一、找到地址偏移

[[[[6A9EC0]+768]+0x144]+0x4]+0x5560   阳光
[[6A9EC0]+0x82C] +28  金币
[[[0x006A9EC0]+768]+0x144]+0x4C+0x50   冷却遍历

二、内存读写接口

DWORD 内存_读整数(HANDLE 进程权限句柄, DWORD 地址, DWORD 长度) {
    DWORD 返回值 = 0;
    ReadProcessMemory(进程权限句柄,(LPVOID)地址,&返回值, 长度,0);
    return 返回值;
}
BOOL 内存_写整数(HANDLE 进程权限句柄, DWORD 地址, DWORD 写入值, DWORD 长度) {
    bool 返回值 = WriteProcessMemory(进程权限句柄,(LPVOID)地址,&写入值, 长度,0);
    return    返回值;
}

三、操作函数

UINT 启动线程(LPVOID pParam) {
    C植物大战修改Dlg* P_Dlg = (C植物大战修改Dlg*)pParam;
    CRichEditCtrl* UI_Log = (CRichEditCtrl*)P_Dlg->GetDlgItem(IDC_EDIT1);
    CHARFORMAT 日志字体;
    ZeroMemory(&日志字体, sizeof(日志字体));
    日志字体.cbSize = sizeof(日志字体);
    日志字体.yHeight = 200;                         //字体的大小(并非我们常见的字号概念)
    日志字体.dwMask = CFM_BOLD | CFM_COLOR | CFM_FACE | CFM_ITALIC | CFM_SIZE | CFM_UNDERLINE;
    UI_Log->SetDefaultCharFormat(日志字体);    //设置控件默认的字体格式
    UI_Log->SetBackgroundColor(FALSE, RGB(0, 0, 0));
    日志字体.dwMask = CFM_COLOR;
    日志字体.crTextColor = RGB(84, 234, 21);
    UI_Log->SetWordCharFormat(日志字体);



    CString 值, 输出内容;
    HWND 窗口句柄 = FindWindowA("MainWindow", "植物大战僵尸中文版");
    DWORD pid = 0;//scanf_s 变量地址
    GetWindowThreadProcessId(窗口句柄, &pid);
    HANDLE 进程权限句柄 = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
    DWORD 读取值 = 0, 读写地址=0,首地址=0;
    do
    {
        读取值 = 0;
        读写地址 = 0;
        读取值 = 内存_读整数(进程权限句柄, 0x6A9EC0, 4);
        读取值 = 内存_读整数(进程权限句柄, 读取值 + 0x768, 4);
        读取值 = 内存_读整数(进程权限句柄, 读取值 + 0x144, 4);
        读取值 = 内存_读整数(进程权限句柄, 读取值 + 0x4, 4);
        读写地址 = 读取值 + 0x5560;
        读取值 = 内存_读整数(进程权限句柄, 读写地址, 4);
        if (读取值 <= 500)
        {
            输出内容.Format(_T("阳光:%d 少于500,增至2000 \r\n"), 读取值);
            UI_Log->SetSel(-1, -1);
            UI_Log->ReplaceSel(输出内容);
            UI_Log->PostMessage(WM_VSCROLL, SB_BOTTOM, 0);
            读取值 = 2000;
            内存_写整数(进程权限句柄, 读写地址, 读取值, 4);
        }
        读取值 = 0;
        读写地址 = 0;
        读取值 = 内存_读整数(进程权限句柄, 0x6A9EC0, 4);
        读取值 = 内存_读整数(进程权限句柄, 读取值 + 0x768, 4);
        首地址 = 内存_读整数(进程权限句柄, 读取值 + 0x144, 4);
        for (size_t i = 0; i < 10; i++)
        {
            读写地址 = 首地址 + 0x4c + i * 0x50;
            读取值 = 内存_读整数(进程权限句柄, 读写地址, 4);
            if (读取值!=0 && 读取值<=20000)
            {
                输出内容.Format(_T("格子:%d 冷却清零 \r\n"), i+1);
                UI_Log->SetSel(-1, -1);
                UI_Log->ReplaceSel(输出内容);
                UI_Log->PostMessage(WM_VSCROLL, SB_BOTTOM, 0);
                读取值 = 5000;
                内存_写整数(进程权限句柄, 读写地址, 读取值, 4);
            }
        }


        Sleep(1000);
    } while (m_pThread->m_bAutoDelete);
    return 0;
}
Last modification:December 27, 2024
© Allow specification reprint
如果觉得我的文章对你有用,请收藏