MOKA
/
repos_deltae_auxiliary_tool


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123
							// Assist.cpp : 定义 DLL 应用程序的导出函数。
//

#include "stdafx.h"
#include "Assist.h"

// 8组寄存器存储;
BYTE byEAX[8] = {0};
BYTE byEBX[8] = {0};
BYTE byECX[8] = {0};
BYTE byEDX[8] = {0};
BYTE byEBP[8] = {0};
BYTE byESP[8] = {0};
BYTE byESI[8] = {0};
BYTE byEDI[8] = {0};

DWORD dwEAX = 0;
DWORD dwEBX = 0;
DWORD dwECX = 0;
DWORD dwEDX = 0;
DWORD dwEBP = 0;
DWORD dwESP = 0;
DWORD dwESI = 0;
DWORD dwEDI = 0;

// 新的Call;
BYTE byNewCall[5] = {0};

// 旧的Call备份;
BYTE byOldCall[5] = {0};

void __declspec(naked) Call_MySaveAsOutputData()
{
    //004AB3FC
    __asm {
        // 保存寄存器;
        mov dwEAX, EAX;
        mov dwEBX, EBX;
        mov dwECX, ECX;
        mov dwEDX, EDX;
        mov dwEBP, EBP;
        mov dwESP, ESP;
        mov dwESI, ESI;
        mov dwEDI, EDI;
        // my call
        mov eax,0x004AB3FC
        mov dl,1
        call dword ptr[eax]
        // 恢复寄存器; 
        mov EAX, dwEAX;
        mov EBX, dwEBX;
        mov ECX, dwECX;
        mov EDX, dwEDX;
        mov EBP, dwEBP;
        mov ESP, dwESP;
        mov ESI, dwESI;
        mov EDI, dwEDI;
        // 返回
        ret
    }
}


DWORD dwGoNextAddr = 0x00417B2A;
void __declspec(naked) MyGo()
{
    // 备份寄存器;
    __asm{
        // 保存寄存器;
        mov dwEAX, EAX;
        mov dwEBX, EBX;
        mov dwECX, ECX;
        mov dwEDX, EDX;
        mov dwEBP, EBP;
        mov dwESP, ESP;
        mov dwESI, ESI;
        mov dwEDI, EDI;
    }


    MessageBox(NULL, _T("MyGo Function"), _T("MyGo"), MB_OK);


    __asm{
        // 恢复寄存器; 
        mov EAX, dwEAX;
        mov EBX, dwEBX;
        mov ECX, dwECX;
        mov EDX, dwEDX;
        mov EBP, dwEBP;
        mov ESP, dwESP;
        mov ESI, dwESI;
        mov EDI, dwEDI;
        // 最后返回原Call地址下一行;
        jmp dwGoNextAddr;
    }
}

// 00417A84
// 00417B25 | E8 FA9F0E00          | call demo.501B24                        |
void Call_MyGo()
{
    BYTE szMyCall[5] = {0};
    szMyCall[0] = 0xE9; // 硬编码：jmp或call
    *(LPDWORD)(&szMyCall[1]) = (DWORD)MyGo - 0x00417B25 - 5;

    HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId());
    // 将要Hook的地址指令备份下来;
    if ( !ReadProcessMemory(GetCurrentProcess(), (LPVOID)0x00417B25, byOldCall, 5, NULL) )
    {
        MessageBox(NULL, _T("读取内存失败"), _T("提示"),MB_OK);
        return;
    }

    // 将我们的Call地址指令写入目标地址;
    if ( !WriteProcessMemory(hProc, (LPVOID)0x00417B25, szMyCall, 5, NULL) )
    {
        MessageBox(NULL, _T("写入内存失败"), _T("提示"),MB_OK);
        return;
    }

    MessageBox(NULL, _T("替换成功"), _T("提示"), MB_OK);
}