python也能写外挂 --植物大战僵尸
本帖最后由 lj2122 于 2021-3-1 18:58 编辑#用ctypes调用kernel32.dll动态连接库,然后对内存读写
import win32.win32gui, win32.win32process, win32.win32api
import ctypes, time
#获取游戏
game_name = 'Plants vs. Zombies 1.2.0.1073 RELEASE'
win_handle = win32.win32gui.FindWindow(None,game_name)
#调用kernel32,获取游戏句柄
kernel32 = ctypes.windll.LoadLibrary(r'C:/Windows/System32/kernel32.dll')
process_id = win32.win32process.GetWindowThreadProcessId(win_handle)[-1]
process_handle = win32.win32api.OpenProcess(0x1FFFFF,False,process_id)
def my_gua_cold(win_handle,process_handle): #锁定冷却
#用基址加偏移找到数据地址,,,相关教程查找用CE找基址.
#不同版本的地址不同,,运行不起来就是这个原因
data1,data2 = ctypes.c_long(),ctypes.c_long()
kernel32.ReadProcessMemory(int(process_handle), +0x0019F8DC,ctypes.byref(data1),4,None)
kernel32.ReadProcessMemory(int(process_handle),data1.value + 0x108,ctypes.byref(data2),4,None)
#对数据内存改写,
kernel32.WriteProcessMemory(int(process_handle),data2.value + 0x4C,ctypes.byref(ctypes.c_long(8000)),4,None)
kernel32.WriteProcessMemory(int(process_handle),data2.value + 0x9C,ctypes.byref(ctypes.c_long(8000)),4,None)
kernel32.WriteProcessMemory(int(process_handle),data2.value + 0xEC,ctypes.byref(ctypes.c_long(8000)),4,None)
kernel32.WriteProcessMemory(int(process_handle),data2.value + 0x013C,ctypes.byref(ctypes.c_long(8000)),4,None)
kernel32.WriteProcessMemory(int(process_handle),data2.value + 0x018C,ctypes.byref(ctypes.c_long(8000)),4,None)
kernel32.WriteProcessMemory(int(process_handle),data2.value + 0x01DC,ctypes.byref(ctypes.c_long(8000)),4,None)
kernel32.WriteProcessMemory(int(process_handle),data2.value + 0x022C,ctypes.byref(ctypes.c_long(8000)),4,None)
kernel32.WriteProcessMemory(int(process_handle),data2.value + 0x027C,ctypes.byref(ctypes.c_long(8000)),4,None)
def my_gua_sun(win_handle,process_handle): #锁定阳光
data1,data2 = ctypes.c_long(),ctypes.c_long()
kernel32.ReadProcessMemory(int(process_handle),0x00779618,ctypes.byref(data1),4,None)
kernel32.ReadProcessMemory(int(process_handle),data1.value + 0x868,ctypes.byref(data2),4,None)
kernel32.WriteProcessMemory(int(process_handle),data2.value + 0x5578,ctypes.byref(ctypes.c_long(9990)),4,None)
if __name__ == '__main__':
if win_handle == 0:
print('\n.......Plants vs. Zombies Not Start!!!.....\n')
while win_handle != 0:
time.sleep(0.5)
# print(win_handle)
my_gua_cold(win_handle,process_handle)
my_gua_sun(win_handle,process_handle)
页:
[1]