在MIR实现封任何加速辅助工具原理

原作者：BLUE封变速就是从/check speedhack 这个命令想出来的，加了几个跳转就OK了，
这个功能可以个盛大的媲~~~~~~~ ：）

dedecms.com

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00467794(U)
|
:004674C0 A110434A00              mov eax, dword ptr [004A4310]
:004674C5 8B00                    mov eax, dword ptr [eax]
:004674C7 668B0DBC754600          mov cx, word ptr [004675BC]

* Possible StringData Ref from Data Obj ->"【抵制不良辅助工具,拒绝变速程序】【合理调用辅助工具,快"
                                        ->"乐自在其中】"
                                  |
:004674CE BAC8754600              mov edx, 004675C8
:004674D3 E818F90100              call 00486DF0
:004674D8 A1887D4F00              mov eax, dword ptr [004F7D88]
:004674DD E8DA90FDFF              call 004405BC

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004674BE(C)
|
:004674E2 803D7B944F0000          cmp byte ptr [004F947B], 00
:004674E9 E998000000              jmp 00467586
dedecms.com

上面是用了加速后跳出来的“窗口” dedecms.com

窗口：->"【抵制不良辅助工具,拒绝变速程序】【合理调用辅助工具,快乐自在其中】"  ：）

关键就是写个判断~~~~~用加速的就跳上面的代码段，踢出去，否则正常，

实现的功能代码：

dedecms.com

* Referenced by a CALL at Addresses:
|:00467AC5   , :004689F1  
|
:00467718 55                      push ebp
:00467719 8BEC                    mov ebp, esp
:0046771B B904000000              mov ecx, 00000004

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00467725(C)
|
:00467720 6A00                    push 00000000
:00467722 6A00                    push 00000000
:00467724 49                      dec ecx
:00467725 75F9                    jne 00467720
:00467727 51                      push ecx
:00467728 8955F8                  mov dword ptr [ebp-08], edx
:0046772B 8945FC                  mov dword ptr [ebp-04], eax
:0046772E 33C0                    xor eax, eax
:00467730 55                      push ebp
:00467731 6879784600              push 00467879
:00467736 64FF30                  push dword ptr fs:[eax]
:00467739 648920                  mov dword ptr fs:[eax], esp
:0046773C 833D38924F0000          cmp dword ptr [004F9238], 00000000
:00467743 0F8603010000            jbe 0046784C

* Reference T kernel32.GetTickCount, Ord:0000h
                                  |
:00467749 E806EAF9FF              Call 00406154
:0046774E 2B053C924F00            sub eax, dword ptr [004F923C]
:00467754 3D80EE3600              cmp eax, 0036EE80
:00467759 7612                    jbe 0046776D
:0046775B 8B45F8                  mov eax, dword ptr [ebp-08]
:0046775E A338924F00              mov dword ptr [004F9238], eax

* Reference T kernel32.GetTickCount, Ord:0000h
                                  |
:00467763 E8ECE9F9FF              Call 00406154
:00467768 A33C924F00              mov dword ptr [004F923C], eax

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00467759(C)
|

* Reference T kernel32.GetTickCount, Ord:0000h
                                  |
:0046776D E8E2E9F9FF              Call 00406154
:00467772 2B053C924F00            sub eax, dword ptr [004F923C]
:00467778 8945F4                  mov dword ptr [ebp-0C], eax
:0046777B 8B45F8                  mov eax, dword ptr [ebp-08]
:0046777E 2B0538924F00            sub eax, dword ptr [004F9238]
:00467784 8945F0                  mov dword ptr [ebp-10], eax
:00467787 8B45F0                  mov eax, dword ptr [ebp-10]
:0046778A 05B80B0000              add eax, 00000BB8
:0046778F 3B45F4                  cmp eax, dword ptr [ebp-0C]    ----   上面代码是验证是否加速的（监视人物的每个动作，如走、跑、砍=====）
:00467792 7D40                    jge 004677D4   -------  正常去~~~~
:00467794 E927FDFFFF              jmp 004674C0   ----   否则，跳封加速代码去  ：）
:00467799 90                      nop
:0046779A 833D40924F0005          cmp dword ptr [004F9240], 00000005
:004677A1 7E45                    jle 004677E8
:004677A3 8D45EC                  lea eax, dword ptr [ebp-14]

有时间好好写个注释  ：）

实际测试接近完美~~~~在普通MIR该的，带脚步声~~~~