-
Постов
5 -
Зарегистрирован
-
Посещение
Тип контента
Профили
Форумы
Загрузки
Блоги
Сообщения, опубликованные USSR
-
-
[terminus=16]Привет! Код я прочитал по диагонали и могу тольк сказать, что все можно реализовать раз в пять проще. Поищи на форуме - есть и темы и видеоуроки, в том числе на C++. На самом деле кода там строчек 5, а не 50.[/term
[terminus=16]хотел еще спросить если адрес не один, а например их 40 штук, то как это все прописывать? просто в уроках этого нету([/term
-
Ну пока что идея Xipho мне кажется легче. Итак, как поймать клиент игры и как его декомпилировать? Ну и попутный вопрос: как во всем этом искать слабости?
посмотри вот тут https://xakep.ru/2011/03/03/54979/ все подробно описано, про то как посмотреть и исход, и как лучше посмотреть пересылку пакетов!!!
-
USSR,http://www.mpgh.net/forum/showthread.php?t=505474 хочу сделать для crysis
-
Можете помочь разобраться?Это сканер сигнатур на С++
signature_scanner.h
Example of using:
DLL itself:
That was just a code sample to show you hoe you can use it.
The search funcion inside the scanner class is what you will be using to do memory scanning.
Like if we search like this:
83 is a single hex byte. Meaning it is like this: 0x83.
So the actual signature is:
Two "?" is a wildcard byte. And the signature will ignore them.
Additionally it will take the address at the end of the signature unless you specify the second perameter in this function, which is 0 by default.
If the address is in the middle of the signature you can do the following:
As you know, the address is Unsigned long and thus we write 8 "X"(4bytes=4*2).
When X is detected in the string, the second perameter of the function is ignored.
The string must be in upper case letters.
Как тут он работает? не как не пойму.Как у него маска и сигнатура в одной строке но при этом у него все работает.Xipho: тег кода и спойлера для кого сделан?
#pragma once#include <windows.h>#include <psapi.h>#pragma comment(lib, "psapi.lib")#include <stdio.h>// Usage: unsigned long address = signature_scanner->search("3AB2DFAB????????3FBACD300200A1XXXXXXXXB1C4DA");// X is the address// ? is a wildcardclass signature_scanner{private: unsigned long BaseAddress; unsigned long ModuleSize;public: signature_scanner() { //SYSTEM_INFO info; //GetSystemInfo(&info); //this->BaseAddress = (unsigned long)info.lpMinimumApplicationAddress; // Could be injected earlier than expected while (!(this->BaseAddress = (unsigned long)GetModuleHandle(NULL))) Sleep(100); // Getting size of image MODULEINFO modinfo; while (!GetModuleInformation(GetCurrentProcess(), GetModuleHandle(NULL), &modinfo, sizeof(MODULEINFO))) Sleep(100); this->ModuleSize = modinfo.SizeOfImage; // Wait for the application to finish loading MEMORY_BASIC_INFORMATION meminfo; while (true) { if (VirtualQuery((void*)this->ModuleSize, &meminfo, sizeof(MEMORY_BASIC_INFORMATION))) if (!(meminfo.Protect &PAGE_EXECUTE_WRITECOPY)) break; Sleep(100); } } unsigned long search(const char* string, unsigned short offset=0) { unsigned int p_length = strlen(string);// Pattern's length if (p_length % 2 != 0 || p_length < 2 || !this->BaseAddress || !this->ModuleSize) return NULL;// Invalid operation unsigned short length = p_length / 2;// Number of bytes // The buffer is storing the real bytes' values after parsing the string unsigned char* buffer = new unsigned char[length]; SecureZeroMemory(buffer, length); // Copy of string char* pattern = new char[p_length+1];// +1 for the null terminated string ZeroMemory(pattern, p_length+1); strcpy_s(pattern, p_length+1, string); _strupr_s(pattern, p_length+1); // Set vars unsigned char f_byte; unsigned char s_byte; // Parsing of string for (unsigned short z = 0; z < length; z++) { f_byte = pattern[z*2];// First byte s_byte = pattern[(z*2)+1];// Second byte if ( ( (f_byte <= 'F' && f_byte >= 'A') || (f_byte <= '9' && f_byte >= '0') ) && ( (s_byte <= 'F' && s_byte >= 'A') || (s_byte <= '9' && s_byte >= '0') ) ) { if (f_byte <= '9') buffer[z] += f_byte - '0'; else buffer[z] += f_byte - 'A' + 10; buffer[z] *= 16; if (s_byte <= '9') buffer[z] += s_byte - '0'; else buffer[z] += s_byte - 'A' + 10; } else if (f_byte == 'X' || s_byte == 'X') buffer[z] = 'X'; else buffer[z] = '?';// Wildcard } // Remove buffer delete[] pattern; // Start searching unsigned short x; unsigned long i = this->BaseAddress; MEMORY_BASIC_INFORMATION meminfo; unsigned long EOR; while (i < this->ModuleSize) { VirtualQuery((void*)i, &meminfo, sizeof(MEMORY_BASIC_INFORMATION)); if (!(meminfo.Protect &PAGE_EXECUTE_READWRITE))// Good for AVA for now {// !(meminfo.Protect &(PAGE_READWRITE | PAGE_WRITECOPY | PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY)) || !(meminfo.State &MEM_COMMIT) i += meminfo.RegionSize; continue; } EOR = i + meminfo.RegionSize; for (; i < EOR; i++) { for (x = 0; x < length; x++) if (buffer[x] != ((unsigned char*)i)[x] && buffer[x] != '?' && buffer[x] != 'X') break; if (x == length) { delete[] buffer; const char* s_offset = strstr(string, "X"); if (s_offset != NULL) return *(unsigned long*)&((unsigned char*)i)[length - strlen(s_offset) / 2]; else return *(unsigned long*)&((unsigned char*)i)[length + offset]; } } } // Didn't find anything delete[] buffer; return NULL; }};
#include <windows.h>#include "signature_scanner.h"void main(){ Beep(1000, 100); signature_scanner *scanner = new signature_scanner; HANDLE checking; unsigned long pointer; bool* ingame; try { if (!(ingame = (bool*)scanner->search("83C40885C00F95C0C705????????????????A2"))) throw "Couldn't retrieve ingame pointer."; if (!(pointer = scanner->search("6BF666C086FFA3XXXXXXXX743C8BB6"))) throw "Couldn't retrieve bino pointer."; } catch ( LPCSTR error ) { MessageBox(NULL, error, "Error", MB_OK | MB_ICONERROR); return; } while (true) { // Checks if he is in game if (*ingame) { // If he is in game then do some stuff if (IsBadReadPtr((void*)pointer, sizeof(unsigned long)) == NULL) { unsigned long address = *(unsigned long*)pointer + offset; if (IsBadReadPtr((void*)address, sizeof(unsigned long)) == NULL) { } } } Sleep(2000); }}bool WINAPI DllMain(HINSTANCE hDLLInst, DWORD fdwReason, LPVOID lpvReserved){ if (fdwReason == DLL_PROCESS_ATTACH) { DisableThreadLibraryCalls(hDLLInst); if (CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)main, NULL, 0, NULL) == NULL) { MessageBox(NULL, new_thread, "Error", MB_OK | MB_ICONERROR); return false; } } return true;}
Code:scanner->search("83C40885C00F95C0C705????????????????A2");
Code:0x83 0xC4 0x08 0x85 0xC0 0x0F 0x95 0xC0 0xC7 0x05 ?? ?? ?? ?? ?? ?? ?? ?? 0xA2
Code:scanner->search("6BF666C086FFA3XXXXXXXX743C8BB6");
Сканер сигнатур
in Низкоуровневое программирование
Опубликовано
спасибо