C # Plug-ins

Source: Internet
Author: User
I am also studying plug-ins. It can be said that this tutorial is currently available and I hope it will be helpful to plug-ins using C.
In this tutorial, there are some content marked with the words "nonsense", which can be crossed directly in time.

Lesson 1: C # use the window API and perform memory operations.
This lesson is something simple that can be learned directly. Considering that most people who use C # Work on websites and may not have the chance to contact them, I will give a rough introduction here.

Step 1: Get to know winapi

Many functions are provided in windows. If we do plug-ins, we need to use the functions (API ). (Nonsense: These APIs are encapsulated in DLL files in the system path. In fact, we don't have to worry about where it is. We only need to know how to use it.) It's easy to use and the format is as follows:
Public partial class form1: Form
{
[Dllimport ("kernel32.dll")] \
Public static extern int readprocessmemory (|
Int hprocess, |
Int lpbaseaddress, |
Int lpbuffer,> code segment 1
Int nsize, |
Int lpnumberofbyteswritten |
);/
...
Public form1 ()
{
Initializecomponent ();
Readprocessmemory (processhandle,...> Code 2
...
}
...
}
Code snippet 1 refers to the code that references the API. The referenced function is the most common function used for plug-ins. It can be seen from its name that it is used to read the process memory. (Nonsense: From the code, we can easily see that this function is encapsulated in the kernel32.dll file .) After referencing, we can use this function in our own code (for example, code 2 ).
(Nonsense: Windows also provides many APIs. If you are interested, you can search for winapi manuals online. For more information, see msdn .)

Step 2: read/write memory
Next I will explain how to use the API referenced in the previous step to read game data. Let's take a look at the parameters:
Public static extern int readprocessmemory (
Int hprocess, // process. If you are using a plug-in, it indicates the game you want to play.
Int lpbaseaddress, // The memory address you want to read
Int lpbuffer, // something read from the above parameter address (this function is called for it)
Int nsize, // length, the previous parameter, type is int, that length should use 4
Int lpnumberofbyteswritten // use 0. If you want to know what it is, go to msnd.
I will talk about how to obtain the first hprocess parameter later. If it has been done, we need to focus on the lpbaseaddress and lpbuffer, both the read address and the read value. (Nonsense: By the way, this function seems to have another return value, which we cannot use here. If you are interested in learning, msdn) The read value out int lpbuffer is declared as int when we reference the API. However, the value we want to read from memory is not always Int. We can reference this API multiple times, with 3rd parameters of different types.
Next, we will write a piece of code to read the HP code of the fairy. First, we need to know the IP address of the person HP (nonsense: How to know this address, use ce or IE, you can do it yourself .) I'm http://www.ghoffice.com/bbs/read.php here with IE? The tid-35908-fpage-2.html found it, which is written here as follows:
Character Base Address: [[& h12f830] + & H28] = base
Life: [base + & h254]
(Note: & H indicates hexadecimal, which is expressed by 0x in C)
A pair of [] indicates the read address. That is to say, 123 indicates the value of 123, and [123] indicates the value read from address 123. For several pairs of [], we need to use readprocessmemory several times. Let's write the code:
Int base;
Int HP;
Readprocessmemory (process, 0x12f830, base;, 4, 0); // equivalent to base = [& h12f830]
Readprocessmemory (process, base + 0x28, base;, 4, 0); // equivalent to base = [base + & H28]
// Read the base address of the character
Readprocessmemory (process, base + 0x254, HP;, 4, 0); // equivalent to HP = [base + & h254]
// Read HP
It's easy.
We only use three rows of readprocessmemory for reading HP. Sometimes, reading a value may require a lot of [] pairs, so we need to write n rows of readprocessmemory, which is very troublesome and looks dizzy. Next we will write a function to make the READ memory process look similar to the [] notation.
// To look good, the function name is better to be shorter, so we use R to indicate read
Public static int R (INT add)
{
Int R;
Try
{
Readprocessmemory (process, add, R, 4, 0 );
Return R;
}
Catch (exception ex)
{
Return-1;
}
}
This function is very simple. I don't need to talk about it.
With this function, the above Code for reading hp can be written as follows:
Int base;
Int HP;
Base = R (0x12f830) + 0x28 );
// Read the base address of the character
HP = R (base + & h254 );
// Read HP
It looks much clearer.

Next I will read the string and first reference the API:
[Dllimport ("kernel32.dll")]
Public static extern int readprocessmemory (
Int hprocess,
Int lpbaseaddress,
Byte [] lpbuffer,
Int nsize,
Int lpnumberofbytesread
);
Then, like above, write a method for reading strings.
Public static string rstring (intptr process, uint add)
{
String [] R;
String temp;
Byte [] B = new byte [256];
Try
{
Api. readprocessmemory (process, (intptr) add, B, 256, (intptr) 0 );
// Read byte [] to be unicode encoded as a string
Temp = system. Text. encoding. Unicode. getstring (B );
// Intercept the first string
R = temp. Split ('\ 0 ');
Return R [0];
}
Catch (exception ex)
{
Return "error ";
}
}
This function is similar to the above function. It has been written in many comments and is also very simple. You don't need to talk nonsense.
Next, let's read the name of the character. As shown in the previous post, the character name offset is as follows:
Role name: [[base + 3a4] + 0]
The Code is as follows:
String name;
Name = rstring (R (Basse + 0x3a4) + 0x0); // + 0x0 can be removed
Reading other types of data is the same as reading an int. you can do it yourself.

Now everything is ready, this process is worse. Next, if you get the process handle of the game (nonsense: Process Handle: an integer that represents a process. Generally, ** handle indicates the integer value of ).
In two steps, Step 1:
System. Diagnostics. Process [] gamesprocess
= System. Diagnostics. process. getprocessesbyname ("elementclient ");
This step uses the. NET method. system. Diagnostics. process is the process class in. net. The getprocessesbyname static method obtains the process array through the process name. After this line of statements is executed, all game processes are placed in gamesprocess. If you want to do more, you can use the gamesprocess array to determine the game to be played.
Step 2:
Int processid = gamesprocess [0]. ID;
Int process = OpenProcess (0x1f0fff, 0, processid );
Row 3 shows the process ID, which is the PID shown in the task manager. Row 3 gets the process handle. OpenProcess is also a system API and also in kernel32.dll. The three parameters and return values are declared as Int. For details about how to reference the data, see step 1. You can see how to use it. The first parameter is the process ID, and the returned result is the process handle (nonsense: what is the use of the 1, 2 parameter? If you want to know it, please refer to msdn. Just use the parameters in the example. I will not talk about such nonsense in the future ).

Here, you can try to write a small item that reads character data. Of course, the premise is that you need to know the address of the information.
Write memory:
(Nonsense: modifying game data is not of great significance for writing online game plug-ins. Because important data is processed on the server, it is useless to modify it. People use the write memory, which is usually used to change the game code to implement some special functions, such as the wall-crossing and infinite hop in the fairy tree. To know how to change it, we need disassembly and analysis experience. It's not something we can do with cainiao, haha)
Writeprocessmemory (process, (intptr) add, bytes, (uint32) bytes. length, 0 );
Write process memory functions. The parameters of this API correspond to readprocessmemory one by one. You can declare it on your own. If you like it, you can also write a function on the top of the page to simplify writing memory code.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.