|
@@ -20,6 +20,7 @@ namespace Assist
|
|
|
CALLDATA _cd_Go_SN;
|
|
CALLDATA _cd_Go_SN;
|
|
|
CALLDATA _cd_Go_CommunicationError;
|
|
CALLDATA _cd_Go_CommunicationError;
|
|
|
CALLDATA _cd_Go_SetCommunicationError;
|
|
CALLDATA _cd_Go_SetCommunicationError;
|
|
|
|
|
+ CALLDATA _cd_Go_PanelTooLow;
|
|
|
CALLDATA _cd_Initial_failed;
|
|
CALLDATA _cd_Initial_failed;
|
|
|
CALLDATA _cd_ExternalException;
|
|
CALLDATA _cd_ExternalException;
|
|
|
BOOL bConnectStatus = FALSE;
|
|
BOOL bConnectStatus = FALSE;
|
|
@@ -56,6 +57,7 @@ namespace Assist
|
|
|
void Call_MyGoSN();
|
|
void Call_MyGoSN();
|
|
|
void Call_MyCheckFW();
|
|
void Call_MyCheckFW();
|
|
|
void Call_MyCheckFWCommunicationError();
|
|
void Call_MyCheckFWCommunicationError();
|
|
|
|
|
+ void Call_MyGoPanelTooLow();
|
|
|
void Call_MySaveAsOutputData();
|
|
void Call_MySaveAsOutputData();
|
|
|
void Call_MyInitial_Failed();
|
|
void Call_MyInitial_Failed();
|
|
|
void Call_MyGoCommunicationError();
|
|
void Call_MyGoCommunicationError();
|
|
@@ -200,6 +202,20 @@ namespace Assist
|
|
|
memset(_cd_Go_CommunicationError.szMyCallData, 0x90, CALL_LEN);
|
|
memset(_cd_Go_CommunicationError.szMyCallData, 0x90, CALL_LEN);
|
|
|
_cd_Go_CommunicationError.szMyCallData[0] = 0xE9; // 汇编硬编码:jmp [4字节地址];
|
|
_cd_Go_CommunicationError.szMyCallData[0] = 0xE9; // 汇编硬编码:jmp [4字节地址];
|
|
|
*(LPDWORD)(&_cd_Go_CommunicationError.szMyCallData[1]) = (DWORD)_cd_Go_CommunicationError.myCall - _cd_Go_CommunicationError.dwOriginalAddr - JMP_DLEN;
|
|
*(LPDWORD)(&_cd_Go_CommunicationError.szMyCallData[1]) = (DWORD)_cd_Go_CommunicationError.myCall - _cd_Go_CommunicationError.dwOriginalAddr - JMP_DLEN;
|
|
|
|
|
+
|
|
|
|
|
+
|
|
|
|
|
+ // _cd_Go_PanelTooLow
|
|
|
|
|
+ // 消除"Panel Max Lv too Low for HDR"弹框;
|
|
|
|
|
+ // 0042A140 | E8 F3480A00 | call demo.4CEA38
|
|
|
|
|
+ _cd_Go_PanelTooLow.myCall = Call_MyGoPanelTooLow;
|
|
|
|
|
+ _cd_Go_PanelTooLow.dwBack2Addr = 0x0042A145;
|
|
|
|
|
+ _cd_Go_PanelTooLow.dwOriginalAddr = 0x0042A140;
|
|
|
|
|
+ _cd_Go_PanelTooLow.dwOriginalCallAddr = 0x004CEA38;
|
|
|
|
|
+
|
|
|
|
|
+ _cd_Go_PanelTooLow.nMyCallDataLen = JMP_DLEN;
|
|
|
|
|
+ memset(_cd_Go_PanelTooLow.szMyCallData, 0x90, CALL_LEN);
|
|
|
|
|
+ _cd_Go_PanelTooLow.szMyCallData[0] = 0xE9; // 汇编硬编码:jmp [4字节地址];
|
|
|
|
|
+ *(LPDWORD)(&_cd_Go_PanelTooLow.szMyCallData[1]) = (DWORD)_cd_Go_PanelTooLow.myCall - _cd_Go_PanelTooLow.dwOriginalAddr - JMP_DLEN;
|
|
|
#pragma endregion
|
|
#pragma endregion
|
|
|
|
|
|
|
|
#pragma region CheckFW按钮处理
|
|
#pragma region CheckFW按钮处理
|
|
@@ -250,8 +266,8 @@ namespace Assist
|
|
|
if ( !(bHijack = HijackedCall(&_cd_Go)) )
|
|
if ( !(bHijack = HijackedCall(&_cd_Go)) )
|
|
|
goto end;
|
|
goto end;
|
|
|
|
|
|
|
|
- //if ( !(bHijack = HijackedCall(&_cd_Go_SN)) )
|
|
|
|
|
- // goto end;
|
|
|
|
|
|
|
+ if ( !(bHijack = HijackedCall(&_cd_Go_PanelTooLow)) )
|
|
|
|
|
+ goto end;
|
|
|
|
|
|
|
|
if ( !(bHijack = HijackedCall(&_cd_Go_CommunicationError)) )
|
|
if ( !(bHijack = HijackedCall(&_cd_Go_CommunicationError)) )
|
|
|
goto end;
|
|
goto end;
|
|
@@ -292,8 +308,8 @@ end:
|
|
|
if ( !(bRestor = RecoveryCall(&_cd_Go)) )
|
|
if ( !(bRestor = RecoveryCall(&_cd_Go)) )
|
|
|
goto end;
|
|
goto end;
|
|
|
|
|
|
|
|
- //if ( !(bRestor = RecoveryCall(&_cd_Go_SN)) )
|
|
|
|
|
- // goto end;
|
|
|
|
|
|
|
+ if ( !(bRestor = RecoveryCall(&_cd_Go_PanelTooLow)) )
|
|
|
|
|
+ goto end;
|
|
|
|
|
|
|
|
if ( !(bRestor = RecoveryCall(&_cd_Go_CommunicationError)) )
|
|
if ( !(bRestor = RecoveryCall(&_cd_Go_CommunicationError)) )
|
|
|
goto end;
|
|
goto end;
|
|
@@ -405,7 +421,7 @@ namespace Assist
|
|
|
#pragma region 向服务器发送消息;
|
|
#pragma region 向服务器发送消息;
|
|
|
MSG_INFO msg;
|
|
MSG_INFO msg;
|
|
|
// Go成功;
|
|
// Go成功;
|
|
|
- msg.byResult = TRUE;
|
|
|
|
|
|
|
+ msg.byResult = BYTE(*(LPDWORD)dwResutl);
|
|
|
_stprintf((TCHAR*)msg.byData, _T("%ld"), *(LPDWORD)dwElapsedAddr);
|
|
_stprintf((TCHAR*)msg.byData, _T("%ld"), *(LPDWORD)dwElapsedAddr);
|
|
|
|
|
|
|
|
DATAHEADER head;
|
|
DATAHEADER head;
|
|
@@ -600,6 +616,42 @@ namespace Assist
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+
|
|
|
|
|
+ void MyGoPanelTooLow()
|
|
|
|
|
+ {
|
|
|
|
|
+#ifdef _DEBUG
|
|
|
|
|
+ MessageBox(NULL, _T("MyGoPanelTooLow"), _T("劫持"), MB_OK);
|
|
|
|
|
+#endif
|
|
|
|
|
+#pragma region 向服务器发送消息;
|
|
|
|
|
+ MSG_INFO msg;
|
|
|
|
|
+ msg.byResult = FALSE;
|
|
|
|
|
+ _stprintf((TCHAR*)msg.byData, _T("%s"), _T("OGCAssist Panel Max Lv too Low for HDR"));
|
|
|
|
|
+
|
|
|
|
|
+ DATAHEADER head;
|
|
|
|
|
+ head.byMsgType = C2S_GO;
|
|
|
|
|
+ //head.byMsgType = C2S_COMMUNICATION_ERROR;
|
|
|
|
|
+ head.dwPackageLen = sizeof(DATAHEADER) + sizeof(MSG_INFO);
|
|
|
|
|
+
|
|
|
|
|
+ Utility::g_pPipeClient->SendPackage(head, msg);
|
|
|
|
|
+#pragma endregion
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ void __declspec(naked) Call_MyGoPanelTooLow()
|
|
|
|
|
+ {
|
|
|
|
|
+ // 备份寄存器;
|
|
|
|
|
+ __asm pushad;;
|
|
|
|
|
+ MyGoPanelTooLow();
|
|
|
|
|
+
|
|
|
|
|
+ __asm{
|
|
|
|
|
+ // 恢复寄存器;
|
|
|
|
|
+ popad;
|
|
|
|
|
+ // 执行原Call;
|
|
|
|
|
+ //call _cd_Go_PanelTooLow.dwOriginalCallAddr
|
|
|
|
|
+ // 返回劫持地址下一行;
|
|
|
|
|
+ jmp _cd_Go_PanelTooLow.dwBack2Addr
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
BOOL MyConnect()
|
|
BOOL MyConnect()
|
|
|
{
|
|
{
|
|
|
// 读取AL的值; 0表示Connect失败;1表示成功;
|
|
// 读取AL的值; 0表示Connect失败;1表示成功;
|
