from http://zerray.com/

?

由于紅警2中保存金錢的位置每次載入都不一樣，所以不能簡(jiǎn)單的 WriteProcessMemory 就行了。不過(guò)辦法當(dāng)然還是有的。查到一次的地址，然后在地址處下個(gè)斷點(diǎn)，動(dòng)態(tài)跟蹤一下就會(huì)發(fā)現(xiàn)，代碼中有一處 push eax 是用來(lái)給出保存金錢的地址的。在該處下斷點(diǎn)，每次?eax 的值加 2E8h 剛好是保存金錢的地址。嘿嘿，那只要在這里做一些手腳不就搞定了？在進(jìn)程的空間中找一處空閑的地方，例如地址A和其不遠(yuǎn)出的B，然后把push eax 的地方改成 jmp B 在B那里寫上 mov A, eax 這樣就把這個(gè)值保存在了一個(gè)固定的地方，然后再在B后面寫上被破壞的幾條指令，并最后jmp回原來(lái)的地址。OK了，現(xiàn)在我們只要去A處取地址，加上 2E8h 就能得到金錢的地址了，就又能改錢了，哈哈！至于改別的，我沒有試，大概方法都差不多。

下面是代碼，只適用于winxp，并且是針對(duì)尤里的復(fù)仇的。每次按下alt+1加50000的money。

.386
.model flat, stdcall
option casemap: none

include /masm32/include/windows.inc
include /masm32/include/kernel32.inc
include /masm32/include/user32.inc
include /masm32/include/shell32.inc
includelib /masm32/lib/kernel32.lib
includelib /masm32/lib/user32.lib
includelib /masm32/lib/shell32.lib

WinMain proto :DWORD, :DWORD, :DWORD, :DWORD

WM_SHELLNOTIFY equ WM_USER + 5
IDI_TRAY equ 0
YuriIcon equ 10000
HotKeyID equ 0ABC0h

.const
??? AppMutex db 'FixYuriMutex', 0
??? AlreadyRun db 'FixYuri is already running!', 0
??? AppName db 'FixYuri', 0
??? ClassName db 'FixYuriClass', 0
??? TargetTitle db 'Yuri''s Revenge', 0
??? HintText db 'press Alt+1 add 50000$', 0
??? YuriNotFound db 'Yuri''s Revenge is not running!', 0
??? Addr1 dd 004A2593h ; push eax 處的地址，別的機(jī)器上可能不同
??? Addr2 dd 00B78F10h ; 保存代碼的位置
??? Addr3 dd 00B78F00h?; 保存地址的位置
??? Data1 db 0E9h, 078h, 069h, 06Dh, 000h, 090h ; jmp 00B78F10h 的機(jī)器代碼
??? Data2 db 0A3h, 000h, 08Fh, 0B7h, 000h, 050h, 0FFh, 051h, 018h, 033h, 0D2h, 0E9h, 079h, 096h, 092h, 0FFh ; mov [00B78F10h], eax; push eax; call?dword ptr ds:[ecx+18]; xor edx, edx; jmp 004A2599h 的機(jī)器代碼
???
.data
??? pid dd 0
??? hd dd 0

.data?
??? inst HINSTANCE ?
??? cmd LPSTR ?
??? note NOTIFYICONDATA <?>
??? ico dd ?
??? tmp dd ?
??? Addr4 dd ?
??? dwFlag dd ?

.code
start:
??? invoke CreateMutex, NULL, FALSE, addr AppMutex
??? invoke GetLastError
??? .IF eax == ERROR_ALREADY_EXISTS
??????? invoke MessageBox, NULL, addr AlreadyRun, addr AppName, MB_OK or MB_ICONWARNING
??????? invoke ExitProcess, 0
??? .ENDIF
??? invoke GetModuleHandle, NULL

??? mov inst, eax
??? invoke GetCommandLine
??? mov cmd, eax
??? invoke WinMain, inst, NULL, cmd, SW_MINIMIZE
??? invoke ExitProcess, eax

WinMain proc hInst:HINSTANCE, hPrevInst:HINSTANCE, CmdLine:LPSTR, CmdShow:DWORD
??? LOCAL wc:WNDCLASSEX
??? LOCAL msg:MSG
??? LOCAL hwnd:HWND

??? mov wc.cbSize, SIZEOF WNDCLASSEX
??? mov wc.style, CS_HREDRAW or CS_VREDRAW
??? mov wc.lpfnWndProc, OFFSET WndProc
??? mov wc.cbClsExtra, NULL
??? mov wc.cbWndExtra, NULL
??? push hInst
??? pop wc.hInstance
??? mov wc.hbrBackground, COLOR_WINDOW + 1
??? mov wc.lpszMenuName, NULL
??? mov wc.lpszClassName, OFFSET ClassName
??? invoke LoadIcon, hInst, YuriIcon
??? mov wc.hIcon, eax
??? mov wc.hIconSm, eax
??? mov ico, eax
??? invoke LoadCursor, NULL, IDC_ARROW
??? mov wc.hCursor, eax
??? invoke RegisterClassEx, addr wc
??? invoke CreateWindowEx, NULL,/
?????????? addr ClassName,/
?????????? addr AppName,/
?????????? WS_OVERLAPPEDWINDOW and not WS_MAXIMIZEBOX and not WS_SIZEBOX,/
?????????? CW_USEDEFAULT,/
?????????? CW_USEDEFAULT,/
?????????? 200,/
?????????? 50,/
?????????? NULL,/
?????????? NULL,/
?????????? hInst,/
?????????? NULL
??? mov hwnd, eax
??? invoke ShowWindow, hwnd, CmdShow
??? invoke UpdateWindow, hwnd

??? .WHILE TRUE
??????? invoke GetMessage, addr msg, NULL, 0, 0
??????? .BREAK .IF (!eax)
??????? invoke TranslateMessage, addr msg
??????? invoke DispatchMessage, addr msg
??? .ENDW
??? mov eax, msg.wParam
??? ret
WinMain endp

WndProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM
??? LOCAL hdc: HDC
??? LOCAL ps: PAINTSTRUCT
??? LOCAL rect: RECT
??? .IF uMsg == WM_CREATE
??????? invoke RegisterHotKey, hWnd, HotKeyID, MOD_ALT, VK_1
??? .ELSEIF uMsg == WM_PAINT
??????? invoke BeginPaint, hWnd, addr ps
??????? mov hdc, eax
??????? invoke GetClientRect, hWnd, addr rect
??????? invoke DrawText, hdc, addr HintText, -1, addr rect,/
?????????????? DT_CENTER or DT_VCENTER or DT_SINGLELINE
??? .ELSEIF uMsg == WM_SIZE
??????? .IF wParam == SIZE_MINIMIZED
??????????? mov note.cbSize, SIZEOF NOTIFYICONDATA
??????????? push hWnd
??????????? pop note.hwnd
??????????? mov note.uID, IDI_TRAY
??????????? mov note.uFlags, NIF_ICON or NIF_MESSAGE or NIF_TIP
??????????? mov note.uCallbackMessage, WM_SHELLNOTIFY
??????????? push ico
??????????? pop note.hIcon
??????????? invoke lstrcpy, addr note.szTip, addr AppName
??????????? invoke ShowWindow, hWnd, SW_HIDE
??????????? invoke Shell_NotifyIcon, NIM_ADD, addr note
??????? .ENDIF
??? .ELSEIF uMsg == WM_SHELLNOTIFY
??????? .IF wParam == IDI_TRAY
??????????? .IF lParam == WM_LBUTTONDOWN
??????????????? invoke Shell_NotifyIcon, NIM_DELETE, addr note
??????????????? invoke ShowWindow, hWnd, SW_RESTORE
??????????????? invoke SetForegroundWindow, hWnd
??????????? .ENDIF
??????? .ENDIF
??? .ELSEIF uMsg == WM_HOTKEY
??????? .IF wParam == HotKeyID
??????????? .IF hd == 0
??????????????? invoke FindWindow, 0, addr TargetTitle
??????????????? .IF eax != 0
??????????????????? invoke GetWindowThreadProcessId, eax, addr pid
??????????????????? invoke OpenProcess, PROCESS_ALL_ACCESS, FALSE, pid
??????????????????? mov hd, eax
??????????????? .ENDIF
??????????????? .IF hd != 0
??????????????????? invoke WriteProcessMemory, hd, Addr1, addr Data1, SIZEOF Data1, NULL
??????????????????? invoke WriteProcessMemory, hd, Addr2, addr Data2, SIZEOF Data2, NULL
??????????????????? invoke Sleep, 1000
??????????????? .ELSE
??????????????????? invoke SetForegroundWindow, hWnd
??????????????????? invoke MessageBox, hWnd, addr YuriNotFound, addr AppName, MB_OK or MB_ICONWARNING
??????????????? .ENDIF
??????????? .ELSE
??????????????? invoke ReadProcessMemory, hd, Addr3, addr tmp, SIZEOF tmp, NULL
??????????????? .IF eax
??????????????????? push tmp
??????????????????? pop Addr4
??????????????????? add Addr4, 02e8h
??????????????????? invoke ReadProcessMemory, hd, Addr4, addr tmp, SIZEOF tmp, NULL
??????????????????? add tmp, 50000
??????????????????? invoke WriteProcessMemory, hd, Addr4, addr tmp, SIZEOF tmp, NULL
??????????????? .ELSE
??????????????????? mov hd, 0
??????????????? .ENDIF
??????????? .ENDIF
??????? .ENDIF
??? .ELSEIF uMsg == WM_DESTROY
??????? invoke UnregisterHotKey, hWnd, HotKeyID
??????? invoke PostQuitMessage, NULL
??? .ELSE
??????? invoke DefWindowProc, hWnd, uMsg, wParam, lParam
??????? ret
??? .ENDIF
??? xor eax, eax
??? ret
WndProc endp

end start

總結(jié)

以上是生活随笔為你收集整理的win32asm写的红警2的修改器的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。