-
-
[旧帖]
[转帖]某横板3D格斗游戏秒杀+99连击+无伤(不是DNF)
0.00雪花
-
发表于:
2008-7-21 10:37
4550
-
[旧帖] [转帖]某横板3D格斗游戏秒杀+99连击+无伤(不是DNF)
0.00雪花
转自:unpack.cn
http://www.unpack.cn/viewthread.php?tid=27371&page=1&extra=page%3D1
#include<windows.h>
DWORD HookAddr_Hack=0x005ABC02;//Attack Event Handler
///////////////////
//X 0xE8
//Y 0xEC
//Z 0xF0
//
///////////////////
DWORD pHitter,HitterID,pHittee,HitteeID,REG_ESP,pEvent;
__declspec(naked) void Hack_Proxy()
{
__asm
{
mov eax,[esp+8]
mov pEvent,eax
pushad
pushfd
}
HitterID=*(DWORD *)(pEvent+0x24)//0x24 hitter ID;
HitteeID=*(DWORD *)(pEvent+0x28);//0x28 hittee ID
__asm
{
mov eax,0x47D070
call eax
push HitterID
mov ecx,eax
mov eax,0x54CBD0
call eax
mov pHitter,eax
mov eax,0x47D070
call eax
push HitteeID
mov ecx,eax
mov eax,0x54CBD0
call eax
mov pHittee,eax
}
if(!wcscmp((LPWSTR)(pHitter+0x48),L"RenYao"))//charactor name
{
*(DWORD*)(pEvent+0x38)=*(DWORD*)(pHittee+0x98);//0x98 Max HP
*(DWORD*)(pEvent+0x44)=0;//0x38 Hp Change Value 0x44 Hp Current Value
*(WORD*)(pEvent+0x88) =0x63;//0x88 Combo Number
}
else if(!wcscmp((LPWSTR)(pHittee+0x48),L"RenYao"))
{
*(DWORD*)(pEvent+0x38)=0;
*(DWORD*)(pEvent+0x44)=*(DWORD*)(pHittee+0x98);
}
__asm
{
popfd
popad
push 0x0069592F
push HookAddr_Hack
add dword ptr [esp],5
retn
}
}
void JmpHook(DWORD to,DWORD from)
{
char opcode[5]={0xe9,0,0,0,0};
DWORD exProtectFlag;
VirtualProtect((LPVOID)from,5,PAGE_EXECUTE_READWRITE,&exProtectFlag);
*(DWORD *)(opcode+1)=to-from-5;
WriteProcessMemory(GetCurrentProcess(),(LPVOID)from,opcode,5,NULL);
}
BOOL DllMain(HMODULE hModule,DWORD dwReason,LPVOID)
{
if(dwReason==DLL_PROCESS_ATTACH)
{
JmpHook((DWORD)Hack_Proxy,HookAddr_Hack);
}
return TRUE;
}
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
