继续讨论这个问题。
第一贴:
http://community.csdn.net/Expert/topic/4873/4873074.xml?temp=.9158594
第二贴:
http://community.csdn.net/Expert/topic/4900/4900218.xml?temp=.6522333
第一贴:
http://community.csdn.net/Expert/topic/4873/4873074.xml?temp=.9158594
第二贴:
http://community.csdn.net/Expert/topic/4900/4900218.xml?temp=.6522333
fxy_2002(阿勇) —————————————————————— 500
Modest(塞北雪貂)·(偶最欣赏楼主的分) ———————————1000:)
先记在这里,省得去找啦~~~
发送:
SEND
SENDTO
WSASEND
WSASENDTO
接收:
RECV
RECVFROM
WSARECV
WASRECVFROM
发送和接收他们两个是按上述次序成对的:)
雪貂 ———— 400
绿豆 ———— 200
其他同志还没回,0以上2位的分还没加够。请大家回复非技术里面HOOK问题-----加分贴,现在还有3个帖子
一分钟测试你的爱机
这是我机的报告
《一分钟测试》测试报告:机器名: OUYUE-DKW8UT4OO
处理器: INTEL Pentium-IV model 2
CPU特性: MMX SSE SSE2
CPU主频: 2393 MHz
显 卡: NVIDIA GeForce2 MX/MX 400 (Microsoft Corporation)
显卡ID: 10DE 0110
显存容量: 1842 MB
显卡模式: 1024x768 16bit
硬盘空间: 总共76286M 剩余52773M
BIOS类型: IntelR - 42302e31 Phoenix - AwardBIOS v6.00PG Phoenix - AwardBIOS v6.00PG
BIOS日期: 02/02/04
物理内存: 总共512M 剩余182M
虚存文件: 总共1708M 剩余309M
操作系统: WinXP 5.2.3790
测试时间: 2006-07-26 21:24:37
测试设置: 标准设置
: 测试成绩
一分钟基准得分: 1.50
整数性能: 82.56 M次/秒 相对速度2.31
浮点性能: 6.46 M次/秒 相对速度1.90
内存性能: 567.7 MB/秒 相对速度2.24
磁盘性能: 12.31 MB/秒 相对速度0.73
DirectDraw: 109.2 MB/秒 相对速度0.32
:
: 性能分析与升级建议:(与2000年主流台式机相比较)
:
总体性能: 中上
总体评价: 中档机型,可满足大多数办公、游戏和商业应用需要
建议用途: 更适合办公或者商业用途
性能瓶颈: 显卡
内存容量: 现在可以不用增加内存。 www.77school.com
下载地址: http://www.77school.com/down/downview.asp?id=12101
用以下部分覆盖绿豆代码中的frmMain.frm的内容(是修改窗体文件,而不是代码)
VERSION 5.00
Begin VB.Form frmMain
BorderStyle = 1 'Fixed Single
Caption = "API钩子示例 - 联众三打一封包拦截"
ClientHeight = 5835
ClientLeft = 45
ClientTop = 330
ClientWidth = 9720
Icon = "frmMain.frx":0000
LinkTopic = "Form1"
MaxButton = 0 'False
ScaleHeight = 5835
ScaleWidth = 9720
StartUpPosition = 2 '屏幕中心
Begin VB.Timer Timer2
Interval = 100
Left = 4320
Top = 2640
End
Begin VB.Timer Timer1
Interval = 100
Left = 4320
Top = 4680
End
Begin VB.TextBox Text2
Height = 5415
Left = 120
MultiLine = -1 'True
ScrollBars = 2 'Vertical
TabIndex = 1
Top = 480
Width = 9495
End
Begin VB.Label lblProcCount
AutoSize = -1 'True
Height = 180
Left = 210
TabIndex = 0
Top = 120
Width = 9330
End
End
Attribute VB_Name = "frmMain"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Option Explicit
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long
Private Const TH32CS_SNAPPROCESS = &H2
Private Const TH32CS_SNAPMODULE = &H8Private Declare Function Module32First Lib "kernel32" (ByVal hSnapShot As Long, lpme As MODULEENTRY32) As Long
Private Declare Function Module32Next Lib "kernel32" (ByVal hSnapShot As Long, lpme As MODULEENTRY32) As LongPrivate Declare Function Process32First Lib "kernel32" (ByVal hSnapShot As Long, lppe As PROCESSENTRY32) As Long
Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapShot As Long, lppe As PROCESSENTRY32) As LongPrivate Type MODULEENTRY32
dwSize As Long
th32ModuleID As Long
th32ProcessID As Long
GlblcntUsage As Long
ProccntUsage As Long
modBaseAddr As Long
modBaseSize As Long
mModBasule As Long
szModule As String * 256
szExePath As String * 260
End TypePrivate Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szExePath As String * 260
End TypePrivate Const HOOKED_COLOR As Long = &HFFPrivate m_atModEntries() As MODULEENTRY32
Private m_atProcEntries() As PROCESSENTRY32Private WithEvents m_oExpHooker As CVBAPIHooker
Attribute m_oExpHooker.VB_VarHelpID = -1
Private mAA As Boolean
Private mPrcID As Long
Private mModBas As Long
Private mTag As Long
'获取模块表
'****************************
Private Function GetModEntries(ByVal lProcessID As Long, atModEntries() As MODULEENTRY32) As Boolean
On Error GoTo Error_Handler
Dim hSnapShot As Long
Dim i As Long
Erase atModEntries
If lProcessID = 0 Or lProcessID = 4 Then
Exit Function
End If
hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, lProcessID)
If hSnapShot <> -1 Then
i = 0
ReDim atModEntries(i)
atModEntries(i).dwSize = LenB(atModEntries(i))
If Module32First(hSnapShot, atModEntries(i)) <> 0 Then
Do
i = i + 1
ReDim Preserve atModEntries(i)
atModEntries(i).dwSize = LenB(atModEntries(i))
If Module32Next(hSnapShot, atModEntries(i)) = 0 Then
ReDim Preserve atModEntries(i - 1)
Exit Do
End If
Loop
End If
CloseHandle hSnapShot
GetModEntries = True
End If
Exit Function
Error_Handler:
If hSnapShot <> -1 Then CloseHandle (hSnapShot)
End Function'获取进程表
Private Function GetProcEntries(atProcEntries() As PROCESSENTRY32) As Boolean
On Error GoTo Error_Handler
Dim hSnapShot As Long
Dim i As Long
Erase atProcEntries
hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
If hSnapShot <> -1 Then
i = 0
ReDim atProcEntries(i)
atProcEntries(i).dwSize = LenB(atProcEntries(i))
If Process32First(hSnapShot, atProcEntries(i)) <> 0 Then
Do
i = i + 1
ReDim Preserve atProcEntries(i)
atProcEntries(i).dwSize = LenB(atProcEntries(i))
If Process32Next(hSnapShot, atProcEntries(i)) = 0 Then
ReDim Preserve atProcEntries(i - 1)
Exit Do
End If
Loop
End If
CloseHandle hSnapShot
GetProcEntries = True
End If
Exit Function
Error_Handler:
If hSnapShot <> -1 Then CloseHandle (hSnapShot)
End Function
'******************************
Private Function FillModList(atModEntries() As MODULEENTRY32) As Boolean
Dim i As Long
Dim mBo As Boolean
Do
For i = LBound(atModEntries) To UBound(atModEntries)
'**************************************
If InStr(1, UCase$(atModEntries(i).szModule), "WSOCK32.DLL") Then
mModBas = atModEntries(i).mModBasule
mBo = True
Exit For
End If
Next
DoEvents
If mBo Then Exit Do
Loop
lblProcCount.Caption = "已经找到WOSCK.DLL,地址:" '& "&H" & Hex(mModBas)
Dim oPEFnLocator As CVBPEFnLocator
Dim avExports() As Variant
Set oPEFnLocator = New CVBPEFnLocator
If oPEFnLocator.SetTargetTo(mPrcID) Then
If oPEFnLocator.GetExports(mModBas, avExports()) Then
'FillExportList (avExports())
mnuHook2_Click
End If End If
Set oPEFnLocator = Nothing
End Function
'*********************************
Private Function FillProcList(atProcEntries() As PROCESSENTRY32) As Boolean
Dim i As Long
lblProcCount.Caption = "正在等待启动游戏,循环查找THREETOONE.EXE进程…………"
For i = LBound(atProcEntries) To UBound(atProcEntries)
'***********
If InStr(1, UCase$(atProcEntries(i).szExePath), "THREETOONE.EXE") Then
mPrcID = atProcEntries(i).th32ProcessID
lblProcCount.Caption = "已经找到THREETOONE.EXE进程,正在等待其加载WSOCK.DLL"
Timer1.Enabled = False
End If
Next If GetModEntries(CLng(mPrcID), m_atModEntries) Then
FillModList m_atModEntries()
End IfEnd Function
Private Sub Timer1_Timer()
If GetProcEntries(m_atProcEntries) Then
FillProcList m_atProcEntries()
End If
End Sub
Private Sub Form_DblClick()
mAA = True
End SubPrivate Sub Form_Load() Call AquireDebugToken Set m_oExpHooker = New CVBAPIHooker
Timer1.Enabled = True
Timer2.Enabled = False
End SubPrivate Sub Form_Unload(Cancel As Integer)
Timer2.Enabled = True
Set m_oExpHooker = Nothing
End
End SubPrivate Sub m_oExpHooker_BeforeAction(ByVal lHookID As Long, ByVal lHookType As Long, ByVal sAPIName As String, ByVal lpArgs As Long, fBlock As Boolean, lArgCount As Long, ByVal lReturnAddress As Long) mAA = False
'*******************************
Dim alArgsEx() As Long
Dim mBuff() As Byte
Dim mIndex As Long
Dim TempStr As String
'*******************************
With m_oExpHooker
'******************************************
.GetArguments alArgsEx(), 4
'If alArgsEx(2) = 20 Or alArgsEx(2) = 8 Then
ReDim mBuff(alArgsEx(2) - 1) As Byte
.Pmemcpy2local VarPtr(mBuff(0)), alArgsEx(1), alArgsEx(2)
'If CLng(mBuff(4)) = 1 Or alArgsEx(2) = 8 Then
TempStr = "===============================================" & alArgsEx(2) & vbCrLf
For mIndex = 0 To UBound(mBuff)
TempStr = TempStr & Right$("0" & Hex(mBuff(mIndex)), 2) & " "
'TempStr = TempStr & Chr(mBuff(mIndex)) & " "
Next
Text2.Text = Text2.Text & TempStr & vbCrLf
Text2.SelStart = Len(Text2.Text)
'End If
' End If
End With
End SubPrivate Sub m_oExpHooker_AfterAction(ByVal lHookID As Long, ByVal lHookType As Long, ByVal sAPIName As String, ByVal fIntercepted As Boolean, lRetValue As Long)
mAA = True
End SubPrivate Function mnuHook2_Click()
On Error GoTo Error_Handler
Static pid As Long
Dim sLibname As String
If mPrcID <> pid Then
pid = mPrcID
If Not m_oExpHooker.SetTargetTo(pid) Then
Exit Function
End If
End If
mTag = m_oExpHooker.HookExport(mModBas, "recv", False)
If mTag <> -1 Then
lblProcCount.Caption = "API钩子安装成功,已经开始接收游戏封包!"
Else
mTag = ""
lblProcCount.Caption = "非常抱歉,API钩子安装失败!"
End If Exit Function
Error_Handler:
End FunctionPrivate Sub Text2_DblClick()
Text2.Text = ""
End SubPrivate Sub Timer2_Timer()If mAA Then
If m_oExpHooker.Unhook(mTag) Then
mTag = ""
MsgBox "钩子卸载成功!"
Timer2.Enabled = False
Else
MsgBox "钩子卸载失败!"
End If
End IfEnd Sub覆盖以后,启动联众,进入你的三打一(地方三打一也可以),就可以看见所有接收的封包内容了,进一步分析封包,就可以得到具体牌了,简单介绍点,封包牌的分析是被我注释掉的
alArgsEx(2) = 20 和 CLng(mBuff(4)) = 1就可以得到牌了,具体说,封包是20的长度,第1个位置是出牌人位置标志,第5个位置是出的张数(1张),第17个位置是出的牌,牌解密如下:
3 4 5 6 7 8 9 10 J Q K A 2 方 00 01 02 03 04 05 06 07 08 09 0A 0B 0C花 0D 0E 0F 10 11 12 13 14 15 16 17 18 19红 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26黑 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33小鬼: 34
大鬼: 35
我实在是没时间了,哈哈,代码就先改到这里,过几天再来看。
或 绿豆
有个疑问,拦截封包在事件 m_oExpHooker_BeforeAction 中读取包数据的话,这个时候实际还没有读包数据,读出来的数据有可能是上一次的,也可能根本就不知道是什么数据(因为该缓冲区可能是临时分配的)。
我觉得应该在事件m_oExpHooker_AfterAction中读取包数据,但把m_oExpHooker_BeforeAction 中的代码拷贝到m_oExpHooker_AfterAction后,发现程序运行后就没有响应,THREETOONE.EXE进程也被阻死。
不知道是什么原因,在m_oExpHooker_AfterAction中处理的话,代码该如何写?