chenx221/Reverse
1
0
Fork 0
Code Pull Requests Activity

solved new crackme

Browse Source
This commit is contained in:
Chenx221 2024-09-25 11:58:53 +08:00
parent 8061b31630
commit f489ed7540
Signed by: chenx221
GPG Key ID: D7A9EC07024C3021
13 changed files with 790 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
ad_cm5/AD_CM#5.exe Normal file
View File

Binary file not shown.

BIN
ad_cm5/AD_CM#5_dump_.exe Normal file
View File

Binary file not shown.

23
ad_cm5/keygen/keygen3.deps.json Normal file
View File

@ -0,0 +1,23 @@
{
"runtimeTarget": {
"name": ".NETCoreApp,Version=v8.0",
"signature": ""
},
"compilationOptions": {},
"targets": {
".NETCoreApp,Version=v8.0": {
"keygen3/1.0.0": {
"runtime": {
"keygen3.dll": {}
}
}
}
},
"libraries": {
"keygen3/1.0.0": {
"type": "project",
"serviceable": false,
"sha512": ""
}
}
}

BIN
ad_cm5/keygen/keygen3.dll Normal file
View File

Binary file not shown.

BIN
ad_cm5/keygen/keygen3.exe Normal file
View File

Binary file not shown.

19
ad_cm5/keygen/keygen3.runtimeconfig.json Normal file
View File

@ -0,0 +1,19 @@
{
"runtimeOptions": {
"tfm": "net8.0",
"frameworks": [
{
"name": "Microsoft.NETCore.App",
"version": "8.0.0"
},
{
"name": "Microsoft.WindowsDesktop.App",
"version": "8.0.0"
}
],
"configProperties": {
"System.Reflection.Metadata.MetadataUpdater.IsSupported": false,
"System.Runtime.Serialization.EnableUnsafeBinaryFormatterSerialization": true
}
}
}

112
ad_cm5/solve.md Normal file
View File

@ -0,0 +1,112 @@
打包工具: ASPack(2.000)
1. 脱壳
步骤和上一篇类似OEP: 445834 (45834)
2. 搜索“Registered"找到可疑函数
这里整理了一下:
```c#
//读取同目录下cm5.dat
//第一行name //ebp-1E8 //ebp-1E9开头含长度位
//第二行serial //ebp-1FD //ebp-1FE开头含长度位
//每行最大读取0x14长度
string name = "cm5.dat 第一行";
int length = name.Length; //esi
string v = "159357852645875692311335664857125469857213526859478212124569348647951232165728761953213754495421375678543126721831" //ebp-8
string result = ""; //ebp-4
int p=0;
do{
int v3 = name[p]; //edx
result+=(char)(v[v3-0xB]);
p++;
length--;
} while (length>0);
```
细节:
```assembly
004453C6 | 55 | push ebp |
004453C7 | 68 87554400 | push <ad_cm#5.sub_445587> |
004453CC | 64:FF30 | push dword ptr fs:[eax] |
004453CF | 64:8920 | mov dword ptr fs:[eax],esp |
004453D2 | 8D45 F8 | lea eax,dword ptr ss:[ebp-8] |
004453D5 | BA A0554400 | mov edx,ad_cm#5.4455A0 | 4455A0:"159357852645875692311335664857125469857213526859478212124569348647951232165728761953213754495421375678543126721831"
004453DA | E8 99E5FBFF | call <ad_cm#5.sub_403978> |
004453DF | 33D2 | xor edx,edx |
004453E1 | 55 | push ebp |
004453E2 | 68 3F554400 | push <ad_cm#5.sub_44553F> |
004453E7 | 64:FF32 | push dword ptr fs:[edx] |
004453EA | 64:8922 | mov dword ptr fs:[edx],esp |
004453ED | BA 1C564400 | mov edx,<ad_cm#5.sub_44561C> | 44561C:"cm5.dat"
004453F2 | 8D85 2CFEFFFF | lea eax,dword ptr ss:[ebp-1D4] |
004453F8 | E8 AD00FCFF | call <ad_cm#5.ASSIGN> | ebp-1D4: File var
004453FD | 8D85 2CFEFFFF | lea eax,dword ptr ss:[ebp-1D4] |
00445403 | E8 EF02FCFF | call <ad_cm#5.RESETTEXT> | 准备读取文件内容
00445408 | E8 8FD3FBFF | call <ad_cm#5._IOTest> |
0044540D | 8D95 17FEFFFF | lea edx,dword ptr ss:[ebp-1E9] | ebp-1E9: Read contentName)
00445413 | B9 14000000 | mov ecx,14 | 读取0x14长度内容
00445418 | 8D85 2CFEFFFF | lea eax,dword ptr ss:[ebp-1D4] |
0044541E | E8 D901FCFF | call <ad_cm#5.READSTRING> |
00445423 | 8D85 2CFEFFFF | lea eax,dword ptr ss:[ebp-1D4] |
00445429 | E8 6602FCFF | call <ad_cm#5.READLN> |
0044542E | E8 69D3FBFF | call <ad_cm#5._IOTest> |
00445433 | 8D95 02FEFFFF | lea edx,dword ptr ss:[ebp-1FE] | ebp-1FE: Read content(Serial)
00445439 | B9 14000000 | mov ecx,14 | 读取0x14长度内容
0044543E | 8D85 2CFEFFFF | lea eax,dword ptr ss:[ebp-1D4] |
00445444 | E8 B301FCFF | call <ad_cm#5.READSTRING> |
00445449 | 8D85 2CFEFFFF | lea eax,dword ptr ss:[ebp-1D4] |
0044544F | E8 4002FCFF | call <ad_cm#5.READLN> |
00445454 | E8 43D3FBFF | call <ad_cm#5._IOTest> |
00445459 | 8D85 2CFEFFFF | lea eax,dword ptr ss:[ebp-1D4] |
0044545F | E8 E800FCFF | call <ad_cm#5.CLOSE> |
00445464 | E8 33D3FBFF | call <ad_cm#5._IOTest> |
00445469 | 80BD 17FEFFFF 05 | cmp byte ptr ss:[ebp-1E9],5 | 检查Name长度需>=5
00445470 | 73 0A | jae ad_cm#5.44547C |
00445472 | B8 2C564400 | mov eax,<ad_cm#5.sub_44562C> | 44562C:"Name must be at least 5 characters long!"
00445477 | E8 A4F8FFFF | call <ad_cm#5.ShowMessage> |
0044547C | 0FB6B5 17FEFFFF | movzx esi,byte ptr ss:[ebp-1E9] |
00445483 | 85F6 | test esi,esi |
00445485 | 7E 2E | jle ad_cm#5.4454B5 |
00445487 | 8D9D 18FEFFFF | lea ebx,dword ptr ss:[ebp-1E8] |
0044548D | 8D85 FCFDFFFF | lea eax,dword ptr ss:[ebp-204] |
00445493 | 33D2 | xor edx,edx |
00445495 | 8A13 | mov dl,byte ptr ds:[ebx] |
00445497 | 8B4D F8 | mov ecx,dword ptr ss:[ebp-8] |
0044549A | 8A5411 F5 | mov dl,byte ptr ds:[ecx+edx-B] |
0044549E | E8 E5E5FBFF | call <ad_cm#5.sub_403A88> |
004454A3 | 8B95 FCFDFFFF | mov edx,dword ptr ss:[ebp-204] |
004454A9 | 8D45 FC | lea eax,dword ptr ss:[ebp-4] | [ebp-04]:&"l贎"
004454AC | E8 B7E6FBFF | call <ad_cm#5._LStrCat> |
004454B1 | 43 | inc ebx |
004454B2 | 4E | dec esi |
004454B3 | 75 D8 | jne ad_cm#5.44548D |
004454B5 | 8D85 F8FDFFFF | lea eax,dword ptr ss:[ebp-208] |
004454BB | 8D95 02FEFFFF | lea edx,dword ptr ss:[ebp-1FE] |
004454C1 | E8 3EE6FBFF | call <ad_cm#5.Len> |
004454C6 | 8B85 F8FDFFFF | mov eax,dword ptr ss:[ebp-208] |
004454CC | 8B55 FC | mov edx,dword ptr ss:[ebp-4] | [ebp-04]:&"l贎"
004454CF | E8 9CE7FBFF | call <ad_cm#5._LStrCmp> |
004454D4 | 75 55 | jne ad_cm#5.44552B |
004454D6 | 8D85 F4FDFFFF | lea eax,dword ptr ss:[ebp-20C] |
004454DC | 8D95 17FEFFFF | lea edx,dword ptr ss:[ebp-1E9] |
004454E2 | E8 1DE6FBFF | call <ad_cm#5.Len> |
004454E7 | 8B95 F4FDFFFF | mov edx,dword ptr ss:[ebp-20C] |
004454ED | 8B87 D4020000 | mov eax,dword ptr ds:[edi+2D4] |
004454F3 | E8 B4F5FDFF | call <ad_cm#5.SetText> |
004454F8 | 8B87 D8020000 | mov eax,dword ptr ds:[edi+2D8] |
004454FE | 8B55 FC | mov edx,dword ptr ss:[ebp-4] | [ebp-04]:&"l贎"
00445501 | E8 A6F5FDFF | call <ad_cm#5.SetText> |
00445506 | 8B87 E8020000 | mov eax,dword ptr ds:[edi+2E8] |
0044550C | BA 60564400 | mov edx,<ad_cm#5.sub_445660> | 445660:"Registered ... well done!"
00445511 | E8 96F5FDFF | call <ad_cm#5.SetText> |
00445516 | 8B87 E8020000 | mov eax,dword ptr ds:[edi+2E8] |
0044551C | 8B40 58 | mov eax,dword ptr ds:[eax+58] |
0044551F | BA 00800000 | mov edx,8000 |
```

51
ad_cm5/source/keygen1.sln Normal file
View File

@ -0,0 +1,51 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 17
VisualStudioVersion = 17.11.35303.130
MinimumVisualStudioVersion = 10.0.40219.1
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "keygen1", "keygen1\keygen1.csproj", "{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}"
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "keygen2", "keygen2\keygen2.csproj", "{2446CB50-1882-4219-9DB0-E7F5517E6E20}"
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "keygen3", "keygen3\keygen3.csproj", "{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Debug|x86 = Debug|x86
Release|Any CPU = Release|Any CPU
Release|x86 = Release|x86
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Debug|Any CPU.Build.0 = Debug|Any CPU
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Debug|x86.ActiveCfg = Debug|x86
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Debug|x86.Build.0 = Debug|x86
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Release|Any CPU.ActiveCfg = Release|Any CPU
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Release|Any CPU.Build.0 = Release|Any CPU
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Release|x86.ActiveCfg = Release|x86
{D0E162E3-FC99-4405-BEE1-AB85D9D41DA9}.Release|x86.Build.0 = Release|x86
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Debug|Any CPU.Build.0 = Debug|Any CPU
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Debug|x86.ActiveCfg = Debug|x86
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Debug|x86.Build.0 = Debug|x86
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Release|Any CPU.ActiveCfg = Release|Any CPU
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Release|Any CPU.Build.0 = Release|Any CPU
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Release|x86.ActiveCfg = Release|x86
{2446CB50-1882-4219-9DB0-E7F5517E6E20}.Release|x86.Build.0 = Release|x86
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Debug|Any CPU.Build.0 = Debug|Any CPU
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Debug|x86.ActiveCfg = Debug|x86
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Debug|x86.Build.0 = Debug|x86
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Release|Any CPU.ActiveCfg = Release|Any CPU
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Release|Any CPU.Build.0 = Release|Any CPU
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Release|x86.ActiveCfg = Release|x86
{BC47A6DE-7F9D-4D65-A996-69FB778C95F3}.Release|x86.Build.0 = Release|x86
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {01ED3EE8-E89A-4A27-AF68-EF2490CB6BD7}
EndGlobalSection
EndGlobal

185
ad_cm5/source/keygen3/Form1.Designer.cs generated Normal file
View File

@ -0,0 +1,185 @@
namespace keygen3
{
partial class Form1
{
/// <summary>
/// Required designer variable.
/// </summary>
private System.ComponentModel.IContainer components = null;
/// <summary>
/// Clean up any resources being used.
/// </summary>
/// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
protected override void Dispose(bool disposing)
{
if (disposing && (components != null))
{
components.Dispose();
}
base.Dispose(disposing);
}
#region Windows Form Designer generated code
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
textBox1 = new TextBox();
button1 = new Button();
button2 = new Button();
label1 = new Label();
button3 = new Button();
label3 = new Label();
label4 = new Label();
textBox3 = new TextBox();
checkBox1 = new CheckBox();
button4 = new Button();
button5 = new Button();
SuspendLayout();
//
// textBox1
//
textBox1.Location = new Point(12, 31);
textBox1.Name = "textBox1";
textBox1.Size = new Size(256, 23);
textBox1.TabIndex = 0;
//
// button1
//
button1.Location = new Point(323, 12);
button1.Name = "button1";
button1.Size = new Size(115, 41);
button1.TabIndex = 1;
button1.Text = "Calculate Serial";
button1.UseVisualStyleBackColor = true;
button1.Click += Button1_Click;
//
// button2
//
button2.Location = new Point(323, 59);
button2.Name = "button2";
button2.Size = new Size(115, 42);
button2.TabIndex = 1;
button2.Text = "Generate Key File";
button2.UseVisualStyleBackColor = true;
button2.Click += Button2_Click;
//
// label1
//
label1.AutoSize = true;
label1.Location = new Point(12, 13);
label1.Name = "label1";
label1.Size = new Size(29, 15);
label1.TabIndex = 2;
label1.Text = "Key:";
//
// button3
//
button3.Location = new Point(323, 107);
button3.Name = "button3";
button3.Size = new Size(115, 41);
button3.TabIndex = 3;
button3.Text = "Restart as Admin";
button3.UseVisualStyleBackColor = true;
button3.Click += Button3_Click;
//
// label3
//
label3.AutoSize = true;
label3.Location = new Point(242, 133);
label3.Name = "label3";
label3.Size = new Size(75, 15);
label3.TabIndex = 6;
label3.Text = "By Chenx221";
//
// label4
//
label4.AutoSize = true;
label4.Location = new Point(12, 74);
label4.Name = "label4";
label4.Size = new Size(38, 15);
label4.TabIndex = 7;
label4.Text = "Serial:";
//
// textBox3
//
textBox3.Location = new Point(12, 92);
textBox3.Name = "textBox3";
textBox3.ReadOnly = true;
textBox3.Size = new Size(256, 23);
textBox3.TabIndex = 8;
//
// checkBox1
//
checkBox1.AutoSize = true;
checkBox1.Enabled = false;
checkBox1.Location = new Point(12, 132);
checkBox1.Name = "checkBox1";
checkBox1.Size = new Size(83, 19);
checkBox1.TabIndex = 9;
checkBox1.Text = "AutoMode";
checkBox1.UseVisualStyleBackColor = true;
//
// button4
//
button4.Location = new Point(274, 31);
button4.Name = "button4";
button4.Size = new Size(43, 23);
button4.TabIndex = 10;
button4.Text = "Copy";
button4.UseVisualStyleBackColor = true;
button4.Click += Button4_Click;
//
// button5
//
button5.Location = new Point(274, 92);
button5.Name = "button5";
button5.Size = new Size(43, 23);
button5.TabIndex = 11;
button5.Text = "Copy";
button5.UseVisualStyleBackColor = true;
button5.Click += Button5_Click;
//
// Form1
//
AutoScaleDimensions = new SizeF(7F, 15F);
AutoScaleMode = AutoScaleMode.Font;
ClientSize = new Size(446, 156);
Controls.Add(button5);
Controls.Add(button4);
Controls.Add(checkBox1);
Controls.Add(textBox3);
Controls.Add(label4);
Controls.Add(label3);
Controls.Add(button3);
Controls.Add(label1);
Controls.Add(button2);
Controls.Add(button1);
Controls.Add(textBox1);
FormBorderStyle = FormBorderStyle.FixedSingle;
MaximizeBox = false;
Name = "Form1";
Text = "KeyGen For ad_cm5";
ResumeLayout(false);
PerformLayout();
}
#endregion
private TextBox textBox1;
private Button button1;
private Button button2;
private Label label1;
private Button button3;
private Label label3;
private Label label4;
private TextBox textBox3;
private CheckBox checkBox1;
private Button button4;
private Button button5;
}
}

249
ad_cm5/source/keygen3/Form1.cs Normal file
View File

@ -0,0 +1,249 @@
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Security.Principal;
using System.Text;
using System.Windows.Forms;
using System.Xml.Linq;
using static System.Windows.Forms.VisualStyles.VisualStyleElement;
namespace keygen3
{
public partial class Form1 : Form
{
[DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
static extern IntPtr FindWindow(string? lpClassName, string lpWindowName);
[DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
static extern IntPtr FindWindowEx(IntPtr hwndParent, IntPtr hwndChildAfter, string lpszClass, string lpszWindow);
[DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
private static extern bool EnumChildWindows(IntPtr hWndParent, EnumWindowsProc lpEnumFunc, IntPtr lParam);
[DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
static extern IntPtr GetDlgItem(IntPtr hDlg, int nIDDlgItem);
[DllImport("user32.dll", CharSet = CharSet.Unicode, SetLastError = false)]
static extern IntPtr SendMessage(IntPtr hWnd, uint Msg, IntPtr wParam, StringBuilder? lParam);
[DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = false)]
static extern IntPtr SendMessage(IntPtr hWnd, uint Msg, IntPtr wParam, IntPtr lParam);
[DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
private static extern bool GetClassName(IntPtr hWnd, StringBuilder lpClassName, int nMaxCount);
[DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
private static extern bool GetWindowText(IntPtr hWnd, StringBuilder lpString, int nMaxCount);
const uint WM_SETTEXT = 0x000C;
const uint BM_CLICK = 0x00F5;
private delegate bool EnumWindowsProc(IntPtr hwnd, IntPtr lParam);
public Form1()
{
InitializeComponent();
UpdateWindowTitle();
}
private void UpdateWindowTitle()
{
Text += IsRunningAsAdministrator() ? " (Admin)" : " (Non-Admin)";
button3.Enabled = !IsRunningAsAdministrator();
}
private static bool IsRunningAsAdministrator()
{
try
{
var identity = WindowsIdentity.GetCurrent();
var principal = new WindowsPrincipal(identity);
return principal.IsInRole(WindowsBuiltInRole.Administrator);
}
catch
{
return false;
}
}
private void Button1_Click(object sender, EventArgs e)
{
string name = textBox1.Text;
if (string.IsNullOrEmpty(name))
{
MessageBox.Show("Key不能为空");
return;
}
Generate(name);
}
private void Generate(string name)
{
if (name.Length < 5)
{
MessageBox.Show("Name至少5位长度");
return;
}
else if (name.Length > 0x14)
{
MessageBox.Show("Name最大长度为20");//不影响密钥验证,但这里还是加了这个限制
return;
}
string key = GenerateKey(name);
textBox3.Text = key;
//if (checkBox1.Checked) AutoMode(name,key);
//禁用由于controlId不固定
}
private static string GenerateKey(string name)
{
int length = name.Length;
string v = "159357852645875692311335664857125469857213526859478212124569348647951232165728761953213754495421375678543126721831";
string result = "";
int p = 0;
do
{
int v3 = name[p++];
result += v[v3 - 0xB];
length--;
} while (length > 0);
return result;
}
private static void SaveKeyFile(string name, string serial)
{
SaveFileDialog saveFileDialog = new()
{
FileName = "cm5.dat", // 固定文件名
Filter = "激活凭证 (*.dat)|*.dat", // 限制保存为.dat文件
Title = "请选择密钥文件的保存位置"
};
if (saveFileDialog.ShowDialog() == DialogResult.OK)
{
string filePath = saveFileDialog.FileName;
try
{
string result = $"{name}\r\n{serial}";
File.WriteAllText(filePath, result);
MessageBox.Show("文件保存成功!");
}
catch (UnauthorizedAccessException)
{
MessageBox.Show("保存文件失败,请尝试以管理员身份运行应用程序。");
}
catch (Exception ex)
{
MessageBox.Show($"保存文件失败: {ex.Message}");
}
}
}
private void Button2_Click(object sender, EventArgs e)
{
string name = textBox1.Text;
string key = textBox3.Text;
if (string.IsNullOrEmpty(name) || string.IsNullOrEmpty(key))
{
MessageBox.Show("请先计算密钥再生成key文件");
return;
}
SaveKeyFile(name, key);
}
private void Button3_Click(object sender, EventArgs e)
{
try
{
string exePath = Application.ExecutablePath;
var processInfo = new ProcessStartInfo
{
FileName = exePath,
UseShellExecute = true,
Verb = "runas",
Arguments = ""
};
Process.Start(processInfo);
Application.Exit();
}
catch (System.ComponentModel.Win32Exception)
{
MessageBox.Show("权限提升请求被拒绝。");
}
}
private static IntPtr[] childHandles = new IntPtr[10];
private static int childCount = 0;
private static bool EnumChildWindowsProc(IntPtr hwnd, IntPtr lParam)
{
if (childCount >= childHandles.Length)
return false; // Stop enumeration if the array is full
childHandles[childCount++] = hwnd;
return true; // Continue enumeration
}
private static void AutoMode(string username)
{
string windowTitle = "ABuggerCrackMe#2";
IntPtr hWnd = FindWindow(null, windowTitle);
if (hWnd == IntPtr.Zero)
{
MessageBox.Show("窗口未找到");
return;
}
//int usernameControlId = 0x402C4;
//int submitButtonId = 0x6028A;
//IntPtr usernameHwnd = GetDlgItem(hWnd, usernameControlId);
//IntPtr submitButtonHwnd = GetDlgItem(hWnd, submitButtonId);
//IntPtr usernameHwnd = FindWindowEx(hWnd, IntPtr.Zero, "Edit", string.Empty);
//IntPtr submitButtonHwnd = FindWindowEx(hWnd, IntPtr.Zero, "Button", string.Empty);
childCount = 0;
EnumChildWindows(hWnd, EnumChildWindowsProc, IntPtr.Zero);
if (childCount < 5)
{
MessageBox.Show("控件未找到");
return;
}
IntPtr usernameHwnd = childHandles[4];
IntPtr submitButtonHwnd = childHandles[3];
if (usernameHwnd == IntPtr.Zero || submitButtonHwnd == IntPtr.Zero)
{
MessageBox.Show("控件未找到");
return;
}
StringBuilder usernameToSet = new(username);
SendMessage(usernameHwnd, WM_SETTEXT, IntPtr.Zero, usernameToSet);
MessageBox.Show("请在稍后弹出的文件选框中选择C:\\CrackMes\\File文件");
SendMessage(submitButtonHwnd, BM_CLICK, IntPtr.Zero, IntPtr.Zero);
}
private void Button4_Click(object sender, EventArgs e)
{
if (!string.IsNullOrEmpty(textBox1.Text))
{
Clipboard.SetText(textBox1.Text);
}
}
private void Button5_Click(object sender, EventArgs e)
{
if (!string.IsNullOrEmpty(textBox3.Text))
{
Clipboard.SetText(textBox3.Text);
}
}
}
}

120
ad_cm5/source/keygen3/Form1.resx Normal file
View File

@ -0,0 +1,120 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
<value>[base64 mime encoded serialized .NET Framework object]</value>
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="assembly">
<xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
</xsd:complexType>
</xsd:element>
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>2.0</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
</root>

17
ad_cm5/source/keygen3/Program.cs Normal file
View File

@ -0,0 +1,17 @@
namespace keygen3
{
internal static class Program
{
/// <summary>
/// The main entry point for the application.
/// </summary>
[STAThread]
static void Main()
{
// To customize application configuration such as set high DPI settings or default font,
// see https://aka.ms/applicationconfiguration.
ApplicationConfiguration.Initialize();
Application.Run(new Form1());
}
}
}

14
ad_cm5/source/keygen3/keygen3.csproj Normal file
View File

@ -0,0 +1,14 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>WinExe</OutputType>
<TargetFramework>net8.0-windows</TargetFramework>
<Nullable>enable</Nullable>
<UseWindowsForms>true</UseWindowsForms>
<ImplicitUsings>enable</ImplicitUsings>
<Platforms>AnyCPU;x86</Platforms>
<Authors>chenx221</Authors>
<Company>chenx221</Company>
</PropertyGroup>
</Project>