|
|
本帖最后由 236a 于 2019-12-1 17:06 编辑
__declspec(naked) HRESULT WINAPI Orginal_DrawIndexedPrimitive(LPDIRECT3DDEVICE9 m_pDevice, D3DPRIMITIVETYPE type, INT BaseVertexIndex, UINT MinVertexIndex, UINT NumVertices, UINT startIndex, UINT primCount)
{
_asm
{
mov edi, edi
push ebp
mov ebp, esp
mov eax, jmpto
jmp eax
}
}
//原669C1E50 DrawIndexedPrimitive地址669C1E50 - 66960000 = 61E50(DrawIndexedPrimitivex偏移地址)
//D3D9.DLL 0x66960000(模块地址) - 0x18E000(模块大小)
HRESULT WINAPI MyDrawIndexedPrimitive(LPDIRECT3DDEVICE9 m_pDevice,D3DPRIMITIVETYPE type, INT BaseVertexIndex, UINT MinVertexIndex, UINT NumVertices, UINT startIndex, UINT primCount)
{
return Orginal_DrawIndexedPrimitive(m_pDevice,type,BaseVertexIndex,MinVertexIndex,NumVertices,startIndex,primCount);
}
ULONG_PTR Cheat::GetDrawIndexedPrimitveAddress()
{
HANDLE handle = GetModuleHandle(L"d3d9.dll");
if (handle == INVALID_HANDLE_VALUE)
{
return NULL;
}
else
{
return (ULONG_PTR)handle + 61E50;
}
}
bool Cheat::HookDrawIndexedPrimitive()
{
ULONG_PTR address = GetDrawIndexedPrimitveAddress();
jmpto = address + 5;
DWORD oldProtect = 0;
if (VirtualProtect((LPVOID)address, 5, PAGE_EXECUTE_READWRITE, &oldProtect)) //这里 <-------------------------------------------
{
DWORD value = (DWORD)MyDrawIndexedPrimitive - address - 5;
_asm
{
mov eax, address
mov byte ptr[eax], 0xe9
add eax, 1
mov ebx, value
mov dword ptr[eax], ebx
}
VirtualProtect((LPVOID)address, 5, oldProtect, &oldProtect);
}
return true;
}
////////////////////////////////////////////////////////
用SetWindwsHook注入不到CS进程去、但是能hook其他进程..
用工具注入到CS直接调用的 HookDrawIndexedPrimitive();
但是走到 VirtualProtect() 这里出错了用messagebox和GetLastError查看程序会崩,
|
上一篇: MFC下一篇: 求一个实现思路,不需要具体代码
|
/2 
发表于 2019-12-1 16:35:38
