能力值:
( LV3,RANK:20 )
|
-
-
12 楼
#include "StdAfx.h"
#include <stdio.h>
#include "windows.h"
//#include <complex>
#define Naked __declspec( naked )
ULONG MaskTable[518] =
{
0x00004000, 0x00004000, 0x00004000, 0x00004000,
0x00008000, 0x00008000, 0x00000000, 0x00000000,
0x00004000, 0x00004000, 0x00004000, 0x00004000,
0x00008000, 0x00008000, 0x00000000, 0x00000000,
0x00004000, 0x00004000, 0x00004000, 0x00004000,
0x00008000, 0x00008000, 0x00000000, 0x00000000,
0x00004000, 0x00004000, 0x00004000, 0x00004000,
0x00008000, 0x00008000, 0x00000000, 0x00000000,
0x00004000, 0x00004000, 0x00004000, 0x00004000,
0x00008000, 0x00008000, 0x00000008, 0x00000000,
0x00004000, 0x00004000, 0x00004000, 0x00004000,
0x00008000, 0x00008000, 0x00000008, 0x00000000,
0x00004000, 0x00004000, 0x00004000, 0x00004000,
0x00008000, 0x00008000, 0x00000008, 0x00000000,
0x00004000, 0x00004000, 0x00004000, 0x00004000,
0x00008000, 0x00008000, 0x00000008, 0x00000000,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x00000000, 0x00000000, 0x00004000, 0x00004000,
0x00000008, 0x00000008, 0x00001008, 0x00000018,
0x00002000, 0x00006000, 0x00000100, 0x00004100,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x00000100, 0x00000100, 0x00000100, 0x00000100,
0x00000100, 0x00000100, 0x00000100, 0x00000100,
0x00000100, 0x00000100, 0x00000100, 0x00000100,
0x00000100, 0x00000100, 0x00000100, 0x00000100,
0x00004100, 0x00006000, 0x00004100, 0x00004100,
0x00004000, 0x00004000, 0x00004000, 0x00004000,
0x00004000, 0x00004000, 0x00004000, 0x00004000,
0x00004000, 0x00004000, 0x00004000, 0x00004000,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x00000000, 0x00000000, 0x00002002, 0x00000000,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x00000020, 0x00000020, 0x00000020, 0x00000020,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x00000100, 0x00002000, 0x00000000, 0x00000000,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x00000100, 0x00000100, 0x00000100, 0x00000100,
0x00000100, 0x00000100, 0x00000100, 0x00000100,
0x00002000, 0x00002000, 0x00002000, 0x00002000,
0x00002000, 0x00002000, 0x00002000, 0x00002000,
0x00004100, 0x00004100, 0x00000200, 0x00000000,
0x00004000, 0x00004000, 0x00004100, 0x00006000,
0x00000300, 0x00000000, 0x00000200, 0x00000000,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x00004000, 0x00004000, 0x00004000, 0x00004000,
0x00000100, 0x00000100, 0x00000000, 0x00000000,
0x00004000, 0x00004000, 0x00004000, 0x00004000,
0x00004000, 0x00004000, 0x00004000, 0x00004000,
0x00000100, 0x00000100, 0x00000100, 0x00000100,
0x00000100, 0x00000100, 0x00000100, 0x00000100,
0x00002000, 0x00002000, 0x00002002, 0x00000100,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x00000008, 0x00000000, 0x00000008, 0x00000008,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x00000000, 0x00000000, 0x00004000, 0x00004000,
0x00004000, 0x00004000, 0x00004000, 0x00004000,
0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0xFFFFFFFF,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0x00002000, 0x00002000, 0x00002000, 0x00002000,
0x00002000, 0x00002000, 0x00002000, 0x00002000,
0x00002000, 0x00002000, 0x00002000, 0x00002000,
0x00002000, 0x00002000, 0x00002000, 0x00002000,
0x00004000, 0x00004000, 0x00004000, 0x00004000,
0x00004000, 0x00004000, 0x00004000, 0x00004000,
0x00004000, 0x00004000, 0x00004000, 0x00004000,
0x00004000, 0x00004000, 0x00004000, 0x00004000,
0x00000000, 0x00000000, 0x00000000, 0x00004000,
0x00004100, 0x00004000, 0xFFFFFFFF, 0xFFFFFFFF,
0x00000000, 0x00000000, 0x00000000, 0x00004000,
0x00004100, 0x00004000, 0xFFFFFFFF, 0x00004000,
0x00004000, 0x00004000, 0x00004000, 0x00004000,
0x00004000, 0x00004000, 0x00004000, 0x00004000,
0xFFFFFFFF, 0xFFFFFFFF, 0x00004100, 0x00004000,
0x00004000, 0x00004000, 0x00004000, 0x00004000,
0x00004000, 0x00004000, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0x00000000, 0x00000000, 0x00000000, 0x00000000,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0x00000000, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
0xFFFFFFFF, 0xFFFFFFFF
};
Naked ULONG GetOpCodeSize_ASM_CODE(PVOID Start, PVOID Tlb)
{
__asm{
pushad
mov esi, [esp+24h]
mov ecx, [esp+28h]
xor edx, edx
xor eax, eax
L005:
and dl, 0F7h
mov al, [ecx]
inc ecx
or edx, [esi+eax*4h]
test dl, 8h
jnz L005
cmp al, 0F6h
je L035
cmp al, 0F7h
je L035
cmp al, 0CDh
je L040
cmp al, 0Fh
je L045
L019:
test dh, 80h
jnz L052
L021:
test dh, 40h
jnz L067
L023:
test dl, 20h
jnz L057
L025:
test dh, 20h
jnz L062
L027:
mov eax, ecx
sub eax, [esp+28h]
and edx, 707h
add al, dl
add al, dh
L032:
mov [esp+1Ch], eax
popad
retn
L035:
or dh, 40h
test byte ptr [ecx], 38h
jnz L019
or dh, 80h
jmp L019
L040:
or dh, 1h
cmp byte ptr [ecx], 20h
jnz L019
or dh, 4h
jmp L019
L045:
mov al, [ecx]
inc ecx
or edx, [esi+eax*4h+400h]
cmp edx, -1h
jnz L019
mov eax, edx
jmp L032
L052:
xor dh, 20h
test al, 1h
jnz L021
xor dh, 21h
jmp L021
L057:
xor dl, 2h
test dl, 10h
jnz L025
xor dl, 6h
jmp L025
L062:
xor dh, 2h
test dh, 10h
jnz L027
xor dh, 6h
jmp L027
L067:
mov al, [ecx]
inc ecx
mov ah, al
and ax, 0C007h
cmp ah, 0C0h
je L023
test dl, 10h
jnz L090
cmp al, 4h
jnz L080
mov al, [ecx]
inc ecx
and al, 7h
L080:
cmp ah, 40h
je L088
cmp ah, 80h
je L086
cmp ax, 5h
jnz L023
L086:
or dl, 4h
jmp L023
L088:
or dl, 1h
jmp L023
L090:
cmp ax, 6h
je L096
cmp ah, 40h
je L088
cmp ah, 80h
jnz L023
L096:
or dl, 2h
jmp L023
retn
}
}
ULONG GetOpCodeSize(PVOID Start)
{
__asm
{
push Start
push offset MaskTable
call GetOpCodeSize_ASM_CODE
add esp, 8
}
}
DWORD GetHookCodeLen(DWORD dwAddr, DWORD dwMinSize)
{
DWORD dwTotal =0;
while(TRUE)
{
DWORD dwTemp = GetOpCodeSize((void *)dwAddr);
dwTotal+=dwTemp;
if(dwTotal>=dwMinSize) break;
dwAddr+=dwTemp;
}
return dwTotal;
}
#pragma pack (push,1)
struct Hook_Patch_Jmp
{
BYTE byJmp;
DWORD JmpAddr;
};
typedef struct
{
BYTE byPushAD;
BYTE byPushFD;
DWORD dwPushESP;
WORD byOffsetESP;
BYTE byE8; //E8
DWORD dwMyHookAddr;
BYTE byFixEsp;
BYTE byPopFD;
BYTE byPopAD;
BYTE byNOP[20];
BYTE byPush;
DWORD dwCode;
BYTE byRet;
}ST_HOOK_CODE;
#pragma pack (pop)
BOOL _HookGame (DWORD _pGameAddr,DWORD _pHookFunAddr)
{
DWORD _offset = _pHookFunAddr - _pGameAddr;
DWORD _HookSize = GetHookCodeLen(_pGameAddr,5);
ST_HOOK_CODE * pNewHook=(ST_HOOK_CODE *) VirtualAlloc(NULL,sizeof(ST_HOOK_CODE),MEM_COMMIT, PAGE_EXECUTE_READWRITE);
Hook_Patch_Jmp _HookPatch;
_HookPatch.byJmp = 0xE9;
_HookPatch.JmpAddr = (DWORD)pNewHook - _pGameAddr - 5;
pNewHook->byPushAD = 0x60;
pNewHook->byPushFD = 0x9C;
pNewHook->dwPushESP = 0xC083C48B;//0x8BC483E8;
pNewHook->byOffsetESP = 0x5004;
pNewHook->byE8 = 0xE8;
pNewHook->dwMyHookAddr = (DWORD)_pHookFunAddr-(DWORD)(&pNewHook->byE8) -5; //CALL Hook函数地址
pNewHook->byFixEsp = 0x58;
pNewHook->byPopFD = 0x9D;
pNewHook->byPopAD = 0x61;
memset(pNewHook->byNOP,0x90,sizeof(pNewHook->byNOP));
pNewHook->byPush = 0x68;
pNewHook->dwCode = _pGameAddr+_HookSize;
pNewHook->byRet = 0xC3;
memcpy(pNewHook->byNOP,(void *)_pGameAddr,_HookSize);
MEMORY_BASIC_INFORMATION _mbi={0};
HANDLE hGameProc = GetCurrentProcess();
VirtualQueryEx(hGameProc,(BYTE *)_pGameAddr,&_mbi,sizeof(MEMORY_BASIC_INFORMATION));
VirtualProtectEx(hGameProc,_mbi.BaseAddress,0x8,PAGE_EXECUTE_READWRITE,&_mbi.Protect);
WriteProcessMemory(hGameProc,(BYTE *)_pGameAddr,&_HookPatch,sizeof(_HookPatch),NULL);
memset((BYTE *)_pGameAddr+5,0x90,_HookSize-5); //设置挂钩地址超过5字节指令为NOP
return TRUE;
}
|