- 注册时间
- 2011-3-6
- 最后登录
- 1970-1-1
该用户从未签到
|
程序运行后.........游戏就会报错.........
1:函数不带参数注入的话,不会有任何问题,比如:攻击CALL,打坐CALL
2:函数带参数时,游戏就会出错,比如选怪CALL
我用的是DLL注入
//-------------------------------------------要注入的参数类别------------------------------------------
typedef struct ParamData
{
DWORD Param1;
DWORD Param2;
}ParamData,*Paramp;
//-----------------------------------------------选怪CALL---------------------------------------------------
void xuancall(LPVOID lParam)
{
ParamData *lp;
lp=(ParamData*)lParam;
DWORD ID=lp->Param1;
DWORD master;
master=0x5E2A2A0+4*ID;
_asm
{
mov edi,dword ptr [master]
mov ebp,0x12cd3c
mov eax,dword ptr [edi]
push 0
push 1
push 44d
mov ecx,edi
call dword ptr [eax+4]
mov edx,dword ptr [0x5e33ee0]
mov ecx,dword ptr [edi+0xc]
mov dword ptr [edx+0x1a30],ecx
mov eax,dword ptr [ebp+0xc]
mov cl,byte ptr [0x49f23d1]
mov esi,eax
mov esi,dword ptr [ebp+8]
mov ecx,dword ptr [master]
mov edx,dword ptr [ecx+8]
mov eax,dword ptr [ecx]
push 0
push 0
push 420
call dword ptr [eax+4]
}
}
//---------------------------------------注入部分-------------------------------------------
BOOL InsertDll(void *pfunc,DWORD dwID,DWORD Param1=0,DWORD Param2=0)
{
LPVOID ThreadAdd;
LPVOID ParamAddr;
HANDLE h_process=NULL;
ParamData pdata;
pdata.Param1=Param1;
pdata.Param2=Param2;
h_process=::OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_QUERY_INFORMATION | PROCESS_VM_WRITE,FALSE,dwID);
if(h_process==NULL)
{
::MessageBox(NULL,("打开进程失败!"),("提示"),MB_OK);
return FALSE;
}
ThreadAdd=::VirtualAllocEx(h_process,NULL,4096,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
ParamAddr=::VirtualAllocEx(h_process,NULL,sizeof(ParamData),MEM_COMMIT,PAGE_EXECUTE_READWRITE);
if(!ThreadAdd)
{
::MessageBox(NULL,("申请空间失败!"),("提示"),MB_OK);
return FALSE;
}
::WriteProcessMemory(h_process,ThreadAdd,pfunc,4096,NULL);
::WriteProcessMemory(h_process,ParamAddr,&pdata,sizeof(pdata),NULL);
HANDLE h_thread=::CreateRemoteThread(h_process,NULL,0,(LPTHREAD_START_ROUTINE)ThreadAdd,ParamAddr,0,NULL);
if(!h_thread)
{
::MessageBox(NULL,("远程注入失败!"),("提示"),MB_OK);
return FALSE;
}
::WaitForSingleObject(h_thread,INFINITE);
::VirtualFreeEx(h_process,ThreadAdd,4096,MEM_RELEASE);
::VirtualFreeEx(h_process,ParamAddr,sizeof(ParamData),MEM_RELEASE);
::CloseHandle(h_thread);
::CloseHandle(h_process);
return TRUE;
}
//------------------------------------------------调用部分-------------------------------------------
InsertDll(xuancall,g_ProcessID,guaiwu); //guaiwu是传入的怪物ID
有一点要说一下,就是不带参数CALL能成功调用
如:InsertDll(hitcall,g_ProcessID);
还有我用VC调试去更,发现是HANDLE h_thread=::CreateRemoteThread(h_process,NULL,0,(LPTHREAD_START_ROUTINE)ThreadAdd,ParamAddr,0,NULL);一句过不去
请高手们帮帮小弟我~~~吧! |
|