Cs修改器(部分功能)

各个函数解析

这是我根据b站上面的视频使用ce初步修改,自己用vs2022用c语言实现的,完成了其中的部分功能
在自己的电脑上完美运行,不知道其他的怎么样

main()

int main()
{
	int *base1 = (int*)0x2433240;							//所有人的子弹基址
	int *base2 = (int*)0x25069bc;							//自己的子弹基址
	int *bblood = (int*)0x204ba020;						//血基址
	int* bloodadd = (int*)0x1ff8a020;
	int myp = 0x2040fbc8;											//僵直
	DWORD csid = 0;
	csid = GetPid();
	//printf("%d\n", csid);

	int choice = 0;
	int flag = 0;								//flag用来存放是否修改(1修改,0恢复)
	int yon;				//是否继续修改



	while (1)
	{
		printf("\n是否继续修改?(1|0)\n");
		scanf("%d", &yon);
		if (yon == 1)
		{

		}
		else
		{
			printf("\n\n\n\n+++++++++++++++感谢使用++++++++++++++++\n\n\n\n");
			
			return 0;
		}
		
		printf("1:所有人无限子弹\n\n2:自己无限子弹\n\n3:血量999999(开启此项功能后控制台无反应,关闭控制台效果结束)\n\n4:无限金币\n\n5:被击中不减速(无效果请刷新游戏)\n\n6:稳定的射击\n\n7:手枪连发\n\n");
		printf("\n\n\n+++++++++++++++++++++++++++++++请输入想要达到效果前面的号码,格式:<效果> <1|0> +++++++++++++++++++++++++++++++\n");
		scanf("%d", &choice);
		scanf("%d", &flag);
		if (choice == 1)
		{
			Bullet(flag, csid, base1);
		}
		else if (choice == 2)
		{
			Bullet(flag, csid, base2);
		}
		else if (choice == 3)
		{

			Blood(flag, csid, bloodadd);
			
		}
		else if (choice == 4)
		{
			Mymoney(flag, csid, base2);
		}
		else if (choice == 5)
		{
			Speed(flag,csid, base1, myp);
		}
		else if (choice == 6)
		{
			StableShooting(flag,csid, base2);
		}
		else if (choice == 7)
		{
			ShortGun(flag,csid);
		}
		else
		{
			printf("Input error");
		}

		

	}

	return 0;
}

GetPid()

DWORD GetPid()
{
	DWORD pid = 0;
	HWND hcs = 0;
	hcs = FindWindow(NULL, L"Counter-Strike");	//第一个参数是窗口的类型,vs的spy++可以查询,第二个参数是窗口的名称)
	//printf("%d\n", hcs);
	if (hcs != 0)
	{
		GetWindowThreadProcessId(hcs, &pid);	//通过FindWindow返回的窗口的句柄来获取Pid

	}
	else
	{
		printf("please open cs\n");
		return 0;
	}
	return pid;




}

无限子弹

这一块可以修改所有人的子弹数和自己的子弹数

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-n6WTRlpR-1665196226378)(C:\Users\春\AppData\Roaming\Typora\typora-user-images\image-20221008092341153.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-tYeuA3pT-1665196226380)(C:\Users\春\AppData\Roaming\Typora\typora-user-images\image-20221008092356542.png)]样的

下面的代码是根据在ce中找到的多层偏移地址,通过ReadProcessMemory() 和 WriteProcessMemory() ,对存放子弹的内存空间修改,将子弹数设置为999

也可以通过修改汇编代码实现真正的子弹数不减少,但在内存中每把枪都有自己的空间,需要一个一个进行修改,创建一个专门的函数即可)

void Bullet(int flag,DWORD pid,int *base)
{
	//int buadd = 0x2038151f;
	//Patch(buadd, pid);


	DWORD oldprotect;
	

	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
	
	int base2 =0;
	int base3 = 0;
	int base4 = 0;
	int base5 = 0;
	int s1 = ReadProcessMemory(hPro, (LPCVOID)base, &base2, 4, NULL);
	int t1 = GetLastError();
	if (s1 == 0)
	{
		printf("ReadProcessMemory Error1\n");
		
	}

	int s2 = ReadProcessMemory(hPro, (LPCVOID)(base2+0x7c), &base3, 4, NULL);
	int t2 = GetLastError();
	if (s2 == 0)
	{
		printf("ReadProcessMemory Error2\n");

	}

	int s3 = ReadProcessMemory(hPro, (LPCVOID)(base3 +0x5ec), &base4, 4, NULL);
	int t3 = GetLastError();
	if (s3 == 0)
	{
		printf("ReadProcessMemory Error3\n");

	}

	int s4 = ReadProcessMemory(hPro, (LPCVOID)(base4 + 0xcc), &base5, 4, NULL);
	int t4 = GetLastError();
	if (s4 == 0)
	{
		printf("ReadProcessMemory Error4\n");

	}






	int address = base4+0xcc;
	int nbullet = 999;
	//DWORD NumberOfByteRead;

	if (flag == 0)
	{
		nbullet = 30;
	}

	if (hPro == 0)
	{
		printf("false to get process PID\n");
		return;
	}
	VirtualProtectEx(hPro, (LPVOID)address, 10, PAGE_READWRITE, &oldprotect);
	int a = GetLastError();
	
	int write = WriteProcessMemory(hPro, (LPVOID)address, &nbullet, 2, NULL);
	if (write == 0)
	{
		printf("falied to WriteProcessMemory\n");
		int b = GetLastError();
		return ;
	}



}

无限血

通过偏移地址的跟踪找到血量的内存地址并将该地址一直写入255

该方法的缺点是,只有关闭修改器才可以停止修改

int Blood(int flag,DWORD pid,int *base)
{



	DWORD NumberOfByteRead;
	DWORD oldprotect;
	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
	
	int base2 = 0;
	int base3 = 0;

	float base4 = 0;

	int s1 = ReadProcessMemory(hPro, (LPCVOID)base, &base2, 4, NULL);							
	int t1 = GetLastError();
	if (s1 == 0)
	{
		printf("Blood ReadProcessMemory Error1\n");

	}

	int s2 = ReadProcessMemory(hPro, (LPCVOID)(base2+0x2eb0), &base3, 4, NULL);						//偏移2e60
	int t2 = GetLastError();
	if (s2 == 0)
	{
		printf("Blood ReadProcessMemory Error2\n");

	}

	int s3 = ReadProcessMemory(hPro, (LPCVOID)(base3+0x160), &base4, 4, NULL);
	int t3 = GetLastError();
	if (s3 == 0)
	{
		printf("Blood ReadProcessMemory Error3\n");

	}





	int add = base3 + 0x160;
	long time = 0;
	int seconds;

	VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
	int a = GetLastError();

	/*printf("how many time do you want to matain HP(minute): ");
	scanf("%d", &seconds);
	time = seconds * 1000;*/
	


	float blood = 255;


	while (1)
	{
		if (flag == 0)
		{
			blood = 100;
			
		}
		int write = WriteProcessMemory(hPro, (LPVOID)add, &blood, 4, NULL);
		if (write == 0)
		{
			printf("falied to WriteProcessMemory Blood\n");
			int b = GetLastError();
			return 0;
			if (seconds <= 0)
			{
				return 0;
			}


		}
	}
	//基址切换的情况
	if (s1 == 0 || s2 == 0 || s3 == 0)
	{
		return 0;
	}
	else
	{
		return 1;
	}

	
}

无限金币

打补丁修改汇编

void Mymoney(int flag,DWORD pid, int* base)
{




	int madd = 0x2041365f;
	int madd1 = 0x1fee365f;
	//base = (int*)madd;

	if (flag == 0)
	{
		int madd1 = madd + 0x4;
		HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
		int patch1 = 0x01cc8e89;
		int patch2 = 0x0000;
		VirtualProtectEx(hPro, (LPVOID)madd, 10, PAGE_READWRITE, tmp);
		int write1 = WriteProcessMemory(hPro, (LPVOID)madd, &patch1, 4, NULL);
		int write2 = WriteProcessMemory(hPro, (LPVOID)madd1, &patch2, 2, NULL);
		printf("\nBingo\n");
	}
	else
	{
		Patch(madd, pid);
		Patch(madd1, pid);
	}
	



}

Patch()

用于修改填充六个字节NULL的补丁

void Patch(int add,DWORD pid)
{
	int add2 = add + 0x4;
	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
	int patch1 = 0x90909090;
	int patch2 = 0x9090;
	VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, tmp);
	int write1 = WriteProcessMemory(hPro, (LPVOID)add, &patch1, 4, NULL);
	int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &patch2, 2, NULL);
	printf("\nBingo\n");
}

无僵直

void Speed(int flag,DWORD pid, int* base,int myp)
{
	//DWORD NumberOfByteRead;
	DWORD oldprotect;
	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);


	int base2 = 0;
	int base3 = 0;
	float base4 = 0;
	int sbase = 0x25069bc,sbase1 = 0,sbase2 = 0;						//判断是否改写了速度,通过这几个变量偏移读取speedadd

	int add = myp;
	int add2 = myp+0x4;
	int add3 = add2 + 0x4;
	int speed = 0x90909090;
	int speed2 = 0x90909090;
	int speed3 = 0x9090;
	int sadd = 0;								//速度的地址(变化)
	if (flag == 0)
	{
		speed = 0x01b085c7;
		speed2 = 0x00000000; 
		speed3 = 0x00003f00;
		VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
		int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
		int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
		int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
	}
	else
	{
		VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
		int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
		int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
		int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
		//步枪修复
		int myp2 = myp - 0x53;
		int sbyte = 0x51eb;
		VirtualProtectEx(hPro, (LPVOID)myp2, 10, PAGE_READWRITE, &oldprotect);
		int write4 = WriteProcessMemory(hPro, (LPVOID)myp2, &sbyte, 2, NULL);
	}

	//基址变化
	myp = 0x1fd3fbc8;
	 add = myp;
	 add2 = myp + 0x4;
	 add3 = add2 + 0x4;
	 sadd = 0;								//速度的地址(变化)
	if (flag == 0)
	{
		speed = 0x01b085c7;
		speed2 = 0x00000000;
		speed3 = 0x00003f00;
		VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
		int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
		int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
		int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
	}
	else
	{
		VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
		int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
		int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
		int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
		//步枪修复
		int myp2 = myp - 0x53;
		int sbyte = 0x51eb;
		VirtualProtectEx(hPro, (LPVOID)myp2, 10, PAGE_READWRITE, &oldprotect);
		int write4 = WriteProcessMemory(hPro, (LPVOID)myp2, &sbyte, 2, NULL);
	}
	return ;
}

稳定射击

void StableShooting(int flag,DWORD pid, int* base)
{

	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);


	//后坐力地址
	int mp5add = 0x2038a9b9;			//mp5
	int akadd = 0x20381479;				//AK
	int sgadd = 0x2038cad9;				//sg552
	int augadd = 0x20381e99;			//aug
	int m4add = 0x20389cb9;				//m4a1
	int tmpadd = 0x2038d8f9;			///tmp冲锋枪
	int p90add = 0x2038b66e;			//p90
	int macadd = 0x2038a3b9;			//mac冲锋枪
	int m249add = 0x20388d39;			//m249
	//int eliteadd = 0x20383dce;			//双枪
	//int deagleadd = 0x20383740;			//沙漠之鹰
	//int p228add = 0x2038b090;			//p228
	//int uspadd = 0x2038e7e0;			//usp
	//int gloadd = 0x20386b55;			//glock


	if (flag == 0)
	{
		Depatch1(mp5add, pid);
		Depatch1(akadd, pid);
		Depatch1(sgadd, pid);
		Depatch1(augadd, pid);
		Depatch1(m4add, pid);
		Depatch1(tmpadd, pid);
		Depatch1(p90add, pid);
		Depatch1(macadd, pid);
		Depatch1(m249add, pid);
	}
	else
	{
		Patch(mp5add, pid);
		Patch(akadd, pid);
		Patch(sgadd, pid);
		Patch(augadd, pid);
		Patch(m4add, pid);
		Patch(tmpadd, pid);
		Patch(p90add, pid);
		Patch(macadd, pid);
		Patch(m249add, pid);
		//Patch(eliteadd, pid);
		//Patch(deagleadd, pid);
		//Patch(p228add, pid);
		//Patch(uspadd, pid);
		//Patch(gloadd, pid);
		printf(" ");
	}

}


Depatch1

void Depatch1(int add, DWORD pid)
{
	int add2 = add + 0x4;
	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
	int patch1 = 0x0100ae89;
	int patch2 = 0000;
	VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, tmp);
	int write1 = WriteProcessMemory(hPro, (LPVOID)add, &patch1, 4, NULL);
	int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &patch2, 2, NULL);
	printf("\nBingo\n");

}

上面代码中修改手枪的调用不仅会减少手枪的后坐力,还会让手枪连发

每个武器的后坐力都是单独的,这也可以自己写代码完成部分武器的修改

手枪连发

void ShortGun(int flag,DWORD pid)
{



	int eliteadd = 0x20383dce;			//双枪
	int deagleadd = 0x20383740;			//沙漠之鹰
	int p228add = 0x2038b090;			//p228
	int uspadd = 0x2038e7e0;			//usp
	int gloadd = 0x20386b55;			//glock
	if (flag == 0)
	{
		Depatch(eliteadd, pid);
		Depatch(deagleadd, pid);
		Depatch(p228add, pid);
		Depatch(uspadd, pid);
		Depatch(gloadd, pid);
	}
	else
	{
		Patch(eliteadd, pid);
		Patch(deagleadd, pid);
		Patch(p228add, pid);
		Patch(uspadd, pid);
		Patch(gloadd, pid);
	}

	
}

Depatch

void Depatch(int add, DWORD pid)
{
	int add2 = add + 0x4;
	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
	int patch1 = 0x01009689;
	int patch2 = 0000;
	VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, tmp);
	int write1 = WriteProcessMemory(hPro, (LPVOID)add, &patch1, 4, NULL);
	int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &patch2, 2, NULL);
	printf("\nBingo\n");

}

源代码部分

// CS辅助.cpp : 此文件包含 "main" 函数。程序执行将在此处开始并结束。
//
#define _CRT_SECURE_NO_WARNINGS



#include <iostream>
#include <Windows.h>
PDWORD tmp;


void Patch(int add,DWORD pid)
{
	int add2 = add + 0x4;
	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
	int patch1 = 0x90909090;
	int patch2 = 0x9090;
	VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, tmp);
	int write1 = WriteProcessMemory(hPro, (LPVOID)add, &patch1, 4, NULL);
	int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &patch2, 2, NULL);
	printf("\nBingo\n");
}

void Depatch(int add, DWORD pid)
{
	int add2 = add + 0x4;
	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
	int patch1 = 0x01009689;
	int patch2 = 0000;
	VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, tmp);
	int write1 = WriteProcessMemory(hPro, (LPVOID)add, &patch1, 4, NULL);
	int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &patch2, 2, NULL);
	printf("\nBingo\n");

}

void Depatch1(int add, DWORD pid)
{
	int add2 = add + 0x4;
	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
	int patch1 = 0x0100ae89;
	int patch2 = 0000;
	VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, tmp);
	int write1 = WriteProcessMemory(hPro, (LPVOID)add, &patch1, 4, NULL);
	int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &patch2, 2, NULL);
	printf("\nBingo\n");

}




DWORD GetPid()
{
	DWORD pid = 0;
	HWND hcs = 0;
	hcs = FindWindow(NULL, L"Counter-Strike");
	//printf("%d\n", hcs);
	if (hcs != 0)
	{
		GetWindowThreadProcessId(hcs, &pid);

	}
	else
	{
		printf("please open cs\n");
		return 0;
	}
	return pid;




}


void ShortGun(int flag,DWORD pid)
{



	int eliteadd = 0x20383dce;			//双枪
	int deagleadd = 0x20383740;			//沙漠之鹰
	int p228add = 0x2038b090;			//p228
	int uspadd = 0x2038e7e0;			//usp
	int gloadd = 0x20386b55;			//glock
	if (flag == 0)
	{
		Depatch(eliteadd, pid);
		Depatch(deagleadd, pid);
		Depatch(p228add, pid);
		Depatch(uspadd, pid);
		Depatch(gloadd, pid);
	}
	else
	{
		Patch(eliteadd, pid);
		Patch(deagleadd, pid);
		Patch(p228add, pid);
		Patch(uspadd, pid);
		Patch(gloadd, pid);
	}

	
}


void StableShooting(int flag,DWORD pid, int* base)
{

	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);


	//后坐力地址
	int mp5add = 0x2038a9b9;			//mp5
	int akadd = 0x20381479;				//AK
	int sgadd = 0x2038cad9;				//sg552
	int augadd = 0x20381e99;			//aug
	int m4add = 0x20389cb9;				//m4a1
	int tmpadd = 0x2038d8f9;			///tmp冲锋枪
	int p90add = 0x2038b66e;			//p90
	int macadd = 0x2038a3b9;			//mac冲锋枪
	int m249add = 0x20388d39;			//m249
	//int eliteadd = 0x20383dce;			//双枪
	//int deagleadd = 0x20383740;			//沙漠之鹰
	//int p228add = 0x2038b090;			//p228
	//int uspadd = 0x2038e7e0;			//usp
	//int gloadd = 0x20386b55;			//glock


	if (flag == 0)
	{
		Depatch1(mp5add, pid);
		Depatch1(akadd, pid);
		Depatch1(sgadd, pid);
		Depatch1(augadd, pid);
		Depatch1(m4add, pid);
		Depatch1(tmpadd, pid);
		Depatch1(p90add, pid);
		Depatch1(macadd, pid);
		Depatch1(m249add, pid);
	}
	else
	{
		Patch(mp5add, pid);
		Patch(akadd, pid);
		Patch(sgadd, pid);
		Patch(augadd, pid);
		Patch(m4add, pid);
		Patch(tmpadd, pid);
		Patch(p90add, pid);
		Patch(macadd, pid);
		Patch(m249add, pid);
		//Patch(eliteadd, pid);
		//Patch(deagleadd, pid);
		//Patch(p228add, pid);
		//Patch(uspadd, pid);
		//Patch(gloadd, pid);
		printf(" ");
	}










}



void Speed(int flag,DWORD pid, int* base,int myp)
{
	//DWORD NumberOfByteRead;
	DWORD oldprotect;
	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);


	int base2 = 0;
	int base3 = 0;
	float base4 = 0;
	int sbase = 0x25069bc,sbase1 = 0,sbase2 = 0;						//判断是否改写了速度,通过这几个变量偏移读取speedadd

	int add = myp;
	int add2 = myp+0x4;
	int add3 = add2 + 0x4;
	int speed = 0x90909090;
	int speed2 = 0x90909090;
	int speed3 = 0x9090;
	int sadd = 0;								//速度的地址(变化)
	if (flag == 0)
	{
		speed = 0x01b085c7;
		speed2 = 0x00000000; 
		speed3 = 0x00003f00;
		VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
		int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
		int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
		int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
	}
	else
	{
		VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
		int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
		int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
		int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
		//步枪修复
		int myp2 = myp - 0x53;
		int sbyte = 0x51eb;
		VirtualProtectEx(hPro, (LPVOID)myp2, 10, PAGE_READWRITE, &oldprotect);
		int write4 = WriteProcessMemory(hPro, (LPVOID)myp2, &sbyte, 2, NULL);
	}

	//基址变化
	myp = 0x1fd3fbc8;
	 add = myp;
	 add2 = myp + 0x4;
	 add3 = add2 + 0x4;
	 sadd = 0;								//速度的地址(变化)
	if (flag == 0)
	{
		speed = 0x01b085c7;
		speed2 = 0x00000000;
		speed3 = 0x00003f00;
		VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
		int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
		int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
		int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
	}
	else
	{
		VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
		int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
		int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
		int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
		//步枪修复
		int myp2 = myp - 0x53;
		int sbyte = 0x51eb;
		VirtualProtectEx(hPro, (LPVOID)myp2, 10, PAGE_READWRITE, &oldprotect);
		int write4 = WriteProcessMemory(hPro, (LPVOID)myp2, &sbyte, 2, NULL);
	}
	return ;
}





int Blood(int flag,DWORD pid,int *base)
{



	//DWORD NumberOfByteRead;
	DWORD oldprotect;
	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
	
	int base2 = 0;
	int base3 = 0;

	float base4 = 0;

	int s1 = ReadProcessMemory(hPro, (LPCVOID)base, &base2, 4, NULL);							
	int t1 = GetLastError();
	if (s1 == 0)
	{
		printf("Blood ReadProcessMemory Error1\n");

	}

	int s2 = ReadProcessMemory(hPro, (LPCVOID)(base2+0x2eb0), &base3, 4, NULL);						//偏移2e60
	int t2 = GetLastError();
	if (s2 == 0)
	{
		printf("Blood ReadProcessMemory Error2\n");

	}

	int s3 = ReadProcessMemory(hPro, (LPCVOID)(base3+0x160), &base4, 4, NULL);
	int t3 = GetLastError();
	if (s3 == 0)
	{
		printf("Blood ReadProcessMemory Error3\n");

	}





	int add = base3 + 0x160;
	long time = 0;
	int seconds;

	VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
	int a = GetLastError();

	/*printf("how many time do you want to matain HP(minute): ");
	scanf("%d", &seconds);
	time = seconds * 1000;*/
	


	float blood = 255;
	if (flag == 0)
	{
		blood = 100;
		WriteProcessMemory(hPro, (LPVOID)add, &blood, 2, NULL);
		goto L1;
	}

	while (1)
	{

		int write = WriteProcessMemory(hPro, (LPVOID)add, &blood, 4, NULL);
		if (write == 0)
		{
			printf("falied to WriteProcessMemory Blood\n");
			int b = GetLastError();
			return 0;
			if (seconds <= 0)
			{
				return 0;
			}


		}
	}
	L1:
	//基址切换的情况
	if (s1 == 0 || s2 == 0 || s3 == 0)
	{
		return 0;
	}
	else
	{
		return 1;
	}
		
	

		
	
	
}

void Mymoney(int flag,DWORD pid, int* base)
{




	int madd = 0x2041365f;
	int madd1 = 0x1fee365f;
	//base = (int*)madd;

	if (flag == 0)
	{
		int madd1 = madd + 0x4;
		HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
		int patch1 = 0x01cc8e89;
		int patch2 = 0x0000;
		VirtualProtectEx(hPro, (LPVOID)madd, 10, PAGE_READWRITE, tmp);
		int write1 = WriteProcessMemory(hPro, (LPVOID)madd, &patch1, 4, NULL);
		int write2 = WriteProcessMemory(hPro, (LPVOID)madd1, &patch2, 2, NULL);
		printf("\nBingo\n");
	}
	else
	{
		Patch(madd, pid);
		Patch(madd1, pid);
	}
	

	//HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);



	//int base2 = 0;
	//int base3 = 0;
	//int base4 = 0;

	//int s1 = ReadProcessMemory(hPro, (LPCVOID)base, &base2, 4, NULL);
	//int t1 = GetLastError();
	//if (s1 == 0)
	//{
	//	printf("Money ReadProcessMemory Error1\n");
	//}

	//int s2 = ReadProcessMemory(hPro, (LPCVOID)(base2+0x7c), &base3, 4, NULL);
	//int t2 = GetLastError();
	//if (s2 == 0)
	//{
	//	printf("Money ReadProcessMemory Error2\n");
	//}

	//int s3 = ReadProcessMemory(hPro, (LPCVOID)(base3 + 0x1cc), &base4, 4, NULL);
	//int t3 = GetLastError();
	//if (s3 == 0)
	//{
	//	printf("Money ReadProcessMemory Error2\n");
	//}



	//int address = base3 + 0x1cc;
	//int mymoney =0;
	//int money = 16000;

	//VirtualProtectEx(hPro, (LPVOID)address, 10, PAGE_READWRITE, NULL);
	//int a = GetLastError();

	//while (mymoney != 16000)
	//{
	//	int write = WriteProcessMemory(hPro, (LPVOID)address, &money, 4, NULL);
	//	if (write == 0)
	//	{
	//		printf("falied to WriteProcessMemory Money\n");
	//		int b = GetLastError();
	//		return;
	//	}

	//}





}





void Bullet(int flag,DWORD pid,int *base)
{
	//int buadd = 0x2038151f;
	//Patch(buadd, pid);


	DWORD oldprotect;
	

	HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
	
	int base2 =0;
	int base3 = 0;
	int base4 = 0;
	int base5 = 0;
	int s1 = ReadProcessMemory(hPro, (LPCVOID)base, &base2, 4, NULL);
	int t1 = GetLastError();
	if (s1 == 0)
	{
		printf("ReadProcessMemory Error1\n");
		
	}

	int s2 = ReadProcessMemory(hPro, (LPCVOID)(base2+0x7c), &base3, 4, NULL);
	int t2 = GetLastError();
	if (s2 == 0)
	{
		printf("ReadProcessMemory Error2\n");

	}

	int s3 = ReadProcessMemory(hPro, (LPCVOID)(base3 +0x5ec), &base4, 4, NULL);
	int t3 = GetLastError();
	if (s3 == 0)
	{
		printf("ReadProcessMemory Error3\n");

	}

	int s4 = ReadProcessMemory(hPro, (LPCVOID)(base4 + 0xcc), &base5, 4, NULL);
	int t4 = GetLastError();
	if (s4 == 0)
	{
		printf("ReadProcessMemory Error4\n");

	}






	int address = base4+0xcc;
	int nbullet = 999;
	//DWORD NumberOfByteRead;

	if (flag == 0)
	{
		nbullet = 30;
	}

	if (hPro == 0)
	{
		printf("false to get process PID\n");
		return;
	}
	VirtualProtectEx(hPro, (LPVOID)address, 10, PAGE_READWRITE, &oldprotect);
	int a = GetLastError();
	
	int write = WriteProcessMemory(hPro, (LPVOID)address, &nbullet, 2, NULL);
	if (write == 0)
	{
		printf("falied to WriteProcessMemory\n");
		int b = GetLastError();
		return ;
	}



}

int main()
{
	int *base1 = (int*)0x2433240;							//所有人的子弹基址
	int *base2 = (int*)0x25069bc;							//自己的子弹基址
	int *bblood = (int*)0x204ba020;						//血基址
	int* bloodadd = (int*)0x1ff8a020;
	int myp = 0x2040fbc8;											//僵直
	DWORD csid = 0;
	csid = GetPid();
	//printf("%d\n", csid);

	int choice = 0;
	int flag = 0;
	int yon;				//是否继续修改



	while (1)
	{
		printf("\n是否继续修改?(1|0)\n");
		scanf_s("%d", &yon);
		if (yon == 1)
		{

		}
		else
		{
			printf("\n\n\n\n+++++++++++++++感谢使用++++++++++++++++\n\n\n\n");
			
			return 0;
		}
		
		printf("1:所有人无限子弹\n\n2:自己无限子弹\n\n3:血量999999(开启此项功能后控制台无反应,关闭控制台效果结束)\n\n4:无限金币\n\n5:被击中不减速(无效果请刷新游戏)\n\n6:稳定的射击\n\n7:手枪连发\n\n");
		printf("\n\n\n+++++++++++++++++++++++++++++++请输入想要达到效果前面的号码,格式:<效果> <1|0> +++++++++++++++++++++++++++++++\n");
		scanf_s("%d", &choice);
		scanf_s("%d", &flag);
		if (choice == 1)
		{
			Bullet(flag, csid, base1);
		}
		else if (choice == 2)
		{
			Bullet(flag, csid, base2);
		}
		else if (choice == 3)
		{
			int sign = Blood(flag, csid, bblood);
			if (flag == 0)
			{
				Blood(flag, csid, bloodadd);
			}
		}
		else if (choice == 4)
		{
			Mymoney(flag, csid, base2);
		}
		else if (choice == 5)
		{
			Speed(flag,csid, base1, myp);
		}
		else if (choice == 6)
		{
			StableShooting(flag,csid, base2);
		}
		else if (choice == 7)
		{
			ShortGun(flag,csid);
		}
		else
		{
			printf("Input error");
		}

		

	}

	return 0;
}

  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 1
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

Zsc_02

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值