Analysis and production of game plug-ins and Analysis of game plug-ins

Analysis and production of game plug-ins and Analysis of game plug-ins

The first three blog posts, combined with the C # Demo, analyzed the principle of modifying the memory data class and used the C # language to call the Windows API, we have actually written a simple memory scanning tool, but it has some defects. For example, we can only search for a single type of value (integer type), and can only search for a specific value, such as 1000, 2000, fuzzy search is not allowed, for example, a search value is smaller or changes within a certain range.

 

I always think that a language is just a tool. As long as it can be used to modify a value, it can be used in any language. It can even be used in combination with multiple languages and tools to modify a value. In fact, this is usually the case in practice, because each language has its own advantages. For example, an unmanaged language such as C language or easy language has very high permissions for underlying operations, especially easy language, easy to use and many people have encapsulated a large number of underlying modules for operations. The advantages of C # and Java are embodied in Application Layer encapsulation and flexible API calling. Make rational use of the advantages of the language in their fields of expertise, maintain an open mind to the technology, and be constrained at the language level to analyze various games.

　　

The following articles focus on the memory modifier [Cheat Engine], similar to OD and Kingsoft Ranger (this tool has no research significance, features are single, with little help in understanding pointers and assembly). Our time-consuming encapsulated tools are actually very high, and these tools already have powerful functions, we can use these tools to better understand the principles.

 

This chapter first introduces the simple usage. We will not write a Demo this time. We will directly find a small game for testing.

　

This is a three-eye child. I played on the Overlord game when I was a child.

　　

　　

The following information is displayed:

6 blood cells, 0 gold coins, 2 lives

 

This is what we can see with the naked eye. There are also figures and coordinates, equipment items, and other values that cannot be seen but actually exist.

　　

Now we open CE:

Is its main interface:

　　

I am using an old version. First, click the icon to open the process selection interface.

　　

From the icon or process name, we can see that the process I framed in green is the game process of our three eyes child.

The goal of this step is obviously to get the gameProcess PID and Handle.

　　

Click Open. After opening, you can see that the control on the right has become available.

　　

 

Next, we will try to search for the value of the blood volume (6 ).

　　

　　

We enter 6 in the value and click scan for the first time. The following list is displayed on the left side. We can see that there are 2801 addresses with 6 values in the entire memory block.

　　

Now we use the method mentioned in the previous chapter to change the value of 6. Let's hit the soldier:

We can see that the blood volume has changed to 5 cells.

 

After changing the value to 5, click scan again:

　　

　　

Is the search result. The corresponding address is not found. The number is 0.

　　

This is embarrassing because the value type is 4 bytes. CE opens the default value.4Byte search is the integer number.In the past, the game machine had a higher storage capacity than the current one. Generally, the variable stored in bytes is defined as BYTE. So we can start searching again, click a new scan, and thenThe drop-down scan type is byte..

　　

Click scan for the first time to obtain the following scan results:

　　

We can see that up to 68696 variables are stored in byte form. Let's continue hitting the small soldier.

　　

Okay, it turns into 4 cells of blood. We change the CE value to 4, and then click scan again.

　　

　　

4 results found

　　

The value of address 0x2D00044 has been changing. We can exclude this address.

　

Are there any addresses that store the volume of blood in the remaining three addresses? We continue to change the volume of blood.

　　

The blood volume is changed to three grids, so we can search for 3 again.

　　

　　

The result is as follows:

 

Now there is a 3 byte value in address 0x2D00092. Let's determine whether this address is the address for storing the blood volume. We click this address.

　　

　　

Click the arrow to add it to the address list to be operated.

　　

　　

Double-click the record value

　　

　　

We changed the value to 6. Let's see if the game's blood volume has changed. Note that the page's blood volume may not change immediately, because this type of games only read and display the value when the blood volume changes, we need to hit it again.

We can see that the blood volume has changed to 5, which indicates that the modification was successful (after the 6-grid blood volume was modified, the strange one reduced the blood volume, so there were 5 cells left ), let's take a look at the CE interface.

No problem. The value is shown as 5. In this way, we will follow CE to complete the most basic data modification. As you can see, the principle of code writing and modification is the same. Just like cracking the Wi-Fi password, you can find the correct address or password.

　　

The next section describes how to search for Dynamic Address pointers and offsets.

　　

PS: Reprint Please attach the original path: http://www.cnblogs.com/lene-y/p/7252446.html, I have commissioned the "server guard" for my article to protect rights.

You are welcome to pay attention to the public account [analysis and production of game plug-ins]. If you have any questions or different ideas about this article, you can leave a message for me to share and make progress together.

　　　　

Scan the QR code to follow the public account