通用破解框架v1.0 注册码/勒索病毒一键破解

DBinary · 发表于 2018-10-23 21:42

本帖最后由 DBinary 于 2018-10-24 19:24 编辑

General Crack Framework(x86) ver1.0 code by DBinary
通用破解框架(General Crack Framework) 是一款由StoryScript脚本语言及StoryVM虚拟机控制的破解框架,旨在通过脚本加载实现一键破解32位的exe程序,直接看图片吧
录制_2018_10_23_21_31_15_824.gif

理论上,只需要提供对应的破解脚本文件,就能够破解对应类型的文件,本帖发布通用破解框架v1.0 软件部分 ,其它破解脚本将在其它帖子中说明发布.

通用破解框架v1.0下载地址

https://pan.baidu.com/s/1RX4kPbPLiHtwz19XXEcSSA

DBinary · 发表于 2018-10-23 21:45

本帖最后由 DBinary 于 2018-10-29 11:25 编辑

//注册码密码一键破解脚本,将代码复制保存为txt文件,使用时通过通用破解框架加载执行
//适用范围:易语言编写的需要密码或注册码的软件
如果出现编译失败,应该是代码没复制好,可以直接这里下载:

密码一键破解.txt (6.71 KB, 下载次数: 538)
请用纯文本查看复制下面的代码,不然会出现编译错误.

[C] 纯文本查看 复制代码

#name "CrackScript"

//////////////////////////////////////////////API/////////////////////////////////
host int API_RUN(string dll,string procName);
host int API_PARAMS(int n);
host int API_PARAM_BYTE(int n,int _byte);
host int API_PARAM_WORD(int n,int _word);
host int API_PARAM_DWORD(int n,int _dword);
host int API_PARAM_STRING(int n,string str);
host int API_PARAM_MEMORY(int n,memory mem,int size);

host int API_GET_PARAM_BYTE(int n);
host int API_GET_PARAM_WORD(int n);
host int API_GET_PARAM_DWORD(int n);
host string API_GET_PARAM_STRING(int n);
host memory API_GET_PARAM_MEMORY(int n,int size);

////////////////////////////////////////////TRIGGER///////////////////////////////////
host int TRIGGER_BREAKPOINT(int BreakAddr,int codeAddr,int size,string call_back);
host int TRIGGER_BREAKPOINTEX(int BreakAddr,int codeAddr,int size,string call_back);
host int TRIGGER_CANCEL(int BreakAddr);
host int TRIGGER_SHELLCODE(int addr,memory shellcode);
host int TRIGGER_CURRENTSHELLCODE(memory shellcode);
/////////////////////////////////////////MEMORY///////////////////////////////////
host int MEMORY_ALLOC(memory init,int size);
host int MEMORY_FREE(int addr);
host int MEMORY_READ_BYTE(int addr,int *val);
host int MEMORY_READ_WORD(int addr,int *val);
host int MEMORY_READ_DWORD(int addr,int *val);
host int MEMORY_READ(int addr,int size,memory *mem);
host int MEMORY_WRITE_BYTE(int addr,int _val);
host int MEMORY_WRITE_WORD(int addr,int _val);
host int MEMORY_WRITE_DWORD(int addr,int _val);
host int MEMORY_WRITE(int addr,int size,memory mem);

//////////////////////////////////////////STACK/////////////////////////////////////
host int STACK_BYTE(int offset);
host int STACK_WORD(int offset);
host int STACK_DWORD(int offset);
host int STACK_STRING(int offset,string *str);
host int STACK_MEMORY(int offset,int size,memory *mem);
host int STACK_SET_BYTE(int offset,int val);
host int STACK_SET_WORD(int offset,int val);
host int STACK_SET_DWORD(int offset,int val);

//////////////////////////////////////////IMAGE//////////////////////////////////////
host int IMAGE_SEARCH(int startAddr,int EndAddr,memory match);

/////////////////////////////////////////CONTROL/////////////////////////////////////
host void CONTROL_TERMINATE();

////////////////////////////////////////FILE///////////////////////////////////////////
host int FILE_SAVE(string path,memory mem);
host int FILE_LOAD(string path,memory *mem);
///////////////////////////////////////PARAMETERS//////////////////////////////////////
host int PARAM_GET(string name,string *data);
int CreateWindowExWAddr;
int fix_rand[16];
int fix_index=0;
int fix_count=0;

int MessageBox(string caption,string text,int type)
{
  API_PARAMS(4);
  API_PARAM_DWORD(0,0);
  API_PARAM_STRING(1,text);
  API_PARAM_STRING(2,caption);
  API_PARAM_DWORD(3,type);
  return API_RUN("User32.dll","MessageBoxA");
}

export void RtlAdjustPrivilege_CallBack(){}
export void ExitWindowsEx_CallBack(){}
export void Strcmp_CallBack()
{
  string cmp1,cmp2;
  STACK_STRING(4,&cmp1);
  STACK_STRING(8,&cmp2);
  if(cmp1=="000")
  if(cmp2!="")
  MessageBox("","破解成功,密码为:"+cmp2,0);

 if(cmp2=="000")
  if(cmp1!="")
  MessageBox("","破解成功,密码为:"+cmp1,0);
}


export void CreateWindowExW_CallBack()
{
  int StrcmpAddr=0;
  memory extMem;
  //Hook 生成字符串比对代码
  while(StrcmpAddr!=-1)
  {
        StrcmpAddr=IMAGE_SEARCH(StrcmpAddr,0x7fffffff,@8B5424048B4C2408@);
   
        if(StrcmpAddr!=-1)
        {
               if(MEMORY_READ(StrcmpAddr+8,4,&extMem))
                     {
                       if(extMem==@85D2750D@)
                             {
                      
                                TRIGGER_BREAKPOINTEX(StrcmpAddr,StrcmpAddr,8,"Strcmp_CallBack");
                                TRIGGER_CANCEL(CreateWindowExWAddr);
                                  MessageBox("恭喜","破解框架已经部署.请在密码输入框输入\"000\"",0);
                                return;
                              }
                        }
                        StrcmpAddr=StrcmpAddr+8;
           }

    }
 }
  
export void CreateProcessA_CallBack(){}
export void SetWindowPos_CallBack()
{
  STACK_SET_DWORD(4,1);
}

int GetDllProcAddr(string dll,string proc)
{
 int handle;
 API_PARAMS(1);
 API_PARAM_STRING(0,dll);
 handle=API_RUN("Kernel32.dll","LoadLibraryA");
 API_PARAMS(2);
 API_PARAM_DWORD(0,handle);
 API_PARAM_STRING(1,proc);
 return API_RUN("Kernel32.dll","GetProcAddress");
}

int SafeHook(int addr,string callback)
{
  int hook_code;
  if(!MEMORY_READ_WORD(addr,&hook_code))
  {
   MessageBox("错误","无法读取目标shellcode.",0);
   return 0;
  }
  
  if(hook_code==0xFF8B)
  {
    TRIGGER_BREAKPOINT(addr,addr-5,2,callback);
    MEMORY_WRITE_WORD(addr,0xF9EB);
  }
  else if(hook_code==0x25FF)
   {
    TRIGGER_BREAKPOINT(addr,addr,6,callback);
   }
  else if((hook_code&0xff)==0xB8)
   {
    TRIGGER_BREAKPOINT(addr,addr,10,callback);
   }
   else
   {
    return 0;
   }
   return 1;
}


export int CrackMain()
{
  int WriteFileAddr,AdjustPrivilegeAddr,ExitWindowsAddr,CreateProcessAAddr,SetWindowPosAddr;
   //MessageBox("","框架正在部署Crack Shell,这可能花费较长的时间!请耐心等待.",0);
  //干掉蓝屏代码//////////////////////////////////////////////////////////////////////
   AdjustPrivilegeAddr=GetDllProcAddr("ntdll.dll","RtlAdjustPrivilege");

   if(AdjustPrivilegeAddr)
   {
   TRIGGER_BREAKPOINTEX(AdjustPrivilegeAddr,AdjustPrivilegeAddr,0,"RtlAdjustPrivilege_CallBack");
   TRIGGER_SHELLCODE(AdjustPrivilegeAddr,@C21000@);
   }

  //干掉关机代码//////////////////////////////////////////////////////////////////////
  ExitWindowsAddr=GetDllProcAddr("User32.dll","ExitWindowsEx");
  //绕过SE TMD API Hook检测
  
  if(SafeHook(ExitWindowsAddr,"ExitWindowsEx_CallBack"))
    TRIGGER_SHELLCODE(ExitWindowsAddr,@C20800@);
  else
     MessageBox("错误","无法拦截ExitWindows.",0);

  //CreateWindowExW 入手,准备干掉文本比对代码/////////////////////////////////////////
  CreateWindowExWAddr=GetDllProcAddr("User32.dll","CreateWindowExW");
  if(CreateWindowExWAddr)
  {
   SafeHook(CreateWindowExWAddr,"CreateWindowExW_Callback");
  }
  
  //SetWindowPos拦截
  SetWindowPosAddr=GetDllProcAddr("User32.dll","SetWindowPos");
  if(SetWindowPosAddr)
  {
   if(!SafeHook(SetWindowPosAddr,"SetWindowPos_Callback"))
   {
    MessageBox("错误","无法拦截SetWindowPos.",0);
   }
  }

  //CreateProcess拦截
  CreateProcessAAddr=GetDllProcAddr("Kernel32.dll","CreateProcessA");
  if(CreateProcessAAddr)
  {
   if(SafeHook(CreateProcessAAddr,"CreateProcessA_Callback"))
   TRIGGER_SHELLCODE(CreateProcessAAddr,@C22800@);
   else
    MessageBox("错误","无法拦截CreateProcess.",0);
  }

}

==================================================================================================================================================================================

鉴于今年小学生勒索恶意程序频发,特编写此脚本程序用于破解该恶意程序,该类病毒中毒类似如下

使用方法:复制下面的脚本保存到txt文件,使用通用破解框架v1.0加载,通用破解框架下载地址请参照https://www.52pojie.cn/thread-811462-1-1.html
参数填写说明:如果是有随机码的勒索请在参数中填写随机码="对应随机码"后点击一键破解等待密码,如果是固定密码参数栏可留空
如果有多个随机码,请用随机码1="..";随机码2="...";随机码3="....."进行表示
适用范围:90%的MBR勒索程序,可无视UPX VMP TMD SE壳的保护(一般情况下)
其它注意事项:请在虚拟机或其他沙盒环境中进行破解!!!!!
如果出现编译失败,应该是代码没复制好,可以直接这里下载:
请用纯文本查看复制下面的代码,不然会出现编译错误.

[C] 纯文本查看 复制代码

#name "CrackScript"

//////////////////////////////////////////////API/////////////////////////////////
host int API_RUN(string dll,string procName);
host int API_PARAMS(int n);
host int API_PARAM_BYTE(int n,int _byte);
host int API_PARAM_WORD(int n,int _word);
host int API_PARAM_DWORD(int n,int _dword);
host int API_PARAM_STRING(int n,string str);
host int API_PARAM_MEMORY(int n,memory mem,int size);

host int API_GET_PARAM_BYTE(int n);
host int API_GET_PARAM_WORD(int n);
host int API_GET_PARAM_DWORD(int n);
host string API_GET_PARAM_STRING(int n);
host memory API_GET_PARAM_MEMORY(int n,int size);

////////////////////////////////////////////TRIGGER///////////////////////////////////
host int TRIGGER_BREAKPOINT(int BreakAddr,int codeAddr,int size,string call_back);
host int TRIGGER_BREAKPOINTEX(int BreakAddr,int codeAddr,int size,string call_back);
host int TRIGGER_CANCEL(int BreakAddr);
host int TRIGGER_SHELLCODE(int addr,memory shellcode);
host int TRIGGER_CURRENTSHELLCODE(memory shellcode);
/////////////////////////////////////////MEMORY///////////////////////////////////
host int MEMORY_ALLOC(memory init,int size);
host int MEMORY_FREE(int addr);
host int MEMORY_READ_BYTE(int addr,int *val);
host int MEMORY_READ_WORD(int addr,int *val);
host int MEMORY_READ_DWORD(int addr,int *val);
host int MEMORY_READ(int addr,int size,memory *mem);
host int MEMORY_WRITE_BYTE(int addr,int _val);
host int MEMORY_WRITE_WORD(int addr,int _val);
host int MEMORY_WRITE_DWORD(int addr,int _val);
host int MEMORY_WRITE(int addr,int size,memory mem);

//////////////////////////////////////////STACK/////////////////////////////////////
host int STACK_BYTE(int offset);
host int STACK_WORD(int offset);
host int STACK_DWORD(int offset);
host int STACK_STRING(int offset,string *str);
host int STACK_MEMORY(int offset,int size,memory *mem);
host int STACK_SET_BYTE(int offset,int val);
host int STACK_SET_WORD(int offset,int val);
host int STACK_SET_DWORD(int offset,int val);

//////////////////////////////////////////IMAGE//////////////////////////////////////
host int IMAGE_SEARCH(int startAddr,int EndAddr,memory match);

/////////////////////////////////////////CONTROL/////////////////////////////////////
host void CONTROL_TERMINATE();

////////////////////////////////////////FILE///////////////////////////////////////////
host int FILE_SAVE(string path,memory mem);
host int FILE_LOAD(string path,memory *mem);
///////////////////////////////////////PARAMETERS//////////////////////////////////////
host int PARAM_GET(string name,string *data);
int CreateWindowExWAddr;
int fix_rand[16];
int fix_index=0;
int fix_count=0;

int MessageBox(string caption,string text,int type)
{
  API_PARAMS(4);
  API_PARAM_DWORD(0,0);
  API_PARAM_STRING(1,text);
  API_PARAM_STRING(2,caption);
  API_PARAM_DWORD(3,type);
  return API_RUN("User32.dll","MessageBoxA");
}

export void WriteFile_CallBack()
{
  int WriteSize;
  memory MBR,cp_MBR;
  string sKey,sMsg;
  WriteSize=STACK_DWORD(12);
  if(WriteSize==512)
  {
   STACK_MEMORY(8,8,&MBR);
   if(MBR==@E900008CC88ED88E@)
   {
    STACK_MEMORY(8,512,&MBR);
    
        cp_MBR=MBR;
        _asm {memtrm cp_MBR,0xDA,19}
        sKey=string(cp_MBR);

        cp_MBR=MBR;
        _asm {memtrm cp_MBR,0xED,0x113}
        sMsg=string(cp_MBR);

    MessageBox("恭喜","信息:"+sMsg+"\n破解成功,密码为:"+sKey,0); 
    CONTROL_TERMINATE();
   }
  }
}

export void RtlAdjustPrivilege_CallBack(){}
export void ExitWindowsEx_CallBack(){}
export void Rand_CallBack()
{
  memory shellcode;
  if(fix_index>=fix_count) fix_index=fix_count-1;
  shellcode=@C7442410@;
  shellcode=shellcode+fix_rand[fix_index];
  shellcode=shellcode+(fix_rand[fix_index]>>8);
  shellcode=shellcode+(fix_rand[fix_index]>>16);
  shellcode=shellcode+(fix_rand[fix_index]>>24);
  shellcode=shellcode+@C3@;
  fix_index++;
  TRIGGER_CURRENTSHELLCODE(shellcode);
}


export void CreateWindowExW_CallBack()
{
  int RandAddr=0;
  memory extMem;
  //Hook 生成随机数二进制代码
  while(RandAddr!=-1)
  {
        RandAddr=IMAGE_SEARCH(RandAddr,0x7fffffff,@8B4C240C568B410885C07504@);
   
        if(RandAddr!=-1)
        {
               if(MEMORY_READ(RandAddr+12,4,&extMem))
                     {
                       if(extMem==@33F6EB0E@)
                             {
                                TRIGGER_BREAKPOINTEX(RandAddr,RandAddr,8,"Rand_CallBack");
                                 TRIGGER_CANCEL(CreateWindowExWAddr);
                                return;
                              }
                        }
                        RandAddr=RandAddr+12;
           }

    }
}
  
export void CreateProcessA_CallBack(){}


int GetDllProcAddr(string dll,string proc)
{
int handle;
API_PARAMS(1);
API_PARAM_STRING(0,dll);
handle=API_RUN("Kernel32.dll","LoadLibraryA");
API_PARAMS(2);
API_PARAM_DWORD(0,handle);
API_PARAM_STRING(1,proc);
return API_RUN("Kernel32.dll","GetProcAddress");
}

int SafeHook(int addr,string callback)
{
  int hook_code;
  if(!MEMORY_READ_WORD(addr,&hook_code))
  {
   MessageBox("错误","无法读取目标shellcode.",0);
   return 0;
  }
  
  if(hook_code==0xFF8B)
  {
    TRIGGER_BREAKPOINT(addr,addr-5,2,callback);
    MEMORY_WRITE_WORD(addr,0xF9EB);
  }
  else if(hook_code==0x25FF)
   {
    TRIGGER_BREAKPOINT(addr,addr,6,callback);
   }
   else
   {
    return 0;
   }
   return 1;
}


export int CrackMain()
{
  int WriteFileAddr,AdjustPrivilegeAddr,ExitWindowsAddr,CreateProcessAAddr;
  string s_rand;
  int paramIndex;
  
  for(paramIndex=0;paramIndex<16;paramIndex++)
   {
     if(!PARAM_GET("随机码"+string(paramIndex+1),&s_rand))
     {
          break;
     }
    else
    {
     fix_rand[paramIndex]=int(s_rand);
     }
   }
   fix_count=paramIndex;
  if(PARAM_GET("随机码",&s_rand))
   {
   fix_rand[0]=int(s_rand);
   if(fix_count==0) fix_count=1;
   }
   MessageBox("","框架正在部署Crack Shell,这可能花费较长的时间!请耐心等待.",0);
  //干掉蓝屏代码//////////////////////////////////////////////////////////////////////
   AdjustPrivilegeAddr=GetDllProcAddr("ntdll.dll","RtlAdjustPrivilege");

   if(AdjustPrivilegeAddr)
   {
   TRIGGER_BREAKPOINTEX(AdjustPrivilegeAddr,AdjustPrivilegeAddr,0,"RtlAdjustPrivilege_CallBack");
   TRIGGER_SHELLCODE(AdjustPrivilegeAddr,@C21000@);
   }

  //干掉关机代码//////////////////////////////////////////////////////////////////////
  ExitWindowsAddr=GetDllProcAddr("User32.dll","ExitWindowsEx");
  //绕过SE TMD API Hook检测
  
  if(SafeHook(ExitWindowsAddr,"ExitWindowsEx_CallBack"))
    TRIGGER_SHELLCODE(ExitWindowsAddr,@C20800@);
  else
     MessageBox("错误","无法拦截ExitWindows.",0);

  //CreateWindowExW 入手,准备干掉随机数生成代码/////////////////////////////////////////
  CreateWindowExWAddr=GetDllProcAddr("User32.dll","CreateWindowExW");
  if(CreateWindowExWAddr)
  {
   SafeHook(CreateWindowExWAddr,"CreateWindowExW_Callback");
  }
  
  //CreateProcess拦截
  CreateProcessAAddr=GetDllProcAddr("Kernel32.dll","CreateProcessA");
  if(CreateProcessAAddr)
  {
   if(SafeHook(CreateProcessAAddr,"CreateProcessA_Callback"))
   TRIGGER_SHELLCODE(CreateProcessAAddr,@C22800@);
   else
    MessageBox("错误","无法拦截CreateProcess.",0);
  }

  //获取密码//////////////////////////////////////////////////////////////////////////
  WriteFileAddr=GetDllProcAddr("Kernel32.dll","WriteFile");
  //绕过SE TMD API Hook检测
  if(!SafeHook(WriteFileAddr,"WriteFile_Callback"))
  {
   MessageBox("错误","无法读取目标shellcode.",0);
   CONTROL_TERMINATE();
  }

}

Net user 勒索病毒(俗称用户锁)一键破解脚本
使用方法:复制下面的脚本保存到txt文件,使用通用破解框架v1.0加载
参数填写说明:如果是有随机码的勒索请在参数中填写随机码="对应随机码"后点击一键破解等待密码,如果是固定密码参数栏可留空
如果有多个随机码,请用随机码1="..";随机码2="...";随机码3="....."进行表示
适用范围:90%的net user类型勒索程序,可无视UPX VMP TMD SE壳的保护(一般情况下)
其它注意事项:请在虚拟机或其他沙盒环境中进行破解!!!!!
如果出现编译失败,应该是代码没复制好,可以直接这里下载:
请用纯文本查看复制下面的代码,不然会出现编译错误.

[C] 纯文本查看 复制代码

#name "CrackScript"

//////////////////////////////////////////////API/////////////////////////////////
host int API_RUN(string dll,string procName);
host int API_PARAMS(int n);
host int API_PARAM_BYTE(int n,int _byte);
host int API_PARAM_WORD(int n,int _word);
host int API_PARAM_DWORD(int n,int _dword);
host int API_PARAM_STRING(int n,string str);
host int API_PARAM_MEMORY(int n,memory mem,int size);

host int API_GET_PARAM_BYTE(int n);
host int API_GET_PARAM_WORD(int n);
host int API_GET_PARAM_DWORD(int n);
host string API_GET_PARAM_STRING(int n);
host memory API_GET_PARAM_MEMORY(int n,int size);

////////////////////////////////////////////TRIGGER///////////////////////////////////
host int TRIGGER_BREAKPOINT(int BreakAddr,int codeAddr,int size,string call_back);
host int TRIGGER_BREAKPOINTEX(int BreakAddr,int codeAddr,int size,string call_back);
host int TRIGGER_CANCEL(int BreakAddr);
host int TRIGGER_SHELLCODE(int addr,memory shellcode);
host int TRIGGER_CURRENTSHELLCODE(memory shellcode);
/////////////////////////////////////////MEMORY///////////////////////////////////
host int MEMORY_ALLOC(memory init,int size);
host int MEMORY_FREE(int addr);
host int MEMORY_READ_BYTE(int addr,int *val);
host int MEMORY_READ_WORD(int addr,int *val);
host int MEMORY_READ_DWORD(int addr,int *val);
host int MEMORY_READ(int addr,int size,memory *mem);
host int MEMORY_WRITE_BYTE(int addr,int _val);
host int MEMORY_WRITE_WORD(int addr,int _val);
host int MEMORY_WRITE_DWORD(int addr,int _val);
host int MEMORY_WRITE(int addr,int size,memory mem);

//////////////////////////////////////////STACK/////////////////////////////////////
host int STACK_BYTE(int offset);
host int STACK_WORD(int offset);
host int STACK_DWORD(int offset);
host int STACK_STRING(int offset,string *str);
host int STACK_MEMORY(int offset,int size,memory *mem);
host int STACK_SET_BYTE(int offset,int val);
host int STACK_SET_WORD(int offset,int val);
host int STACK_SET_DWORD(int offset,int val);

//////////////////////////////////////////IMAGE//////////////////////////////////////
host int IMAGE_SEARCH(int startAddr,int EndAddr,memory match);

/////////////////////////////////////////CONTROL/////////////////////////////////////
host void CONTROL_TERMINATE();

////////////////////////////////////////FILE///////////////////////////////////////////
host int FILE_SAVE(string path,memory mem);
host int FILE_LOAD(string path,memory *mem);
///////////////////////////////////////PARAMETERS//////////////////////////////////////
host int PARAM_GET(string name,string *data);
int CreateWindowExWAddr;
int fix_rand[16];
int fix_index=0;
int fix_count=0;

int MessageBox(string caption,string text,int type)
{
  API_PARAMS(4);
  API_PARAM_DWORD(0,0);
  API_PARAM_STRING(1,text);
  API_PARAM_STRING(2,caption);
  API_PARAM_DWORD(3,type);
  return API_RUN("User32.dll","MessageBoxA");
}

export void RtlAdjustPrivilege_CallBack(){}
export void ExitWindowsEx_CallBack(){}
export void Rand_CallBack()
{
  memory shellcode;
  if(fix_index>=fix_count) fix_index=fix_count-1;
  shellcode=@C7442410@;
  shellcode=shellcode+fix_rand[fix_index];
  shellcode=shellcode+(fix_rand[fix_index]>>8);
  shellcode=shellcode+(fix_rand[fix_index]>>16);
  shellcode=shellcode+(fix_rand[fix_index]>>24);
  shellcode=shellcode+@C3@;
  fix_index++;
  TRIGGER_CURRENTSHELLCODE(shellcode);
}


export void CreateWindowExW_CallBack()
{
  int RandAddr=0;
  memory extMem;
  //Hook 生成随机数二进制代码
  while(RandAddr!=-1)
  {
        RandAddr=IMAGE_SEARCH(RandAddr,0x7fffffff,@8B4C240C568B410885C07504@);
   
        if(RandAddr!=-1)
        {
               if(MEMORY_READ(RandAddr+12,4,&extMem))
                     {
                       if(extMem==@33F6EB0E@)
                             {
                                TRIGGER_BREAKPOINTEX(RandAddr,RandAddr,8,"Rand_CallBack");
                                 TRIGGER_CANCEL(CreateWindowExWAddr);
                                return;
                              }
                        }
                        RandAddr=RandAddr+12;
           }

    }
 }
  
export void CreateProcessA_CallBack()
{
  string cmd;
  STACK_STRING(8,&cmd);
  MessageBox("已找到可能特征",cmd,0); 
}


int GetDllProcAddr(string dll,string proc)
{
 int handle;
 API_PARAMS(1);
 API_PARAM_STRING(0,dll);
 handle=API_RUN("Kernel32.dll","LoadLibraryA");
 API_PARAMS(2);
 API_PARAM_DWORD(0,handle);
 API_PARAM_STRING(1,proc);
 return API_RUN("Kernel32.dll","GetProcAddress");
}

int SafeHook(int addr,string callback)
{
  int hook_code;
  if(!MEMORY_READ_WORD(addr,&hook_code))
  {
   MessageBox("错误","无法读取目标shellcode.",0);
   return 0;
  }
  
  if(hook_code==0xFF8B)
  {
    TRIGGER_BREAKPOINT(addr,addr-5,2,callback);
    MEMORY_WRITE_WORD(addr,0xF9EB);
  }
  else if(hook_code==0x25FF)
   {
    TRIGGER_BREAKPOINT(addr,addr,6,callback);
   }
   else
   {
    return 0;
   }
   return 1;
}


export int CrackMain()
{
  int WriteFileAddr,AdjustPrivilegeAddr,ExitWindowsAddr,CreateProcessAAddr;
  string s_rand;
  int paramIndex;
  
  for(paramIndex=0;paramIndex<16;paramIndex++)
   {
     if(!PARAM_GET("随机码"+string(paramIndex+1),&s_rand))
     {
          break;
     }
    else
    {
     fix_rand[paramIndex]=int(s_rand);
     }
   }
   fix_count=paramIndex;
  if(PARAM_GET("随机码",&s_rand))
   {
   fix_rand[0]=int(s_rand);
   if(fix_count==0) fix_count=1;
   }
   MessageBox("","框架正在部署Crack Shell,这可能花费较长的时间!请耐心等待.",0);
  //干掉蓝屏代码//////////////////////////////////////////////////////////////////////
   AdjustPrivilegeAddr=GetDllProcAddr("ntdll.dll","RtlAdjustPrivilege");

   if(AdjustPrivilegeAddr)
   {
   TRIGGER_BREAKPOINTEX(AdjustPrivilegeAddr,AdjustPrivilegeAddr,0,"RtlAdjustPrivilege_CallBack");
   TRIGGER_SHELLCODE(AdjustPrivilegeAddr,@C21000@);
   }

  //干掉关机代码//////////////////////////////////////////////////////////////////////
  ExitWindowsAddr=GetDllProcAddr("User32.dll","ExitWindowsEx");
  //绕过SE TMD API Hook检测
  
  if(SafeHook(ExitWindowsAddr,"ExitWindowsEx_CallBack"))
    TRIGGER_SHELLCODE(ExitWindowsAddr,@C20800@);
  else
     MessageBox("错误","无法拦截ExitWindows.",0);

  //CreateWindowExW 入手,准备干掉随机数生成代码/////////////////////////////////////////
  CreateWindowExWAddr=GetDllProcAddr("User32.dll","CreateWindowExW");
  if(CreateWindowExWAddr)
  {
   SafeHook(CreateWindowExWAddr,"CreateWindowExW_Callback");
  }
  
  //CreateProcess拦截
  CreateProcessAAddr=GetDllProcAddr("Kernel32.dll","CreateProcessA");
  if(CreateProcessAAddr)
  {
   if(SafeHook(CreateProcessAAddr,"CreateProcessA_Callback"))
   TRIGGER_SHELLCODE(CreateProcessAAddr,@C22800@);
   else
    MessageBox("错误","无法拦截CreateProcess.",0);
  }
}

DBinary · 发表于 2018-10-24 10:55

hongge 发表于 2018-10-24 10:40
你把txt上传下来就可以了~但是为什么我通文本编辑器和nottpad编辑器复制过去都不行？？奇怪···

直接复制时会复制到unicode字符,导致编译失败,你用纯文本查看再复制就没问题了

csl19880909 · 发表于 2018-10-23 21:50

不知道能破解适用性多大

itcfan · 发表于 2018-10-23 22:49

随便网上下载了一个注册例程测试了下，确实有效。

w1223 · 发表于 2018-10-23 23:18

不错啊，有用，脚本适用性有限

hongge · 发表于 2018-10-23 23:49

DBinary 发表于 2018-10-23 21:45
//注册码密码一键破解脚本,将代码复制保存为txt文件,使用时通过通用破解框架加载执行
//适用范围:易语言编 ...

是只能在32位系统运行？？我怎么都是编译失败

mylin · 发表于 2018-10-24 02:52

提示: 作者被禁止或删除内容自动屏蔽

DBinary · 发表于 2018-10-24 07:17

hongge 发表于 2018-10-23 23:49
是只能在32位系统运行？？我怎么都是编译失败

应该是没复制对，用纯文本复制下来

DBinary · 发表于 2018-10-24 08:01

mylin 发表于 2018-10-24 02:52
机关公文助手最新版你试下可以不

有局限性的,这个脚本仅适用于易语言编写的程序

gongyuchang · 发表于 2018-10-24 08:29

感谢楼主分享

帐号		自动登录	找回密码
密码			注册[Register]

[原创工具] 通用破解框架v1.0 注册码/勒索病毒一键破解

免费评分

个人中心

mylin mylin 当前离线好友阅读权限 0 听众最后登录 1970-1-1 头像被屏蔽	mylin 发表于 2018-10-24 02:52 提示: 作者被禁止或删除内容自动屏蔽

	回复支持举报

[原创工具] 通用破解框架v1.0 注册码/勒索病毒 一键破解

免费评分

个人中心

[原创工具] 通用破解框架v1.0 注册码/勒索病毒一键破解