Win32 compilation WG series tutorial 1 -- Plants vs. botnets 5211314

Opening remarks:

WG, A Very dazzling term. Most of the names on the market are written in the VB/Delphi/C ++ or E language. I used Delphi and VB before, the advantage of these languages is that they are easy to write and get started! In particular, the E language has basically implemented WG modularization... a lot of new beginners start learning time and follow the video tutorial, step by step, and finally do not know why it succeeded! These languages are too encapsulated and not intuitive! For beginners, I also recommend that you use languages that are at the underlying level, such as win32asm and c... despite the tedious compilation process, the principles can be clearly expressed, laying a solid foundation for future use of advanced language writing!

Suggestion: have a basic assembly language of 8086/Win32, be familiar with C language or another advanced language, and understand the PE Structure and the operating mechanism of win program, and the kernel programming knowledge that will be used later for protection! This series of tutorials use Win32 assembly language and OD for dynamic debugging!

----------------------------------------------
OK, start serving food in the simplest way)

Game: Chinese version of Plants vs. Zombies

Objective: To make the game's sunshine value reach 5211314. I love you forever!

Idea: Standalone games! Simply modify the game memory data.

Tool: RadAsm, Ce, and spy ++. For more information about how to use the tool, refer to the special edition next time! You can also Google!

Steps:
1. Use ce to find the memory address of the game's sunshine value and spy ++ to get the game window title

2. Implemented Using Win32 Assembly Language

It involves several simple APIs:

Findwindow

Getwindowthreadprocessid

OpenProcess

Writeprocessmemory

The code may be too cumbersome to express your thoughts more intuitively! But it is easy to understand!

----------------------------
Source code:
. 386

. Model flat, stdcall

Option Casemap: None

; **************************************** *******************

Include windows. inc

Include user32.inc

Include kernel32.inc

Includelib user32.lib

Includelib kernel32.lib

; **************************************** *******************

. Data

H0 dB 'h', 0

H1 dB 'Chinese version of Plants vs. bots', 0; game window title
T0 db' enter the game before use. If preparation is complete, click OK! ', 0

T1 dB 'window handle not retrieved ', 0

T2 dB 'process id not retrieved ', 0

T3 dB 'process handle not retrieved ', 0

T4 dB 'memory write failed', 0

T5 dB 'Modified successfully', 0
WW dd? ; Used to store the process ID

Gg dd 5211314; we want to modify the sunshine Value

; **************************************** *******************

. Code

Start:

Invoke MessageBox, 0, offset T0, offset H0, mb_ OK

; **************************************** ******************

; Get the window handle and determine whether it is successful

Invoke findwindow, 0, offset H1

. If eax = 0

Invoke MessageBox, 0, offset T1, offset H0, mb_ OK

. Endif

; **************************************** *******************

; Obtain the process ID and determine whether the process is successful

Invoke getwindowthreadprocessid, eax, offset ww

. If eax = 0

Invoke MessageBox, 0, offset T2, offset H0, mb_ OK

. Endif

; **************************************** *******************

; Obtain the Process Handle and determine whether the process is successful

Invoke OpenProcess, process_all_access, false, WW

. If eax = 0

Invoke MessageBox, 0, offset T3, offset H0, mb_ OK

. Endif

; **************************************** ******************

; Write data to the memory and determine whether the data is successful

Invoke writeprocessmemory, eax, 10f58418h, addr gg, 4, 0

. If eax = 0

Invoke MessageBox, 0, offset T4, offset H0, mb_ OK

. Else

Invoke MessageBox, 0, offset T5, offset H0, mb_ OK

. Endif

; **************************************** *****************

Invoke exitprocess, 0

End start

--------------------------------
Summary: Notes for beginners:
1. differentiate module handles and window handles! Differentiate thread ID and process ID

2. The returned value of getwindowthreadprocessid is the thread ID, and the process ID is stored in the second

In this example, the WW variable is used.

3. Permission issues of the OpenProcess function

4. When using the writeprocessmemory function, pay attention to the size of data written!
5. For the purpose of the tutorial, the address of this sunshine value is a dynamic base address, which changes every time it is started. Please note!
--------------------------------
Note: Due to the limited level, writing is in a rush. If there are errors or deficiencies, please point out! Thank you.

 
-- Xiaosheng

========================

Bool writeprocessmemory (handle hprocess, // Process Handle lpvoid lpbaseaddress, // The first address of the memory to be written lpvoid lpbuffer, // pointer to the data to be written DWORD nsize, // The number of bytes to write. Lpdword lpnumberofbyteswritten); the return value is a non-zero value, indicating that the request is successful.

Invoke writeprocessmemory, eax, 10f58418h, addr gg, 4, 0

Eax
Yesprocess handle

10f58418h
Is the first address of the memory to change the sunshine Value

ADDR
Gg indicates the pointer to the data to be written, that is, the value to be modified is 5211314 (hexadecimal)

4

4 bytes to be written.

It is useless to enter 0 in the last parameter.

Q: Do I need to use ce to find the memory address of the game sunshine value every time?