public partial class Form3 : Form
{
//从它的loader程序中读入,假设都是标准 ,用来验证我们的KEY
byte[] validateByte = new byte[132];//包括'PE'及Machine,假设CPU也指定的一样, 了几个可验证字节
byte[] objprogramByte = new byte[132];
int[] lengthlist;//存求出的password可能的长度;
bool[] finded = new bool[132]; //保存在该位上是否验证过的字节都可 找到值,以确定最后可能的位;
public Form3()
{
InitializeComponent();
}
private void button1_Click(object sender, EventArgs e)
{
//
if (readValidateByte("Perplex Password Find.exe", "Crypt.dll"))
{
Initbyte();
findPass();
}
}
private void Initbyte()
{
for (int i = 0; i < 132;i++ )
{
finded[i] = true;
}
}
private int findLength()
{
int j = 0;
for (int i = 0; i < 132; i++)
{
if (finded[i])
j++;
}
return j;
}
private bool readValidateByte(string filename,string dllname)
{
bool result = false;
bool result2 = false;
if (File.Exists(filename))
{
using (FileStream stream = new FileStream(filename, FileMode.OpenOrCreate))
{
stream.Seek(0, SeekOrigin.Begin);
stream.Read(validateByte, 0, 132);
result = true;
}
}
if (File.Exists(dllname))
{
using (FileStream stream2 = new FileStream(dllname, FileMode.OpenOrCreate))
{
stream2.Seek(0, SeekOrigin.Begin);
stream2.Read(objprogramByte, 0, 132);
result2 = true;
}
}
return result && result2;
}
private void findPass()
{
TestMe me = new TestMe();
for (int x = 0; x < 132; x++)
{
for (int i = 0; i < 132; i++) //可验证的只有这么多位
{
bool findValue = false;
for (int j = 0; j < 127; j++)//ASCLL全进来吧,省不了多少,相比我往出 的话.(真懒!什么人!鄙视一下!)
{
byte value = objprogramByte[x];
value = me.GoPByte(3, value, true);
value = me.GoPByte(i, value, false);
value = me.GoPByte(j, value, true);
value = me.GoPByte(199, value, false);
value = me.GoPByte(214, value, true);
if (value == validateByte[x])
{
//this.textBox1.Text += "第"+x.ToString()+"字节 值为:"+j.ToString()+"位数:"+i.ToString()+" ";
findValue = true;
}
}
if (!findValue)
{
finded[i] = false;
}
}
//this.textBox1.Text += + Environment.NewLine;
}
MessageBox.Show(findLength().ToString());
lengthlist = new int[findLength()];
int vv = 0;
for (int ii = 0; ii < 132; ii++)
{
if (finded[ii])
{
this.textBox1.Text += ii.ToString() + Environment.NewLine;
lengthlist[vv] = ii;
vv++;
}
}
writeSerialFile();
MessageBox.Show("It Cracked!");
}
private void writeSerialFile()
{
//copy PasswordByte.cs 原作者的文件,只把方法变成public
TestMe me = new TestMe();
for (int x = 0; x < lengthlist.Length; x++)
{
byte[] buffer = new byte[lengthlist[x]];
for (int i = 0; i < lengthlist[x]; i++)
{
for (int j = 0; j < 127; j++)//ASCLL全进来吧,省不了多少,相比我往出 的话.(真懒!什么人!鄙视一下!)
{
byte value = objprogramByte[i];
value = me.GoPByte(3, value, true);
value = me.GoPByte(lengthlist[x], value, false);
value = me.GoPByte(j, value, true);
value = me.GoPByte(199, value, false);
value = me.GoPByte(214, value, true);
if (value == validateByte[i])
{
buffer[i] = (byte)j;
break;
}
}
}
writeFile(x, buffer);
}
}
private void writeFile(int x, byte[] buffer)
{
string filename = x.ToString() + ".dll";
using (FileStream stream = new FileStream(filename, FileMode.OpenOrCreate))
{
stream.Seek(0, SeekOrigin.Begin);
stream.Write(buffer, 0, buffer.Length);
}
}
}
you can down file from china's bbs:http://bbs.pediy.com/showthread.php?t=116583
I can't say your language your dll's DOS handle AND DOS sub no change.so,I can find password.