Facker007's blog

C语言之重新入门到入土

2021-09-05 分类 作者 Facker007 ~3.00K 字

修改PVZ内阳光数据

  • FindWindow

  • GetWindowThreadProcessId

  • OpenProcess

  • ReadProcessMemory

  • WriteProcessMemory

  • Closehandle
    spy++寻找findwindow所需要的类和标题

两次的偏移+基址

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#include <stdio.h>
#include <windows.h>
int main()
{	
	SetConsoleTitle("asdassda");

	//通过handle(窗口句柄,FindWindow)获取进程id
	HWND h_win;
	h_win=FindWindow("MainWindow","Plants vs. Zombies 1.2.0.1073 RELEASE");
	printf("PVZ的句柄是:%X\n", h_win);
	

	//GetWindowProcessId获取进程id
	DWORD pro_id;
	GetWindowThreadProcessId(h_win,&pro_id);
	printf("进程id:%d\n", pro_id);

	//获取进程句柄
	HANDLE hprocess;
	hprocess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,pro_id);
	
	//读基址
	int buffer;
	ReadProcessMemory(hprocess,(LPCVOID)0x007578F8,&buffer,4,NULL);
	printf("%d\n", buffer);


	//读一级偏移,868
	ReadProcessMemory(hprocess, (LPCVOID)(buffer + 0x868), &buffer, 4, NULL);
	printf("(buffer + 0x868)里面的数据为%x\n", buffer);
	int sum = 666;

	//直接改写二级偏移,5578
	WriteProcessMemory(hprocess, (LPCVOID)(buffer + 0x5578), &sum, 4, NULL);
	printf("阳光已经修改为: %d", sum);
    
	//关闭打开的线程句柄
	CloseHandle(hprocess);
	getchar();


	//打包,右键项目文件打开文件夹,删除.vs和debug

	//静态编译:项目  ——》  project1  属性  -->C/C++ --> 代码生成  --》  运行库改成多线程
	return 0;
}

静态编译

内存拷贝过CRC检测

  • VirtualAllocEx

  • ReadProcessMemory

  • WriteProcessMemory

  • for循环

  • if分支

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#include <stdio.h>
#include <windows.h>
void MemRead()
{
	SetConsoleTitle("asdassda");

	//通过handle(窗口句柄,FindWindow)获取进程id
	HWND h_win;
	h_win = FindWindow("MainWindow", "Plants vs. Zombies 1.2.0.1073 RELEASE");
	printf("PVZ的句柄是:%X\n", h_win);


	//GetWindowProcessId获取进程id
	DWORD pro_id;
	GetWindowThreadProcessId(h_win, &pro_id);
	printf("进程id:%d\n", pro_id);

	//获取进程句柄
	HANDLE hprocess;
	hprocess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pro_id);

	//读基址
	
	DWORD addr_start = 0x400000;
	DWORD addr_last = 0x400065;

	//随机分配地址
	LPVOID lpaddress = VirtualAllocEx(hprocess, NULL, 125, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
	printf("分配的内存地址:%x\n\n", lpaddress);
	
    
	//强制转换成DWORD
	DWORD address_write = (DWORD)lpaddress;

	for (addr_last;addr_start<addr_last;addr_start++,address_write++)
	{
		BYTE buffer[] = { 0 };
		//读取
		ReadProcessMemory(hprocess, (LPCVOID)addr_start, &buffer, 1, NULL);

		printf("address=0x%x   byte=%02X\n", addr_start,buffer[0]);
		//写入
		WriteProcessMemory(hprocess, address_write, buffer, 1, NULL);
	}
	
}

int main()
{
	MemRead();
	/*int a[2] = { 0 };
	a[0] = 1;
	a[1] = 2;
	printf("%x\n\n", a[0]);*/

	/*int b[] = {1,2,3};
	printf("%x\n", b[0]);
	printf("%x\n ", b[1]);
	*/ 

	
	//BYTE d[] = { 0 };
	//d[0] = 1;
	//d[1] = 3;
	////&符号是取地址
	//printf("%x\n\n", &d);


	getchar();
	return 0;

}

vs添加高级UAC权限

本作品采用 知识共享署名-相同方式共享 4.0 国际许可协议 进行许可
最后编辑:2022-01-14