• 1300阅读
  • 1回复

1.2.一个最简单的外挂(EXE版本) [复制链接]

上一主题 下一主题
离线啊冲
 

只看楼主 倒序阅读 使用道具 楼主  发表于: 2015-10-25

// Killer.cpp : Defines the initialization routines for the DLL.
//

#include "stdafx.h"
#include "Killer.h"

#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif

//
//    Note!
//
//        If this DLL is dynamically linked against the MFC
//        DLLs, any functions exported from this DLL which
//        call into MFC must have the AFX_MANAGE_STATE macro
//        added at the very beginning of the function.
//
//        For example:
//
//        extern "C" BOOL PASCAL EXPORT ExportedFunction()
//        {
//            AFX_MANAGE_STATE(AfxGetStaticModuleState());
//            // normal function body here
//        }
//
//        It is very important that this macro appear in each
//        function, prior to any calls into MFC.  This means that
//        it must appear as the first statement within the
//        function, even before any object variable declarations
//        as their constructors may generate calls into the MFC
//        DLL.
//
//        Please see MFC Technical Notes 33 and 58 for additional
//        details.
//

/////////////////////////////////////////////////////////////////////////////
// CKillerApp

BEGIN_MESSAGE_MAP(CKillerApp, CWinApp)
    //{{AFX_MSG_MAP(CKillerApp)
        // NOTE - the ClassWizard will add and remove mapping macros here.
        //    DO NOT EDIT what you see in these blocks of generated code!
    //}}AFX_MSG_MAP
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CKillerApp construction

CKillerApp::CKillerApp()
{
    // TODO: add construction code here,
    // Place all significant initialization in InitInstance    
}

/////////////////////////////////////////////////////////////////////////////
// The one and only CKillerApp object

CKillerApp theApp;
DWORD HookAddr_TP;

__declspec(naked) void __stdcall MySleep()
{
    while (TRUE)
    {
        Sleep(3000);
        if (::FindWindow(NULL,"QQ游戏") == NULL) break;
    }
    exit(0);
}


void Hook(DWORD HookAddr)
{
    DWORD dwOldProtect;
    VirtualProtect((LPVOID)HookAddr,5,PAGE_EXECUTE_READWRITE,&dwOldProtect);
    *(BYTE*)HookAddr = 0xE9;
    *(DWORD*)(HookAddr+1) =(DWORD)MySleep - (DWORD)HookAddr - 5;
    VirtualProtect((LPVOID)HookAddr,5,dwOldProtect,&dwOldProtect);
    return;
}




DWORD DllMainThread(void *)
{
    DWORD TPFunc = 0, MYFunc = 0;
    CString szBuffer;
    //获得模块地址
    DWORD hTPModule = (DWORD)GetModuleHandle(TEXT("TenSLX.dll"));
    wsprintf(szBuffer.GetBuffer(0),"hTPModule:%08X",hTPModule);
    OutputDebugString(szBuffer);
    //获得偏移地址
    HookAddr_TP = hTPModule + 0x00010B6;
    wsprintf(szBuffer.GetBuffer(0),"HookAddr:%08X",HookAddr_TP);
    OutputDebugString(szBuffer);

    Hook(HookAddr_TP);

    return 0;
}

BOOL CKillerApp::InitInstance()
{
    // TODO: Add your specialized code here and/or call the base class
    //初始化的动作
     HANDLE hThreadHandle = ::CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)DllMainThread,0,0,NULL);
    
    return CWinApp::InitInstance();
}
善者 慈悲心常在 无怨无恨 以苦为乐
默认压缩密码www.hifyl.com
文件分享密码问题:http://www.hifyl.com/read-htm-tid-4444.html

只看该作者 沙发  发表于: 2016-03-21
谢谢分享!!!!!
快速回复
限100 字节
如果您在写长篇帖子又不马上发表,建议存为草稿
 
上一个 下一个