本帖最后由 Icc 于 2017-9-5 19:53 编辑
重复了。。
本帖最后由 Icc 于 2017-9-5 21:45 编辑
如果把这个CM看成一个类似于网络验证的CM的话 会简单得多。
将下面的补丁编译以后 先打开补丁再打开CM就可以注册了。
#include <stdio.h>
#include <conio.h>
#include <windows.h>
int main(void)
{
HANDLE hPipe;
HANDLE hPipe1;
DWORD written;
DWORD read;
HANDLE hEvent;
OVERLAPPED olp;
unsigned char data = {0};
unsigned char ZeroData = {0};
char *success = "成功";
SetConsoleTitleA("Patcher Coded by _KaQqi");
hPipe = CreateNamedPipeA("\\\\.\\pipe\\IM SON",PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,0,1,1024,1024,0,NULL);
if(hPipe == INVALID_HANDLE_VALUE)
return 0;
hEvent = CreateEventW(NULL,TRUE,FALSE,NULL);
if(!hEvent)
{
CloseHandle(hPipe);
CloseHandle(hEvent);
return 0;
}
ZeroMemory(&olp,sizeof(OVERLAPPED));
olp.hEvent = hEvent;
if(!ConnectNamedPipe(hPipe,&olp))
{
if(GetLastError() != ERROR_IO_PENDING)
{
CloseHandle(hPipe);
CloseHandle(hEvent);
return 0;
}
}
if(WaitForSingleObject(hEvent,INFINITE) == WAIT_FAILED)
{
CloseHandle(hPipe);
CloseHandle(hEvent);
return 0;
}
CloseHandle(hEvent);
if (!WaitNamedPipeA("\\\\.\\pipe\\IM DAD",NMPWAIT_WAIT_FOREVER))
{
CloseHandle(hPipe);
return 0;
}
hPipe1 = CreateFileA("\\\\.\\pipe\\IM DAD",GENERIC_READ | GENERIC_WRITE,0,0,OPEN_EXISTING,NULL,NULL);
if (hPipe1 == INVALID_HANDLE_VALUE)
{
CloseHandle(hPipe);
CloseHandle(hPipe1);
return 0;
}
while(1)
{
if(ReadFile(hPipe1,data,sizeof(data),&read,NULL) == FALSE)
{
CloseHandle(hPipe);
CloseHandle(hPipe1);
return 0;
}
if(memcmp(data,ZeroData,sizeof(data)))
break;
}
if(WriteFile(hPipe,success,sizeof(success),&written,NULL) == TRUE)
puts("Cracked!");
else
puts("Error!");
getch();
CloseHandle(hPipe);
CloseHandle(hPipe1);
return 0;
}
希望楼主不要忘了你说过的话233
本帖最后由 Forever丶小桀 于 2017-10-14 08:09 编辑
DLL劫持强改
{:5_116:}记得脱裤子
Icc 发表于 2017-9-4 21:39
如果把这个CM看成一个类似于网络验证的CM的话 会简单得多。
将下面的补丁编译以后 先打开补丁再打开CM就 ...
我都好久没上了。。。突然发现你还在这活跃着
xh55101 发表于 2017-12-14 13:47
我都好久没上了。。。突然发现你还在这活跃着
直播脱裤子吧
我等着看呢
进来看看 学习 学习