采用的方法是在游戏鼠标移动处理的代码上做HOOK 保存好上下文寄存器和开辟还原栈控件后调用我的call 然后模拟移动鼠标触发调用
CE示例代码如下:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label (originalcode)
label(exit)
label(end)
newmem:
push rax
push rbx
push rcx
push rdx
push rsi
push rdi
push rbp
push r8
push r9
push r10
push r11
push r12
push r13
push r14
push r15
mov rax,06D10000
cmp dword ptr [rax],01
jne end
mov [rax],00000000
mov rax,06D10100
call rax
end:
pop r15
pop r14
pop r13
pop r12
pop r11
pop r10
popr9
popr8
pop rbp
poprdi
poprsi
poprdx
poprcx
pop rbx
pop rax
originalcode:
mov rcx,[rsp+20]
mov [ rcx],rax
mov rcx,MapleStory.exe+753CE58
mov rcx,[rcx]
exit:
jmp returnhere
"MapleStory.exe"+4A7E9F3:
jmp far newmem
nop
returnhere :
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"MapleStory.exe"+4A7E9F3:
db 48 8B 4C 24 20 48 89 01 48 8B 0D 56 E4 AB 02
//mov rcx,[rsp+20]
//mov [rcx],rax
//// Original code:mov rcx,[MapleStory.exe+753CE58 ]
//mov rcx,MapleStory.exe+753CE58
//mov rcx,[rcx]