C遍历cs1.6房间人物

2022-01-14 分类作者 Facker007 ~2.02K 字

找到四重指针和最后的基址（子弹）

去不断遍历数据，去筛选符号条件的数据（血量==100.0 并且 z坐标<0）

CC              5EC           7C         4B9C
05A02BA0

5EC
07D79420

7C
0A8ECB7C

cstrike.exe+11069BC

4B9C
0A7DC4F8

cstrike.exe+1117C64  =   2571C64

#include <stdio.h>
#include <Windows.h>
HANDLE hprocess;
DWORD pid;
void GetValue() {
	SetConsoleTitle("cs1.6人物遍历");
	HWND h_win;
	h_win = FindWindow("Valve001", "Counter-Strike");
	printf("CS1.6窗口的句柄是：%X\n", h_win);

	DWORD pro_id;
	GetWindowThreadProcessId(h_win, &pid);
	printf("CS1.6窗口的id(PID)：%d\n", pid);

	hprocess = OpenProcess(PROCESS_ALL_ACCESS, false, pid);
}
void TestList() {
	DWORD addr_start = 0x2517C64;
	DWORD _pointer;
	FLOAT _hp;
	int buffer;
	float xyz[3];
	int i_list = 0;
	ReadProcessMemory(hprocess, (LPCVOID)addr_start, &_pointer, 4, NULL);
	ReadProcessMemory(hprocess, (LPCVOID)(_pointer + 0x4B9C), &_pointer, 4, NULL);
	/*ReadProcessMemory(hprocess, (LPCVOID)(_pointer + 0x7C), &_pointer, 4, NULL);
	ReadProcessMemory(hprocess, (LPCVOID)(_pointer + 0x5EC), &_pointer, 4, NULL);
	ReadProcessMemory(hprocess, (LPCVOID)(_pointer + 0xCC), &_pointer, 4, NULL);*/
	DWORD addr_list = _pointer;
	for (int i = 0; i < 9999999; i++, addr_list++) {
		ReadProcessMemory(hprocess, (LPCVOID)(addr_list + 0x1e0), &_hp, 4, NULL);
		ReadProcessMemory(hprocess, (LPCVOID)(addr_list + 0x88), &xyz[0], 4, NULL);
		ReadProcessMemory(hprocess, (LPCVOID)(addr_list + 0x8c), &xyz[1], 4, NULL);
		ReadProcessMemory(hprocess, (LPCVOID)(addr_list + 0x90), &xyz[2], 4, NULL);
		if (_hp >= 100.0 &&_hp<=160.0&& xyz[2]<0.0) {
			i_list += 1;
			printf("id=%d,     pointer=%x,        血量=%f      x=%f   y=%f    z=%f\n", i_list,addr_list, _hp,xyz[0],xyz[1],xyz[2]);
		}

	}
	//printf("%f", _hp);
}

int main() {
	GetValue();
	TestList();
	getchar();
	return 0;
}

结果

Facker007's blog

C遍历cs1.6房间人物

本作品采用知识共享署名-相同方式共享 4.0 国际许可协议进行许可

Facker007's blog

本作品采用 知识共享署名-相同方式共享 4.0 国际许可协议 进行许可

本作品采用知识共享署名-相同方式共享 4.0 国际许可协议进行许可