// dllmain.cpp : 定义 DLL 应用程序的入口点。 #include "pch.h" static realSqNewClosure* MLnewclosure = NULL; uint32_t NewClosure(uint32_t v, void* f, int freeVarsCnt) { std::cout << std::endl; wchar_t* funcName; SQGetString(v, -1 - freeVarsCnt, &funcName); //if (funcName == L"sq_CreateAICharacter") //{ //wprintf(L"Funaddr:%s\t", f); //std::cout << f << std::endl; //} wprintf(L"Funname:%s\tAbli:%d\tFunAddr:0x%p", funcName, freeVarsCnt, f); return MLnewclosure(v, f, freeVarsCnt); } static SqPushStringFunc* MLSqPushString = NULL; uint32_t NewPushString(uint32_t v, wchar_t* f, int freeVarsCnt) { std::cout << std::endl; wprintf(L"Funname:%s\tAbli:%d\tFunAddr:0x%p", f, freeVarsCnt, f); return MLSqPushString(v, f, freeVarsCnt); } RecvPacks Cbuffer; void Tihuan(int a1,int a2, int a3 ,int a4 ,int a5 , unsigned int a6) { std::cout << a1 << std::endl; std::cout << a2 << std::endl; std::cout << a3 << std::endl; std::cout << a4 << std::endl; std::cout << a5 << std::endl; std::cout << a6 << std::endl; } int HOOK() { std::cout << u8"开始hook" << std::endl; if (MH_Initialize() != MH_OK)//初始化Hook { return 1; } if (MH_CreateHook((void*)0x1128910, &Tihuan, reinterpret_cast(&Cbuffer)) != MH_OK) { return 2; } // Enable the hook for MessageBoxW. if (MH_EnableHook((void*)0x1128910) != MH_OK) { return 3; } /* if (MH_CreateHook((void*)0x1358A60, &NewClosure, reinterpret_cast(&MLnewclosure)) != MH_OK) { return 2; } // Enable the hook for MessageBoxW. if (MH_EnableHook((void*)0x1358A60) != MH_OK) { return 3; } */ return 0; } void testcall() { } void LenheartThread(void) { // 下方写全局变量 static int Nut头地址; static int 属性头地址; static int 可开始执行判断; while (true) { Sleep(10); if (GetHook(0x1A5FB4C, "0x14+0x28+") == 6)可开始执行判断 = 1; if (可开始执行判断 == 1) { RegisterNut(); while (true) { Sleep(10); if (GetExeNutWrtNum(61) != 0 && Nut头地址 == 0)Nut头地址 = GetExeNutWrtNum(61); //if (GetExeNutWrtNum(61 != 0))属性头地址 = GetExeNutWrtNum(61); if (GetExeNutWrtNum(0) == 666) { std::cout << u8"写成功" << std::endl;; testcall(); SetExeNutWrtNum(0, 0); SetNutArrNum(Nut头地址 , 20, 0); } } } } } #include "inlinehook.h" inlinehook* TEA = nullptr; inlinehook* TEB = nullptr; void JMPre(int address) { _asm { pop ebp add esp, 0x00000004 ret } } void qubb(int a1,int a2,int a3) { _asm { push esi push edi pushfd cld mov ecx, dword ptr[ebp + 0x10] mov esi, dword ptr[ebp + 0x0c] mov edi, dword ptr[ebp + 0x08] rep movsb popfd pop edi pop esi } } void datec() { int ptrd; int packtype; int packlen; ptrd = 0; _asm { mov dword ptr[ebp - 0x04], ebx } //packtype = *(int*)(ptrd + 1); qubb(packtype,ptrd + 1, 2); qubb(packlen,ptrd + 3, 2); //packlen = *(int*)(ptrd + 3); } void hookadd() { _asm { pushad pushfd } datec(); _asm { popfd popad } _asm { mov ecx, dword ptr[ebp - 0x0000012c] } JMPre(7333970); } DWORD WINAPI MyThreadProc2(LPVOID pParam) { std::cout << u8"开始HOOK" << std::endl; TEA = new inlinehook(0x6FE84C, (int)hookadd); //修改地址 TEA->Motify_address(); return 0; } __declspec(dllexport) void Lenheart() { DWORD threadID; CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)LenheartThread, NULL, 0, &threadID); DWORD dwThreadId; HANDLE myThread2 = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)MyThreadProc2, NULL, 0, &dwThreadId); } BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: //HOOK(); Lenheart(); break; case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; }