• 主页
  • MT4
  • 一种破dll的内存补丁办法

一种破dll的内存补丁办法

日期:2020-6-9 天泓评测 MT4 浏览:1245次 评论:0条 
#import "kernel32.dll"
   int  GetCurrentProcess();
   int  WriteProcessMemory(int handle, int address, int& buffer[], int size, int& written);
   int  GetModuleHandleA(string module);
   int  LoadLibraryA(string module);
#import

int ProcessPatch(string module, int address, int byte)
{
   int mem[1];
   int out;
   mem[0] = byte;
   int hproc = GetCurrentProcess();
   int hmod = GetModuleHandleA(module);
   int addr = address + hmod;
   int result = WriteProcessMemory(hproc, addr, mem, 1, out);
   return (result);
}

   LoadLibraryA("experts\libraries\Fusion.dll");
   ProcessPatch("Fusion.dll", 0x6d37, 0xeb);
   ProcessPatch("Fusion.dll", 0x6d38, 0x11);
   ProcessPatch("Fusion.dll", 0x6e37, 0xeb);
   ProcessPatch("Fusion.dll", 0x6e38, 0x11);
   ProcessPatch("Fusion.dll", 0x6f3d, 0xeb);
   ProcessPatch("Fusion.dll", 0x6f3e, 0x11);
   ProcessPatch("Fusion.dll", 0x723d, 0xeb);
   ProcessPatch("Fusion.dll", 0x723e, 0x11);
   ProcessPatch("Fusion.dll", 0x7376, 0xeb);
   ProcessPatch("Fusion.dll", 0x7377, 0x11);
   ProcessPatch("Fusion.dll", 0x412c4, 1);
   ProcessPatch("Fusion.dll", 0x412c8, 0);
   ProcessPatch("Fusion.dll", 0x412c9, 0x40);
   ProcessPatch("Fusion.dll", 0x412ca, 0);
   ProcessPatch("Fusion.dll", 0x412cb, 0);


从该例可以看出,先调用dll,之后要找出所有dll的多处位点,然后改掉。
本博客所有文章如无特别注明均为原创。作者:天泓评测
分享到:更多

相关推荐

发表评论

路人甲 表情
Ctrl+Enter快速提交

网友评论(0)