level 7
![[乖]](/static/emoticons/u4e56.png)
![[笑眼]](/static/emoticons/u7b11u773c.png)
level 7
level 7
![[哈哈]](/static/emoticons/u54c8u54c8.png)
level 7
level 7
level 7
level 7
Timsqin
楼主
这里粗略讲下程序是怎样运行 #include<iostream> 就不讲了 理解为iostream.h这个头文件的函数都已经在程序里 主要讲下main的运行
首先 int c=0; 定义c为int型(整数)
c=add(1,2);这里分两部分 调用add()函数 这时就会跳到int add(int a,int b) 这个函数里 把1和2作为参数给int a和int b 这时a就是1 b就是2 然后执行函数体 int num=0;定义个num int型并赋值为0
然后num=a+b; 就是1+2然后赋值给num(右边开始读) 这是num就是3
return num;就是把这个3返回去主函数 这时主函数main里的c就是3
cout<<c<<endl;输出c到屏幕 换行
#include <iostream>
using namespace std;
int add(int a,int b)
{
int num=0;
num=a+b;
return num;
}
int main()
{
int c=0;
c=add(1,2);
cout<<c<<endl;
return 0;
}
2015年10月14日 16点10分
11
首先 int c=0; 定义c为int型(整数)
c=add(1,2);这里分两部分 调用add()函数 这时就会跳到int add(int a,int b) 这个函数里 把1和2作为参数给int a和int b 这时a就是1 b就是2 然后执行函数体 int num=0;定义个num int型并赋值为0
然后num=a+b; 就是1+2然后赋值给num(右边开始读) 这是num就是3
return num;就是把这个3返回去主函数 这时主函数main里的c就是3
cout<<c<<endl;输出c到屏幕 换行
#include <iostream>
using namespace std;
int add(int a,int b)
{
int num=0;
num=a+b;
return num;
}
int main()
{
int c=0;
c=add(1,2);
cout<<c<<endl;
return 0;
}
level 7
![[滑稽]](/static/emoticons/u6ed1u7a3d.png)
到了这里 我自己都忍不住要bb两句 说那么多干啥 快入正片
![[吐舌]](/static/emoticons/u5410u820c.png)
比如我就需要
level 7
![[阴险]](/static/emoticons/u9634u9669.png)
都6天了 还不更
level 7
Timsqin
楼主
因为要用到加密 为了方便调用 就写到头文件了 与第一节课不同 这里的读写内存函数 也做了个包装 放到头文件里 也是为了方便+美观 函数如下
dnf_code.h
//写内存
DWORD WriteMemory(DWORD Address,DWORD n,HANDLE hProcss)
{
WriteProcessMemory(hProcss, (LPVOID)Address, &n, sizeof(n), NULL);
return 0;
}
//读内存
DWORD ReadMemory(DWORD Address,HANDLE hProcss)
{
DWORD tmp=0;
ReadProcessMemory(hProcss, (LPCVOID)Address, &tmp, sizeof(tmp), NULL);
return tmp;
}
dnf_code.cpp //调用
WeadMemory(ENCODE_BASE_ADDRESS,hProcss);
ReadMemory(ENCODE_BASE_ADDRESS,hProcss);
2015年10月14日 16点10分
15
dnf_code.h
//写内存
DWORD WriteMemory(DWORD Address,DWORD n,HANDLE hProcss)
{
WriteProcessMemory(hProcss, (LPVOID)Address, &n, sizeof(n), NULL);
return 0;
}
//读内存
DWORD ReadMemory(DWORD Address,HANDLE hProcss)
{
DWORD tmp=0;
ReadProcessMemory(hProcss, (LPCVOID)Address, &tmp, sizeof(tmp), NULL);
return tmp;
}
dnf_code.cpp //调用
WeadMemory(ENCODE_BASE_ADDRESS,hProcss);
ReadMemory(ENCODE_BASE_ADDRESS,hProcss);
![[惊哭]](/static/emoticons/u60cau54ed.png)
level 7
level 7
![[汗]](/static/emoticons/u6c57.png)
level 7
Timsqin
楼主
下面放完整代码
dnf_code.h
#include <Windows.h>
//写内存
DWORD WriteMemory(DWORD Address,DWORD n,HANDLE hProcss)
{
WriteProcessMemory(hProcss, (LPVOID)Address, &n, sizeof(n), NULL);
return 0;
}
//读内存
DWORD ReadMemory(DWORD Address,HANDLE hProcss)
{
DWORD tmp=0;
ReadProcessMemory(hProcss, (LPCVOID)Address, &tmp, sizeof(tmp), NULL);//读取人物基址
return tmp;
}
//加密函数
int EnCode(DWORD Address, DWORD Data,HANDLE hProcss)
{
DWORD ENCODE_BASE_ADDRESS = 0x31A6558; //加密基址
DWORD ENCODE_PARAMETER1 = 0x02CED558; //加密参数1
DWORD ENCODE_PARAMETER2 = 0x02CED758; //加密参数2
DWORD DECODE_BASE_ADDRESS = 0x031A64F8; //解密基址
DWORD nEdi, nEcx, nEax, nEsi, nEdx, nSs;
nEcx = Address;
nEax = ReadMemory(ENCODE_BASE_ADDRESS,hProcss);
nEax += 1;
WriteMemory(ENCODE_BASE_ADDRESS, nEax,hProcss);
nEdx = nEax;
nEdx >>= 8;
nEdx <<= 24;
nEdx >>= 24;
nEdx = ReadMemory(nEdx * 2 + ENCODE_PARAMETER1,hProcss);
nEdx &= 0xFFFF;
nEax <<= 24;
nEax >>= 24;
nSs = ReadMemory(nEax * 2 + ENCODE_PARAMETER2,hProcss);
nSs &= 0xFFFF;
nEax = nEdx ^ nSs;
nEax &= 0xFFFF;
nEsi = Data;
nEdx = nEsi >> 16;
nSs = nEsi & 0xFFFF;
nEdx += nSs;
nEdi = nEdx ^ nEax;
nEdx = nEax;
nEax <<= 16;
nEax += nEdx;
nEsi = Data;
nEax ^= nEsi;
nEsi = Address + 4;
WriteMemory(nEsi, nEax,hProcss);
nEax = ReadMemory(Address,hProcss);
nEsi = ReadMemory(DECODE_BASE_ADDRESS,hProcss);
nEcx = nEdi;
nEcx <<= 16;
nEcx += nEdx;
nEdx = nEax;
nEdx >>= 16;
nEdx = ReadMemory(nEsi + nEdx * 4 + 36,hProcss);
nEax &= 0xFFFF;
WriteMemory(nEdx + nEax * 4 + 8468, nEcx,hProcss);
return 1;
}
//解密函数
int DeCode(DWORD Address,HANDLE hProcss)
{
DWORD DECODE_BASE_ADDRESS=0x031A64F8; //解密基址
DWORD nEax, nEsi, nEdx;
nEax = ReadMemory(Address,hProcss);
nEsi = ReadMemory(DECODE_BASE_ADDRESS,hProcss);
nEdx = nEax;
nEdx >>= 16;
nEdx = ReadMemory(nEsi + nEdx * 4 + 36,hProcss);
nEax &= 0xFFFF;
nEax = ReadMemory(nEdx + nEax * 4 + 8468,hProcss);
nEax &= 0xFFFF;
nEdx = nEax;
nEsi = nEdx;
nEsi <<= 16;
nEsi += nEdx;
nEdx = ReadMemory(Address + 4,hProcss);
nEax = nEsi ^ nEdx;
return nEax;
}
2015年10月14日 16点10分
19
dnf_code.h
#include <Windows.h>
//写内存
DWORD WriteMemory(DWORD Address,DWORD n,HANDLE hProcss)
{
WriteProcessMemory(hProcss, (LPVOID)Address, &n, sizeof(n), NULL);
return 0;
}
//读内存
DWORD ReadMemory(DWORD Address,HANDLE hProcss)
{
DWORD tmp=0;
ReadProcessMemory(hProcss, (LPCVOID)Address, &tmp, sizeof(tmp), NULL);//读取人物基址
return tmp;
}
//加密函数
int EnCode(DWORD Address, DWORD Data,HANDLE hProcss)
{
DWORD ENCODE_BASE_ADDRESS = 0x31A6558; //加密基址
DWORD ENCODE_PARAMETER1 = 0x02CED558; //加密参数1
DWORD ENCODE_PARAMETER2 = 0x02CED758; //加密参数2
DWORD DECODE_BASE_ADDRESS = 0x031A64F8; //解密基址
DWORD nEdi, nEcx, nEax, nEsi, nEdx, nSs;
nEcx = Address;
nEax = ReadMemory(ENCODE_BASE_ADDRESS,hProcss);
nEax += 1;
WriteMemory(ENCODE_BASE_ADDRESS, nEax,hProcss);
nEdx = nEax;
nEdx >>= 8;
nEdx <<= 24;
nEdx >>= 24;
nEdx = ReadMemory(nEdx * 2 + ENCODE_PARAMETER1,hProcss);
nEdx &= 0xFFFF;
nEax <<= 24;
nEax >>= 24;
nSs = ReadMemory(nEax * 2 + ENCODE_PARAMETER2,hProcss);
nSs &= 0xFFFF;
nEax = nEdx ^ nSs;
nEax &= 0xFFFF;
nEsi = Data;
nEdx = nEsi >> 16;
nSs = nEsi & 0xFFFF;
nEdx += nSs;
nEdi = nEdx ^ nEax;
nEdx = nEax;
nEax <<= 16;
nEax += nEdx;
nEsi = Data;
nEax ^= nEsi;
nEsi = Address + 4;
WriteMemory(nEsi, nEax,hProcss);
nEax = ReadMemory(Address,hProcss);
nEsi = ReadMemory(DECODE_BASE_ADDRESS,hProcss);
nEcx = nEdi;
nEcx <<= 16;
nEcx += nEdx;
nEdx = nEax;
nEdx >>= 16;
nEdx = ReadMemory(nEsi + nEdx * 4 + 36,hProcss);
nEax &= 0xFFFF;
WriteMemory(nEdx + nEax * 4 + 8468, nEcx,hProcss);
return 1;
}
//解密函数
int DeCode(DWORD Address,HANDLE hProcss)
{
DWORD DECODE_BASE_ADDRESS=0x031A64F8; //解密基址
DWORD nEax, nEsi, nEdx;
nEax = ReadMemory(Address,hProcss);
nEsi = ReadMemory(DECODE_BASE_ADDRESS,hProcss);
nEdx = nEax;
nEdx >>= 16;
nEdx = ReadMemory(nEsi + nEdx * 4 + 36,hProcss);
nEax &= 0xFFFF;
nEax = ReadMemory(nEdx + nEax * 4 + 8468,hProcss);
nEax &= 0xFFFF;
nEdx = nEax;
nEsi = nEdx;
nEsi <<= 16;
nEsi += nEdx;
nEdx = ReadMemory(Address + 4,hProcss);
nEax = nEsi ^ nEdx;
return nEax;
}
level 7
Timsqin
楼主
#include "dnf_code.h"
#include <Windows.h>
int main()
{
DWORD pf_base = 0x309053C;//评分基址
DWORD pf_de = 0x110;//三SSS偏移
DWORD tmp = 0;
DWORD pid = 0;
HWND hWnd = FindWindow(TEXT("地下城与勇士"),TEXT("地下城与勇士")); //窗口句柄
GetWindowThreadProcessId(hWnd,&pid);
HANDLE hProcss = OpenProcess(PROCESS_ALL_ACCESS,FALSE,pid);
//3sss评分
tmp=ReadMemory(pf_base,hProcss);//读取人物基址的值
tmp += pf_de;//值和偏移相加得出地址
DWORD ne = 99999999;
EnCode(tmp,ne,hProcss);
CloseHandle(hProcss);
return 0;
}
2015年10月14日 16点10分
20
#include <Windows.h>
int main()
{
DWORD pf_base = 0x309053C;//评分基址
DWORD pf_de = 0x110;//三SSS偏移
DWORD tmp = 0;
DWORD pid = 0;
HWND hWnd = FindWindow(TEXT("地下城与勇士"),TEXT("地下城与勇士")); //窗口句柄
GetWindowThreadProcessId(hWnd,&pid);
HANDLE hProcss = OpenProcess(PROCESS_ALL_ACCESS,FALSE,pid);
//3sss评分
tmp=ReadMemory(pf_base,hProcss);//读取人物基址的值
tmp += pf_de;//值和偏移相加得出地址
DWORD ne = 99999999;
EnCode(tmp,ne,hProcss);
CloseHandle(hProcss);
return 0;
}
dnf_code.cpp
2015年10月14日 16点10分
