xiaoguozi's Blog
Pay it forword - 我并不觉的自豪,我所尝试的事情都失败了······习惯原本生活的人不容易改变,就算现状很糟,他们也很难改变,在过程中,他们还是放弃了······他们一放弃,大家就都是输家······让爱传出去,很困难,也无法预料,人们需要更细心的观察别人,要随时注意才能保护别人,因为他们未必知道自己要什么·····
钩子应用-1
这几天对汇编来了兴趣~,同时对setWindowsHook感兴趣,所以研究了下扫雷程序用OD,参考了网上的分析和自己的实践,写了个扫雷辅助~,用setWindowsHook ,附上学习成果~
dll.cpp

#include "saoleiDll.h"

#pragma   data_seg("Shared")
HINSTANCE g_hInstance = NULL;
HHOOK       g_hHook = NULL;
HWND         g_hWnd = NULL;
#pragma   data_seg()
#pragma   comment(linker,"/SECTION:Shared,RWS")   

LRESULT WINAPI MouseProc(int nCode,WPARAM wParam,LPARAM lParam){
    //MessageBox(g_hWnd,L"DD",L"DD",MB_OK);
    DWORD x = 0x10056A8;
    DWORD y = 0x10056AC;
    DWORD addr = 0x1005361;

    wchar_t d[100];
    int ny=*((wchar_t*)x);
    int nx=*((wchar_t*)y);

    DWORD pFunc = 0x01003512 ; 

    for(int i=0;i<ny;i++){
        for(int j=0;j<nx;j++){
            int tmp=*((char*)(addr+32*i+j));
            if(tmp==0x8E){
            }else if(tmp==0x0F){
                {
                    int xi=i+1;
                    int yi=j+1;
                    __asm{
                        push xi
                        push yi
                        call pFunc
                    }
                }
            }
        }
    }

    //wsprintf(d,L"%d %d",ny,nx);
    //MessageBox(g_hWnd,d,L"DD",MB_OK);
    return  CallNextHookEx(g_hHook,nCode,wParam,lParam);
};
HHOOK InstallHook (HWND hWnd,DWORD dwThreadId)
{
    if(dwThreadId!=0){
        g_hWnd = hWnd;
        g_hHook = SetWindowsHookEx(WH_KEYBOARD,MouseProc,g_hInstance,dwThreadId);
        return g_hHook;
    }else{
        return NULL;
    }
}
void UninstallHook()
{
    UnhookWindowsHookEx(g_hHook);
}
BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
                     )
{
    switch (ul_reason_for_call)
    {
    case DLL_PROCESS_ATTACH:
        g_hInstance=(HINSTANCE)hModule;
        break;
    case DLL_THREAD_ATTACH:
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH:
        break;
    }
    return TRUE;
}

engine.h

#ifndef __engine_h__
#define __engine_h__
#include "..\saoleiDll\saoleiDll.h"

#pragma comment(lib,"..\\Debug\\saoleiDll.lib")
DWORD dwThreadId;
HWND hhWnd;
extern HWND hWnd;
void process(){
    DWORD x = 0x10056A8;
    DWORD y = 0x10056AC;
    DWORD addr = 0x1005361;

    hhWnd=FindWindow(NULL,L"扫雷");
    DWORD hProcessId;
    dwThreadId=GetWindowThreadProcessId(hhWnd, &hProcessId);
    HANDLE Process = OpenProcess(PROCESS_VM_OPERATION| PROCESS_VM_WRITE|PROCESS_VM_READ, false, hProcessId);

    if(Process==NULL){
    //MessageBox(-1,GetLastError(),"D",MB_OK);
        DWORD sd=GetLastError();
    }


    unsigned short int nx=0,ny=0;
    ReadProcessMemory(Process,(LPCVOID)x,&ny,2,NULL);
    ReadProcessMemory(Process,(LPCVOID)y,&nx,2,NULL);

    unsigned short int s=0,b=0;
    int test=0;
    int cnt=0;
    for(int i = 0; i < ny; i ++){
        for(int j = 0; j < nx; j++){
            ::ReadProcessMemory(Process, (LPCVOID)(addr + 32*i+j), &b, 1, NULL);
            if (b == 0x8F) 
            {
                cnt++;
                s = 0x8E; 
                ::WriteProcessMemory(Process, (LPVOID)(addr + (nx+2)*i+j), &s, 1, NULL);
                ReadProcessMemory(Process, (LPCVOID)(addr + (nx+2)*i+j), &test, 1, NULL);
            }
        }
    }
    ::InvalidateRect(hhWnd, NULL, true);
    ::CloseHandle(Process);
}

#endif


posted on 2010-06-30 20:42 小果子 阅读(147) 评论(0)  编辑 收藏 引用 所属分类: 学习笔记

只有注册用户登录后才能发表评论。
网站导航: 博客园   IT新闻   BlogJava   知识库   博问   管理


Copyright ©2024 小果子 Powered By博客园 模板提供:沪江博客