标题:我有一句不知道怎么更改才是正确的。奉上源码。
只看楼主
wuxianjyg
Rank: 1
等 级:新手上路
帖 子:3
专家分:0
注 册:2013-4-2
结帖率:50%
已结贴  问题点数:5 回复次数:2 
我有一句不知道怎么更改才是正确的。奉上源码。
hThread = &OpenThread(THREAD_ALL_ACCESS,FALSE,tid);
错误C4013:警告函数“OpenThread"未定义;假设外部返回 int
还有一个错误C2102没有标示。我也不明白。

完整的在下面:

#include <stdio.h>
#include <windows.h>
#include <TlHelp32.h>
#include <gl/gl.h>

#pragma pack(1)

static __declspec(naked)void glrange()
{
__asm{
  PUSH 0x3FE00000
  PUSH 0
  PUSH 0
  PUSH 0
  mov eax,0
  call eax
  ret
}
}

static __declspec(naked)void glbeginhook(GLenum mode)
{
__asm{
  push ebp
  mov ebp,esp
  mov eax,0
  push eax
}
if(mode==GL_TRIANGLE_STRIP || mode==GL_TRIANGLE_FAN)
{
  glrange();
}
__asm{
  pop eax
  leave
  jmp eax
}
}
static __declspec(naked)void glrangeend(){}
#pragma pack()

#ifndef CONTEXT_ALL
#ifndef CONTEXT_DEBUG
#ifndef CONTEXT_IA64
#define CONTEXT_IA64 0x00080000
#endif
#ifndef CONTEXT_IA32_CONTROL
#define CONTEXT_IA32_CONTROL (CONTEXT_IA64 | 0x00000020L)
#endif
#define CONTEXT_DEBUG (CONTEXT_IA64 | 0x00000010L)
#endif
#define CONTEXT_ALL (CONTEXT_CONTROL | CONTEXT_FLOATING_POINT | CONTEXT_INTEGER | CONTEXT_DEBUG | CONTEXT_IA32_CONTROL)
#endif


DWORD GetThreadSafeSection(HANDLE hThread)
{
CONTEXT tRegister;
LDT_ENTRY ldt;
tRegister.ContextFlags = CONTEXT_ALL;
if(GetThreadContext(hThread,&tRegister))
{
  if(GetThreadSelectorEntry(hThread,tRegister.SegFs,&ldt))
  {
   return (DWORD)ldt.BaseLow | (DWORD)(ldt.HighWord.Bits.BaseMid << 16) | (DWORD)(ldt.HighWord.Bits.BaseHi << 24);
  }
}
return 0;
}
int main(int argc, char* argv[])
{
DWORD pid,tid;
HANDLE hProcess,hThread;
DWORD dwFS;
HMODULE hOpenGL;
PVOID pWrite;
DWORD oldprotect;
DWORD dwBegin;
DWORD pnewAddr;
FARPROC pglRange;
PVOID pWriteMem;
HWND hWnd = FindWindow("ACG!",NULL);
if(!hWnd)
  hWnd = FindWindow("Valve001",NULL);
if(!hWnd){
  printf("没有找到CS1.6游戏\n");
  return -1;
}
tid = GetWindowThreadProcessId(hWnd,&pid);
hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,pid);
hThread = &OpenThread(THREAD_ALL_ACCESS,FALSE,tid);
dwFS = GetThreadSafeSection(hThread);
printf("获取远程设置成功0x%X\n",dwFS);
hOpenGL = LoadLibrary("opengl32.dll");
pglRange = GetProcAddress(hOpenGL,"glDepthRange");
//
__asm{
  lea eax,glrange
  add eax,12
  mov pWrite,eax
}

VirtualProtect(pWrite,4,PAGE_EXECUTE_READWRITE,&oldprotect);
*(PDWORD)pWrite = (DWORD)pglRange;
pWriteMem = VirtualAllocEx(hProcess,0,1024,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
printf("远程内存申请成功0x%X\n",pWriteMem);
//读取远程显卡glBegin地址
ReadProcessMemory(hProcess,(PVOID)(dwFS+0x7cc),&dwBegin,4,NULL);
__asm{
  lea eax,glbeginhook
  add eax,4
  mov pWrite,eax
}
VirtualProtect(pWrite,4,PAGE_EXECUTE_READWRITE,&oldprotect);
__asm{
  mov eax,pWrite
  mov ecx,dwBegin
  mov dword ptr [eax],ecx
}
WriteProcessMemory(hProcess,pWriteMem,&glrange,((DWORD)&glrangeend-(DWORD)&glrange),NULL);
__asm{
  lea eax,glbeginhook
  lea ecx,glrange
  sub eax,ecx
  add eax,pWriteMem
  mov pnewAddr,eax
}
//hook,开始wallhack
WriteProcessMemory(hProcess,(PVOID)(dwFS+0x7cc),&pnewAddr,4,NULL);
printf("软件启动成功\n");
Sleep(2000);
return 0;
}
//code end eof
搜索更多相关主题的帖子: static void include 
2013-04-02 18:23
wuxianjyg
Rank: 1
等 级:新手上路
帖 子:3
专家分:0
注 册:2013-4-2
得分:0 
不要沉啊!
求大神回答下啊!!!
2013-04-03 19:07
邓士林
Rank: 19Rank: 19Rank: 19Rank: 19Rank: 19Rank: 19
来 自:淮河河畔
等 级:贵宾
威 望:61
帖 子:2391
专家分:13384
注 册:2013-3-3
得分:5 
不好意思啊!我也不想它沉,我从头到尾没看懂,我才疏学浅,建议你去拜访下版主。

Maybe
2013-04-03 20:18



参与讨论请移步原网站贴子:https://bbs.bccn.net/thread-402900-1-1.html




关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.049984 second(s), 8 queries.
Copyright©2004-2024, BCCN.NET, All Rights Reserved