Analysis and production of game plug-ins and Analysis of game plug-ins
As mentioned in the previous article, we have scanned the code for the first time to obtain all memory addresses with a value of 1000 and store them in the collection.
Link: http://www.cnblogs.com/lene-y/p/7107526.html.
Demo interface:
First scan result:
Then we can find the variable address we really need from the 32 results.
- Click Modify Button to change the value of the variable value:
In this case, the variable value is 789. We can further filter and perform a secondary search by reading data from 32 result addresses again:
/// <Summary> /// continue searching /// </summary> /// <param name = "Value"> enter the changed Value here </param> public void ContinueSearch (int Value = 789) {int ReadSize =-1; byte [] FindArray = new byte [4]; // temporary address Dictionary key = memory address value = storage value Dictionary <int, int> TempAddressList = new Dictionary <int, int> (); foreach (int Address in AddressList) {// because it is an integer, so the 4 bytes determine if (ReadProcessMemory (hProcess, (IntPtr) Address, FindArray, 4, out ReadSize) // if the number of bytes read is correct if (ReadSize = 4) {// process data [comparative analysis] if (CompareData (FindArray, Address, Value) {TempAddressList. add (Address, Value );}}}}
The address with the retrieved value = 789:
/// <Summary> /// compare the value stored in the address of the first search result with that of the input. /// </summary> /// <param name =" dataArray "> Read byte array </param> /// <param name =" Address "> Address </param> /// <param name =" Value "> game </param> /// <returns> whether the values are consistent </returns> public bool CompareData (byte [] DataArray, int Address, int Value) {int num = BitConverter. toInt32 (DataArray, 0); if (num = Value) {return true;} else {return false ;}}
Debug output result:
We can see that a 4-byte {789, 41632768} integer is, and the address is.
Hexadecimal notation 0x27B4400:
Now there is only one address, so this 0x27B4400 is most likely the address we are looking for. Generally, we recommend that you modify it again based on the above to ensure that the value of 0x27B4400 does follow the change, I will not repeat the demo here.
Well, it is not our ultimate goal to get the address. The ultimate goal is to modify the value of the address:
/// <Summary> /// write the custom value to the memory /// </summary> /// <param name = "Address"> memory Address </param>/ // <param name = "Value"> custom Value </param> // <returns> whether the write is successful </returns> public bool WriteValue2Address (int Address, int Value) {int WriteSize =-1; byte [] WriteArray = BitConverter. getBytes (Value); if (WriteProcessMemory (hProcess, (IntPtr) Address, WriteArray, 4, out WriteSize )) {// if the message indicating successful if (WriteSize = 4) is the same as the number of actually written bytes ){ Console. WriteLine ("blood volume written successfully! "); Return true;} else {return false ;}}
See the following results:
This is the original interface:
Click Refresh:
The above is the end of the most basic modification process, which is to be continued.
PS: Reprint Please attach the original path: http://www.cnblogs.com/lene-y/p/7118515.html, I have commissioned the "server guard" for my article to protect rights.
You are welcome to pay attention to the public account [analysis and production of game plug-ins]. If you have any questions or different opinions about this article, please leave a message and make a reply.