第一 : 刷阳光刷金币无冷却 辅助
首先用CE工具找到基址和阳光,金币,物品栏的偏移量, 算出各个的地址, 然后通过api往内存中写入数据即可.
using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using System.Windows.Forms; using System.Runtime.InteropServices; using System.Diagnostics; namespace ZhiWuDaZhanJiangShi { public partial class Form1 : Form { public Form1() { InitializeComponent(); } #region API //从指定内存中读取字节集数据 [DllImportAttribute("kernel32.dll", EntryPoint = "ReadProcessMemory")] public static extern bool ReadProcessMemory(IntPtr hProcess,IntPtr lpBaseAddress,IntPtr lpBuffer,int nSize,IntPtr lpNumberOfBytesRead); //从指定内存中写入字节集数据 [DllImportAttribute("kernel32.dll", EntryPoint = "WriteProcessMemory")] public static extern bool WriteProcessMemory(IntPtr hProcess,IntPtr lpBaseAddress,int[] lpBuffer,int nSize, IntPtr lpNumberOfBytesWritten ); //打开一个已存在的进程对象,并返回进程的句柄 [DllImportAttribute("kernel32.dll", EntryPoint = "OpenProcess")] public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId); //关闭一个内核对象。其中包括文件、文件映射、进程、线程、安全和同步对象等。 [DllImport("kernel32.dll")] private static extern void CloseHandle(IntPtr hObject); #endregion #region 使用方法 //根据进程名获取PID public static int GetPidByProcessName(string processName) { Process[] arrayProcess = Process.GetProcessesByName(processName); foreach (Process p in arrayProcess) { return p.Id; } return 0; } //读取内存中的值 public static int ReadMemoryValue(int baseAddress, string processName) { try { byte[] buffer = new byte[4]; //获取缓冲区地址 IntPtr byteAddress = Marshal.UnsafeAddrOfPinnedArrayElement(buffer, 0); //打开一个已存在的进程对象 0x1F0FFF 最高权限 IntPtr hProcess = OpenProcess(0x1F0FFF, false, GetPidByProcessName(processName)); //将制定内存中的值读入缓冲区 ReadProcessMemory(hProcess, (IntPtr)baseAddress, byteAddress, 4, IntPtr.Zero); //关闭操作 CloseHandle(hProcess); //从非托管内存中读取一个 32 位带符号整数。 return Marshal.ReadInt32(byteAddress); } catch { return 0; } } //将值写入指定内存地址中 public static void WriteMemoryValue(int baseAddress, string processName, int value) { try { //打开一个已存在的进程对象 0x1F0FFF 最高权限 IntPtr hProcess = OpenProcess(0x1F0FFF, false, GetPidByProcessName(processName)); //从指定内存中写入字节集数据 WriteProcessMemory(hProcess, (IntPtr)baseAddress, new int[] { value }, 4, IntPtr.Zero); //关闭操作 CloseHandle(hProcess); } catch { } } #endregion //游戏内存基址 private int baseAddress = 0x007794f8;//0x0015E944; //游戏进程名字 private string processName = "PlantsVsZombies"; private void QieHuan() { if (radioButton2.Checked)//年度 { baseAddress = 0x007794f8; p1 = 0x868; p2 = 0x5578; p3 = 0x950; p4 = 0x50; p5 = 0x868; p6 = 0x15c; p7 = 0x24; p8 = 0x4c; } else//汉化 { baseAddress = 0x006a9ec0; p1 = 0x768; p2 = 0x5560; p3 = 0x82c; p4 = 0x28; p5 = 0x768; p6 = 0x144; p7 = 0x24; p8 = 0x2c; } } //开启/关闭 功能 的按钮 private void button1_Click(object sender, EventArgs e) { if (GetPidByProcessName(processName) == 0) { MessageBox.Show("游戏没有运行!"); return; } QieHuan(); if (button1.Text == "开启") { button1.Text = "关闭"; timer1.Enabled = true; } else { button1.Text = "开启"; timer1.Enabled = false; } } int p1, p2, p3, p4, p5, p6, p7, p8; //定时器 private void timer1_Tick(object sender, EventArgs e) { if (GetPidByProcessName(processName) == 0) { timer1.Enabled = false; } //baseAddress : 游戏内存基址 processName : 游戏进程名 //读取 基址1 中存放的值 int address = ReadMemoryValue(baseAddress, processName); //计算 基址2的地址 = 基址1中的值 + 偏移量1 address = address + p1; //读取 基址2 中存放的值 address = ReadMemoryValue(address, processName); //计算 阳光的地址 = 基址2中的值 + 偏移量2 address = address + p2; //给阳光地址中写入数值,0x378 : 888 int vl = ReadMemoryValue(address, processName); if (vl < GetInt(textBox1.Text)) { WriteMemoryValue(address, processName, GetInt(textBox1.Text)); } } private void button2_Click(object sender, EventArgs e) { if (GetPidByProcessName(processName) == 0) { MessageBox.Show("游戏没有运行!"); return; } QieHuan(); //baseAddress : 游戏内存基址 processName : 游戏进程名 //读取 基址1 中存放的值 int address = ReadMemoryValue(baseAddress, processName); //计算 基址2的地址 = 基址1中的值 + 偏移量1 address = address + p3; //读取 基址2 中存放的值 address = ReadMemoryValue(address, processName); //计算 阳光的地址 = 基址2中的值 + 偏移量2 address = address + p4; //给阳光地址中写入数值,0x378 : 888 WriteMemoryValue(address, processName, GetInt(textBox2.Text)); } private int GetInt(string s) { int n = 0; int.TryParse(s, out n); if (n <= 0) { n = 100; } return n; } int count = 0; private void Form1_Load(object sender, EventArgs e) { QieHuan(); if (GetPidByProcessName(processName) != 0) { int address = ReadMemoryValue(baseAddress, processName); address = address + p5; address = ReadMemoryValue(address, processName); address = address + p6; address = ReadMemoryValue(address, processName); address = address + p7; address = ReadMemoryValue(address, processName); count = address; label3.Text = "植物栏个数: " + address.ToString() + " 个"; } } private void timer2_Tick(object sender, EventArgs e) { if (GetPidByProcessName(processName) == 0) { timer2.Enabled = false; } int address = ReadMemoryValue(baseAddress, processName); address = address + p5;//一级地址 address = ReadMemoryValue(address, processName); address = address + p6;//二级地址 address = ReadMemoryValue(address, processName); int adrs = address; int cs = address + p7;//卡槽数 count = ReadMemoryValue(cs, processName); label3.Text = "植物栏个数: " + count.ToString() + " 个"; if (count > 0) { for (int i = 0; i < count; i++) { address = adrs + p8;//第一栏 植物的地址 // 每后一个植物 地址 偏移 50 (在十进制里是80) //偏移 0x24 的地址 是标示是否在冷却中 值 :( 0 : 为冷却中, 1 为冷却完成) address = address + 80 * i + p7; int vl = ReadMemoryValue(address, processName); if (vl != 1) { WriteMemoryValue(address, processName, 1); } //如果不偏移 0x24 的地址为冷却时间地址, 值不确定, 一般最大设为6000 也可以完成此功能 //address = address + 80 * i; //WriteMemoryValue(address, processName, 6000); } } } private void button3_Click(object sender, EventArgs e) { if (GetPidByProcessName(processName) == 0) { MessageBox.Show("游戏没有运行!"); return; } QieHuan(); if (button3.Text == "有冷却") { button3.Text = "无冷却"; timer2.Enabled = true; } else { button3.Text = "有冷却"; timer2.Enabled = false; } } } }
第二 : 模拟鼠标放置植物 辅助
首先在第一个辅助的前提下植物无冷却才能使用, 使用api函数, 获取鼠标位置, 设置鼠标位置, 获取坐标点的窗口句柄, 通过句柄获得窗口文本, 通过窗口句柄获取窗口的大小位置信息, 设置窗口句柄为激活窗口, 模拟鼠标点击事件等, 用到的api比较多, 但是都是最基本的API函数, 窗体设计的比较凌乱, 代码无注释, 还请见谅.
使用时: 点击寻找窗口,在三秒内鼠标放到游戏窗口位置, 等待倒计时完后, 显示的提示窗口文字和游戏窗体文字一样, 然后添加物品栏放置的行或列, 添加完之后在确保无冷却的情况下点击启动.
c# 项目文件 辅助.zip
运行辅助工具前:
运行后: 自动刷新阳光, 无冷却, 自动摆放植物.
