内存补丁程序编写#include "stdafx.h"
#include <windows.h>
int main(int argc, char* argv[])
{
#define PATCH_ADDRESS 0x00408EC2
char szFileName[] = "";
BOOL flag = TRUE;
BYTE ReadBuffer[128] = {0};
BYTE TarGetData[] = {0x0F,0x85,0x0A,0x00,0x00,0x00};
BYTE WriteData[] = {0x74,0x0E,0x90,0x90,0x90,0x90};
DWORD Oldpp;
STARTUPINFO si = {sizeof(STARTUPINFO)};
PROCESS_INFORMATION pi;
if (!CreateProcessA(szFileName,0,0,0,0,CREATE_SUSPENDED,0,0,&si,&pi))
{
MessageBox(NULL,"CreateProcess Failed","error",MB_ICONERROR);
return FALSE;
}
while (flag)
{
ResumeThread(pi.hThread);
Sleep(10);//程序运⾏10MS
SuspendThread(pi.hThread);//看程序是否已解码
ReadProcessMemory(pi.hProcess,(LPVOID)PATCH_ADDRESS,&ReadBuffer,6,NULL);
if (0 == memcmp(TarGetData,ReadBuffer,6))
{
VirtualProtectEx(pi.hProcess,(LPVOID)PATCH_ADDRESS,6,PAGE_EXECUTE_READWRITE,&Oldpp); WriteProcessMemory(pi.hProcess,(LPVOID)PATCH_ADDRESS,&WriteData,6,0);
ResumeThread(pi.hThread);
flag = FALSE;
}
}
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
return 0;
}
程序破解思路是
00408EC2 /0F85 0A000000 jnz 5Star.00408ED2 //改这⾥的跳位jz
00408EC8 |6A 00 push 0x0
00408ECA |E8 065C0000 call 5Star.0040EAD5
00408ECF |83C4 04 add esp,0x4createprocessa
00408ED2 \8B5D FC mov ebx,dword ptr ss:[ebp-0x4]
00408ED5 85DB test ebx,ebx
00408ED7 74 09 je X5Star.00408EE2
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论