CE找《植物大战僵尸》年度版阳光基址+Delphi制作阳光锁定器
二级偏移的查找是个难点,对《植物大战僵尸》年度版二级偏移的查找,是个不错的思路,或许能广泛应用的其他游戏上。
几个要点,总结一下:
1、根据阳光数找到的第一个地址:1CDEB6F8,绝大多数人都不会有什么问题。操作要点是:接着要对其进行“找出是什么访问了这个地址”的操作。
2、然后会看到红色的[edx+00005578]的提示,和“要查找的地址指针的值可能是 1CDE6180”,这里也没什么问题。
3、需要对地址1CDE6180进行查找,查找的结果处理是个难点。要点是,多点几次“再次扫描”,直到你看到左边栏里的地址,基本上不会有改变。
4、把第一个地址添加到列表:即017D8998,然后要对其进行“找出是什么改写了这个地址”的操作。这是个难点,一开始看不到什么提示。但是当你重新开始本局游戏后,你会发现里面有东西了:[edi+00000868]的提示,还有“要查找的地址指针的值可能是 017DB130”,离胜利不远了。
5、需要对地址017DB130进行查找,居然有2000多结果,但是不用担心,因为你多搜几次就会看到绿色的基址:007794F8出现了。
基址和偏移都找到了即[[[007794F8]+868]+5578]中存储的是阳光的值,[[007794F8]+868]+5578存储的是阳光的地址,这里值和地址不要搞混了,因为下一步Delphi编程中是读出阳光的值,写入阳光的地址,这也是个要点。
1
2
3 unit MainFrm;
4
5 interface
6
7 uses
8 Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
9 Dialogs, ExtCtrls, StdCtrls;
10
11 type
12 TForm1 = class (TForm)
13 grp1: TGroupBox;
14 edtPTitle: TEdit;
15 edtProcessID: TEdit;
16 lbl1: TLabel;
17 lbl3: TLabel;
18 grp2: TGroupBox;
19 edtOffset2: TEdit;
20 edtOffset1: TEdit;
21 edtBase: TEdit;
22 lbl4: TLabel;
23 lbl5: TLabel;
24 lbl6: TLabel;
25 grp3: TGroupBox;
26 btnGetProcess: TButton;
27 btn2: TButton;
28 btn3: TButton;
29 edtValue: TEdit;
30 lbl7: TLabel;
31 chk1: TCheckBox;
32 tmr1: TTimer;
33 procedure btnGetProcessClick(Sender: TObject);
34 procedure btn2Click(Sender: TObject);
35 procedure btn3Click(Sender: TObject);
36 procedure tmr1Timer(Sender: TObject);
37 private
38 { Private declarations }
39 public
40 { Public declarations }
41 end ;
42
43 var
44 Form1: TForm1;
45
46 implementation
47
48 { $R *.dfm }
49
50 procedure TForm1.btn2Click(Sender: TObject);
51 var
52 Sunny:integer;
53 nbRead:Cardinal;
54 h:THandle;
55 Address:integer;
56 begin
57 if not (edtBase.Text = '' ) and
58 not (edtOffset1.Text = '' ) and
59 not (edtOffset2.Text = '' ) and
60 not (edtProcessID.Text = ' 0 ' ) then
61 begin
62 h: = openProcess(PROCESS_ALL_ACCESS,false,StrToInt(edtProcessID.Text));
63 Address: = strtoint( ' $ ' + edtBase.Text);
64 ReadProcessMemory(h,Pointer(Address),@Sunny, 4 ,nbRead);
65
66 Address: = Dword(Sunny + strtoint( ' $ ' + edtoffset1.Text));
67 ReadProcessMemory(h,Pointer(Address),@Sunny, 4 ,nbRead);
68
69 Address: = Dword(Sunny + strtoint( ' $ ' + edtoffset2.Text));
70 ReadProcessMemory(h,Pointer(Address),@Sunny, 4 ,nbRead);
71 edtValue.Text: = IntToStr(Sunny);
72 end ;
73 end ;
74
75 procedure TForm1.btn3Click(Sender: TObject);
76 var
77 Sunny,NewSunny,Address:integer;
78 nbRead:Cardinal;
79 h:THandle;
80 begin
81 NewSunny: = strtoint(edtValue.Text); // 读取要写入的阳光值
82 try
83 h: = openProcess(PROCESS_ALL_ACCESS,False,Cardinal(StrToInt(edtProcessID.Text))); // 打开游戏进程
84
85 Address: = strtoint( ' $ ' + edtBase.Text);
86 ReadProcessMemory(h,Pointer(Address),@Sunny, 4 ,nbRead); // 读基址
87
88 Address: = Sunny + strtoint( ' $ ' + edtoffset1.Text);
89 ReadProcessMemory(h,Pointer(Address),@Sunny, 4 ,nbRead); // 读一级偏移
90
91 Address: = Sunny + strtoint( ' $ ' + edtoffset2.Text); // 计算阳光的地址
92
93 WriteProcessMemory(h,Pointer(Address),@NewSunny, 4 ,nbRead); // 写入新阳光值
94 finally
95 CloseHandle(h); // 事后要关闭游戏进程句柄
96 end ;
97
98 end ;
99
100 procedure TForm1.btnGetProcessClick(Sender: TObject);
101 var
102 PID: Cardinal;
103 handle:THandle;
104 begin
105 if not (edtPTitle.Text = '' ) then
106 begin
107 handle: = FindWindow( nil ,PWideChar(edtPTitle.Text)); // 获取游戏句柄
108 GetWindowThreadProcessId(handle,@PID); // 学习@pid的这种用法 获取PID
109 edtProcessID.Text: = IntToStr(PID);
110 end ;
111 end ;
112
113 procedure TForm1.tmr1Timer(Sender: TObject);
114 begin
115 if not (edtValue.Text = '' ) and chk1.Checked then
116 btn3Click(Sender);
117 end ;
118
119 end .
120
121
122
TForm代码
1 object Form1: TForm1
2 Left = 0
3 Top = 0
4 Caption = # 25351 # 23450 # 31243 # 24207 # 20869 # 23384 # 20462 # 25913 # 27979 # 35797
5 ClientHeight = 273
6 ClientWidth = 477
7 Color = clBtnFace
8 Font.Charset = DEFAULT_CHARSET
9 Font.Color = clWindowText
10 Font.Height = - 11
11 Font.Name = ' Tahoma '
12 Font.Style = []
13 OldCreateOrder = False
14 PixelsPerInch = 96
15 TextHeight = 13
16 object grp1: TGroupBox
17 Left = 16
18 Top = 8
19 Width = 449
20 Height = 104
21 Caption = # 24453 # 20462 # 25913 # 31243 # 24207 # 20449 # 24687 # 65306
22 TabOrder = 0
23 object lbl1: TLabel
24 Left = 16
25 Top = 32
26 Width = 84
27 Height = 13
28 Caption = # 31243 # 24207 # 31383 # 21475 # 26631 # 39064 # 65306
29 end
30 object lbl3: TLabel
31 Left = 16
32 Top = 64
33 Width = 71
34 Height = 13
35 Caption = # 31243 # 24207 # 36827 # 31243 ' ID ' # 65306
36 end
37 object edtPTitle: TEdit
38 Left = 106
39 Top = 29
40 Width = 97
41 Height = 21
42 TabOrder = 0
43 Text = ' Plants vs. Zombies 1.2.0.1073 RELEASE '
44 end
45 object edtProcessID: TEdit
46 Left = 106
47 Top = 61
48 Width = 97
49 Height = 21
50 ReadOnly = True
51 TabOrder = 1
52 end
53 object btnGetProcess: TButton
54 Left = 222
55 Top = 27
56 Width = 75
57 Height = 25
58 Caption = # 33719 # 21462
59 TabOrder = 2
60 OnClick = btnGetProcessClick
61 end
62 end
63 object grp2: TGroupBox
64 Left = 16
65 Top = 128
66 Width = 449
67 Height = 57
68 Caption = # 22320 # 22336 # 20449 # 24687
69 TabOrder = 1
70 object lbl4: TLabel
71 Left = 16
72 Top = 25
73 Width = 36
74 Height = 13
75 Caption = # 22522 # 22336 # 65306
76 end
77 object lbl5: TLabel
78 Left = 175
79 Top = 25
80 Width = 60
81 Height = 13
82 Caption = # 19968 # 32423 # 20559 # 31227 # 65306
83 end
84 object lbl6: TLabel
85 Left = 303
86 Top = 25
87 Width = 60
88 Height = 13
89 Caption = # 20108 # 32423 # 20559 # 31227 # 65306
90 end
91 object edtOffset2: TEdit
92 Left = 369
93 Top = 22
94 Width = 56
95 Height = 21
96 NumbersOnly = True
97 TabOrder = 0
98 Text = ' 5578 '
99 end
100 object edtOffset1: TEdit
101 Left = 241
102 Top = 22
103 Width = 56
104 Height = 21
105 NumbersOnly = True
106 TabOrder = 1
107 Text = ' 868 '
108 end
109 object edtBase: TEdit
110 Left = 55
111 Top = 22
112 Width = 114
113 Height = 21
114 NumbersOnly = True
115 TabOrder = 2
116 Text = ' 007794F8 '
117 end
118 end
119 object grp3: TGroupBox
120 Left = 16
121 Top = 191
122 Width = 449
123 Height = 74
124 Caption = # 20462 # 25913 # 25805 # 20316
125 TabOrder = 2
126 object lbl7: TLabel
127 Left = 106
128 Top = 32
129 Width = 24
130 Height = 13
131 Caption = # 20540 # 65306
132 end
133 object btn2: TButton
134 Left = 16
135 Top = 27
136 Width = 75
137 Height = 25
138 Caption = # 35835 # 21462
139 TabOrder = 0
140 OnClick = btn2Click
141 end
142 object btn3: TButton
143 Left = 233
144 Top = 27
145 Width = 75
146 Height = 25
147 Caption = # 20889 # 20837
148 TabOrder = 1
149 OnClick = btn3Click
150 end
151 object edtValue: TEdit
152 Left = 136
153 Top = 29
154 Width = 81
155 Height = 21
156 TabOrder = 2
157 end
158 object chk1: TCheckBox
159 Left = 328
160 Top = 31
161 Width = 97
162 Height = 17
163 Caption = # 38145 # 23450
164 TabOrder = 3
165 end
166 end
167 object tmr1: TTimer
168 OnTimer = tmr1Timer
169 Left = 368
170 Top = 56
171 end
172 end