这个游戏已经很老了,偶尔翻到,竟然玩不了通关了! 主要是游戏里就给了青蛙不够啊,只有3只,如果有无限的青蛙多好啊。
只需要按一下按键,比较,F8,就增加多少青蛙,就要这样的程序。
就想现效果,首先要实现键盘鼠标勾子。MouseKeyboardActivityMonitor 这是一组开源的代码,不知道作者是谁,在网上下载的,没在里面找到作者信息,感谢它的作者,提供了很好的实现键盘鼠标勾子的方法。
新建项目,直接把MouseKeyboardActivityMonitorl加到项目里,再加一个form,添加一个文本框,文本框里就用来要增加的生命增,比如按一下F8,就增加200条生命。
现在就要找出青蛙数量的内存地址了。用CheatEngine(不会用的百度吧,非常好用,想在内存中修改游戏或程序的什么内容,用它很方便),在我的win 7环境下,找到了 private static int BaseAddress = 0x18fddc; //祖玛豪华完全版 内存基址 ,win 10 10下 基址是 0019FDD4,在我的电脑上是这样,版本不同,可能结果并不一定一样。经过几次测试,青蛙数量的保存位置在基址+0xC0处。那么如何读写内存地址内容呢?请看下面。
[DllImportAttribute("kernel32.dll", EntryPoint = "ReadProcessMemory")]
public static extern bool ReadProcessMemory
(
IntPtr hProcess,
IntPtr lpBaseAddress,
IntPtr lpBuffer,
int nSize,
IntPtr lpNumberOfBytesRead
);
[DllImportAttribute("kernel32.dll", EntryPoint = "OpenProcess")]
public static extern IntPtr OpenProcess
(
int dwDesiredAccess,
bool bInheritHandle,
int dwProcessId
);
[DllImport("kernel32.dll")]
private static extern void CloseHandle
(
IntPtr hObject
);
//写内存
[DllImportAttribute("kernel32.dll", EntryPoint = "WriteProcessMemory")]
public static extern bool WriteProcessMemory
(
IntPtr hProcess,
IntPtr lpBaseAddress,
int[] lpBuffer,
int nSize,
IntPtr lpNumberOfBytesWritten
);
//获取窗体的进程标识ID
public static int GetPid(string windowTitle)
{
int rs = 0;
Process[] arrayProcess = Process.GetProcesses();
foreach (Process p in arrayProcess)
{
if (p.MainWindowTitle.IndexOf(windowTitle) != -1)
{
rs = p.Id;
break;
}
}
return rs;
}
//根据进程名获取PID
public static int GetPidByProcessName(string processName)
{
Process[] arrayProcess = Process.GetProcessesByName(processName);
foreach (Process p in arrayProcess)
{
return p.Id;
}
return 0;
}
//根据进程名获取绝对路径
public static string GetPathByProcessName(string processName)
{
Process[] arrayProcess = Process.GetProcessesByName(processName);
foreach (Process p in arrayProcess)
{
return p.MainModule.FileName.ToString();
}
return "";
}
//根据窗体标题查找窗口句柄(支持模糊匹配)
public static IntPtr FindWindow(string title)
{
Process[] ps = Process.GetProcesses();
foreach (Process p in ps)
{
if (p.MainWindowTitle.IndexOf(title) != -1)
{
return p.MainWindowHandle;
}
}
return IntPtr.Zero;
}
//读取内存中的值
public static int ReadMemoryValue(int baseAddress, string processName)
{
try
{
byte[] buffer = new byte[4];
IntPtr byteAddress = Marshal.UnsafeAddrOfPinnedArrayElement(buffer, 0); //获取缓冲区地址
IntPtr hProcess = OpenProcess(0x1F0FFF, false, GetPidByProcessName(processName));
ReadProcessMemory(hProcess, (IntPtr)baseAddress, byteAddress, 4, IntPtr.Zero); //将制定内存中的值读入缓冲区
CloseHandle(hProcess);
return Marshal.ReadInt32(byteAddress);
}
catch
{
return 0;
}
}
/// <summary>
/// 将值写入指定内存地址中
/// </summary>
/// <param name="baseAddress">地址</param>
/// <param name="processName">进程名</param>
/// <param name="value"></param>
public static void WriteMemoryValue(int baseAddress, string processName, int value)
{
IntPtr hProcess = OpenProcess(0x1F0FFF, false, GetPidByProcessName(processName)); //0x1F0FFF 最高权限
WriteProcessMemory(hProcess, (IntPtr)baseAddress, new[] { value }, 4, IntPtr.Zero);
CloseHandle(hProcess);
}
有了这些函数,剩下的就易如反掌了。