C++&C#外挂(内存修改)
2024-10-16 08:02:23
大学时候因为主修C#语言(当然现在做的是javaweb开发),那时在网上学了用C#做外挂的教程,外挂嘛,大家都懂的.这里只是低级的修改内存,不涉及到截获数据包.如果是欺骗服务器,修改服务器数据,那就难的多了.这里给出两个修改内存代码的例子,一个是C#的一个是C++的.C#做东西比较简单,但是运行需要.net环境.C++编译出来的exe执行文件就没有这多要求.查找基质和偏移量的方法大都是用CE,网上教程很多.这里只有简单的代码给大家参考
首先看看C#的,我封装了一个ECHelper.cs工具类,代码如下
//打开进程获取句柄
[DllImport("kernel32.dll", EntryPoint = "OpenProcess")]
public static extern IntPtr OpenProcess(int desiredAccess, bool heritHandle, int pocessID);//访问权限(16进制),是否继承句柄,进程ID
//关闭句柄
[DllImport("kernel32.dll", EntryPoint = "CloseHandle")]
public static extern void CloseHandle(IntPtr hObject);
//读取内存
[DllImport("kernel32.dll", EntryPoint = "ReadProcessMemory")]
public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr baseadress, IntPtr buffer, int nsize, IntPtr bytesread);
//写入内存
[DllImport("kernel32.dll", EntryPoint = "WriteProcessMemory")]
public static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr baseadress, long[] buffer, int nSize, IntPtr byteswrite); //根据进程名获得PID
public static int GetPIDByProcessName(string name)
{
Process[] pros = Process.GetProcessesByName(name);
if (pros.Count() > )
{
return pros[].Id;
}
else
{
return ;
} }
public static int ReadMemoryValue(string name, IntPtr baseadress)
{
try
{
byte[] buffer = new byte[];
IntPtr bufferadress = Marshal.UnsafeAddrOfPinnedArrayElement(buffer, );
IntPtr hprocess = OpenProcess(0x1F0FFF, false, ECHelper.GetPIDByProcessName(name));
ReadProcessMemory(hprocess, baseadress, bufferadress, , IntPtr.Zero);
CloseHandle(hprocess);
return Marshal.ReadInt32(bufferadress);
}
catch
{
return ;
}
}
public static void WriteMemoryValue(string name, IntPtr baseadress, long value)
{
IntPtr hprocess = OpenProcess(0x1F0FFF, false, ECHelper.GetPIDByProcessName(name));
WriteProcessMemory(hprocess, baseadress, new long [] { value }, , IntPtr.Zero);
CloseHandle(hprocess);
}
调用方法如下
string name = "cstrike";
int baseadress = 0x025069BC;
private void btnShoot_Click(object sender, EventArgs e)
{
timShoot.Start();
} private void timShoot_Tick(object sender, EventArgs e)
{
timShoot.Interval = ;
int adress1 = ECHelper.ReadMemoryValue(name, (IntPtr)baseadress);
adress1 = adress1 + 0x7C;
int adress2 = ECHelper.ReadMemoryValue(name, (IntPtr)adress1);
adress2 = adress2 + 0x5EC;
int adress3 = ECHelper.ReadMemoryValue(name, (IntPtr)adress2);
adress3 = adress3 + 0xCC;
ECHelper.WriteMemoryValue(name, (IntPtr)adress3, 0x64); //cs子弹无线
}
这里是C#源码
下面看C++语言的
DWORD getLastError;
//1.根据窗口名获取窗口
HWND hWinmine = FindWindow(NULL,"Counter-Strike");
DWORD dwPID = ; //窗口进程标示
//2.根据窗口获取pid
GetWindowThreadProcessId(hWinmine, &dwPID);
if (dwPID == )
{
printf("获取PID失败\n");
return -;
}
//3.根据pid获取进程
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, dwPID);
if (hProcess == NULL)
{
printf("进程打开失败\n");
getLastError = GetLastError();
return -;
} DWORD dwNum = , dwSize = ; //基址
DWORD CSBaseAddress = 0x025069BC;
//基址值
DWORD CSBaseAddressValue = ;
if ( == ReadProcessMemory(hProcess, (LPVOID)CSBaseAddress, &CSBaseAddressValue, sizeof(DWORD), &dwSize))
{
printf("静态址获取失败\n");
getLastError = GetLastError();
return -;
} //一级偏移
DWORD CSOffsetFirst = 0x7C;
//一级偏移值
DWORD CSOffsetFirstValue = ;
if ( == ReadProcessMemory(hProcess, (LPVOID)(CSBaseAddressValue + CSOffsetFirst), &CSOffsetFirstValue, sizeof(DWORD), &dwSize))
{
printf("一级偏移获取失败\n");
getLastError = GetLastError();
return -;
} //二级偏移
DWORD CSOffsetSecond = 0x5EC;
//二级偏移值
DWORD CSOffsetSecondValue = ;
if ( == ReadProcessMemory(hProcess, (LPVOID)(CSOffsetFirstValue + CSOffsetSecond), &CSOffsetSecondValue, sizeof(DWORD), &dwSize))
{
printf("二级偏移获取失败\n");
getLastError = GetLastError();
return -;
} //三级偏移
DWORD CSOffsetThird = 0xCC;
DWORD CSNum=; //这里是当前子弹值
if ( == ReadProcessMemory(hProcess, (LPVOID)(CSOffsetSecondValue + CSOffsetThird), &CSNum, sizeof(DWORD), &dwSize))
{
printf("三级偏移获取失败\n");
getLastError = GetLastError();
return -;
} int modifyCS;
printf("CSNum:%d\n", CSNum);
printf("输入你要修改后的值:");
scanf("%d", &modifyCS);
//更改值
WriteProcessMemory(hProcess, (LPVOID)(CSOffsetSecondValue + CSOffsetThird), &modifyCS, sizeof(DWORD), &dwSize); CloseHandle(hProcess); //关闭进程
system("pause"); //窗口停留
最新文章
- BZOJ1500[NOI2005]维修数列
- java环境变量以及jdk、jre、jvm
- using 语句中使用的类型必须可隐式转换为“System.IDisposable
- 因GIT默认忽略.dll文件导致的Visual Studio项目通过Bamboo编译失败
- iOS开发小技巧--TextField的细节处理,键盘中return键的处理
- linux 驱动入门4
- Javascript 学习之路:鼠标长按事件
- 从range和xrange的性能对比到yield关键字(中)
- CheckBox的用法
- javascript世界一等公民—函数
- 关于.NET的配置文件
- 在easyui dialog的子页面内如何关闭弹窗
- HDU 4641 K-string
- 【Unity Shaders】Diffuse Shading——创建一个基本的Surface Shader
- 模板基础model
- 【Linux】-NO.86.Linux.6.C.1.001-【CentOS 7 Install GCC】-
- g++编译
- Failed to execute goal org.apache.maven.plugins:maven-clean-plugin:2.5:clean (default-clean)
- SpringIOC的小例子
- linux文件系统 - 初始化(三)