动态内存补丁取血值 [代码]

Cheat Engine 里了. TUTORIAL 这个程序

/*
第6关的密码:098712

Path Code:
Code:00456D3F
E9 CC 91 00 00 90 90
对应的asm
jmp 0045ff10
nop
nop

Code:0045FF10
89 15 40 FF 45 00 89 10 A1 2C CC 45 00 90 E9 23 6E FF FF
mov [0045ff40],edx
mov [eax],edx
mov eax,[0045cc2c]
nop
jmp 00456d46

EAX存放地址:[0045ff40]

*/


BYTE code1[100]="\xE9\xCC\x91\x00\x00\x90\x90\x8B";
BYTE code2[100]="\x89\x15\x40\xFF\x45\x00\x89\x10\xA1\x2C\xCC\x45\x00\x90\xE9\x23\x6E\xFF\xFF";


	DWORD pid;
	DWORD ret;
	pid=getprocid("Tutorial.exe");
	if(!pid)
	{
	printf("Can't Find pid!\n");
	return ;
	}

	handle =OpenProcess(PROCESS_ALL_ACCESS|PROCESS_TERMINATE|
PROCESS_VM_OPERATION|PROCESS_VM_READ|
                            PROCESS_VM_WRITE,FALSE,pid);  //打开进程并得到读与权限
	 if(!handle)
	 {
		 printf("Open Process Fails!!Code(%d)",GetLastError());
		 return ;
	 }

//	printf("%d",strlen(code1));
	ret=WriteProcessMemory(handle,(LPVOID)0x00456D3F,code1,8,NULL);

	if(!ret)
	{
		printf("Write Memory 0x00456D3F Fails !!(%d)",GetLastError());
		return ;
	}

	ret=WriteProcessMemory(handle,(LPVOID)0x0045FF10,code2,19,NULL);
	if(!ret)
	{
		printf("Write Memory 0x0045FF10 Fails !!(%d)",GetLastError());
		return ;
	}

	printf("Success!!!");

[file=//attachments/month_200612/30_154021_zwo4PathCE.rar]Click to Download[/file]

发表评论

电子邮件地址不会被公开。 必填项已用*标注