动态内存补丁取血值 [代码]
Cheat Engine 里了. TUTORIAL 这个程序
/*
第6关的密码:098712
Path Code:
Code:00456D3F
E9 CC 91 00 00 90 90
对应的asm
jmp 0045ff10
nop
nop
Code:0045FF10
89 15 40 FF 45 00 89 10 A1 2C CC 45 00 90 E9 23 6E FF FF
mov [0045ff40],edx
mov [eax],edx
mov eax,[0045cc2c]
nop
jmp 00456d46
EAX存放地址:[0045ff40]
*/
[code]
BYTE code1[100]=”\xE9\xCC\x91\x00\x00\x90\x90\x8B”;
BYTE code2[100]=”\x89\x15\x40\xFF\x45\x00\x89\x10\xA1\x2C\xCC\x45\x00\x90\xE9\x23\x6E\xFF\xFF”;
DWORD pid;
DWORD ret;
pid=getprocid(”Tutorial.exe”);
if(!pid)
{
printf(”Can’t Find pid!\n”);
return ;
}
handle =OpenProcess(PROCESS_ALL_ACCESS|PROCESS_TERMINATE|
PROCESS_VM_OPERATION|PROCESS_VM_READ|
PROCESS_VM_WRITE,FALSE,pid); //打开进程并得到读与权限
if(!handle)
{
printf(”Open Process Fails!!Code(%d)”,GetLastError());
return ;
}
// printf(”%d”,strlen(code1));
ret=WriteProcessMemory(handle,(LPVOID)0×00456D3F,code1,8,NULL);
if(!ret)
{
printf(”Write Memory 0×00456D3F Fails !!(%d)”,GetLastError());
return ;
}
ret=WriteProcessMemory(handle,(LPVOID)0×0045FF10,code2,19,NULL);
if(!ret)
{
printf(”Write Memory 0×0045FF10 Fails !!(%d)”,GetLastError());
return ;
}
printf(”Success!!!”);
[/code]
[file=attachments/month_200612/30_154021_zwo4PathCE.rar]Click to Download[/file]