- 注册时间
- 2011-8-8
- 最后登录
- 1970-1-1
该用户从未签到
|
头文件 FindCode.h
#pragma once
#include "Tlhelp32.h"
#define DNFEXE "你的进程名.exe"
//这里是找到的地址.定义为全局
extern DWORD UnitHook_Addr;
extern DWORD HpHook_Addr;
extern DWORD MpHook_Addr;
class FindCode
{
public:
FindCode(void);
DWORD FindAsmHex(CString HexStr);
private:
BOOL FindCode::HexToDec(LPCTSTR shex,int& idec);
MODULEENTRY32 GetModuleInfo(CString processName);
private:
DWORD TempFindAddr;
};
#include "StdAfx.h"
#include ".\findcode.h"
DWORD UnitHook_Addr=0;
DWORD HpHook_Addr=0;
DWORD MpHook_Addr=0;
FindCode::FindCode(void)
{
//调用方式
//得到遍历人物对像勾子地址
//006EB38F 8B4D EC mov ecx,dword ptr ss:[ebp-0x14]
UnitHook_Addr = FindAsmHex("8B4D??85C974??E8????????4B0F89????????8B46??83C6??56508D4D??E8????????8B46??5650E9????????8D4D??E8????????508D4D??E8");
MyDebug("遍历人物勾子:%08X",UnitHook_Addr);
HpHook_Addr=FindAsmHex("6A ?? 8B CE 8B F8 E8 ?? ?? ?? ?? 8B CE 8B D8 E8 ?? ?? ?? ?? 3B DF 89 45 ?? 7D ?? 83 F8 ?? 7C");
MyDebug("玩家血值勾子:%08X",HpHook_Addr);
MpHook_Addr=FindAsmHex("0x89 0x45 ?? 0x8B 0x06 0x8B 0xCE 0xFF 0x90 ?? ?? ?? ?? 0x8B 0xCE 0x89 0x45 ?? 0xE8 ");
MyDebug("玩家蓝值勾子:%08X",MpHook_Addr);
}
BOOL FindCode::HexToDec( LPCTSTR shex,int& idec)
{
int i,mid;
int len = lstrlen( shex );
if( len>8 ) return FALSE;
mid = 0; idec = 0;
for( i=0;i<len;i++ )
{
if( shex>='0'&&shex<='9' ) mid = shex-'0';
else if( shex>='a'&&shex<='f' ) mid = shex -'a' +10;
else if( shex>='A'&&shex<='F' ) mid = shex -'A' +10;
else return FALSE;
mid <<= ((len-i-1)<<2);
idec |= mid;
}
return TRUE;
}
DWORD FindCode::FindAsmHex(CString HexStr)
{
HexStr.Replace("??","CC");
HexStr.Replace("x","X");
HexStr.Replace("0X","");
HexStr.Replace(" ","");
int hexint;
int CmpCount=0;
BYTE FCode[1024];ZeroMemory(FCode,1024);
for(int i=0;i!=HexStr.GetLength();i=i+2)
{
HexToDec(HexStr.Mid(i,2),hexint);
FCode[i/2]=BYTE(hexint);
if (hexint!=0xCC)
{
CmpCount++;
}
}
int FindSize=HexStr.GetLength()/2;
DWORD pMemoryStart = (DWORD)GetModuleInfo(DNFEXE).modBaseAddr;
DWORD pMemoryEnd = pMemoryStart + GetModuleInfo(DNFEXE).modBaseSize;
DWORD Begin;
DWORD End;
int SemCode=0;
for(pMemoryStart; pMemoryStart <= pMemoryEnd; pMemoryStart += 1024)
{
Begin = pMemoryStart;
End = pMemoryStart + 1024;
for(Begin; Begin <= End; Begin += 1)
{
if ((Begin)==(pMemoryEnd-FindSize))
{
return 0;
}
SemCode=0;
for (int i=0;i!=FindSize;++i)
{
if (*(BYTE*)(Begin + i) == FCode)
{
SemCode++;
}
}
if (SemCode==CmpCount)
{
return Begin;
}
}
}
return 0;
}
MODULEENTRY32 FindCode::GetModuleInfo(CString processName)
{
MODULEENTRY32 me;
memset(&me,0,sizeof(me));
me.dwSize = sizeof(me);
HANDLE hsnapshot,modulhand;
//进程快照
hsnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
PROCESSENTRY32 processentry;
processentry.dwSize=sizeof(PROCESSENTRY32);
Process32First(hsnapshot,&processentry);
do
{
if (!_stricmp(processName,processentry.szExeFile))//对比字符串,忽略掉大小写
{
modulhand = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,processentry.th32ProcessID);
Module32First(modulhand,&me);
return me;
}
}
while(Process32Next(hsnapshot,&processentry));
return me;
} |
|