使用de4dot-cex反编译原版的hearthbuddy得到的

链接: https://pan.baidu.com/s/1hT79LpIjbyvODsjnkSe_5A 提取码: iemx

class276里面的指针是通过class247得到的

internal Class276(ExternalProcessMemory memory)

{

    this.externalProcessMemory_0 = memory;

    this.intptr_0 = this.method_18("mono.dll");

    this.intptr_31 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_9;

    this.intptr_28 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_17;

    this.intptr_13 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_22;

    this.intptr_16 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_16;

    this.intptr_6 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_7;

    this.intptr_1 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_15;

    this.intptr_15 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_24;

    this.intptr_14 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_21;

    this.intptr_7 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_5;

    this.intptr_19 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_10;

    this.intptr_29 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_35;

    this.intptr_17 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_1;

    this.intptr_25 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_30;

    this.intptr_24 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_25;

    this.intptr_32 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_31;

    this.intptr_34 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_28;

    this.intptr_36 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_0;

    this.intptr_35 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_29;

    this.intptr_23 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_34;

    this.intptr_33 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_33;

    this.intptr_27 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_32;

    this.intptr_12 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_4;

    this.intptr_10 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_3;

    this.intptr_4 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_6;

    this.intptr_8 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_11;

    this.intptr_21 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_23;

    this.intptr_18 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_8;

    this.intptr_5 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_2;

    this.intptr_30 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_19;

    this.intptr_2 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_12;

    this.intptr_9 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_18;

    this.intptr_3 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_14;

    this.intptr_26 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_27;

    this.intptr_22 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_26;

    this.intptr_20 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_13;

    this.intptr_11 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_20;

    this.method_15<bool>("boolean");

    this.method_15<object>("object");

    this.method_15<sbyte>("sbyte");

    this.method_15<byte>("byte");

    this.method_15<short>("int16");

    this.method_15<ushort>("uint16");

    this.method_15<int>("int32");

    this.method_15<uint>("uint32");

    this.method_15<long>("int64");

    this.method_15<ulong>("uint64");

    this.method_15<float>("single");

    this.method_15<double>("double");

    this.method_15<char>("char");

    this.method_15<string>("string");

    this.method_15<Enum>("enum");

}

赋值处理

try

                {

                    TritonHs.class247_0 = new Class247();

                    TritonHs.class247_0.method_1(array, TritonHs.Memory.ImageBase);

                }

                catch (Exception)

                {

                    string_0 = string.Format("The data required to run the bot is corrupted. Please make sure your key is still valid at the Buddy Auth Portal: http://buddyauth.com/User/Keys {0}{0}For any further assistance, please contact support: https://bosslandgmbh.zendesk.com/home", Environment.NewLine);

                    return false;

                }

                TritonHs.class276_0 = new Class276(TritonHs.externalProcessMemory_0);

                using (TritonHs.AcquireFrame())

                {

                    TritonHs.intptr_1 = TritonHs.Class276_0.method_2();

                }

直接new一个class247的实例对象,然后调用method_1。传递的参数是array和TritonHs.Memory.ImageBase

public static ExternalProcessMemory Memory
        {
            get
            {
                return TritonHs.externalProcessMemory_0;
            }
        }

array参数的获取,delegate6_0貌似是从服务器获取地址数据

byte[] array = delegate6_0(TritonHs.String_0, out string_0);

            if (array == null)

            {

                if (string.IsNullOrEmpty(string_0))

                {

                    string_0 = string.Format("The data required to run the bot was not successfully obtained. Please make sure your key is still valid at the Buddy Auth Portal: http://buddyauth.com/User/Keys {0}{0}For any further assistance, please contact support: https://bosslandgmbh.zendesk.com/home", Environment.NewLine);

                }

                return false;

            }

class247里面的method1方法

// ns25.Class247

// Token: 0x06001990 RID: 6544 RVA: 0x000DAF40 File Offset: 0x000D9140

internal unsafe void method_1(byte[] byte_0, IntPtr intptr_1)

{

    this.intptr_0 = new IntPtr[byte_0.Length / ];

    byte b = ;

    byte* ptr;

    if (byte_0 != null && byte_0.Length != )

    {

        fixed (byte* ptr = &byte_0[])

        {

        }

    }

    else

    {

        ptr = null;

    }

    uint* ptr2 = (uint*)ptr;

    for (int i = ; i < this.intptr_0.Length; i++)

    {

        uint uint_ = ptr2[i];

        IntPtr intPtr = new IntPtr((long)((ulong)Class247.smethod_0(uint_, b)));

        this.intptr_0[i] = intPtr;

        b = ((b + ) ?? );

    }

    ptr = null;

    this.method_0(intptr_1);

}

method0方法在对struct106_0 进行赋值

if (ptr4 != null)

    {

        this.struct106_0 = *(Struct106*)ptr4;

    }
// ns25.Class247

// Token: 0x0600198F RID: 6543 RVA: 0x000DAE44 File Offset: 0x000D9044

internal unsafe void method_0(IntPtr intptr_1)

{

    IntPtr[] array = new IntPtr[this.intptr_0.Length];

    this.intptr_0.CopyTo(array, );

    ArraySegment<IntPtr> arraySegment_;

    ArraySegment<IntPtr> arraySegment_2;

    this.method_4(array, out arraySegment_, out arraySegment_2);

    for (int i = arraySegment_.Offset; i < arraySegment_.Count; i++)

    {

        if (arraySegment_.Array[i].ToInt32() > )

        {

            array[i] = array[i] -  + intptr_1.ToInt32();

        }

    }

    IntPtr[] array2;

    IntPtr* ptr;

    if ((array2 = this.method_2<IntPtr>(arraySegment_)) != null && array2.Length != )

    {

        fixed (IntPtr* ptr = &array2[])

        {

        }

    }

    else

    {

        ptr = null;

    }

    byte* ptr2 = (byte*)ptr;

    if (ptr2 != null)

    {

        this.struct105_0 = *(Struct105*)ptr2;

    }

    ptr = null;

    IntPtr* ptr3;

    if ((array2 = this.method_2<IntPtr>(arraySegment_2)) != null && array2.Length != )

    {

        fixed (IntPtr* ptr3 = &array2[])

        {

        }

    }

    else

    {

        ptr3 = null;

    }

    byte* ptr4 = (byte*)ptr3;

    if (ptr4 != null)

    {

        this.struct106_0 = *(Struct106*)ptr4;

    }

    ptr3 = null;

}

所以之前的工作原理,是从服务器获取mono的偏移地址,然后进行后续操作的。

HearthBuddy的class276以及class247的更多相关文章

  1. hearthbuddy中的Class276

    构造函数 需要注意的是this.intptr_0 = this.method_18("mono.dll"); 所以,这个类里面的操作,最后是和mono.dll相关的 interna ...

  2. HearthBuddy中的class276中的地址对应

    2019年09月的 intptr_0 = method_18("mono.dll"); intptr_31 = intptr_0 + 522030; intptr_28 = int ...

  3. HearthBuddy的plugin加载

    // Hearthbuddy.Windows.MainWindow // Token: 0x060001FF RID: 511 RVA: 0x0008951C File Offset: 0x00087 ...

  4. HearthBuddy炉石兄弟 Method 'CollectionDeckBoxVisual.IsValid' not found.

    [CollectionManagerScene_COLLECTION] An exception occurred when calling CacheCustomDecks: System.Miss ...

  5. HearthBuddy 第一次调试

    HearthBuddy https://www.jiligame.com/70639.html 解压缩包,打开hearthbuddy.exe直接运行就可以:不用替换mono.dll直接可用:不需要校验 ...

  6. HearthBuddy修改系统时间

    将以下代码保存在.bat文件,然后用管理员权限运行 pushd "%~dp0" #下面修改时间,根据操作系统的语言不同,会有不同的格式,比如2019-10-26date 10/26 ...

  7. HearthBuddy Ai调试实战1-->出牌的时候,少召唤了图腾就结束回合

    期望通过ai的调试,来搞明白出牌的逻辑. 55是投火无面者63是恐狼前锋34是风怒36是自动漩涡打击装置13是空灵召唤者, "LocStringZhCn": "<b ...

  8. HearthBuddy 日志模块

    // Triton.Common.LogUtilities.CustomLogger // Token: 0x04000BD8 RID: 3032 private Level level_0 = Le ...

  9. HearthBuddy炉石兄弟 如何调试ai

    Sepefeets's update to botmaker's Silverfish AI This AI is a Custom Class for Hearthranger and Hearth ...

随机推荐

  1. git小结-ms

    目录 1.git是什么 2.git怎么工作的 3.git常用命令 4.git提效工具 5.git的技术用语 1.git是什么 git是开源的分布式的版本控制系统,可以有效.高速地处理的项目版本管理.g ...

  2. centos7小命令

    修改时区:timedate [root@centos2 ~]# timedatectl set-timezone Asia/Shanghai 修改语言:localectl [root@centos2 ...

  3. HTML&CSS基础-前端免费开发工具Hbuilder介绍

    HTML&CSS基础-前端免费开发工具Hbuilder介绍 作者:尹正杰 版权声明:原创作品,谢绝转载!否则将追究法律责任. 工欲善其事必先利其器,想要干好活得有一个好的工具. 一.文本编辑工 ...

  4. ssh本机失败(ssh: connect to host localhost port 22: Connection refused)

    ssh本机失败(ssh: connect to host localhost port 22: Connection refused) 一. 问题描述 之前一直在服务上使用宝塔面板, 今天突发奇想, ...

  5. 科普文:Node.js 如何上传文件到后端服务【转】

    原文链接 https://www.yuque.com/egg/nodejs/httpclient-upload 背景 互联网时代,无数服务是基于 HTTP 协议进行通信的. 除了常见的 前端浏览器 - ...

  6. Run Multiple Webpack Configs Sequentially

    https://www.viget.com/articles/run-multiple-webpack-configs-sequentially/ const path = require('path ...

  7. Python 过滤a文件中每一行内容,保存到b文件中

    #coding=utf-8print 1#初始化文件crash_log.log with open('e:/1/crash_log.log','w')as f: f.close() def fw(se ...

  8. 安装 uwsgi报错解决

    背景: 安装 uwsgi时报错如下,查阅相关资料说是 python-devel的问题,于是安装之后python-devel后问题解决 报错如下: (venv) [xxxxxxx]# pip insta ...

  9. set/priority_queue的运算符重载

    #include<bits/stdc++.h> using namespace std; struct cmp { bool operator ()(int a, int b) //重载小 ...

  10. Node.js安装,多版本管理以及修改npm下载的镜像源

    注意:在操作之前建议先把整个文章看完,在决定要不要配置!!!!! 1.下载    地址:http://nodejs.cn/download/        根据系统对应版本下载文件 2.安装    下 ...