VP壳授权Patch机器码源码
VP壳的机器码替换,手动的情况下比较简单,补丁需要找一个时机那么补丁的时机也挺多.附上自己写的例子,仅供参考.~~~~
#include "stdafx.h"
HANDLE g_handle = OpenProcess(PROCESS_ALL_ACCESS,FALSE,GetCurrentProcessId());
DWORD dwBaseAddr,macoffset=0x1BF80,shelloffset=0x2B5A9,jmpoffset = 0x2CCC0,JmpRet;
BYTE data = {
0x37, 0x37, 0x31, 0x30, 0x37, 0x35, 0x42, 0x36, 0x31, 0x34, 0x36, 0x43,
0x42, 0x41, 0x37, 0x37, 0x42, 0x44, 0x31, 0x41, 0x42, 0x41, 0x46, 0x34,
0x41, 0x41, 0x35, 0x43, 0x44, 0x33, 0x33, 0x44};//机器码
BYTE data2 = {
0x90, 0xE9, 0x11, 0x17, 0x00, 0x00};//原始字节,还原Hook用
BOOL WriteMem(LPVOID addr,LPVOID data,DWORD lenth)//这里自己加个参数 数据大小吧
{
DWORD old;
VirtualProtectEx(g_handle,addr,1024,64,&old);
BOOL result = WriteProcessMemory(g_handle,addr,data,lenth,0);
VirtualProtectEx(g_handle,addr,1024,(DWORD)old,&old);
return result;
}
void inlineHook(void* MyBase, void* My_code)
{
DWORD old;
VirtualProtectEx(g_handle,MyBase,10,64,&old);
UCHAR Mycode = { 0xE9 };
*(INT*)(Mycode + 0x1) = (INT)My_code - (INT)MyBase - 0x5;
WriteProcessMemory(GetCurrentProcess(), MyBase, Mycode, 0x5, NULL);
VirtualProtectEx(g_handle,MyBase,10,(DWORD)old,&old);
}
void wMacp(){
JmpRet = dwBaseAddr+jmpoffset; //计算跳回地址
WriteMem((void*)(dwBaseAddr+0x1BF80),data,32);
WriteMem((void*)(dwBaseAddr+0x2B5A9),data2,6);//还原Hook
}
void _declspec(naked) PatchCode(){
__asm{
pushad
call wMacp
popad
jmp JmpRet
}
}
void SetPatch(){
inlineHook((void*)(dwBaseAddr+0x2B5A9),&PatchCode);
}
void _declspec(naked) Vp_GetBase(){
__asm{
push eax
mov eax,DWORD PTR SS:
mov dwBaseAddr,eax
pop eax
pushad
call SetPatch
popad
mov esp,ebp
pop ebp
ret 4
}
}
BOOL APIENTRY DllMain( HANDLE hModule,
DWORDdwReason,
LPVOID lpReserved
)
{
if (dwReason == DLL_PROCESS_ATTACH)
{
inlineHook((void*)0x600B04,&Vp_GetBase);
}
else if (dwReason == DLL_PROCESS_DETACH)
{
}
return TRUE;
return TRUE;
}~~~~ 感谢分享,观摩学习 能通杀1.9,2.0,2.1?楼主这个源码是针对哪个版本的?
感谢分享 感谢分享,观摩学习
页:
[1]