- 注册时间
- 2011-3-6
- 最后登录
- 1970-1-1
该用户从未签到
|
BOOL bCompare ( const BYTE* pData, const BYTE* bMask, const char* szMask )
{
for ( ;*szMask; ++szMask, ++pData, ++bMask )
{
if ( *szMask == 'x' && *pData != *bMask )
return 0;
}
return (*szMask) == NULL;
}
DWORD FindPattern ( DWORD dwStartAddress,DWORD dwSize, BYTE *bMask, char * szMask, int codeOffset, BOOL extract )
{
for ( DWORD i = 0; i < dwSize; i++ )
{
if ( this->bCompare((BYTE*)(dwStartAddress + i),bMask,szMask) )
{
if ( extract )
{
return *(DWORD*)(dwStartAddress+i+codeOffset);
} else {
return (DWORD)(dwStartAddress+i+codeOffset);
}
}
}
return NULL;
}
void __cdecl nReset ( void )
{
_asm pushad
_asm popad
}
void __cdecl nEndScene ( void )
{
_asm pushad
_asm popad
}
void __cdecl nDrawIndexedPrimitive ( void )
{
_asm pushad
_asm popad
}
static DWORD hHooking = NULL;
static DWORD hEndScene = NULL;
static DWORD hReset = NULL;
static DWORD hDrawIndexPrimtive = NULL;
typedef void ( WINAPI * EnterCriticalSection_t ) ( LPCRITICAL_SECTION lpCriticalSection );
EnterCriticalSection_t pEnterCriticalSection;
void WINAPI nEnterCriticalSection ( LPCRITICAL_SECTION lpCriticalSection )
{
_asm
{
MOV EAX, [EBP+0x4]
MOV hHooking, EAX
}
// EndScene
if ( hHooking == hEndScene )
{
__asm call [nEndScene]
}
//Reset
if ( hHooking == hReset )
{
__asm call [nReset]
}
// DIP
if ( hHooking == hDrawIndexPrimtive )
{
__asm call [nDrawIndexedPrimitive];
}
return pEnterCriticalSection(lpCriticalSection);
}
DWORD WINAPI Start ( LPVOID lpArg )
{
DWORD hD3D,hCriticalSection;
do
{
hD3D = (DWORD)GetModuleHandle("d3d9.dll");
Sleep(100);
} while(!hD3D);
MEMORY_BASIC_INFORMATION D3D9Info;
VirtualQuery((void*)(hD3D+0x1000),&D3D9Info,sizeof(D3D9Info));
hCriticalSection = tool->FindPattern((DWORD)D3D9Info.BaseAddress,D3D9Info.RegionSize,(PBYTE)"\x74\x07\x00\xFF\x15\x00\x00\x00\x00\x8D\x00\x00","xx?xx????x??",5,true);
if ( !hCriticalSection )
{
MessageBox(NULL,"Error Code (0)","Error",MB_ICONERROR);
exit(1);
}
if ( !hReset )
hReset = tool->FindPattern((DWORD)D3D9Info.BaseAddress,D3D9Info.RegionSize,(PBYTE)"\xFF\x15\x00\x00\x00\x00\x3B\x43\x20\x74\x1B\x8B\x46\x18\x85\xC0\x74\x07\x56","xx????xxxxxxxxxxxxx",0,false);// Win XP
if ( !hReset )
hReset = tool->FindPattern((DWORD)D3D9Info.BaseAddress,D3D9Info.RegionSize,(PBYTE)"\x57\xFF\x15\x00\x00\x00\x00\x8B\x45\x0C\x33\xF6\x39\x70\x20","xxx????xxxxxxxx",7,false);// Vista - Win7
if ( !hReset )
hReset = tool->FindPattern((DWORD)D3D9Info.BaseAddress,D3D9Info.RegionSize,(PBYTE)"\x33\xC9\x39\x4F\x20\x75\x79\x8D\x44\x24\x38\x89\x44\x24\x1C\x32\xC0\x8B\xDE","xxxxxxxxxxxxxxxxxxx",0,false);// Win 8.0
if ( !hReset )
hReset = tool->FindPattern((DWORD)D3D9Info.BaseAddress,D3D9Info.RegionSize,(PBYTE)"\x8B\xCE\xE8\x00\x00\x00\x00\x8B\x4E\x0C\x48\xF7\xD8","xxx????xxxxxx",0,false);// Win 8.1
if ( !hReset )
{
MessageBox(NULL,"Error Code (1)","Error",MB_ICONERROR);
exit(1);
}
if ( !hEndScene )
hEndScene = tool->FindPattern((DWORD)D3D9Info.BaseAddress,D3D9Info.RegionSize,(PBYTE)"\x57\xFF\x15\x00\x00\x00\x00\xF6\x46\x00\x00\x89\x5D\xFC\x75\x0E\x8B\x86\x00\x00\x00\x00\xA8\x01\xC6\x45\x00\x00\x75\x24","xxx????xx??xxxxxxx????xxxx??xx",7,false); // Win XP
if ( !hEndScene )
hEndScene = tool->FindPattern((DWORD)D3D9Info.BaseAddress,D3D9Info.RegionSize,(PBYTE)"\x57\xFF\x15\x00\x00\x00\x00\xE9\x00\x00\x00\x00\x39\x5F\x18\x74\x07\x57\xFF\x15\x00\x00\x00\x00\xB8\x00\x00\x00\x00\x8B\x4D\xF4\x64\x89\x0D\x00\x00\x00\x00\x59\x5F\x5E\x5B\x8B\xE5\x5D\xC2\x04\x00\x68\xAD\x06\x00\x00","xxx????x????xxxxxxxx????x????xxxxxx????xxxxxxxxxxxxx??",7,false); // Vista Win7
if ( !hEndScene )
hEndScene = tool->FindPattern((DWORD)D3D9Info.BaseAddress,D3D9Info.RegionSize,(PBYTE)"\x33\xC0\xE8\x00\x00\x00\x00\xC2\x04\x00\x8B\xDF\xEB\x8E\x53\xFF\x15\x00\x00\x00\x00\xEB\x90","xxx????xxxxxxxxxx????xx",21,false);// Win8 8.0 + 8.1
if ( !hEndScene )
{
MessageBox(NULL,"Error Code (2)","Error",MB_ICONERROR);
exit(1);
}
if ( !hDrawIndexPrimtive )
hDrawIndexPrimtive = tool->FindPattern((DWORD)D3D9Info.BaseAddress,D3D9Info.RegionSize,(PBYTE)"\x53\xFF\x15\x00\x00\x00\x00\xF6\x46\x00\x00\x89\x7D\xFC\x74\x24\x39\x7B\x18\x74\x07\x53\xFF\x15\x00\x00\x00\x00\xB8\x00\x00\x00\x00\x8B\x4D\xF4\x64\x89\x0D\x00\x00\x00\x00\x5F\x5E\x5B\x8B\xE5\x5D\xC2\x1C\x00","xxx????xx??xxxxxxxxxxxxx????x????xxxxxx????xxxxxxxxx",7,false);// Win XP
if ( !hDrawIndexPrimtive )
hDrawIndexPrimtive = tool->FindPattern((DWORD)D3D9Info.BaseAddress,D3D9Info.RegionSize,(PBYTE)"\x56\xFF\x15\x00\x00\x00\x00\xE9\x00\x00\x00\x00\x39\x5E\x18\x74\x07\x56\xFF\x15\x00\x00\x00\x00\xB8\x00\x00\x00\x00\x8B\x4D\xF4\x64\x89\x0D\x00\x00\x00\x00\x59\x5F\x5E\x5B\x8B\xE5\x5D\xC2\x1C\x00\x39\x9E\x00\x00\x00\x00","xxx????x????xxxxxxxx????x????xxxxxx????xxxxxxxxxxxx????",7,false);// Vista - Win7
if ( !hDrawIndexPrimtive )
hDrawIndexPrimtive = tool->FindPattern((DWORD)D3D9Info.BaseAddress,D3D9Info.RegionSize,(PBYTE)"\xE9\x00\x00\x00\x00\x00\xFF\x00\x00\x00\x00\x00\xE9\x00\x00\x00\x00\xC7\x45\x00\x00\x00\x00\x00\x8D\x4D\x00\xE8\x00\x00\x00\x00\xB8\x00\x00\x00\x00\xE9\x00\x00\x00\x00\x83\xBA\x00\x00\x00\x00\x00\x74\x00","x?????x?????x????xx?????xx?x????x????x????xx?????x?",12,false); // Win8 8.0 + 8.1
if ( !hDrawIndexPrimtive )
{
MessageBox(NULL,"Error Code (3)","Error",MB_ICONERROR);
exit(1);
}
if ( hReset && hEndScene && hDrawIndexPrimtive )
{
DWORD dwBack;
VirtualProtect((void*)(hCriticalSection),4,PAGE_EXECUTE_READWRITE,&dwBack);
pEnterCriticalSection = (EnterCriticalSection_t) *(DWORD*)(hCriticalSection);
*(DWORD*)(hCriticalSection) = (DWORD)nEnterCriticalSection;
VirtualProtect((void*)(hCriticalSection),4,dwBack,&dwBack);
return EXIT_SUCCESS;
}
return EXIT_FAILURE;
}
BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{
if( dwReason == DLL_PROCESS_ATTACH )
{
CreateThread(NULL,NULL,Start,NULL,NULL,NULL);
}
return TRUE;
} |
|
发表于 2015-6-26 09:09:51