程序界面
已实现功能
整个窗口居中显示,灰化最大化按钮,空白处添加了消息回调,最后就是获取输入运算后判断是否和预期相同,从而决定弹窗内容!这就是一般的 CrackMe 的套路
完整源码
#include
#include
LRESULT CALLBACK WndProc(HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam);
BOOL Check(char *Name, char *Flag);
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, PSTR lpCmdLine, int nCmdShow)
{
char *lpClassName = "FirstWin", *lpWindowName = "CrackMe0";
HWND hwnd;
MSG msg;
WNDCLASSEX wndclass;
wndclass.cbSize = sizeof(wndclass); // 指定该结构体的大小
wndclass.style = CS_HREDRAW | CS_VREDRAW; // 宽度高度变化时重绘
wndclass.lpfnWndProc = WndProc; // 窗口回调函数
wndclass.cbClsExtra = 0;
wndclass.cbWndExtra = 0;
wndclass.hInstance = hInstance;
wndclass.hIcon = LoadIcon(NULL, IDI_APPLICATION); // NULL表示系统图标,默认图标
wndclass.hCursor = LoadCursor(NULL, IDC_ARROW); // 默认光标
wndclass.hbrBackground = (HBRUSH)(COLOR_WINDOW + 1); // 使用画刷填充背景色,还可以(HBRUSH)GetStockObject(BLACK_BRUSH)
wndclass.lpszMenuName = NULL;
wndclass.lpszClassName = lpClassName;
wndclass.hIconSm = NULL;
if (!RegisterClassEx(&wndclass))
{
MessageBox(NULL, "Register Failed", "Tips", MB_ICONERROR);
return 0;
}
hwnd = CreateWindow(lpClassName,
lpWindowName,
WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU | WS_MINIMIZEBOX, //style,WS_OVERLAPPEDWINDOW包括了最大化最小化以及关闭
0, // x
0, // y
400, // width
300, // height
NULL, // hWndParent
NULL, // hMenu
hInstance, // hInstance
NULL);
ShowWindow(hwnd, nCmdShow);
UpdateWindow(hwnd); /* 发送 WM_PAINT,保证窗口一定可以刷新显示 */
while (GetMessage(&msg, NULL, 0, 0))
{
/* 用于Tab切换输入框,IsDialogMessage会调用user32.dll处理某些按键消息,其余的交给我们定义的窗口回调函数*/
if (!IsDialogMessage(hwnd, &msg))
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
}
return msg.wParam;
}
LRESULT CALLBACK WndProc(HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
{
HDC hdc;
int screenWidth, screenHeight;
int clientWidth, clientHeight;
int id, event;
PAINTSTRUCT ps;
CHAR Name[32], Flag[32];
RECT rect;
RECT crect;
switch (message)
{
case WM_CREATE:
/* 设置居中显示主窗口 */
screenWidth = GetSystemMetrics(SM_CXSCREEN);
screenHeight = GetSystemMetrics(SM_CYSCREEN);
GetClientRect(hwnd, &crect);
GetWindowRect(hwnd, &rect); // 区别于GetClientRect
rect.left = (screenWidth - rect.right) / 2;
rect.top = (screenHeight - rect.bottom) / 2;
SetWindowPos(hwnd, HWND_TOP, rect.left, rect.top, rect.right, rect.bottom, SWP_SHOWWINDOW);
/* MoveWindow(hwnd, rect.left, rect.top, rect.right, rect.bottom, 1); 效果同上 */
CreateWindow("static",
"Name:",
WS_CHILD | WS_VISIBLE | SS_CENTERIMAGE | SS_RIGHT,
crect.right / 12, // 用比例保证兼容性
crect.bottom / 5,
90,
40,
hwnd,
(HMENU)1,
(HINSTANCE)GetWindowLong(hwnd, -6), // # define GWL_HINSTANCE -6
NULL);
CreateWindow("static",
"Flag:",
WS_CHILD | WS_VISIBLE | SS_CENTERIMAGE | SS_RIGHT,
crect.right / 12,
crect.bottom * 2 / 5,
90,
40,
hwnd,
(HMENU)2,
(HINSTANCE)GetWindowLong(hwnd, -6),
NULL);
CreateWindow("edit",
"",
WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP | ES_AUTOHSCROLL,
crect.right / 3,
crect.bottom / 5,
200,
35,
hwnd,
(HMENU)3,
(HINSTANCE)GetWindowLong(hwnd, -6),
NULL);
CreateWindow("edit",
"",
WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP | ES_AUTOHSCROLL,
crect.right / 3,
crect.bottom * 2 / 5,
200,
35,
hwnd,
(HMENU)4,
(HINSTANCE)GetWindowLong(hwnd, -6),
NULL);
CreateWindow("button",
"Submit",
WS_CHILD | WS_VISIBLE | WS_BORDER | BS_FLAT,
crect.right * 2 / 5,
crect.bottom * 16 / 25,
100,
35,
hwnd,
(HMENU)5,
(HINSTANCE)GetWindowLong(hwnd, -6),
NULL);
break;
case WM_CTLCOLORSTATIC:
if ((HWND)lParam == GetDlgItem(hwnd, 1) || (HWND)lParam == GetDlgItem(hwnd, 2))
{
SetTextColor((HDC)wParam, RGB(0, 0, 0));
SetBkMode((HDC)wParam, TRANSPARENT);
}
return (BOOL)(HBRUSH)GetStockObject(NULL_BRUSH);
break;
case WM_PAINT:
hdc = BeginPaint(hwnd, &ps);
EndPaint(hwnd, &ps);
break;
case WM_LBUTTONDOWN:
MessageBox(hwnd, "Don't click here!", "Error", MB_OK);
break;
case WM_COMMAND:
/* 当点击菜单、按钮、下拉列表框等控件时候,会触发WM_COMMAND */
id = LOWORD(wParam);
event = HIWORD(wParam);
switch (id)
{
case 5:
GetWindowText(GetDlgItem(hwnd, 3), Name, 32);
GetWindowText(GetDlgItem(hwnd, 4), Flag, 32);
if (*Name != 0 && *Flag != 0) // 字符判断时要加*,还可以用长度判断是否为空字符串;空字符串或者字符串结束就是内存中的00
{
if (Check(Name, Flag)) // 字符串判断要用strcmp;格式化输出的%s是个特例需要传地址
{
MessageBox(hwnd, "Hi,admin!Your flag is right!", "Right", MB_OK);
DestroyWindow(hwnd);
}
else
{
MessageBox(hwnd, "Your name or flag is wrong!", "Wrong", MB_OK);
DestroyWindow(hwnd);
}
}
else
{
MessageBox(hwnd, "Please input your name and flag!", "Tips", MB_OK);
}
break;
default:
return DefWindowProc(hwnd, message, wParam, lParam);
}
break;
case WM_CLOSE:
DestroyWindow(hwnd);
break;
case WM_DESTROY:
PostQuitMessage(0);
break;
}
return DefWindowProc(hwnd, message, wParam, lParam);
}
BOOL Check(char *Name, char *Flag)
{
int i, len;
char x;
char *key = "You_are_a_pig!2333";
char flag_enc[] = {0x3f, 0x03, 0x14, 0x38, 0x1a, 0x26, 0x0d, 0x36, 0x54, 0x00, 0x41, 0x1a, 0x38, 0x47, 0x5e, 0x52, 0x0a, 0x4e};
if (!strcmp(Name, "admin") && strlen(Flag) == 18)
{
for (i = 0; i < len; i++)
{
x = Flag[i] ^ key[i];
if (x != flag_enc[i])
{
return 0;
}
else
{
continue;
}
}
}
else
{
return 0;
}
return 1;
} 很简单的 CrackMe,主要是为了学习 Windows 消息机制,程序调用gcc -m32 -mwindows编译的