最近闲来无事发现周围的朋友都在玩《植物大战僵尸》的游戏!于是动了制作这游戏工具的念头!虽然在网上同类工具很多 但是用C#写的我几乎看不到!所以我想用C#写一个!
首先用CE或者OD或者其他反汇编工具找出游戏的内存基址!
游戏内存基址:base = 0x006A9EC0
游戏阳光地址:[base+0x768]+0x5560
游戏金钱地址:[base+0x82C]+0x28
游戏关卡地址:[base+0x82C]+0x24 //关卡如:A-B 实际值为:(A-1)×10+B
至于如何获取这些地址不在我们这论坛研究的范围中!
对了我是用工具vs2008编写的!
新建窗体:
下面这个类是整个工具的核心
首先用CE或者OD或者其他反汇编工具找出游戏的内存基址!
游戏内存基址:base = 0x006A9EC0
游戏阳光地址:[base+0x768]+0x5560
游戏金钱地址:[base+0x82C]+0x28
游戏关卡地址:[base+0x82C]+0x24 //关卡如:A-B 实际值为:(A-1)×10+B
至于如何获取这些地址不在我们这论坛研究的范围中!
对了我是用工具vs2008编写的!
新建窗体:
-
C# code
-
using System; using System.Drawing; using System.Text; usingSystem.Windows.Forms;PlantsVsZombiesTool{Form1 : Form{Form1(){InitializeComponent();}sender, EventArgs e){}sender, EventArgs e){){MessageBox.Show(" 哥们启用之前游戏总该运行吧! ");;}){timer1.Enabled= true;btnGet.Text= " 关闭-阳光无限 ";}{timer1.Enabled= false;btnGet.Text= " 启用-阳光无限 ";}}sender, EventArgs e){){timer1.Enabled= false;btnGet.Text= " 启用-阳光无限 ";}ReadMemoryValue(address);address= address + 0x5560 ; // 获取存放阳光数值的地址 WriteMemory(address, 0x1869F ); // 写入数据到地址(0x1869F表示99999) timer1.Interval = 1000;}sender, EventArgs e){){MessageBox.Show(" 哥们启用之前游戏总该运行吧! ");;}){timer2.Enabled= true;btnMoney.Text= " 关闭-金钱无限 ";}{timer2.Enabled= false;btnMoney.Text= " 启用-金钱无限 ";}}sender, EventArgs e){){timer2.Enabled= false;btnMoney.Text= " 启用-金钱无限 ";}ReadMemoryValue(address);address= address + 0x28 ; // 得到金钱地址 WriteMemory(address, 0x1869F ); // 写入数据到地址(0x1869F表示99999) timer2.Interval = 1000;}sender, EventArgs e){){MessageBox.Show(" 哥们启用之前游戏总该运行吧! ");;}ReadMemoryValue(address);address= address + 0x24;;{lev= int.Parse(txtLev.Text.Trim());}{MessageBox.Show(" 输入的关卡格式不真确!默认设置为1 ");}WriteMemory(address, lev);}baseAdd){Helper.ReadMemoryValue(baseAdd, processName);}value){Helper.WriteMemoryValue(baseAdd, processName, value);}}}
下面这个类是整个工具的核心
-
C# code
-
using System; usingSystem.Text;System.Runtime.InteropServices;PlantsVsZombiesTool{Helper{[DllImportAttribute(" kernel32.dll " , EntryPoint = " ReadProcessMemory ")]ReadProcessMemory(IntPtr hProcess,IntPtr lpBaseAddress,IntPtr lpBuffer,nSize,IntPtr lpNumberOfBytesRead);[DllImportAttribute(" kernel32.dll " , EntryPoint = " OpenProcess ")]IntPtr OpenProcess(dwDesiredAccess,bInheritHandle,dwProcessId);[DllImport(" kernel32.dll ")]CloseHandle(IntPtr hObject);)]WriteProcessMemory(IntPtr hProcess,IntPtr lpBaseAddress,[] lpBuffer,nSize,IntPtr lpNumberOfBytesWritten);windowTitle){;Process[] arrayProcess=Process.GetProcesses();arrayProcess){){rs=p.Id;;}}rs;}processName){Process[] arrayProcess=Process.GetProcessesByName(processName);arrayProcess){p.Id;};}title){Process[] ps=Process.GetProcesses();ps){){p.MainWindowHandle;}}IntPtr.Zero;}processName){{];IntPtr byteAddress= Marshal.UnsafeAddrOfPinnedArrayElement(buffer, 0 ); // 获取缓冲区地址 IntPtr hProcess = OpenProcess( 0x1F0FFF , false, GetPidByProcessName(processName));ReadProcessMemory(hProcess, (IntPtr)baseAddress, byteAddress,4 , IntPtr.Zero); // 将制定内存中的值读入缓冲区CloseHandle(hProcess);Marshal.ReadInt32(byteAddress);}{;}}value){IntPtr hProcess= OpenProcess( 0x1F0FFF , false , GetPidByProcessName(processName)); // 0x1F0FFF 最高权限 WriteProcessMemory(hProcess, (IntPtr)baseAddress, new int [] { value }, 4, IntPtr.Zero);CloseHandle(hProcess);}}}