Anywhere

水中苇
随笔 - 28, 文章 - 3, 评论 - 0, 引用 - 0
数据加载中……

War3源码解析<转>

// mh2.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
/*
*WC3 Maphack
*ccyxcn@gmail.com
*/
#include <windows.h>

int main(int argc, char* argv[])
{

 //提升程序权限,使其能够修改war3进程。
 HANDLE hcurrent=GetCurrentProcess();
 HANDLE hToken;
 BOOL bret=OpenProcessToken(hcurrent,TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&hToken);
 LUID luid;
 bret=LookupPrivilegeValue(NULL,"SeDebugPrivilege",&luid);
 TOKEN_PRIVILEGES NewState,PreviousState;
 DWORD ReturnLength;
 NewState.PrivilegeCount =1;
 NewState.Privileges[0].Luid =luid;
 NewState.Privileges[0].Attributes=2;
 bret=AdjustTokenPrivileges(hToken,FALSE,&NewState,28,&PreviousState,&ReturnLength);
 CloseHandle(hToken);
 
 //Find wc3 windows
 //找到war3的窗体句柄,并获得进程PID
 HWND hwar3=::FindWindow(NULL,"Warcraft III");
 DWORD PID, TID;
 TID = ::GetWindowThreadProcessId (hwar3, &PID);

 //Open wc3 process
 //打开war3进程以供编辑
 HANDLE hopen=OpenProcess( PROCESS_ALL_ACCESS|PROCESS_TERMINATE|PROCESS_VM_OPERATION|PROCESS_VM_READ|
  PROCESS_VM_WRITE,FALSE,PID);
 
 //Write memory
 //这里就是内存补丁的内容了,这个需要调试war3程序才能搞清楚怎么补,国内的
 //MH基本上都是靠调试国外的MH得到的修改方法,还没见过什么原创的
 //这里的修改是war3 1.20版的,和常用的1.20e不是一个版本。
 DWORD data=0x74;
 bret=WriteProcessMemory(hopen,(LPVOID)0x6F4069F0,&data,1,0);
 data=0x8B;
 bret=WriteProcessMemory(hopen,(LPVOID)0x6F406A0E,&data,1,0);
 data=0x09;
 bret=WriteProcessMemory(hopen,(LPVOID)0x6F406A0F,&data,1,0);
 data=0x90;
 bret=WriteProcessMemory(hopen,(LPVOID)0x6F406A10,&data,1,0);
 data=0x8B;
 bret=WriteProcessMemory(hopen,(LPVOID)0x6F406A13,&data,1,0);
 data=0x09;
 bret=WriteProcessMemory(hopen,(LPVOID)0x6F406A14,&data,1,0);
 data=0x90;
 bret=WriteProcessMemory(hopen,(LPVOID)0x6F406A15,&data,1,0);
 data=0x90;
 bret=WriteProcessMemory(hopen,(LPVOID)0x6F29FE20,&data,1,0);
 data=0x90;
 bret=WriteProcessMemory(hopen,(LPVOID)0x6F29FE21,&data,1,0);
 data=0x00;
 bret=WriteProcessMemory(hopen,(LPVOID)0x6F149198,&data,1,0);
 data=0x40;
 bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A0803,&data,1,0);
 data=0x33;
 bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A0804,&data,1,0);
 data=0xC0;
 bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A0805,&data,1,0);
 data=0x42;
 bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A0806,&data,1,0);
 data=0x33;
 bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A0807,&data,1,0);
 data=0xD2;
 bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A0808,&data,1,0);
 data=0xEB;
 bret=WriteProcessMemory(hopen,(LPVOID)0x6F14A0B4,&data,1,0);
 data=0xEB;
 bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A0703,&data,1,0);
 
 //Close handle
 bret=CloseHandle(hopen);
 return 0;
}

posted on 2009-07-20 22:10 三水寿 阅读(2196) 评论(0)  编辑 收藏 引用


只有注册用户登录后才能发表评论。
网站导航: 博客园   IT新闻   BlogJava   知识库   博问   管理