VB写的查找特征码的模块 -

标题: VB写的查找特征码的模块 [打印本页]

作者: 51hei人人 时间: 2016-3-12 16:02
标题: VB写的查找特征码的模块
示例:
'定义游戏路径,以及各种特征码
Private Const Game_Path = "D:\Game\7fgame\7FGameApp.dll"
Private Const Game_Base_Feature_Codes = "90909081EC780500008B0D"
Private Const Code_Check_Feature_Codes = "50518BCBE86C0200008B4C242C"
Private Const Code_Check1_Feature_Codes = "50518BCBE8A80100008B4C2428"
Private Const Date_Check_Feature_Codes = "83C41485C07414FFD3"
Private Const Date_Check1_Feature_Codes = "03C283C41C3BC874"
Private Const Date_Check2_Feature_Codes = "0F858700000033DB3BD3895C"
Private Const Room_On_Feature_Codes = "85C07408C74424100000"
Private Const Hall_Check_Feature_Codes = "C744242C140000008B48"
Private Const Room_Check_Feature_Codes = "8D94244E040000C1E902F3"
Private Const Game_Check_Feature_Codes = "8954242E894424328D93"
Private Const Date_Lock_Feature_Codes = "66ABAA8B45103BC80F"
Private Const Date_Lock1_Feature_Codes = "8B531033ED85D2C744241401"
'定义SCO结构体变量
Private SCO As Sanguo_Check_Offset
'过程搜索游戏个特征码的偏移
Private Sub Call_Search_Offset()
Dim FileBin() As Byte
ReadFileBin FileBin, Game_Path
SCO.Game_Base_offset = Find_Location(FileBin, Game_Base_Feature_Codes, 1)
SCO.Code_Check_offset = Find_Location(FileBin, Code_Check_Feature_Codes, 7)
SCO.Code_Check1_offset = Find_Location(FileBin, Code_Check1_Feature_Codes, 7)
SCO.Date_Check_offset = Find_Location(FileBin, Date_Check_Feature_Codes, -3)
SCO.Date_Check1_offset = Find_Location(FileBin, Date_Check1_Feature_Codes)
SCO.Date_Check2_offset = Find_Location(FileBin, Date_Check2_Feature_Codes, 3)
SCO.Room_On_offset = Find_Location(FileBin, Room_On_Feature_Codes, -1)
SCO.Hall_Check_offset = Find_Location(FileBin, Hall_Check_Feature_Codes, 8)
SCO.Room_Check_offset = Find_Location(FileBin, Room_Check_Feature_Codes, &H16D)
SCO.Game_Check_offset = Find_Location(FileBin, Game_Check_Feature_Codes, -&HF)
SCO.Date_Lock_offset = Find_Location(FileBin, Date_Lock_Feature_Codes, 0)
SCO.Date_Lock1_offset = Find_Location(FileBin, Date_Lock1_Feature_Codes, 4)
Show_List_Result
Label1.Caption = "扫描完毕！"
End Sub
以下是模块:

Option Explicit
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32.dll" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, ByRef lpBuffer As Any, ByVal nSize As Long, ByRef lpNumberOfBytesWritten As Long) As Long
Private Const PROCESS_ALL_ACCESS = &H1F0FFF
'以二进制形式读取文件存放在FileBin()数组中
Public Sub ReadFileBin(FileBin() As Byte, FilePath As String)
Open FilePath For Binary As #1
ReDim FileBin(FileLen(FilePath))
While Not EOF(1)
      Get #1, , FileBin
DoEvents
Wend
Close #1
End Sub
'读取内存进程代码存放在FileBin()数组中
Public Sub ReadExeBin(FileBin() As Byte, Pid As Long)
Dim Hand As Long
Hand = OpenProcess(PROCESS_ALL_ACCESS, False, Pid)
      If Hand Then
         ReDim FileBin(61440) As Byte
         ReadProcessMemory Hand, &H971000, FileBin(0), 61440, 0&
      End If
CloseHandle Hand
End Sub
'将要比较的特征码转化为Byte数组并存放在s2中
Private Sub StrBin(ByVal s1 As String, s2() As Byte)
Dim i As Long
ReDim s2(Len(s1) / 2 - 1) As Byte
For i = 0 To UBound(s2)
      s2(i) = CByte("&H" & Mid(s1, i * 2 + 1, 2))
Next i
End Sub
'从s1中查找出特征码，并返回该特征码的首位置
Private Function StrStr(ByRef s1() As Byte, ByRef s2() As Byte) As Long
Dim c1 As Long, c2 As Long, i As Long, j As Long
c1 = UBound(s1): c2 = UBound(s2)
If c2 > c1 Then StrStr = -1: Exit Function
For i = 0 To c1 - c2
      For j = 0 To c2 - 1
         If (s1(i + j) <> s2(j)) Then Exit For
         If (j = c2 - 1) Then StrStr = i: Exit Function
      Next j
Next i
StrStr = -1
End Function
'Location:位置
'此函数的功能:返回特征码最后一个位置+j偏移的位置
Public Function Find_Location(ByRef FileBin() As Byte, s1 As String, Optional j As Long = 0) As Long
Dim i As Long, Str As String, s2() As Byte
      StrBin s1, s2
      i = StrStr(FileBin, s2)
      If i = -1 Then
         Find_Location = -1: Exit Function
      End If
      Find_Location = i + UBound(s2) + j
End Function

欢迎光临 (http://www.51hei.com/bbs/)