续上文:
破解了IC卡读写器的动态库,实在让人心力交瘁,蛋疼之下,随便找了个游戏玩玩
一不小心,玩上浴火银河2硬盘版(Galaxy On Fire),这个游戏有很多个不同平台的版本
感觉移动好吃力,跑半天都不到目的地,我们这样的人怎么能忍受龟速?更不用说是蜗牛了!
于是抄家伙,疯狂破解!(- -!这家伙,破解上瘾了……)
最先破解的是后燃器的加速时间、冷却时间和加速倍率,我改过最高的如下:
加速时间1分钟,冷却1秒,加速1000倍!
主要是我想撞一个行星看看是什么样的效果,结果我飞了半天硬是没撞上!
而且,加速太快,摄像机跟不上,直接往后面看了……
因此,这一块就不跟大家共享了,只贴一张图证实真相:
一次加速就飞了4000多公里,星球还是望尘莫及,于是回头截个图……
破解出来比较实用的是修改飞船仓库容量和装甲等,先上个图:
我不想破解别人的东西,我只想传播下技术。
某人说,某人有些虚荣心,喜欢做些惊世骇俗的小动作,不为建功立业……
下面是动态库各个文件的C/C++源代码(按文件名顺序),编译为DLL即可调用(太累了,主程序不想写了,源码也在有空再上传了)。
API.DEF
EXPORTS ReadShips GetShip SetShip SaveShips
Exports.cpp
#include "Exports.h" #include "Ship.h" inline DWORD fnRev(DWORD dwNumber) { // 转换字节序 register DWORD dw1; dw1 = dwNumber << 24; dw1 |= (dwNumber << 8) & 0xFF0000; dw1 |= (dwNumber >> 8) & 0xFF00; dw1 |= (dwNumber >> 24) & 0xFF; return dw1; } // DLL入口函数 BOOL APIENTRY DllMain(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) { //printf("hModule.%p lpReserved.%p \n", hModule, lpReserved); switch(ul_reason_for_call) { case DLL_PROCESS_ATTACH: // 进程装载 SpaceShips = (PSPACESHIP)malloc(sizeof(SPACESHIP) * 44); if(!SpaceShips) return FALSE; break; case DLL_PROCESS_DETACH: // 线程卸载 if(SpaceShips != NULL) { // ... free(SpaceShips); SpaceShips = NULL; } break; case DLL_THREAD_ATTACH: break; case DLL_THREAD_DETACH: break; } return TRUE; } EXPORT_API LONG __stdcall ReadShips(LPCSTR lpShipFile, DWORD *pHash) { return (LONG)fnReadShips(lpShipFile, pHash); } EXPORT_API DWORD __stdcall GetShip(DWORD dwIndex, DWORD dwPropId) { return fnGetShip(dwIndex, dwPropId); } EXPORT_API BOOL __stdcall SetShip(DWORD dwIndex, DWORD dwPropId, DWORD dwValue) { return fnSetShip(dwIndex, dwPropId, dwValue); } EXPORT_API BOOL __stdcall SaveShips(LPCSTR lpShipFile) { return fnSaveShips(lpShipFile); }
Exports.h
/**/ #ifndef __GAL32_EXP_H_ #define __GAL32_EXP_H_ #if _MSC_VER > 1000 #pragma once #endif // _MSC_VER > 1000 //#define WIN32_LEAN_AND_MEAN #include <windows.h> #include <stdio.h> // FILE #define EXPORT_API __declspec(dllexport) #define DESDW(d) ((d << 24) | ((d << 16) & 0xFF0000) | ((d >> 8) & 0xFF00) | ((d >> 24) & 0xFF)) extern inline DWORD fnRev(DWORD); #endif
Hash.cpp和Hash.h是计算MD5的,可以计算任意内存块的md5,目的是检测玩家是否修改了文件
以确定要修改,还是先做备份……主程序都没写,这个也不发上来了,而且容易泄露大侠我的加密风格……
Ship.cpp
// #include "Exports.h" #include "Ship.h" #include "Hash.h" PSPACESHIP SpaceShips; DWORD dwShipCount = 0; BOOL fnReadShips(LPCSTR lpShipFile, DWORD *pHash) { // .. DWORD dwLoop; FILE *pfs = fopen(lpShipFile, "rb"); if(pfs == NULL) { // .. return 0; } dwShipCount = fread(SpaceShips, sizeof(SPACESHIP), 44, pfs); fclose(pfs); if(dwShipCount != 44) { // .. return -1; } dwLoop = sizeof(SPACESHIP) * 44; // 用Hash判断是否是安全的文件 fnCalcHash(SpaceShips, dwLoop, (DWORD)pHash); //for(dwLoop = 0; dwLoop < 44; dwLoop++) //{ // .. // if(SpaceShips[dwLoop].dwIndex != dwLoop) // return -3; //} // 主调程序自动用fnSaveShips保存一个备份 return dwLoop; } DWORD fnGetShip(DWORD dwIndex, DWORD dwPropId) { // 返回值应小于0x3FFFFFFF if(dwIndex >= dwShipCount) return 0x80000000; switch(dwPropId){ case 1: return fnRev(SpaceShips[dwIndex].dwArmor); break; case 2: return fnRev(SpaceShips[dwIndex].dwCargo); break; case 3: return fnRev(SpaceShips[dwIndex].dwPrice); break; case 4: return fnRev(SpaceShips[dwIndex].dwPriWeap); break; case 5: return fnRev(SpaceShips[dwIndex].dwSecWeap); break; case 6: return fnRev(SpaceShips[dwIndex].dwTurret); break; case 7: return fnRev(SpaceShips[dwIndex].dwEquip); break; case 8: return fnRev(SpaceShips[dwIndex].dwHandle); break; default: return fnRev(SpaceShips[dwIndex].dwIndex); break; } return 0x80000001; } BOOL fnSetShip(DWORD dwIndex, DWORD dwPropId, DWORD dwValue) { // 返回值应小于0x3FFFFFFF if((dwIndex >= dwShipCount)||(dwValue >= 0x40000000)) return FALSE; switch(dwPropId){ case 1: SpaceShips[dwIndex].dwArmor = fnRev(dwValue); break; case 2: SpaceShips[dwIndex].dwCargo = fnRev(dwValue); break; case 3: SpaceShips[dwIndex].dwPrice = fnRev(dwValue); break; case 4: SpaceShips[dwIndex].dwPriWeap = fnRev(dwValue); break; case 5: SpaceShips[dwIndex].dwSecWeap = fnRev(dwValue); break; case 6: SpaceShips[dwIndex].dwTurret = fnRev(dwValue); break; case 7: SpaceShips[dwIndex].dwEquip = fnRev(dwValue); break; case 8: SpaceShips[dwIndex].dwHandle = fnRev(dwValue); break; default: SpaceShips[dwIndex].dwIndex = fnRev(dwValue); break; } return TRUE; } BOOL fnSaveShips(LPCSTR lpShipFile) { // .. FILE *pfs = fopen(lpShipFile, "wb"); if(pfs == NULL) { // .. return FALSE; } dwShipCount = fwrite(SpaceShips, sizeof(SPACESHIP), 44, pfs); fclose(pfs); //if(dwShipCount != 44) return TRUE; }
Ship.h
/**/ #ifndef __GAL32_SHIP_H_ #define __GAL32_SHIP_H_ #if _MSC_VER > 1000 #pragma once #endif // _MSC_VER > 1000 typedef struct _tagSpaceShip{ DWORD dwIndex; DWORD dwArmor; DWORD dwCargo; DWORD dwPrice; DWORD dwPriWeap; DWORD dwSecWeap; DWORD dwTurret; DWORD dwEquip; DWORD dwHandle; } SPACESHIP, *PSPACESHIP; extern PSPACESHIP SpaceShips; extern DWORD dwShipCount; extern BOOL fnReadShips(LPCSTR, PDWORD); extern DWORD fnGetShip(DWORD, DWORD); extern BOOL fnSetShip(DWORD, DWORD, DWORD); extern BOOL fnSaveShips(LPCSTR); #endif
目前只公布修改飞船的代码,看看大家反应如何先,如果都有需要,那我就为人民服务一下下吧%……
2013-02-17 22:56:38
妈妈的,明天又要开工了