- 注册时间
- 2011-10-9
- 最后登录
- 1970-1-1
该用户从未签到
|
mov ebx , 00000008h
mov ecx , 013C7FD0h //每次更新
mov ecx , dword ptr [ecx]
mov edi , dword ptr [ebx+ebp]
mov eax , dword ptr [edi]
mov ecx , dword ptr [ecx+00000044h]
mov edi , 013C7FD4h //每次更新
mov edi , dword ptr [edi]
shl eax , 02h
lea esi , dword ptr [eax+ecx]
xor esi , edi
xor esi , dword ptr [ebx+ebp+00000004h]
mov dword ptr [eax+ecx] , esi
这段代码用vc或Delphi的内嵌汇编写就可以了
DWORD WINAPI GetIntegerVar(DWORD _base, DWORD _p)
{
DWORD val;
__try {
DWORD enc_var = *(DWORD *)g_dwEnBase2;
DWORD mem_offset = *(DWORD *)(_base + _p) << 2;
DWORD mem_address1 = *(DWORD *)(*(DWORD *)g_dwEnBase1 + 0x44) + mem_offset;
val = *(DWORD *)mem_address1^mem_address1^enc_var;
}
__except ( EXCEPTION_EXECUTE_HANDLER ) {
val = 0;
}
return val;
}
VOID WINAPI SetIntegerVar(DWORD _base, DWORD _p, DWORD _val)
{
__try {
DWORD enc_var = *(DWORD *)g_dwEnBase2;
DWORD mem_offset = *(DWORD *)(_base + _p) << 2;
DWORD mem_address1 = *(DWORD *)(*(DWORD *)g_dwEnBase1 + 0x44) + mem_offset;
DWORD mem_address2 = *(DWORD *)(*(DWORD *)g_dwEnBase1 + 0x48) + mem_offset;
*(DWORD *)mem_address1 = _val^mem_address1^enc_var;
*(DWORD *)mem_address2 = _val^mem_address2^enc_var;
}
__except ( EXCEPTION_EXECUTE_HANDLER ) {
}
} |
|