It requires a wealth of computer knowledge to make the game better. There are many computer experts who gradually become interested in and grow from playing games and modifying games. Do not envy what others can do, because you can do what others can! I believe that after reading this tutorial, you will have a new understanding of the game! (Don't hit me with eggs. Please help me! # ¥ % ...... *) But if you want to learn more about the game and increase your computer level, you cannot just modify the game! You know, modifying a game is just a place to verify your understanding of some of your computer knowledge. You can only give you the opportunity to discover and solve problems, it can only help you increase your interest in learning computers, but it is not a shortcut to learning computers.
I. What is plug-ins?
Currently, online games are mostly based on the Client/Server mode on the Internet. The server runs on the game server, where game designers create a huge game space, players from all over the world can log on to the game at the same time by running the client program. Simply put, online games are actually a game environment provided by game developers, in which players perform game operations relatively freely and openly. Now that we have the server concept in online games, our traditional method of modifying the game is powerless. I remember that in a single-host game, we can use the Memory search as needed to modify the various attributes of the role, which is useless in online games. Because all the attributes and important materials of the roles we play in online games are stored on the server, and only the role status is displayed on our own machine (client, therefore, it is impractical to modify the role attributes in the client memory. Is there any way for us to make changes in online games? The answer is "no ".
We know that Internet client/server communication generally uses TCP/IP communication protocol, and data exchange is implemented through IP packet transmission. Generally, our client sends some requests to the server, for example, commands such as mobile and combat exchange data with servers through packets. The local sending message is called send, which means to send data. After the server receives the sent message, it will send the relevant information to the client according to the established program. For example, coordinates of movement, the type of combat. The client receives a message from the server called Recv. Now that we know this, the next thing we need to do is to analyze the data (that is, packets) between the client and the server, so that we can extract and modify the useful data, then, simulate sending the server to the client, or simulate sending the client to the server, so that we can modify the game.
In addition to modifying the game package to modify the game, we can also modify the client program to meet our requirements. We know that the computing power of each server is limited. Especially in games, it is almost impossible for a game server to calculate the status of all players in the game, therefore, some operations still need to be completed by our client, which provides some convenience for us to modify the game. For example, we can discover some program judgment branches by shelling the client program. Through tracking and debugging, we can remove some unfavorable judgments to meet our needs for modifying the game. In the next sections, we will introduce the concept of encapsulation and the knowledge of modifying the Tracking Client. Are you ready?
Game data format and storage:
Before doing our work, we need to know some knowledge about how to store data in computers and the features of storing data in games. This section is provided to cainiao gamers. If you are a master, you can skip this section. If you want to become an invincible swordsman, these things will take you some time; if you only want to be a tourist of the rivers and lakes, it doesn't matter whether you understand these things or not. You can choose whether to be a swordsman or a tourist!
Now let's start! First, you need to know several formats of data stored in the game. These formats are byte, word, and double word ), or 8-bit, 16-bit, and 32-bit storage. Bytes, that is, 8-bit storage can be 0 ~ 255 of the number; the word or the 16-bit storage method can store 0 ~ 65535 of the number; dual-word storage can be 0 to 32-bit ~ 4294967295.
Why do we need to understand this knowledge? In the game, the maximum values of various parameters are different, and some may be about 100, for example, the level of the role in the JINYONG group and the number of randomly encountering enemies. However, some of them need to be greater than 255 or even greater than 65535, and the money value of the role in the JINYONG group can reach millions. Therefore, different data types in the game are different. When we modify a game, we need to find the packets that prepare the modified data. In this case, correct determination of the data type is an important condition to quickly find the correct address.
In a computer, data is stored in bytes. Each byte is assigned a number to determine its location. This number is called an address.
When a word or double word is required, the computer uses two consecutive bytes to form a word, and two consecutive words constitute a double word. A word or double-character address is their low-byte address. In Windows 9x, the address is represented by a 32-bit binary number. When we usually use a memory address, we always use an 8-bit hexadecimal number to represent it.
What is binary and hexadecimal?
To put it simply, the binary number is a counting carry method that only has two digits: 0 and 1. Every two digits are full, one digit is entered. Similarly, the hexadecimal system is the counting carry method that goes into one digit every 16 digits. In hexadecimal notation, there are 0--f Sixteen digits, which use six numbers A, B, C, D, E, and F to represent the numbers from 10 to 15, they correspond to decimal: A corresponds to 10, B Corresponds to 11, C corresponds to 12, D corresponds to 13, E corresponds to 14, F corresponds to 15. In addition, there is a simple correspondence between the hexadecimal number and the binary number, that is, the four-digit binary number is equivalent to the one-digit hexadecimal number. For example, a four-digit binary number of 1111 is equivalent to hexadecimal F, and 1010 is equivalent to.
Understanding these basic knowledge will be of great help to modify the game. Next I will discuss this issue. Because data in a computer is stored in binary format, the conversion between hexadecimal numbers and binary values is very simple, therefore, most modification tools will display hexadecimal code when displaying data in the computer, and you also need to enter hexadecimal numbers when modifying. Are you clear?
The data displayed in the game can be in decimal format. To find and modify the parameter values, you can use the calculator provided by windows to convert the values in decimal or hexadecimal format, we can find it in the attachment in the program group in the Start Menu.
The knowledge you want to know is almost the same now! However, there is a problem that requires attention in game modification. In computers, data is stored in Low-bit bytes, while in high-bit bytes. For example, if the decimal number 41715 is converted to the hexadecimal number a2f3, this number is saved as f3a2 in the computer.
After reading the above content, do you understand the data storage and data ing relationships? Now, let's tell you what the packaging is in the game. Come on! Let's roll up your cuffs and let's work!
Ii. What is a packet?
How to intercept a game package? How can I check the IP address and port number of the game server? The communication information of various information services used by Internet users can all be attributed to information transmission in units of IP packets. In addition to the data information to be transmitted, it also contains the destination IP address to be sent, the source IP address to be sent, and some related control information. When a router receives an IP packet, it searches for the route table based on the destination IP address in the packet and sends the IP packet to the corresponding port based on the search result. The next IP router continues forwarding after receiving the packet until it is sent to the destination. Routers can exchange route information through the routing protocol to update the route table.
So we only care about the data information in the IP packet. We can use many listening Network Tools to intercept data exchange between the client and the server, here is a tool: WPE.
How to Use WPE: To Run WPE, you can select the following functions:
Select game: select the program you want to intercept in the memory. You only need to double-click the program name.
Trace tracing. Used to track the packets sent and received by a program. WPE must first click the program name to be tracked to use this project. Press the play key to start retrieving the packets sent and received by the program. You can press | pause tracking at any time. If you want to continue, Press |. By pressing the square, you can stop capturing packets and display all captured packets. If you do not press the Square stop key, the tracing will automatically stop Based on the set value in option. If you have not obtained any information, try to change option to Winsock version 2. WPE and trainers can be executed only when the display color is at least 16 bits.
Filter. Used to analyze the captured packets and modify them.
Send packet to send packets. Allows you to send fake packets.
Creates a modifier for the trainer maker.
Options setting function. Let you adjust some settings of the WPE.
Filter details
-When the filter is enabled, the on button is red. -When you start filter, you can close this window at any time. The filter will remain in the original state until you press the on/off button again. -Only when the filter enable button is off can you select the box before the filter to edit the modification. -To edit a filter, double-click the Filter Name.
Normal Mode:
Example:
When you use a fireball twice and hit the other party in the street fighter online replaying tornado online game, you will capture the following packets: send-> 0000 08 14 21 06 01 04 send-> 0000 02 09 87 00 67 ff A4 AA 11 22 00 00 00 00 send-> 0000 03 84 11 09 11 09 send-> 0000 0a 09 C1 10 00 00 FF 52 44 send-> 0000 0a 09 C1 10 00 00 66 52 44
Your first fireball reduced the lifetime of the other side by 16 drops of bytes 16 = 10 h, And you observed that the location of the 4th and 5th packets 4 had a value of 10 h, it should be here.
You can see that the 0a 09 C1 before 10 h has not changed in both packages. The three values are the key to Fireball.
Therefore, you enter 0a 09 C1 10 in the search column 'elasticsearch into', and then fill in 'ff 'in position 4 of the modify into' column. In this way, when you send a fireball again, FF will replace the previous 10, that is, the fireball with an attack force of 255!
Advanced Mode:
Example: in a game, if you do not want to use your real name, you want to transfer it to the other party using a modified pseudonym. After you use Trace, you will find that your name appears in some packets. Assume that your name is shadow, and convert it to a 16-digit value, the value is 53 68 61 64 6f 77 rows. You intend to replace the value with Moon given 6D 6f 6e 20 20 bytes. 1) Send-> 0000 08 14 21 06 01 042) Send-> 0000 01 06 99 53 68 61 64 6f 77 00 01 05 3) send-> 0000 03 84 11 09 11 094) Send-> 0000 0a 09 C1 10 00 53 68 61 64 6f 77 00 11 5) send-> 0000 0a 09 C1 10 00 00 66 52 44
However, after careful consideration, your name does not appear in the same position in each packet.
-In 2nd packets, the name appears in 4th locations-in 4th packets, the name appears in 6th locations
In this case, you need to use advanced mode-fill in the search column elastic search engines: 53 68 61 64 6f 77 Rows be sure to fill in "rows" from position 1-you want to replace the new name from the first letter of the original name shadow, therefore, you must choose to replace the continuous value from the position of the chain found when the value is found ﹞. -Now, fill in "6D 6f 6f 6e 20 20" at the position of the modify limit 000 column. This is the relative position, that is, you can change the value from the + 001 position in the original search column. If you want to change the value from the first position of the package, select begin from the beginning of the packet threshold ﹞
Anyone familiar with TCP/IP knows that the Internet package information data and then transfer it out. Each packet is divided into header information and data information. The header information includes the packet Sending address and arrival address. Data Information includes information about the operations we perform in the game. Before intercepting packets, we need to know the IP address, port number, and other information of the game server. In fact, the simplest thing is to check whether there is a server in our game directory. ini configuration file. In this file, you can view the IP address of a game server. For example, if this is the case of Jin yongqun Xia, we can also use the netstat command in DOS,
The netstat command displays network connection, route table, and network interface information, allowing you to know which network connections are currently in operation. Alternatively, you can use tools such as Trojan Horse star to view network connections. There are many tools, depending on which one you like to use.
The general format of the netstat command is: netstat [Option]
The meaning of each option in the command is as follows:-A displays all sockets, including those being monitored. -C is re-displayed every one second until the user interrupts it. -I: displays information about all network interfaces. -N is replaced by a network IP address to show network connection conditions. -R displays the core route table in the same format as "route-e ". -T shows the TCP connection status. -U: displays the connections of the UDP protocol. -V: displays ongoing work.