这是恶意福彩12选5走势图吗? -编译的C#福彩12选5走势图使用自动化嵌入Powershell脚本

sudom4n

成员
已加入
2019年11月22日
留言内容
7
编程经验
1-3
创建了一个项目,将bitlocker(HDD加密)部署到所有客户端计算机。并在过去自己做了很多次。我一直使用组策略或4行PowerShell福彩12选5走势图来完成此任务。相反,我的经理决定将PowerShell福彩12选5走势图嵌入C#中并将其编译为exe。然后将该exe部署到整个网络。我第一次问的时候我创建了powershell福彩12选5走势图,而他创建了c#福彩12选5走势图。在线上有名为ps2exe.ps1脚本的软件可以为您完成此操作。我通过使用-extract选项运行exe并指定目标位置来编译从原始exe获得的脚本。当然,可提取的内容将在C#福彩12选5走势图中定义。因此,这还没有证明。我使用所有ps2exe转换器在线重新编译了福彩12选5走势图;然后使用jetbrains反编译每个exe。他们都没有加载credui模块。

我注意到这是一件事,它在原始exe上格外狡猾,主要是因为福彩12选5走势图正在解密缓冲区中的密码。并分配给字符串生成器。我不知道的一件事是它的保存位置。或福彩12选5走势图编写者如何获取密码。

我想以邮政编码形式将此福彩12选5走势图附加到该论坛;我希望有人可以看看一下,并给我自己有关附件福彩12选5走势图是否是恶意的100%和80%的建议;看起来像不确定或绝对不是。等等..

我已将VS福彩12选5走势图上传到-> Microsoft OneDrive-随时随地访问文件。使用免费的Office Online创建文档。

谢谢,
 

羊皮

退休程序员
工作人员
已加入
2018年9月5日
留言内容
1,932
地点
英国
编程经验
10+
嗨,欢迎来到论坛

Nobody is going to download that, so your best posting your code on the forums like everyone else does, and paste your code using [CODE=csharp] your code here [/CODE] tags.

谢谢
 

sudom4n

成员
已加入
2019年11月22日
留言内容
7
编程经验
1-3
哈哈,真的。

C#:
// Decompiled with JetBrains decompiler
// Type: ik.PowerShell.PS2EXEHostUI
// Assembly: BitLocker_Encryption, Version=0.3.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 26A91D44-64C1-496F-B0CE-A0E68A4652B0
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Management.Automation;
using System.Management.Automation.Host;
using System.Reflection;
using System.Security;
using System.Windows.Forms;
namespace ik.PowerShell
{
internal class PS2EXEHostUI : PSHostUserInterface
{
public ConsoleColor ErrorForegroundColor = ConsoleColor.Red;
public ConsoleColor WarningForegroundColor = ConsoleColor.Yellow;
public ConsoleColor DebugForegroundColor = ConsoleColor.Yellow;
public ConsoleColor VerboseForegroundColor = ConsoleColor.Yellow;
public ConsoleColor ProgressForegroundColor = ConsoleColor.DarkCyan;
public ConsoleColor ProgressBackgroundColor = ConsoleColor.DarkCyan;
private PS2EXEHostRawUI rawUI;
public ConsoleColor ErrorBackgroundColor;
public ConsoleColor WarningBackgroundColor;
public ConsoleColor DebugBackgroundColor;
public ConsoleColor VerboseBackgroundColor;
private string ibcaption;
private string ibmessage;
    public ProgressForm pf;
    public PS2EXEHostUI()
{
this.rawUI = new PS2EXEHostRawUI();
    }
    public override Dictionary<string, PSObject> Prompt(
string caption,
string message,
Collection<FieldDescription> descriptions)
{
if (!string.IsNullOrEmpty(caption) || !string.IsNullOrEmpty(message))
{
string caption1 = AppDomain.CurrentDomain.FriendlyName;
string text = "";
if (!string.IsNullOrEmpty(caption))
caption1 = caption;
if (!string.IsNullOrEmpty(message))
text = message;
int num = (int) MessageBox.Show(text, caption1);
}
this.ibcaption = "";
this.ibmessage = "";
Dictionary<string, PSObject> dictionary = new Dictionary<string, PSObject>();
foreach (FieldDescription description in descriptions)
{
System.Type conversionType = !string.IsNullOrEmpty(description.ParameterAssemblyFullName) ? System.Type.GetType(description.ParameterAssemblyFullName) : typeof (string);
if (conversionType.IsArray)
{
System.Type elementType = conversionType.GetElementType();
System.Type type = System.Type.GetType("System.Collections.Generic.List" + '`'.ToString() + "1").MakeGenericType(elementType);
object target = type.GetConstructor(BindingFlags.Instance | BindingFlags.Public | BindingFlags.CreateInstance, (Binder) null, System.Type.EmptyTypes, (ParameterModifier[]) null).Invoke((object[]) null);
int num = 0;
while (true)
{
try
{
if (!string.IsNullOrEmpty(description.Name))
this.ibmessage = string.Format("{0}[{1}]: ", (object) description.Name, (object) num);
string str = this.ReadLine();
if (!string.IsNullOrEmpty(str))
{
object obj = Convert.ChangeType((object) str, elementType);
type.InvokeMember("Add", BindingFlags.Instance | BindingFlags.Public | BindingFlags.InvokeMethod, (Binder) null, target, new object[1]
{
obj
});
}
else
break;
}
catch (Exception ex)
{
throw ex;
}
++num;
}
Array array = (Array) type.InvokeMember("ToArray", BindingFlags.Instance | BindingFlags.Public | BindingFlags.InvokeMethod, (Binder) null, target, (object[]) null);
dictionary.Add(description.Name, new PSObject((object) array));
}
else
{
object obj = (object) null;
try
{
if (conversionType != typeof (SecureString))
{
if (conversionType != typeof (PSCredential))
{
if (!string.IsNullOrEmpty(description.Name))
this.ibmessage = string.Format("{0}: ", (object) description.Name);
if (!string.IsNullOrEmpty(description.HelpMessage))
this.ibmessage += "\n(Type !? for help.)";
string str;
do
{
str = this.ReadLine();
if (str == "!?")
{
this.WriteLine(description.HelpMessage);
}
else
{
if (string.IsNullOrEmpty(str))
obj = (object) description.DefaultValue;
if (obj == null)
{
try
{
obj = Convert.ChangeType((object) str, conversionType);
}
catch
{
this.Write("Wrong format, please repeat input: ");
str = "!?";
}
}
}
}
while (str == "!?");
}
else
obj = (object) this.PromptForCredential("", "", "", "");
}
else
{
if (!string.IsNullOrEmpty(description.Name))
this.ibmessage = string.Format("{0}: ", (object) description.Name);
obj = (object) this.ReadLineAsSecureString();
}
dictionary.Add(description.Name, new PSObject(obj));
}
catch (Exception ex)
{
throw ex;
}
}
}
this.ibcaption = "";
this.ibmessage = "";
return dictionary;
    }
    public override int PromptForChoice(
string caption,
string message,
Collection<ChoiceDescription> choices,
int defaultChoice)
{
int num = ChoiceBox.Show(choices, defaultChoice, caption, message);
if (num == -1)
num = defaultChoice;
return num;
    }
    public override PSCredential PromptForCredential(
string caption,
string message,
string userName,
string targetName,
PSCredentialTypes allowedCredentialTypes,
PSCredentialUIOptions options)
{
CredentialForm.UserPwd userPwd = CredentialForm.PromptForPassword(caption, message, targetName, userName, allowedCredentialTypes, options);
if (userPwd == null)
return (PSCredential) null;
SecureString password = new SecureString();
foreach (char c in userPwd.Password.ToCharArray())
password.AppendChar(c);
return new PSCredential(userPwd.User, password);
    }
    public override PSCredential PromptForCredential(
string caption,
string message,
string userName,
string targetName)
{
CredentialForm.UserPwd userPwd = CredentialForm.PromptForPassword(caption, message, targetName, userName, PSCredentialTypes.Default, PSCredentialUIOptions.Default);
if (userPwd == null)
return (PSCredential) null;
SecureString password = new SecureString();
foreach (char c in userPwd.Password.ToCharArray())
password.AppendChar(c);
return new PSCredential(userPwd.User, password);
    }
    public override PSHostRawUserInterface RawUI
{
get
{
return (PSHostRawUserInterface) this.rawUI;
}
    }
    public override string ReadLine()
{
string sValue = "";
if (InputBox.Show(this.ibcaption, this.ibmessage, ref sValue) == DialogResult.OK)
return sValue;
return "";
    }
    private SecureString getPassword()
{
SecureString secureString = new SecureString();
while (true)
{
ConsoleKeyInfo consoleKeyInfo;
do
{
consoleKeyInfo = Console.ReadKey(true);
if (consoleKeyInfo.Key == ConsoleKey.Enter)
{
Console.WriteLine();
return secureString;
}
if (consoleKeyInfo.Key != ConsoleKey.Backspace)
goto label_6;
}
while (secureString.Length <= 0);
secureString.RemoveAt(secureString.Length - 1);
Console.Write("\b \b");
continue;
label_6:
secureString.AppendChar(consoleKeyInfo.KeyChar);
Console.Write("*");
}
    }
    public override SecureString ReadLineAsSecureString()
{
SecureString secureString = new SecureString();
string sValue = "";
if (InputBox.Show(this.ibcaption, this.ibmessage, ref sValue, true) == DialogResult.OK)
{
foreach (char c in sValue)
secureString.AppendChar(c);
}
return secureString;
    }
    public override void Write(
ConsoleColor foregroundColor,
ConsoleColor backgroundColor,
string value)
{
    }
    public override void Write(string value)
{
    }
    public override void WriteDebugLine(string message)
{
int num = (int) MessageBox.Show(message, AppDomain.CurrentDomain.FriendlyName, MessageBoxButtons.OK, MessageBoxIcon.Asterisk);
    }
    public override void WriteErrorLine(string value)
{
int num = (int) MessageBox.Show(value, AppDomain.CurrentDomain.FriendlyName, MessageBoxButtons.OK, MessageBoxIcon.Hand);
    }
    public override void WriteLine()
{
    }
    public override void WriteLine(
ConsoleColor foregroundColor,
ConsoleColor backgroundColor,
string value)
{
    }
    public override void WriteLine(string value)
{
    }
    public override void WriteProgress(long sourceId, ProgressRecord record)
{
if (this.pf == null)
{
this.pf = new ProgressForm(this.ProgressForegroundColor);
this.pf.Show();
}
this.pf.Update(record);
if (record.RecordType != ProgressRecordType.Completed)
return;
this.pf = (ProgressForm) null;
    }
    public override void WriteVerboseLine(string message)
{
    }
    public override void WriteWarningLine(string message)
{
int num = (int) MessageBox.Show(message, AppDomain.CurrentDomain.FriendlyName, MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
}
}
 

sudom4n

成员
已加入
2019年11月22日
留言内容
7
编程经验
1-3
这是credentialform.cs;我相信这会解密密码。

C#:
// Decompiled with JetBrains decompiler
// Type: ik.PowerShell.CredentialForm
// Assembly: BitLocker_Encryption, Version=0.3.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 26A91D44-64C1-496F-B0CE-A0E68A4652B0

using System;
using System.Management.Automation;
using System.Runtime.InteropServices;
using System.Text;
namespace ik.PowerShell
{
internal class CredentialForm
{
[DllImport("credui", CharSet = CharSet.Unicode)]
private static extern CredentialForm.CredUIReturnCodes CredUIPromptForCredentials(
ref CredentialForm.CREDUI_INFO creditUR,
string targetName,
IntPtr reserved1,
int iError,
StringBuilder userName,
int maxUserName,
StringBuilder password,
int maxPassword,
[MarshalAs(UnmanagedType.Bool)] ref bool pfSave,
      CredentialForm.CREDUI_FLAGS flags);
    internal static CredentialForm.UserPwd PromptForPassword(
string caption,
string message,
string target,
string user,
PSCredentialTypes credTypes,
PSCredentialUIOptions options)
{
StringBuilder password = new StringBuilder();
StringBuilder userName = new StringBuilder(user, 128);
CredentialForm.CREDUI_INFO creditUR = new CredentialForm.CREDUI_INFO();
if (!string.IsNullOrEmpty(message))
creditUR.pszMessageText = message;
if (!string.IsNullOrEmpty(caption))
creditUR.pszCaptionText = caption;
creditUR.cbSize = Marshal.SizeOf<CredentialForm.CREDUI_INFO>((M0) creditUR);
bool pfSave = false;
CredentialForm.CREDUI_FLAGS flags = CredentialForm.CREDUI_FLAGS.DO_NOT_PERSIST;
if ((credTypes & PSCredentialTypes.Generic) == PSCredentialTypes.Generic)
{
flags |= CredentialForm.CREDUI_FLAGS.GENERIC_CREDENTIALS;
if ((options & PSCredentialUIOptions.AlwaysPrompt) == PSCredentialUIOptions.AlwaysPrompt)
flags |= CredentialForm.CREDUI_FLAGS.ALWAYS_SHOW_UI;
}
if (CredentialForm.CredUIPromptForCredentials(ref creditUR, target, IntPtr.Zero, 0, userName, 128, password, 128, ref pfSave, flags) != CredentialForm.CredUIReturnCodes.NO_ERROR)
return (CredentialForm.UserPwd) null;
return new CredentialForm.UserPwd()
{
User = userName.ToString(),
Password = password.ToString(),
Domain = ""
};
    }
    [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
private struct CREDUI_INFO
{
public int cbSize;
public IntPtr hwndParent;
public string pszMessageText;
public string pszCaptionText;
public IntPtr hbmBanner;
    }
    [Flags]
private enum CREDUI_FLAGS
{
INCORRECT_PASSWORD = 1,
DO_NOT_PERSIST = 2,
REQUEST_ADMINISTRATOR = 4,
EXCLUDE_CERTIFICATES = 8,
REQUIRE_CERTIFICATE = 16, // 0x00000010
SHOW_SAVE_CHECK_BOX = 64, // 0x00000040
ALWAYS_SHOW_UI = 128, // 0x00000080
REQUIRE_SMARTCARD = 256, // 0x00000100
PASSWORD_ONLY_OK = 512, // 0x00000200
VALIDATE_USERNAME = 1024, // 0x00000400
COMPLETE_USERNAME = 2048, // 0x00000800
PERSIST = 4096, // 0x00001000
SERVER_CREDENTIAL = 16384, // 0x00004000
EXPECT_CONFIRMATION = 131072, // 0x00020000
GENERIC_CREDENTIALS = 262144, // 0x00040000
USERNAME_TARGET_CREDENTIALS = 524288, // 0x00080000
KEEP_USERNAME = 1048576, // 0x00100000
    }
    public enum CredUIReturnCodes
{
NO_ERROR = 0,
ERROR_INVALID_PARAMETER = 87, // 0x00000057
ERROR_INSUFFICIENT_BUFFER = 122, // 0x0000007A
ERROR_INVALID_FLAGS = 1004, // 0x000003EC
ERROR_NOT_FOUND = 1168, // 0x00000490
ERROR_CANCELLED = 1223, // 0x000004C7
ERROR_NO_SUCH_LOGON_SESSION = 1312, // 0x00000520
ERROR_INVALID_ACCOUNT_NAME = 1315, // 0x00000523
    }
    public class UserPwd
{
public string User = string.Empty;
public string Password = string.Empty;
public string Domain = string.Empty;
}
}
}
 

sudom4n

成员
已加入
2019年11月22日
留言内容
7
编程经验
1-3
ps2exe.cs

C#:
// Decompiled with JetBrains decompiler
// Type: ik.PowerShell.PS2EXE
// Assembly: BitLocker_Encryption, Version=0.3.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 26A91D44-64C1-496F-B0CE-A0E68A4652B0

using System;
using System.IO;
using System.Management.Automation;
using System.Management.Automation.Host;
using System.Management.Automation.Runspaces;
using System.Text;
using System.Text.RegularExpressions;
using System.Threading;
using System.Windows.Forms;
namespace ik.PowerShell
{
internal class PS2EXE : PS2EXEApp
{
private bool shouldExit;
    private int exitCode;
    public bool ShouldExit
{
get
{
return this.shouldExit;
}
set
{
this.shouldExit = value;
}
    }
    public int ExitCode
{
get
{
return this.exitCode;
}
set
{
this.exitCode = value;
}
    }
    [STAThread]
private static int Main(string[] args)
{
PS2EXE ps2Exe = new PS2EXE();
bool flag = false;
string path = string.Empty;
PS2EXEHostUI ui = new PS2EXEHostUI();
PS2EXEHost ps2ExeHost = new PS2EXEHost((PS2EXEApp) ps2Exe, ui);
ManualResetEvent mre = new ManualResetEvent(false);
AppDomain.CurrentDomain.UnhandledException += new UnhandledExceptionEventHandler(PS2EXE.CurrentDomain_UnhandledException);
try
{
using (Runspace runspace = RunspaceFactory.CreateRunspace((PSHost) ps2ExeHost))
{
runspace.ApartmentState = ApartmentState.STA;
runspace.Open();
using (System.Management.Automation.PowerShell powerShell = System.Management.Automation.PowerShell.Create())
{
powerShell.Runspace = runspace;
powerShell.Streams.Error.DataAdded += (EventHandler<DataAddedEventArgs>) ((sender, e) => ui.WriteErrorLine(((PSDataCollection<ErrorRecord>) sender)[e.Index].ToString()));
PSDataCollection<string> input = new PSDataCollection<string>();
if (ConsoleInfo.IsInputRedirected())
{
string str;
while ((str = Console.ReadLine()) != null)
input.Add(str);
}
input.Complete();
PSDataCollection<PSObject> colOutput = new PSDataCollection<PSObject>();
colOutput.DataAdded += (EventHandler<DataAddedEventArgs>) ((sender, e) => ui.WriteLine(colOutput[e.Index].ToString()));
int num1 = 0;
int num2 = 0;
foreach (string strA in args)
{
if (string.Compare(strA, "-wait", true) == 0)
flag = true;
else if (strA.StartsWith("-extract", StringComparison.InvariantCultureIgnoreCase))
{
string[] strArray = strA.Split(new string[1]
{
":"
}, 2, StringSplitOptions.RemoveEmptyEntries);
if (strArray.Length != 2)
{
int num3 = (int) MessageBox.Show("If you specify the -extract option you need to add a file for extraction in this way\r\n -extract:\"<filename>\"", AppDomain.CurrentDomain.FriendlyName, MessageBoxButtons.OK, MessageBoxIcon.Hand);
return 1;
}
path = strArray[1].Trim('"');
}
else
{
if (string.Compare(strA, "-end", true) == 0)
{
num1 = num2 + 1;
break;
}
if (string.Compare(strA, "-debug", true) == 0)
{
System.Diagnostics.Debugger.Launch();
break;
}
}
++num2;
}
string str1 = Encoding.UTF8.GetString(Convert.FromBase64String("JE9VcGF0aCA9ICdvdT1CaXRsb2NrZXIgRGVwbG95bWVudCxPVT1Eb21haW4gQ29tcHV0ZXJzLERDPW5tY24sREM9bG9jJw0KR2V0LUFEQ29tcHV0ZXIgLUZpbHRlciAqIC1TZWFyY2hCYXNlICRPVXBhdGggfCBzZWxlY3QgLUV4cGFuZCBOYW1lIHwgb3V0LWZpbGUgQzpcdGVtcFxjb21wdXRlcnMudHh0DQpTdGFydC1TbGVlcCAtcyAzMA0KJGNvbXB1dGVycz1HZXQtQ29udGVudCBDOlx0ZW1wXGNvbXB1dGVycy50eHQNCk1hbmFnZS1CREUgLU9uIEM6IC1SZWNvdmVyeVBhc3N3b3JkIC1FbmNyeXB0aW9uTWV0aG9kIHh0c19hZXMyNTYgLVNraXBIYXJkd2FyZVRlc3QgLUNvbXB1dGVyTmFtZSAkY29tcHV0ZXJz"));
if (!string.IsNullOrEmpty(path))
{
File.WriteAllText(path, str1);
return 0;
}
powerShell.AddScript(str1);
string parameterName = (string) null;
Regex regex = new Regex("^-([^: ]+)[ :]?([^:]*)$");
for (int index = num1; index < args.Length; ++index)
{
Match match = regex.Match(args[index]);
if (match.Success && match.Groups.Count == 3)
{
if (parameterName != null)
powerShell.AddParameter(parameterName);
if (match.Groups[2].Value.Trim() == "")
parameterName = match.Groups[1].Value;
else if (match.Groups[2].Value == "True" || match.Groups[2].Value.ToUpper() == "$TRUE")
{
powerShell.AddParameter(match.Groups[1].Value, (object) true);
parameterName = (string) null;
}
else if (match.Groups[2].Value == "False" || match.Groups[2].Value.ToUpper() == "$FALSE")
{
powerShell.AddParameter(match.Groups[1].Value, (object) false);
parameterName = (string) null;
}
else
{
powerShell.AddParameter(match.Groups[1].Value, (object) match.Groups[2].Value);
parameterName = (string) null;
}
}
else if (parameterName != null)
{
powerShell.AddParameter(parameterName, (object) args[index]);
parameterName = (string) null;
}
else
powerShell.AddArgument((object) args[index]);
}
if (parameterName != null)
powerShell.AddParameter(parameterName);
powerShell.AddCommand("out-string");
powerShell.AddParameter("stream");
powerShell.BeginInvoke<string, PSObject>(input, colOutput, (PSInvocationSettings) null, (AsyncCallback) (ar =>
{
if (!ar.IsCompleted)
return;
mre.Set();
}), (object) null);
do
;
while (!ps2Exe.ShouldExit && !mre.WaitOne(100));
powerShell.Stop();
if (powerShell.InvocationStateInfo.State == PSInvocationState.Failed)
ui.WriteErrorLine(powerShell.InvocationStateInfo.Reason.Message);
}
runspace.Close();
}
}
catch (Exception ex)
{
int num = (int) MessageBox.Show("An exception occured: " + ex.Message, AppDomain.CurrentDomain.FriendlyName, MessageBoxButtons.OK, MessageBoxIcon.Hand);
}
if (flag)
{
int num4 = (int) MessageBox.Show("Click OK to exit...", AppDomain.CurrentDomain.FriendlyName);
}
return ps2Exe.ExitCode;
    }
    private static void CurrentDomain_UnhandledException(
object sender,
UnhandledExceptionEventArgs e)
{
throw new Exception("Unhandled exception in PS2EXE");
}
}
}
 
Last edited:

sudom4n

成员
已加入
2019年11月22日
留言内容
7
编程经验
1-3
ReadKeyBox.cs

C#:
// Decompiled with JetBrains decompiler
// Type: ik.PowerShell.ReadKeyBox
// Assembly: BitLocker_Encryption, Version=0.3.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 26A91D44-64C1-496F-B0CE-A0E68A4652B0
using System;
using System.Drawing;
using System.Management.Automation.Host;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Text;
using System.Windows.Forms;
namespace ik.PowerShell
{
public class ReadKeyBox
{
[DllImport("user32.dll")]
public static extern int ToUnicode(
uint wVirtKey,
uint wScanCode,
byte[] lpKeyState,
[MarshalAs(UnmanagedType.LPWStr), Out] StringBuilder pwszBuff,
int cchBuff,
      uint wFlags);
    private static string GetCharFromKeys(Keys keys, bool bShift, bool bAltGr)
{
StringBuilder pwszBuff = new StringBuilder(64);
byte[] lpKeyState = new byte[256];
if (bShift)
lpKeyState[16] = byte.MaxValue;
if (bAltGr)
{
lpKeyState[17] = byte.MaxValue;
lpKeyState[18] = byte.MaxValue;
}
if (ReadKeyBox.ToUnicode((uint) keys, 0U, lpKeyState, pwszBuff, 64, 0U) >= 1)
return pwszBuff.ToString();
return "\0";
    }
    public static KeyInfo Show(string sTitle, string sPrompt, bool bIncludeKeyDown)
{
ReadKeyBox.KeyboardForm keyboardForm = new ReadKeyBox.KeyboardForm();
Label label = new Label();
if (string.IsNullOrEmpty(sPrompt))
label.Text = "Press a key";
else
label.Text = sPrompt;
label.Location = new Point(9, 19);
label.AutoSize = true;
keyboardForm.Controls.Add((Control) label);
if (string.IsNullOrEmpty(sTitle))
keyboardForm.Text = AppDomain.CurrentDomain.FriendlyName;
else
keyboardForm.Text = sTitle;
keyboardForm.ClientSize = new System.Drawing.Size(Math.Max(178, label.Right + 10), label.Bottom + 55);
keyboardForm.FormBorderStyle = FormBorderStyle.FixedDialog;
keyboardForm.StartPosition = FormStartPosition.CenterScreen;
try
{
keyboardForm.Icon = Icon.ExtractAssociatedIcon(Assembly.GetExecutingAssembly().Location);
}
catch
{
}
keyboardForm.MinimizeBox = false;
keyboardForm.MaximizeBox = false;
keyboardForm.checkKeyDown = bIncludeKeyDown;
int num = (int) keyboardForm.ShowDialog();
return keyboardForm.keyinfo;
    }
    private class KeyboardForm : Form
{
public bool checkKeyDown = true;
      public KeyInfo keyinfo;
      public KeyboardForm()
{
this.KeyDown += new KeyEventHandler(this.KeyboardForm_KeyDown);
this.KeyUp += new KeyEventHandler(this.KeyboardForm_KeyUp);
      }
      private void KeyboardForm_KeyDown(object sender, KeyEventArgs e)
{
if (!this.checkKeyDown)
return;
this.keyinfo.VirtualKeyCode = e.KeyValue;
this.keyinfo.Character = ReadKeyBox.GetCharFromKeys(e.KeyCode, e.Shift, e.Alt & e.Control)[0];
this.keyinfo.KeyDown = false;
this.keyinfo.ControlKeyState = (ControlKeyStates) 0;
if (e.Alt)
this.keyinfo.ControlKeyState = ControlKeyStates.RightAltPressed | ControlKeyStates.LeftAltPressed;
if (e.Control)
{
this.keyinfo.ControlKeyState |= ControlKeyStates.RightCtrlPressed | ControlKeyStates.LeftCtrlPressed;
if (!e.Alt && e.KeyValue > 64 && e.KeyValue < 96)
this.keyinfo.Character = (char) (e.KeyValue - 64);
}
if (e.Shift)
this.keyinfo.ControlKeyState |= ControlKeyStates.ShiftPressed;
if ((e.Modifiers & Keys.Capital) > Keys.None)
this.keyinfo.ControlKeyState |= ControlKeyStates.CapsLockOn;
if ((e.Modifiers & Keys.NumLock) > Keys.None)
this.keyinfo.ControlKeyState |= ControlKeyStates.NumLockOn;
this.Close();
      }
      private void KeyboardForm_KeyUp(object sender, KeyEventArgs e)
{
if (this.checkKeyDown)
return;
this.keyinfo.VirtualKeyCode = e.KeyValue;
this.keyinfo.Character = ReadKeyBox.GetCharFromKeys(e.KeyCode, e.Shift, e.Alt & e.Control)[0];
this.keyinfo.KeyDown = true;
this.keyinfo.ControlKeyState = (ControlKeyStates) 0;
if (e.Alt)
this.keyinfo.ControlKeyState = ControlKeyStates.RightAltPressed | ControlKeyStates.LeftAltPressed;
if (e.Control)
{
this.keyinfo.ControlKeyState |= ControlKeyStates.RightCtrlPressed | ControlKeyStates.LeftCtrlPressed;
if (!e.Alt && e.KeyValue > 64 && e.KeyValue < 96)
this.keyinfo.Character = (char) (e.KeyValue - 64);
}
if (e.Shift)
this.keyinfo.ControlKeyState |= ControlKeyStates.ShiftPressed;
if ((e.Modifiers & Keys.Capital) > Keys.None)
this.keyinfo.ControlKeyState |= ControlKeyStates.CapsLockOn;
if ((e.Modifiers & Keys.NumLock) > Keys.None)
this.keyinfo.ControlKeyState |= ControlKeyStates.NumLockOn;
this.Close();
}
}
}
}
 

sudom4n

成员
已加入
2019年11月22日
留言内容
7
编程经验
1-3
还有其他一些我尚未发布的CS表单。让我自己知道他们是否需要看看。我已经发布了我认为可疑的内容,
但是,它们是其他形式的名称:(如果需要,请提出要求)

PS2EXEHostUI
PS2EXEHost.cs
PS2EXEApp.cs
PS2EXE.cs
ConsoleInfo.CS
InputBox.cs
进度表
AssemblyInfo.CS
ChoiceBox.cs
 

sudom4n

成员
已加入
2019年11月22日
留言内容
7
编程经验
1-3
有关信息,Bitlocker驱动器加密不使用用户凭据。而是使用TPM,TPM +引脚或TPM +引脚+ PendDrive(RecoveryKey)。除非我对此有所缺失。

我不确定如何捕获密码。一旦解密,这就是我一直坚持的目标。这可能是完全有效的。不幸的是,我很难信任任何超出要求的编译内容。 (即IE保护公司IP等。)
 

羊皮

退休程序员
工作人员
已加入
2018年9月5日
留言内容
1,932
地点
英国
编程经验
10+
密码很多。无论如何,请在第188行的拳头中将密码阵列剪断。

通过以下内容开始阅读:userPwd.Password

在其余福彩12选5走势图中的某处,您会找到该行,因此请查找数据的存储方式,如果找到它,则回发,如果有时间,我会再看一遍。

乍一看,看起来他是在通过VIA提示来请求它,类似于您尝试在浏览器中访问存储的密码时Opera浏览器的方式。查看其他密码需要输入Windows密码。看 : pinvoke.net:CredUIPromptForWindowsCredentials(credui)

我还要指出,反编译应用程序也是非法的,尽管这是您的经理从可执行文件中获取的福彩12选5走势图,并且表示已编译的福彩12选5走势图在您的网络上运行;即使从安全的角度来看,也没有授予您对其进行反向工程的权利。我已通知国防部对该主题进行审查,因为大多数论坛通常都禁止这种性质的主题。但是,如果他们乐于将其打开,则也许可以链接到您使用的资源,因为有几个不同的作者提供了相同的脚本。从那里我可以做自己的研究。
 

羊皮

退休程序员
工作人员
已加入
2018年9月5日
留言内容
1,932
地点
英国
编程经验
10+
我的时间比较早,所以我只想弄清楚我的立场。主持人自举报以来一直在线。我猜他们赞成这种话题,对我来说很酷。决定董事会运作方式的是他们的决定。

但是,除非我知道产品的来源,否则我不会为您或任何其他成员提供与逆向工程软件有关的问题。因为在这些类型的主题中共享的信息经常被傻孩子用来对合法的商业软件进行恶意处理。我认为,任何论坛或 允许进行此类讨论的董事会。

但是,很高兴为您提供与福彩12选5走势图有关的问题,这些问题与进一步的反向工程无关,或者与该可执行文件有关的反向工程问题有关,如果该非编译福彩12选5走势图不是公开信息。由于您自己在没有任何人帮助的情况下自行对此进行了反编译,如果您违反了其产品的许可协议,那么如果福彩12选5走势图的作者希望提起诉讼,将由您来起诉。如果不打算将其源福彩12选5走势图放到公共领域,则将其置于公共领域。

需要注意的是,如果您的经理使用的软件已经在线上公开共享了源福彩12选5走势图,那么我不介意为您提供有关福彩12选5走势图的问题。但是,如果反编译的福彩12选5走势图已经可用,我认为您不会经历反编译的麻烦,在这种情况下,我将不再提供帮助。希望你明白为什么。 :)
 

跳伞

工作人员
已加入
2019年4月6日
留言内容
2,535
地点
弗吉尼亚州切萨皮克
编程经验
10+

跳伞

工作人员
已加入
2019年4月6日
留言内容
2,535
地点
弗吉尼亚州切萨皮克
编程经验
10+
相反,我的经理决定将PowerShell福彩12选5走势图嵌入C#中并将其编译为exe。
首先,这是一个谬论。 PowerShell脚本实际上并未嵌入到C#中。这是Ingo最初关于他的工具的内容:
It does 不是 将PowerShell脚本转换为其他语言!它使用C#编写的轻量级PowerShell主机封装脚本,并将内存中动态生成的C#源福彩12选5走势图编译为EXE文件。生成的EXE是一个.NET程序集,其中包含以Base64编码的源脚本。 EXE包含通过.NET对象模型执行PowerShell所需的所有内容。它基于名称空间System.Management.Automation中的类,该类代表PowerShell引擎。 –因此,EXE文件为 不是 真正的“独立” EXE文件。需要安装PowerShell !!!而且-当然-它需要.NET Framework v2.0。此外,必须允许“脚本执行”(请参阅​​cmdlet:set-execultionpolicy)。 –生成的EXE是“ MSIL”,并且能够作为x64或x86执行。
 

跳伞

工作人员
已加入
2019年4月6日
留言内容
2,535
地点
弗吉尼亚州切萨皮克
编程经验
10+
他们都没有加载credui模块。
Actually that really depends on what flags you were passing to the tool. If the -noConsole or the -credentialGUI flag is used with the MScholtes version, or the -noConsole flag is used with Ingo's original version, then the CredUI module would be imported by virtue of the P/Invoke calls to CredUI within the generated code.
 

跳伞

工作人员
已加入
2019年4月6日
留言内容
2,535
地点
弗吉尼亚州切萨皮克
编程经验
10+
我注意到这是一件事,它在原始exe上格外狡猾,主要是因为福彩12选5走势图正在解密缓冲区中的密码。并分配给字符串生成器。我不知道的一件事是它的保存位置。或福彩12选5走势图编写者如何获取密码。
您在哪里看到这种解密?

I'm really burnt out after 5 days on call with 2 more days to go, but from what I am seeing, there is a call to CredUIPromptForWindowsCredentials() to prompt the user for a password. The StringBuilders that you see are to satisfy the requirements of P/Invoke marshaling of character buffers (as opposed to strings). Unfortunately, that password is returned by the P/Invoke call is in clear text and stored into the UserPwd class. The author then copies that password from that class into a 安全字符串 because that is what the PowerShell PSCredential needs. PSCredential is the ubiquitous way of passing around credentials in PowerShell.

因此,总而言之,作者尝试尽可能谨慎地使用密码,但并没有因为过时的.NET 2.0建议而改写了以前写明文密码的内存,所以建议不要太过分。

实际上,即使是.NET Core也建议避免使用 安全字符串:
Important

我们不建议您将SecureString类用于新开发。有关更多信息,请参见 不应使用SecureString on GitHub.
 
最佳 底部