|
|
郁金香灬外挂技术
本教程视频1920*1080分辩率下观看最佳
VS2017+win10 64位 环境
郁金香老师:扣扣 150330575
欢迎大家参加 郁金香灬技术 游戏安全与外挂的研究学习。
兴趣是我们最好的老师
成长需要过程与循序渐进
兴趣+坚持+时间+优秀的课教程会帮助你快速成功
需要准备工具 CrazyDbg调试器和配套的CE和xdbg
学习目标:
关于基址特征码提取
绕过EAC来调试
分析玩家对象和属性
加密,解密KEY,真实血量
Ctrl+Shift+1 精确数值
Ctrl+Shift+2 变动的数值
Ctrl+Shift+3 未变动的数值
00007FF68CC5E231 | 83 F8 FF | cmp eax,FFFFFFFF |
00007FF68CC5E234 | 74 6B | je lostark.7FF68CC5E2A1 |
00007FF68CC5E236 | 49 8B BF F0 03 00 00 | mov rdi,qword ptr ds:[r15+3F0] |
00007FF68CC5E23D | 48 85 FF | test rdi,rdi |
00007FF68CC5E240 | 74 37 | je lostark.7FF68CC5E279 |
00007FF68CC5E242 | B2 01 | mov dl,1 |
00007FF68CC5E244 | 48 8B CE | mov rcx,rsi |
00007FF68CC5E247 | E8 A4 D3 C8 FF | call lostark.00007FF68C8EB5F0 |
00007FF68CC5E24C | 4C 8B F0 | mov r14,rax 血量?
00007FF68CC5E24F | 49 63 97 F4 04 00 00 | movsxd rdx,dword ptr ds:[r15+4F4] |
00007FF68CC5E256 | 48 3B D0 | cmp rdx,rax |
00007FF68CC5E259 | 74 1B | je lostark.7FF68CC5E276 |
00007FF68C8EB5F0 | 48 89 5C 24 08 | mov qword ptr ss:[rsp+8],rbx |
00007FF68C8EB5F5 | 57 | push rdi |
00007FF68C8EB5F6 | 48 83 EC 20 | sub rsp,20 |
00007FF68C8EB5FA | 48 8B F9 | mov rdi,rcx |
00007FF68C8EB5FD | 48 83 C1 34 | add rcx,34 |
00007FF68C8EB601 | 0F B6 DA | movzx ebx,dl |
00007FF68C8EB604 | E8 E7 88 D8 FE | call lostark.00007FF68B673EF0 |
00007FF68C8EB609 | 4C 8B C0 | mov r8,rax |
00007FF68B673EF0 | 33 C0 | xor eax,eax |
00007FF68B673EF2 | 4C 8B C1 | mov r8,rcx |
00007FF68B673EF5 | 80 FA 98 | cmp dl,98 |
00007FF68B673EF8 | 73 25 | jae lostark.7FF68B673F1F |
00007FF68B673EFA | 83 B9 A8 05 00 00 01 | cmp dword ptr ds:[rcx+5A8],1 |
00007FF68B673F01 | 7E 0B | jle lostark.7FF68B673F0E |
00007FF68B673F03 | 0F B6 C2 | movzx eax,dl |
00007FF68B673F06 | 0F B6 84 08 10 05 00 00 | movzx eax,byte ptr ds:[rax+rcx+510] |
00007FF68B673F0E | 0F B6 CA | movzx ecx,dl |
00007FF68B673F11 | 48 98 | cdqe |
00007FF68B673F13 | 49 8B 54 C8 50 | mov rdx,qword ptr ds:[r8+rcx*8+50] |
00007FF68B673F18 | 49 33 14 C0 | xor rdx,qword ptr ds:[r8+rax*8] | 解密 值
00007FF68B673F1C | 48 8B C2 | mov rax,rdx |
00007FF68B673F1F | C3 | ret |
|
00007FF68B673EF0 | 33 C0 | xor eax,eax |
00007FF68B673EF2 | 4C 8B C1 | mov r8,rcx | 000001FC4D250000+34
00007FF68B673EF5 | 80 FA 98 | cmp dl,98 |
00007FF68B673EF8 | 73 25 | jae lostark.7FF68B673F1F |
00007FF68B673EFA | 83 B9 A8 05 00 00 01 | cmp dword ptr ds:[rcx+5A8],1 |
00007FF68B673F01 | 7E 0B | jle lostark.7FF68B673F0E |
00007FF68B673F03 | 0F B6 C2 | movzx eax,dl | 1
00007FF68B673F06 | 0F B6 84 08 10 05 00 00 | movzx eax,byte ptr ds:[rax+rcx+510] | 000001FC4D250000+34+510+1
00007FF68B673F0E | 0F B6 CA | movzx ecx,dl | ecx=1
00007FF68B673F11 | 48 98 | cdqe |
00007FF68B673F13 | 49 8B 54 C8 50 | mov rdx,qword ptr ds:[r8+rcx*8+50] | 000001FC4D250000+34+1*8+50 //被加密的血量
00007FF68B673F18 | 49 33 14 C0 | xor rdx,qword ptr ds:[r8+rax*8] | 加密KEY 000001FC4D250000+34+0*8
00007FF68B673F1C | 48 8B C2 | mov rax,rdx |
00007FF68B673F1F | C3 | ret |
00007FF68B673F20 | 40 55 | push rbp | 00000000000015F8 xor 0000000000001A93
00007FF68B673EF0 | 33 C0 | xor eax,eax |
00007FF68B673EF2 | 4C 8B C1 | mov r8,rcx | 000001FC4D250000+34
00007FF68B673EF5 | 80 FA 98 | cmp dl,98 | BYTE 参数2 dl
00007FF68B673EF8 | 73 25 | jae lostark.7FF68B673F1F |
00007FF68B673EFA | 83 B9 A8 05 00 00 01 | cmp dword ptr ds:[rcx+5A8],1 |
00007FF68B673F01 | 7E 0B | jle lostark.7FF68B673F0E |
00007FF68B673F03 | 0F B6 C2 | movzx eax,dl | 1
00007FF68B673F06 | 0F B6 84 08 10 05 00 00 | movzx eax,byte ptr ds:[rax+rcx+510] | rax= 000001FC4D250000+34+510+参数2
00007FF68B673F0E | 0F B6 CA | movzx ecx,dl | ecx=1=参数2
00007FF68B673F11 | 48 98 | cdqe |
00007FF68B673F13 | 49 8B 54 C8 50 | mov rdx,qword ptr ds:[r8+rcx*8+50] | //被加密的血量 000001FC4D250000+34+1*8+50
00007FF68B673F18 | 49 33 14 C0 | xor rdx,qword ptr ds:[r8+rax*8] | //加密KEY 000001FC4D250000+34+0*8
00007FF68B673F1C | 48 8B C2 | mov rax,rdx |
00007FF68B673F1F | C3 | ret |
当前血量= 3950
血量上限= 3958
//被加密的血量 000001FC4D250000+34+参数2*8+50
000001FC4D250000+34+1*8+50
00000000000023FE
//加密KEY 解密KEY 000001FC4D250000+34+byte[1+000001FC4D250000+510] *8
000001FC4D250000+34 00000000000015F8
00000000000015F8 xor 0000000000001A93 //3947
00000000000015F8 xor 00000000000023FE //3950 //3606
论坛网址 www.yjxsoft.com
郁金香老师:QQ-150330575
|
|
发表于 2022-12-28 23:26:26
