这个问题来自伴水的《划拳机器人》
,对本文用途感兴趣的朋友请大致阅读伴水的帖子,在帖子中我用这个方法写了剪刀五号
,战绩不错,当然属于作弊的方法了。
剪刀五号的思路就是每次出拳,尽量让对方能赢,然后根据一个地址段来扫描内存中对方所赢的局数的保存地址,找到后在得到比赛结果时把内存数据改掉。这个类似以前打单机游戏时用的fpe之类的修改工具。当然,如果对方故意犯规,一局也不赢,你是找不到他的地址的,这样可以通过正常途径来获取胜利。
把剪刀五号核心代码简化后,主要为三个api函数
OpenProcess,ReadProcessMemory,WriteProcessMemory
代码大致如下:
using
System;
using
System.Collections.Generic;
using
System.Text;
using
System.Runtime.InteropServices;
namespace
ConsoleApplication4
...
{
//
打开不安全代码开关:项目-右键-属性-生成-允许不安全代码
class
Program
...
{
[DllImport(
"
kernel32.dll
"
)]
public
static
extern
IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheritHandle, UInt32 dwProcessId);
[DllImport(
"
kernel32.dll
"
)]
public
static
extern
Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,
uint
[] lpBuffer, UInt32 nSize, IntPtr lpNumberOfBytesWritten);
[DllImport(
"
kernel32.dll
"
)]
public
static
extern
Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,
uint
[] lpBuffer, UInt32 nSize, IntPtr lpNumberOfBytesRead);
static
IntPtr pAddress
=
(IntPtr)
0x12bdad8
;
static
uint
[] Read
=
new
uint
[
1
];
static
uint
[] Write
=
new
uint
[]
...
{
0x64
}
;
static
private
int
mm
=
999
;
static
void
Main(
string
[] args)
...
{
unsafe
...
{
fixed
(
int
*
i
=
&
mm)
...
{ pAddress
=
(IntPtr)i; }
}
IntPtr h
=
OpenProcess(
0x1F0FFF
,
0
, (UInt32)System.Diagnostics.Process.GetCurrentProcess().Id);
ReadProcessMemory(h, pAddress, Read,
4
, (IntPtr)
0
);
//
获取内存数据
Console.WriteLine(Read[
0
]);
//
输出999
WriteProcessMemory(h, pAddress, Write,
4
, (IntPtr)
0
);
//
修改内存数据
Console.WriteLine(mm);
//
输出100
Console.Read();
}
}
}
System;
using
System.Collections.Generic;
using
System.Text;
using
System.Runtime.InteropServices;
namespace
ConsoleApplication4
...
{
//
打开不安全代码开关:项目-右键-属性-生成-允许不安全代码
class
Program
...
{
[DllImport(
"
kernel32.dll
"
)]
public
static
extern
IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheritHandle, UInt32 dwProcessId);
[DllImport(
"
kernel32.dll
"
)]
public
static
extern
Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,
uint
[] lpBuffer, UInt32 nSize, IntPtr lpNumberOfBytesWritten);
[DllImport(
"
kernel32.dll
"
)]
public
static
extern
Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,
uint
[] lpBuffer, UInt32 nSize, IntPtr lpNumberOfBytesRead);
static
IntPtr pAddress
=
(IntPtr)
0x12bdad8
;
static
uint
[] Read
=
new
uint
[
1
];
static
uint
[] Write
=
new
uint
[]
...
{
0x64
}
;
static
private
int
mm
=
999
;
static
void
Main(
string
[] args)
...
{
unsafe
...
{
fixed
(
int
*
i
=
&
mm)
...
{ pAddress
=
(IntPtr)i; }
}
IntPtr h
=
OpenProcess(
0x1F0FFF
,
0
, (UInt32)System.Diagnostics.Process.GetCurrentProcess().Id);
ReadProcessMemory(h, pAddress, Read,
4
, (IntPtr)
0
);
//
获取内存数据
Console.WriteLine(Read[
0
]);
//
输出999
WriteProcessMemory(h, pAddress, Write,
4
, (IntPtr)
0
);
//
修改内存数据
Console.WriteLine(mm);
//
输出100
Console.Read();
}
}
}