C#读写内存也不差!(发布C#编写的<植物大战僵尸>作弊器源码)
最近闲来无事发现周围的朋友都在玩《植物大战僵尸》的游戏!于是动了制作这游戏工具的念头!虽然在网上同类工具很多 但是用C#写的我几乎看不到!所以我想用C#写一个!
首先用CE或者OD或者其他反汇编工具找出游戏的内存基址!
游戏内存基址:base = 0x006A9EC0
游戏阳光地址:[base+0x768]+0x5560
游戏金钱地址:[base+0x82C]+0x28
游戏关卡地址:[base+0x82C]+0x24 //关卡如:A-B 实际值为:(A-1)×10+B
至于如何获取这些地址不在我们这论坛研究的范围中!
对了我是用工具vs2008编写的!
新建窗体:
- C# code
using System;using System.Drawing;using System.Text;using System.Windows.Forms;namespace PlantsVsZombiesTool{ /// <summary> /// /// </summary> public partial class Form1 : Form { public Form1() { InitializeComponent(); } private void Form1_Load(object sender, EventArgs e) { } //启动无线阳光 private void btnGet_Click(object sender, EventArgs e) { if (Helper.GetPidByProcessName(processName) == 0) { MessageBox.Show("哥们启用之前游戏总该运行吧!"); return; } if (btnGet.Text == "启用-阳光无限") { timer1.Enabled = true; btnGet.Text = "关闭-阳光无限"; } else { timer1.Enabled = false; btnGet.Text = "启用-阳光无限"; } } private void timer1_Tick(object sender, EventArgs e) { if (Helper.GetPidByProcessName(processName) == 0) { timer1.Enabled = false; btnGet.Text = "启用-阳光无限"; } int address = ReadMemoryValue(baseAddress); //读取基址(该地址不会改变) address = address + 0x768; //获取2级地址 address = ReadMemoryValue(address); address = address + 0x5560; //获取存放阳光数值的地址 WriteMemory(address, 0x1869F); //写入数据到地址(0x1869F表示99999) timer1.Interval = 1000; } //启动无线金钱 private void btnMoney_Click(object sender, EventArgs e) { if (Helper.GetPidByProcessName(processName) == 0) { MessageBox.Show("哥们启用之前游戏总该运行吧!"); return; } if (btnMoney.Text == "启用-金钱无限") { timer2.Enabled = true; btnMoney.Text = "关闭-金钱无限"; } else { timer2.Enabled = false; btnMoney.Text = "启用-金钱无限"; } } private void timer2_Tick(object sender, EventArgs e) { if (Helper.GetPidByProcessName(processName) == 0) { timer2.Enabled = false; btnMoney.Text = "启用-金钱无限"; } int address = ReadMemoryValue(baseAddress); //读取基址(该地址不会改变) address = address + 0x82C; //获取2级地址 address = ReadMemoryValue(address); address = address + 0x28; //得到金钱地址 WriteMemory(address, 0x1869F); //写入数据到地址(0x1869F表示99999) timer2.Interval = 1000; } private void btnGo_Click(object sender, EventArgs e) { if (Helper.GetPidByProcessName(processName) == 0) { MessageBox.Show("哥们启用之前游戏总该运行吧!"); return; } int address = ReadMemoryValue(baseAddress); //读取基址(该地址不会改变) address = address + 0x82C; //获取2级地址 address = ReadMemoryValue(address); address = address + 0x24; int lev = 1; try { lev = int.Parse(txtLev.Text.Trim()); } catch { MessageBox.Show("输入的关卡格式不真确!默认设置为1"); } WriteMemory(address, lev); } //读取制定内存中的值 public int ReadMemoryValue(int baseAdd) { return Helper.ReadMemoryValue(baseAdd, processName); } //将值写入指定内存中 public void WriteMemory(int baseAdd, int value) { Helper.WriteMemoryValue(baseAdd, processName, value); } private int baseAddress = 0x006A9EC0; //游戏内存基址 private string processName = "PlantsVsZombies"; //游戏进程名字 }}
下面这个类是整个工具的核心
- C# code
using System;using System.Text;using System.Diagnostics;using System.Runtime.InteropServices;namespace PlantsVsZombiesTool{ public abstract class Helper { [DllImportAttribute("kernel32.dll", EntryPoint = "ReadProcessMemory")] public static extern bool ReadProcessMemory ( IntPtr hProcess, IntPtr lpBaseAddress, IntPtr lpBuffer, int nSize, IntPtr lpNumberOfBytesRead ); [DllImportAttribute("kernel32.dll", EntryPoint = "OpenProcess")] public static extern IntPtr OpenProcess ( int dwDesiredAccess, bool bInheritHandle, int dwProcessId ); [DllImport("kernel32.dll")] private static extern void CloseHandle ( IntPtr hObject ); //写内存 [DllImportAttribute("kernel32.dll", EntryPoint = "WriteProcessMemory")] public static extern bool WriteProcessMemory ( IntPtr hProcess, IntPtr lpBaseAddress, int[] lpBuffer, int nSize, IntPtr lpNumberOfBytesWritten ); //获取窗体的进程标识ID public static int GetPid(string windowTitle) { int rs = 0; Process[] arrayProcess = Process.GetProcesses(); foreach (Process p in arrayProcess) { if (p.MainWindowTitle.IndexOf(windowTitle) != -1) { rs = p.Id; break; } } return rs; } //根据进程名获取PID public static int GetPidByProcessName(string processName) { Process[] arrayProcess = Process.GetProcessesByName(processName); foreach (Process p in arrayProcess) { return p.Id; } return 0; } //根据窗体标题查找窗口句柄(支持模糊匹配) public static IntPtr FindWindow(string title) { Process[] ps = Process.GetProcesses(); foreach (Process p in ps) { if (p.MainWindowTitle.IndexOf(title) != -1) { return p.MainWindowHandle; } } return IntPtr.Zero; } //读取内存中的值 public static int ReadMemoryValue(int baseAddress,string processName) { try { byte[] buffer = new byte[4]; IntPtr byteAddress = Marshal.UnsafeAddrOfPinnedArrayElement(buffer, 0); //获取缓冲区地址 IntPtr hProcess = OpenProcess(0x1F0FFF, false, GetPidByProcessName(processName)); ReadProcessMemory(hProcess, (IntPtr)baseAddress, byteAddress, 4, IntPtr.Zero); //将制定内存中的值读入缓冲区 CloseHandle(hProcess); return Marshal.ReadInt32(byteAddress); } catch { return 0; } } //将值写入指定内存地址中 public static void WriteMemoryValue(int baseAddress, string processName, int value) { IntPtr hProcess = OpenProcess(0x1F0FFF, false, GetPidByProcessName(processName)); //0x1F0FFF 最高权限 WriteProcessMemory(hProcess, (IntPtr)baseAddress, new int[] { value }, 4, IntPtr.Zero); CloseHandle(hProcess); } }}[解决办法]
哥们儿 真强.........
[解决办法]
哥们真强。我要学习下
------解决方案--------------------
不错, 看看支持
[解决办法]
兄弟,你太强悍了!
回家试试的你代码。看看“无尽版”能打到多少!
[解决办法]
兄弟,你太强悍了!
回复内容太短了!
[解决办法]
[解决办法]
支持, 接分。
[解决办法]
果然强,都是人才啊,我怎么没有想到呢。
[解决办法]
现在需要几个字呢?
回复内容太短了!
[解决办法]
很强很经典。很好很diy
[解决办法]
全是调用WinAPI的。。。赞一个!
[解决办法]
最近哥在写视频程序。也用到了很多底层资源的访问。感觉c#还是有点肉。不如c++来的方便。
[解决办法]
呵呵,我手上还有自己那时候玩传奇SF的时,写的VB6外挂代码.
也都是调API在完成.有时间也修改成C#版.
需要一些脱壳,反汇编的知识.
[解决办法]
mark!
回复内容太短了!
[解决办法]
mark!
[解决办法]
强人!!!!!!!!!!!
[解决办法]
2010-02-092010-02-092010-02-092010-02-09
[解决办法]
up^^^^^^^^^^^^^^^^^^^^^
[解决办法]
我没用工具,生存无尽版打到48关
[解决办法]
好东西,收藏了