偷别人的DNF外挂模拟CALL教程
大家好!我是下一站,幸福QQ:84077671
刚做了一个如何更新DNF模拟CALL的教程。接着我们来做如何偷别人的模拟CALL!
拿我们自己的模拟CALL来测试。看操作。
打开我们上一节课做的辅助!先登陆我们的游戏!呼出辅助后。我们加载DNF驱动
下来打开我们的OD附加DNF进程
很好!下来我们打开我们的上一节课的几个CALL拿来下断再返回就可以找到我们的模拟CALL
0263C345 B8 9003B200 mov eax,DNF.00B20390 ’还有这个CALL
005709E5 8BCF mov ecx,edi
005709E7 E8 F4E2FFFF call 0056ECE0
005709EC 85C0 test eax,eax
00B20390 这个吧。
----------------------------------------
入游戏。然后我们下断。然后马上按F1全屏雷电!手脚快点。我就不慢慢给你操作了!
换一个吧:用这个:0056ECE0
好按了F1断下的。然后复制我们的返回数据:返回到 09033983 (DNFOK.09033983)
DNFOK.DLL这个是我的DLL的名字。返回到这里。我们看看去
晕。没事。继续做完教程!
090339F8 8D45 08 lea eax,dword ptr ss:[ebp+8]
090339FB 50 push eax
090339FC 81C1 3C010000 add ecx,13C
09033A02 B8 404D4000 mov eax,404D40
09033A07 FFD0 call eax
09033A09 5D pop ebp
09033A0A C2 0400 retn 4
09033A0D 8BE5 mov esp,ebp
09033A0F 5D pop ebp
09033A10 C3 retn
看到没。这是我们上一节课的最后一个CALL。。
call 0056ECE0 CALL地址
09033793 55 push ebp
09033794 8BEC mov ebp,esp
09033796 56 push esi
09033797 57 push edi
09033798 53 push ebx
09033799 8B7D 0C mov edi,dword ptr ss:[ebp+C]
0903379C 8B75 08 mov esi,dword ptr ss:[ebp+8]
0903379F 8B0D E0FE8601 mov ecx,dword ptr ds:[186FEE0]
090337A5 8B11 mov edx,dword ptr ds:[ecx]
090337A7 6A 02 push 2
090337A9 6A 15 push 15
090337AB FF52 08 call dword ptr ds:[edx+8]
090337AE 6A 00 push 0
090337B0 8B0D E0FE8601 mov ecx,dword ptr ds:[186FEE0]
090337B6 8B01 mov eax,dword ptr ds:[ecx]
090337B8 FF50 20 call dword ptr ds:[eax+20]
090337BB 8B0D E0FE8601 mov ecx,dword ptr ds:[186FEE0]
090337C1 8B01 mov eax,dword ptr ds:[ecx]
090337C3 6A 00 push 0
090337C5 FF50 20 call dword ptr ds:[eax+20]
090337C8 85F6 test esi,esi
090337CA 74 32 je short DNFOK.090337FE
090337CC A1 E0FE8601 mov eax,dword ptr ds:[186FEE0]
090337D1 8B16 mov edx,dword ptr ds:[esi]
090337D3 8B18 mov ebx,dword ptr ds:[eax]
090337D5 8BCE mov ecx,esi
090337D7 FF52 40 call dword ptr ds:[edx+40]
090337DA 8B0D E0FE8601 mov ecx,dword ptr ds:[186FEE0]
090337E0 50 push eax
090337E1 FF53 24 call dword ptr ds:[ebx+24]
090337E4 A1 E0FE8601 mov eax,dword ptr ds:[186FEE0]
090337E9 8B16 mov edx,dword ptr ds:[esi]
090337EB 8B18 mov ebx,dword ptr ds:[eax]
090337ED 8BCE mov ecx,esi
090337EF FF52 44 call dword ptr ds:[edx+44]
090337F2 8B0D E0FE8601 mov ecx,dword ptr ds:[186FEE0]
090337F8 50 push eax
090337F9 FF53 24 call dword ptr ds:[ebx+24]
090337FC EB 1D jmp short DNFOK.0903381B
090337FE 8B0D E0FE8601 mov ecx,dword ptr ds:[186FEE0]
09033804 8B01 mov eax,dword ptr ds:[ecx]
09033806 68 FFFF0000 push 0FFFF
0903380B FF50 24 call dword ptr ds:[eax+24]
0903380E 8B0D E0FE8601 mov ecx,dword ptr ds:[186FEE0]
09033814 8B11 mov edx,dword ptr ds:[ecx]
09033816 6A 00 push 0
09033818 FF52 24 call dword ptr ds:[edx+24]
0903381B 8B0D E0FE8601 mov ecx,dword ptr ds:[186FEE0]
09033821 8B01 mov eax,dword ptr ds:[ecx]
09033823 68 FFFF0000 push 0FFFF
09033828 FF50 24 call dword ptr ds:[eax+24]
0903382B 8B0D E0FE8601 mov ecx,dword ptr ds:[186FEE0]
09033831 8B11 mov edx,dword ptr ds:[ecx]
09033833 6A 00 push 0
09033835 FF52 24 call dword ptr ds:[edx+24]
09033838 8B0D E0FE8601 mov ecx,dword ptr ds:[186FEE0]
0903383E 8B01 mov eax,dword ptr ds:[ecx]
09033840 6A 01 push 1
09033842 FF50 24 call dword ptr ds:[eax+24]
09033845 8B0D E0FE8601 mov ecx,dword ptr ds:[186FEE0]
0903384B 8B11 mov edx,dword ptr ds:[ecx]
0903384D 57 push edi
0903384E FF52 24 call dword ptr ds:[edx+24]
09033851 8B0D E0FE8601 mov ecx,dword ptr ds:[186FEE0]
09033857 8B55 10 mov edx,dword ptr ss:[ebp+10]
0903385A 8B01 mov eax,dword ptr ds:[ecx]
0903385C 52 push edx
0903385D FF50 2C call dword ptr ds:[eax+2C]
09033860 8B0D DC2E8D01 mov ecx,dword ptr ds:[18D2EDC]
09033866 8B11 mov edx,dword ptr ds:[ecx]
09033868 FF92 D0070000 call dword ptr ds:[edx+7D0]
0903386E 8B0D E0FE8601 mov ecx,dword ptr ds:[186FEE0]
09033874 8B31 mov esi,dword ptr ds:[ecx]
09033876 50 push eax
09033877 FF56 24 call dword ptr ds:[esi+24]
0903387A 8B0D E0FE8601 mov ecx,dword ptr ds:[186FEE0]
09033880 8B01 mov eax,dword ptr ds:[ecx]
09033882 FF90 8C000000 call dword ptr ds:[eax+8C]
09033888 8B88 AC000000 mov ecx,dword ptr ds:[eax+AC]
0903388E E8 9D000000 call DNFOK.09033930
09033893 8B0D E0FE8601 mov ecx,dword ptr ds:[186FEE0]
09033899 8B11 mov edx,dword ptr ds:[ecx]
0903389B 8BF0 mov esi,eax
0903389D 56 push esi
0903389E FF52 24 call dword ptr ds:[edx+24]
090338A1 8B0D E0FE8601 mov ecx,dword ptr ds:[186FEE0]
090338A7 8B01 mov eax,dword ptr ds:[ecx]
090338A9 6A 00 push 0
090338AB FF50 20 call dword ptr ds:[eax+20]
090338AE 8B0D E0FE8601 mov ecx,dword ptr ds:[186FEE0]
090338B4 8B11 mov edx,dword ptr ds:[ecx]
090338B6 6A 04 push 4
090338B8 FF52 20 call dword ptr ds:[edx+20]
090338BB 8B0D E0FE8601 mov ecx,dword ptr ds:[186FEE0]
090338C1 8B45 14 mov eax,dword ptr ss:[ebp+14]
090338C4 8B11 mov edx,dword ptr ds:[ecx]
090338C6 50 push eax
090338C7 FF52 24 call dword ptr ds:[edx+24]
090338CA 8B0D E0FE8601 mov ecx,dword ptr ds:[186FEE0]
090338D0 8B45 18 mov eax,dword ptr ss:[ebp+18]
090338D3 8B11 mov edx,dword ptr ds:[ecx]
090338D5 50 push eax
090338D6 FF52 24 call dword ptr ds:[edx+24]
090338D9 8B0D E0FE8601 mov ecx,dword ptr ds:[186FEE0]
090338DF 8B45 1C mov eax,dword ptr ss:[ebp+1C]
090338E2 8B11 mov edx,dword ptr ds:[ecx]
090338E4 50 push eax
090338E5 FF52 24 call dword ptr ds:[edx+24]
090338E8 8B45 24 mov eax,dword ptr ss:[ebp+24]
090338EB 8B0D E0FE8601 mov ecx,dword ptr ds:[186FEE0]
090338F1 8B11 mov edx,dword ptr ds:[ecx]
090338F3 50 push eax
090338F4 8B45 20 mov eax,dword ptr ss:[ebp+20]
090338F7 50 push eax
090338F8 FF52 38 call dword ptr ds:[edx+38]
090338FB 8B0D E0FE8601 mov ecx,dword ptr ds:[186FEE0]
09033901 8B11 mov edx,dword ptr ds:[ecx]
09033903 6A 00 push 0
09033905 FF52 24 call dword ptr ds:[edx+24]
09033908 8B0D E0FE8601 mov ecx,dword ptr ds:[186FEE0]
0903390E 8B11 mov edx,dword ptr ds:[ecx]
09033910 6A 00 push 0
09033912 FF52 20 call dword ptr ds:[edx+20]
09033915 8B0D B4419601 mov ecx,dword ptr ds:[19641B4]
0903391B 8B01 mov eax,dword ptr ds:[ecx]
0903391D 6A 03 push 3
0903391F 6A 00 push 0
09033921 6A FF push -1
09033923 6A 01 push 1
09033925 FF50 44 call dword ptr ds:[eax+44]
09033928 5B pop ebx
09033929 5F pop edi
0903392A 5E pop esi
0903392B E9 DD000000 jmp DNFOK.09033A0D
09033930 55 push ebp
09033931 8BEC mov ebp,esp
09033933 51 push ecx
09033934 57 push edi
09033935 8BF9 mov edi,ecx
09033937 8B0D DC2E8D01 mov ecx,dword ptr ds:[18D2EDC]
0903393D 85C9 test ecx,ecx
0903393F 75 0A jnz short DNFOK.0903394B
09033941 B8 FFFF0000 mov eax,0FFFF
09033946 5F pop edi
09033947 8BE5 mov esp,ebp
09033949 5D pop ebp
0903394A C3 retn
0903394B 8B01 mov eax,dword ptr ds:[ecx]
0903394D 53 push ebx
0903394E 56 push esi
0903394F FF90 D0070000 call dword ptr ds:[eax+7D0]
09033955 6A 00 push 0
09033957 8945 FC mov dword ptr ss:[ebp-4],eax
0903395A B8 9003B200 mov eax,0B20390
0903395F FFD0 call eax
09033961 9C pushfd
09033962 FC cld
09033963 9D popfd
09033964 99 cdq
09033965 B9 FFFF0000 mov ecx,0FFFF
0903396A 83C4 04 add esp,4
0903396D F7F9 idiv ecx
0903396F 8BDA mov ebx,edx
09033971 8BF3 mov esi,ebx
09033973 8BFF mov edi,edi
09033975 8B55 FC mov edx,dword ptr ss:[ebp-4]
09033978 56 push esi
09033979 52 push edx
0903397A 8BCF mov ecx,edi
0903397C B8 E0EC5600 mov eax,56ECE0
09033981 FFD0 call eax
09033983 85C0 test eax,eax ; 这个是返回到这里。就是我们上一节课的
09033985 75 1F jnz short DNFOK.090339A6
09033987 8B8F 44010000 mov ecx,dword ptr ds:[edi+144]
0903398D 8B87 40010000 mov eax,dword ptr ds:[edi+140]
09033993 3BC1 cmp eax,ecx
09033995 74 29 je short DNFOK.090339C0
09033997 3930 cmp dword ptr ds:[eax],esi
09033999 74 07 je short DNFOK.090339A2
0903399B 83C0 04 add eax,4
0903399E 3BC1 cmp eax,ecx
090339A0 ^ 75 F5 jnz short DNFOK.09033997
090339A2 3BC1 cmp eax,ecx
090339A4 74 1A je short DNFOK.090339C0
090339A6 8D46 01 lea eax,dword ptr ds:[esi+1]
090339A9 99 cdq
090339AA B9 FFFF0000 mov ecx,0FFFF
090339AF F7F9 idiv ecx
090339B1 8BF2 mov esi,edx
090339B3 3BF3 cmp esi,ebx
090339B5 ^ 75 BE jnz short DNFOK.09033975
090339B7 5E pop esi
090339B8 5B pop ebx
090339B9 8BC1 mov eax,ecx
090339BB 5F pop edi
090339BC 8BE5 mov esp,ebp
090339BE 5D pop ebp
090339BF C3 retn
090339C0 56 push esi
090339C1 8BCF mov ecx,edi
090339C3 E8 09000000 call DNFOK.090339D1
090339C8 8BC6 mov eax,esi
090339CA 5E pop esi
090339CB 5B pop ebx
090339CC 5F pop edi
090339CD 8BE5 mov esp,ebp
090339CF 5D pop ebp
090339D0 C3 retn
090339D1 55 push ebp
090339D2 8BEC mov ebp,esp
090339D4 8B91 44010000 mov edx,dword ptr ds:[ecx+144]
090339DA 8B81 40010000 mov eax,dword ptr ds:[ecx+140]
090339E0 3BC2 cmp eax,edx
090339E2 74 14 je short DNFOK.090339F8
090339E4 56 push esi
090339E5 8B75 08 mov esi,dword ptr ss:[ebp+8]
090339E8 3930 cmp dword ptr ds:[eax],esi
090339EA 74 07 je short DNFOK.090339F3
090339EC 83C0 04 add eax,4
090339EF 3BC2 cmp eax,edx
090339F1 ^ 75 F5 jnz short DNFOK.090339E8
090339F3 3BC2 cmp eax,edx
090339F5 5E pop esi
090339F6 75 11 jnz short DNFOK.09033A09
090339F8 8D45 08 lea eax,dword ptr ss:[ebp+8]
090339FB 50 push eax
090339FC 81C1 3C010000 add ecx,13C
09033A02 B8 404D4000 mov eax,404D40
09033A07 FFD0 call eax
09033A09 5D pop ebp
09033A0A C2 0400 retn 4
这样模拟CALL就拿到手了。。
09033A20 8B75 08 mov esi,dword ptr ss:[ebp+8]
09033A23 8B36 mov esi,dword ptr ds:[esi]
09033A25 A1 C84C4801 mov eax,dword ptr ds:[1484CC8]
09033A2A 8B0D CC4C4801 mov ecx,dword ptr ds:[1484CCC]
09033A30 6A 00 push 0
09033A32 6A 00 push 0
09033A34 50 push eax
09033A35 8B16 mov edx,dword ptr ds:[esi]
09033A37 6A 3E push 3E
09033A39 6A 00 push 0
09033A3B 6A 04 push 4
09033A3D 6A 00 push 0
09033A3F 6A 00 push 0
09033A41 FF75 14 push dword ptr ss:[ebp+14]
09033A44 FF75 10 push dword ptr ss:[ebp+10]
09033A47 FF75 0C push dword ptr ss:[ebp+C]
09033A4A FF75 18 push dword ptr ss:[ebp+18]
09033A4D FF75 1C push dword ptr ss:[ebp+1C]
09033A50 8B7D 20 mov edi,dword ptr ss:[ebp+20]
09033A53 36:8B3F mov edi,dword ptr ss:[edi]
09033A56 57 push edi
09033A57 8BCE mov ecx,esi
09033A59 FF55 24 call dword ptr ss:[ebp+24] ‘这里。可以下断。
试下是否CALL:09033793 这个地址。之前我试过。好了。由于游戏不见了就不下断测试了。。
这个是CALL
今天的教程就到这里吧。
- 文章
- 推荐
- 热门新闻