使用de4dot-cex反编译原版的hearthbuddy得到的

链接: https://pan.baidu.com/s/1hT79LpIjbyvODsjnkSe_5A 提取码: iemx

class276里面的指针是通过class247得到的

internal Class276(ExternalProcessMemory memory)

{

    this.externalProcessMemory_0 = memory;

    this.intptr_0 = this.method_18("mono.dll");

    this.intptr_31 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_9;

    this.intptr_28 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_17;

    this.intptr_13 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_22;

    this.intptr_16 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_16;

    this.intptr_6 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_7;

    this.intptr_1 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_15;

    this.intptr_15 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_24;

    this.intptr_14 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_21;

    this.intptr_7 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_5;

    this.intptr_19 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_10;

    this.intptr_29 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_35;

    this.intptr_17 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_1;

    this.intptr_25 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_30;

    this.intptr_24 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_25;

    this.intptr_32 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_31;

    this.intptr_34 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_28;

    this.intptr_36 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_0;

    this.intptr_35 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_29;

    this.intptr_23 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_34;

    this.intptr_33 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_33;

    this.intptr_27 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_32;

    this.intptr_12 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_4;

    this.intptr_10 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_3;

    this.intptr_4 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_6;

    this.intptr_8 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_11;

    this.intptr_21 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_23;

    this.intptr_18 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_8;

    this.intptr_5 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_2;

    this.intptr_30 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_19;

    this.intptr_2 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_12;

    this.intptr_9 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_18;

    this.intptr_3 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_14;

    this.intptr_26 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_27;

    this.intptr_22 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_26;

    this.intptr_20 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_13;

    this.intptr_11 = this.intptr_0 + TritonHs.class247_0.struct106_0.int_20;

    this.method_15<bool>("boolean");

    this.method_15<object>("object");

    this.method_15<sbyte>("sbyte");

    this.method_15<byte>("byte");

    this.method_15<short>("int16");

    this.method_15<ushort>("uint16");

    this.method_15<int>("int32");

    this.method_15<uint>("uint32");

    this.method_15<long>("int64");

    this.method_15<ulong>("uint64");

    this.method_15<float>("single");

    this.method_15<double>("double");

    this.method_15<char>("char");

    this.method_15<string>("string");

    this.method_15<Enum>("enum");

}

赋值处理

try

                {

                    TritonHs.class247_0 = new Class247();

                    TritonHs.class247_0.method_1(array, TritonHs.Memory.ImageBase);

                }

                catch (Exception)

                {

                    string_0 = string.Format("The data required to run the bot is corrupted. Please make sure your key is still valid at the Buddy Auth Portal: http://buddyauth.com/User/Keys {0}{0}For any further assistance, please contact support: https://bosslandgmbh.zendesk.com/home", Environment.NewLine);

                    return false;

                }

                TritonHs.class276_0 = new Class276(TritonHs.externalProcessMemory_0);

                using (TritonHs.AcquireFrame())

                {

                    TritonHs.intptr_1 = TritonHs.Class276_0.method_2();

                }

直接new一个class247的实例对象,然后调用method_1。传递的参数是array和TritonHs.Memory.ImageBase

public static ExternalProcessMemory Memory
        {
            get
            {
                return TritonHs.externalProcessMemory_0;
            }
        }

array参数的获取,delegate6_0貌似是从服务器获取地址数据

byte[] array = delegate6_0(TritonHs.String_0, out string_0);

            if (array == null)

            {

                if (string.IsNullOrEmpty(string_0))

                {

                    string_0 = string.Format("The data required to run the bot was not successfully obtained. Please make sure your key is still valid at the Buddy Auth Portal: http://buddyauth.com/User/Keys {0}{0}For any further assistance, please contact support: https://bosslandgmbh.zendesk.com/home", Environment.NewLine);

                }

                return false;

            }

class247里面的method1方法

// ns25.Class247

// Token: 0x06001990 RID: 6544 RVA: 0x000DAF40 File Offset: 0x000D9140

internal unsafe void method_1(byte[] byte_0, IntPtr intptr_1)

{

    this.intptr_0 = new IntPtr[byte_0.Length / ];

    byte b = ;

    byte* ptr;

    if (byte_0 != null && byte_0.Length != )

    {

        fixed (byte* ptr = &byte_0[])

        {

        }

    }

    else

    {

        ptr = null;

    }

    uint* ptr2 = (uint*)ptr;

    for (int i = ; i < this.intptr_0.Length; i++)

    {

        uint uint_ = ptr2[i];

        IntPtr intPtr = new IntPtr((long)((ulong)Class247.smethod_0(uint_, b)));

        this.intptr_0[i] = intPtr;

        b = ((b + ) ?? );

    }

    ptr = null;

    this.method_0(intptr_1);

}

method0方法在对struct106_0 进行赋值

if (ptr4 != null)

    {

        this.struct106_0 = *(Struct106*)ptr4;

    }
// ns25.Class247

// Token: 0x0600198F RID: 6543 RVA: 0x000DAE44 File Offset: 0x000D9044

internal unsafe void method_0(IntPtr intptr_1)

{

    IntPtr[] array = new IntPtr[this.intptr_0.Length];

    this.intptr_0.CopyTo(array, );

    ArraySegment<IntPtr> arraySegment_;

    ArraySegment<IntPtr> arraySegment_2;

    this.method_4(array, out arraySegment_, out arraySegment_2);

    for (int i = arraySegment_.Offset; i < arraySegment_.Count; i++)

    {

        if (arraySegment_.Array[i].ToInt32() > )

        {

            array[i] = array[i] -  + intptr_1.ToInt32();

        }

    }

    IntPtr[] array2;

    IntPtr* ptr;

    if ((array2 = this.method_2<IntPtr>(arraySegment_)) != null && array2.Length != )

    {

        fixed (IntPtr* ptr = &array2[])

        {

        }

    }

    else

    {

        ptr = null;

    }

    byte* ptr2 = (byte*)ptr;

    if (ptr2 != null)

    {

        this.struct105_0 = *(Struct105*)ptr2;

    }

    ptr = null;

    IntPtr* ptr3;

    if ((array2 = this.method_2<IntPtr>(arraySegment_2)) != null && array2.Length != )

    {

        fixed (IntPtr* ptr3 = &array2[])

        {

        }

    }

    else

    {

        ptr3 = null;

    }

    byte* ptr4 = (byte*)ptr3;

    if (ptr4 != null)

    {

        this.struct106_0 = *(Struct106*)ptr4;

    }

    ptr3 = null;

}

所以之前的工作原理,是从服务器获取mono的偏移地址,然后进行后续操作的。

HearthBuddy的class276以及class247的更多相关文章

  1. hearthbuddy中的Class276

    构造函数 需要注意的是this.intptr_0 = this.method_18("mono.dll"); 所以,这个类里面的操作,最后是和mono.dll相关的 interna ...

  2. HearthBuddy中的class276中的地址对应

    2019年09月的 intptr_0 = method_18("mono.dll"); intptr_31 = intptr_0 + 522030; intptr_28 = int ...

  3. HearthBuddy的plugin加载

    // Hearthbuddy.Windows.MainWindow // Token: 0x060001FF RID: 511 RVA: 0x0008951C File Offset: 0x00087 ...

  4. HearthBuddy炉石兄弟 Method 'CollectionDeckBoxVisual.IsValid' not found.

    [CollectionManagerScene_COLLECTION] An exception occurred when calling CacheCustomDecks: System.Miss ...

  5. HearthBuddy 第一次调试

    HearthBuddy https://www.jiligame.com/70639.html 解压缩包,打开hearthbuddy.exe直接运行就可以:不用替换mono.dll直接可用:不需要校验 ...

  6. HearthBuddy修改系统时间

    将以下代码保存在.bat文件,然后用管理员权限运行 pushd "%~dp0" #下面修改时间,根据操作系统的语言不同,会有不同的格式,比如2019-10-26date 10/26 ...

  7. HearthBuddy Ai调试实战1-->出牌的时候,少召唤了图腾就结束回合

    期望通过ai的调试,来搞明白出牌的逻辑. 55是投火无面者63是恐狼前锋34是风怒36是自动漩涡打击装置13是空灵召唤者, "LocStringZhCn": "<b ...

  8. HearthBuddy 日志模块

    // Triton.Common.LogUtilities.CustomLogger // Token: 0x04000BD8 RID: 3032 private Level level_0 = Le ...

  9. HearthBuddy炉石兄弟 如何调试ai

    Sepefeets's update to botmaker's Silverfish AI This AI is a Custom Class for Hearthranger and Hearth ...

随机推荐

  1. redis3集群管理

    以下操作基于redis3.X版本:Redis集群存储原理:Redis 集群使用数据分片(sharding),而非一致性哈希(consistency hashing)来实现,一个 Redis 集群包含 ...

  2. Python学习日记(二十五) 接口类、抽象类、多态

    接口类 继承有两种用途:继承基类的方法,并且做出自己的改变或扩展(代码重用)和声明某个子类兼容于某基类,定义一个接口类interface,接口类中定义了一些接口名(就是函数名)且并未实现接口的功能,子 ...

  3. 【MySql】Explain笔记

    Explain -- 使用 Explain + SQL 分析执行计划: id:表示此表的执行优先级 id相同,表的执行顺序依次从上往下:                id不同,并且递增,id值越大执 ...

  4. 前后端分离架构:Web实现前后端分离,前后端解耦

    一.前言 ”前后端分离“已经成为互联网项目开发的业界标杆,通过Tomcat+Ngnix(也可以中间有个Node.js),有效地进行解耦.并且前后端分离会为以后的大型分布式架构.弹性计算架构.微服务架构 ...

  5. [openssl][nginx] 使用openssl模拟ssl/tls客户端测试nginx stream

    一 server的配置 nginx # cat conf/nginx.conf daemon off; events { debug_connection ; } stream { upstream ...

  6. 【HICP Gauss】数据库 升级迁移维护-2

    DM-Data Manager 集群管理web工具 数据库升级 1.检查版本 依次升级.升级前全备数据 2.磁盘空间不小于表预留空间 3. 确保数据库对包有一定权限 4.升级后正常启停 python ...

  7. 后台将数据传回前台的三种绑定的方式(Model,Map.ModelAndView)

    //方式1:通过model 将数据绑定 @RequestMapping(value = "findByIdModel", method = RequestMethod.GET) p ...

  8. Python函数的基本使用

    在编程中,无论使用什么 编程语言,函数的使用都是非常广泛的,函数能够完成特定的功能,降低编程的难度和代码重用. 1.函数的定义: 函数是一段具有特定功能的.可重用的语句组,用函数名来表示并通过函数名进 ...

  9. netty: 以默认的ByteBuf作为传输数据

    client部分代码: //线程 EventLoopGroup worker = new NioEventLoopGroup(); //辅助类 Bootstrap b = new Bootstrap( ...

  10. usa单位换算

    1.温度换算 摄氏度    C = 5/9(F-32) ≍ (F-32)/1.8 (F为华氏温度值) 华氏度   F = 1.8C + 32 (C为摄氏温度值) 3.重量换算 1品脱(pint) ≍ ...