大多数软件在注册失败或者XX时会弹出个Box。于是有断点 bp MessageBox去拦截该过程~于是又有了多线程提示窗,通过跨线程方案来阻止XX~
但是实际上这样的过程是不和谐的,因为跨线程通知还是有变量等物体(在低强度加密保护的状态)可寻找~
于是我想到了一个小技巧~通过线程使用csrss.exe的错误提示框~
代码如下~
typedef enum _HARDERROR_RESPONSE_OPTION {
OptionAbortRetryIgnore,
OptionOk,
OptionOkCancel,
OptionRetryCancel,
OptionYesNo,
OptionYesNoCancel,
OptionShutdownSystem,
OptionExplorerTrayBaloon,
OptionCancelTryAgainContinue
} HARDERROR_RESPONSE_OPTION, *PHARDERROR_RESPONSE_OPTION;
typedef enum _HARDERROR_RESPONSE {
ResponseReturnToCaller,
ResponseNotHandled,
ResponseAbort,
ResponseCancel,
ResponseIgnore,
ResponseNo,
ResponseOk,
ResponseRetry,
ResponseYes,
ResponseTryAgain,
ResponseContinue
} HARDERROR_RESPONSE, *PHARDERROR_RESPONSE;
DWORD(WINAPI*NtRaiseHardError)(DWORD,DWORD,DWORD,PVOID*,
DWORD,PDWORD);
UINT uiBox=1;
ULONG WarningBox(WCHAR *lpwzText,WCHAR *lpwzCaption)
{
ULONG pUnicodeArguments[] = {0, 0, 0};
ULONG ReturnValue;
UNICODE_STRING uniText;
UNICODE_STRING uniCaption;
*(LPVOID*)&NtRaiseHardError=GetProcAddress(GetModuleHandleW(L"ntdll.dll"),"NtRaiseHardError");
RtlInitUnicodeString(&uniText, lpwzText);
RtlInitUnicodeString(&uniCaption, lpwzCaption);
pUnicodeArguments[0] = (ULONG)&uniText;
pUnicodeArguments[1] = (ULONG)&uniCaption;
NtRaiseHardError(
0x50000018,
3,
3,
(PVOID *)pUnicodeArguments,
OptionOk,
&ReturnValue
);
return ReturnValue;
}
DWORD WINAPI NotifyUser(LPVOID lparam)
{
while(uiBox!=0)
{
sleep(1000);
}
WarningBox(L"您输入的注册码有误\n",L"XXX注册提示");
return 0;
}
只要简单的创建一个线程NotifyUser,然后在注册失败时直接使用uiBox=0,然后sleep(1500)后ExitProcess等方式退出界面就好了~
[培训]科锐软件逆向54期预科班、正式班开始火爆招生报名啦!!!
