Перейти к содержанию

Крайслер

Стажёры
  • Постов

    11
  • Зарегистрирован

  • Посещение

Репутация

5 Lamer

Посетители профиля

1 885 просмотров профиля
  1. cD3D11Font * D3D11Font = nullptr;ID3D11Device *m_pDevice= nullptr;В Present получаешь устройство и рисуешь.... pSwapChain->GetDevice(__uuidof(m_pDevice), (void**)&m_pDevice); if (!m_pDevice) { if (D3D11Font == nullptr) { D3D11Font = new cD3D11Font("Tahoma", 8, FW_BOLD, m_pDevice); D3D11Font->InitObjects(); } else { D3D11Font->Begin(); D3D11Font->AddText(10.f, 10.f, "D3D11Font", 0xff00ffff, 1.f, FONT_LEFT); D3D11Font->End(); } }
  2. Немного бреда(но работать должно): INT value = *(DWORD*)(*(DWORD*)(*(DWORD*)(0xBA18FC)+0x384)+0x00);printf_s("Pointer value:: 0x%X\nSignification value::%i\n",value,value)if(value==188) printf_s("value = 188")+ значение наверное меняется через промежутки времени. поэтому думаю это нужно внутри цикла обрабатывать DWORD WINAPI GtaSA_thread (LPVOID){CreateConsole();while(true) { //Читаем - проверяем - переписываем Sleep(500); }return 0;}
  3. был прецедент с GetModuleHandle, причину которого я так и не выяснил....
  4. char strURL[MAX_SIZE]; sprintf_s(strURL,"http://cloud.foxford.ru/hls/webinar-23801.mp4/%i.ts",i);
  5. незнаю как прекрепить фаилы к сообщение, поэтому внешняя ссылка на полный проект: Скачать (в архиве нету исполняемых фаилов) Если так же будут ошибки, то смотри в сторону комплекта своего MS SDK.
  6. Вставлю свои пять копеек: Просто класс для минимальной работы с памятью(немного не оптимизирован, но работает на ура): Основа Nt-функции(для разнообразия ) #pragma once#include <Windows.h>#include <tlHelp32.h>#include <subauth.h>typedef struct _CLIENT_ID{ PVOID UniqueProcess; PVOID UniqueThread;} CLIENT_ID, *PCLIENT_ID;typedef struct _OBJECT_ATTRIBUTES{ ULONG Length; HANDLE RootDirectory; PUNICODE_STRING ObjectName; ULONG Attributes; PVOID SecurityDescriptor; PVOID SecurityQualityOfService;} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;typedef NTSTATUS(NTAPI* NTWRITEVIRTUALMEMORY)(HANDLE, PVOID, PVOID, ULONG, PULONG);typedef NTSTATUS(NTAPI* NTOPENPROCESS)(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);typedef NTSTATUS(NTAPI* NTCLOSE)(HANDLE);typedef NTSTATUS(NTAPI *NTPROTECTVIRTUALMEMORY)(HANDLE , PVOID *, PULONG , ULONG , PULONG );//NtProtectVirtualMemoryclass cNtMemoryEdit{public: NTOPENPROCESS NtOpenProcess; NTCLOSE NtClose; NTWRITEVIRTUALMEMORY NtWriteVirtualMemory; NTPROTECTVIRTUALMEMORY NtProtectVirtualMemory; template <class cData> void NtWriteMemory(DWORD dwAddress, cData Value) { NtWriteVirtualMemory(m_pHandleProcess, (PVOID)dwAddress, &Value, sizeof(cData), NULL); } void NtWriteMemoryEx(DWORD dwAddress, char *Patch_Bts); cNtMemoryEdit(TCHAR * m_pNameProcess); virtual ~cNtMemoryEdit(); FARPROC newGPA(HMODULE Mod, TCHAR* fName); DWORD ProcessID(); DWORD GetProcessID(){ return this->m_pID; } HANDLE GetHandleProcess(){ return this->m_pHandleProcess; }private: TCHAR * m_pNameProcess; DWORD m_pID; HMODULE m_pNtdll; HANDLE m_pHandleProcess; CLIENT_ID m_pCID; OBJECT_ATTRIBUTES m_pATTRIBUTES; __int32 СharLength(char *chArray);};#define InitializeObjectAttributes(p, n, a, r, s) \{ \ (p)->Length = sizeof(OBJECT_ATTRIBUTES); \ (p)->RootDirectory = r; \ (p)->Attributes = a; \ (p)->ObjectName = n; \ (p)->SecurityDescriptor = s; \ (p)->SecurityQualityOfService = NULL; \}#include "cNtMemoryEdit.h"cNtMemoryEdit::cNtMemoryEdit(TCHAR * m_pNameProcess){ ZeroMemory(this, sizeof(cNtMemoryEdit)); ZeroMemory(&m_pATTRIBUTES, sizeof(m_pATTRIBUTES)); this->m_pNameProcess = m_pNameProcess; this->m_pNtdll = GetModuleHandle(__TEXT("ntdll.dll")); if (!this->m_pNtdll) this->m_pNtdll = LoadLibrary(__TEXT("ntdll.dll")); InitializeObjectAttributes(&m_pATTRIBUTES, NULL, 0, NULL, NULL); NtOpenProcess = (NTOPENPROCESS)newGPA(this->m_pNtdll, "NtOpenProcess"); NtClose = (NTCLOSE)newGPA(this->m_pNtdll, "NtClose"); NtWriteVirtualMemory = (NTWRITEVIRTUALMEMORY)newGPA(this->m_pNtdll, "NtWriteVirtualMemory"); NtProtectVirtualMemory = (NTPROTECTVIRTUALMEMORY)newGPA(this->m_pNtdll, "NtProtectVirtualMemory"); this->m_pID = ProcessID(); m_pCID.UniqueProcess = (HANDLE)this->m_pID; m_pCID.UniqueThread = 0; NtOpenProcess(&this->m_pHandleProcess, PROCESS_ALL_ACCESS, &m_pATTRIBUTES, &m_pCID);}void cNtMemoryEdit::NtWriteMemoryEx(DWORD dwAdress, char *pBYTE){ DWORD OldProtection; __int32 iSize = СharLength(pBYTE); NtProtectVirtualMemory(this->m_pHandleProcess, (PVOID*)dwAdress, (PULONG)iSize, PAGE_EXECUTE_READWRITE, &OldProtection); for (__int32 i = 0; i < iSize; i++) NtWriteMemory<BYTE>(dwAdress + i, pBYTE[i]); NtProtectVirtualMemory(this->m_pHandleProcess, (PVOID*)dwAdress, (PULONG)iSize, OldProtection, &OldProtection);}__int32 cNtMemoryEdit::СharLength(char *chArray){ for (__int32 iLength = 1; iLength < MAX_PATH; iLength++) if (chArray[iLength] == '\0') return iLength; return 0;}DWORD cNtMemoryEdit::ProcessID(){ DWORD pID = 0; HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); PROCESSENTRY32 process; process.dwSize = sizeof(PROCESSENTRY32); if (Process32First(snapshot, &process)) { while (Process32Next(snapshot, &process)) { if (_stricmp(process.szExeFile, this->m_pNameProcess) == 0) { pID = process.th32ProcessID; break; } } } CloseHandle(snapshot); return pID;}FARPROC cNtMemoryEdit::newGPA(HMODULE Mod, TCHAR* fName){ ULONG Portable_Executable; PIMAGE_EXPORT_DIRECTORY EXPORT_DIRECTORY; PULONG RVAPointer; PUSHORT oTb_RVA; PULONG dwTbRVA; ULONG uReturn = 0; USHORT strTMP = 0; USHORT tmpINDEX; char * tmpName; ULONG Adress; ULONG size_CNT; if ((ULONG)fName <= 0xFFFF) strTMP = (USHORT)fName; if (Mod) { Portable_Executable = *(ULONG*)((ULONG)Mod + 0x3C) + (ULONG)Mod; EXPORT_DIRECTORY = (PIMAGE_EXPORT_DIRECTORY)(*(ULONG*)((ULONG)Portable_Executable + 0x78) + (ULONG)Mod); RVAPointer = (ULONG*)(EXPORT_DIRECTORY->AddressOfNames + (ULONG)Mod); oTb_RVA = (USHORT*)(EXPORT_DIRECTORY->AddressOfNameOrdinals + (ULONG)Mod); dwTbRVA = (ULONG*)(EXPORT_DIRECTORY->AddressOfFunctions + (ULONG)Mod); if (EXPORT_DIRECTORY->NumberOfNames > EXPORT_DIRECTORY->NumberOfFunctions) size_CNT = EXPORT_DIRECTORY->NumberOfNames; else size_CNT = EXPORT_DIRECTORY->NumberOfFunctions; for (USHORT i = 0; i < size_CNT; i++) { if (i < EXPORT_DIRECTORY->NumberOfFunctions) { tmpName = (char*)(RVAPointer[i] + (ULONG)Mod); tmpINDEX = oTb_RVA[i]; } else { tmpName = 0; tmpINDEX = i; } Adress = dwTbRVA[tmpINDEX] + (ULONG)Mod; if ((strTMP == tmpINDEX + EXPORT_DIRECTORY->Base) || (tmpName && !strcmp(tmpName, fName))) // wcscmp { uReturn = Adress; break; } } } return (FARPROC)uReturn;}cNtMemoryEdit::~cNtMemoryEdit(){ ZeroMemory(this, sizeof(cNtMemoryEdit)); NtClose(this->m_pHandleProcess);}#include "cNtMemoryEdit.h"cNtMemoryEdit *NtMemoryEdit = new cNtMemoryEdit("Test.exe");................NtMemoryEdit->NtWriteMemory<int>(0x024B3A40, 379);NtMemoryEdit->NtWriteMemory<float>(0x0000A40, 2.54f);NtMemoryEdit->NtWriteMemoryEx(0x0000000, "\x33\xFF\x84\xC0\x74\x07");
  7. я бы сделал так: Для простого переключания флагов: static struct _Keys{ bool bPressed; DWORD dwStartTime; }kPressingKeys[256];BOOL State_Key(int Key, DWORD dwTimeOut){if (HIWORD(GetKeyState(Key))){if (!kPressingKeys[Key].bPressed || (kPressingKeys[Key].dwStartTime && (kPressingKeys[Key].dwStartTime + dwTimeOut) <= GetTickCount())){kPressingKeys[Key].bPressed = TRUE;if (dwTimeOut > NULL)kPressingKeys[Key].dwStartTime = GetTickCount();return TRUE;}}elsekPressingKeys[Key].bPressed = FALSE;return FALSE;}bool Show = false;if (State_Key(VK_END,3000))Show = !Show;#define KEY_DOWN(vk_code) ((GetAsyncKeyState(vk_code) & 0x8000) ? 1 : 0)#define KEY_UP(vk_code) ((GetAsyncKeyState(vk_code) & 0x8000) ? 0 : 1)if(KEY_DOWN(VK_F1))cPlayerEntity->vPos.x = vPos.x += *(int*)value;
  8. ОК)) Смотри: Создаю проект(Win32 - Консоль), прописываю туда код, который предоставил выше. Дабавляю немного визуализации и логгирования(по минимуму). ЗАливаю файл на Rghost.ru (Ссылка) (для тестирования, так как этот сервис отдает прямые ссылки). Получаем(Ниже спойлер): #include #include #include #include #pragma comment(lib,"wininet")int i = 0;bool DownloadFile(char* szUrl, char* szPath){HINTERNET hOpen = NULL;HINTERNET hFile = NULL;HANDLE hOut = NULL;char* lpBuffer = NULL;DWORD dwBytesRead = 0;DWORD dwBytesWritten = 0;hOpen = InternetOpen("MyAgent", NULL, NULL, NULL, NULL);if (!hOpen) return false;hFile = InternetOpenUrl(hOpen, szUrl, NULL, NULL, INTERNET_FLAG_RELOAD | INTERNET_FLAG_DONT_CACHE, NULL);if (!hFile) {InternetCloseHandle(hOpen);return false;}hOut = CreateFile(szPath, GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, NULL, NULL);if (hOut == INVALID_HANDLE_VALUE){InternetCloseHandle(hFile);InternetCloseHandle(hOpen);return false;}do {lpBuffer = new char[2000];ZeroMemory(lpBuffer, 2000);InternetReadFile(hFile, (LPVOID)lpBuffer, 2000, &dwBytesRead);WriteFile(hOut, &lpBuffer[0], dwBytesRead, &dwBytesWritten, NULL);delete[] lpBuffer;lpBuffer = NULL;} while (dwBytesRead);CloseHandle(hOut);InternetCloseHandle(hFile);InternetCloseHandle(hOpen);return true;}int Start(){start:char Path[MAX_PATH];char strURL[MAX_PATH] = "http://rghost.ru/download/68vBbLW9C/19ac08e7d180849ffcf9ea77b4fbf4c5ea812587/Dx11_ModelLogger%20x64.dll";sprintf_s(Path, "Dx11_ModelLogger__%i.dll", i);//sprintf_s(strURL, "http://*************/files/VideoFile_%i.avi",i);if (DownloadFile(strURL, Path)){i++;printf("SaveFile::%s \n", Path);_asm jmp start}elsereturn 0;}int main(){SetConsoleTitle("[DEMO]RockHammer");Start();getch();return 0;}
  9. если ссылки прямые, то можно не изобретать велосипед и зделать как советуют "профи": bool DownloadFile(char* szUrl, char* szPath){ HINTERNET hOpen = NULL; HINTERNET hFile = NULL; HANDLE hOut = NULL; char* lpBuffer = NULL; DWORD dwBytesRead = 0; DWORD dwBytesWritten = 0; hOpen = InternetOpen("MyAgent", NULL, NULL, NULL, NULL); if (!hOpen) return false; hFile = InternetOpenUrl(hOpen, szUrl, NULL, NULL, INTERNET_FLAG_RELOAD | INTERNET_FLAG_DONT_CACHE, NULL); if (!hFile) { InternetCloseHandle(hOpen); return false; } char sz_velikost[50]; //DWORD dwBytesRead = 0; DWORD dwTOTALSize = sizeof(sz_velikost); BYTE buffer[2048]; /*dwTOTALSize =*/ HttpQueryInfoW(hFile, HTTP_QUERY_CONTENT_LENGTH, sz_velikost, &dwTOTALSize, 0); int temp = atoi((LPCTSTR)sz_velikost); sprintf(Info_Key, "%d", temp); MessageBoxA(0, Info_Key, 0, 0);//Info_Key hOut = CreateFile(szPath, GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, NULL, NULL); if (hOut == INVALID_HANDLE_VALUE) { InternetCloseHandle(hFile); InternetCloseHandle(hOpen); return false; } do { lpBuffer = new char[2000]; ZeroMemory(lpBuffer, 2000); InternetReadFile(hFile, (LPVOID)lpBuffer, 2000, &dwBytesRead); WriteFile(hOut, &lpBuffer[0], dwBytesRead, &dwBytesWritten, NULL); delete[] lpBuffer; lpBuffer = NULL; } while (dwBytesRead); CloseHandle(hOut); InternetCloseHandle(hFile); InternetCloseHandle(hOpen); return true;}#include <wininet.h>#pragma comment(lib,"wininet")DownloadFile("http://*************/files/starter/File.rar", "File.rar");start:int i = 0;char Path[MAX_SIZE];char strURL[MAX_SIZE];sprintf_s(Path,"SaveFile_%i.avi",i);sprintf_s(strURL,"http://*************/files/VideoFile_%i.avi",i);if(DownloadFile(strURL, Path)){i++; goto start;//если любитель АСМ то можеша красиво оформить _asm jmp start}
  10. как вариант выставлять глобальный хук: using System;using System.Runtime.InteropServices;using System.Windows.Forms;using System.ComponentModel;namespace GlobalSoftKeys{ public static class Hook { #region Declarations public delegate void HookKeyPress(LLKHEventArgs e); public static event HookKeyPress KeyUp; public static event HookKeyPress KeyDown; [StructLayout(LayoutKind.Sequential)] struct KBDLLHOOKSTRUCT { public uint vkCode; public uint scanCode; public KBDLLHOOKSTRUCTFlags flags; public uint time; public IntPtr dwExtraInfo; } [Flags] enum KBDLLHOOKSTRUCTFlags : int { LLKHF_EXTENDED = 0x01, LLKHF_INJECTED = 0x10, LLKHF_ALTDOWN = 0x20, LLKHF_UP = 0x80, } static IntPtr hHook = IntPtr.Zero; static IntPtr hModule = IntPtr.Zero; static bool hookInstall = false; static bool localHook = true; static API.HookProc hookDel; #endregion public static void InstallHook() { if (IsHookInstalled) return; hModule = Marshal.GetHINSTANCE(AppDomain.CurrentDomain.GetAssemblies()[0].GetModules()[0]); hookDel = new API.HookProc(HookProcFunction); if (localHook) hHook = API.SetWindowsHookEx(API.HookType.WH_KEYBOARD, hookDel, IntPtr.Zero, AppDomain.GetCurrentThreadId()); else hHook = API.SetWindowsHookEx(API.HookType.WH_KEYBOARD_LL, hookDel, hModule, 0); if (hHook != IntPtr.Zero) hookInstall = true; else throw new Win32Exception("Can't install low level keyboard hook!"); } public static bool IsHookInstalled { get { return hookInstall && hHook != IntPtr.Zero; } } public static IntPtr ModuleHandle { get { return hModule; } } public static bool LocalHook { get { return localHook; } set { if (value != localHook) { if (IsHookInstalled) throw new Win32Exception("Can't change type of hook than it install!"); localHook = value; } } } public static void UnInstallHook() { if (IsHookInstalled) { if (!API.UnhookWindowsHookEx(hHook)) throw new Win32Exception("Can't uninstall low level keyboard hook!"); hHook = IntPtr.Zero; hModule = IntPtr.Zero; hookInstall = false; } } static IntPtr HookProcFunction(int nCode, IntPtr wParam, [In] IntPtr lParam) { if (nCode == 0) { LLKHEventArgs args = null; if (localHook) { bool pressed = false; if (lParam.ToInt32() >> 31 == 0) pressed = true; Keys keys = (Keys)wParam.ToInt32(); args = new LLKHEventArgs(keys, pressed, 0U, 0U); if (pressed) { if (KeyDown != null) KeyDown(args); } else { if (KeyUp != null) KeyUp(args); } } else { KBDLLHOOKSTRUCT kbd = (KBDLLHOOKSTRUCT)Marshal.PtrToStructure(lParam, typeof(KBDLLHOOKSTRUCT)); bool pressed = false; if (wParam.ToInt32() == 0x100 || wParam.ToInt32() == 0x104) pressed = true; Keys keys = (Keys)kbd.vkCode; args = new LLKHEventArgs(keys, pressed, kbd.time, kbd.scanCode); if (pressed) { if (KeyDown != null) KeyDown(args); } else { if (KeyUp != null) KeyUp(args); } } if (args != null && args.Hooked) return (IntPtr)1; } return API.CallNextHookEx(hHook, nCode, wParam, lParam); } } public class LLKHEventArgs { Keys keys; bool pressed; uint time; uint scCode; public LLKHEventArgs(Keys keys, bool pressed, uint time, uint scanCode) { this.keys = keys; this.pressed = pressed; this.time = time; this.scCode = scanCode; } public Keys Keys { get { return keys; } } public bool IsPressed { get { return pressed; } } public uint Time { get { return time; } } public uint ScanCode { get { return scCode; } } public bool Hooked { get; set; } } static class API { public delegate IntPtr HookProc(int nCode, IntPtr wParam, [In] IntPtr lParam); [DllImport("user32.dll")] public static extern IntPtr CallNextHookEx(IntPtr hhk, int nCode, IntPtr wParam, [In] IntPtr lParam); [DllImport("user32.dll", SetLastError = true)] public static extern IntPtr SetWindowsHookEx(HookType hookType, HookProc lpfn, IntPtr hMod, int dwThreadId); [DllImport("user32.dll", SetLastError = true)] public static extern bool UnhookWindowsHookEx(IntPtr hhk); [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)] public static extern IntPtr GetModuleHandle(string lpModuleName); public enum HookType : int { WH_JOURNALRECORD = 0, WH_JOURNALPLAYBACK = 1, WH_KEYBOARD = 2, WH_GETMESSAGE = 3, WH_CALLWNDPROC = 4, WH_CBT = 5, WH_SYSMSGFILTER = 6, WH_MOUSE = 7, WH_HARDWARE = 8, WH_DEBUG = 9, WH_SHELL = 10, WH_FOREGROUNDIDLE = 11, WH_CALLWNDPROCRET = 12, WH_KEYBOARD_LL = 13, WH_MOUSE_LL = 14 } }}using GlobalSoftKeys;//подключаем наш классusing System.Runtime.InteropServices;//для работы с DllImport List<Keys> _pressedKeys; [DllImport("User32.dll")] public static extern int SendInput(int nInputs, ref INPUT pInputs, int cbSize); [DllImport("User32.dll")] static extern short GetAsyncKeyState(Int32 vKey); public struct INPUT { public int type; } void KBDHook_KeyUp(GlobalSoftKeys.LLKHEventArgs e) { _pressedKeys.Remove(e.Keys); }_pressedKeys = new List<Keys>(); Hook.KeyDown += new Hook.HookKeyPress(KBDHook_KeyDown); Hook.KeyUp += new Hook.HookKeyPress(KBDHook_KeyUp); Hook.LocalHook = false; Hook.InstallHook(); this.FormClosed += (s, e) => { Hook.UnInstallHook(); }; //---Непосредственно наши установки для хука void KBDHook_KeyDown(GlobalSoftKeys.LLKHEventArgs e) { if (!_pressedKeys.Contains(e.Keys)) { _pressedKeys.Add(e.Keys); } //---Это указание нашей клавиши для определенного действия if (_pressedKeys.IndexOf((Keys)int.Parse("45")) != -1)// 45 - это десятичный код нужной нам клавиши { MessageBox.Show("Перехват успешен!", "Проверка");// действие при нажатии указанной клавиши } }
  11. DWORD cExMemory::FindSignature(DWORD base, DWORD size, byte* sign, char* mask) { MEMORY_BASIC_INFORMATION mbi = { 0 }; DWORD offset = 0; while (offset < size) { VirtualQueryEx(this->pHandle, (LPCVOID)(base + offset), &mbi, sizeof(MEMORY_BASIC_INFORMATION)); if (mbi.State != MEM_FREE) { byte* buffer = new byte[mbi.RegionSize]; ReadProcessMemory(this->pHandle, mbi.BaseAddress, buffer, mbi.RegionSize, NULL); for (size_t i = 0; i < mbi.RegionSize; i++) { if (DataCompare(buffer + i, sign, mask)) { delete[] buffer; return (DWORD)mbi.BaseAddress + i; } } delete[] buffer; } offset += mbi.RegionSize; } return 0; } bool cExMemory::DataCompare(byte* data, byte* sign, char* mask) { for (; *mask; mask++, sign++, data++) { if (*mask == 'x' && *data != *sign) return false; } return true; } this->pHandle - передаешь хендл нужного процесса
×
×
  • Создать...

Важная информация

Находясь на нашем сайте, Вы автоматически соглашаетесь соблюдать наши Условия использования.