mirror of
https://github.com/wangdage12/genshin-fps-unlock.git
synced 2026-02-18 02:42:13 +08:00
sync shellcode from winTEuser
This commit is contained in:
荣耀的捍卫者
@@ -28,27 +28,27 @@ const std::vector<DWORD> PrioityClass = {
|
||||
//credit by winTEuser
|
||||
BYTE _shellcode_genshin[] =
|
||||
{
|
||||
0x00, 0x00, 0x00, 0x00, // DWORD unlocker_pid _shellcode_genshin[0]
|
||||
0x00, 0x00, 0x00, 0x00, // DWORD unlocker_Handle _shellcode_genshin[4]
|
||||
0x00, 0x00, 0x00, 0x00, // uint32_t unlocker_pid _shellcode_genshin[0]
|
||||
0x00, 0x00, 0x00, 0x00, // uint32_t unlocker_Handle _shellcode_genshin[4]
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, //DWORD64 unlocker_FpsValue_addr _shellcode_genshin[8]
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, //DWORD64 API_OpenProcess _shellcode_genshin[16]
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, //DWORD64 API_ReadProcessmem _shellcode_genshin[24]
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, //DWORD64 API_Sleep _shellcode_genshin[32]
|
||||
0x00, 0x00, 0x00, 0x00, //uint32_t Readmem_buffer _shellcode_genshin[40]
|
||||
0x00, 0x00, 0x00, 0x00, //uint32_t Readmem_buffer _shellcode_genshin[40]
|
||||
0xCC, 0xCC, 0xCC, 0xCC, //int3
|
||||
0x48, 0x83, 0xEC, 0x38, //sub rsp,0x38 _shellcode_genshin[48] _sync_thread
|
||||
0x8B, 0x05, 0xC6, 0xFF, 0xFF, 0xFF, //mov eax,dword[unlocker_pid]
|
||||
0x85, 0xC0, //test eax
|
||||
0x74, 0x49, //je return
|
||||
0x74, 0x5B, //je return
|
||||
0x41, 0x89, 0xC0, //mov r8d,eax
|
||||
0x33, 0xD2, //xor edx,edx
|
||||
0xB9, 0xFF, 0xFF, 0x1F, 0x00, //mov ecx,1FFFFF
|
||||
0xFF, 0x15, 0xC2, 0xFF, 0xFF, 0xFF, //call [API_OpenProcess]
|
||||
0x85, 0xC0, //test eax
|
||||
0x74, 0x35, //je return
|
||||
0x74, 0x47, //je return
|
||||
0x89, 0x05, 0xAC, 0xFF, 0xFF, 0xFF, //mov dword[unlocker_Handle],eax
|
||||
0x89, 0xC6, //mov esi,eax
|
||||
0x48, 0x8B, 0x3D, 0xA7, 0xFF, 0xFF, 0xFF, //mov rdi,qword[unlocker_FpsValue_addr]
|
||||
0x48, 0x8B, 0x3D, 0xA7, 0xFF, 0xFF, 0xFF,//mov rdi,qword[unlocker_FpsValue_addr]
|
||||
0x0F, 0x1F, 0x00, //nop
|
||||
0x89, 0xF1, //mov ecx,esi //Read_tar_fps
|
||||
0x48, 0x89, 0xFA, //mov rdx,rdi
|
||||
@@ -58,29 +58,44 @@ BYTE _shellcode_genshin[] =
|
||||
0x48, 0x89, 0x44, 0x24, 0x20, //mov qword ptr ss:[rsp+20],rax
|
||||
0xFF, 0x15, 0x95, 0xFF, 0xFF, 0xFF, //call [API_ReadProcessmem]
|
||||
0x85, 0xC0, //test eax
|
||||
0x75, 0x06, //jne sleep
|
||||
0x48, 0x83, 0xC4, 0x38, //add rsp,0x38 //return
|
||||
0x74, 0x12, //jz return
|
||||
0xB9, 0xE8, 0x03, 0x00, 0x00, //mov ecx,0x3E8 (1000ms)
|
||||
0xFF, 0x15, 0x8E, 0xFF, 0xFF, 0xFF, //call [API_Sleep]
|
||||
0xE8, 0x49, 0x00, 0x00, 0x00, //call Sync_Set
|
||||
0xEB, 0xCB, //jmp Read_tar_fps
|
||||
0x48, 0x83, 0xC4, 0x38, //add rsp,0x38
|
||||
0xC3, //ret
|
||||
0xCC, //int3
|
||||
0xB9, 0xE8, 0x03, 0x00, 0x00, //mov ecx,0x3e8 //(1000ms) sleep
|
||||
0xFF, 0x15, 0x88, 0xFF, 0xFF, 0xFF, //call [API_Sleep]
|
||||
0xEB, 0xCA, //jmp Read_tar_fps
|
||||
0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, //int3
|
||||
0x83, 0xF9, 0x1E, //cmp ecx,0x1E //hook_fps_set _shellcode_genshin[160]
|
||||
0x74, 0x14, //je set 60
|
||||
0x83, 0xF9, 0x2D, //cmp ecx,0x2D
|
||||
0x74, 0x07, //je set tar_fps
|
||||
0xB9, 0xFF, 0xFF, 0xFF, 0xFF, //mov ecx, -1 //default set unlimited
|
||||
0xEB, 0x0D, //jmp set
|
||||
0x8B, 0x0D, 0x71, 0xFF, 0xFF, 0xFF, //mov ecx,[Readmem_buffer]
|
||||
0xCC, 0xCC, //int3
|
||||
0x89, 0x0D, 0x22, 0x00, 0x00, 0x00, //mov [Game_Current_set], ecx //hook_fps_set _shellcode_genshin[160]
|
||||
0xEB, 0x00, //nop
|
||||
0x83, 0xF9, 0x1E, //cmp ecx, 0x1E
|
||||
0x74, 0x0C, //je set 60
|
||||
0x83, 0xF9, 0x2D, //cmp ecx, 0x2D
|
||||
0x74, 0x12, //je return
|
||||
0xB9, 0xFF, 0xFF, 0xFF, 0xFF, //mov ecx,[Readmem_buffer]
|
||||
0xEB, 0x05, //jmp set
|
||||
0xB9, 0x3C, 0x00, 0x00, 0x00, //mov ecx,0x3C
|
||||
0x89, 0x0D, 0x0D, 0x00, 0x00, 0x00, //mov [hook_set],ecx
|
||||
0x89, 0x0D, 0x0D, 0x00, 0x00, 0x00, //mov [hook_fps_get + 1],ecx
|
||||
0xC3, //ret
|
||||
0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, //int3
|
||||
0xCC, 0xCC, 0xCC, //int3
|
||||
0x00, 0x00, 0x00, 0x00, //uint32_t Game_Current_set
|
||||
0xCC, 0xCC, 0xCC, 0xCC, //int3
|
||||
0xB8,0x78, 0x00, 0x00, 0x00, //mov eax,0x78 //hook_fps_get _shellcode_genshin[208]
|
||||
0xC3, //ret
|
||||
0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC //int3
|
||||
0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,//int3
|
||||
0x56, //push rsi //Sync_Set
|
||||
0x57, //push rdi
|
||||
0x48, 0x83, 0xEC, 0x18, //sub rsp, 0x18
|
||||
0x8B, 0x05, 0xDC, 0xFF, 0xFF, 0xFF, //mov eax, dword[Game_Current_set]
|
||||
0x83, 0xF8, 0x2D, //cmp eax, 0x2D
|
||||
0x75, 0x0C, //jne return
|
||||
0x8B, 0x05, 0x31, 0xFF, 0xFF, 0xFF, //mov eax, dword[Game_Current_set]
|
||||
0x89, 0x05, 0xD4, 0xFF, 0xFF, 0xFF, //mov dword[hook_fps_get + 1], eax
|
||||
0x48, 0x83, 0xC4, 0x18, //add rsp, 0x18
|
||||
0x5F, //pop rdi
|
||||
0x5E, //pop rsi
|
||||
0xC3, //ret
|
||||
0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC
|
||||
};
|
||||
|
||||
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>д<EFBFBD><D0B4> - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ<EFBFBD><C4BF><EFBFBD>
|
||||
|
||||
Reference in New Issue
Block a user