def fnHook_Encrypt(dbg, args): if not CPacketHookBase.isActiveDbg(): dbg.debugger_active = False return DBG_CONTINUE hSocket = 0 pBuf = args[1] nLen = args[2] # 获得函数返回地址 strBuf = dbg.read_process_memory(dbg.context.Esp, 4) addrRetFun = struct.unpack("I", strBuf)[0] # 获得buffer内容 lstMemory = dbg.read_process_memory(pBuf, nLen) strBinary = mkString2Binary(lstMemory, nLen) # 过滤心跳包 if addrRetFun == 0x008C550C: return DBG_CONTINUE if (nLen == 0x0010) or ( strBinary == "61 08 4C 75 03 00 00 00 02 15 FD 41 D3 FC AE 43 "): return DBG_CONTINUE if (nLen == 0x0004) or (strBinary == "7E 04 EB 23 "): return DBG_CONTINUE if g_BufMap.has_key(lstMemory): dbg.write_process_memory(pBuf, g_BufMap[lstMemory]) strFunName = sys._getframe().f_code.co_name # 组合strLog strLog = CPacketHookBase.m_strLogFormat % (dbg.h_thread, strFunName, addrRetFun, hSocket, nLen, pBuf, strBinary) khzLog(strLog) return DBG_CONTINUE pass
def fnHook_Encrypt( dbg, args ): if not CPacketHookBase.isActiveDbg(): dbg.debugger_active = False return DBG_CONTINUE hSocket = 0 pBuf = args[1] nLen = args[2] # 获得函数返回地址 strBuf = dbg.read_process_memory(dbg.context.Esp, 4) addrRetFun = struct.unpack("I", strBuf)[0] # 获得buffer内容 lstMemory = dbg.read_process_memory(pBuf, nLen) strBinary = mkString2Binary(lstMemory, nLen) # 过滤心跳包 if addrRetFun == 0x008C550C: return DBG_CONTINUE if (nLen == 0x0010) or (strBinary == "61 08 4C 75 03 00 00 00 02 15 FD 41 D3 FC AE 43 "): return DBG_CONTINUE if (nLen == 0x0004) or (strBinary == "7E 04 EB 23 "): return DBG_CONTINUE if g_BufMap.has_key(lstMemory): dbg.write_process_memory(pBuf, g_BufMap[lstMemory]) strFunName = sys._getframe().f_code.co_name # 组合strLog strLog = CPacketHookBase.m_strLogFormat % (dbg.h_thread, strFunName, addrRetFun, hSocket, nLen, pBuf, strBinary) khzLog(strLog) return DBG_CONTINUE pass
def __init__(self, strGameExeName): CPacketHookBase.__init__(self, strGameExeName) pass
def __init__(self, strGameExeName): CPacketHookBase.__init__(self, strGameExeName) pass