鱼C论坛

 找回密码
 立即注册
查看: 1899|回复: 0

[技术交流] python也能写外挂 --植物大战僵尸

[复制链接]
发表于 2021-3-1 18:29:12 | 显示全部楼层 |阅读模式

马上注册,结交更多好友,享用更多功能^_^

您需要 登录 才可以下载或查看,没有账号?立即注册

x
本帖最后由 lj2122 于 2021-3-1 18:58 编辑

#用ctypes调用kernel32.dll动态连接库,然后对内存读写
import win32.win32gui, win32.win32process, win32.win32api
import ctypes, time


#获取游戏
game_name = 'Plants vs. Zombies 1.2.0.1073 RELEASE'
win_handle = win32.win32gui.FindWindow(None,game_name)

#调用kernel32,获取游戏句柄   
kernel32 = ctypes.windll.LoadLibrary(r'C:/Windows/System32/kernel32.dll')
process_id = win32.win32process.GetWindowThreadProcessId(win_handle)[-1]
process_handle = win32.win32api.OpenProcess(0x1FFFFF,False,process_id)



def my_gua_cold(win_handle,process_handle): #锁定冷却
    #用基址加偏移找到数据地址,,,相关教程查找用CE找基址.
    #不同版本的地址不同,,运行不起来就是这个原因
    data1,data2 = ctypes.c_long(),ctypes.c_long()
    kernel32.ReadProcessMemory(int(process_handle), +0x0019F8DC,ctypes.byref(data1),4,None)
    kernel32.ReadProcessMemory(int(process_handle),data1.value + 0x108,ctypes.byref(data2),4,None)

    #对数据内存改写,
    kernel32.WriteProcessMemory(int(process_handle),data2.value + 0x4C,ctypes.byref(ctypes.c_long(8000)),4,None)
    kernel32.WriteProcessMemory(int(process_handle),data2.value + 0x9C,ctypes.byref(ctypes.c_long(8000)),4,None)
    kernel32.WriteProcessMemory(int(process_handle),data2.value + 0xEC,ctypes.byref(ctypes.c_long(8000)),4,None)
    kernel32.WriteProcessMemory(int(process_handle),data2.value + 0x013C,ctypes.byref(ctypes.c_long(8000)),4,None)
    kernel32.WriteProcessMemory(int(process_handle),data2.value + 0x018C,ctypes.byref(ctypes.c_long(8000)),4,None)
    kernel32.WriteProcessMemory(int(process_handle),data2.value + 0x01DC,ctypes.byref(ctypes.c_long(8000)),4,None)
    kernel32.WriteProcessMemory(int(process_handle),data2.value + 0x022C,ctypes.byref(ctypes.c_long(8000)),4,None)
    kernel32.WriteProcessMemory(int(process_handle),data2.value + 0x027C,ctypes.byref(ctypes.c_long(8000)),4,None)


def my_gua_sun(win_handle,process_handle): #锁定阳光

    data1,data2 = ctypes.c_long(),ctypes.c_long()
    kernel32.ReadProcessMemory(int(process_handle),0x00779618,ctypes.byref(data1),4,None)
    kernel32.ReadProcessMemory(int(process_handle),data1.value + 0x868,ctypes.byref(data2),4,None)
   
    kernel32.WriteProcessMemory(int(process_handle),data2.value + 0x5578,ctypes.byref(ctypes.c_long(9990)),4,None)



if __name__ == '__main__':
    if win_handle == 0:
        print('\n.......Plants vs. Zombies Not Start!!!.....\n')

    while win_handle != 0:
        time.sleep(0.5)
        # print(win_handle)

        my_gua_cold(win_handle,process_handle)
        my_gua_sun(win_handle,process_handle)

想知道小甲鱼最近在做啥?请访问 -> ilovefishc.com
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

小黑屋|手机版|Archiver|鱼C工作室 ( 粤ICP备18085999号-1 | 粤公网安备 44051102000585号)

GMT+8, 2024-3-28 16:40

Powered by Discuz! X3.4

© 2001-2023 Discuz! Team.

快速回复 返回顶部 返回列表