[C++] 纯文本查看 复制代码 #include <windows.h>
#include <vector>
ObjectStruct *Player;
struct ObjectStruct {
char name[0x10];
};
void FindOffsets() {
DWORD *LocalPlayerPtr = NULL;
HANDLE handle = GetModuleHandle(NULL);
byte *start = (byte*)handle;
byte *end = (byte*)0x00900000;
byte LocalPlayerPattern[] = { 0xFF, 0x50, 0x10, 0x3B, 0x30, 0x74, 0x05, 0x5F, 0x32, 0xC0 };
/*
007123E4 FF50 10 CALL NEAR DWORD PTR DS:[EAX+0x10]
007123E7 3B30 CMP ESI, DWORD PTR DS:[EAX]
007123E9 74 05 JE SHORT Dumped.007123F0
007123EB 5F POP EDI
007123EC 32C0 XOR AL, AL
007123EE 5E POP ESI
007123EF C3 RETN
*/
/*
00861CA4 FF50 10 CALL NEAR DWORD PTR DS:[EAX+0x10]
00861CA7 3B30 CMP ESI, DWORD PTR DS:[EAX]
00861CA9 74 05 JE SHORT Dumped.00861CB0
00861CAB 5F POP EDI
00861CAC 32C0 XOR AL, AL
00861CAE 5E POP ESI
00861CAF C3 RETN
*/
while (start != end){
if (!memcmp(start, LocalPlayerPattern, sizeof(LocalPlayerPattern))){
LocalPlayerPtr = (DWORD*)(*(int*)(start - 0x1E));
printf("人物基址=0x%06X\n", LocalPlayerPtr);
Player = (ObjectStruct*)*LocalPlayerPtr;
}
if (LocalPlayerPtr )
{
return;
}
start++;
}
}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpReserved) {
switch (dwReason) {
case DLL_PROCESS_ATTACH:
AllocConsole();
SetConsoleTitleA("LOL 人物基址獲取");
FILE* fh;
freopen_s(&fh, "CONOUT$", "wb", stdout);
FindOffsets();
printf("當前玩家名稱=%s\n",Player->name);
//LocalPlayerPtr + 0x24 = 玩家名 文本型(text) 長度16
//LocalPlayerPtr + 0x18 = 當前團隊陣營 默認100(4字節)
// 修改0 隊友變敵人 敵人依然是敵人
// 修改200 隊友變敵人 敵人變隊友
// 各位大牛 用CE試試吧
// 期待各位大牛 找到其他偏移 嘎嘎
// 附CT一份 CE直接加載
case DLL_PROCESS_DETACH:
//FreeConsole();
;
}
}
League of Legends.CT.rar
(985 Bytes, 下载次数: 502)
| 
[复制链接]
发表于 2015-1-10 21:27
发表于 2015-1-10 21:32
