郁金香反汇编逆向与外挂（66）

扫雷外挂制作：

结合前面几课自行编写的一键扫雷程序：

void CSingleClickDlg::OnBnClickedButton1()
{
	// TODO: 在此添加控件通知处理程序代码
	HWND h = ::FindWindowA("扫雷",NULL);
	if(h==0)
	{
		 ::MessageBox(0,L"游戏未打开",0,MB_OK);  
		return;
	}
	WORD yx[2];
	int high;//高
	int wide;//宽

	DWORD pid;  
    GetWindowThreadProcessId(h,&pid);
	////////
	TOKEN_PRIVILEGES tkp;  
    HANDLE hToken;  
    OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken);  
    LookupPrivilegeValue(NULL, SE_DEBUG_NAME,&tkp.Privileges[0].Luid); //获得本地机唯一的标识  
    tkp.PrivilegeCount = 1;  
    tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;  
    AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,(PTOKEN_PRIVILEGES) NULL, 0); //调整获得的权限  
	////////
	HANDLE hp=OpenProcess(PROCESS_ALL_ACCESS ,false,pid); 
	if(hp==NULL)  
    {  
        ::MessageBox(0,L"打开进程出错",0,MB_OK);  
        return;  
    }  
	ReadProcessMemory(hp,(LPCVOID)0x1005338 , &high,4,&pid); 
	ReadProcessMemory(hp,(LPCVOID)0x1005334 , &wide,4,&pid); 



	unsigned int temp;
	
	unsigned int temp1;


	int x;

	int *addr=(int*)0x1005361;
	 
	for(int i=0;i256)
				{
					temp1 = temp1>>8;
				}
				x++;
				if(temp1==0x10)
				{
					break;//本行结束
				}

				if(temp1!=143)
				{
				::SendMessage(h,WM_LBUTTONDOWN,1,*(int*)yx);  
				::SendMessage(h,WM_LBUTTONUP,0,*(int*)yx);  
				}
				yx[0]=yx[0]+16;

			}
		}
		addr=addr+8;//加一位代表4个字节
	}
}