c++&c# plug-in (memory modification)

University time because major C # language (of course, now do is javaweb development), at that time on the Internet to do plug-in with C # tutorial, plug it, we all understand. This is just a low-level modification of memory, and does not involve intercepting packets. If you are spoofing the server, modify the server data, That's a lot harder. Here are two examples of modifying memory code, one of C # is C + +. C # is simpler to do, but running requires a. NET environment. The C + + compiled EXE executable does not have this many requirements. The method of finding the matrix and offset is mostly CE, There are a lot of tutorials online. Here's a simple code for you to refer to

First look at C #, I encapsulated a ECHelper.cs tool class, the code is as follows

        //open process get handle[DllImport ("Kernel32.dll", EntryPoint ="openprocess")]         Public Static externIntPtr OpenProcess (intDesiredaccess,BOOLHerithandle,intPOCESSID);//access Rights (16 binary), whether to inherit handle, process ID//Close Handle[DllImport ("Kernel32.dll", EntryPoint ="CloseHandle")]         Public Static extern voidCloseHandle (IntPtr hobject); //Read Memory[DllImport ("Kernel32.dll", EntryPoint ="readprocessmemory")]         Public Static extern BOOLReadProcessMemory (IntPtr hprocess, IntPtr baseadress, IntPtr buffer,intnsize, IntPtr bytesread); //Write Memory[DllImport ("Kernel32.dll", EntryPoint ="WriteProcessMemory")]         Public Static extern BOOLWriteProcessMemory (IntPtr hprocess, IntPtr baseadress,Long[] Buffer,intnSize, IntPtr byteswrite); //get PID based on process name         Public Static intGetpidbyprocessname (stringname) {process[] Pros=process.getprocessesbyname (name); if(Pros. Count () >0)            {                returnpros[0].            Id; }            Else            {                return 0; }        }         Public Static intReadmemoryvalue (stringname, IntPtr baseadress) {            Try            {                byte[] buffer =New byte[4]; INTPTR bufferadress= marshal.unsafeaddrofpinnedarrayelement (buffer,0); IntPtr hprocess= OpenProcess (0x1f0fff,false, Echelper.getpidbyprocessname (name)); ReadProcessMemory (hprocess, baseadress, bufferadress,4, IntPtr.Zero);                CloseHandle (hprocess); returnMarshal.readint32 (bufferadress); }            Catch            {                return 0; }        }         Public Static voidWritememoryvalue (stringName, IntPtr baseadress,Longvalue) {INTPTR hprocess= OpenProcess (0x1f0fff,false, Echelper.getpidbyprocessname (name)); WriteProcessMemory (hprocess, baseadress,New Long[] {value},4, IntPtr.Zero);        CloseHandle (hprocess); }

The calling method is as follows

stringName ="Cstrike";intBaseadress =0X025069BC;Private voidBtnshoot_click (Objectsender, EventArgs e) {Timshoot.start ();}Private voidTimshoot_tick (Objectsender, EventArgs e) {Timshoot.interval= -; intAdress1 =Echelper.readmemoryvalue (name, (INTPTR) baseadress); Adress1= Adress1 +0x7C; intAdress2 =Echelper.readmemoryvalue (name, (INTPTR) adress1); Adress2= Adress2 +0x5ec; intADRESS3 =Echelper.readmemoryvalue (name, (INTPTR) adress2); ADRESS3= Adress3 +0xCC; Echelper.writememoryvalue (name, (INTPTR) ADRESS3,0x64);//CS Bullet Wireless}

This is C # source code

The following see the C + + language

DWORD GetLastError; //1. Get the window based on the window nameHWND hwinmine = FindWindow (NULL,"Counter-Strike"); DWORD Dwpid=0;//window Process Flag//2. Get PID based on windowGetWindowThreadProcessId (Hwinmine, &dwpid); if(Dwpid = =0) {printf ("get PID failed \ n"); return-1; }      //3. According to the PID acquisition processHANDLE hprocess = OpenProcess (process_all_access,false, Dwpid); if(hprocess = =NULL) {printf ("process open failed \ n"); GetLastError=GetLastError (); return-1; } DWORD dwnum=0, dwsize =0; //Base AddressDWORD csbaseaddress =0X025069BC; //Base Address ValueDWORD Csbaseaddressvalue =0; if(0= = ReadProcessMemory (hprocess, (LPVOID) csbaseaddress, &csbaseaddressvalue,sizeof(DWORD), &dwsize)) {printf ("Static address acquisition failed \ n"); GetLastError=GetLastError (); return-1; }      //level ShiftDWORD Csoffsetfirst =0x7C; //First- level offset valueDWORD Csoffsetfirstvalue =0; if(0= = ReadProcessMemory (hprocess, (LPVOID) (Csbaseaddressvalue + Csoffsetfirst), &csoffsetfirstvalue,sizeof(DWORD), &dwsize)) {printf ("First- level offset acquisition failed \ n"); GetLastError=GetLastError (); return-1; }        //Two-stage offsetDWORD Csoffsetsecond =0x5ec; //Two-level offset valueDWORD Csoffsetsecondvalue =0; if(0= = ReadProcessMemory (hprocess, (LPVOID) (Csoffsetfirstvalue + Csoffsetsecond), &csoffsetsecondvalue,sizeof(DWORD), &dwsize)) {printf ("Two-level offset acquisition failed \ n"); GetLastError=GetLastError (); return-1; }    //three-stage offsetDWORD Csoffsetthird =0xCC; DWORD Csnum=0;//here is the current bullet value    if(0= = ReadProcessMemory (hprocess, (LPVOID) (Csoffsetsecondvalue + Csoffsetthird), &csnum,sizeof(DWORD), &dwsize)) {printf ("three-level offset acquisition failed \ n"); GetLastError=GetLastError (); return-1; }    intModifycs; printf ("csnum:%d\n", Csnum); printf ("Enter the value you want to modify:"); scanf ("%d", &MODIFYCS); //Change the valueWriteProcessMemory (hprocess, (LPVOID) (Csoffsetsecondvalue + Csoffsetthird), &MODIFYCS,sizeof(DWORD), &dwsize);  CloseHandle (hprocess); //Close ProcessSystem"Pause");//window Stop

C + + source

c++&c# plug-in (memory modification)