吃鸡这么火不如来一发5倍变速 斜眼笑~~~·

发表于 2017-11-06  869 次阅读


BOOLEAN InstallSpeedHacked(){
LARGE_INTEGER counterbase;
ULONG32 *valuex;
ULONG32 Offset = 0;
ULONG64 Pointer = 0;
ULONG64 RtlQueryPerformanceCounter;
ULONG64 CodeSize;
ULONG64 Addr;
QueryPerformanceCounter(&counterbase);

valuex = (ULONG32*)((ULONG64)&QueryPerformanceCounter + 3);//得到offset
Offset = *valuex;
Pointer =(ULONG64) &QueryPerformanceCounter;
Pointer = Pointer + Offset;
Pointer = Pointer + 7;
RtlQueryPerformanceCounter = *(ULONG64*)Pointer;
CodeSize= CalcShellcodeSize_1_OXCC((UCHAR*)&MyQueryPerformanceCounterHook);

PVOID Page= VirtualAlloc(NULL, 0X1000, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (!Page) return FALSE;

memcpy(Page, &MyQueryPerformanceCounterHook, CodeSize);
replacedata((UCHAR*)Page, 0x7FFD0843C782, RtlQueryPerformanceCounter);
replacedata((UCHAR*)Page, 0x7FFD0843C783, counterbase.QuadPart);

IOCTL_AllocateUserVirtualMemory(GameHanle, m_ProcessId, 0X1000, (ULONG64)&Addr);
if (!Addr) return FALSE;

X64_Write_(GameHanle, Addr, Page, CodeSize);

VirtualFree(Page, 0x1000, MEM_DECOMMIT);
IOCTL_VirtualProtectEx(GameHanle, m_ProcessId, (ULONG64)Pointer, 0x1000, PAGE_EXECUTE_READWRITE);
X64_Write_(GameHanle, (ULONG64)Pointer, &Addr, 8);
}
BOOL __fastcall MyQueryPerformanceCounterHook(LARGE_INTEGER* lpPerformanceCount)
{
typedef BOOL(WINAPI *pfnQueryPerformanceCounter)(_Out_ LARGE_INTEGER * lpPerformanceCount);
pfnQueryPerformanceCounter orgiQueryPerformanceCounter = (pfnQueryPerformanceCounter)0x7FFD0843C782;

int64_t current_counter;
int64_t PerformanceCounterBase= 0x7FFD0843C783;

if (!orgiQueryPerformanceCounter(reinterpret_cast<LARGE_INTEGER*>(&current_counter)))
return FALSE;

auto new_counter = PerformanceCounterBase + ((current_counter - PerformanceCounterBase) * 5);

*lpPerformanceCount = *reinterpret_cast<LARGE_INTEGER*>(&new_counter);

return TRUE;
}
INT CalcShellcodeSize_1_OXCC(UCHAR* adr) {

UCHAR *orgi = adr;
INT Count = MAX_PATH * 2;
INT NowCount = 0;
while (NowCount <= Count)
{
NowCount++;
if (adr[0] == 0xcc )
{
break;
}
adr++;

}
return (adr - orgi) + 1;
}
BOOLEAN replacedata(UCHAR *Original, ULONG64 Orig, ULONG64 Now) {
UCHAR *UL = (UCHAR*)&Orig;
INT Count = 0x1000;
INT NowCount = 0;
while (NowCount <= Count)
{
NowCount++;
if (Original[0] == UL[0] && Original[1] == UL[1] && Original[2] == UL[2] && Original[3] == UL[3] && Original[4] == UL[4])
{
break;
}
Original++;

}
if (Original)
{
*(ULONG64*)Original = Now;
return TRUE;
}
return FALSE;
}
服务器做时间戳即可Anti这种睿智的上古加速方法(蓝洞于某日补丁更新时间戳校验)

本站文章基于国际协议BY-NA-SA 4.0协议共享;
如未特殊说明,本站文章皆为原创文章,请规范转载。

0

博客管理员