|
|
|
RADASM编译不通过
new.cpp(2) : error C2061: syntax error : identifier '_TCHAR' new.cpp(4) : error C2065: 'DWORD' : undeclared identifier new.cpp(4) : error C2146: syntax error : missing ';' before identifier 'dwSize' new.cpp(4) : error C2065: 'dwSize' : undeclared identifier new.cpp(5) : error C2065: 'PSYSTEM_HANDLE_INFORMATION' : undeclared identifier new.cpp(5) : error C2146: syntax error : missing ';' before identifier 'pmodule' new.cpp(5) : error C2065: 'pmodule' : undeclared identifier new.cpp(5) : error C2065: 'NULL' : undeclared identifier new.cpp(6) : error C2065: 'POBJECT_NAME_INFORMATION' : undeclared identifier new.cpp(6) : error C2146: syntax error : missing ';' before identifier 'pNameInfo' new.cpp(6) : error C2065: 'pNameInfo' : undeclared identifier new.cpp(7) : error C2146: syntax error : missing ';' before identifier 'pNameType' new.cpp(7) : error C2065: 'pNameType' : undeclared identifier new.cpp(8) : error C2065: 'PVOID' : undeclared identifier new.cpp(8) : error C2146: syntax error : missing ';' before identifier 'pbuffer' new.cpp(8) : error C2065: 'pbuffer' : undeclared identifier new.cpp(9) : error C2065: 'NTSTATUS' : undeclared identifier new.cpp(9) : error C2146: syntax error : missing ';' before identifier 'Status' new.cpp(9) : error C2065: 'Status' : undeclared identifier new.cpp(11) : error C2146: syntax error : missing ';' before identifier 'dwFlags' new.cpp(11) : error C2065: 'dwFlags' : undeclared identifier new.cpp(15) : error C2065: 'ZwQuerySystemInformation' : undeclared identifier new.cpp(20) : error C2065: 'VirtualAlloc' : undeclared identifier new.cpp(20) : error C2065: 'MEM_COMMIT' : undeclared identifier new.cpp(20) : error C2065: 'PAGE_READWRITE' : undeclared identifier new.cpp(27) : error C2065: 'SystemHandleInformation' : undeclared identifier new.cpp(29) : error C2065: 'NT_SUCCESS' : undeclared identifier new.cpp(31) : error C2065: 'STATUS_INFO_LENGTH_MISMATCH' : undeclared identifier new.cpp(40) : error C2065: 'VirtualFree' : undeclared identifier new.cpp(40) : error C2065: 'MEM_RELEASE' : undeclared identifier new.cpp(64) : error C2065: 'PULONG' : undeclared identifier new.cpp(64) : error C2146: syntax error : missing ')' before identifier 'pbuffer' new.cpp(64) : error C2059: syntax error : ')' new.cpp(65) : error C2146: syntax error : missing ')' before identifier 'pbuffer' new.cpp(65) : error C2100: illegal indirection new.cpp(65) : error C2059: syntax error : ')' new.cpp(70) : error C2065: 'NtQueryObject' : undeclared identifier new.cpp(70) : error C2065: 'HANDLE' : undeclared identifier new.cpp(70) : error C2146: syntax error : missing ')' before identifier 'pmodule' new.cpp(70) : error C2059: syntax error : ')' new.cpp(77) : error C2146: syntax error : missing ')' before identifier 'pmodule' new.cpp(77) : error C2059: syntax error : ')' new.cpp(84) : error C2146: syntax error : missing ';' before identifier 'szName' new.cpp(85) : error C2146: syntax error : missing ';' before identifier 'szType' new.cpp(87) : error C2065: 'printf' : undeclared identifier new.cpp(90) : error C2065: 'wcscmp' : undeclared identifier new.cpp(90) : error C2065: 'wchar_t' : undeclared identifier new.cpp(90) : error C2059: syntax error : ')' new.cpp(91) : error C2143: syntax error : missing ';' before '{' new.cpp(92) : error C2065: 'wcsstr' : undeclared identifier new.cpp(92) : error C2059: syntax error : ')' new.cpp(93) : error C2143: syntax error : missing ';' before '{' new.cpp(94) : error C2065: 'CloseHandle' : undeclared identifier new.cpp(94) : error C2146: syntax error : missing ')' before identifier 'pmodule' new.cpp(94) : error C2059: syntax error : ')' |
|
RADASM编译不通过
编译出错提示: new.cpp(94) : error C2146: syntax error : missing ')' before identifier 'pmodule' new.cpp(94) : error C2059: syntax error : ')' |
|
RADASM编译不通过
/*功能函数体*/ int _tmain(int argc, _TCHAR* argv[]) { DWORD dwSize = 0; PSYSTEM_HANDLE_INFORMATION pmodule = NULL; POBJECT_NAME_INFORMATION pNameInfo; POBJECT_NAME_INFORMATION pNameType; PVOID pbuffer = NULL; NTSTATUS Status; int nIndex = 0; DWORD dwFlags = 0; char szType[128] = {0}; char szName[512] = {0}; if(!ZwQuerySystemInformation) { goto Exit0; } pbuffer = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); if(!pbuffer) { goto Exit0; } Status = ZwQuerySystemInformation(SystemHandleInformation, pbuffer, 0x1000, &dwSize); if(!NT_SUCCESS(Status)) { if (STATUS_INFO_LENGTH_MISMATCH != Status) { goto Exit0; } else { // 这里大家可以保证程序的正确性使用循环分配稍好 if (NULL != pbuffer) { VirtualFree(pbuffer, 0, MEM_RELEASE); } if (dwSize*2 > 0x4000000) // MAXSIZE { goto Exit0; } pbuffer = VirtualAlloc(NULL, dwSize*2, MEM_COMMIT, PAGE_READWRITE); if(!pbuffer) { goto Exit0; } Status = ZwQuerySystemInformation(SystemHandleInformation, pbuffer, dwSize*2, NULL); if(!NT_SUCCESS(Status)) { goto Exit0; } } } pmodule = (PSYSTEM_HANDLE_INFORMATION)((PULONG)pbuffer+1); dwSize = *((PULONG)pbuffer); for(nIndex = 0; nIndex < dwSize; nIndex++) { Status = NtQueryObject((HANDLE)pmodule[nIndex].Handle, ObjectNameInformation, szName, 512, &dwFlags); if (!NT_SUCCESS(Status)) { goto Exit0; } Status = NtQueryObject((HANDLE)pmodule[nIndex].Handle, ObjectTypeInformation, szType, 128, &dwFlags); if (!NT_SUCCESS(Status)) { goto Exit0; } pNameInfo = (POBJECT_NAME_INFORMATION)szName; pNameType = (POBJECT_NAME_INFORMATION)szType; printf("%wZ %wZ\n", pNameType, pNameInfo); // 匹配是否为需要关闭的句柄名称 if (0 == wcscmp((wchar_t *)pNameType->Name.Buffer, L"Mutant")) { if (wcsstr((wchar_t *)pNameInfo->Name.Buffer, CLOSEMUTEXNAME)) { CloseHandle((HANDLE)pmodule[nIndex].Handle); goto Exit0; } } } Exit0: if (NULL != pbuffer) { VirtualFree(pbuffer, 0, MEM_RELEASE); } return 0; } |
|
[求助][注意]怎么获取打开进程的句柄
invoke ShellExecute,hWnd, otype, faddr,NULL,NULL,offset sw ;open file 是这句出错,把SW当字符串处理了 |
|
[求助][注意]怎么获取打开进程的句柄
调用RADASM的时候显示错误信息如下: open.asm(106) : error A2006: undefined symbol : ShellExecute open.asm(107) : error A2008: syntax error : ! |
|
[求助]游戏不停地检测内核函数的字节码该如何过他的呢呢?
OD修改游戏,跳过检测字节码部分。 |
|
[求助]游戏多开难点
枚举系统handle? |
|
|
|
OD自动中断处理脚本
我自己写的部分代码(ollymachine脚本): /* 定位文件 取得下个指令地址eip 下断点 判断是否跳转 */ duandianstart: //得到程序的起始位置,保存到reg64中 mov reg64,eip //得到下一条代码地址,保存到reg63中 invoke getnextopaddr,reg64,1 cmp reg00,-1 je exitduandian mov reg63,reg00 //显示代码 sub reg63,reg64 invoke readmemlong,reg64,reg63 cmp reg00,-1 je exitduandian invoke printnum,reg00,16 //下断点 add reg63,reg64 invoke bp,reg63 cmp reg00,0 je exitduandian //执行程序 run //要求是否继续 invoke msgyn,"执行已中断" cmp reg00,0 je exitduandian //清除断点 invoke bc,reg63 cmp reg00,0 je exitduandian jmp duandianstart exitduandian: halt 主要是关于eob,run,halt的语法有些不清楚,ollymachine的说明文档没读明白 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值