关于D3D注入受驱动保护的游戏 例如(DNF.exe)
目前我用的有2种方法 :1:替换游戏要加载的DLL 来达到注入自己DLL ,有些游戏有MD5校验文件 无法替换游戏目录的DLL , 只能替换系统目录的文件、
2:输入法注入,他游戏再怎么保护不可能不让打字吧! 自己写个输入法的IME文件 安装完给游戏发送个输入发消息
(WM_INPUTLANGCHANGEREQUEST),让他切换到你自己安装的输入法!
3:替换SPI文件 也是第一种方法 , 网络流传叫啥网络注入的!囧
library d3d8thk;
{这个编译出来的直接替换System32文件夹里的d3d8thk.dll}
uses
Windows;
{$R *.res}
var
ModHandle: Cardinal;
POldOsThunkD3dContextCreate: Pointer;
POldOsThunkD3dContextDestroy: Pointer;
POldOsThunkD3dContextDestroyAll: Pointer;
POldOsThunkD3dDrawPrimitives2: Pointer;
POldOsThunkD3dValidateTextureStageState: Pointer;
POldOsThunkDdAddAttachedSurface: Pointer;
POldOsThunkDdAlphaBlt: Pointer;
POldOsThunkDdAttachSurface: Pointer;
POldOsThunkDdBeginMoCompFrame: Pointer;
POldOsThunkDdBlt: Pointer;
POldOsThunkDdCanCreateD3DBuffer: Pointer;
POldOsThunkDdCanCreateSurface: Pointer;
POldOsThunkDdColorControl: Pointer;
POldOsThunkDdCreateD3DBuffer: Pointer;
POldOsThunkDdCreateDirectDrawObject: Pointer;
POldOsThunkDdCreateMoComp: Pointer;
POldOsThunkDdCreateSurface: Pointer;
POldOsThunkDdCreateSurfaceEx: Pointer;
POldOsThunkDdCreateSurfaceObject: Pointer;
POldOsThunkDdDeleteDirectDrawObject: Pointer;
POldOsThunkDdDeleteSurfaceObject: Pointer;
POldOsThunkDdDestroyD3DBuffer: Pointer;
POldOsThunkDdDestroyMoComp: Pointer;
POldOsThunkDdDestroySurface: Pointer;
POldOsThunkDdEndMoCompFrame: Pointer;
POldOsThunkDdFlip: Pointer;
POldOsThunkDdFlipToGDISurface: Pointer;
POldOsThunkDdGetAvailDriverMemory: Pointer;
POldOsThunkDdGetBltStatus: Pointer;
POldOsThunkDdGetDC: Pointer;
POldOsThunkDdGetDriverInfo: Pointer;
POldOsThunkDdGetDriverState: Pointer;
POldOsThunkDdGetDxHandle: Pointer;
POldOsThunkDdGetFlipStatus: Pointer;
POldOsThunkDdGetInternalMoCompInfo: Pointer;
POldOsThunkDdGetMoCompBuffInfo: Pointer;
POldOsThunkDdGetMoCompFormats: Pointer;
POldOsThunkDdGetMoCompGuids: Pointer;
POldOsThunkDdGetScanLine: Pointer;
POldOsThunkDdLock: Pointer;
POldOsThunkDdLockD3D: Pointer;
POldOsThunkDdQueryDirectDrawObject: Pointer;
POldOsThunkDdQueryMoCompStatus: Pointer;
POldOsThunkDdReenableDirectDrawObject: Pointer;
POldOsThunkDdReleaseDC: Pointer;
POldOsThunkDdRenderMoComp: Pointer;
POldOsThunkDdResetVisrgn: Pointer;
POldOsThunkDdSetColorKey: Pointer;
POldOsThunkDdSetExclusiveMode: Pointer;
POldOsThunkDdSetGammaRamp: Pointer;
POldOsThunkDdSetOverlayPosition: Pointer;
POldOsThunkDdUnattachSurface: Pointer;
POldOsThunkDdUnlock: Pointer;
POldOsThunkDdUnlockD3D: Pointer;
POldOsThunkDdUpdateOverlay: Pointer;
POldOsThunkDdWaitForVerticalBlank: Pointer;
procedure OsThunkD3dContextCreate; asm jmp POldOsThunkD3dContextCreate end;
procedure OsThunkD3dContextDestroy; asm jmp POldOsThunkD3dContextDestroy end;
procedure OsThunkD3dContextDestroyAll; asm jmp POldOsThunkD3dContextDestroyAll end;
procedure OsThunkD3dDrawPrimitives2; asm jmp POldOsThunkD3dDrawPrimitives2 end;
procedure OsThunkD3dValidateTextureStageState; asm jmp POldOsThunkD3dValidateTextureStageState end;
procedure OsThunkDdAddAttachedSurface; asm jmp POldOsThunkDdAddAttachedSurface end;
procedure OsThunkDdAlphaBlt; asm jmp POldOsThunkDdAlphaBlt end;
procedure OsThunkDdAttachSurface; asm jmp POldOsThunkDdAttachSurface end;
procedure OsThunkDdBeginMoCompFrame; asm jmp POldOsThunkDdBeginMoCompFrame end;
procedure OsThunkDdBlt; asm jmp POldOsThunkDdBlt end;
procedure OsThunkDdCanCreateD3DBuffer; asm jmp POldOsThunkDdCanCreateD3DBuffer end;
procedure OsThunkDdCanCreateSurface; asm jmp POldOsThunkDdCanCreateSurface end;
procedure OsThunkDdColorControl; asm jmp POldOsThunkDdColorControl end;
procedure OsThunkDdCreateD3DBuffer; asm jmp POldOsThunkDdCreateD3DBuffer end;
procedure OsThunkDdCreateDirectDrawObject; asm jmp POldOsThunkDdCreateDirectDrawObject end;
procedure OsThunkDdCreateMoComp; asm jmp POldOsThunkDdCreateMoComp end;
procedure OsThunkDdCreateSurface; asm jmp POldOsThunkDdCreateSurface end;
procedure OsThunkDdCreateSurfaceEx; asm jmp POldOsThunkDdCreateSurfaceEx end;
procedure OsThunkDdCreateSurfaceObject; asm jmp POldOsThunkDdCreateSurfaceObject end;
procedure OsThunkDdDeleteDirectDrawObject; asm jmp POldOsThunkDdDeleteDirectDrawObject end;
procedure OsThunkDdDeleteSurfaceObject; asm jmp POldOsThunkDdDeleteSurfaceObject end;
procedure OsThunkDdDestroyD3DBuffer; asm jmp POldOsThunkDdDestroyD3DBuffer end;
procedure OsThunkDdDestroyMoComp; asm jmp POldOsThunkDdDestroyMoComp end;
procedure OsThunkDdDestroySurface; asm jmp POldOsThunkDdDestroySurface end;
procedure OsThunkDdEndMoCompFrame; asm jmp POldOsThunkDdEndMoCompFrame end;
procedure OsThunkDdFlip; asm jmp POldOsThunkDdFlip end;
procedure OsThunkDdFlipToGDISurface; asm jmp POldOsThunkDdFlipToGDISurface end;
procedure OsThunkDdGetAvailDriverMemory; asm jmp POldOsThunkDdGetAvailDriverMemory end;
procedure OsThunkDdGetBltStatus; asm jmp POldOsThunkDdGetBltStatus end;
procedure OsThunkDdGetDC; asm jmp POldOsThunkDdGetDC end;
procedure OsThunkDdGetDriverInfo; asm jmp POldOsThunkDdGetDriverInfo end;
procedure OsThunkDdGetDriverState; asm jmp POldOsThunkDdGetDriverState end;
procedure OsThunkDdGetDxHandle; asm jmp POldOsThunkDdGetDxHandle end;
procedure OsThunkDdGetFlipStatus; asm jmp POldOsThunkDdGetFlipStatus end;
procedure OsThunkDdGetInternalMoCompInfo; asm jmp POldOsThunkDdGetInternalMoCompInfo end;
procedure OsThunkDdGetMoCompBuffInfo; asm jmp POldOsThunkDdGetMoCompBuffInfo end;
procedure OsThunkDdGetMoCompFormats; asm jmp POldOsThunkDdGetMoCompFormats end;
procedure OsThunkDdGetMoCompGuids; asm jmp POldOsThunkDdGetMoCompGuids end;
procedure OsThunkDdGetScanLine; asm jmp POldOsThunkDdGetScanLine end;
procedure OsThunkDdLock; asm jmp POldOsThunkDdLock end;
procedure OsThunkDdLockD3D; asm jmp POldOsThunkDdLockD3D end;
procedure OsThunkDdQueryDirectDrawObject; asm jmp POldOsThunkDdQueryDirectDrawObject end;
procedure OsThunkDdQueryMoCompStatus; asm jmp POldOsThunkDdQueryMoCompStatus end;
procedure OsThunkDdReenableDirectDrawObject; asm jmp POldOsThunkDdReenableDirectDrawObject end;
procedure OsThunkDdReleaseDC; asm jmp POldOsThunkDdReleaseDC end;
procedure OsThunkDdRenderMoComp; asm jmp POldOsThunkDdRenderMoComp end;
procedure OsThunkDdResetVisrgn; asm jmp POldOsThunkDdResetVisrgn end;
procedure OsThunkDdSetColorKey; asm jmp POldOsThunkDdSetColorKey end;
procedure OsThunkDdSetExclusiveMode; asm jmp POldOsThunkDdSetExclusiveMode end;
procedure OsThunkDdSetGammaRamp; asm jmp POldOsThunkDdSetGammaRamp end;
procedure OsThunkDdSetOverlayPosition; asm jmp POldOsThunkDdSetOverlayPosition end;
procedure OsThunkDdUnattachSurface; asm jmp POldOsThunkDdUnattachSurface end;
procedure OsThunkDdUnlock; asm jmp POldOsThunkDdUnlock end;
procedure OsThunkDdUnlockD3D; asm jmp POldOsThunkDdUnlockD3D end;
procedure OsThunkDdUpdateOverlay; asm jmp POldOsThunkDdUpdateOverlay end;
procedure OsThunkDdWaitForVerticalBlank; asm jmp POldOsThunkDdWaitForVerticalBlank end;
procedure MyCode();
begin
//这里写你的代码
end;
exports
OsThunkD3dContextCreate,
OsThunkD3dContextDestroy,
OsThunkD3dContextDestroyAll,
OsThunkD3dDrawPrimitives2,
OsThunkD3dValidateTextureStageState,
OsThunkDdAddAttachedSurface,
OsThunkDdAlphaBlt,
OsThunkDdAttachSurface,
OsThunkDdBeginMoCompFrame,
OsThunkDdBlt,
OsThunkDdCanCreateD3DBuffer,
OsThunkDdCanCreateSurface,
OsThunkDdColorControl,
OsThunkDdCreateD3DBuffer,
OsThunkDdCreateDirectDrawObject,
OsThunkDdCreateMoComp,
OsThunkDdCreateSurface,
OsThunkDdCreateSurfaceEx,
OsThunkDdCreateSurfaceObject,
OsThunkDdDeleteDirectDrawObject,
OsThunkDdDeleteSurfaceObject,
OsThunkDdDestroyD3DBuffer,
OsThunkDdDestroyMoComp,
OsThunkDdDestroySurface,
OsThunkDdEndMoCompFrame,
OsThunkDdFlip,
OsThunkDdFlipToGDISurface,
OsThunkDdGetAvailDriverMemory,
OsThunkDdGetBltStatus,
OsThunkDdGetDC,
OsThunkDdGetDriverInfo,
OsThunkDdGetDriverState,
OsThunkDdGetDxHandle,
OsThunkDdGetFlipStatus,
OsThunkDdGetInternalMoCompInfo,
OsThunkDdGetMoCompBuffInfo,
OsThunkDdGetMoCompFormats,
OsThunkDdGetMoCompGuids,
OsThunkDdGetScanLine,
OsThunkDdLock,
OsThunkDdLockD3D,
OsThunkDdQueryDirectDrawObject,
OsThunkDdQueryMoCompStatus,
OsThunkDdReenableDirectDrawObject,
OsThunkDdReleaseDC,
OsThunkDdRenderMoComp,
OsThunkDdResetVisrgn,
OsThunkDdSetColorKey,
OsThunkDdSetExclusiveMode,
OsThunkDdSetGammaRamp,
OsThunkDdSetOverlayPosition,
OsThunkDdUnattachSurface,
OsThunkDdUnlock,
OsThunkDdUnlockD3D,
OsThunkDdUpdateOverlay,
OsThunkDdWaitForVerticalBlank;
begin
ModHandle:= LoadLibrary('C:\WINDOWS\DRT.DLL');//这里是原来的 d3d8thk.dll 假设你施放到了C:\WINDOWS\DRT.DLL
if ModHandle > 0 then
begin
POldOsThunkD3dContextCreate:= GetProcAddress(ModHandle, 'OsThunkD3dContextCreate');
POldOsThunkD3dContextDestroy:= GetProcAddress(ModHandle, 'OsThunkD3dContextDestroy');
POldOsThunkD3dContextDestroyAll:= GetProcAddress(ModHandle, 'OsThunkD3dContextDestroyAll');
POldOsThunkD3dDrawPrimitives2:= GetProcAddress(ModHandle, 'OsThunkD3dDrawPrimitives2');
POldOsThunkD3dValidateTextureStageState:= GetProcAddress(ModHandle, 'OsThunkD3dValidateTextureStageState');
POldOsThunkDdAddAttachedSurface:= GetProcAddress(ModHandle, 'OsThunkDdAddAttachedSurface');
POldOsThunkDdAlphaBlt:= GetProcAddress(ModHandle, 'OsThunkDdAlphaBlt');
POldOsThunkDdAttachSurface:= GetProcAddress(ModHandle, 'OsThunkDdAttachSurface');
POldOsThunkDdBeginMoCompFrame:= GetProcAddress(ModHandle, 'OsThunkDdBeginMoCompFrame');
POldOsThunkDdBlt:= GetProcAddress(ModHandle, 'OsThunkDdBlt');
POldOsThunkDdCanCreateD3DBuffer:= GetProcAddress(ModHandle, 'OsThunkDdCanCreateD3DBuffer');
POldOsThunkDdCanCreateSurface:= GetProcAddress(ModHandle, 'OsThunkDdCanCreateSurface');
POldOsThunkDdColorControl:= GetProcAddress(ModHandle, 'OsThunkDdColorControl');
POldOsThunkDdCreateD3DBuffer:= GetProcAddress(ModHandle, 'OsThunkDdCreateD3DBuffer');
POldOsThunkDdCreateDirectDrawObject:= GetProcAddress(ModHandle, 'OsThunkDdCreateDirectDrawObject');
POldOsThunkDdCreateMoComp:= GetProcAddress(ModHandle, 'OsThunkDdCreateMoComp');
POldOsThunkDdCreateSurface:= GetProcAddress(ModHandle, 'OsThunkDdCreateSurface');
POldOsThunkDdCreateSurfaceEx:= GetProcAddress(ModHandle, 'OsThunkDdCreateSurfaceEx');
POldOsThunkDdCreateSurfaceObject:= GetProcAddress(ModHandle, 'OsThunkDdCreateSurfaceObject');
POldOsThunkDdDeleteDirectDrawObject:= GetProcAddress(ModHandle, 'OsThunkDdDeleteDirectDrawObject');
POldOsThunkDdDeleteSurfaceObject:= GetProcAddress(ModHandle, 'OsThunkDdDeleteSurfaceObject');
POldOsThunkDdDestroyD3DBuffer:= GetProcAddress(ModHandle, 'OsThunkDdDestroyD3DBuffer');
POldOsThunkDdDestroyMoComp:= GetProcAddress(ModHandle, 'OsThunkDdDestroyMoComp');
POldOsThunkDdDestroySurface:= GetProcAddress(ModHandle, 'OsThunkDdDestroySurface');
POldOsThunkDdEndMoCompFrame:= GetProcAddress(ModHandle, 'OsThunkDdEndMoCompFrame');
POldOsThunkDdFlip:= GetProcAddress(ModHandle, 'OsThunkDdFlip');
POldOsThunkDdFlipToGDISurface:= GetProcAddress(ModHandle, 'OsThunkDdFlipToGDISurface');
POldOsThunkDdGetAvailDriverMemory:= GetProcAddress(ModHandle, 'OsThunkDdGetAvailDriverMemory');
POldOsThunkDdGetBltStatus:= GetProcAddress(ModHandle, 'OsThunkDdGetBltStatus');
POldOsThunkDdGetDC:= GetProcAddress(ModHandle, 'OsThunkDdGetDC');
POldOsThunkDdGetDriverInfo:= GetProcAddress(ModHandle, 'OsThunkDdGetDriverInfo');
POldOsThunkDdGetDriverState:= GetProcAddress(ModHandle, 'OsThunkDdGetDriverState');
POldOsThunkDdGetDxHandle:= GetProcAddress(ModHandle, 'OsThunkDdGetDxHandle');
POldOsThunkDdGetFlipStatus:= GetProcAddress(ModHandle, 'OsThunkDdGetFlipStatus');
POldOsThunkDdGetInternalMoCompInfo:= GetProcAddress(ModHandle, 'OsThunkDdGetInternalMoCompInfo');
POldOsThunkDdGetMoCompBuffInfo:= GetProcAddress(ModHandle, 'OsThunkDdGetMoCompBuffInfo');
POldOsThunkDdGetMoCompFormats:= GetProcAddress(ModHandle, 'OsThunkDdGetMoCompFormats');
POldOsThunkDdGetMoCompGuids:= GetProcAddress(ModHandle, 'OsThunkDdGetMoCompGuids');
POldOsThunkDdGetScanLine:= GetProcAddress(ModHandle, 'OsThunkDdGetScanLine');
POldOsThunkDdLock:= GetProcAddress(ModHandle, 'OsThunkDdLock');
POldOsThunkDdLockD3D:= GetProcAddress(ModHandle, 'OsThunkDdLockD3D');
POldOsThunkDdQueryDirectDrawObject:= GetProcAddress(ModHandle, 'OsThunkDdQueryDirectDrawObject');
POldOsThunkDdQueryMoCompStatus:= GetProcAddress(ModHandle, 'OsThunkDdQueryMoCompStatus');
POldOsThunkDdReenableDirectDrawObject:= GetProcAddress(ModHandle, 'OsThunkDdReenableDirectDrawObject');
POldOsThunkDdReleaseDC:= GetProcAddress(ModHandle, 'OsThunkDdReleaseDC');
POldOsThunkDdRenderMoComp:= GetProcAddress(ModHandle, 'OsThunkDdRenderMoComp');
POldOsThunkDdResetVisrgn:= GetProcAddress(ModHandle, 'OsThunkDdResetVisrgn');
POldOsThunkDdSetColorKey:= GetProcAddress(ModHandle, 'OsThunkDdSetColorKey');
POldOsThunkDdSetExclusiveMode:= GetProcAddress(ModHandle, 'OsThunkDdSetExclusiveMode');
POldOsThunkDdSetGammaRamp:= GetProcAddress(ModHandle, 'OsThunkDdSetGammaRamp');
POldOsThunkDdSetOverlayPosition:= GetProcAddress(ModHandle, 'OsThunkDdSetOverlayPosition');
POldOsThunkDdUnattachSurface:= GetProcAddress(ModHandle, 'OsThunkDdUnattachSurface');
POldOsThunkDdUnlock:= GetProcAddress(ModHandle, 'OsThunkDdUnlock');
POldOsThunkDdUnlockD3D:= GetProcAddress(ModHandle, 'OsThunkDdUnlockD3D');
POldOsThunkDdUpdateOverlay:= GetProcAddress(ModHandle, 'OsThunkDdUpdateOverlay');
POldOsThunkDdWaitForVerticalBlank:= GetProcAddress(ModHandle, 'OsThunkDdWaitForVerticalBlank');
end;
MyCode; //加载完原DLL函数然后执行我们自定义代码
end.
没看懂。。
页:
[1]