xxxx18一60岁hd中国/日韩女同互慰一区二区/西西人体扒开双腿无遮挡/日韩欧美黄色一级片 - 色护士精品影院www

  • 大小: 6KB
    文件類型: .7z
    金幣: 1
    下載: 5 次
    發(fā)布日期: 2021-05-05
  • 語(yǔ)言: 其他
  • 標(biāo)簽: QQ華夏??

資源簡(jiǎn)介

QQ華夏,過反調(diào)試檢測(cè)代碼,僅用于學(xué)習(xí)交流,切勿用于違法用途,否則本人一概不負(fù)責(zé)任,不同意切建議勿下載或者立即刪除。

資源截圖

代碼片段和文件信息 




#include?“Main.h“
#include?“PassSafe.h“



BOOL?APIENTRY?DllMain(
	HMODULE?hModule
	DWORD??ul_reason_for_call
	LPVOID?lpReserved)
{
	switch?(ul_reason_for_call)
	{
		case?DLL_PROCESS_ATTACH:
		{
			QQhxPassSafe();
		}break;

		case?DLL_THREAD_ATTACH:
		{

		}break;

		case?DLL_THREAD_DETACH:
		{

		}break;


		case?DLL_PROCESS_DETACH:
		{

		}break;
	}

	return?TRUE;
}


void?QQhxPassSafe()
{
	//?檢測(cè)調(diào)試器附加
	ULONG?IsDebuggerPresentAddr?=?0;
	ULONG?CheckRemoteDebuggerPresentAddr?=?0;
	ULONG?NtQueryInformationProcessAddr?=?0;

	IsDebuggerPresentAddr?=?GetModuleFunction(“KERNELbase.DLL“?“IsDebuggerPresent“);
	if?(!IsDebuggerPresentAddr)
	{
		MessageBox(NULL?“未找到?IsDebuggerPresent“?“錯(cuò)誤“?MB_OK);
		return;
	}

	CheckRemoteDebuggerPresentAddr?=?GetModuleFunction(“kernel32.dll“?“CheckRemoteDebuggerPresent“);
	if?(!CheckRemoteDebuggerPresentAddr)
	{
		MessageBox(NULL?“未找到?CheckRemoteDebuggerPresent“?“錯(cuò)誤“?MB_OK);
		return;
	}


	NtQueryInformationProcessAddr?=?GetModuleFunction(“ntdll.dll“?“NtQueryInformationProcess“);
	if?(!CheckRemoteDebuggerPresentAddr)
	{
		MessageBox(NULL?“未找到?NtQueryInformationProcess“?“錯(cuò)誤“?MB_OK);
		return;
	}
	JMP(IsDebuggerPresentAddr?(ULONG)PassSafe_IsDebuggerPresent);
	JMP(CheckRemoteDebuggerPresentAddr?(ULONG)PassSafe_CheckRemoteDebuggerPresent);
	JMP(NtQueryInformationProcessAddr?(ULONG)PassSafe_NtQueryInformationProcess);


	//?檢測(cè)斷點(diǎn)
	ULONG?NtSetinformationThreadAddr?=?0;
	NtSetinformationThreadAddr?=?GetModuleFunction(“ntdll.dll“?“NtSetInformationThread“);
	if?(!CheckRemoteDebuggerPresentAddr)
	{
		MessageBox(NULL?“未找到?NtSetinformationThread“?“錯(cuò)誤“?MB_OK);
		return;
	}
	JMP(NtSetinformationThreadAddr?(ULONG)PassSafe_NtSetInformationThread);


	//?檢測(cè)進(jìn)程?游戲會(huì)枚舉進(jìn)程是否存在非法調(diào)試器
	ULONG?EnumProcessesAddr?=?GetModuleFunction(“PSAPI.DLL“?“EnumProcesses“);
	if?(!EnumProcessesAddr?||?!SetMemoryProtect(EnumProcessesAddr?8?PAGE_EXECUTE_READWRITE))
	{
		MessageBox(NULL?“Pass?EnumProcesses?失敗“?“錯(cuò)誤“?MB_OK);
		return;
	}
	else
	{
		byte?code[]?=?{?0xB80x000x000x000x000xC20x0C0x00?};
		memcpy((void*)EnumProcessesAddr?code?8);
	}


	//?檢測(cè)窗口?游戲會(huì)枚舉窗口文字是否有非法文字
	ULONG?EnumWindowsAddr?=?GetModuleFunction(“user32.dll“?“EnumWindows“);
	if?(!EnumWindowsAddr?||?!SetMemoryProtect(EnumWindowsAddr?8?PAGE_EXECUTE_READWRITE))
	{
		MessageBox(NULL?“Pass?EnumWindows?失敗“?“錯(cuò)誤“?MB_OK);
		return;
	}
	else
	{
		byte?code[]?=?{?0xB80x000x000x000x000xC20x080x00?};
		memcpy((void*)EnumWindowsAddr?code?8);
	}


	//?創(chuàng)建一個(gè)線程等待游戲加載完檢測(cè)模塊在恢復(fù)HOOK
	HANDLE?hThread?=?CreateThread(NULL?0?PassSafeThread?NULL?0?NULL);
	if?(!hThread)
	{
		MessageBox(NULL?“創(chuàng)建?PassSafeThread?失敗“?“錯(cuò)誤“?MB_OK);
		return;
	}
	CloseHandle(hThread);

}


ULONG?GetModuleFunction(const?char*?szModuleName?const?char*?szFunctionName)
{
	HMODULE?hModule?=?NULL;

	hModule?=?GetModuleHandle(szModuleName);
	if?(!hModule)
	{
		retur

評(píng)論

共有 條評(píng)論