#include<windows.h>
#include<stdio.h>
#define SIZE 100
BOOL excude(char *szOutPutBuf,char *szInPutBuf)
{
SECURITY_ATTRIBUTES sa
HANDLE hRead,hWrite
sa.nLength = sizeof(SECURITY_ATTRIBUTES)
sa.lpSecurityDescriptor = NULL
sa.bInheritHandle = TRUE//输出重定向
if (!CreatePipe(&hRead,&hWrite,&sa,0))
{
printf("创建匿名管道失败")
return FALSE
}
STARTUPINFO si
PROCESS_INFORMATION pi
ZeroMemory(&si,sizeof(STARTUPINFO))
si.cb = sizeof(STARTUPINFO)
si.hStdInput=hRead
si.hStdError = GetStdHandle(STD_ERROR_HANDLE) //把创建进程的标准错误输出重定向到管道输入
si.hStdOutput = hWrite //把创建进程的标准输出重定向到管道输入
si.wShowWindow = SW_HIDE
si.dwFlags =STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW
if (!CreateProcess(NULL, "..\\..\\Debug\\code.exe",NULL,NULL,TRUE,0,NULL,NULL,&si,&pi)) //路径自己设定
{
CloseHandle(hWrite)
CloseHandle(hRead)
printf("创建子进程失败")
return FALSE
}
else
{
CloseHandle(pi.hProcess)
CloseHandle(pi.hThread)
}
DWORD bytesRead
DWORD bytesWrite
if(!WriteFile(hWrite,szInPutBuf,strlen(szInPutBuf),&bytesWrite,NULL))
printf("写入数据失败\n")
Sleep(1000)//等待子进程往管道写入数据,不可以省略
if (!ReadFile(hRead,szOutPutBuf,SIZE,&bytesRead,NULL))
printf("读数据失败\n")
CloseHandle(hRead)
return TRUE
}
int main()
{
char pf[]="find the code\r\n"
char output[SIZE],input[SIZE]="123\r\n"//对密码的初始化程序自己设计
memset(output,0,SIZE)
excude(output,input)
if(!strcmp(output,pf))
printf("cracked!\n")
return 0
}
另外,软件破解不需要这么费力,用OD这些调试一下原来的那个程序分分钟就破解了!!
欢迎分享,转载请注明来源:内存溢出
评论列表(0条)