菜鸟追风学习NP,这篇是瞎逛发现的,不知道对NP适不适用
,转来看雪分享。
附带个请求,熟悉C和delphi的前辈能帮我翻译成delphi的吗?有几处语法不明白,C++还停留在概念上。。。虽然感觉有点不劳而获先SORRY了。
//---------------------------------------------------------------------------
#ifndef ApiHelperH
#define ApiHelperH
#include <windows.h>
//---------------------------------------------------------------------------
#define OS2000_F1 0x55
#define OS2000_F2 0x8b
#define OS2000_F3 0xec
#define OS2000_F4 0x56
#define OS2000_F5 0x8b
#define OS2000_2_F1 0x8b
#define OS2000_2_F2 0xc0
#define OS2000_2_F3 0x55
#define OS2000_2_F4 0x8b
#define OS2000_2_F5 0xec
#define OS98_F1 0xe8
#define OS98_F2 0x15
#define OS98_F3 0xf6
#define OS98_F4 0xff
#define OS98_F5 0xff
#define OSME_F1
#define OSME_F2
#define OSME_F3
#define OSME_F4
#define OSME_F5
#define OSXP_F1 0x8b
#define OSXP_F2 0xff
#define OSXP_F3 0x55
#define OSXP_F4 0x8b
#define OSXP_F5 0xec
typedef BOOL (WINAPI * SendMessageProc ) ( HWND hWnd, UINT value, WPARAM wp, LPARAM lp );
extern SendMessageProc _MySendMessage;
bool ProtectFunction();
//---------------------------------------------------------------------------
#endif
代码:
//---------------------------------------------------------------------------
#pragma hdrstop
#include "ApiHelper.h"
#include "Common.h"
#include "Log.h"
extern cLog * g_pLog;
SendMessageProc _MySendMessage;
SendMessageProc OldSendMessageFunc;
BYTE fnFuncEntry[255]; // 旧函数入口
//---------------------------------------------------------------------------
bool Func_2k()
{
DWORD pp = (DWORD) OldSendMessageFunc;
DWORD pp1 = (DWORD) _MySendMessage;
fnFuncEntry[7] = 0xe9; // jump 指令
int * p = (int*)(fnFuncEntry+8);
*p = pp - pp1 - 5;
#ifdef LOG
g_pLog->AddText( "// Protect function success....(Window2000)!" );
#endif
return true;
}
//---------------------------------------------------------------------------
bool Func_2k_2()
{
DWORD pp = (DWORD) OldSendMessageFunc;
DWORD pp1 = (DWORD) _MySendMessage;
fnFuncEntry[9] = 0xe9; // jump 指令
int * p = (int*)(fnFuncEntry+10);
*p = pp - pp1 - 5;
#ifdef LOG
g_pLog->AddText( "// Protect function success....(Window2000 V20050603)!" );
#endif
return true;
}
//---------------------------------------------------------------------------
bool Func_xp()
{
DWORD pp = (DWORD) OldSendMessageFunc;
DWORD pp1 = (DWORD) _MySendMessage;
fnFuncEntry[6] = 0xe9; // jump 指令
int * p = (int*)(fnFuncEntry+7);
*p = pp - pp1 - 5;
#ifdef LOG
g_pLog->AddText( "// Protect function success....(WindowsXP)!" );
#endif
return true;
}
//---------------------------------------------------------------------------
bool Func_98()
{
DWORD pp = (DWORD) OldSendMessageFunc;
DWORD pp1 = (DWORD) _MySendMessage;
int * p = (int*)(fnFuncEntry + 1 ); // 重新计算出call的位置
int offset = (DWORD)pp + *p + 5;
int jj = offset - pp1 - 5;
*p = jj;
offset = (DWORD)pp1 + *p + 5;
fnFuncEntry[5] = 0xe9; // 将后的面的指令改为一个jump
p = (int*) (fnFuncEntry + 6);
*p = pp - pp1 - 5;
#ifdef LOG
g_pLog->AddText( "// Protect function success....(Windows98)!" );
#endif
return true;
}
//---------------------------------------------------------------------------
bool ProtectFunction( )
{
HMODULE hInst = LoadLibrary( "User32.dll" );
OldSendMessageFunc = ( SendMessageProc ) GetProcAddress( hInst, "SendMessageA" );
if ( OldSendMessageFunc == NULL )
{
MessageBox( NULL, "Protect Win32 function failed.", "Warning", MB_OK );
return false;
}
memcpy( fnFuncEntry, (BYTE*)OldSendMessageFunc, 50 );
if ( fnFuncEntry[0] == 0xE9 ) // 发现已经修改过的指令
{
MessageBox( NULL, "Protect Win32 function failed.(pls reset lineage client)", "Warning", MB_OK );
return false;
}
DWORD dwAddress = reinterpret_cast<DWORD>(fnFuncEntry);
_MySendMessage = (SendMessageProc)dwAddress;
// ----------------- 2000 判断
if ( (fnFuncEntry[0] == OS2000_F1) &&
(fnFuncEntry[1] == OS2000_F2) &&
(fnFuncEntry[2] == OS2000_F3) &&
(fnFuncEntry[3] == OS2000_F4) &&
(fnFuncEntry[4] == OS2000_F5) )
{
return Func_2k();
}
// ----------------- 2000 判断 v2
if ( (fnFuncEntry[0] == OS2000_2_F1) &&
(fnFuncEntry[1] == OS2000_2_F2) &&
(fnFuncEntry[2] == OS2000_2_F3) &&
(fnFuncEntry[3] == OS2000_2_F4) &&
(fnFuncEntry[4] == OS2000_2_F5) )
{
return Func_2k_2();
}
// ----------------- 98 判断
if ( (fnFuncEntry[0] == OS98_F1) &&
(fnFuncEntry[1] == OS98_F2) &&
(fnFuncEntry[2] == OS98_F3) &&
(fnFuncEntry[3] == OS98_F4) &&
(fnFuncEntry[4] == OS98_F5) )
{
return Func_98();
}
// ----------------- xp 判断
if ( (fnFuncEntry[0] == OSXP_F1) &&
(fnFuncEntry[1] == OSXP_F2) &&
(fnFuncEntry[2] == OSXP_F3) &&
(fnFuncEntry[3] == OSXP_F4) &&
(fnFuncEntry[4] == OSXP_F5) )
{
return Func_xp();
}
MessageBox( NULL, "Your's os unprotected win32 api function.", "Warning", MB_OK );
return true;
}
//---------------------------------------------------------------------------
#pragma package(smart_init)
[课程]Android-CTF解题方法汇总!
