds:[edi] |
004021BD | 83C4 18 | add esp,18 |
004021C0 | 57 | push edi |
004021C1 | FF91 FC020000 | call dword ptr ds:[ecx+2FC] |
004021C7 | 8D55 80 | lea edx,dword ptr ss:[ebp-80] |
004021CA | 50 | push eax |
004021CB | 52 | push edx |
004021CC | FF15 38104000 | call dword ptr ds:[<__vbaObjSet>] |
004021D2 | 8BF0 | mov esi,eax |
004021D4 | 8D4D 84 | lea ecx,dword ptr ss:[ebp-7C] | [ebp-7C]:Name
004021D7 | 51 | push ecx |
004021D8 | 56 | push esi |
004021D9 | 8B06 | mov eax,dword ptr ds:[esi] |
004021DB | FF90 A0000000 | call dword ptr ds:[eax+A0] |
004021E1 | 85C0 | test eax,eax |
004021E3 | DBE2 | fnclex |
004021E5 | 7D 12 | jge blackice crackme #1_patched.4021F9 |
004021E7 | 68 A0000000 | push A0 |
004021EC | 68 681B4000 | push blackice crackme #1_patched.401B68 |
004021F1 | 56 | push esi |
004021F2 | 50 | push eax |
004021F3 | FF15 2C104000 | call dword ptr ds:[<__vbaHresultCheckObj>] |
004021F9 | 8D55 DC | lea edx,dword ptr ss:[ebp-24] | 前面right结果
004021FC | 8D45 88 | lea eax,dword ptr ss:[ebp-78] |
004021FF | 52 | push edx |
00402200 | 50 | push eax |
00402201 | FF15 78104000 | call dword ptr ds:[<__vbaStrVarVal>] |
00402207 | 50 | push eax |
00402208 | FF15 24104000 | call dword ptr ds:[<Ordinal#516>] | name[0] ASCII
0040220E | 8B4D 84 | mov ecx,dword ptr ss:[ebp-7C] |
00402211 | 51 | push ecx |
00402212 | 0FBFF0 | movsx esi,ax |
00402215 | FF15 14104000 | call dword ptr ds:[<__vbaLenBstr>] |
0040221B | 0FAFF0 | imul esi,eax | length*asc
0040221E | 0F80 02030000 | jo <blackice crackme #1_patched.ErrOverflow |
00402224 | 8D95 2CFFFFFF | lea edx,dword ptr ss:[ebp-D4] |
0040222A | 8D4D 9C | lea ecx,dword ptr ss:[ebp-64] | result
0040222D | 89B5 34FFFFFF | mov dword ptr ss:[ebp-CC],esi |
00402233 | C785 2CFFFFFF 030000 | mov dword ptr ss:[ebp-D4],3 |
0040223D | FFD3 | call ebx |
0040223F | 8D55 84 | lea edx,dword ptr ss:[ebp-7C] |
00402242 | 8D45 88 | lea eax,dword ptr ss:[ebp-78] |
00402245 | 52 | push edx |
00402246 | 50 | push eax |
00402247 | 6A 02 | push 2 |
00402249 | FF15 90104000 | call dword ptr ds:[<__vbaFreeStrList>] |
0040224F | 83C4 0C | add esp,C |
00402252 | 8D4D 80 | lea ecx,dword ptr ss:[ebp-80] |
00402255 | FF15 C8104000 | call dword ptr ds:[<__vbaFreeObj>] |
0040225B | 8D4D 9C | lea ecx,dword ptr ss:[ebp-64] | result
0040225E | 8D95 6CFFFFFF | lea edx,dword ptr ss:[ebp-94] | [ebp-94]:_PeekMessageW@20+1B1
00402264 | 51 | push ecx |
00402265 | 52 | push edx |
00402266 | FF15 8C104000 | call dword ptr ds:[<Ordinal#573>] | HEX(result)
0040226C | 8D95 6CFFFFFF | lea edx,dword ptr ss:[ebp-94] | [ebp-94]:_PeekMessageW@20+1B1
00402272 | 8D4D BC | lea ecx,dword ptr ss:[ebp-44] | [ebp-44]:int __stdcall DialogBox2(struct HWND__*, struct HWND__*, int, int)+1BA
00402275 | FFD3 | call ebx | 读取上次的值
00402277 | 8D45 8C | lea eax,dword ptr ss:[ebp-74] | old
0040227A | 8D4D BC | lea ecx,dword ptr ss:[ebp-44] | newh
0040227D | 50 | push eax |
0040227E | 8D95 6CFFFFFF | lea edx,dword ptr ss:[ebp-94] | storage
00402284 | 51 | push ecx |
00402285 | 52 | push edx |
00402286 | FF15 A4104000 | call dword ptr ds:[<__vbaVarAdd>] | old+newh
0040228C | 8BD0 | mov edx,eax |
0040228E | 8D4D 8C | lea ecx,dword ptr ss:[ebp-74] |
00402291 | FFD3 | call ebx | ebp-74+=h
00402293 | 8D85 CCFEFFFF | lea eax,dword ptr ss:[ebp-134] |
00402299 | 8D8D DCFEFFFF | lea ecx,dword ptr ss:[ebp-124] |
0040229F | 50 | push eax |
004022A0 | 8D55 AC | lea edx,dword ptr ss:[ebp-54] |
004022A3 | 51 | push ecx |
004022A4 | 52 | push edx |
004022A5 | FF15 BC104000 | call dword ptr ds:[<__vbaVarForNext>] |
004022AB | 33F6 | xor esi,esi |
004022AD | E9 BAFDFFFF | jmp blackice crackme #1_patched.40206C | NextLoop
004022B2 | 8B07 | mov eax,dword ptr ds:[edi] |
004022B4 | 57 | push edi |
004022B5 | FF90 00030000 | call dword ptr ds:[eax+300] |
004022BB | 8D4D 80 | lea ecx,dword ptr ss:[ebp-80] |
004022BE | 50 | push eax |
004022BF | 51 | push ecx |
004022C0 | FF15 38104000 | call dword ptr ds:[<__vbaObjSet>] |
004022C6 | 8BF8 | mov edi,eax |
004022C8 | 8D45 88 | lea eax,dword ptr ss:[ebp-78] | [ebp-78]: UserInput Serial
004022CB | 50 | push eax |
004022CC | 57 | push edi |
004022CD | 8B17 | mov edx,dword ptr ds:[edi] |
004022CF | FF92 A0000000 | call dword ptr ds:[edx+A0] |
004022D5 | 3BC6 | cmp eax,esi |
004022D7 | DBE2 | fnclex |
004022D9 | 7D 12 | jge blackice crackme #1_patched.4022ED |
004022DB | 68 A0000000 | push A0 |
004022E0 | 68 681B4000 | push blackice crackme #1_patched.401B68 |
004022E5 | 57 | push edi |
004022E6 | 50 | push eax |
004022E7 | FF15 2C104000 | call dword ptr ds:[<__vbaHresultCheckObj>] |
004022ED | 8B45 88 | mov eax,dword ptr ss:[ebp-78] |
004022F0 | 8D8D 6CFFFFFF | lea ecx,dword ptr ss:[ebp-94] | [ebp-94]:_PeekMessageW@20+1B1
004022F6 | 8D55 8C | lea edx,dword ptr ss:[ebp-74] |
004022F9 | 51 | push ecx | UserInput Serial
004022FA | 52 | push edx | True Serial
004022FB | 8975 88 | mov dword ptr ss:[ebp-78],esi |
004022FE | 8985 74FFFFFF | mov dword ptr ss:[ebp-8C],eax |
00402304 | C785 6CFFFFFF 088000 | mov dword ptr ss:[ebp-94],8008 | [ebp-94]:_PeekMessageW@20+1B1
0040230E | FF15 54104000 | call dword ptr ds:[<__vbaVarTstEq>] | cmp
00402314 | 8D4D 80 | lea ecx,dword ptr ss:[ebp-80] |
00402317 | 8BF8 | mov edi,eax |
00402319 | FF15 C8104000 | call dword ptr ds:[<__vbaFreeObj>] |
0040231F | 8D8D 6CFFFFFF | lea ecx,dword ptr ss:[ebp-94] | [ebp-94]:_PeekMessageW@20+1B1
00402325 | FF15 10104000 | call dword ptr ds:[<__vbaFreeVar>] |
0040232B | B9 04000280 | mov ecx,80020004 |
00402330 | B8 0A000000 | mov eax,A | 0A:'\n'
00402335 | 66:3BFE | cmp di,si | serial检查
00402338 | 898D 44FFFFFF | mov dword ptr ss:[ebp-BC],ecx |
0040233E | 8985 3CFFFFFF | mov dword ptr ss:[ebp-C4],eax |
00402344 | 898D 54FFFFFF | mov dword ptr ss:[ebp-AC],ecx |
0040234A | 8985 4CFFFFFF | mov dword ptr ss:[ebp-B4],eax | [ebp-B4]:CtfImeProcessKey+1960
00402350 | 0F84 8C000000 | je <blackice crackme #1_patched.Fail> |
00402356 | 8B3D A8104000 | mov edi,dword ptr ds:[<__vbaVarDup>] | Success
0040235C | BB 08000000 | mov ebx,8 |
00402361 | 8D95 1CFFFFFF | lea edx,dword ptr ss:[ebp-E4] | [ebp-E4]:int __stdcall _PeekMessage(struct tagMSG *, struct HWND__*, unsigned int, unsigned int, unsigned int, unsigned int, int)+EB
00402367 | 8D8D 5CFFFFFF | lea ecx,dword ptr ss:[ebp-A4] |
0040236D | C785 24FFFFFF D01B40 | mov dword ptr ss:[ebp-DC],blackice crackme | 401BD0:L"Congrats"
00402377 | 899D 1CFFFFFF | mov dword ptr ss:[ebp-E4],ebx | [ebp-E4]:int __stdcall _PeekMessage(struct tagMSG *, struct HWND__*, unsigned int, unsigned int, unsigned int, unsigned int, int)+EB
0040237D | FFD7 | call edi |
0040237F | 8D95 2CFFFFFF | lea edx,dword ptr ss:[ebp-D4] |
00402385 | 8D8D 6CFFFFFF | lea ecx,dword ptr ss:[ebp-94] | [ebp-94]:_PeekMessageW@20+1B1
0040238B | C785 34FFFFFF B81B40 | mov dword ptr ss:[ebp-CC],blackice crackme | 401BB8:L"WELL DONE"
00402395 | 899D 2CFFFFFF | mov dword ptr ss:[ebp-D4],ebx |
0040239B | FFD7 | call edi |
0040239D | 8D85 3CFFFFFF | lea eax,dword ptr ss:[ebp-C4] |
004023A3 | 8D8D 4CFFFFFF | lea ecx,dword ptr ss:[ebp-B4] | [ebp-B4]:CtfImeProcessKey+1960
004023A9 | 50 | push eax |
004023AA | 8D95 5CFFFFFF | lea edx,dword ptr ss:[ebp-A4] |
004023B0 | 51 | push ecx |
004023B1 | 52 | push edx |
004023B2 | 8D85 6CFFFFFF | lea eax,dword ptr ss:[ebp-94] | [ebp-94]:_PeekMessageW@20+1B1
004023B8 | 6A 40 | push 40 |
004023BA | 50 | push eax |
004023BB | FF15 3C104000 | call dword ptr ds:[<Ordinal#595>] |
004023C1 | 8D8D 3CFFFFFF | lea ecx,dword ptr ss:[ebp-C4] |
004023C7 | 8D95 4CFFFFFF | lea edx,dword ptr ss:[ebp-B4] | [ebp-B4]:CtfImeProcessKey+1960
004023CD | 51 | push ecx |
004023CE | 8D85 5CFFFFFF | lea eax,dword ptr ss:[ebp-A4] |
004023D4 | 52 | push edx |
004023D5 | 8D8D 6CFFFFFF | lea ecx,dword ptr ss:[ebp-94] | [ebp-94]:_PeekMessageW@20+1B1
004023DB | 50 | push eax |
004023DC | 51 | push ecx |
004023DD | E9 87000000 | jmp blackice crackme #1_patched.402469 |
004023E2 | 8B3D A8104000 | mov edi,dword ptr ds:[<__vbaVarDup>] | Fail
004023E8 | BB 08000000 | mov ebx,8 |
004023ED | 8D95 1CFFFFFF | lea edx,dword ptr ss:[ebp-E4] | [ebp-E4]:int __stdcall _PeekMessage(struct tagMSG *, struct HWND__*, unsigned int, unsigned int, unsigned int, unsigned int, int)+EB
004023F3 | 8D8D 5CFFFFFF | lea ecx,dword ptr ss:[ebp-A4] |
004023F9 | C785 24FFFFFF 101C40 | mov dword ptr ss:[ebp-DC],blackice crackme | 401C10:L"ARGH"
00402403 | 899D 1CFFFFFF | mov dword ptr ss:[ebp-E4],ebx | [ebp-E4]:int __stdcall _PeekMessage(struct tagMSG *, struct HWND__*, unsigned int, unsigned int, unsigned int, unsigned int, int)+EB
00402409 | FFD7 | call edi |
0040240B | 8D95 2CFFFFFF | lea edx,dword ptr ss:[ebp-D4] |
00402411 | 8D8D 6CFFFFFF | lea ecx,dword ptr ss:[ebp-94] | [ebp-94]:_PeekMessageW@20+1B1
00402417 | C785 34FFFFFF E81B40 | mov dword ptr ss:[ebp-CC],blackice crackme | 401BE8:L"Sorry, try again"
00402421 | 899D 2CFFFFFF | mov dword ptr ss:[ebp-D4],ebx |
00402427 | FFD7 | call edi |
00402429 | 8D95 3CFFFFFF | lea edx,dword ptr ss:[ebp-C4] |
0040242F | 8D85 4CFFFFFF | lea eax,dword ptr ss:[ebp-B4] | [ebp-B4]:CtfImeProcessKey+1960
00402435 | 52 | push edx |
00402436 | 8D8D 5CFFFFFF | lea ecx,dword ptr ss:[ebp-A4] |
0040243C | 50 | push eax |
0040243D | 51 | push ecx |
0040243E | 8D95 6CFFFFFF | lea edx,dword ptr ss:[ebp-94] | [ebp-94]:_PeekMessageW@20+1B1
00402444 | 6A 10 | push 10 |
00402446 | 52 | push edx |
00402447 | FF15 3C104000 | call dword ptr ds:[<Ordinal#595>] |
0040244D | 8D85 3CFFFFFF | lea eax,dword ptr ss:[ebp-C4] |
00402453 | 8D8D 4CFFFFFF | lea ecx,dword ptr ss:[ebp-B4] | [ebp-B4]:CtfImeProcessKey+1960
00402459 | 50 | push eax |
0040245A | 8D95 5CFFFFFF | lea edx,dword ptr ss:[ebp-A4] |
00402460 | 51 | push ecx |
00402461 | 8D85 6CFFFFFF | lea eax,dword ptr ss:[ebp-94] | [ebp-94]:_PeekMessageW@20+1B1
00402467 | 52 | push edx |
00402468 | 50 | push eax |
00402469 | 6A 04 | push 4 |
0040246B | FF15 18104000 | call dword ptr ds:[<__vbaFreeVarList>] |
00402471 | 83C4 14 | add esp,14 |
00402474 | 8975 FC | mov dword ptr ss:[ebp-4],esi |
00402477 | 68 07254000 | push blackice crackme #1_patched.402507 |
0040247C | EB 4B | jmp blackice crackme #1_patched.4024C9 |
0040247E | 8D4D 84 | lea ecx,dword ptr ss:[ebp-7C] |
00402481 | 8D55 88 | lea edx,dword ptr ss:[ebp-78] |
00402484 | 51 | push ecx |
00402485 | 52 | push edx |
00402486 | 6A 02 | push 2 |
00402488 | FF15 90104000 | call dword ptr ds:[<__vbaFreeStrList>] |
0040248E | 8D85 7CFFFFFF | lea eax,dword ptr ss:[ebp-84] |
00402494 | 8D4D 80 | lea ecx,dword ptr ss:[ebp-80] |
00402497 | 50 | push eax |
00402498 | 51 | push ecx |
00402499 | 6A 02 | push 2 |
0040249B | FF15 20104000 | call dword ptr ds:[<__vbaFreeObjList>] |
004024A1 | 8D95 3CFFFFFF | lea edx,dword ptr ss:[ebp-C4] |
004024A7 | 8D85 4CFFFFFF | lea eax,dword ptr ss:[ebp-B4] | [ebp-B4]:CtfImeProcessKey+1960
004024AD | 52 | push edx |
004024AE | 8D8D 5CFFFFFF | lea ecx,dword ptr ss:[ebp-A4] |
004024B4 | 50 | push eax |
004024B5 | 8D95 6CFFFFFF | lea edx,dword ptr ss:[ebp-94] | [ebp-94]:_PeekMessageW@20+1B1
004024BB | 51 | push ecx |
004024BC | 52 | push edx |
004024BD | 6A 04 | push 4 |
004024BF | FF15 18104000 | call dword ptr ds:[<__vbaFreeVarList>] |
004024C5 | 83C4 2C | add esp,2C |
004024C8 | C3 | ret |
004024C9 | 8D85 CCFEFFFF | lea eax,dword ptr ss:[ebp-134] |
004024CF | 8D8D DCFEFFFF | lea ecx,dword ptr ss:[ebp-124] |
004024D5 | 50 | push eax |
004024D6 | 51 | push ecx |
004024D7 | 6A 02 | push 2 |
004024D9 | FF15 18104000 | call dword ptr ds:[<__vbaFreeVarList>] |
004024DF | 8B35 10104000 | mov esi,dword ptr ds:[<__vbaFreeVar>] |
004024E5 | 83C4 0C | add esp,C |
004024E8 | 8D4D DC | lea ecx,dword ptr ss:[ebp-24] |
004024EB | FFD6 | call esi |
004024ED | 8D4D CC | lea ecx,dword ptr ss:[ebp-34] | [ebp-34]:"Pj"
004024F0 | FFD6 | call esi |
004024F2 | 8D4D BC | lea ecx,dword ptr ss:[ebp-44] | [ebp-44]:int __stdcall DialogBox2(struct HWND__*, struct HWND__*, int, int)+1BA
004024F5 | FFD6 | call esi |
004024F7 | 8D4D AC | lea ecx,dword ptr ss:[ebp-54] |
004024FA | FFD6 | call esi |
004024FC | 8D4D 9C | lea ecx,dword ptr ss:[ebp-64] | [ebp-64]:@HMValidateHandleNoSecure@8+47
004024FF | FFD6 | call esi |
00402501 | 8D4D 8C | lea ecx,dword ptr ss:[ebp-74] |
00402504 | FFD6 | call esi |
00402506 | C3 | ret |
00402507 | 8B45 08 | mov eax,dword ptr ss:[ebp+8] |
0040250A | 50 | push eax |
0040250B | 8B10 | mov edx,dword ptr ds:[eax] |
0040250D | FF52 08 | call dword ptr ds:[edx+8] |
00402510 | 8B45 FC | mov eax,dword ptr ss:[ebp-4] |
00402513 | 8B4D EC | mov ecx,dword ptr ss:[ebp-14] |
00402516 | 5F | pop edi |
00402517 | 5E | pop esi |
00402518 | 64:890D 00000000 | mov dword ptr fs:[0],ecx |
0040251F | 5B | pop ebx |
00402520 | 8BE5 | mov esp,ebp |
00402522 | 5D | pop ebp |
00402523 | C2 0400 | ret 4 |
00402526 | FF15 80104000 | call dword ptr ds:[<__vbaErrorOverflow>] |
```

121
blackice_crackme_1/source/keygen1.sln Normal file
View File

@ -0,0 +1,121 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 17
VisualStudioVersion = 17.11.35303.130
MinimumVisualStudioVersion = 10.0.40219.1
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "keygen1", "keygen1\keygen1.csproj", "{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}"
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "keygen2", "keygen2\keygen2.csproj", "{2446CB50-1882-4219-9DB0-E7F5517E6E20}"
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "keygen3", "keygen3\keygen3.csproj", "{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "GiveMeSerial", "GiveMeSerial\GiveMeSerial.vcxproj", "{E3604156-7DF2-4B5F-AECA-64786B92F38C}"
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "DllInjector", "DllInjector\DllInjector.csproj", "{A5A24406-1296-457B-91A3-60E67511D807}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "GetSerial", "GetSerial\GetSerial.vcxproj", "{85044A5C-C4A3-4C79-9AD5-6895F61F8515}"
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "GuessSerial", "GuessSerial\GuessSerial.csproj", "{7B2D3886-A213-4F99-89F7-D0D7DDAA97D9}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Debug|x64 = Debug|x64
Debug|x86 = Debug|x86
Release|Any CPU = Release|Any CPU
Release|x64 = Release|x64
Release|x86 = Release|x86
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Debug|Any CPU.Build.0 = Debug|Any CPU
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Debug|x64.ActiveCfg = Debug|Any CPU
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Debug|x64.Build.0 = Debug|Any CPU
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Debug|x86.ActiveCfg = Debug|x86
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Debug|x86.Build.0 = Debug|x86
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Release|Any CPU.ActiveCfg = Release|Any CPU
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Release|Any CPU.Build.0 = Release|Any CPU
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Release|x64.ActiveCfg = Release|x64
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Release|x64.Build.0 = Release|x64
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Release|x86.ActiveCfg = Release|x86
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Release|x86.Build.0 = Release|x86
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Debug|Any CPU.Build.0 = Debug|Any CPU
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Debug|x64.ActiveCfg = Debug|x64
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Debug|x64.Build.0 = Debug|x64
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Debug|x86.ActiveCfg = Debug|x86
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Debug|x86.Build.0 = Debug|x86
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Release|Any CPU.ActiveCfg = Release|Any CPU
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Release|Any CPU.Build.0 = Release|Any CPU
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Release|x64.ActiveCfg = Release|x64
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Release|x64.Build.0 = Release|x64
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Release|x86.ActiveCfg = Release|x86
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Release|x86.Build.0 = Release|x86
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Debug|Any CPU.Build.0 = Debug|Any CPU
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Debug|x64.ActiveCfg = Debug|Any CPU
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Debug|x64.Build.0 = Debug|Any CPU
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Debug|x86.ActiveCfg = Debug|x86
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Debug|x86.Build.0 = Debug|x86
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Release|Any CPU.ActiveCfg = Release|Any CPU
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Release|Any CPU.Build.0 = Release|Any CPU
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Release|x64.ActiveCfg = Release|x64
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Release|x64.Build.0 = Release|x64
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Release|x86.ActiveCfg = Release|x86
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Release|x86.Build.0 = Release|x86
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Debug|Any CPU.ActiveCfg = Debug|x64
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Debug|Any CPU.Build.0 = Debug|x64
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Debug|x64.ActiveCfg = Debug|x64
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Debug|x64.Build.0 = Debug|x64
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Debug|x86.ActiveCfg = Debug|Win32
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Debug|x86.Build.0 = Debug|Win32
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Release|Any CPU.ActiveCfg = Release|x64
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Release|Any CPU.Build.0 = Release|x64
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Release|x64.ActiveCfg = Release|x64
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Release|x64.Build.0 = Release|x64
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Release|x86.ActiveCfg = Release|Win32
{E3604156-7DF2-4B5F-AECA-64786B92F38C}.Release|x86.Build.0 = Release|Win32
{A5A24406-1296-457B-91A3-60E67511D807}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{A5A24406-1296-457B-91A3-60E67511D807}.Debug|Any CPU.Build.0 = Debug|Any CPU
{A5A24406-1296-457B-91A3-60E67511D807}.Debug|x64.ActiveCfg = Debug|Any CPU
{A5A24406-1296-457B-91A3-60E67511D807}.Debug|x64.Build.0 = Debug|Any CPU
{A5A24406-1296-457B-91A3-60E67511D807}.Debug|x86.ActiveCfg = Debug|Any CPU
{A5A24406-1296-457B-91A3-60E67511D807}.Debug|x86.Build.0 = Debug|Any CPU
{A5A24406-1296-457B-91A3-60E67511D807}.Release|Any CPU.ActiveCfg = Release|Any CPU
{A5A24406-1296-457B-91A3-60E67511D807}.Release|Any CPU.Build.0 = Release|Any CPU
{A5A24406-1296-457B-91A3-60E67511D807}.Release|x64.ActiveCfg = Release|x64
{A5A24406-1296-457B-91A3-60E67511D807}.Release|x64.Build.0 = Release|x64
{A5A24406-1296-457B-91A3-60E67511D807}.Release|x86.ActiveCfg = Release|x86
{A5A24406-1296-457B-91A3-60E67511D807}.Release|x86.Build.0 = Release|x86
{85044A5C-C4A3-4C79-9AD5-6895F61F8515}.Debug|Any CPU.ActiveCfg = Debug|x64
{85044A5C-C4A3-4C79-9AD5-6895F61F8515}.Debug|Any CPU.Build.0 = Debug|x64
{85044A5C-C4A3-4C79-9AD5-6895F61F8515}.Debug|x64.ActiveCfg = Debug|x64
{85044A5C-C4A3-4C79-9AD5-6895F61F8515}.Debug|x64.Build.0 = Debug|x64
{85044A5C-C4A3-4C79-9AD5-6895F61F8515}.Debug|x86.ActiveCfg = Debug|Win32
{85044A5C-C4A3-4C79-9AD5-6895F61F8515}.Debug|x86.Build.0 = Debug|Win32
{85044A5C-C4A3-4C79-9AD5-6895F61F8515}.Release|Any CPU.ActiveCfg = Release|x64
{85044A5C-C4A3-4C79-9AD5-6895F61F8515}.Release|Any CPU.Build.0 = Release|x64
{85044A5C-C4A3-4C79-9AD5-6895F61F8515}.Release|x64.ActiveCfg = Release|x64
{85044A5C-C4A3-4C79-9AD5-6895F61F8515}.Release|x64.Build.0 = Release|x64
{85044A5C-C4A3-4C79-9AD5-6895F61F8515}.Release|x86.ActiveCfg = Release|Win32
{85044A5C-C4A3-4C79-9AD5-6895F61F8515}.Release|x86.Build.0 = Release|Win32
{7B2D3886-A213-4F99-89F7-D0D7DDAA97D9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{7B2D3886-A213-4F99-89F7-D0D7DDAA97D9}.Debug|Any CPU.Build.0 = Debug|Any CPU
{7B2D3886-A213-4F99-89F7-D0D7DDAA97D9}.Debug|x64.ActiveCfg = Debug|Any CPU
{7B2D3886-A213-4F99-89F7-D0D7DDAA97D9}.Debug|x64.Build.0 = Debug|Any CPU
{7B2D3886-A213-4F99-89F7-D0D7DDAA97D9}.Debug|x86.ActiveCfg = Debug|Any CPU
{7B2D3886-A213-4F99-89F7-D0D7DDAA97D9}.Debug|x86.Build.0 = Debug|Any CPU
{7B2D3886-A213-4F99-89F7-D0D7DDAA97D9}.Release|Any CPU.ActiveCfg = Release|Any CPU
{7B2D3886-A213-4F99-89F7-D0D7DDAA97D9}.Release|Any CPU.Build.0 = Release|Any CPU
{7B2D3886-A213-4F99-89F7-D0D7DDAA97D9}.Release|x64.ActiveCfg = Release|Any CPU
{7B2D3886-A213-4F99-89F7-D0D7DDAA97D9}.Release|x64.Build.0 = Release|Any CPU
{7B2D3886-A213-4F99-89F7-D0D7DDAA97D9}.Release|x86.ActiveCfg = Release|Any CPU
{7B2D3886-A213-4F99-89F7-D0D7DDAA97D9}.Release|x86.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {01ED3EE8-E89A-4A27-AF68-EF2490CB6BD7}
EndGlobalSection
EndGlobal

219
blackice_crackme_1/source/keygen1/Form1.Designer.cs generated Normal file
View File

@ -0,0 +1,219 @@
namespace keygen1
{
partial class Form1
{
/// <summary>
/// Required designer variable.
/// </summary>
private System.ComponentModel.IContainer components = null;
/// <summary>
/// Clean up any resources being used.
/// </summary>
/// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
protected override void Dispose(bool disposing)
{
if (disposing && (components != null))
{
components.Dispose();
}
base.Dispose(disposing);
}
#region Windows Form Designer generated code
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
button1 = new Button();
label1 = new Label();
textBox1 = new TextBox();
label2 = new Label();
textBox2 = new TextBox();
label3 = new Label();
checkBox1 = new CheckBox();
button2 = new Button();
button3 = new Button();
label4 = new Label();
textBox3 = new TextBox();
button4 = new Button();
label5 = new Label();
textBox4 = new TextBox();
SuspendLayout();
//
// button1
//
button1.Location = new Point(393, 2);
button1.Name = "button1";
button1.Size = new Size(93, 172);
button1.TabIndex = 0;
button1.Text = "Generate";
button1.UseVisualStyleBackColor = true;
button1.Click += Button1_Click;
//
// label1
//
label1.AutoSize = true;
label1.Location = new Point(30, 18);
label1.Name = "label1";
label1.Size = new Size(39, 15);
label1.TabIndex = 1;
label1.Text = "Name";
//
// textBox1
//
textBox1.Location = new Point(75, 14);
textBox1.Name = "textBox1";
textBox1.Size = new Size(262, 23);
textBox1.TabIndex = 2;
//
// label2
//
label2.AutoSize = true;
label2.Location = new Point(34, 51);
label2.Name = "label2";
label2.Size = new Size(35, 15);
label2.TabIndex = 3;
label2.Text = "Serial";
//
// textBox2
//
textBox2.Location = new Point(75, 47);
textBox2.Name = "textBox2";
textBox2.Size = new Size(262, 23);
textBox2.TabIndex = 4;
//
// label3
//
label3.AutoSize = true;
label3.Location = new Point(312, 155);
label3.Name = "label3";
label3.Size = new Size(74, 15);
label3.TabIndex = 5;
label3.Text = "By Chenx221";
//
// checkBox1
//
checkBox1.AutoSize = true;
checkBox1.Location = new Point(75, 155);
checkBox1.Name = "checkBox1";
checkBox1.Size = new Size(89, 19);
checkBox1.TabIndex = 6;
checkBox1.Text = "Auto Mode ";
checkBox1.UseVisualStyleBackColor = true;
//
// button2
//
button2.Location = new Point(343, 13);
button2.Name = "button2";
button2.Size = new Size(44, 24);
button2.TabIndex = 7;
button2.Text = "Copy";
button2.UseVisualStyleBackColor = true;
button2.Click += Button2_Click;
//
// button3
//
button3.Location = new Point(343, 47);
button3.Name = "button3";
button3.Size = new Size(44, 23);
button3.TabIndex = 8;
button3.Text = "Copy";
button3.UseVisualStyleBackColor = true;
button3.Click += Button3_Click;
//
// label4
//
label4.AutoSize = true;
label4.Location = new Point(10, 82);
label4.Name = "label4";
label4.Size = new Size(59, 15);
label4.TabIndex = 9;
label4.Text = "Company";
label4.Visible = false;
//
// textBox3
//
textBox3.Location = new Point(75, 79);
textBox3.Name = "textBox3";
textBox3.Size = new Size(262, 23);
textBox3.TabIndex = 10;
textBox3.Visible = false;
//
// button4
//
button4.Location = new Point(343, 79);
button4.Name = "button4";
button4.Size = new Size(44, 23);
button4.TabIndex = 11;
button4.Text = "Copy";
button4.UseVisualStyleBackColor = true;
button4.Visible = false;
button4.Click += Button4_Click;
//
// label5
//
label5.AutoSize = true;
label5.Location = new Point(31, 116);
label5.Name = "label5";
label5.Size = new Size(35, 15);
label5.TabIndex = 12;
label5.Text = "Serial";
label5.Visible = false;
//
// textBox4
//
textBox4.Location = new Point(75, 113);
textBox4.Name = "textBox4";
textBox4.Size = new Size(262, 23);
textBox4.TabIndex = 13;
textBox4.Visible = false;
//
// Form1
//
AutoScaleDimensions = new SizeF(7F, 15F);
AutoScaleMode = AutoScaleMode.Font;
ClientSize = new Size(491, 183);
Controls.Add(textBox4);
Controls.Add(label5);
Controls.Add(button4);
Controls.Add(textBox3);
Controls.Add(label4);
Controls.Add(button3);
Controls.Add(button2);
Controls.Add(checkBox1);
Controls.Add(label3);
Controls.Add(textBox2);
Controls.Add(label2);
Controls.Add(textBox1);
Controls.Add(label1);
Controls.Add(button1);
FormBorderStyle = FormBorderStyle.FixedSingle;
MaximizeBox = false;
Name = "Form1";
Text = "KeyGen For blackice_crackme_1";
ResumeLayout(false);
PerformLayout();
}
#endregion
private Button button1;
private Label label1;
private TextBox textBox1;
private Label label2;
private TextBox textBox2;
private Label label3;
private CheckBox checkBox1;
private Button button2;
private Button button3;
private Label label4;
private TextBox textBox3;
private Button button4;
private Label label5;
private TextBox textBox4;
}
}

164
blackice_crackme_1/source/keygen1/Form1.cs Normal file
View File

@ -0,0 +1,164 @@
using System.Runtime.InteropServices;
using System.Text;
using System.Text.RegularExpressions;
using System.Xml.Linq;
using static System.Windows.Forms.VisualStyles.VisualStyleElement.TaskbarClock;
namespace keygen1
{
public partial class Form1 : Form
{
[DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
static extern IntPtr FindWindow(string? lpClassName, string lpWindowName);
[DllImport("user32.dll", SetLastError = true)]
static extern IntPtr GetDlgItem(IntPtr hDlg, int nIDDlgItem);
[DllImport("user32.dll", CharSet = CharSet.Unicode, SetLastError = false)]
static extern IntPtr SendMessage(IntPtr hWnd, uint Msg, IntPtr wParam, StringBuilder? lParam);
[DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = false)]
static extern IntPtr SendMessage(IntPtr hWnd, uint Msg, IntPtr wParam, IntPtr lParam);
const uint WM_SETTEXT = 0x000C;
const uint BM_CLICK = 0x00F5;
public Form1()
{
InitializeComponent();
}
private void Button1_Click(object sender, EventArgs e)
{
if (string.IsNullOrEmpty(textBox1.Text))
{
MessageBox.Show("Name不能为空");
return;
}
//if (string.IsNullOrEmpty(textBox2.Text))
//{
// MessageBox.Show("First Name不能为空");
// return;
//}
//if (string.IsNullOrEmpty(textBox3.Text))
//{
// MessageBox.Show("Company不能为空");
// return;
//}
//Generate(textBox1.Text, textBox2.Text, textBox3.Text);
Generate(textBox1.Text);
}
private void Generate(string username)
{
if (username.Length < 4)
{
MessageBox.Show("Name长度需大于等于4");
return;
}
//if (username == "Ab")
//{
// MessageBox.Show("Name不能为Ab");
// return;
//}
//if(Regex.IsMatch(username, @"\d"))
//{
// MessageBox.Show("Name不允许包含数字");
// return;
//}
//if (username[0]==' ')
//{
// MessageBox.Show("Name开头不能包含空格");
// return;
//}
string? key = GenerateKey(username);
if (string.IsNullOrEmpty(key))
{
MessageBox.Show("生成Key失败");
return;
}
//if (!int.TryParse(username, out int serial1))
//{
// MessageBox.Show("Serial1不是有效数字");
// return;
//}
//string key = GenerateKey(serial1);
//textBox4.Text = string.Join("-", key);
textBox2.Text = key;
if (checkBox1.Checked) AutoMode(username, key);
}
private static string? GenerateKey(string name)
{
return string.Concat(name.Select(c => (c * name.Length).ToString("X")));
}
private static void AutoMode(string username, string key)
{
string windowTitle = "Form1";
IntPtr hWnd = FindWindow(null, windowTitle);
if (hWnd == IntPtr.Zero)
{
MessageBox.Show("窗口未找到");
return;
}
int serialControlId = 0x2;
//int frameControlId = 0x3;
int usernameControlId = 0x3;
int submitButtonId = 0x1;
IntPtr serialHwnd = GetDlgItem(hWnd, serialControlId);
//IntPtr frameHwnd = GetDlgItem(hWnd, frameControlId);
//IntPtr usernameHwnd = GetDlgItem(frameHwnd, usernameControlId);
//IntPtr submitButtonHwnd = GetDlgItem(frameHwnd, submitButtonId);
IntPtr usernameHwnd = GetDlgItem(hWnd, usernameControlId);
IntPtr submitButtonHwnd = GetDlgItem(hWnd, submitButtonId);
if (usernameHwnd == IntPtr.Zero || serialHwnd == IntPtr.Zero || submitButtonHwnd == IntPtr.Zero)
{
MessageBox.Show("控件未找到");
return;
}
//if (usernameHwnd == IntPtr.Zero || frameHwnd == IntPtr.Zero || serialHwnd == IntPtr.Zero || submitButtonHwnd == IntPtr.Zero)
//{
// MessageBox.Show("控件未找到");
// return;
//}
StringBuilder usernameToSet = new(username);
StringBuilder serialToSet = new(key);
SendMessage(usernameHwnd, WM_SETTEXT, IntPtr.Zero, usernameToSet);
SendMessage(serialHwnd, WM_SETTEXT, IntPtr.Zero, serialToSet);
SendMessage(submitButtonHwnd, BM_CLICK, IntPtr.Zero, IntPtr.Zero);
}
private void Button2_Click(object sender, EventArgs e)
{
if (!string.IsNullOrEmpty(textBox1.Text))
{
Clipboard.SetText(textBox1.Text);
}
}
private void Button3_Click(object sender, EventArgs e)
{
if (!string.IsNullOrEmpty(textBox2.Text))
{
Clipboard.SetText(textBox2.Text);
}
}
private void Button4_Click(object sender, EventArgs e)
{
if (!string.IsNullOrEmpty(textBox3.Text))
{
Clipboard.SetText(textBox3.Text);
}
}
}
}

120
blackice_crackme_1/source/keygen1/Form1.resx Normal file
View File

@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>

17
blackice_crackme_1/source/keygen1/Program.cs Normal file
View File

@ -0,0 +1,17 @@
namespace keygen1
{
internal static class Program
{
/// <summary>
/// The main entry point for the application.
/// </summary>
[STAThread]
static void Main()
{
// To customize application configuration such as set high DPI settings or default font,
// see https://aka.ms/applicationconfiguration.
ApplicationConfiguration.Initialize();
Application.Run(new Form1());
}
}
}

39
blackice_crackme_1/source/keygen1/keygen1.csproj Normal file
View File

@ -0,0 +1,39 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>WinExe</OutputType>
<TargetFramework>net8.0-windows</TargetFramework>
<Nullable>enable</Nullable>
<UseWindowsForms>true</UseWindowsForms>
<ImplicitUsings>enable</ImplicitUsings>
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
<Platforms>AnyCPU;x86;x64</Platforms>
<Authors>chenx221</Authors>
<Company>chenx221</Company>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
<DebugType>portable</DebugType>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x86'">
<DebugType>portable</DebugType>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<DebugType>portable</DebugType>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
<DebugType>portable</DebugType>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x86'">
<DebugType>portable</DebugType>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<DebugType>portable</DebugType>
</PropertyGroup>
</Project>