逆向第一课,找个单机游戏,改数据玩玩。
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# File : 植物大战僵尸修改器.py
# Author: DaShenHan&道长-----先苦后甜,任凭晚风拂柳颜------
# Date : 2019/12/28
import win32gui
import win32process
import win32api
import ctypes
handle = win32gui.FindWindow(None,"植物大战僵尸中文版")
print(handle)
pid = win32process.GetWindowThreadProcessId(handle)[1]
print(pid)
phwnd = win32api.OpenProcess(0x1F0FFF,False,pid)
print(phwnd)
kernerl32 = ctypes.windll.LoadLibrary(r"C:\Windows\System32\kernel32.dll")
print(kernerl32)
data1 = ctypes.c_long()
kernerl32.ReadProcessMemory(int(phwnd),0x006A9EC0,ctypes.byref(data1),4,None)
print(hex(data1.value))
data2 = ctypes.c_long()
kernerl32.ReadProcessMemory(int(phwnd),data1.value+0x768,ctypes.byref(data2),4,None)
print(hex(data2.value))
data3 = ctypes.c_long()
kernerl32.ReadProcessMemory(int(phwnd),data2.value+0x5560,ctypes.byref(data3),4,None)
print(data3.value)
sun = int(input("请输入你要的阳光值:"))
kernerl32.WriteProcessMemory(int(phwnd),data2.value+0x5560,ctypes.byref(ctypes.c_long(sun)),4,None)
优化增强版功能,支持热键启用,无限阳光,无cd;
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# File : 植物大战僵尸无敌.py
# Author: DaShenHan&道长-----先苦后甜,任凭晚风拂柳颜------
# Date : 2019/12/28
import win32gui
import win32process
import win32api
import ctypes
from time import sleep
import ctypes.wintypes
from threading import Thread,activeCount, enumerate
import win32con
kernerl32 = ctypes.windll.LoadLibrary(r"C:\Windows\System32\kernel32.dll")
flag_lock = {
"sun_lock":False,
"cd_lock":False
}
h_ids = [i for i in range(2)] # 创建两个热键序列
h_keys = {i: False for i in h_ids} # 初始化所有热键序列的标志符为False
h_dict = {} # 初始化一个空的字典,记录id与func
def thread_it(func, *args):
t = Thread(target=func, args=args)
t.setDaemon(True)
t.start()
class Hotkey(Thread): # 创建一个Thread的扩展类
user32 = ctypes.windll.user32 # 加载user32.dll
def regiskey(self, hwnd=None, flagid=0, fnkey=win32con.MOD_ALT, vkey=win32con.VK_F9): # 注册热键,默认一个alt+F9
return self.user32.RegisterHotKey(hwnd, flagid, fnkey, vkey)
def callback(self, id, func):
h_dict[id] = func # 这个id对应这个func,没有就是新增,有就是修改
def inner():
for key, value in h_dict.items():
print(f'总的热键池:{h_ids},当前热键序号:{key}, 当前热键功能:{value},当前热键状态:{h_keys[h_ids[key]]}')
while True:
for key, value in h_dict.items():
if h_keys[h_ids[key]]:
thread_it(value) # 另外开线程执行value
h_keys[h_ids[key]] = False
return inner
def run(self):
if not self.regiskey(None, h_ids[0], win32con.MOD_ALT, win32con.VK_F9): # 注册快捷键alt+F9并判断是否成功,该热键用于执行一次需要执行的内容。
print(f"热键注册失败! id{h_ids[0]}") # 返回一个错误信息
if not self.regiskey(None, h_ids[1], 0, win32con.VK_F10): # 注册快捷键F10并判断是否成功,该热键用于结束程序,且最好这么结束,否则影响下一次注册热键。
print(f"热键注册失败! id{h_ids[1]}")
# 以下为检测热键是否被按下,并在最后释放快捷键
try:
msg = ctypes.wintypes.MSG()
while True:
if self.user32.GetMessageA(ctypes.byref(msg), None, 0, 0) != 0:
if msg.message == win32con.WM_HOTKEY:
if msg.wParam in h_ids:
h_keys[msg.wParam] = True
self.user32.TranslateMessage(ctypes.byref(msg))
self.user32.DispatchMessageA(ctypes.byref(msg))
finally:
for i in h_ids:
self.user32.UnregisterHotKey(None, i)
# 必须得释放热键,否则下次就会注册失败,所以当程序异常退出,没有释放热键,
# 那么下次很可能就没办法注册成功了,这时可以换一个热键测试
def modSwitch(flag,msg):
global flag_lock
if flag_lock[flag] == True:
flag_lock[flag] = False
print(f"{msg}已关闭")
else:
flag_lock[flag] = True
print(f"{msg}已开启")
def sunSwith():
modSwitch("sun_lock","锁阳光")
def cdSwith():
modSwitch("cd_lock","无CD")
def hotkey_init():
hotkey = Hotkey()
hotkey.start()
hotkey.callback(0, sunSwith)
fn = hotkey.callback(1, cdSwith)
thread_it(fn)
sleep(0.5)
count = activeCount()
print(f"当前总线程数量:{count}")
print('当前线程列表:', enumerate())
print('热键注册初始化完毕,组合键alt+F9 无限阳光开关 F10 无CD开关')
def main():
hotkey_init()
while True:
handle = win32gui.FindWindow(None,"植物大战僵尸中文版") #找到窗口句柄
if handle:
pid = win32process.GetWindowThreadProcessId(handle)[1] #找到进程id
phwnd = win32api.OpenProcess(0x1F0FFF,False,pid) #找到进程句柄
if flag_lock["sun_lock"]:
sunMod(phwnd)
if flag_lock["cd_lock"]:
cdMod(phwnd)
sleep(0.1)
def sunMod(phwnd,sun_num=9999):
data1 = ctypes.c_long()
kernerl32.ReadProcessMemory(int(phwnd), 0x006A9EC0, ctypes.byref(data1), 4, None)
data2 = ctypes.c_long()
kernerl32.ReadProcessMemory(int(phwnd), data1.value + 0x768, ctypes.byref(data2), 4, None)
data3 = ctypes.c_long()
kernerl32.ReadProcessMemory(int(phwnd), data2.value + 0x5560, ctypes.byref(data3), 4, None)
print(f"\r阳光值:{data3.value}",end="")
kernerl32.WriteProcessMemory(int(phwnd), data2.value + 0x5560, ctypes.byref(ctypes.c_long(int(sun_num))), 4, None)
def cdMod(phwnd):
data1 = ctypes.c_long()
kernerl32.ReadProcessMemory(int(phwnd), 0x6A9EC0, ctypes.byref(data1), 4, None)
data2 = ctypes.c_long()
kernerl32.ReadProcessMemory(int(phwnd), data1.value + 0x768, ctypes.byref(data2), 4, None)
data3 = ctypes.c_long()
kernerl32.ReadProcessMemory(int(phwnd), data2.value + 0x144, ctypes.byref(data3), 4, None)
for i in range(10):
#0到10格,全部冷却改为1
kernerl32.WriteProcessMemory(int(phwnd), data3.value + 0x70+0X50*i, ctypes.byref(ctypes.c_long(1)), 2, None)
if __name__ == '__main__':
main()