cs1.6 ce c++ 2 固定金钱
固定金钱到16000
1 使用ce找基址
找到金钱地址后,右键对这个地址进行指针扫描
会得到很多地址
为了保证地址是可用的基地址,我们关掉游戏重新打开,扫描正确的地址
基本上剩下的都是可用的了,之后发现不能用再可以来这里找。
2 使用c++不断修改金钱,从而实现固定金钱
由于金钱使用的频率要求没有那么高,所以不用代码注入什么的。
仅仅使用基址低频的修正金钱即可。
#include <bits/stdc++.h>
#include <iostream>
#include <Windows.h>
#include <Tlhelp32.h>
#include <stdio.h>
#include <time.h>
using namespace std;
// fuction declare
void changeMoney();
void enableDebugPriv();
bool init(string gameName);
void close();
void find_addrs();
int FindPID(string ProcessName);
HMODULE fnGetProcessBase(DWORD PID);
DWORD GetLastErrorBox(HWND hWnd, LPSTR lpTitle) ;
uintptr_t FindDMAAddy(uintptr_t ptr, vector<uintptr_t> offsets);
// parameter declare
HWND hwnd;
//程序的地址,类似于一个int
DWORD procID;
HANDLE handle;
//基地址cstrike.exe
unsigned int BaseAddress;
// addrs
uintptr_t money_addr = 0;
uintptr_t ReadMemory(uintptr_t addr)
{
uintptr_t t;
bool state = ReadProcessMemory(handle, (LPVOID)addr, &t, sizeof(t), 0);
if(!state)return false;
return t;
}
void changeMoney()
{
int money = 16000;
//printf("%x",money_addr);
//写入实际的money
WriteProcessMemory(handle, (LPVOID)money_addr, &money, sizeof(money), 0);
}
int main()
{
while(!init("cstrike.exe"))
{
cout<<"修改器初始化失败!"<<endl;
Sleep(10000);
}
find_addrs();
while(1)
{
changeMoney();//修改金钱
Sleep(10000);//暂停10秒
//break;
}
close();
return 0;
}
bool init(string gameName)
{
procID=FindPID(gameName);
//cout<<procID<<endl;
//获取进程句柄
handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, procID);
if (handle == NULL)
{
cout << "There is no such a process!" << endl;
Sleep(3000);
return 0;
}
HMODULE hModule = fnGetProcessBase(procID);
if(hModule==NULL)
{
return 0;
}
BaseAddress = (UINT_PTR)hModule;
return 1;
}
void close()
{
CloseHandle(handle);
}
void find_addrs()
{
//"cstrike.exe"+01033240
vector<uintptr_t> offsets;
offsets.push_back(0x01033240);
offsets.push_back(0x7C);
offsets.push_back(0x1CC);
money_addr = FindDMAAddy(BaseAddress,offsets);
}
//通过PID获取基地址
HMODULE fnGetProcessBase(DWORD PID)
{
//获取进程基址
HANDLE hSnapShot;
//通过CreateToolhelp32Snapshot和线程ID,获取进程快照
hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, PID);
if (hSnapShot == INVALID_HANDLE_VALUE)
{
GetLastErrorBox(NULL,"can't create Snapshot!");
return NULL;
}
MODULEENTRY32 ModuleEntry32;
ModuleEntry32.dwSize = sizeof(ModuleEntry32);
if (Module32First(hSnapShot, &ModuleEntry32))
{
do
{
TCHAR szExt[5];
strcpy(szExt, ModuleEntry32.szExePath + strlen(ModuleEntry32.szExePath) - 4);
for (int i = 0;i < 4;i++)
{
if ((szExt[i] >= 'a')&&(szExt[i] <= 'z'))
{
szExt[i] = szExt[i] - 0x20;
}
}
if (!strcmp(szExt, ".EXE"))
{
CloseHandle(hSnapShot);
return ModuleEntry32.hModule;
}
} while (Module32Next(hSnapShot, &ModuleEntry32));
}
CloseHandle(hSnapShot);
return NULL;
}
// 显示错误信息
DWORD GetLastErrorBox(HWND hWnd, LPSTR lpTitle)
{
LPVOID lpv;
DWORD dwRv;
if (GetLastError() == 0) return 0;
dwRv = FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_FROM_SYSTEM,
NULL,
GetLastError(),
MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US),
(LPSTR)&lpv,
0,
NULL);
MessageBox(hWnd, (LPCSTR)lpv, lpTitle, MB_OK);
if(dwRv)
LocalFree(lpv);
SetLastError(0);
return dwRv;
}
uintptr_t FindDMAAddy(uintptr_t ptr, vector<uintptr_t> offsets)
{
uintptr_t addr = ptr;
uintptr_t t;
for (unsigned int i = 0; i != offsets.size(); i++)
{
//printf("%x %x",addr,offsets[i]);
addr += offsets[i];
//printf("%x",addr);
if(i<offsets.size()-1)//最后一次只加偏移量,不用读取了
{
bool state = ReadProcessMemory(handle, (LPVOID)addr, &t, sizeof(t), 0);
if(!state)
{
cout<<"error in reading memory!"<<endl;
return ptr;
}
addr = t;
}
}
return addr;
}
int FindPID(string ProcessName)
{
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(pe32);
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(hProcessSnap == INVALID_HANDLE_VALUE) {
cout << "CreateToolhelp32Snapshot Error!" << endl;;
return false;
}
BOOL bResult =Process32First(hProcessSnap, &pe32);
int num(0);
while(bResult)
{
if(pe32.szExeFile==ProcessName)
{
return pe32.th32ProcessID;
}
bResult = Process32Next(hProcessSnap,&pe32);
}
CloseHandle(hProcessSnap);
return -1;
}