yuri
一定记得用管理员权限运行代码!!!
一定记得用管理员权限运行代码!!!
一定记得用管理员权限运行代码!!!
#include <bits/stdc++.h>
#include <iostream>
#include <Windows.h>
#include <Tlhelp32.h>
#include <stdio.h>
#include <time.h>
using namespace std;
void changeMoney();
void enableDebugPriv();
bool init(string gameName);
int FindPID(string ProcessName);
HMODULE fnGetProcessBase(DWORD PID);
DWORD GetLastErrorBox(HWND hWnd, LPSTR lpTitle) ;
uintptr_t FindDMAAddy(uintptr_t ptr, vector<uintptr_t> offsets);
HWND hwnd;
//程序的地址,类似于一个int
DWORD procID;
HANDLE handle;
//基地址cstrike.exe
unsigned int BaseAddress;
vector<uintptr_t> money_offsets;
uintptr_t first_build_offsets=0x00480D90;
uintptr_t first_deffence_offsets=0x00481D58;
uintptr_t first_soldier_offsets=0x00482CB8;
uintptr_t first_tank_offsets=0x00483C4C;
int distence=0x34;
int fresh_number=10;
void init_offsets()
{
// money
money_offsets.clear();
money_offsets.push_back(0x00683D4C);
money_offsets.push_back(0x30C);
}
uintptr_t ReadMemory(uintptr_t addr)
{
uintptr_t t;
bool state = ReadProcessMemory(handle, (LPVOID)addr, &t, sizeof(t), 0);
if(!state)return false;
return t;
}
void changeMoney()
{
int money = 20000;
uintptr_t addr = FindDMAAddy(BaseAddress,money_offsets);
// printf("%x",addr);
//写入实际的money
WriteProcessMemory(handle, (LPVOID)addr, &money, sizeof(money), 0);
}
uintptr_t get_myself_team_id()
{
//获取自己的队伍id指针
//gamemd.exe+683D4C
vector<uintptr_t> team_offsets;
team_offsets.push_back(0x683D4C);
uintptr_t myidaddr = FindDMAAddy(BaseAddress, team_offsets);
uintptr_t myid=ReadMemory(myidaddr);
return myid;
}
uintptr_t get_select_team_id()
{
//gamemd.exe+68ECBC
//0
//21c
vector<uintptr_t> grade_offsets;
grade_offsets.push_back(0x68ECBC);
grade_offsets.push_back(0x0);
grade_offsets.push_back(0x21C);
uintptr_t addr = FindDMAAddy(BaseAddress,grade_offsets);
uintptr_t team_id=ReadMemory(addr);
return team_id;
}
void unlimted_blood()
{
//判断当前选择的对象的队伍id是不是自己的队伍id
uintptr_t myid = get_myself_team_id();
uintptr_t select_id = get_select_team_id();
if(myid==select_id)
{
//"game.exe"+68ECBC
//0
//6c
int blood=20000;
vector<uintptr_t> grade_offsets;
grade_offsets.push_back(0x68ECBC);
grade_offsets.push_back(0x0);
grade_offsets.push_back(0x6c);
uintptr_t addr = FindDMAAddy(BaseAddress,grade_offsets);
WriteProcessMemory(handle, (LPVOID)addr, &blood, sizeof(blood), 0);
}
else
{
int blood=1;
vector<uintptr_t> grade_offsets;
grade_offsets.push_back(0x68ECBC);
grade_offsets.push_back(0x0);
grade_offsets.push_back(0x6c);
uintptr_t addr = FindDMAAddy(BaseAddress,grade_offsets);
WriteProcessMemory(handle, (LPVOID)addr, &blood, sizeof(blood), 0);
}
}
void upgrade()
{
//判断当前选择的对象的队伍id是不是自己的队伍id
uintptr_t myid = get_myself_team_id();
uintptr_t select_id = get_select_team_id();
if(myid==select_id)
{
//"game.exe"+68ECBC
//0
//150
float grade=2;
vector<uintptr_t> grade_offsets;
grade_offsets.push_back(0x68ECBC);
grade_offsets.push_back(0x0);
grade_offsets.push_back(0x150);
uintptr_t addr = FindDMAAddy(BaseAddress,grade_offsets);
WriteProcessMemory(handle, (LPVOID)addr, &grade, sizeof(grade), 0);
}
}
void freshBuilding()
{
//1.1 "game.exe"+0041BDA0
int complete=53;
for(int i=0;i!=fresh_number;i++)
{
vector<uintptr_t> offsets;
offsets.push_back(first_build_offsets+distence*i);
offsets.push_back(0x24);
uintptr_t addr = FindDMAAddy(BaseAddress,offsets);
if(addr==BaseAddress)continue;
uintptr_t t = ReadMemory(addr);
if(t<uintptr_t(53))
{
WriteProcessMemory(handle, (LPVOID)addr, &complete, sizeof(complete), 0);
}
}
}
void freshDeffence()
{
//2.1 "game.exe"+0041CC34
int complete=53;
for(int i=0;i!=fresh_number;i++)
{
vector<uintptr_t> offsets;
offsets.push_back(first_deffence_offsets+distence*i);
offsets.push_back(0x24);
uintptr_t addr = FindDMAAddy(BaseAddress,offsets);
if(addr==BaseAddress)continue;
uintptr_t t = ReadMemory(addr);
if(t<uintptr_t(53))
{
WriteProcessMemory(handle, (LPVOID)addr, &complete, sizeof(complete), 0);
}
}
}
void freshSoldier()
{
//3.1 "game.exe"+0041DA68
int complete=53;
for(int i=0;i!=fresh_number;i++)
{
vector<uintptr_t> offsets;
offsets.push_back(first_soldier_offsets+distence*i);
offsets.push_back(0x24);
uintptr_t addr = FindDMAAddy(BaseAddress,offsets);
if(addr==BaseAddress)continue;
uintptr_t t = ReadMemory(addr);
if(t<uintptr_t(53))
{
WriteProcessMemory(handle, (LPVOID)addr, &complete, sizeof(complete), 0);
}
}
}
void freshTank()
{
//4.1 "game.exe"+0041E8CC
int complete=53;
for(int i=0;i!=fresh_number;i++)
{
vector<uintptr_t> offsets;
offsets.push_back(first_tank_offsets+distence*i);
offsets.push_back(0x24);
uintptr_t addr = FindDMAAddy(BaseAddress,offsets);
if(addr==BaseAddress)continue;
uintptr_t t = ReadMemory(addr);
if(t<uintptr_t(53))
{
WriteProcessMemory(handle, (LPVOID)addr, &complete, sizeof(complete), 0);
}
}
}
int main()
{
init_offsets();
while(1)
{
if(!init("gamemd.exe"))
{
cout<<"修改器初始化失败!"<<endl;
Sleep(4000);
}
else
{
changeMoney();//修改金钱
freshBuilding();
freshDeffence();
freshSoldier();
freshTank();
unlimted_blood();
upgrade();
Sleep(1000);//暂停5秒,实战得提高刷新频率
//break;
}
}
CloseHandle(handle);
return 0;
}
bool init(string gameName)
{
procID=FindPID(gameName);
//cout<<procID<<endl;
//获取进程句柄
handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, procID);
if (handle == NULL)
{
cout << "There is no such a process!" << endl;
Sleep(3000);
return 0;
}
HMODULE hModule = fnGetProcessBase(procID);
if(hModule==NULL)
{
return 0;
}
BaseAddress = (UINT_PTR)hModule;
return 1;
}
//通过PID获取基地址
HMODULE fnGetProcessBase(DWORD PID)
{
//获取进程基址
HANDLE hSnapShot;
//通过CreateToolhelp32Snapshot和线程ID,获取进程快照
hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, PID);
if (hSnapShot == INVALID_HANDLE_VALUE)
{
GetLastErrorBox(NULL,"can't create Snapshot!");
return NULL;
}
MODULEENTRY32 ModuleEntry32;
ModuleEntry32.dwSize = sizeof(ModuleEntry32);
if (Module32First(hSnapShot, &ModuleEntry32))
{
do
{
TCHAR szExt[5];
strcpy(szExt, ModuleEntry32.szExePath + strlen(ModuleEntry32.szExePath) - 4);
for (int i = 0;i < 4;i++)
{
if ((szExt[i] >= 'a')&&(szExt[i] <= 'z'))
{
szExt[i] = szExt[i] - 0x20;
}
}
if (!strcmp(szExt, ".EXE"))
{
CloseHandle(hSnapShot);
return ModuleEntry32.hModule;
}
} while (Module32Next(hSnapShot, &ModuleEntry32));
}
CloseHandle(hSnapShot);
return NULL;
}
// 显示错误信息
DWORD GetLastErrorBox(HWND hWnd, LPSTR lpTitle)
{
LPVOID lpv;
DWORD dwRv;
if (GetLastError() == 0) return 0;
dwRv = FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_FROM_SYSTEM,
NULL,
GetLastError(),
MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US),
(LPSTR)&lpv,
0,
NULL);
MessageBox(hWnd, (LPCSTR)lpv, lpTitle, MB_OK);
if(dwRv)
LocalFree(lpv);
SetLastError(0);
return dwRv;
}
uintptr_t FindDMAAddy(uintptr_t ptr, vector<uintptr_t> offsets)
{
uintptr_t addr = ptr;
uintptr_t t;
for (unsigned int i = 0; i != offsets.size(); i++)
{
// printf("%x %x\n",addr,offsets[i]);
addr += offsets[i];
// printf("%x\n",addr);
if(i<offsets.size()-1)//最后一次只加偏移量,不用读取了
{
bool state = ReadProcessMemory(handle, (LPVOID)addr, &t, sizeof(t), 0);
if(!state)
{
// cout<<"error in reading memory!"<<endl;
return ptr;
}
addr = t;
}
}
return addr;
}
int FindPID(string ProcessName)
{
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(pe32);
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(hProcessSnap == INVALID_HANDLE_VALUE) {
cout << "CreateToolhelp32Snapshot Error!" << endl;;
return false;
}
BOOL bResult =Process32First(hProcessSnap, &pe32);
int num(0);
while(bResult)
{
if(pe32.szExeFile==ProcessName)
{
return pe32.th32ProcessID;
}
bResult = Process32Next(hProcessSnap,&pe32);
}
CloseHandle(hProcessSnap);
return -1;
}