將DLL的程序寫到EXE如何達成 |
尚未結案
|
guardian635
一般會員 發表:19 回覆:6 積分:5 註冊:2009-11-21 發送簡訊給我 |
我這有個VC所寫的DLL
我想將此程序寫道BCB的EXE裡面 我嘗試寫入都失敗 是否有大哥們幫助我 以下是我VC的源碼 [code cpp] / ========================================================= // Name: Nimov1.1 Bypass AhnLab HackShield 5.3.5.1024 // Date: April, 14, 2010// Author: Unknown (I just copy and re-write....) // ========================================================= // NimoHS.cpp : 定義 DLL 應用程式的匯出函式。 #include "stdafx.h" //#include "conio.h" DWORD MSCRCStart = 0x00401000, MSCRCEnd = 0x00BFE000; DWORD MSCRCSize = MSCRCEnd - MSCRCStart; LPVOID FakeBaseAddr = 0; DWORD TID; DWORD CrackMSCRC; DWORD AOB = 0x8B09B60F; HANDLE (WINAPI *OriginalOpenProcess)(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId) = OpenProcess; typedef void (WINAPI *pFunc)(void); pFunc OrgMSCRC; bool SetHook(bool bState, PVOID* ppPointer, PVOID pDetour) { if (DetourTransactionBegin() == NO_ERROR) if (DetourUpdateThread(GetCurrentThread()) == NO_ERROR) if ((bState ? DetourAttach : DetourDetach)(ppPointer, pDetour) == NO_ERROR) if (DetourTransactionCommit() == NO_ERROR) return true; return false; } HANDLE WINAPI OpenProcessHook(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId) { if (GetCurrentProcessId() == dwProcessId) { SetLastError(ERROR_INVALID_PARAMETER); return NULL; } return OriginalOpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId); } void __declspec(naked) WINAPI MSCRCHook() { __asm { push eax lea eax,[ecx] cmp eax,[MSCRCStart] jb Normal cmp eax,[MSCRCEnd] ja Normal push ebx mov ebx,[FakeBaseAddr] sub eax,[MSCRCStart] add eax,ebx movzx ecx,byte ptr [eax] pop ebx pop eax jmp [CrackMSCRC] Normal: pop eax jmp OrgMSCRC } } void Success() { MessageBox(0,L"Nimo Anti-MS-HS-CRC-Check Init Successfully!",L"NimoMSHS by nimo1993.", MB_OK | MB_ICONINFORMATION); } void Failure() { MessageBox(0,L"Nimo Anti-MS-HS-CRC-Check Fail!",L"NimoMSHS by nimo1993.", MB_OK | MB_ICONERROR); } void HSHook() { if(FakeBaseAddr == 0) { FakeBaseAddr = VirtualAlloc(NULL, MSCRCSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); memcpy(FakeBaseAddr, (void*)MSCRCStart, MSCRCSize); for (unsigned int i = MSCRCStart; i < MSCRCEnd; i ) { if (*(DWORD*)i == 0x8B09B60F) { OrgMSCRC = (pFunc)i; break; } } if (SetHook(true, (PVOID*)&OriginalOpenProcess, (PVOID)OpenProcessHook) && SetHook(true, (PVOID*)&OrgMSCRC, (PVOID)MSCRCHook)) CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)Success,NULL,0,&TID); else CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)Failure,NULL,0,&TID); CrackMSCRC = (DWORD)(DWORD*)OrgMSCRC 3; } } [/code] 編輯記錄
guardian635 重新編輯於 2010-04-17 12:56:35, 註解 無‧
|
本站聲明 |
1. 本論壇為無營利行為之開放平台,所有文章都是由網友自行張貼,如牽涉到法律糾紛一切與本站無關。 2. 假如網友發表之內容涉及侵權,而損及您的利益,請立即通知版主刪除。 3. 請勿批評中華民國元首及政府或批評各政黨,是藍是綠本站無權干涉,但這裡不是政治性論壇! |