引用:
|
作者anomaly
類似這樣
#define FUN \
{ \
__asm cmp ecx, 0x4000 \
__asm jnz NO_Trinity \
__asm push 0x1E \
__asm push offset STRS_TRINITY_Tutorial \
__asm lea ecx, [ebp-0x20] \
caddr = 0x004040E0; \
__asm call caddr \
}
呼叫的時候就打一個FUN
|
這樣寫 好像編不起來
我Hook是寫這樣的
代碼:
#define Trinity_Town \
{ \
__asm cmp ecx, 0x4000 \
__asm jnz NO_Trinity \
__asm push 0x1E \
__asm push offset STRS_TRINITY_Tutorial \
__asm lea ecx, [ebp-0x20] \
caddr = 0x004040E0; \
__asm call caddr \
.....
代碼:
void HookMain()
{
DWORD Target_Address;
DWORD Distance;
int SIZE;
// Trinity Town ----------------------------------------------------------------
Target_Address = 0x006A7871;
SIZE = 5;
// 計算跳轉距離
Distance = ((DWORD)Trinity_Town - (DWORD)Target_Address - SIZE);
// 寫入 Patch
*(reinterpret_cast<unsigned char*>(Target_Address)) = 0xE9;
Target_Address += 1 ;
*(reinterpret_cast<int*>(Target_Address)) = Distance;
// 分配讀寫保護
VirtualProtect((LPVOID)Target_Address, SIZE, PAGE_EXECUTE_READWRITE, &oldProtect);
(DWORD)Trinity_Town 變成有問題