雷数的基址: 010056A4
开局消息:1FE
高级消息:20B
WriteProcessMemory(hp,(LPVOID)0x10056A4 , &lei,4,NULL);//写入函数
自定义扫雷程序:
void CoyytowjmDlg::OnBnClickedButton1()
{
// TODO: 在此添加控件通知处理程序代码
HWND h = ::FindWindowA("扫雷",NULL);
//int high;//高
//int wide;//宽
if(h==0)
{
::MessageBox(0,L"请打开扫雷winmine.exe",0,MB_OK);
return;
}
DWORD pid;
GetWindowThreadProcessId(h,&pid);
TOKEN_PRIVILEGES tkp;
HANDLE hToken;
OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken);
LookupPrivilegeValue(NULL, SE_DEBUG_NAME,&tkp.Privileges[0].Luid); //获得本地机唯一的标识
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,(PTOKEN_PRIVILEGES) NULL, 0); //调整获得的权限
HANDLE hp=OpenProcess(PROCESS_ALL_ACCESS ,false,pid);
if(hp==NULL)
{
::MessageBox(0,L"打开进程出错",0,MB_OK);
return;
}
::SendMessage(h,WM_COMMAND,0x20B,0); //先选高级
//int lein = 129;
//ReadProcessMemory(hp,(LPCVOID)0x1005338 , &high,4,&pid); //读取高 读取宽
// ReadProcessMemory(hp,(LPCVOID)0x1005334 , &wide,4,&pid);
//形成指定数组 //选定需要显示的字
/*
char arry[16][30] = {
{0 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,0 ,0, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0},
{0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,0, 0, 0, 1, 1, 1, 0, 0, 0, 0},
{0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
{1 ,1 ,1 ,0 ,1 ,0 ,1 ,0 ,1 ,0 ,1 ,0 ,1 ,1 ,1 ,1 ,1 ,1 ,0 ,1 ,0, 1, 0, 1, 1, 1, 0, 1, 0, 1},
{1 ,0 ,1 ,0 ,0 ,1 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,1 ,0 ,1 ,0 ,1 ,0 ,1 ,0, 1, 0, 0, 1, 0, 0, 1, 1, 1},
{1 ,0 ,1 ,0 ,0 ,1 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,1 ,0 ,1 ,0 ,1 ,0 ,1 ,1, 1, 0, 0, 1, 0, 0, 1, 0, 1},
{1 ,1 ,1 ,0 ,0 ,1 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,1 ,0 ,1 ,1 ,1 ,0 ,1 ,0, 1, 0, 1, 1, 0, 0, 1, 0, 1}
} ;
*/
//int lein = 129;
char arry[16][30] = {
{0 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,0 ,0, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0},
{0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,0, 0, 0, 1, 1, 1, 0, 0, 0, 0},
{0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
{0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
{0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
{1 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
{0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0, 0, 0, 0, 0, 0, 0, 0, 0, 0}};
int lein = 70;
/*
char arry[16][30] = {
{0 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,0 ,0, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0},
{0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0, 0, 1, 0, 0, 0, 1, 0, 0, 0},
{0 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,1 ,1 ,0 ,0 ,0 ,0, 0, 0, 1, 1, 1, 0, 0, 0, 0},
{0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
{0 ,0 ,0 ,1 ,1 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,0 ,0, 0, 1, 0, 0, 0, 0, 0, 1, 0},
{0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,1 ,0 ,1 ,0 ,0, 0, 0, 1, 0, 0, 0, 1, 0, 0},
{0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,0 ,0 ,1 ,0 ,0 ,0 ,0 ,1 ,0 ,1 ,0 ,0, 0, 0, 0, 1, 0, 1, 0, 0, 0},
{0 ,0 ,0 ,1 ,1 ,1 ,0 ,0 ,0 ,0 ,0 ,1 ,1 ,1 ,0 ,0 ,1 ,1 ,1 ,0 ,0, 0, 0, 0, 0, 1, 0, 0, 0, 0}
} ;
*/
//int lein = 99;
WriteProcessMemory(hp,(LPVOID)0x10056A4 , &lein,4,NULL);//改变雷数
::SendMessage(h,WM_COMMAND,0x1FE,0); //开始、刷新雷数
//布局雷
int lei = 0x8f;
int feilei = 0x0f;
int end = 0x10;
char*addr=(char*)0x1005361;
//WriteProcessMemory(hp,(LPVOID)addr , &lei,1,NULL);
//addr++;
//WriteProcessMemory(hp,(LPVOID)addr , &lei,1,NULL);
int kk = 0;
for(int i = 0 ; i < 16 ; i++)
{
for(int j = 0 ; j < 30 ; j++)
{
if(arry[i][j]==0x01)
{
WriteProcessMemory(hp,(LPVOID)addr , &lei,4,NULL);
kk++;
}
else
WriteProcessMemory(hp,(LPVOID)addr , &feilei,4,NULL);
addr++;
}
WriteProcessMemory(hp,(LPVOID)addr , &end,4,NULL);
addr++;
WriteProcessMemory(hp,(LPVOID)addr , &end,4,NULL);
addr++;
}
}