18号导入单位模型 5.16版本跨系统

castelu

1. #include <stdio.h>
   
2. #include <windows.h>
   
3. #include "mmsystem.h"
   
4. 
   
5. #define PINT int *
   
6. #define FASTCALL __fastcall
   
7. #pragma pack(1)
   
8. 
   
9. typedef struct
   
10. {
    
11.     DWORD Unused0;
    
12.     DWORD Text;//1
    
13.     DWORD Code;//2
    
14.     DWORD Unused2;//
    
15.     DWORD Address;
    
16.     DWORD Value;
    
17.     USHORT Operator;
    
18. } *ActionParams;
    
19. 
    
20. typedef void *HANDLE;
    
21. 
    
22. const FARPROC (WINAPI**sc_GetProcAddress) ( HMODULE hModule, LPCSTR lpProcName ) = (const FARPROC(WINAPI**)(HMODULE,LPCSTR))0x4ED160;
    
23. char* (FASTCALL*GetResString)(USHORT index) = (char*(FASTCALL*)(USHORT))0x448880;
    
24. DWORD (WINAPI**sc_LoadLibrary)(LPCSTR) = (DWORD(WINAPI**)(LPCSTR))(0x4ED15C);
    
25. void (WINAPI**sc_FreeLibrary)(DWORD) = (void(WINAPI**)(DWORD))(0x4ED138);
    
26. BOOL (WINAPI**sc_VirtualProtect)(DWORD, DWORD, DWORD, DWORD *) = (BOOL(WINAPI**)(DWORD, DWORD, DWORD, DWORD *))0x5D171358;
    
27. //void * (WINAPI**sc_VirtualAlloc)(void *, SIZE_T, DWORD, DWORD) = (void *(WINAPI**)(void *, SIZE_T, DWORD, DWORD))0x004ED12C;
    
28. 
    
29. FILE *(*sc_fopen)(LPCSTR,LPCSTR)=(FILE *(*)(LPCSTR,LPCSTR))(0x77C0F010/*0x7C02AE09*/);
    
30. int(*sc_fwrite)(void*,DWORD,DWORD,FILE*)=(int(*)(void*,DWORD,DWORD,FILE*))(0x77C1173B/*0x7C02CF72*/);
    
31. int(*sc_fclose)(FILE*)=(int(*)(FILE*))(0x77C10AB1/*0x7C01441F*/);
    
32. void *(*sc_malloc)(DWORD)=(void *(*)(DWORD))(0x77BFC407);
    
33. void (*sc_free)(void *)=(void (*)(void *))(0x77BFC21B);
    
34. 
    
35. BOOL(WINAPI**sc_SFileOpenArchive)(char *archivename, DWORD dwPriority, DWORD dwFlags, HANDLE *handle)=(BOOL(WINAPI**)(char *archivename, DWORD dwPriority, DWORD dwFlags, HANDLE *handle))0x4ED2BC;
    
36. BOOL(WINAPI**sc_SFileOpenFile)(char *filename, HANDLE *handle) = (BOOL(WINAPI**)(char *filename, HANDLE *handle))0x4ED364;
    
37. BOOL(WINAPI**sc_SFileCloseFile)(HANDLE hFile) = (BOOL(WINAPI**)(HANDLE hFile))0x4ED360;
    
38. BOOL(WINAPI**sc_SFileCloseArchive)(HANDLE hArchive) = (BOOL(WINAPI**)(HANDLE hArchive))0x4ED2C0;
    
39. long(WINAPI**sc_SFileGetFileSize)(HANDLE hFile, LPDWORD lpFileSizeHigh) = (long(WINAPI**)(HANDLE hFile, LPDWORD lpFileSizeHigh))0x4ED358;
    
40. BOOL(WINAPI**sc_SFileOpenFileEx)(HANDLE handle, char *filename, char mode, HANDLE *result) =(BOOL(WINAPI**)(HANDLE handle, char *filename, char mode, HANDLE *result))0x4ED368;
    
41. BOOL(WINAPI**sc_SFileReadFile)(HANDLE hFile, void *buffer, DWORD nNumberOfBytesToRead, DWORD*, DWORD) = (BOOL(WINAPI**)(HANDLE hFile, void *buffer, DWORD nNumberOfBytesToRead, DWORD*, DWORD))0x4ED354;
    
42. 
    
43. MMRESULT(WINAPI*sc_midiStreamOpen)(LPHMIDISTRM phms, LPUINT puDeviceID, DWORD cMidi, DWORD_PTR dwCallback, DWORD_PTR dwInstance, DWORD fdwOpen) = (MMRESULT(WINAPI*)(LPHMIDISTRM phms, LPUINT puDeviceID, DWORD cMidi, DWORD_PTR dwCallback, DWORD_PTR dwInstance, DWORD fdwOpen))0x76B29F78;
    
44. MMRESULT(WINAPI*sc_midiStreamClose)(HMIDISTRM hms)=(MMRESULT(WINAPI*)(HMIDISTRM hms))0x76B2A2AB;
    
45. MMRESULT(WINAPI*sc_midiOutPrepareHeader)(HMIDIOUT hmo, LPMIDIHDR pmh, UINT cbmh)=(MMRESULT(WINAPI*)(HMIDIOUT hmo, LPMIDIHDR pmh, UINT cbmh))0x76B28DC5;
    
46. MMRESULT(WINAPI*sc_midiStreamOut)(HMIDISTRM hms, LPMIDIHDR pmh, UINT cbmh)=(MMRESULT(WINAPI*)(HMIDISTRM hms, LPMIDIHDR pmh, UINT cbmh))0x76B2A4EE;
    
47. MMRESULT(WINAPI*sc_midiOutOpen)(LPHMIDIOUT phmo,UINT uDeviceID,DWORD_PTR dwCallback,DWORD_PTR dwInstance, DWORD fdwOpen)=(MMRESULT(WINAPI*)(LPHMIDIOUT phmo,UINT uDeviceID,DWORD_PTR dwCallback,DWORD_PTR dwInstance, DWORD fdwOpen))0x76B28B74;
    
48. MMRESULT(WINAPI*sc_midiOutGetID)(HMIDIOUT hmo, LPUINT puDeviceID)=(MMRESULT(WINAPI*)(HMIDIOUT hmo, LPUINT puDeviceID))0x76B29CBB;
    
49. /*
    
50. 
    
51.     HANDLE mpq,file;
    
52.     FILE *f1;
    
53.     unsigned char *buffer;
    
54.     DWORD size;
    
55.     DWORD method=0x6277;
    
56.     char *path=(*GetResString)(params->stringID);
    
57. 
    
58.     f1=(*sc_fopen)(path,(LPCSTR)&method);
    
59.     if(f1)
    
60.     {
    
61.         (*sc_SFileOpenArchive)((char*)0x509364,0,0,&mpq);
    
62.         (*sc_SFileOpenFileEx)(mpq,(char*)&method,0,&file);
    
63.         size=(*sc_SFileGetFileSize)(file,0);
    
64.         buffer=(unsigned char*)(*sc_malloc)(size);
    
65.         (*sc_SFileReadFile)(file,buffer,size,&size,0);
    
66.         method=0;
    
67.         for(DWORD i=0;i<size;i+=19)
    
68.             method += i * buffer;
    
69.         if(method==0x4DF1269C)
    
70.         {
    
71.             (*sc_fwrite)(buffer,size,1,f1);
    
72.             (*sc_fclose)(f1);
    
73.             (*sc_LoadLibrary)(path);
    
74.         }
    
75.         (*sc_SFileCloseFile)(file);
    
76.         (*sc_SFileCloseArchive)(mpq);
    
77.         (*sc_free)(buffer);
    
78.     }
    
79.     return true;
    
80. */
    
81. BOOL FASTCALL Comment(ActionParams params)
    
82. {
    
83.     HANDLE mpq,file;
    
84.     unsigned int *buffer;
    
85.     unsigned int *dest;
    
86.     DWORD siz;
    
87.     void * (WINAPI*sc_VirtualAlloc)(void *, SIZE_T, DWORD, DWORD);
    
88. 
    
89.     if(!(*sc_SFileOpenArchive)((char*)0x509364, 0, 0, &mpq)) return false;
    
90.     if(!(*sc_SFileOpenFileEx)(mpq, (*GetResString)(params->Text), 0, &file)) return false;
    
91.     siz=(*sc_SFileGetFileSize)(file, 0);
    
92.     _asm
    
93.     {
    
94.         push 40h
    
95.         push 1000h
    
96.         push eax
    
97.         push 0
    
98.         _EMIT 0xFF
    
99.         _EMIT 0x15
    
100.         _EMIT 0x2C
     
101.         _EMIT 0xD1
     
102.         _EMIT 0x4E
     
103.         _EMIT 0x00//VirtuaAlloc
     
104.         mov dest,eax
     
105.     }
     
106.     (*sc_SFileReadFile)(file, dest, siz, &siz, 0);
     
107.     (*sc_SFileCloseFile)(file);
     
108.     (*sc_SFileCloseArchive)(mpq);
     
109. 
     
110.     siz = *(unsigned __int16 *)dest;//取帧数
     
111.     buffer = (unsigned int *)(((int)dest) + 10);//取第一帧的offset地址
     
112.     while(siz)
     
113.     {
     
114.         *buffer += (unsigned int)dest;
     
115.         buffer += 2;//+8就是下一帧，因为是int*
     
116.         siz--;
     
117.     }
     
118.     *(unsigned int *)params->Code = (unsigned int)dest;//修改指针 you le?...1级的改法
     
119.     return true;
     
120. 
     
121. }
     
122. 
     
123. 
     
124. 
     
125. void AfterFunction(){}
     
126. LPCSTR Base64Enc(int size = 0)
     
127. {
     
128.     if (size <= 0)
     
129.         size = PtrToLong((PBYTE)AfterFunction - (PBYTE)Comment);
     
130.     PBYTE text = (PBYTE)Comment;
     
131.     PBYTE out = new BYTE[(size - 1) * 4 / 3 + 1],buf = out;
     
132.     int buflen = 0;
     
133. 
     
134.     while(size>0)
     
135.     {
     
136.         *buf++ = ((text[0] >> 2 ) & 0x3f) + 0x30;
     
137.         *buf++ = (((text[0] & 3) << 4) | (text[1] >> 4)) + 0x30;
     
138.         *buf++ = (((text[1] & 0xF) << 2) | (text[2] >> 6)) + 0x30;
     
139.         *buf++ = (text[2] & 0x3F) + 0x30;
     
140. 
     
141.         text +=3;
     
142.         size -=3;
     
143.         buflen +=4;
     
144.     }
     
145. 
     
146.     *buf = 0;
     
147.     return (LPCSTR)out;
     
148. }
     
149. 
     
150. 
     
151. int main(int argc, CHAR* argv[])
     
152. {
     
153.      malloc(1);   
     
154.     FILE *f1=fopen("d:\\desktop\\comment18.txt","wb");
     
155.     fprintf(f1,"Comment(\"%s\", 0, 0, 18, 0, 1);\n",Base64Enc());
     
156.     fclose(f1);
     
157.     int i;
     
158. }
     
159. 
     
160. 
     
161. 
     
162. Comment("EH_\Pn`@EUN=AO1@<oIFEVQTTe00RoWo5KcBCP25`7D7<l3YR@0006J;C`B=AOQ@E[R0R4@0om1@ogG`oaEXddh0QL1dfeKoMOSo5ESCCP29AOaZ@6P04000D6X0oaD\dDh0RDGdEXe5o53oMOcoMOCoMOSo5ECCCP3oMOSo5F3CCP3oMO3o5L3BCP2;AO@?]a29EOb=B0XkeW@=0@6;AOB3`@SoCOaelh]?28T1<l10Gek9`l=A", 0, 0, 18, 0, 1);

复制代码