Ejemplo n.º 1
0
        public bool Init()
        {
            //string t = "[3=08,4=00]={48,32,62,78}[3=07,4=00]={48,32,62,78}";

            //RegisterRule(0x80, t);
            //byte[] b = new byte[] { 0x80, 0x00, 0x00, 0x08, 0x00 };

            ////   byte [] ret=  matchRule(b);
            //return false;
            hwnd        = LoadDll.FindWindow("WSGAME", null).ToInt32();
            Global.addr = new mhxy.AddrManager().loadAddr(hwnd);
            //汇编指令
            byte[] code = { 104, 0, 0, 0, 0, 104, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 87, 191, 0, 0, 46, 0, 141, 127, 1, 136, 12, 16, 131, 63, 0, 117, 10, 232, 128, 0, 0, 0, 131, 63, 0, 116, 77, 131, 127, 5, 0, 117, 11, 232, 70, 0, 0, 0, 131, 127, 5, 0, 116, 60, 133, 192, 117, 13, 96, 106, 255, 255, 55, 185, 54, 17, 159, 117, 255, 209, 97, 139, 95, 5, 136, 76, 24, 4, 131, 248, 3, 114, 31, 15, 183, 90, 1, 131, 195, 2, 57, 216, 114, 20, 139, 95, 5, 199, 3, 1, 0, 0, 0, 96, 255, 55, 187, 30, 17, 159, 117, 255, 211, 97, 95, 194, 12, 0, 96, 141, 79, 9, 81, 106, 0, 106, 2, 186, 11, 75, 159, 117, 255, 210, 104, 0, 32, 0, 0, 49, 210, 82, 82, 106, 2, 80, 186, 193, 24, 159, 117, 255, 210, 95, 87, 137, 71, 5, 97, 195, 96, 141, 79, 21, 81, 106, 0, 104, 1, 0, 31, 0, 186, 239, 239, 160, 117, 255, 210, 95, 87, 137, 7, 97, 195, 49, 192, 232, 0, 0, 0, 0, 89, 139, 121, 39, 133, 255, 116, 19, 49, 219, 102, 187, 0, 4, 137, 7, 137, 4, 59, 141, 60, 95, 137, 7, 137, 4, 59, 95, 91, 89, 194, 8, 0, 104, 0, 0, 0, 0, 104, 0, 0, 0, 0, 104, 0, 0, 0, 0, 104, 0, 0, 0, 0, 104, 0, 0, 0, 0, 104, 0, 0, 0, 0, 104, 0, 0, 0, 0, 104, 0, 0, 0, 0, 131, 124, 36, 24, 0, 117, 12, 232, 131, 0, 0, 0, 131, 124, 36, 24, 0, 116, 115, 131, 124, 36, 28, 0, 117, 12, 232, 161, 0, 0, 0, 131, 124, 36, 28, 0, 116, 96, 96, 106, 255, 255, 116, 36, 60, 185, 54, 17, 159, 117, 255, 209, 97, 49, 200, 139, 76, 36, 24, 133, 210, 117, 17, 60, 241, 117, 13, 15, 182, 89, 5, 131, 195, 2, 137, 95, 16, 198, 1, 1, 49, 219, 102, 187, 0, 4, 128, 57, 1, 15, 68, 68, 17, 4, 141, 12, 25, 137, 68, 17, 4, 137, 17, 141, 12, 25, 128, 57, 1, 15, 68, 68, 17, 4, 141, 12, 25, 137, 68, 17, 4, 96, 255, 116, 36, 60, 187, 30, 17, 159, 117, 255, 211, 97, 131, 196, 32, 95, 91, 89, 194, 8, 0, 96, 141, 76, 36, 48, 81, 106, 0, 106, 2, 187, 11, 75, 159, 117, 255, 211, 104, 0, 32, 0, 0, 49, 219, 83, 83, 106, 2, 80, 186, 193, 24, 159, 117, 255, 210, 137, 68, 36, 60, 139, 76, 36, 32, 137, 65, 210, 97, 195, 96, 141, 76, 36, 36, 81, 106, 0, 104, 1, 0, 31, 0, 186, 239, 239, 160, 117, 255, 210, 137, 68, 36, 64, 139, 76, 36, 32, 137, 65, 186, 97, 195, 0, 0, 0, 0, 0, 0 };

            string hexHwnd = StringUtil.IntToHex(hwnd);

            recvHwnd = new util.ShareMemory("MYs" + hexHwnd, shareSize);
            sendHwnd = new util.ShareMemory("MYf" + hexHwnd, shareSize);
            recvHC   = new util.WinMutex("HCs" + hexHwnd);
            sendHC   = new util.WinMutex("HCf" + hexHwnd);
            Start();
            code = StringUtil.ReplaceBytes(code, 11, 12, GetByteEnd(recvHwnd.HwndName, new byte[] { 0 }));

            code = StringUtil.ReplaceBytes(code, 23, 12, GetByteEnd(recvHC.Name, new byte[] { 0 }));

            byte[] jj = GetByteEnd(sendHwnd.HwndName, new byte[] { 0 });
            byte[] kk = jj.Skip(jj.Length - 4).Take(4).ToArray();
            //=====================================
            code = StringUtil.ReplaceBytes(code, 261, 4, kk);
            kk   = jj.Skip(4).Take(4).ToArray();
            code = StringUtil.ReplaceBytes(code, 266, 4, kk);
            kk   = jj.Skip(0).Take(4).ToArray();
            code = StringUtil.ReplaceBytes(code, 271, 4, kk);

            jj   = GetByteEnd(sendHC.Name, new byte[] { 0 });
            kk   = jj.Skip(jj.Length - 4).Take(4).ToArray();
            code = StringUtil.ReplaceBytes(code, 276, 4, kk);
            kk   = jj.Skip(4).Take(4).ToArray();
            code = StringUtil.ReplaceBytes(code, 281, 4, kk);
            kk   = jj.Skip(0).Take(4).ToArray();
            code = StringUtil.ReplaceBytes(code, 286, 4, kk);
            //====

            int addr = (int)util.WinApi.MallocMemory((IntPtr)hwnd, 4096);

            code = StringUtil.ReplaceBytes(code, 37, 4, BitConverter.GetBytes(addr));

            IntPtr kernelHwnd = util.WinApi.GetModuleHandleA("kernel32.dll");

            int[] moduleAddrs = new int[5];
            moduleAddrs[0] = (int)util.WinApi.GetProcAddress(kernelHwnd, "WaitForSingleObject");
            moduleAddrs[1] = (int)util.WinApi.GetProcAddress(kernelHwnd, "ReleaseMutex");
            moduleAddrs[2] = (int)util.WinApi.GetProcAddress(kernelHwnd, "OpenFileMappingA");
            moduleAddrs[3] = (int)util.WinApi.GetProcAddress(kernelHwnd, "MapViewOfFile");
            moduleAddrs[4] = (int)util.WinApi.GetProcAddress(kernelHwnd, "OpenMutexA");
            int[] oldAddrs = new int[5] {
                1973358902, 1973358878, 1973373707, 1973360833, 1973481455
            };
            int n    = 0;
            int flag = 0;//标志位

            for (int i = 0; i < 10; i++)
            {
                if (flag == 5)
                {
                    flag = 0;
                }
                kk   = BitConverter.GetBytes(oldAddrs[flag]);
                jj   = BitConverter.GetBytes(moduleAddrs[flag]);
                n    = n + 1;
                n    = StringUtil.FindBytes(code, kk, n);
                code = StringUtil.ReplaceBytes(code, n + 1, 4, jj);
                flag++;
            }


            LoadDll.WriteMemoryHwndValue((IntPtr)hwnd, addr, code);

            code = StringUtil.AppendBytes(new byte[] { 104 }, BitConverter.GetBytes(addr + 34), new byte[] { 195 });

            LoadDll.WriteMemoryHwndValue((IntPtr)hwnd, Global.addr.msg, code);

            code = StringUtil.AppendBytes(new byte[] { 104 }, BitConverter.GetBytes(addr + 209), new byte[] { 195 });
            LoadDll.WriteMemoryHwndValue((IntPtr)hwnd, Global.addr.pkgEnd, code);

            code = StringUtil.AppendBytes(new byte[] { 104 }, BitConverter.GetBytes(addr + 249), new byte[] { 195 });
            LoadDll.WriteMemoryHwndValue((IntPtr)hwnd, Global.addr.toPkg, code);



            return(false);
        }