- #include <windows.h>
- #include <vector>
- ObjectStruct *Player;
- struct ObjectStruct {
- char name[0x10];
- };
- void FindOffsets() {
- DWORD *LocalPlayerPtr = NULL;
- HANDLE handle = GetModuleHandle(NULL);
- byte *start = (byte*)handle;
- byte *end = (byte*)0x00900000;
- byte LocalPlayerPattern[] = { 0xFF, 0x50, 0x10, 0x3B, 0x30, 0x74, 0x05, 0x5F, 0x32, 0xC0 };
- /*
- 007123E4 FF50 10 CALL NEAR DWORD PTR DS:[EAX+0x10]
- 007123E7 3B30 CMP ESI, DWORD PTR DS:[EAX]
- 007123E9 74 05 JE SHORT Dumped.007123F0
- 007123EB 5F POP EDI
- 007123EC 32C0 XOR AL, AL
- 007123EE 5E POP ESI
- 007123EF C3 RETN
- */
- /*
- 00861CA4 FF50 10 CALL NEAR DWORD PTR DS:[EAX+0x10]
- 00861CA7 3B30 CMP ESI, DWORD PTR DS:[EAX]
- 00861CA9 74 05 JE SHORT Dumped.00861CB0
- 00861CAB 5F POP EDI
- 00861CAC 32C0 XOR AL, AL
- 00861CAE 5E POP ESI
- 00861CAF C3 RETN
- */
- while (start != end){
- if (!memcmp(start, LocalPlayerPattern, sizeof(LocalPlayerPattern))){
- LocalPlayerPtr = (DWORD*)(*(int*)(start - 0x1E));
- printf("人物基址=0x%06X\n", LocalPlayerPtr);
- Player = (ObjectStruct*)*LocalPlayerPtr;
- }
- if (LocalPlayerPtr )
- {
- return;
- }
- start++;
- }
- }
- BOOL APIENTRY DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpReserved) {
- switch (dwReason) {
- case DLL_PROCESS_ATTACH:
- AllocConsole();
- SetConsoleTitleA("LOL 人物基址獲取");
- FILE* fh;
- freopen_s(&fh, "CONOUT[ DISCUZ_CODE_0 ]quot;, "wb", stdout);
- FindOffsets();
- printf("當前玩家名稱=%s\n",Player->name);
- //LocalPlayerPtr + 0x24 = 玩家名 文本型(text) 長度16
- //LocalPlayerPtr + 0x18 = 當前團隊陣營 默認100(4字節)
- // 修改0 隊友變敵人 敵人依然是敵人
- // 修改200 隊友變敵人 敵人變隊友
- // 各位大牛 用CE試試吧
- // 期待各位大牛 找到其他偏移 嘎嘎
- // 附CT一份 CE直接加載
- case DLL_PROCESS_DETACH:
- //FreeConsole();
- ;
- }
- }
League of Legends.CT.rar
(985 Bytes, 下载次数: 31)
|
[复制链接]
|RSS|手机版|小黑屋|帮助|吾爱汇编
( 
京公网安备11011502005403号 , 京ICP备20003498号-6 )|网站地图
窥视卡
雷达卡
