Cs修改器(部分功能)

最新推荐文章于 2024-04-10 16:25:49 发布
最新推荐文章于 2024-04-10 16:25:49 发布
阅读量1.1k 收藏 1
点赞数
分类专栏: 游戏辅助 文章标签: 算法 c++ c语言 安全
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/m0_62690279/article/details/127234839
版权

文章目录

各个函数解析

这是我根据b站上面的视频使用ce初步修改,自己用vs2022用c语言实现的,完成了其中的部分功能
在自己的电脑上完美运行,不知道其他的怎么样

main()

int main()
{
	int *base1 = (int*)0x2433240;							//所有人的子弹基址
	int *base2 = (int*)0x25069bc;							//自己的子弹基址
	int *bblood = (int*)0x204ba020;						//血基址
	int* bloodadd = (int*)0x1ff8a020;
	int myp = 0x2040fbc8;											//僵直
	DWORD csid = 0;
	csid = GetPid();
	//printf("%d\n", csid);

	int choice = 0;
	int flag = 0;								//flag用来存放是否修改(1修改,0恢复)
	int yon;				//是否继续修改



	while (1)
	{
		printf("\n是否继续修改?(1|0)\n");
		scanf("%d", &yon);
		if (yon == 1)
		{

		}
		else
		{
			printf("\n\n\n\n+++++++++++++++感谢使用++++++++++++++++\n\n\n\n");
			
			return 0;
		}
		
		printf("1:所有人无限子弹\n\n2:自己无限子弹\n\n3:血量999999(开启此项功能后控制台无反应,关闭控制台效果结束)\n\n4:无限金币\n\n5:被击中不减速(无效果请刷新游戏)\n\n6:稳定的射击\n\n7:手枪连发\n\n");
		printf("\n\n\n+++++++++++++++++++++++++++++++请输入想要达到效果前面的号码,格式:<效果> <1|0> +++++++++++++++++++++++++++++++\n");
		scanf("%d", &choice);
		scanf("%d", &flag);
		if (choice == 1)
		{
			Bullet(flag, csid, base1);
		}
		else if (choice == 2)
		{
			Bullet(flag, csid, base2);
		}
		else if (choice == 3)
		{

			Blood(flag, csid, bloodadd);
			
		}
		else if (choice == 4)
		{
			Mymoney(flag, csid, base2);
		}
		else if (choice == 5)
		{
			Speed(flag,csid, base1, myp);
		}
		else if (choice == 6)
		{
			StableShooting(flag,csid, base2);
		}
		else if (choice == 7)
		{
			ShortGun(flag,csid);
		}
		else
		{
			printf("Input error");
		}

		

	}

	return 0;
}

GetPid()

DWORD GetPid()
{
	DWORD pid = 0;
	HWND hcs = 0;
	hcs = FindWindow(NULL, L"Counter-Strike");	//第一个参数是窗口的类型,vs的spy++可以查询,第二个参数是窗口的名称)
	//printf("%d\n", hcs);
	if (hcs != 0)
	{
		GetWindowThreadProcessId(hcs, &pid);	//通过FindWindow返回的窗口的句柄来获取Pid

	}
	else
	{
		printf("please open cs\n");
		return 0;
	}
	return pid;




}

无限子弹

这一块可以修改所有人的子弹数和自己的子弹数

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-n6WTRlpR-1665196226378)(C:\Users\春\AppData\Roaming\Typora\typora-user-images\image-20221008092341153.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-tYeuA3pT-1665196226380)(C:\Users\春\AppData\Roaming\Typora\typora-user-images\image-20221008092356542.png)]样的

下面的代码是根据在ce中找到的多层偏移地址,通过ReadProcessMemory() 和 WriteProcessMemory() ,对存放子弹的内存空间修改,将子弹数设置为999

也可以通过修改汇编代码实现真正的子弹数不减少,但在内存中每把枪都有自己的空间,需要一个一个进行修改,创建一个专门的函数即可)

void Bullet(int flag,DWORD pid,int *base)
{
	//int buadd = 0x2038151f;
	//Patch(buadd, pid);


	DWORD oldprotect;
	

	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
	
	int base2 =0;
	int base3 = 0;
	int base4 = 0;
	int base5 = 0;
	int s1 = ReadProcessMemory(hPro, (LPCVOID)base, &base2, 4, NULL);
	int t1 = GetLastError();
	if (s1 == 0)
	{
		printf("ReadProcessMemory Error1\n");
		
	}

	int s2 = ReadProcessMemory(hPro, (LPCVOID)(base2+0x7c), &base3, 4, NULL);
	int t2 = GetLastError();
	if (s2 == 0)
	{
		printf("ReadProcessMemory Error2\n");

	}

	int s3 = ReadProcessMemory(hPro, (LPCVOID)(base3 +0x5ec), &base4, 4, NULL);
	int t3 = GetLastError();
	if (s3 == 0)
	{
		printf("ReadProcessMemory Error3\n");

	}

	int s4 = ReadProcessMemory(hPro, (LPCVOID)(base4 + 0xcc), &base5, 4, NULL);
	int t4 = GetLastError();
	if (s4 == 0)
	{
		printf("ReadProcessMemory Error4\n");

	}






	int address = base4+0xcc;
	int nbullet = 999;
	//DWORD NumberOfByteRead;

	if (flag == 0)
	{
		nbullet = 30;
	}

	if (hPro == 0)
	{
		printf("false to get process PID\n");
		return;
	}
	VirtualProtectEx(hPro, (LPVOID)address, 10, PAGE_READWRITE, &oldprotect);
	int a = GetLastError();
	
	int write = WriteProcessMemory(hPro, (LPVOID)address, &nbullet, 2, NULL);
	if (write == 0)
	{
		printf("falied to WriteProcessMemory\n");
		int b = GetLastError();
		return ;
	}



}

无限血

通过偏移地址的跟踪找到血量的内存地址并将该地址一直写入255

该方法的缺点是,只有关闭修改器才可以停止修改

int Blood(int flag,DWORD pid,int *base)
{



	DWORD NumberOfByteRead;
	DWORD oldprotect;
	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
	
	int base2 = 0;
	int base3 = 0;

	float base4 = 0;

	int s1 = ReadProcessMemory(hPro, (LPCVOID)base, &base2, 4, NULL);							
	int t1 = GetLastError();
	if (s1 == 0)
	{
		printf("Blood ReadProcessMemory Error1\n");

	}

	int s2 = ReadProcessMemory(hPro, (LPCVOID)(base2+0x2eb0), &base3, 4, NULL);						//偏移2e60
	int t2 = GetLastError();
	if (s2 == 0)
	{
		printf("Blood ReadProcessMemory Error2\n");

	}

	int s3 = ReadProcessMemory(hPro, (LPCVOID)(base3+0x160), &base4, 4, NULL);
	int t3 = GetLastError();
	if (s3 == 0)
	{
		printf("Blood ReadProcessMemory Error3\n");

	}





	int add = base3 + 0x160;
	long time = 0;
	int seconds;

	VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
	int a = GetLastError();

	/*printf("how many time do you want to matain HP(minute): ");
	scanf("%d", &seconds);
	time = seconds * 1000;*/
	


	float blood = 255;


	while (1)
	{
		if (flag == 0)
		{
			blood = 100;
			
		}
		int write = WriteProcessMemory(hPro, (LPVOID)add, &blood, 4, NULL);
		if (write == 0)
		{
			printf("falied to WriteProcessMemory Blood\n");
			int b = GetLastError();
			return 0;
			if (seconds <= 0)
			{
				return 0;
			}


		}
	}
	//基址切换的情况
	if (s1 == 0 || s2 == 0 || s3 == 0)
	{
		return 0;
	}
	else
	{
		return 1;
	}

	
}

无限金币

打补丁修改汇编

void Mymoney(int flag,DWORD pid, int* base)
{




	int madd = 0x2041365f;
	int madd1 = 0x1fee365f;
	//base = (int*)madd;

	if (flag == 0)
	{
		int madd1 = madd + 0x4;
		HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
		int patch1 = 0x01cc8e89;
		int patch2 = 0x0000;
		VirtualProtectEx(hPro, (LPVOID)madd, 10, PAGE_READWRITE, tmp);
		int write1 = WriteProcessMemory(hPro, (LPVOID)madd, &patch1, 4, NULL);
		int write2 = WriteProcessMemory(hPro, (LPVOID)madd1, &patch2, 2, NULL);
		printf("\nBingo\n");
	}
	else
	{
		Patch(madd, pid);
		Patch(madd1, pid);
	}
	



}

Patch()

用于修改填充六个字节NULL的补丁

void Patch(int add,DWORD pid)
{
	int add2 = add + 0x4;
	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
	int patch1 = 0x90909090;
	int patch2 = 0x9090;
	VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, tmp);
	int write1 = WriteProcessMemory(hPro, (LPVOID)add, &patch1, 4, NULL);
	int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &patch2, 2, NULL);
	printf("\nBingo\n");
}

无僵直

void Speed(int flag,DWORD pid, int* base,int myp)
{
	//DWORD NumberOfByteRead;
	DWORD oldprotect;
	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);


	int base2 = 0;
	int base3 = 0;
	float base4 = 0;
	int sbase = 0x25069bc,sbase1 = 0,sbase2 = 0;						//判断是否改写了速度,通过这几个变量偏移读取speedadd

	int add = myp;
	int add2 = myp+0x4;
	int add3 = add2 + 0x4;
	int speed = 0x90909090;
	int speed2 = 0x90909090;
	int speed3 = 0x9090;
	int sadd = 0;								//速度的地址(变化)
	if (flag == 0)
	{
		speed = 0x01b085c7;
		speed2 = 0x00000000; 
		speed3 = 0x00003f00;
		VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
		int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
		int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
		int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
	}
	else
	{
		VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
		int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
		int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
		int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
		//步枪修复
		int myp2 = myp - 0x53;
		int sbyte = 0x51eb;
		VirtualProtectEx(hPro, (LPVOID)myp2, 10, PAGE_READWRITE, &oldprotect);
		int write4 = WriteProcessMemory(hPro, (LPVOID)myp2, &sbyte, 2, NULL);
	}

	//基址变化
	myp = 0x1fd3fbc8;
	 add = myp;
	 add2 = myp + 0x4;
	 add3 = add2 + 0x4;
	 sadd = 0;								//速度的地址(变化)
	if (flag == 0)
	{
		speed = 0x01b085c7;
		speed2 = 0x00000000;
		speed3 = 0x00003f00;
		VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
		int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
		int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
		int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
	}
	else
	{
		VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
		int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
		int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
		int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
		//步枪修复
		int myp2 = myp - 0x53;
		int sbyte = 0x51eb;
		VirtualProtectEx(hPro, (LPVOID)myp2, 10, PAGE_READWRITE, &oldprotect);
		int write4 = WriteProcessMemory(hPro, (LPVOID)myp2, &sbyte, 2, NULL);
	}
	return ;
}

稳定射击

void StableShooting(int flag,DWORD pid, int* base)
{

	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);


	//后坐力地址
	int mp5add = 0x2038a9b9;			//mp5
	int akadd = 0x20381479;				//AK
	int sgadd = 0x2038cad9;				//sg552
	int augadd = 0x20381e99;			//aug
	int m4add = 0x20389cb9;				//m4a1
	int tmpadd = 0x2038d8f9;			///tmp冲锋枪
	int p90add = 0x2038b66e;			//p90
	int macadd = 0x2038a3b9;			//mac冲锋枪
	int m249add = 0x20388d39;			//m249
	//int eliteadd = 0x20383dce;			//双枪
	//int deagleadd = 0x20383740;			//沙漠之鹰
	//int p228add = 0x2038b090;			//p228
	//int uspadd = 0x2038e7e0;			//usp
	//int gloadd = 0x20386b55;			//glock


	if (flag == 0)
	{
		Depatch1(mp5add, pid);
		Depatch1(akadd, pid);
		Depatch1(sgadd, pid);
		Depatch1(augadd, pid);
		Depatch1(m4add, pid);
		Depatch1(tmpadd, pid);
		Depatch1(p90add, pid);
		Depatch1(macadd, pid);
		Depatch1(m249add, pid);
	}
	else
	{
		Patch(mp5add, pid);
		Patch(akadd, pid);
		Patch(sgadd, pid);
		Patch(augadd, pid);
		Patch(m4add, pid);
		Patch(tmpadd, pid);
		Patch(p90add, pid);
		Patch(macadd, pid);
		Patch(m249add, pid);
		//Patch(eliteadd, pid);
		//Patch(deagleadd, pid);
		//Patch(p228add, pid);
		//Patch(uspadd, pid);
		//Patch(gloadd, pid);
		printf(" ");
	}

}

Depatch1

void Depatch1(int add, DWORD pid)
{
	int add2 = add + 0x4;
	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
	int patch1 = 0x0100ae89;
	int patch2 = 0000;
	VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, tmp);
	int write1 = WriteProcessMemory(hPro, (LPVOID)add, &patch1, 4, NULL);
	int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &patch2, 2, NULL);
	printf("\nBingo\n");

}

上面代码中修改手枪的调用不仅会减少手枪的后坐力,还会让手枪连发

每个武器的后坐力都是单独的,这也可以自己写代码完成部分武器的修改

手枪连发

void ShortGun(int flag,DWORD pid)
{



	int eliteadd = 0x20383dce;			//双枪
	int deagleadd = 0x20383740;			//沙漠之鹰
	int p228add = 0x2038b090;			//p228
	int uspadd = 0x2038e7e0;			//usp
	int gloadd = 0x20386b55;			//glock
	if (flag == 0)
	{
		Depatch(eliteadd, pid);
		Depatch(deagleadd, pid);
		Depatch(p228add, pid);
		Depatch(uspadd, pid);
		Depatch(gloadd, pid);
	}
	else
	{
		Patch(eliteadd, pid);
		Patch(deagleadd, pid);
		Patch(p228add, pid);
		Patch(uspadd, pid);
		Patch(gloadd, pid);
	}

	
}

Depatch

void Depatch(int add, DWORD pid)
{
	int add2 = add + 0x4;
	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
	int patch1 = 0x01009689;
	int patch2 = 0000;
	VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, tmp);
	int write1 = WriteProcessMemory(hPro, (LPVOID)add, &patch1, 4, NULL);
	int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &patch2, 2, NULL);
	printf("\nBingo\n");

}

源代码部分

// CS辅助.cpp : 此文件包含 "main" 函数。程序执行将在此处开始并结束。
//
#define _CRT_SECURE_NO_WARNINGS



#include <iostream>
#include <Windows.h>
PDWORD tmp;


void Patch(int add,DWORD pid)
{
	int add2 = add + 0x4;
	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
	int patch1 = 0x90909090;
	int patch2 = 0x9090;
	VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, tmp);
	int write1 = WriteProcessMemory(hPro, (LPVOID)add, &patch1, 4, NULL);
	int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &patch2, 2, NULL);
	printf("\nBingo\n");
}

void Depatch(int add, DWORD pid)
{
	int add2 = add + 0x4;
	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
	int patch1 = 0x01009689;
	int patch2 = 0000;
	VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, tmp);
	int write1 = WriteProcessMemory(hPro, (LPVOID)add, &patch1, 4, NULL);
	int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &patch2, 2, NULL);
	printf("\nBingo\n");

}

void Depatch1(int add, DWORD pid)
{
	int add2 = add + 0x4;
	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
	int patch1 = 0x0100ae89;
	int patch2 = 0000;
	VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, tmp);
	int write1 = WriteProcessMemory(hPro, (LPVOID)add, &patch1, 4, NULL);
	int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &patch2, 2, NULL);
	printf("\nBingo\n");

}




DWORD GetPid()
{
	DWORD pid = 0;
	HWND hcs = 0;
	hcs = FindWindow(NULL, L"Counter-Strike");
	//printf("%d\n", hcs);
	if (hcs != 0)
	{
		GetWindowThreadProcessId(hcs, &pid);

	}
	else
	{
		printf("please open cs\n");
		return 0;
	}
	return pid;




}


void ShortGun(int flag,DWORD pid)
{



	int eliteadd = 0x20383dce;			//双枪
	int deagleadd = 0x20383740;			//沙漠之鹰
	int p228add = 0x2038b090;			//p228
	int uspadd = 0x2038e7e0;			//usp
	int gloadd = 0x20386b55;			//glock
	if (flag == 0)
	{
		Depatch(eliteadd, pid);
		Depatch(deagleadd, pid);
		Depatch(p228add, pid);
		Depatch(uspadd, pid);
		Depatch(gloadd, pid);
	}
	else
	{
		Patch(eliteadd, pid);
		Patch(deagleadd, pid);
		Patch(p228add, pid);
		Patch(uspadd, pid);
		Patch(gloadd, pid);
	}

	
}


void StableShooting(int flag,DWORD pid, int* base)
{

	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);


	//后坐力地址
	int mp5add = 0x2038a9b9;			//mp5
	int akadd = 0x20381479;				//AK
	int sgadd = 0x2038cad9;				//sg552
	int augadd = 0x20381e99;			//aug
	int m4add = 0x20389cb9;				//m4a1
	int tmpadd = 0x2038d8f9;			///tmp冲锋枪
	int p90add = 0x2038b66e;			//p90
	int macadd = 0x2038a3b9;			//mac冲锋枪
	int m249add = 0x20388d39;			//m249
	//int eliteadd = 0x20383dce;			//双枪
	//int deagleadd = 0x20383740;			//沙漠之鹰
	//int p228add = 0x2038b090;			//p228
	//int uspadd = 0x2038e7e0;			//usp
	//int gloadd = 0x20386b55;			//glock


	if (flag == 0)
	{
		Depatch1(mp5add, pid);
		Depatch1(akadd, pid);
		Depatch1(sgadd, pid);
		Depatch1(augadd, pid);
		Depatch1(m4add, pid);
		Depatch1(tmpadd, pid);
		Depatch1(p90add, pid);
		Depatch1(macadd, pid);
		Depatch1(m249add, pid);
	}
	else
	{
		Patch(mp5add, pid);
		Patch(akadd, pid);
		Patch(sgadd, pid);
		Patch(augadd, pid);
		Patch(m4add, pid);
		Patch(tmpadd, pid);
		Patch(p90add, pid);
		Patch(macadd, pid);
		Patch(m249add, pid);
		//Patch(eliteadd, pid);
		//Patch(deagleadd, pid);
		//Patch(p228add, pid);
		//Patch(uspadd, pid);
		//Patch(gloadd, pid);
		printf(" ");
	}










}



void Speed(int flag,DWORD pid, int* base,int myp)
{
	//DWORD NumberOfByteRead;
	DWORD oldprotect;
	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);


	int base2 = 0;
	int base3 = 0;
	float base4 = 0;
	int sbase = 0x25069bc,sbase1 = 0,sbase2 = 0;						//判断是否改写了速度,通过这几个变量偏移读取speedadd

	int add = myp;
	int add2 = myp+0x4;
	int add3 = add2 + 0x4;
	int speed = 0x90909090;
	int speed2 = 0x90909090;
	int speed3 = 0x9090;
	int sadd = 0;								//速度的地址(变化)
	if (flag == 0)
	{
		speed = 0x01b085c7;
		speed2 = 0x00000000; 
		speed3 = 0x00003f00;
		VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
		int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
		int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
		int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
	}
	else
	{
		VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
		int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
		int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
		int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
		//步枪修复
		int myp2 = myp - 0x53;
		int sbyte = 0x51eb;
		VirtualProtectEx(hPro, (LPVOID)myp2, 10, PAGE_READWRITE, &oldprotect);
		int write4 = WriteProcessMemory(hPro, (LPVOID)myp2, &sbyte, 2, NULL);
	}

	//基址变化
	myp = 0x1fd3fbc8;
	 add = myp;
	 add2 = myp + 0x4;
	 add3 = add2 + 0x4;
	 sadd = 0;								//速度的地址(变化)
	if (flag == 0)
	{
		speed = 0x01b085c7;
		speed2 = 0x00000000;
		speed3 = 0x00003f00;
		VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
		int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
		int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
		int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
	}
	else
	{
		VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
		int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
		int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
		int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
		//步枪修复
		int myp2 = myp - 0x53;
		int sbyte = 0x51eb;
		VirtualProtectEx(hPro, (LPVOID)myp2, 10, PAGE_READWRITE, &oldprotect);
		int write4 = WriteProcessMemory(hPro, (LPVOID)myp2, &sbyte, 2, NULL);
	}
	return ;
}





int Blood(int flag,DWORD pid,int *base)
{



	//DWORD NumberOfByteRead;
	DWORD oldprotect;
	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
	
	int base2 = 0;
	int base3 = 0;

	float base4 = 0;

	int s1 = ReadProcessMemory(hPro, (LPCVOID)base, &base2, 4, NULL);							
	int t1 = GetLastError();
	if (s1 == 0)
	{
		printf("Blood ReadProcessMemory Error1\n");

	}

	int s2 = ReadProcessMemory(hPro, (LPCVOID)(base2+0x2eb0), &base3, 4, NULL);						//偏移2e60
	int t2 = GetLastError();
	if (s2 == 0)
	{
		printf("Blood ReadProcessMemory Error2\n");

	}

	int s3 = ReadProcessMemory(hPro, (LPCVOID)(base3+0x160), &base4, 4, NULL);
	int t3 = GetLastError();
	if (s3 == 0)
	{
		printf("Blood ReadProcessMemory Error3\n");

	}





	int add = base3 + 0x160;
	long time = 0;
	int seconds;

	VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
	int a = GetLastError();

	/*printf("how many time do you want to matain HP(minute): ");
	scanf("%d", &seconds);
	time = seconds * 1000;*/
	


	float blood = 255;
	if (flag == 0)
	{
		blood = 100;
		WriteProcessMemory(hPro, (LPVOID)add, &blood, 2, NULL);
		goto L1;
	}

	while (1)
	{

		int write = WriteProcessMemory(hPro, (LPVOID)add, &blood, 4, NULL);
		if (write == 0)
		{
			printf("falied to WriteProcessMemory Blood\n");
			int b = GetLastError();
			return 0;
			if (seconds <= 0)
			{
				return 0;
			}


		}
	}
	L1:
	//基址切换的情况
	if (s1 == 0 || s2 == 0 || s3 == 0)
	{
		return 0;
	}
	else
	{
		return 1;
	}
		
	

		
	
	
}

void Mymoney(int flag,DWORD pid, int* base)
{




	int madd = 0x2041365f;
	int madd1 = 0x1fee365f;
	//base = (int*)madd;

	if (flag == 0)
	{
		int madd1 = madd + 0x4;
		HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
		int patch1 = 0x01cc8e89;
		int patch2 = 0x0000;
		VirtualProtectEx(hPro, (LPVOID)madd, 10, PAGE_READWRITE, tmp);
		int write1 = WriteProcessMemory(hPro, (LPVOID)madd, &patch1, 4, NULL);
		int write2 = WriteProcessMemory(hPro, (LPVOID)madd1, &patch2, 2, NULL);
		printf("\nBingo\n");
	}
	else
	{
		Patch(madd, pid);
		Patch(madd1, pid);
	}
	

	//HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);



	//int base2 = 0;
	//int base3 = 0;
	//int base4 = 0;

	//int s1 = ReadProcessMemory(hPro, (LPCVOID)base, &base2, 4, NULL);
	//int t1 = GetLastError();
	//if (s1 == 0)
	//{
	//	printf("Money ReadProcessMemory Error1\n");
	//}

	//int s2 = ReadProcessMemory(hPro, (LPCVOID)(base2+0x7c), &base3, 4, NULL);
	//int t2 = GetLastError();
	//if (s2 == 0)
	//{
	//	printf("Money ReadProcessMemory Error2\n");
	//}

	//int s3 = ReadProcessMemory(hPro, (LPCVOID)(base3 + 0x1cc), &base4, 4, NULL);
	//int t3 = GetLastError();
	//if (s3 == 0)
	//{
	//	printf("Money ReadProcessMemory Error2\n");
	//}



	//int address = base3 + 0x1cc;
	//int mymoney =0;
	//int money = 16000;

	//VirtualProtectEx(hPro, (LPVOID)address, 10, PAGE_READWRITE, NULL);
	//int a = GetLastError();

	//while (mymoney != 16000)
	//{
	//	int write = WriteProcessMemory(hPro, (LPVOID)address, &money, 4, NULL);
	//	if (write == 0)
	//	{
	//		printf("falied to WriteProcessMemory Money\n");
	//		int b = GetLastError();
	//		return;
	//	}

	//}





}





void Bullet(int flag,DWORD pid,int *base)
{
	//int buadd = 0x2038151f;
	//Patch(buadd, pid);


	DWORD oldprotect;
	

	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
	
	int base2 =0;
	int base3 = 0;
	int base4 = 0;
	int base5 = 0;
	int s1 = ReadProcessMemory(hPro, (LPCVOID)base, &base2, 4, NULL);
	int t1 = GetLastError();
	if (s1 == 0)
	{
		printf("ReadProcessMemory Error1\n");
		
	}

	int s2 = ReadProcessMemory(hPro, (LPCVOID)(base2+0x7c), &base3, 4, NULL);
	int t2 = GetLastError();
	if (s2 == 0)
	{
		printf("ReadProcessMemory Error2\n");

	}

	int s3 = ReadProcessMemory(hPro, (LPCVOID)(base3 +0x5ec), &base4, 4, NULL);
	int t3 = GetLastError();
	if (s3 == 0)
	{
		printf("ReadProcessMemory Error3\n");

	}

	int s4 = ReadProcessMemory(hPro, (LPCVOID)(base4 + 0xcc), &base5, 4, NULL);
	int t4 = GetLastError();
	if (s4 == 0)
	{
		printf("ReadProcessMemory Error4\n");

	}






	int address = base4+0xcc;
	int nbullet = 999;
	//DWORD NumberOfByteRead;

	if (flag == 0)
	{
		nbullet = 30;
	}

	if (hPro == 0)
	{
		printf("false to get process PID\n");
		return;
	}
	VirtualProtectEx(hPro, (LPVOID)address, 10, PAGE_READWRITE, &oldprotect);
	int a = GetLastError();
	
	int write = WriteProcessMemory(hPro, (LPVOID)address, &nbullet, 2, NULL);
	if (write == 0)
	{
		printf("falied to WriteProcessMemory\n");
		int b = GetLastError();
		return ;
	}



}

int main()
{
	int *base1 = (int*)0x2433240;							//所有人的子弹基址
	int *base2 = (int*)0x25069bc;							//自己的子弹基址
	int *bblood = (int*)0x204ba020;						//血基址
	int* bloodadd = (int*)0x1ff8a020;
	int myp = 0x2040fbc8;											//僵直
	DWORD csid = 0;
	csid = GetPid();
	//printf("%d\n", csid);

	int choice = 0;
	int flag = 0;
	int yon;				//是否继续修改



	while (1)
	{
		printf("\n是否继续修改?(1|0)\n");
		scanf_s("%d", &yon);
		if (yon == 1)
		{

		}
		else
		{
			printf("\n\n\n\n+++++++++++++++感谢使用++++++++++++++++\n\n\n\n");
			
			return 0;
		}
		
		printf("1:所有人无限子弹\n\n2:自己无限子弹\n\n3:血量999999(开启此项功能后控制台无反应,关闭控制台效果结束)\n\n4:无限金币\n\n5:被击中不减速(无效果请刷新游戏)\n\n6:稳定的射击\n\n7:手枪连发\n\n");
		printf("\n\n\n+++++++++++++++++++++++++++++++请输入想要达到效果前面的号码,格式:<效果> <1|0> +++++++++++++++++++++++++++++++\n");
		scanf_s("%d", &choice);
		scanf_s("%d", &flag);
		if (choice == 1)
		{
			Bullet(flag, csid, base1);
		}
		else if (choice == 2)
		{
			Bullet(flag, csid, base2);
		}
		else if (choice == 3)
		{
			int sign = Blood(flag, csid, bblood);
			if (flag == 0)
			{
				Blood(flag, csid, bloodadd);
			}
		}
		else if (choice == 4)
		{
			Mymoney(flag, csid, base2);
		}
		else if (choice == 5)
		{
			Speed(flag,csid, base1, myp);
		}
		else if (choice == 6)
		{
			StableShooting(flag,csid, base2);
		}
		else if (choice == 7)
		{
			ShortGun(flag,csid);
		}
		else
		{
			printf("Input error");
		}

		

	}

	return 0;
}
Zsc_02
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 1
    评论
专栏目录
一、C++反作弊对抗实战 (基础篇 —— 10.作弊器原理剖析OpenGL实战篇之透视、地图高亮、防闪光弹、防烟雾弹)
Koma的主页
03-03 967
这里将以经典的FPS射击游戏CS1.6为例子,逐步探讨其中的原理与设计思路,让你能逐步理解这种在ring3层的各种对抗技巧。
CS5269替代AG9320方案应用规格书.pdf
11-24
CS5269AN是专为USB Type-C到HDMI 2.0b和VGA转换器设计的,支持最高4K@60Hz的视频输出,同时具备PD3.0(Power Delivery 3.0)支持,这意味着它可以处理更高的电源管理协议,确保设备在传输高清视频的同时,还能为...
CS贴图修改器
05-24
修改CS贴图和制作CS贴图
CS修改
清风牧羊
10-11 1410
http://forum1.games.sina.com.cn/cgi-bin/view.cgi?gid=27&fid=394&thread=85731&date=20051004http://www.qdigrp.com/qdisite/BBS/showtopic.asp?TOPIC_ID=43804&Forum_ID=18这个讲得也挺[好NVCOOL FX下载 http://www.mydri
CS1.6游戏逆向分析
最新发布
qq_62016430的博客
04-10 1099
通过CE观察金钱数的变化,找到控制金钱数的内存地址,通过不断的再次扫描留下数量较少的内存地址,之后逐一排查,最后将真正的内存地址的值修改后进行激活即可。在游戏CS1.6中,有许多的游戏模式,在爆破模式中,玩家可以通过游戏中的金钱来购买自己喜欢的枪支武器等,那么我们发现在游戏中,最初始状态的金钱数量为16000,而随着购买武器的数量逐渐变多,钱只会越来越少,直至用完,即在同一局游戏中,金钱总额为固定值即16000,我们我便想尝试通过逆向分析,使得游戏中金钱数额始终保持在16000,打消金钱焦虑。
CE修改CS1.6
qiuqiuit的专栏
02-02 1684
CE实现cs1.6无限手雷
CE-植物大战僵尸-子弹速度-豌豆射手
m0_59856804的博客
10-18 1455
CE-植物大战僵尸-子弹速度-豌豆射手
CS3A01微处理器的bootloader分析.pdf
09-25
调试功能是Bootloader的重要组成部分CS3A01的Bootloader通过UART接口提供简单调试功能,允许开发者在系统运行时检查和修改状态,这对于开发和调试嵌入式系统非常有用。此外,提供的扩展功能接口允许用户根据需求...
5uCMS CS
04-05
注:IIS下运行没有问题,不支持IIS模拟器运行,毕竟模拟器只是模拟了部分IIS功能,并不能模拟全部IIS功能,所以系统会有部分功能不能执行或出错,请在IIS下运行系统,以免出现莫名其妙的问题。 5uCMS CS版 更新日志...
GE系统 指令列表编辑器.pdf
11-24
1. **IL编辑器的界面**:编辑器窗口分为多个部分,包括行号、标签、指令、操作数、参考地址、值和注释。行号帮助定位代码,标签用于JUMP指令,指令列显示功能名称,操作数列用于输入变量或常数,参考地址显示内存...
GE系统 指令列表编辑器.docx
11-24
【GE系统 指令列表编辑器】是一个用于创建、编辑和监视PLC(可编程逻辑控制器)程序和功能块的工具,它基于指令列表(IL)编程语言。IL是一种文本基础的编程语言,由一系列指令构成,表示PLC执行的动作和控制。以下...
万能软件版权修改器 - 皮肤版.zip
09-29
万能软件版权修改器 - 皮肤版.zip
【CE教程二】利用CE实现FPS类游戏无后坐
12-19
【CE教程二】利用CE实现FPS类游戏无后坐【CE教程二】利用CE实现FPS类游戏无后坐
万能内存修改器2012初级版
11-03
万能内存修改器2012初级版
通用内存修改器
09-19
小烦通用内存修改器,内存搜索工具,游戏必备
CSNZ大部分物品代码
09-16
详细说明CSNZ大部分物品代码,包含赛季武器、神器、配件、灾变技能等。
使用Cheat Enginee(CE)修改“植物大战僵尸”子弹类型
yjc1517的博客
10-30 4354
mov eax,b //b是玉米加农炮的子弹,这里可以修改0-d,改成d射手就会把自己打死。自动汇编该语句,注入CT表框架代码,代码注入,分配到当前的CT表,方便之后修改。cmp [ebp+24],#40 //#代表十进制数值,40是机枪射手的卡槽值。cmp [ebp+24],#34 //34是玉米投手的卡槽。可以看到玉米投手投出的是玉米加农炮的子弹。可以看到机枪射手的子弹已经改成冰西瓜。mov eax,5 //5是冰西瓜。右键转到地址,输入4672a5。修改之后重新锁定脚本。
不同游戏的不同反作弊引擎
做一个快乐学习者
05-06 3656
The aim of this topic is to create a complete index of all known (and less known) anti-cheats and the games they are used for.Input is appreciated Advanced ProtectoR (Discontinued) BattlEye Blac...
图片编辑功能Cs还是BS
07-15
图片编辑功能可以使用两种方式:Cs和BS。 "Cs"代表的是客户端软件,例如Adobe Photoshop。这意味着你需要在本地安装软件,并使用本地计算机的处理能力来进行图片编辑。Cs通常提供了更强大和专业的编辑功能,但需要较高的计算资源和较长的学习曲线。 "BS"代表的是浏览器服务,例如CSDN提供的在线图片编辑器。这种方式不需要安装任何软件,可以直接在浏览器中进行图片编辑。BS通常更加方便和易用,适合一般用户进行简单的图片编辑操作。 选择使用Cs还是BS取决于你的需求和个人偏好。如果你需要更专业的编辑功能或对计算资源有较高要求,可以选择Cs。如果你只需要进行简单的图片编辑操作或希望方便地在不同设备上进行编辑,可以选择BS。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

Zsc_02

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值