|
|
发表于 2018-4-28 02:32:46
|
显示全部楼层
附上代码,自行研究
- #include <iostream>
- #include <windows.h>
- #include <tlhelp32.h>
- #include <cstdarg>
- UINT32 ReadAddress_4Byte(HANDLE hProcess, UINT32 BaseAddress)
- {
- UINT32 data;
- SIZE_T NumberOfBytesRead;
- ReadProcessMemory(hProcess, (LPCVOID)BaseAddress, &data, 4, &NumberOfBytesRead);
- return data;
- }
- void WriteAddress_4Byte(HANDLE hProcess, UINT32 BaseAddress, UINT32 data)
- {
- SIZE_T NumberOfBytesWritten;
- WriteProcessMemory(hProcess, (LPVOID)BaseAddress, &data, 4, &NumberOfBytesWritten);
- }
- DWORD GetProcessIdByName(std::string ProcessName)
- {
- DWORD dwProcessId = 0;
- PROCESSENTRY32 pe32;
- HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
- pe32.dwSize = sizeof(PROCESSENTRY32);
- Process32First(hProcessSnap, &pe32);
- do
- {
- if(ProcessName == pe32.szExeFile)
- {
-
- dwProcessId = pe32.th32ProcessID;
- break;
- }
- }
- while(Process32Next(hProcessSnap, &pe32));
- CloseHandle(hProcessSnap);
- return dwProcessId;
- }
- UINT32 GetAddress(HANDLE hProcess, UINT32 base, int level, ...)
- {
- va_list ap;
- UINT32 address = base;
- UINT32 offset;
- address = ReadAddress_4Byte(hProcess, address);
- va_start(ap, level);
- for(int i = 0; i < level - 1; ++i)
- {
- address = ReadAddress_4Byte(hProcess, address + va_arg(ap, UINT32));
- }
- offset = va_arg(ap, UINT32);
- va_start(ap, level);
- return address + offset;
- }
- int main()
- {
- DWORD dwProcessId = GetProcessIdByName("PlantsVsZombies.exe");
- if(dwProcessId == 0)
- return 0;
- HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, 0, dwProcessId);
-
- UINT32 address;
- address = GetAddress(hProcess, 0x5aa054, 5, 0x3a4, 0x10, 0x230, 0x50, 0x80);
- UINT32 data = ReadAddress_4Byte(hProcess, address);
- WriteAddress_4Byte(hProcess, address, data - 100);
-
- CloseHandle(hProcess);
- return 0;
- }
|
|
( 粤ICP备18085999号-1 | 粤公网安备 44051102000585号)
狗仔卡
显身卡