-
-
[旧帖]
[转帖]某横板3D格斗游戏秒杀+99连击+无伤(不是DNF)
0.00雪花
-
发表于:
2008-7-21 10:37
4731
-
[旧帖] [转帖]某横板3D格斗游戏秒杀+99连击+无伤(不是DNF)
0.00雪花
转自:unpack.cn
649K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4g2F1M7r3q4U0K9#2)9J5k6h3y4F1i4K6u0r3N6X3W2W2N6%4c8Z5M7X3g2S2k6q4)9J5k6i4m8Z5M7q4)9K6c8Y4c8A6k6q4)9K6c8o6t1%4x3K6M7I4i4K6t1$3M7r3q4Y4k6g2)9K6c8o6q4Q4x3U0k6W2P5s2c8J5j5g2)9K6c8s2m8S2k6$3g2Q4x3U0f1K6c8o6p5`.
#include<windows.h>
DWORD HookAddr_Hack=0x005ABC02;//Attack Event Handler
///////////////////
//X 0xE8
//Y 0xEC
//Z 0xF0
//
///////////////////
DWORD pHitter,HitterID,pHittee,HitteeID,REG_ESP,pEvent;
__declspec(naked) void Hack_Proxy()
{
__asm
{
mov eax,[esp+8]
mov pEvent,eax
pushad
pushfd
}
HitterID=*(DWORD *)(pEvent+0x24)//0x24 hitter ID;
HitteeID=*(DWORD *)(pEvent+0x28);//0x28 hittee ID
__asm
{
mov eax,0x47D070
call eax
push HitterID
mov ecx,eax
mov eax,0x54CBD0
call eax
mov pHitter,eax
mov eax,0x47D070
call eax
push HitteeID
mov ecx,eax
mov eax,0x54CBD0
call eax
mov pHittee,eax
}
if(!wcscmp((LPWSTR)(pHitter+0x48),L"RenYao"))//charactor name
{
*(DWORD*)(pEvent+0x38)=*(DWORD*)(pHittee+0x98);//0x98 Max HP
*(DWORD*)(pEvent+0x44)=0;//0x38 Hp Change Value 0x44 Hp Current Value
*(WORD*)(pEvent+0x88) =0x63;//0x88 Combo Number
}
else if(!wcscmp((LPWSTR)(pHittee+0x48),L"RenYao"))
{
*(DWORD*)(pEvent+0x38)=0;
*(DWORD*)(pEvent+0x44)=*(DWORD*)(pHittee+0x98);
}
__asm
{
popfd
popad
push 0x0069592F
push HookAddr_Hack
add dword ptr [esp],5
retn
}
}
void JmpHook(DWORD to,DWORD from)
{
char opcode[5]={0xe9,0,0,0,0};
DWORD exProtectFlag;
VirtualProtect((LPVOID)from,5,PAGE_EXECUTE_READWRITE,&exProtectFlag);
*(DWORD *)(opcode+1)=to-from-5;
WriteProcessMemory(GetCurrentProcess(),(LPVOID)from,opcode,5,NULL);
}
BOOL DllMain(HMODULE hModule,DWORD dwReason,LPVOID)
{
if(dwReason==DLL_PROCESS_ATTACH)
{
JmpHook((DWORD)Hack_Proxy,HookAddr_Hack);
}
return TRUE;
}
[培训]科锐逆向工程师培训第53期2025年7月8日开班!
