|
|
提醒:若下载的软件是收费的"请不要付款",可能是骗子,请立即联系本站举报,执意要付款被骗后本站概不负责。(任何交易请走第三方中介,请勿直接付款交易以免被骗!切记).
剑网3过检测过保护
原理简单;在游戏启动之前HOOK ZwSetInformationThread这个函数,PASS掉ThreadHideFromDebugger就能让调试器能够正常接收异常
程序
[C] 纯文本查看 复制代码 #include "stdafx.h"
int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
// TODO: Place code here.
STARTUPINFO si;
memset(&si,0,sizeof(STARTUPINFO));//初始化si在内存块中的值(详见memset函数)
si.cb=sizeof(STARTUPINFO);
si.dwFlags=STARTF_USESHOWWINDOW;
si.wShowWindow=SW_SHOW;
PROCESS_INFORMATION pi;//必备参数设置结束
::CreateProcess(NULL, "JX3Client.exe DOTNOTSTARTGAMEBYX3CLIENT.EXE", NULL, NULL, 0, CREATE_SUSPENDED, NULL, NULL, &si, &pi);
char s[] = ".\\Jx3DLL.dll";
int nSize = ::strlen(s) + 1;
void *pParam = ::VirtualAllocEx(pi.hProcess, 0, nSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
::WriteProcessMemory(pi.hProcess, pParam, s, nSize, 0);
HANDLE hThread = ::CreateRemoteThread(pi.hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)LoadLibraryA, pParam, 0, NULL);
::WaitForSingleObject(hThread, INFINITE);
::CloseHandle(hThread);
::VirtualFreeEx(pi.hProcess, pParam, nSize, MEM_DECOMMIT);
::ResumeThread(pi.hThread);
//不使用的句柄最好关掉
CloseHandle(pi.hThread);
CloseHandle(pi.hProcess);
return 0;
}
dll
[C] 纯文本查看 复制代码 // Jx3DLL.cpp : Defines the entry point for the DLL application.
//
#include "stdafx.h"
typedef enum _THREADINFOCLASS {
ThreadBasicInformation,
ThreadTimes,
ThreadPriority,
ThreadBasePriority,
ThreadAffinityMask,
ThreadImpersonationToken,
ThreadDescriptorTableEntry,
ThreadEnableAlignmentFaultFixup,
ThreadEventPair_Reusable,
ThreadQuerySetWin32StartAddress,
ThreadZeroTlsCell,
ThreadPerformanceCount,
ThreadAmILastThread,
ThreadIdealProcessor,
ThreadPriorityBoost,
ThreadSetTlsArrayAddress,
ThreadIsIoPending,
ThreadHideFromDebugger,//这个就是用来将线程对调试器隐藏
ThreadBreakOnTermination,
ThreadSwitchLegacyState,
ThreadIsTerminated,
MaxThreadInfoClass
} THREADINFOCLASS;
typedef DWORD (WINAPI *ZWSETINFORMATIONTHREAD)(HANDLE, THREADINFOCLASS, PVOID, DWORD);
ZWSETINFORMATIONTHREAD ZwSetInformationThread = NULL;
BYTE ZwSetInformationThread_Begin[5] = {0};
BYTE ZwSetInformationThread_Hook[5] = {0xE9, 0, 0, 0, 0};
DWORD WINAPI MyZwSetInformationThread(HANDLE ThreadHandle, THREADINFOCLASS ThreadInformationClass, PVOID ThreadInformation, DWORD ThreadInformationLength)
{
::WriteProcessMemory(HANDLE(-1), ZwSetInformationThread, ZwSetInformationThread_Begin, 5, 0);
DWORD Ret = TRUE;
if(ThreadInformationClass != ThreadHideFromDebugger)
{
Ret = ZwSetInformationThread(ThreadHandle, ThreadInformationClass, ThreadInformation, ThreadInformationLength);
}
::WriteProcessMemory(HANDLE(-1), ZwSetInformationThread, ZwSetInformationThread_Hook, 5, 0);
return Ret;
}
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
ZwSetInformationThread = (ZWSETINFORMATIONTHREAD)::GetProcAddress(::GetModuleHandle("NTDLL.dll"), "ZwSetInformationThread");
*(DWORD*)(ZwSetInformationThread_Hook+1) = (DWORD)MyZwSetInformationThread - (DWORD)ZwSetInformationThread - 5;
::ReadProcessMemory(HANDLE(-1), ZwSetInformationThread, ZwSetInformationThread_Begin, 5, 0);
::WriteProcessMemory(HANDLE(-1), ZwSetInformationThread, ZwSetInformationThread_Hook, 5, 0);
break;
case DLL_PROCESS_DETACH:
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
}
return TRUE;
}
已做成成品程序
使用方法;下载后将解压的文件放到到游戏的“zhcn”目录下,然后运行“Jx3EXE.exe”启动游戏,这样OD和CE能够正常下断点和调试了
过剑网3保护.rar
(24.72 KB, 下载次数: 38)
联系我时,请说是在 挂海论坛 上看到的,谢谢! |
上一篇: 上古世纪全套源码分享下一篇: LOL7.15无视距易语言源码
免责声明:
1、本主题所有言论和图片纯属会员个人意见,与本论坛立场无关。一切关于该内容及资源商业行为与www.52ghai.com无关。
2、本站提供的一切资源内容信息仅限用于学习和研究目的;不得将上述内容用于商业或者非法用途,否则,一切后果请用户自负。
3、本站信息来自第三方用户,非本站自制,版权归原作者享有,版权争议与本站无关。您必须在下载后的24个小时之内,从您的电脑或手机中彻底删除上述内容。
4、如果您喜欢该程序,请支持正版,购买注册,得到更好的正版服务。如有侵犯你版权的,请邮件与我们联系删除(邮箱:xhzlw@foxmail.com),本站将立即改正。
|
好评
贡献
海币
交易币
发表于 2017-10-24 22:37:07
收藏
转播
淘帖
支持
反对
提升卡
置顶卡
变色卡
千斤顶
照妖镜
