上一个内容:41.HOOK引擎设计原理
以 40.设计HOOK引擎的好处 它的代码为基础进行修改
主要做的是读写寄存器
效果图
添加一个类
htdHook.h文件中的实现
#pragma once
class htdHook
{
public:
htdHook();
};
htdHook.cpp文件中的实现:
#include "pch.h"
#include "htdHook.h"
unsigned GetJMPCode(unsigned distance, unsigned eip) {
return distance - eip - 0x5;
}
void _stdcall DisHook(unsigned esp) {
CString wTxt;
wTxt.Format(L"%X", esp);
AfxMessageBox(wTxt);
}
// 全局变量区可能无法执行,需要设置它内存的属性为可执行
char data_code[]{
0x60,// pushad
0x9C,// pushfd
0x54,// push esp
0xE8,0xCC,0xCC,0xCC,0xCC, // call DisHook
0x9D,// popfd
0x61,//popad
0xC3//retn
};
htdHook::htdHook()
{
DWORD dOld;
VirtualProtect(data_code, sizeof(data_code), PAGE_EXECUTE_READWRITE, &dOld);
unsigned* Adr = (unsigned*)(data_code + 0x4);
unsigned target = (unsigned)DisHook;
Adr[0] = GetJMPCode(target, (unsigned)(data_code + 0x3));
CString wTxt;
wTxt.Format(L"%X", data_code);
AfxMessageBox(wTxt);
}
在CWndMain.h文件中通过构造方法来把读写寄存器的代码写入到游戏中
