郁金香灬老师 游戏安全  驱动 逆向调试 C/C++编程  脚本 UE4/UE5

找回密码
立即注册

QQ登录

只需一步,快速开始

搜索
热搜: 活动 交友 discuz
发新帖
课程大纲和价格
官方联系方式2024在线课大纲QQ咨询

34万

积分

131

好友

145

主题
发表于 2023-2-1 21:05:40 | 查看: 8125| 回复: 0



  1. #include <Windows.h>
  2. #include <d3d9.h>
  3. #include <d3dx9.h>
  4. #include <cstdio>

  5. #pragma comment (lib, "d3d9.lib")
  6. #pragma comment(lib, "d3dx9.lib")
  7. LPDIRECT3DDEVICE9 pDevice;
  8. ID3DXLine *pLine;
  9. IDirect3DTexture9 *texRed;
  10. IDirect3DTexture9 *texGreen;
  11. IDirect3DPixelShader9 *Front,
  12.                        *Back;
  13. bool shangse=true;
  14. bool Xhair=false;
  15. static LPD3DXFONT m_pFont1  = NULL;
  16. BOOL FontCreated=false;
  17. int a=10;
  18. bool WallHack=false;
  19. bool zimu=true;
  20. bool hack2=1;
  21. bool hack3=0;
  22. bool hack4=0;
  23. bool xiantiao=false;
  24. HRESULT GenerateTexture(IDirect3DDevice9 *pD3Ddev, IDirect3DTexture9 **ppD3Dtex, DWORD colour32)
  25. {
  26. if( FAILED(pD3Ddev->CreateTexture(8, 8, 1, 0, D3DFMT_A4R4G4B4, D3DPOOL_MANAGED, ppD3Dtex,NULL)) )
  27.   return E_FAIL;
  28. WORD colour16 = ((WORD)((colour32>>28)&0xF)<<12)
  29.   |(WORD)(((colour32>>20)&0xF)<<8)
  30.   |(WORD)(((colour32>>12)&0xF)<<4)
  31.   |(WORD)(((colour32>>4)&0xF)<<0);
  32. D3DLOCKED_RECT d3dlr;   
  33. (*ppD3Dtex)->LockRect(0, &d3dlr, 0, 0);
  34. WORD *pDst16 = (WORD*)d3dlr.pBits;
  35. for(int xy=0; xy < 8*8; xy++)
  36.   *pDst16++ = colour16;
  37. (*ppD3Dtex)->UnlockRect(0);
  38. return S_OK;
  39. }
  40. void InitObjects( IDirect3DDevice9 * pDevice )
  41. {
  42. if(!FontCreated){
  43. D3DXCreateFont( pDevice, 12, 0, FW_NORMAL, 1, 0, DEFAULT_CHARSET, OUT_DEVICE_PRECIS, ANTIALIASED_QUALITY, FF_DONTCARE | DEFAULT_PITCH, "Visitor TT2 (BRK)", &m_pFont1 );
  44. FontCreated=true;
  45. }
  46. }
  47. void SetLightChams(float A, float R, float G, float B, IDirect3DDevice9 *pDevice)
  48. {
  49.     D3DMATERIAL9 pMaterial;
  50.     ZeroMemory(&pMaterial, sizeof(D3DMATERIAL9));
  51. pDevice->SetRenderState(D3DRS_LIGHTING, TRUE); //Enable Lighting
  52. //Ambient
  53. pMaterial.Ambient.a     =  (A/255);
  54.     pMaterial.Ambient.r     =  (R/255);
  55.     pMaterial.Ambient.g     =  (G/255);
  56.     pMaterial.Ambient.b     =  (B/255);
  57. //Diffuse
  58. pMaterial.Diffuse.a     = (A/255);
  59.     pMaterial.Diffuse.r     = (R/255);
  60.     pMaterial.Diffuse.g     = (G/255);
  61.     pMaterial.Diffuse.b     = (B/255);
  62. //Specular
  63. pMaterial.Specular.a = (A/255);
  64. pMaterial.Specular.r = (R/255);
  65.     pMaterial.Specular.g = (G/255);
  66.     pMaterial.Specular.b = (B/255);
  67.     pDevice->SetMaterial(&pMaterial);
  68. }
  69. void DrawFont (int X, int Y, D3DCOLOR Color, char *format, ...)
  70. {
  71. char buffer[256];
  72. va_list args;
  73. va_start (args, format);
  74. vsprintf (buffer,format, args);
  75. RECT FontRect = { X, Y, X + 120, Y + 16 };
  76. m_pFont1->DrawText( NULL, buffer, -1, &FontRect, DT_NOCLIP , Color );
  77. va_end (args);
  78. }
  79. void *DetourFunction(BYTE *src, const BYTE *dst, const int len)
  80. {
  81. BYTE *jmp = (BYTE*)malloc(len+5);
  82. DWORD dwBack;
  83. VirtualProtect(src, len, PAGE_EXECUTE_READWRITE, &dwBack);
  84. memcpy(jmp, src, len);
  85. jmp += len;
  86. jmp[0] = 0xE9;
  87. *(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5;
  88. src[0] = 0xE9;
  89. *(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
  90. for (int i=5; i<len; i++)  src=0x90;
  91. VirtualProtect(src, len, dwBack, &dwBack);
  92. return (jmp-len);
  93. }
  94.     void FillRGB( int x, int y, int w, int h, D3DCOLOR color, IDirect3DDevice9* pDevice )
  95. {
  96. D3DRECT rec = { x, y, x + w, y + h };
  97. pDevice->Clear( 1, &rec, D3DCLEAR_TARGET, color, 0, 0 );
  98. }
  99. HRESULT CreateMyShader(IDirect3DPixelShader9 **pShader, IDirect3DDevice9 *Device, float red, float green, float blue, float alpha )
  100. {
  101.     ID3DXBuffer *MyBuffer = NULL;
  102.     char MyShader[ 256 ];
  103.     sprintf( MyShader, "ps.1.1\ndef c0, %f, %f, %f, %f\nmov r0,c0", red/255, green/255, blue/255, alpha/255 );
  104.     D3DXAssembleShader( MyShader, sizeof( MyShader ), NULL, NULL, 0, &MyBuffer , NULL );
  105.     if( FAILED( Device->CreatePixelShader((const DWORD*)MyBuffer ->GetBufferPointer(), pShader)) )return E_FAIL;
  106.     return S_OK;
  107. }
  108. DWORD WINAPI dwWaitThread( LPVOID lpArgs );
  109. typedef HRESULT(WINAPI* DrawIndexedPrimitive_)(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE Type, INT BaseVertexIndex, UINT MinIndex, UINT NumVertices, UINT StartIndex, UINT PrimitiveCount);
  110. DrawIndexedPrimitive_ pDrawIndexedPrimitive;
  111. typedef HRESULT ( WINAPI *EndScene_)( IDirect3DDevice9 * pDevice );
  112. EndScene_ pEndScene;
  113. typedef HRESULT ( WINAPI *CreateQuery_)(LPDIRECT3DDEVICE9 pDevice, D3DQUERYTYPE Type,IDirect3DQuery9** ppQuery);
  114. CreateQuery_ pCreateQuery;
  115. HRESULT WINAPI hkCreateQuery(LPDIRECT3DDEVICE9 pDevice, D3DQUERYTYPE Type,IDirect3DQuery9** ppQuery)
  116. {
  117.     if( Type == D3DQUERYTYPE_OCCLUSION )
  118.     {
  119.         Type = D3DQUERYTYPE_TIMESTAMP;
  120.     }

  121.     return pCreateQuery( pDevice, Type, ppQuery );
  122. }
  123. HRESULT WINAPI hkEndScene( IDirect3DDevice9 * pDevice )
  124. {
  125. //HWND hwnd1;
  126. //hwnd1=FindWindow (TEXT("透视程序"),TEXT("透视程序"));
  127. //if(hwnd1==0)
  128. //{
  129. // MessageBox( NULL, "透视EXE程序不存在,调用注意走路掉进下水道!", "", MB_ICONERROR | MB_ICONSTOP );
  130. // ExitProcess(0);
  131. //}
  132.     if (shangse)
  133.     {
  134.   GenerateTexture(pDevice, &texRed,D3DCOLOR_ARGB(255,255,0,0));//上色背景 红
  135.   GenerateTexture(pDevice, &texGreen,D3DCOLOR_ARGB(255,0,255,0));//上色背景 绿
  136.         shangse=false;
  137.     }
  138. //CreateMyShader( &Front, pDevice,    255,     0,   0,   255 );
  139.     //CreateMyShader( &Back,  pDevice,    255,   255,   0,   255 );
  140.     InitObjects( pDevice );
  141. DrawFont ( 3, 10, D3DCOLOR_ARGB(255,238,17,216), "逆战 透视程序" );//238,17,216
  142. // ..........
  143. if(zimu)
  144. {
  145. //DrawFont ( 5, 30, D3DCOLOR_ARGB(255,0,255,0), "" );
  146. DrawFont ( 5, 50, D3DCOLOR_ARGB(255,0,255,0), "1键 完美准星" );
  147. DrawFont ( 5, 70, D3DCOLOR_ARGB(255,0,255,0), "2键 人物透视" );
  148. DrawFont ( 5, 90, D3DCOLOR_ARGB(255,0,255,0), "3键 人物上色" );
  149. DrawFont ( 5, 110, D3DCOLOR_ARGB(255,0,255,0), "透视程序 " );
  150. //DrawFont ( 5, 90, D3DCOLOR_ARGB(255,0,255,0), "4 人物线条" );
  151. DrawFont ( 5, 130, D3DCOLOR_ARGB(255,0,255,0), "END键开启/关闭提示菜单" );
  152. }
  153. //游戏字幕
  154. if (Xhair)
  155. {
  156.    //准星
  157.    D3DVIEWPORT9 gViewPort;
  158. pDevice->GetViewport(&gViewPort);
  159. float ScreenCenterX = ( float )gViewPort.Width / 2;
  160. float ScreenCenterY = ( float )gViewPort.Height / 2;
  161. FillRGB(ScreenCenterX-20, ScreenCenterY, 40, 1,D3DCOLOR_ARGB(255,71,65,64),pDevice);//Purple
  162. FillRGB(ScreenCenterX, ScreenCenterY-20, 1, 40,D3DCOLOR_ARGB(255,71,65,64),pDevice);
  163. FillRGB(ScreenCenterX-17, ScreenCenterY, 34, 1,D3DCOLOR_ARGB(255,0,0,255),pDevice);//Blue
  164. FillRGB(ScreenCenterX, ScreenCenterY-17, 1, 34,D3DCOLOR_ARGB(255,0,0,255),pDevice);
  165. FillRGB(ScreenCenterX-14, ScreenCenterY, 28, 1,D3DCOLOR_ARGB(255,255,240,0),pDevice);//Cyan
  166. FillRGB(ScreenCenterX, ScreenCenterY-14, 1, 28,D3DCOLOR_ARGB(255,255,240,0),pDevice);
  167. FillRGB(ScreenCenterX-11, ScreenCenterY, 22, 1,D3DCOLOR_ARGB(255,0,255,0),pDevice);//Green
  168. FillRGB(ScreenCenterX, ScreenCenterY-11, 1, 22,D3DCOLOR_ARGB(255,0,255,0),pDevice);
  169. FillRGB(ScreenCenterX-9, ScreenCenterY, 18, 1,D3DCOLOR_ARGB(255,255,255,0),pDevice);//Yellow
  170. FillRGB(ScreenCenterX, ScreenCenterY-9, 1, 18,D3DCOLOR_ARGB(255,255,255,0),pDevice);
  171. FillRGB(ScreenCenterX-6, ScreenCenterY, 12, 1,D3DCOLOR_ARGB(255,198,255,0),pDevice);//Orange
  172. FillRGB(ScreenCenterX, ScreenCenterY-6, 1, 12,D3DCOLOR_ARGB(255,198,255,0),pDevice);
  173. FillRGB(ScreenCenterX-3, ScreenCenterY, 6, 1,D3DCOLOR_ARGB(255,255,0,0),pDevice);//Red
  174. FillRGB(ScreenCenterX, ScreenCenterY-3, 1, 6,D3DCOLOR_ARGB(255,255,0,0),pDevice);
  175. }
  176.     return ( *pEndScene )( pDevice );
  177. }
  178. HRESULT WINAPI nDrawIndexedPrimitive(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE Type, INT BaseVertexIndex, UINT MinIndex,UINT NumVertices, UINT StartIndex, UINT PrimitiveCount)
  179. {
  180. IDirect3DVertexBuffer9* pStreamData = NULL;
  181. UINT iOffsetInBytes,iStride;
  182. pDevice->GetStreamSource(0,&pStreamData,&iOffsetInBytes,&iStride);
  183. //  if (GetAsyncKeyState (VK_F6)&1)
  184. // {
  185. //  a++;
  186. // }
  187. //  if (GetAsyncKeyState (VK_F7)&1)
  188. //{
  189. // a--;
  190. // }
  191. DWORD dwOldZEnable = D3DZB_TRUE;
  192. if (hack2)
  193. {
  194.   if(iStride==32)
  195.   {
  196.    pDevice->SetRenderState(D3DRS_ZENABLE,false);
  197.    pDevice->SetRenderState(D3DRS_ZENABLE,true);
  198.                    DWORD dwOldZEnable;
  199.                 pDevice->GetRenderState(D3DRS_ZENABLE,&dwOldZEnable);
  200.                 pDevice->SetRenderState(D3DRS_ZENABLE,D3DZB_FALSE);
  201.                 pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_NEVER);
  202.                 pDevice->SetRenderState(D3DRS_CULLMODE, D3DCULL_NONE);
  203.                 pDrawIndexedPrimitive(pDevice, Type, BaseVertexIndex, MinIndex, NumVertices, StartIndex, PrimitiveCount);
  204.                 pDevice->SetRenderState(D3DRS_ZENABLE,dwOldZEnable);
  205.                 pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_LESSEQUAL);
  206.     pDrawIndexedPrimitive(pDevice, Type, BaseVertexIndex, MinIndex, NumVertices, StartIndex, PrimitiveCount);
  207.   }
  208. }
  209.      if (hack3)
  210. {
  211.   if(iStride==32)
  212.   {
  213.       DWORD dwOldZEnable;
  214.               pDevice->SetTexture(0,NULL);
  215.               pDevice->SetPixelShader( Front );
  216.      pDevice->SetTexture( 0, texGreen);
  217.               pDevice->GetRenderState(D3DRS_ZENABLE,&dwOldZEnable);
  218.               pDevice->SetRenderState(D3DRS_ZENABLE,D3DZB_FALSE);
  219.               pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_NEVER);
  220.               pDrawIndexedPrimitive(pDevice, Type, BaseVertexIndex, MinIndex, NumVertices, StartIndex, PrimitiveCount);        
  221.               pDevice->SetRenderState(D3DRS_ZENABLE,dwOldZEnable);
  222.               pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_LESSEQUAL);
  223.      pDevice->SetTexture( 0, texRed);
  224.               pDevice->SetPixelShader( Back );
  225.      pDevice->SetRenderState(D3DRS_ZENABLE,false);
  226.      SetLightChams(255,60,73,196, pDevice);
  227.      pDevice->SetTexture( 0, texGreen);
  228.      pDrawIndexedPrimitive(pDevice, Type, BaseVertexIndex, MinIndex, NumVertices, StartIndex, PrimitiveCount);
  229.      pDevice->SetRenderState(D3DRS_ZENABLE,true);
  230.      pDevice->SetTexture( 0, texRed);
  231.      SetLightChams(255,255,0,255, pDevice);
  232.   }
  233.   }
  234.         if (hack4)
  235.     {
  236.   if (iStride==32)
  237.   {
  238.         pDevice->SetRenderState( D3DRS_FILLMODE, D3DFILL_WIREFRAME );
  239.   pDrawIndexedPrimitive(pDevice, Type, BaseVertexIndex, MinIndex, NumVertices, StartIndex, PrimitiveCount);
  240.         pDevice->SetRenderState( D3DRS_FILLMODE, D3DFILL_WIREFRAME );
  241.   }
  242.   
  243.     }
  244. return pDrawIndexedPrimitive(pDevice, Type, BaseVertexIndex, MinIndex, NumVertices, StartIndex, PrimitiveCount);
  245. }
  246. void InitDevice( DWORD * dwVTable )
  247. {
  248. LPDIRECT3D9 pD3d9 = NULL;
  249. LPDIRECT3DDEVICE9 pD3DDevice = NULL;
  250. pD3d9 = Direct3DCreate9( D3D_SDK_VERSION );
  251. if ( pD3d9 == NULL )
  252. {
  253.   MessageBox( NULL, "[ERROR] Direct3DCreate9 Failed", "Fatal Error", MB_ICONERROR | MB_ICONSTOP );
  254.   return;
  255. }

  256. D3DPRESENT_PARAMETERS pPresentParms;
  257. ZeroMemory( &pPresentParms, sizeof( pPresentParms ));

  258. pPresentParms.Windowed = TRUE;
  259. pPresentParms.BackBufferFormat = D3DFMT_UNKNOWN;
  260. pPresentParms.SwapEffect = D3DSWAPEFFECT_DISCARD;

  261. if ( FAILED ( pD3d9->CreateDevice ( D3DADAPTER_DEFAULT, D3DDEVTYPE_HAL, GetDesktopWindow(), D3DCREATE_SOFTWARE_VERTEXPROCESSING, &pPresentParms, &pD3DDevice )))
  262. {
  263.   MessageBox( NULL, "[ERROR] CreateDevice Failed", "Fatal Error", MB_ICONERROR | MB_ICONSTOP );
  264.   return;
  265. }

  266. DWORD * dwTable = ( DWORD* ) pD3DDevice;
  267. dwTable = ( DWORD* ) dwTable[0];

  268. dwVTable[0] = dwTable[82];
  269.     dwVTable[1] = dwTable[42];
  270.     dwVTable[2] = dwTable[118];
  271. }
  272. BOOL APIENTRY DllMain( HMODULE hModule, DWORD dwReason, LPVOID lpReserved )
  273. {
  274. if ( dwReason == DLL_PROCESS_ATTACH )
  275. {
  276.   //if ()
  277.   //{
  278.    //MessageBox( NULL, "没检测到透视综合社区EXE进程,DLL与EXE对接失败.!", "系统提示:", MB_ICONERROR | MB_ICONSTOP );
  279.    //exit(0);//未检测到透视EXE数据验证.
  280.   //}
  281.   CreateThread( NULL, NULL, &dwWaitThread, NULL, NULL, NULL );
  282. }
  283.     return TRUE;
  284. }
  285. DWORD WINAPI dwWaitThread( LPVOID lpArgs )
  286. {
  287. DWORD dwD3d9 = NULL;
  288. while ( !dwD3d9 )
  289. {
  290.   Sleep(1);
  291.   dwD3d9 = ( DWORD ) GetModuleHandle( "D3d9.dll" );
  292. }
  293. DWORD dwVTable[2] = {0};
  294. InitDevice( dwVTable );
  295. pDrawIndexedPrimitive=(DrawIndexedPrimitive_) DetourFunction(( PBYTE ) dwVTable[0], ( PBYTE ) &nDrawIndexedPrimitive,12);
  296.        pEndScene=(EndScene_) DetourFunction(( PBYTE ) dwVTable[1], ( PBYTE ) &hkEndScene,5);
  297.        pCreateQuery=(CreateQuery_)DetourFunction(( PBYTE ) dwVTable[2], ( PBYTE ) &hkCreateQuery,5);
  298.     Xhair= !Xhair;
  299.   for (;;Sleep (1))
  300. {
  301.   if (GetAsyncKeyState (VK_NUMPAD1)&1)
  302.   {
  303.    Xhair= !Xhair;//准星
  304.   }
  305.   if (GetAsyncKeyState (VK_NUMPAD2)&1)     
  306.   {
  307.    hack2 = !hack2;//人物透视
  308.   }
  309.   if (GetAsyncKeyState (VK_NUMPAD3)&1)
  310.   {
  311.             hack3 = !hack3;//人物上色
  312.   }
  313.   if (GetAsyncKeyState (VK_NUMPAD4)&1)
  314.   {
  315.    MessageBox( NULL, "[ERROR]此功能暂不开放.", "透视提示:", MB_ICONERROR | MB_ICONSTOP );
  316.    //hack4 = !hack4;//人物线条
  317.   }
  318.   if (GetAsyncKeyState (VK_END)&1)
  319.   {
  320.    zimu = !zimu;//字幕
  321.   }
  322. }
  323. return FALSE;
  324. }
复制代码


游戏安全课程 学员办理咨询联系QQ150330575 手机 139 9636 2600  免费课程 在 www.bilibili.com 搜 郁金香灬老师
您需要登录后才可以回帖 登录 | 立即注册

QQ咨询

QQ|Archiver|手机版|小黑屋|郁金香游戏技术

GMT+8, 2024-11-26 19:15 , Processed in 0.091392 second(s), 21 queries .

Powered by Discuz! X3.5

© 2001-2023 Discuz! Team.

快速回复 返回顶部 返回列表