创世战车项目

照葫芦画瓢写的很傻逼的辅助

#include <Windows.h>
#include <stdio.h>
#include <WINBASE.H>
#include <string.h>
#include <tchar.h>
#include <psapi.h>
#include <tlhelp32.h>
#include <math.h>
//定义全局变量
COLORREF SnapLineCOLOR;
COLORREF TextCOLOR;
HANDLE _hGameHandle;
RECT m_rect;
DWORD ProcessId;
HDC HDC_Desktop;
HBRUSH EnemyBrush = CreateSolidBrush(RGB(255, 0, 0));
HWND Handle;
HFONT Font;
float cx=1380;
float fovX = 3.1415 * 84 / 180;
float fovY = 3.1415 * 60 / 180;
#define BasePtr 0x204D6D0
#define ArrayPtr 0x2635890
#define mousexptr 0x264AAA4
#define crmeraptr 0x264A4A0

void DrawFilledRect(int x, int y, int w, int h)
{
    //We create our rectangle to draw on screen
    RECT rect = { x, y, x + w, y + h };
    //We clear that portion of the screen and display our rectangle
    FillRect(HDC_Desktop, &rect, EnemyBrush);
}


void DrawBorderBox(int x, int y, int w, int h, int thickness)
{
    //Top horiz line
    DrawFilledRect(x, y, w, thickness);
    //Left vertical line
    DrawFilledRect(x, y, thickness, h);
    //right vertical line
    DrawFilledRect((x + w), y, thickness, h);
    //bottom horiz line
    DrawFilledRect(x, y + h, w + thickness, thickness);
}


//Here is where we draw our line from point A to Point B
void DrawLine(float StartX, float StartY, float EndX, float EndY, COLORREF Pen)
{
    int a, b = 0;
    HPEN hOPen;
    // penstyle, width, color
    HPEN hNPen = CreatePen(PS_SOLID, 2, Pen);
    hOPen = (HPEN)SelectObject(HDC_Desktop, hNPen);
    // starting point of line
    MoveToEx(HDC_Desktop, StartX, StartY, NULL);
    // ending point of line
    a = LineTo(HDC_Desktop, EndX, EndY);
    DeleteObject(SelectObject(HDC_Desktop, hOPen));
}

//Draw our text with this function
void DrawString(int x, int y, COLORREF color, const char* text)
{
    SetTextAlign(HDC_Desktop, TA_CENTER | TA_NOUPDATECP);

    SetBkColor(HDC_Desktop, RGB(0, 0, 0));
    SetBkMode(HDC_Desktop, TRANSPARENT);

    SetTextColor(HDC_Desktop, color);

    SelectObject(HDC_Desktop, Font);

    TextOutA(HDC_Desktop, x, y, text, strlen(text));

    DeleteObject(Font);
}

//**********************************************************************************************************************************

//自己封装的函数

//取进程ID函数
DWORD _GetProcessId(char* ClassName, char* WindowName)
{
    //取游戏窗口的句柄
    DWORD _pid;
    HWND hGameWindow;
    hGameWindow = FindWindowA(ClassName, WindowName);
    GetWindowThreadProcessId(hGameWindow, &_pid);
    return _pid;
}

//获取进程的句柄
HANDLE _GetProcessHandle(DWORD _pid)
{
    HANDLE hGameHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, _pid);
    return hGameHandle;
}

//读内存4字节整数型
DWORD _ReadMemeryInt(HANDLE hGameHandle, DWORD _address)
{
    DWORD buffer;
    ReadProcessMemory(hGameHandle, LPCVOID(_address), &buffer, sizeof(buffer), NULL);
    return buffer;
}

//读内存小数型
FLOAT _ReadMemeryFloat(HANDLE hGameHandle, DWORD _address)
{
    FLOAT buffer;
    ReadProcessMemory(hGameHandle, LPCVOID(_address), &buffer, sizeof(buffer), NULL);
    return buffer;
}

//读内存文本型
char* _ReadMemeryString(HANDLE hGameHandle, DWORD _address)
{
    char read[256];
    char* pa;

    pa = read;

    ReadProcessMemory(hGameHandle, LPCVOID(_address), read, sizeof(read), NULL);

    for (pa; *pa != ''; pa++)
    {
        return pa;
    }
    
}

//写内存整数型
BOOL WriteMemeryInt(HANDLE hGameHandle, DWORD _address, DWORD Data)
{
    return WriteProcessMemory(hGameHandle, LPVOID(_address), &Data, sizeof(Data), NULL);
}

//写内存小数型
BOOL WriteMemeryFloat(HANDLE hGameHandle, DWORD _address, FLOAT Data)
{
    return WriteProcessMemory(hGameHandle, LPVOID(_address), &Data, sizeof(Data), NULL);
}

//写内存字节数组
BOOL WriteMemeryBytes(HANDLE hGameHandle, DWORD _address, BYTE Data[], SIZE_T Bytes)
{
    return WriteProcessMemory(hGameHandle, LPVOID(_address), Data, Bytes, NULL);
}

//取本程序模块地址
DWORD_PTR GetProcessBaseAddress(DWORD processID)
{
    DWORD_PTR   baseAddress = 0;
    HANDLE      processHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processID);
    HMODULE     *moduleArray;
    LPBYTE      moduleArrayBytes;
    DWORD       bytesRequired;

    if (processHandle)
    {
        if (EnumProcessModules(processHandle, NULL, 0, &bytesRequired))
        {
            if (bytesRequired)
            {
                moduleArrayBytes = (LPBYTE)LocalAlloc(LPTR, bytesRequired);

                if (moduleArrayBytes)
                {
                    unsigned int moduleCount;

                    moduleCount = bytesRequired / sizeof(HMODULE);
                    moduleArray = (HMODULE *)moduleArrayBytes;

                    if (EnumProcessModules(processHandle, moduleArray, bytesRequired, &bytesRequired))
                    {
                        baseAddress = (DWORD_PTR)moduleArray[0];
                    }
                    LocalFree(moduleArrayBytes);
                }
            }
        }
        CloseHandle(processHandle);
    }
    return baseAddress;
}

//通杀调用Call
void MyCall_All(DWORD Pid, DWORD _CallAddress, LPVOID FuncName)
{
    //获取进程句柄
    HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, Pid);

    //有参数的Call
    if (_CallAddress == NULL)
    {
        //申请一块内存给整个Call
        LPVOID MyCallAddress = VirtualAllocEx(hProcess, NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
        //写入Call的数据到上一行代码申请的内存中
        WriteProcessMemory(hProcess, MyCallAddress, FuncName, 0x1000, NULL);
        //创建远程线程-并获取线程的句柄
        HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)MyCallAddress, NULL, 0, NULL);
        //等待线程事件
        WaitForSingleObject(hThread, 2000);
        //防止内存泄露
        CloseHandle(hThread);
        CloseHandle(hProcess);
    }
    else
    {
        //创建远程线程-并获取线程的句柄
        HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)_CallAddress, NULL, 0, NULL);
        //等待线程事件
        WaitForSingleObject(hThread, 2000);
        //防止内存泄露
        CloseHandle(hThread);
        CloseHandle(hProcess);
    }
}


//**********************************************************************************************************************************


//修改口袋西游血量函数
BOOL ChangeBlood()
{
    DWORD Address = 0x2e2626b8;
    BYTE Code[] = { 0x00,0x23,0x24,0x25,0xAE,0x04,0x04,0x04,0x04,0x04 };
    //字节数组
    return WriteMemeryBytes(_hGameHandle, Address, Code, 10);
}

//插件初始化
VOID Begin()
{
    SetConsoleTitleA("创世战车人物遍历 cmd版本");

    //取进程ID
    ProcessId = _GetProcessId(NULL,(char*)"Crossout 0.10.48.109594");

    printf("
进程ID：%d
", ProcessId);

    //获取进程的句柄
    _hGameHandle = _GetProcessHandle(ProcessId);

    printf("进程句柄：%x
", (unsigned int)_hGameHandle);

    //_ReadMemeryString(_hGameHandle, 0x04389308);

    //printf("
字符串：%s
", _ReadMemeryString(_hGameHandle, 0x04389308));


}

bool worldtosc(float mousex, float mousey, float juli, float nowx, float nowy, float scX, float scY)
{
    int flagX = 0;
    int entryX = 0;
    float leftborderX = nowx - 3.14 / 4;
    if (leftborderX < -3.14) {
        leftborderX += 3.14;
        flagX = 1;
    }
    float rightborderX = nowx + 3.14 / 4;
    if (rightborderX > 3.14) {
        rightborderX -= 3.14;
        flagX = 1;
    }
    if (flagX == 1)
    {
        if (mousex > leftborderX || mousex < rightborderX)
        {
            entryX = 1;
        }
    }
    else if(mousex>leftborderX&&mousex<rightborderX)
    {
        entryX = 1;
    }
    if (fabs(nowy - mousey)<=fovY/2&&entryX==1)
    {
        //printf("nowx = %f 
nowy= %f
mousex=%f
mousey=%f
宽=%d
高=%d
", nowx, nowy, mousex, mousey, m_rect.right - m_rect.left, m_rect.bottom - m_rect.top);
        //float lineA = juli * sin(mousex-nowx);
        //float lineB = juli * sin(nowy -mousey);
        //float lineAA = cos(nowx - mousex)*juli;
        //float lineBB = cos(nowy - mousey)*juli;
        //float lineAAA = tan(fovX / 2)*lineAA;
        //float lineBBB = tan(fovY / 2)*lineBB;
        float len = (m_rect.right - m_rect.left) / 2;
        float high = (m_rect.bottom - m_rect.top) / 2;
        //printf("%f %f", len*2, high*2);
        //printf("x=%d y=%d
", m_rect.left, m_rect.top);
        scX = tan(mousex - nowx)*len / tan(fovX / 2) + len+ m_rect.left;
        scY = tan(nowy - mousey)*high / tan(fovY / 2) + high + m_rect.top;
        //printf("scX = %f
scY = %f 
", scX, scY);
        //printf("lineA = %f   lineB = %f 
 line AA = %f ,lineBB = %f 
 line AAA = %f   lineBBB = %f  
 scX = %f  scY = %f 
", lineA, lineB,lineAA,lineBB,lineAAA,lineBBB,scX,scY);
        //DrawString((int)(scX-cx/juli), (int)(scY - cx / juli - 48), RGB(255, 0, 0), "Miraculous_B");
        DrawBorderBox((int)(scX-cx/juli), (int)(scY-cx/juli-48), (int)2500.0/juli, (int)2500.0/juli, (int)8.0);
        //DrawFilledRect((int)scX, (int)scY - 48, (int)2500.0);
        return 1;
    }
}
void SetupDrawing(HDC hDesktop, HWND handle)
{
    HDC_Desktop = hDesktop;
    Handle = handle;
    EnemyBrush = CreateSolidBrush(RGB(0, 255, 0));
    //Color
    SnapLineCOLOR = RGB(0, 0, 255);
    TextCOLOR = RGB(0, 255, 0);
}
VOID ReadValue()
{
    HWND h_wnd = ::FindWindow(_T("Crossout 0.10.48.109594"), NULL);
    HDC HDC_Desktop = GetDC(h_wnd);
    SetupDrawing(HDC_Desktop, h_wnd);
    DWORD_PTR modbase = GetProcessBaseAddress(ProcessId);
    DWORD TempAddress, RetTemp, GetBase, ObjectAddress, ObjectValue;
    HWND qwq = FindWindow(NULL, "Crossout 0.10.48.109594");
    GetWindowRect(qwq, &m_rect);
    printf("x=%d y=%d
",m_rect.left, m_rect.top);
    //基地址
    //DWORD BaseAddress = modbase + BasePtr;
    //DWORD BaseAddress = 0x2D5D6D0;
    DWORD BaseAddress = GetProcessBaseAddress(ProcessId) + BasePtr;
    //数组基地址
    //DWORD Address_Array = modbase + ArrayPtr;
    //DWORD Address_Array = 0x3345890;
    DWORD Address_Array = GetProcessBaseAddress(ProcessId) + ArrayPtr;
    printf("%x
%x
", BaseAddress, Address_Array);
    char* Name = NULL;
    int Count = 1;
    int n=-1;
    int duiyou[50];
    memset(duiyou, 0, sizeof(duiyou));
    while (1) {
        float minjuli = 9999999999;
        float x1 = 0, y1 = 0, z1 = 0; // 最近敌人位置
        float x0 = 0, y0 = 0, z0 = 0; // 摄像机位置
        y0 = _ReadMemeryFloat(_hGameHandle, modbase + 0x264A4A8);
        x0 = _ReadMemeryFloat(_hGameHandle, modbase + 0x264A4A0);
        z0 = _ReadMemeryFloat(_hGameHandle, modbase + 0x264A4A4);
        int xiabiao = 0;
        for (int i = 0; i < 16; i++)
        {
            //地址解密
            TempAddress = i * 0x870 + Address_Array + 0x3638;
            RetTemp = _ReadMemeryInt(_hGameHandle, TempAddress);
            //计算数组遍历地址
            RetTemp = ((RetTemp & 0x0fff) + 0x2AAD) * 0x0c;
            //基地址
            GetBase = _ReadMemeryInt(_hGameHandle, BaseAddress);
            //[[2D5D6D0] + (([03345890 + ((i * 870) + 3638)] & 0fff) + 2aad) * 3 * 4] + 0C0
            //计算人物对象地址
            ObjectAddress = GetBase + RetTemp;
            //读人物对象地址
            ObjectValue = _ReadMemeryInt(_hGameHandle, ObjectAddress);
            //判断对象是否存在
            if (ObjectValue != NULL&&duiyou[i]==0)
            {
                //读取人物血量
                float Bloat = _ReadMemeryFloat(_hGameHandle, ObjectValue + 0xc0);
                float y = _ReadMemeryFloat(_hGameHandle, ObjectValue + 0x2b8);
                float x = _ReadMemeryFloat(_hGameHandle, ObjectValue + 0x2b0);
                float z = _ReadMemeryFloat(_hGameHandle, ObjectValue + 0x2b4);
                float juli = sqrt((y - y0)*(y - y0) + (x - x0)*(x - x0) + (z - z0)*(z - z0));

                if (minjuli > juli&&x!=0&&i!=n&&Bloat>0.00001)//获得最小距离以选中最近敌人自瞄,  不选中自己 , 去噪x2
                {
                    xiabiao = i;
                    minjuli = juli;
                    x1 = x;
                    y1 = y;
                    z1 = z;
                }
                if (Bloat != 0&&x!=0) {
                    if (n == -1) //标记队友
                    {
                        duiyou[i] = 0;
                    }
                    ObjectAddress = GetBase + RetTemp;
                    printf("下标:%d  血量：%.3f  坐标:(%.0f,%.0f,%.0f)，人物阵营:%x
",i, Bloat, x, y,z, _ReadMemeryFloat(_hGameHandle, ObjectValue - 0x38));
                }
                //-------------------------------------------------------------获得mousex,mousez
                float x11 = x, y11 = y, z11 = z;
                x11 -= x0;
                x11 = -x11;
                y11 -= y0;
                y11 = -y11;
                z11 = z11 - z0;
                float k = fabs(atan(y11 / x11));
                float mousex = 0;
                float mousez = 0;
                if (x11 > 0 && y11 > 0) //第一向量
                    mousex = 1.57 - (k * 2 / 3.1415926*1.57);
                if (x11 > 0 && y11 < 0)  //4
                    mousex = 1.57 + (k * 2 / 3.1415926*1.57);
                if (x11 < 0 && y11 < 0)  //3
                    mousex = -1.57 - (k * 2 / 3.1415926*1.57);
                if (x11 < 0 && y11 > 0)  //2
                    mousex = -1.57 + (k * 2 / 3.1415926*1.57);
                if (z11 > 0)
                    mousez = atan(z11 / sqrt((x11*x11 + y11 * y11)));
                else
                    mousez = atan(z11 / sqrt((x11*x11 + y11 * y11)));
                    //mousez = -fabs(atan(z11 / juli) * 2 / 3.1415926)*1.57;
                //-------------------------------------------------------------获得mousex,mousez

                //-------------------------------------------------------------方框透视
                float nowx = _ReadMemeryFloat(_hGameHandle, modbase + mousexptr);
                float nowy = _ReadMemeryFloat(_hGameHandle, modbase + mousexptr + 4);
                float scx = 0;
                float scy = 0;
                worldtosc(mousex, mousez, juli, nowx, nowy,scx, scy);
                //-------------------------------------------------------------方框透视
                ObjectAddress = NULL;
                ObjectValue = NULL;
            }

        }
        //-------------------------------------------------------------获得本人下标
        if (n == -1)
        {
            scanf_s("%d",&n);
            Sleep(3*1000);
            continue;
        }
        //-------------------------------------------------------------获得本人下标
        //float y2 = y1;
        //float x2 = x1;
        /*
        //-------------------------------------------------------------获得mousex,mousez
        x1 -= x0;
        x1 = -x1;
        y1 -= y0;
        y1 = -y1;
        float k = fabs(atan(y1 / x1));
        float mousex=0;
        if (x1 > 0 && y1 > 0) //第一向量
            mousex = 1.57 - (k * 2 / 3.1415926*1.57);
        if (x1 > 0 && y1 < 0)  //4
            mousex = 1.57 + (k * 2 / 3.1415926*1.57);
        if (x1 < 0 && y1 < 0)  //3
            mousex = -1.57 - (k * 2 / 3.1415926*1.57);
        if (x1 < 0 && y1 > 0)  //2
            mousex = -1.57+(k * 2 / 3.1415926*1.57);
        float z2 = z1;
        z1 = z1 - z0;
        float mousez = 0;
        if (z1 > 0)
            mousez = fabs(atan(z1 / minjuli) * 2 / 3.1415926)*1.57;
        else
            mousez = -fabs(atan(z1 / minjuli) * 2 / 3.1415926)*1.57;
        //-------------------------------------------------------------获得mousex,mousez

        //-------------------------------------------------------------方框透视
        float nowx = _ReadMemeryFloat(_hGameHandle, modbase + mousexptr);
        float nowy = _ReadMemeryFloat(_hGameHandle, modbase + mousexptr + 4);
        float scx = 0;
        float scy = 0;
        worldtosc(mousex, mousez, minjuli, nowx, nowy, scx, scy);
        //-------------------------------------------------------------方框透视

        //-------------------------------------------------------------自瞄
        //if (duiyou[xiabiao] == 0&& GetAsyncKeyState(VK_RBUTTON)) {
        //    WriteMemeryFloat(_hGameHandle, modbase + mousexptr, mousex);
        //    WriteMemeryFloat(_hGameHandle, modbase + mousexptr + 4, mousez);
        //}
        //-------------------------------------------------------------自瞄

        */

        //printf("离最近的人的鼠标X值：%f    k=%f ,x1=%f,y1=%f,z1 = %f minjuli=%f
", mousex,k,x1,y1,z1,minjuli);
        //printf("最近的那个人的坐标：%f %f %f
", x2, y2,z2);
        //printf("我的坐标:%f  , %f  , %f
 ", x0, y0,z0);
        system("cls");
    }
}


int main()
{
    //辅助的初始化
    //scanf_s("%f", &cx);
    Begin();
    ReadValue();
    getchar();
    return 0;
    /*
    DWORD qwq = _GetProcessId(NULL, (char*)"Crossout 0.10.48.109594");
    HANDLE pwp = _GetProcessHandle(qwq);
    printf("%x
", pwp);
    */

}