[C#] 纯文本查看 复制代码UInt32 Codecave = _Magic.AllocateMemory();
uint ptr = 0;
try
{
int param1 = _Magic.ReadInt((uint)(_bnsMagic.ReadInt((uint)0xDC1420) + 0x30));
uint ptr1 = _Magic.ReadUInt((uint)0xdc1420) + 0x28;
uint ptr2 = _Magic.ReadUInt(ptr1) + 0x1c;
uint ptr3 = _Magic.ReadUInt(ptr2) + 0xAFD0;
uint ptr4 = _Magic.ReadUInt(ptr3) + 0x5360;
int param2 = _Magic.ReadInt(ptr4);
int param3 = _Magic.ReadInt(ptr4 + 0x4);
_Magic.Asm.Clear();
_Magic.Asm.AddLine("mov edi, " + 0); //edi 赋值0 是因为 OD 跟踪至call 时,观察寄存器中的值为0
_Magic.Asm.AddLine("mov edx, " + 0);//edx 赋值0 是因为 OD 跟踪至call 时,观察寄存器中的值为0
_Magic.Asm.AddLine("mov esi, " + param3);
_Magic.Asm.AddLine("mov ebx, " + param2);
_Magic.Asm.AddLine("mov eax, " + param1);
_Magic.Asm.AddLine("push esi");
_Magic.Asm.AddLine("push ebx");
_Magic.Asm.AddLine("push eax");
_Magic.Asm.AddLine("call " + 0x00978260);
_Magic.Asm.AddLine("add esp,0xC");
_Magic.Asm.AddLine("retn");
ptr = _bnsMagic.Asm.InjectAndExecute(Codecave);
}
catch (Exception e)
{
}
finally
{
_bnsMagic.FreeMemory(Codecave);
}
return ptr;