本人在学习写外挂,做为练习,写了一个exe,上面有一个按钮,按钮的功能就是显示一个窗体出来。代码如下:
void CTestgame2Dlg::OnButton2()
{
// TODO: Add your control notification handler code here
//AfxMessageBox("wangchao");
love* mylove = new love;
if (mylove->m_hWnd==0)
{
mylove->Create(IDD_DIALOG1);
}
mylove->ShowWindow(SW_SHOW);
//delete mylove;
}
反汇编,找到按钮的执行函数
00401460 . 6A FF push -1
00401462 . 68 4A1A4000 push testgame.00401A4A ; SE 句柄安装
00401467 . 64:A1 0000000>mov eax,dword ptr fs:[0]
0040146D . 50 push eax
0040146E . 64:8925 00000>mov dword ptr fs:[0],esp
00401475 . 51 push ecx
00401476 . 56 push esi
00401477 . 6A 60 push 60
00401479 . E8 FC020000 call <jmp.&MFC42.#823_operator new>
0040147E . 83C4 04 add esp,4
00401481 . 894424 04 mov dword ptr ss:[esp+4],eax
00401485 . 85C0 test eax,eax
00401487 . C74424 10 000>mov dword ptr ss:[esp+10],0
0040148F . 74 0D je short testgame.0040149E
00401491 . 6A 00 push 0
00401493 . 8BC8 mov ecx,eax
00401495 . E8 76000000 call testgame.00401510
0040149A . 8BF0 mov esi,eax
0040149C . EB 02 jmp short testgame.004014A0
0040149E > 33F6 xor esi,esi
004014A0 > 8B46 20 mov eax,dword ptr ds:[esi+20]
004014A3 . C74424 10 FFF>mov dword ptr ss:[esp+10],-1
004014AB . 85C0 test eax,eax
004014AD . 75 0E jnz short testgame.004014BD
004014AF . 6A 00 push 0
004014B1 . 68 81000000 push 81
004014B6 . 8BCE mov ecx,esi
004014B8 . E8 B7020000 call <jmp.&MFC42.#2086_CDialog::Create>
004014BD > 6A 05 push 5
004014BF . 8BCE mov ecx,esi
004014C1 . E8 A8020000 call <jmp.&MFC42.#6215_CWnd::ShowWindow>
004014C6 . 8B4C24 08 mov ecx,dword ptr ss:[esp+8]
004014CA . 5E pop esi
004014CB . 64:890D 00000>mov dword ptr fs:[0],ecx
004014D2 . 83C4 10 add esp,10
004014D5 . C3 retn
我对这个程序注入一个dll,用来call这个按钮
void mainfrom::OnButton1()
{
// TODO: Add your control notification handler code here
int addr =0x00401460;
__asm
{
call addr
}
}
但是一调用就出错。不知道怎么一回事情,那个大侠指点一下。
[课程]FART 脱壳王!加量不加价!FART作者讲授!
