[ C++ ] Write Memory ( Căn bản )++++++++++++++++++

Nguồn:http://akampro.net/forum/showthread....b%E1%BA%A3n-)&
Để hiểu vấn đề..... cheatengine.org [ASM]

Mã nguồn PHP:

Trích dẫn :

// test.cpp : Defines the entry point for the DLL application.
//

#include "stdafx.h"
#include <Windows.h>
//

void HideModule(HINSTANCE hModule)
{
DWORD dwPEB_LDR_DATA = 0;
_asm
{
pushad;
pushfd;
mov eax, fs:[30h] // PEB
mov eax, [eax+0Ch] // PEB->ProcessModuleInfo
mov dwPEB_LDR_DATA, eax // Save ProcessModuleInfo

InLoadOrderModuleList:
mov esi, [eax+0Ch] // ProcessModuleInfo->InLoadOrderModuleList[FORWARD]
mov edx, [eax+10h] // ProcessModuleInfo->InLoadOrderModuleList[BACKWARD]

LoopInLoadOrderModuleList:
lodsd // Load First Module
mov esi, eax // ESI points to Next Module
mov ecx, [eax+18h] // LDR_MODULE->BaseAddress
cmp ecx, hModule // Is it Our Module ?
jne SkipA // If Not, Next Please (@f jumps to nearest Unamed Lable @@
mov ebx, [eax] // [FORWARD] Module
mov ecx, [eax+4] // [BACKWARD] Module
mov [ecx], ebx // Previous Module's [FORWARD] Notation, Points to us, Replace it with, Module++
mov [ebx+4], ecx // Next Modules, [BACKWARD] Notation, Points to us, Replace it with, Module--
jmp InMemoryOrderModuleList // Hidden, so Move onto Next Set
SkipA:
cmp edx, esi // Reached End of Modules ?
jne LoopInLoadOrderModuleList // If Not, Re Loop

InMemoryOrderModuleList:
mov eax, dwPEB_LDR_DATA // PEB->ProcessModuleInfo
mov esi, [eax+14h] // ProcessModuleInfo->InMemoryOrderModuleList[START]
mov edx, [eax+18h] // ProcessModuleInfo->InMemoryOrderModuleList[FINISH]

LoopInMemoryOrderModuleList:
lodsd
mov esi, eax
mov ecx, [eax+10h]
cmp ecx, hModule
jne SkipB
mov ebx, [eax]
mov ecx, [eax+4]
mov [ecx], ebx
mov [ebx+4], ecx
jmp InInitializationOrderModuleList
SkipB:
cmp edx, esi
jne LoopInMemoryOrderModuleList

InInitializationOrderModuleList:
mov eax, dwPEB_LDR_DATA // PEB->ProcessModuleInfo
mov esi, [eax+1Ch] // ProcessModuleInfo->InInitializationOrderModuleList[START]
mov edx, [eax+20h] // ProcessModuleInfo->InInitializationOrderModuleList[FINISH]

LoopInInitializationOrderModuleList:
lodsd
mov esi, eax
mov ecx, [eax+08h]
cmp ecx, hModule
jne SkipC
mov ebx, [eax]
mov ecx, [eax+4]
mov [ecx], ebx
mov [ebx+4], ecx
jmp Finished
SkipC:
cmp edx, esi
jne LoopInInitializationOrderModuleList

Finished:
popfd;
popad;
}
}

DWORD WINAPI StartAddress(LPVOID lpArgs)
{

DWORD value1 = 0x90;
DWORD value2 = 0x3F7F;
DWORD value3 = 0x90;
long t=3;
unsigned long Protection;
while(1)
{
if(GetAsyncKeyState(VK_SHIFT))
{
BYTE value[] = {0x90, 0x90, 0x90, 0x90, 0x90};
VirtualProtect((void*)0x83cb98, sizeof(value), PAGE_READWRITE, &Protection);
memcpy((void*)0x83cb98, value, sizeof(t));
VirtualProtect((void*)0x83cb98, sizeof(value), Protection, 0);
}
if(GetAsyncKeyState(VK_SPACE))
{
BYTE value[] = {0xEE, 0x7C, 0x7F, 0x3F, 0xA4};
VirtualProtect((void*)0x83cb98, sizeof(value), PAGE_READWRITE, &Protection);
memcpy((void*)0x83cb98, value, sizeof(t));
VirtualProtect((void*)0x83cb98, sizeof(value), Protection, 0);
}
Sleep(100);
}

return 0;
}

BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
if (ul_reason_for_call == DLL_PROCESS_ATTACH)
{
// MessageBoxA(NULL,GetCurrentProcess() , "Injection Successful", MB_OK); //Message Box.
CreateThread(NULL, NULL, StartAddress, NULL, NULL, NULL);
HideModule((HMODULE)hModule);
}
return TRUE;
}

ji` đây ad . ko hỉu ji` hít