|
|
|
[求助]关于模仿11对战平台war3改键所有英雄技能全部qwer实现
#include <stdio.h> #include <windows.h> #include <TlHelp32.h> DWORD GetWar3DllBase(char * dllName) { DWORD dwRet = 0; MODULEENTRY32 me32; HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); PROCESSENTRY32 pe32= {0}; pe32.dwSize = sizeof(PROCESSENTRY32); Process32First( hSnapshot, &pe32 ); do { if ( lstrcmpi( pe32.szExeFile, "War3.exe" ) == 0 ) { dwRet = pe32.th32ProcessID; // War3Pid = dwRet; break; } printf("%s\n", pe32.szExeFile); } while ( Process32Next( hSnapshot, &pe32 ) ); CloseHandle(hSnapshot); hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE,dwRet); me32.dwSize = sizeof(MODULEENTRY32); Module32First(hSnapshot,&me32); while(Module32Next(hSnapshot,&me32)) { if(lstrcmpi (me32.szModule, dllName) ==0) { return (DWORD)me32.hModule; } } return 0; } HANDLE GetWar3Handle() { HWND hWar3 = FindWindow(NULL, "WarCraft III"); DWORD dwPid = 0; GetWindowThreadProcessId(hWar3, &dwPid); if (dwPid) { HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, NULL, dwPid); return hProcess; } return NULL; } BOOL SetPrivilege(HANDLE hToken,LPCTSTR lpszPrivilege,BOOL bEnablePrivilege)//improve a privilege { TOKEN_PRIVILEGES tp; LUID luid; if(!LookupPrivilegeValue(NULL,lpszPrivilege,&luid)) { // printf("\nLookupPrivilegeValue error:%d", GetLastError() ); return false; } tp.PrivilegeCount = 1; tp.Privileges[0].Luid = luid; if (bEnablePrivilege) tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; else tp.Privileges[0].Attributes = 0; // Enable the privilege or disable all privileges. AdjustTokenPrivileges( hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES) NULL, (PDWORD) NULL); // Call GetLastError to determine whether the function succeeded. if (GetLastError() != ERROR_SUCCESS) { //printf("AdjustTokenPrivileges failed: %u\n", GetLastError() ); return false; } return true; } BOOL EnableDebugPrivilege() { BOOL bRet = FALSE; HANDLE hToken; if(OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&hToken)) { bRet = SetPrivilege(hToken,SE_DEBUG_NAME,true); CloseHandle (hToken); } return bRet; } HANDLE hWar3Process; DWORD dwGameBase; DWORD getDwordFromWar3(DWORD addr) { DWORD tmp,ret; ReadProcessMemory(hWar3Process, (PVOID)addr, &ret, 4, &tmp); return ret; } //24b 0xACBDD8 //24e 0xACBDD8 //26 0xAB4F80 VOID getKeybdLayout(DWORD *key) { key[0] = key[1] = key[2] = key[3] = 0; DWORD eax = getDwordFromWar3(0xAB4F80+dwGameBase); if (eax) { eax += 0x3C8; eax = getDwordFromWar3(eax); if (eax) { DWORD ecx = eax + 0x154; DWORD edi = getDwordFromWar3(ecx) + 8; for (int i=0; i<4; i++) { eax = edi; for (int j=0; j<3; j++) { DWORD esi = getDwordFromWar3(eax); esi = getDwordFromWar3(esi+i*4); if (esi&&getDwordFromWar3(esi+0x94)&&getDwordFromWar3(esi+0x138)) { DWORD ebp = getDwordFromWar3(esi+0x190); DWORD tmpkey = getDwordFromWar3(ebp+0x5AC); DWORD keyIndex = getDwordFromWar3(ebp+0x59C);//0x5ac-0x10 DWORD keyType = getDwordFromWar3(ebp+0x59C+4); if (keyType==2 && keyIndex>=0 && keyIndex<=3) { key[keyIndex] = tmpkey; } } eax += 0x10; } } } } } void main() { EnableDebugPrivilege(); hWar3Process = GetWar3Handle(); dwGameBase = GetWar3DllBase("game.dll"); if (dwGameBase&&hWar3Process) { DWORD key[4]; getKeybdLayout(key); for (int i=0; i<4; i++) { printf("Key_%d=%c\n", i, key[i]); } printf("\nok.\n"); } else { printf("cannot find game.dll\n"); } getchar(); } |
|
[求助]如何校验内存中的dll是否被篡改?
处理一下重定位就行了。 |
|
[求助]百思不得其解的DLL注入方式!!!
魔兽会扫描自己目录下的相关文件,然后加载 |
|
|
|
|
|
MD5解密高手吗?又有问题难信我了。
LZ用的5笔输入法 |
|
[原创]XX委机要室过了的加密算法
确实 一个人在这自言自语,没啥价值 |
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值