//////////////////////////////////////////////////////////////////////////
//动态写入代码
//0047EB17
#define MY_CODE1 0xE9 #define MY_CODE2 0x34 #define MY_CODE3 0x7E #define MY_CODE4 0x08 #define MY_CODE5 0x00 #define MY_CODE6 0x90 //00506950
#define MY2_CODE1 0x8B #define MY2_CODE2 0x82 //这部分是要写入的机器码的常量定义
#define MY2_CODE3 0xF4 #define MY2_CODE4 0x03 #define MY2_CODE5 0x00 #define MY2_CODE6 0x00
#define MY3_CODE1 0x89 #define MY3_CODE2 0x15 #define MY3_CODE3 0x61 #define MY3_CODE4 0x69 #define MY3_CODE5 0x50 #define MY3_CODE6 0x00
#define MY4_CODE1 0xE9 #define MY4_CODE2 0xBC #define MY4_CODE3 0x81 #define MY4_CODE4 0xF7 #define MY4_CODE5 0xFF //-----------------------------------------------------------------------------//
DWORD A1 =MY_CODE1; DWORD A2 =MY_CODE2; DWORD A3 =MY_CODE3; DWORD A4 =MY_CODE4; DWORD A5 =MY_CODE5; DWORD A6 =MY_CODE6;
DWORD B1 =MY2_CODE1; DWORD B2 =MY2_CODE2; DWORD B3 =MY2_CODE3; //这部分是变量的定义
DWORD B4 =MY2_CODE4; DWORD B5 =MY2_CODE5; DWORD B6 =MY2_CODE6;
DWORD C1 =MY3_CODE1; DWORD C2 =MY3_CODE2; DWORD C3 =MY3_CODE3; DWORD C4 =MY3_CODE4; DWORD C5 =MY3_CODE5; DWORD C6 =MY3_CODE6;
DWORD D1 =MY4_CODE1; DWORD D2 =MY4_CODE2; DWORD D3 =MY4_CODE3; DWORD D4 =MY4_CODE4; DWORD D5 =MY4_CODE5; //--------------------------------------------------------------------------//
HWND hWnd =::FindWindow("CRHClass",NULL); //得到窗口句柄
if(hWnd ==FALSE) MessageBox("游戏没有运行!"); else { GetWindowThreadProcessId(hWnd,&hProcId); // 从窗口句柄得到进程ID
HANDLE nOK = OpenProcess(PROCESS_ALL_ACCESS|PROCESS_TERMINATE|PROCESS_VM_OPERATION|PROCESS_VM_READ| PROCESS_VM_WRITE,FALSE,hProcId); //打开进程并得到读与权限
if(nOK ==NULL) MessageBox("打开进程时出错"); else { //0047EB17
WriteProcessMemory(nOK,(LPVOID)0x0047EB17,&A1,1,NULL); WriteProcessMemory(nOK,(LPVOID)0x0047EB18,&A2,1,NULL); WriteProcessMemory(nOK,(LPVOID)0x0047EB19,&A3,1,NULL); WriteProcessMemory(nOK,(LPVOID)0x0047EB1A,&A4,1,NULL); WriteProcessMemory(nOK,(LPVOID)0x0047EB1B,&A5,1,NULL); WriteProcessMemory(nOK,(LPVOID)0x0047EB1C,&A6,1,NULL); //00506950
WriteProcessMemory(nOK,(LPVOID)0x00506950,&B1,1,NULL); WriteProcessMemory(nOK,(LPVOID)0x00506951,&B2,1,NULL); WriteProcessMemory(nOK,(LPVOID)0x00506952,&B3,1,NULL); WriteProcessMemory(nOK,(LPVOID)0x00506953,&B4,1,NULL); WriteProcessMemory(nOK,(LPVOID)0x00506954,&B5,1,NULL); WriteProcessMemory(nOK,(LPVOID)0x00506955,&B6,1,NULL); //第二句
WriteProcessMemory(nOK,(LPVOID)0x00506956,&C1,1,NULL); WriteProcessMemory(nOK,(LPVOID)0x00506957,&C2,1,NULL); WriteProcessMemory(nOK,(LPVOID)0x00506958,&C3,1,NULL); WriteProcessMemory(nOK,(LPVOID)0x00506959,&C4,1,NULL); WriteProcessMemory(nOK,(LPVOID)0x0050695A,&C5,1,NULL); WriteProcessMemory(nOK,(LPVOID)0x0050695B,&C6,1,NULL); //最后一句
WriteProcessMemory(nOK,(LPVOID)0x0050695C,&D1,1,NULL); WriteProcessMemory(nOK,(LPVOID)0x0050695D,&D2,1,NULL); WriteProcessMemory(nOK,(LPVOID)0x0050695E,&D3,1,NULL); WriteProcessMemory(nOK,(LPVOID)0x0050695F,&D4,1,NULL); WriteProcessMemory(nOK,(LPVOID)0x00506960,&D5,1,NULL);
CloseHandle(nOK); //关闭进程句柄
} } } ///////////////////////////////////////////////////////////////////////////////
//读取并修改内力值
DWORD hProcId; HWND hWnd =::FindWindow("CRHClass",NULL); if(hWnd ==FALSE) MessageBox("No"); else { GetWindowThreadProcessId(hWnd,&hProcId); HANDLE nOK = OpenProcess(PROCESS_ALL_ACCESS|PROCESS_TERMINATE|PROCESS_VM_OPERATION|PROCESS_VM_READ| PROCESS_VM_WRITE,FALSE,hProcId); if(nOK == NULL) MessageBox("ProcNo!"); else { DWORD buf1; DWORD write; BOOL OK=ReadProcessMemory(nOK,(LPCVOID)0x00506961,(LPVOID)&buf1,4,NULL); //读取我们保存EDX中的基础
if(OK ==TRUE) { write =buf1+0x000003F4; //得到内力值的地址
DWORD Writeed =0x00; //要修改的数值
BOOL B =WriteProcessMemory(nOK,(LPVOID)write,&Writeed,1,NULL); if(B==FALSE) MessageBox("WriteNo"); } } CloseHandle(nOK); }
|