一個(gè)簡(jiǎn)單的用c寫(xiě)的外掛

寫(xiě)這個(gè)外掛的原因是閑來(lái)無(wú)事玩玩紅警尤里，用ce生成的修改文件時(shí)靈時(shí)不靈，于是就想自己寫(xiě)個(gè)。思路很簡(jiǎn)單，用ce找到金錢(qián)的地址（*(（int*）A83D4C+30C))），用Windowsapi改寫(xiě)內(nèi)存就行了。

主要用到的函數(shù)ReadProcessMemory、WriteProcessMemory

另外由于權(quán)限的問(wèn)題，打開(kāi)進(jìn)程還需要一點(diǎn)技巧，直接copy網(wǎng)上的一段代碼。已經(jīng)封裝成了函數(shù)，用起來(lái)很方便。

#include "tlhelp32.h" #include "windows.h"BOOL SetPrivilege(HANDLE hToken, // access token handleLPCTSTR lpszPrivilege, // name of privilege to enable/disableBOOL bEnablePrivilege // to enable or disable privilege) {TOKEN_PRIVILEGES tp;LUID luid;if ( !LookupPrivilegeValue( NULL, // lookup privilege on local systemlpszPrivilege, // privilege to lookup &luid ) ) // receives LUID of privilege{printf("LookupPrivilegeValue error: %u/n", GetLastError() ); return FALSE; }tp.PrivilegeCount = 1;tp.Privileges[0].Luid = luid;if ( bEnablePrivilege )tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;elsetp.Privileges[0].Attributes = 0;// Enable the privilege or disable all privileges.if ( !AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES) NULL, (PDWORD) NULL) ){ printf("AdjustTokenPrivileges error: %u/n", GetLastError() ); return FALSE; } if (GetLastError() == ERROR_NOT_ALL_ASSIGNED){printf("The token does not have the specified privilege. /n");return FALSE;} return TRUE; }HANDLE GetProcessHandle(int nID) {HANDLE hToken;bool flag = OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken );if( !flag ){DWORD err = GetLastError();printf( "OpenProcessToken error:%d", err );}SetPrivilege( hToken, SE_DEBUG_NAME, true );CloseHandle(hToken);return OpenProcess(PROCESS_ALL_ACCESS, FALSE, nID); }HANDLE GetProcessHandle(LPCTSTR pName) {HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);if (INVALID_HANDLE_VALUE == hSnapshot){return NULL;}PROCESSENTRY32 pe = { sizeof(pe) };BOOL fOk;for (fOk = Process32First(hSnapshot, &pe); fOk; fOk = Process32Next(hSnapshot, &pe)){if (!strcmp(pe.szExeFile, pName)){CloseHandle(hSnapshot);return GetProcessHandle(pe.th32ProcessID);}}return NULL; }

獲取進(jìn)程handle只需HANDLE handle=GetProcessHandle("gamemd.exe");

接下來(lái)就是

int money; int adress; ReadProcessMemory(handle,(void*)0xA83D4C,&adress,4,NULL);獲取基地址 ReadProcessMemory(handle,(void*)(adress+0x30c),&money,4,NULL);讀取金錢(qián) WriteProcessMemory(handle,(void*)(adress+0x30c),&money,4,NULL);修改金錢(qián)

總結(jié)

以上是生活随笔為你收集整理的尤里复仇金钱修改的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。