发一个如何HOOK 骑士封包的DELPHI源码
1、封包定义PacketData = array of Byte;//封包数据定义类型
PPacketData = ^PacketData;
2、定义个函数指针
KOSend = procedure(pData : PByte;nSize : Integer);stdcall;
3、定义HOOK JMP 代码
//JMP code that will be replaced
TJmpCode = packed record // Total: 7 bytes
JmpCode: BYTE ;// 1 bytes
Address: Pointer; // 4 bytes
MOVEAX : Array of BYTE; // 2 bytes
end;
pJmpCode = ^TJmpCode;
4、定义新的SEND函数用户拦截代码
procedure NewKOSend(pData : PByte;nSize : Integer);stdcall;
vardwSize :DWord;
begin
WriteProcessMemory(GetCurrentProcess, g_Hook.FOldMethod,
@g_Hook.FOldJMPCode, 7, dwSize);
//默认ECX参数
asm
mov ecx,KO_PTR_PKT
mov ecx,
end;
//重新发送
KOSend(g_Hook.FOldMethod)(pData,nSize);
riteProcessMemory(GetCurrentProcess, g_Hook.FOldMethod,
@g_tJmpCode, 7, dwSize);
end; 不懂 可否解釋一下 我也不太懂。。。都是高人啊~ 应该是复制封包?
页:
[1]