📄 qqcheck.asm
字号:
; 内存补丁 对 QQ2004 进行内存补丁
.386
.model flat, stdcall
option casemap :none
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\comctl32.inc
include \masm32\include\comdlg32.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\comctl32.lib
includelib \masm32\lib\comdlg32.lib
_ProcDlgMain PROTO :DWORD,:DWORD,:DWORD,:DWORD
IDD_QQDLG equ 107
IDC_FILE equ 1000
IDC_BROWSE equ 1001
IDC_RUN equ 1002
PATCH_POSITION equ 00451DB5h ;代码段地址
PATCH_BYTES equ 6
.data?
hInstance dd ?
hWinMain dd ?
stStartUp STARTUPINFO <?>
stProcInfo PROCESS_INFORMATION <?>
stOpenFileName OPENFILENAME <?>
szBuffer db 255 dup(?)
szFileBuffer db 255 dup(?)
szFileName db 255 dup(?)
.data
szTitleSave db "Open qq.exe file...",0
szExt db '*.exe',0
szFilter db 'EXE Files(*.exe)',0,'*.exe',0,0
dbPatch db 0Fh,84h,9Dh,00h,00h,00h ;JZ 00451E58 机器码
dbPatched db 0E9h,9Eh,00h,00h,00h,00h ;JMP 00451E58 机器码
szErrExec db '无法装载执行文件!',0
szErrVersion db '执行文件的版本不正确,无法修正!',0
.code
;********************************************************************
; 打开文件子程序
;********************************************************************
GetFileName proc
mov stOpenFileName.Flags,OFN_PATHMUSTEXIST or OFN_FILEMUSTEXIST
mov stOpenFileName.lStructSize,SIZEOF stOpenFileName
mov eax,hWinMain
mov stOpenFileName.hWndOwner,eax
mov stOpenFileName.lpstrFilter,offset szFilter ;扩展名
mov stOpenFileName.lpstrFile,offset szFileBuffer ;文件名缓冲
mov stOpenFileName.nMaxFile,255 ;文件名缓冲长度
mov stOpenFileName.lpstrInitialDir,0
mov stOpenFileName.lpstrTitle,offset szTitleSave
mov stOpenFileName.lpstrDefExt,offset szExt
invoke GetOpenFileName,offset stOpenFileName
.if eax == FALSE
ret
.endif
invoke SetDlgItemText,hWinMain,IDC_FILE,addr szFileBuffer
ret
GetFileName endp
;********************************************************************
; 内存补丁子程序
;********************************************************************
QQcheck proc szFile:dword
invoke GetStartupInfo,addr stStartUp
invoke CreateProcess,szFile,NULL,NULL,NULL,NULL,\
NORMAL_PRIORITY_CLASS or CREATE_SUSPENDED,NULL,NULL,\
offset stStartUp,offset stProcInfo
.if eax
;***********************************
; 读进程内存并验证内容是否正确
;***********************************
invoke ReadProcessMemory,stProcInfo.hProcess,PATCH_POSITION,addr szBuffer,6,NULL
.if eax
;invoke MessageBox,NULL,addr szBuffer,addr szExecFilename,NULL
;判断机器码
mov ax,word ptr szBuffer
.if ax == word ptr dbPatch
invoke WriteProcessMemory,stProcInfo.hProcess,\
PATCH_POSITION,addr dbPatched,PATCH_BYTES,NULL
invoke ResumeThread,stProcInfo.hThread
.else
invoke TerminateProcess,stProcInfo.hProcess,-1
invoke MessageBox,NULL,addr szErrVersion,NULL,MB_OK or MB_ICONSTOP
.endif
.endif
invoke CloseHandle,stProcInfo.hProcess
invoke CloseHandle,stProcInfo.hThread
.else
invoke MessageBox,NULL,addr szErrExec,NULL,MB_OK or MB_ICONSTOP
.endif
ret
QQcheck endp
;********************************************************************
_ProcDlgMain proc uses ebx edi esi,hWnd:DWORD,wMsg:DWORD,wParam:DWORD,lParam:DWORD
mov eax,wMsg
.if eax == WM_CLOSE
invoke EndDialog,hWnd,NULL
.elseif eax == WM_INITDIALOG
mov eax,hWnd
mov hWinMain,eax
.elseif eax == WM_COMMAND
mov eax,wParam
.if eax == IDC_BROWSE
call GetFileName
.elseif eax == IDC_RUN
lea eax,szFileBuffer
push eax
call QQcheck
.endif
.else
;********************************************************************
; 注意:对话框的消息处理后,要返回 TRUE,对没有处理的消息
; 要返回 FALSE
;********************************************************************
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_ProcDlgMain endp
;********************************************************************
Start:
invoke InitCommonControls
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke DialogBoxParam,hInstance,IDD_QQDLG,NULL,offset _ProcDlgMain,0
invoke ExitProcess,NULL
end Start
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -