diff --git a/unlockfps/main.cpp b/unlockfps/main.cpp index f2fbe66..cc69d07 100644 --- a/unlockfps/main.cpp +++ b/unlockfps/main.cpp @@ -28,27 +28,27 @@ const std::vector PrioityClass = { //credit by winTEuser BYTE _shellcode_genshin[] = { - 0x00, 0x00, 0x00, 0x00, // DWORD unlocker_pid _shellcode_genshin[0] - 0x00, 0x00, 0x00, 0x00, // DWORD unlocker_Handle _shellcode_genshin[4] + 0x00, 0x00, 0x00, 0x00, // uint32_t unlocker_pid _shellcode_genshin[0] + 0x00, 0x00, 0x00, 0x00, // uint32_t unlocker_Handle _shellcode_genshin[4] 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, //DWORD64 unlocker_FpsValue_addr _shellcode_genshin[8] 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, //DWORD64 API_OpenProcess _shellcode_genshin[16] 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, //DWORD64 API_ReadProcessmem _shellcode_genshin[24] 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, //DWORD64 API_Sleep _shellcode_genshin[32] - 0x00, 0x00, 0x00, 0x00, //uint32_t Readmem_buffer _shellcode_genshin[40] + 0x00, 0x00, 0x00, 0x00, //uint32_t Readmem_buffer _shellcode_genshin[40] 0xCC, 0xCC, 0xCC, 0xCC, //int3 0x48, 0x83, 0xEC, 0x38, //sub rsp,0x38 _shellcode_genshin[48] _sync_thread 0x8B, 0x05, 0xC6, 0xFF, 0xFF, 0xFF, //mov eax,dword[unlocker_pid] 0x85, 0xC0, //test eax - 0x74, 0x49, //je return + 0x74, 0x5B, //je return 0x41, 0x89, 0xC0, //mov r8d,eax 0x33, 0xD2, //xor edx,edx 0xB9, 0xFF, 0xFF, 0x1F, 0x00, //mov ecx,1FFFFF 0xFF, 0x15, 0xC2, 0xFF, 0xFF, 0xFF, //call [API_OpenProcess] 0x85, 0xC0, //test eax - 0x74, 0x35, //je return + 0x74, 0x47, //je return 0x89, 0x05, 0xAC, 0xFF, 0xFF, 0xFF, //mov dword[unlocker_Handle],eax 0x89, 0xC6, //mov esi,eax - 0x48, 0x8B, 0x3D, 0xA7, 0xFF, 0xFF, 0xFF, //mov rdi,qword[unlocker_FpsValue_addr] + 0x48, 0x8B, 0x3D, 0xA7, 0xFF, 0xFF, 0xFF,//mov rdi,qword[unlocker_FpsValue_addr] 0x0F, 0x1F, 0x00, //nop 0x89, 0xF1, //mov ecx,esi //Read_tar_fps 0x48, 0x89, 0xFA, //mov rdx,rdi @@ -58,29 +58,44 @@ BYTE _shellcode_genshin[] = 0x48, 0x89, 0x44, 0x24, 0x20, //mov qword ptr ss:[rsp+20],rax 0xFF, 0x15, 0x95, 0xFF, 0xFF, 0xFF, //call [API_ReadProcessmem] 0x85, 0xC0, //test eax - 0x75, 0x06, //jne sleep - 0x48, 0x83, 0xC4, 0x38, //add rsp,0x38 //return + 0x74, 0x12, //jz return + 0xB9, 0xE8, 0x03, 0x00, 0x00, //mov ecx,0x3E8 (1000ms) + 0xFF, 0x15, 0x8E, 0xFF, 0xFF, 0xFF, //call [API_Sleep] + 0xE8, 0x49, 0x00, 0x00, 0x00, //call Sync_Set + 0xEB, 0xCB, //jmp Read_tar_fps + 0x48, 0x83, 0xC4, 0x38, //add rsp,0x38 0xC3, //ret - 0xCC, //int3 - 0xB9, 0xE8, 0x03, 0x00, 0x00, //mov ecx,0x3e8 //(1000ms) sleep - 0xFF, 0x15, 0x88, 0xFF, 0xFF, 0xFF, //call [API_Sleep] - 0xEB, 0xCA, //jmp Read_tar_fps - 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, //int3 - 0x83, 0xF9, 0x1E, //cmp ecx,0x1E //hook_fps_set _shellcode_genshin[160] - 0x74, 0x14, //je set 60 - 0x83, 0xF9, 0x2D, //cmp ecx,0x2D - 0x74, 0x07, //je set tar_fps - 0xB9, 0xFF, 0xFF, 0xFF, 0xFF, //mov ecx, -1 //default set unlimited - 0xEB, 0x0D, //jmp set - 0x8B, 0x0D, 0x71, 0xFF, 0xFF, 0xFF, //mov ecx,[Readmem_buffer] + 0xCC, 0xCC, //int3 + 0x89, 0x0D, 0x22, 0x00, 0x00, 0x00, //mov [Game_Current_set], ecx //hook_fps_set _shellcode_genshin[160] + 0xEB, 0x00, //nop + 0x83, 0xF9, 0x1E, //cmp ecx, 0x1E + 0x74, 0x0C, //je set 60 + 0x83, 0xF9, 0x2D, //cmp ecx, 0x2D + 0x74, 0x12, //je return + 0xB9, 0xFF, 0xFF, 0xFF, 0xFF, //mov ecx,[Readmem_buffer] 0xEB, 0x05, //jmp set 0xB9, 0x3C, 0x00, 0x00, 0x00, //mov ecx,0x3C - 0x89, 0x0D, 0x0D, 0x00, 0x00, 0x00, //mov [hook_set],ecx + 0x89, 0x0D, 0x0D, 0x00, 0x00, 0x00, //mov [hook_fps_get + 1],ecx 0xC3, //ret - 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, //int3 + 0xCC, 0xCC, 0xCC, //int3 + 0x00, 0x00, 0x00, 0x00, //uint32_t Game_Current_set + 0xCC, 0xCC, 0xCC, 0xCC, //int3 0xB8,0x78, 0x00, 0x00, 0x00, //mov eax,0x78 //hook_fps_get _shellcode_genshin[208] 0xC3, //ret - 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC //int3 + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,//int3 + 0x56, //push rsi //Sync_Set + 0x57, //push rdi + 0x48, 0x83, 0xEC, 0x18, //sub rsp, 0x18 + 0x8B, 0x05, 0xDC, 0xFF, 0xFF, 0xFF, //mov eax, dword[Game_Current_set] + 0x83, 0xF8, 0x2D, //cmp eax, 0x2D + 0x75, 0x0C, //jne return + 0x8B, 0x05, 0x31, 0xFF, 0xFF, 0xFF, //mov eax, dword[Game_Current_set] + 0x89, 0x05, 0xD4, 0xFF, 0xFF, 0xFF, //mov dword[hook_fps_get + 1], eax + 0x48, 0x83, 0xC4, 0x18, //add rsp, 0x18 + 0x5F, //pop rdi + 0x5E, //pop rsi + 0xC3, //ret + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC }; // 特征搜索 - 不是我写的 - 忘了在哪拷的