二级偏移的查找是个难点,对《植物大战僵尸》年度版二级偏移的查找,是个不错的思路,或许能广泛应用的其他游戏上。
几个要点,总结一下:
1、根据阳光数找到的第一个地址:1CDEB6F8,绝大多数人都不会有什么问题。操作要点是:接着要对其进行“找出是什么访问了这个地址”的操作。
2、然后会看到红色的[edx+00005578]的提示,和“要查找的地址指针的值可能是 1CDE6180”,这里也没什么问题。
3、需要对地址1CDE6180进行查找,查找的结果处理是个难点。要点是,多点几次“再次扫描”,直到你看到左边栏里的地址,基本上不会有改变。
4、把第一个地址添加到列表:即017D8998,然后要对其进行“找出是什么改写了这个地址”的操作。这是个难点,一开始看不到什么提示。但是当你重新开始本局游戏后,你会发现里面有东西了:[edi+00000868]的提示,还有“要查找的地址指针的值可能是 017DB130”,离胜利不远了。
5、需要对地址017DB130进行查找,居然有2000多结果,但是不用担心,因为你多搜几次就会看到绿色的基址:007794F8出现了。
基址和偏移都找到了即[[[007794F8]+868]+5578]中存储的是阳光的值,[[007794F8]+868]+5578存储的是阳光的地址,这里值和地址不要搞混了,因为下一步Delphi编程中是读出阳光的值,写入阳光的地址,这也是个要点。
1
2
3 unit MainFrm;
4
5 interface
6
7 uses
8 Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
9 Dialogs, ExtCtrls, StdCtrls;
10
11 type
12 TForm1 = class(TForm)
13 grp1: TGroupBox;
14 edtPTitle: TEdit;
15 edtProcessID: TEdit;
16 lbl1: TLabel;
17 lbl3: TLabel;
18 grp2: TGroupBox;
19 edtOffset2: TEdit;
20 edtOffset1: TEdit;
21 edtBase: TEdit;
22 lbl4: TLabel;
23 lbl5: TLabel;
24 lbl6: TLabel;
25 grp3: TGroupBox;
26 btnGetProcess: TButton;
27 btn2: TButton;
28 btn3: TButton;
29 edtValue: TEdit;
30 lbl7: TLabel;
31 chk1: TCheckBox;
32 tmr1: TTimer;
33 procedure btnGetProcessClick(Sender: TObject);
34 procedure btn2Click(Sender: TObject);
35 procedure btn3Click(Sender: TObject);
36 procedure tmr1Timer(Sender: TObject);
37 private
38 { Private declarations }
39 public
40 { Public declarations }
41 end;
42
43 var
44 Form1: TForm1;
45
46 implementation
47
48 {$R *.dfm}
49
50 procedure TForm1.btn2Click(Sender: TObject);
51 var
52 Sunny:integer;
53 nbRead:Cardinal;
54 h:THandle;
55 Address:integer;
56 begin
57 if not (edtBase.Text='') and
58 not(edtOffset1.Text='') and
59 not(edtOffset2.Text='') and
60 not(edtProcessID.Text='0') then
61 begin
62 h:=openProcess(PROCESS_ALL_ACCESS,false,StrToInt(edtProcessID.Text));
63 Address:=strtoint('$'+edtBase.Text);
64 ReadProcessMemory(h,Pointer(Address),@Sunny,4,nbRead);
65
66 Address:=Dword(Sunny+strtoint('$'+edtoffset1.Text));
67 ReadProcessMemory(h,Pointer(Address),@Sunny,4,nbRead);
68
69 Address:=Dword(Sunny+strtoint('$'+edtoffset2.Text));
70 ReadProcessMemory(h,Pointer(Address),@Sunny,4,nbRead);
71 edtValue.Text:=IntToStr(Sunny);
72 end;
73 end;
74
75 procedure TForm1.btn3Click(Sender: TObject);
76 var
77 Sunny,NewSunny,Address:integer;
78 nbRead:Cardinal;
79 h:THandle;
80 begin
81 NewSunny:=strtoint(edtValue.Text);//读取要写入的阳光值
82 try
83 h:=openProcess(PROCESS_ALL_ACCESS,False,Cardinal(StrToInt(edtProcessID.Text)));//打开游戏进程
84
85 Address:=strtoint('$'+edtBase.Text);
86 ReadProcessMemory(h,Pointer(Address),@Sunny,4,nbRead);//读基址
87
88 Address:=Sunny+strtoint('$'+edtoffset1.Text);
89 ReadProcessMemory(h,Pointer(Address),@Sunny,4,nbRead);//读一级偏移
90
91 Address:=Sunny+strtoint('$'+edtoffset2.Text); //计算阳光的地址
92
93 WriteProcessMemory(h,Pointer(Address),@NewSunny,4,nbRead); //写入新阳光值
94 finally
95 CloseHandle(h);//事后要关闭游戏进程句柄
96 end;
97
98 end;
99
100 procedure TForm1.btnGetProcessClick(Sender: TObject);
101 var
102 PID: Cardinal;
103 handle:THandle;
104 begin
105 if not (edtPTitle.Text='') then
106 begin
107 handle:=FindWindow(nil,PWideChar(edtPTitle.Text));//获取游戏句柄
108 GetWindowThreadProcessId(handle,@PID);//学习@pid的这种用法 获取PID
109 edtProcessID.Text:=IntToStr(PID);
110 end;
111 end;
112
113 procedure TForm1.tmr1Timer(Sender: TObject);
114 begin
115 if not (edtValue.Text='') and chk1.Checked then
116 btn3Click(Sender);
117 end;
118
119 end.
120
121
122
TForm代码
1 object Form1: TForm1
2 Left = 0
3 Top = 0
4 Caption = #25351#23450#31243#24207#20869#23384#20462#25913#27979#35797
5 ClientHeight = 273
6 ClientWidth = 477
7 Color = clBtnFace
8 Font.Charset = DEFAULT_CHARSET
9 Font.Color = clWindowText
10 Font.Height = -11
11 Font.Name = 'Tahoma'
12 Font.Style = []
13 OldCreateOrder = False
14 PixelsPerInch = 96
15 TextHeight = 13
16 object grp1: TGroupBox
17 Left = 16
18 Top = 8
19 Width = 449
20 Height = 104
21 Caption = #24453#20462#25913#31243#24207#20449#24687#65306
22 TabOrder = 0
23 object lbl1: TLabel
24 Left = 16
25 Top = 32
26 Width = 84
27 Height = 13
28 Caption = #31243#24207#31383#21475#26631#39064#65306
29 end
30 object lbl3: TLabel
31 Left = 16
32 Top = 64
33 Width = 71
34 Height = 13
35 Caption = #31243#24207#36827#31243'ID'#65306
36 end
37 object edtPTitle: TEdit
38 Left = 106
39 Top = 29
40 Width = 97
41 Height = 21
42 TabOrder = 0
43 Text = 'Plants vs. Zombies 1.2.0.1073 RELEASE'
44 end
45 object edtProcessID: TEdit
46 Left = 106
47 Top = 61
48 Width = 97
49 Height = 21
50 ReadOnly = True
51 TabOrder = 1
52 end
53 object btnGetProcess: TButton
54 Left = 222
55 Top = 27
56 Width = 75
57 Height = 25
58 Caption = #33719#21462
59 TabOrder = 2
60 OnClick = btnGetProcessClick
61 end
62 end
63 object grp2: TGroupBox
64 Left = 16
65 Top = 128
66 Width = 449
67 Height = 57
68 Caption = #22320#22336#20449#24687
69 TabOrder = 1
70 object lbl4: TLabel
71 Left = 16
72 Top = 25
73 Width = 36
74 Height = 13
75 Caption = #22522#22336#65306
76 end
77 object lbl5: TLabel
78 Left = 175
79 Top = 25
80 Width = 60
81 Height = 13
82 Caption = #19968#32423#20559#31227#65306
83 end
84 object lbl6: TLabel
85 Left = 303
86 Top = 25
87 Width = 60
88 Height = 13
89 Caption = #20108#32423#20559#31227#65306
90 end
91 object edtOffset2: TEdit
92 Left = 369
93 Top = 22
94 Width = 56
95 Height = 21
96 NumbersOnly = True
97 TabOrder = 0
98 Text = '5578'
99 end
100 object edtOffset1: TEdit
101 Left = 241
102 Top = 22
103 Width = 56
104 Height = 21
105 NumbersOnly = True
106 TabOrder = 1
107 Text = '868'
108 end
109 object edtBase: TEdit
110 Left = 55
111 Top = 22
112 Width = 114
113 Height = 21
114 NumbersOnly = True
115 TabOrder = 2
116 Text = '007794F8'
117 end
118 end
119 object grp3: TGroupBox
120 Left = 16
121 Top = 191
122 Width = 449
123 Height = 74
124 Caption = #20462#25913#25805#20316
125 TabOrder = 2
126 object lbl7: TLabel
127 Left = 106
128 Top = 32
129 Width = 24
130 Height = 13
131 Caption = #20540#65306
132 end
133 object btn2: TButton
134 Left = 16
135 Top = 27
136 Width = 75
137 Height = 25
138 Caption = #35835#21462
139 TabOrder = 0
140 OnClick = btn2Click
141 end
142 object btn3: TButton
143 Left = 233
144 Top = 27
145 Width = 75
146 Height = 25
147 Caption = #20889#20837
148 TabOrder = 1
149 OnClick = btn3Click
150 end
151 object edtValue: TEdit
152 Left = 136
153 Top = 29
154 Width = 81
155 Height = 21
156 TabOrder = 2
157 end
158 object chk1: TCheckBox
159 Left = 328
160 Top = 31
161 Width = 97
162 Height = 17
163 Caption = #38145#23450
164 TabOrder = 3
165 end
166 end
167 object tmr1: TTimer
168 OnTimer = tmr1Timer
169 Left = 368
170 Top = 56
171 end
172 end