devbox
笔触狂放9
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

植物大战僵尸外挂源码

作者:笔触狂放9 | 2024-06-12 06:46:57

外挂源码
  1. #include"stdafx.h"
  2. #include<iostream>      
  3. #include<windows.h>   
  4. #include <assert.h>
  5. #include<TlHelp32.h>    
  6. #include <string.h>
  7. #include "stdio.h"
  8. #include "Shlwapi.h"
  9. #include "tlhelp32.h"
  10. #include "Psapi.h"
  11. #include <TChar.h> 
  12. #pragma comment(lib,"Psapi.lib")
  13. #pragma comment(lib,"Shlwapi.lib")
  14.  
  15.  
  16. //参数结构 ; 
  17. typedef struct _RemotePara
  18. {
  19. 	UINT y;
  20. 	UINT x;
  21. 	UINT id;
  22. }RemotePara;
  23.  
  24. using namespace std;
  25. HWND hwnd_Game;
  26. DWORD ProcessID;
  27. HANDLE h_process;
  28. int Base;
  29. int Offset[10];
  30. HANDLE hToken, hThread;
  31. RemotePara myRemotePara;
  32. HINSTANCE hUser32;
  33. void *pRemoteThread;
  34. DWORD byte_write;
  35. RemotePara *pRemotePara;
  36. const DWORD THREADSIZE = 1024 * 4;
  37.  
  38.  
  39. // 远程线程执行体
  40. DWORD __stdcall ThreadProc(RemotePara *Para) {
  41. 	typedef void(__stdcall *pExitProcess) (UINT);
  42. 	pExitProcess y = (pExitProcess)Para->y;
  43. 	pExitProcess x = (pExitProcess)Para->x;
  44. 	pExitProcess id = (pExitProcess)Para->id;
  45. 	__asm {
  46. 		pushad
  47. 		push - 1
  48. 		push id
  49. 		mov eax, y
  50. 		push x
  51. 		mov edi, dword ptr ds : [0x755E0C]
  52. 		mov edi, dword ptr ds : [edi + 0x868]
  53. 		push edi
  54. 		mov edx, 0x418D70
  55. 		call   edx
  56. 		popad
  57. 	}
  58. 	return 0;
  59. }
  60.  
  61. BOOL EnablePrivilege(HANDLE hToken, LPCTSTR szPrivName, BOOL fEnable)
  62. {
  63. 	TOKEN_PRIVILEGES tp;
  64. 	tp.PrivilegeCount = 1;
  65. 	LookupPrivilegeValue(NULL, szPrivName, &tp.Privileges[0].Luid);
  66. 	tp.Privileges[0].Attributes = fEnable ? SE_PRIVILEGE_ENABLED : 0;
  67. 	AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL);
  68. 	return((GetLastError() == ERROR_SUCCESS));
  69. }
  70.  
  71. HANDLE GetPidByName(char *szName)
  72. {
  73. 	HWND hwnd_Game = FindWindow(NULL, L"Plants vs. Zombies");
  74. 	GetWindowThreadProcessId(hwnd_Game, &ProcessID);
  75. 	return OpenProcess(PROCESS_ALL_ACCESS, false, ProcessID);
  76. }
  77.  
  78. int callPlant()
  79. {
  80.  
  81. 	// 启动线程 
  82. 	if (!WriteProcessMemory(h_process, pRemotePara, &myRemotePara, sizeof myRemotePara, 0))
  83. 	{
  84.  
  85. 		return 0;
  86.  
  87. 	}
  88.  
  89. 	hThread = CreateRemoteThread(h_process, 0, 0, (DWORD(__stdcall *)(void *))pRemoteThread, pRemotePara, 0, &byte_write);
  90.  
  91.  
  92. 	return 1;
  93. }
  94.  
  95. void GetGameInfo()
  96. {
  97. 	hwnd_Game = FindWindow(NULL, L"Plants vs. Zombies");
  98. 	GetWindowThreadProcessId(hwnd_Game, &ProcessID);
  99. 	h_process = OpenProcess(PROCESS_ALL_ACCESS, false, ProcessID);
  100.  
  101. 	Base = 0x00755E0C;
  102. 	Offset[0] = 0x868;
  103. 	Offset[1] = 0x5578;
  104. }
  105.  
  106. //通过基址加偏移得到动态地址    
  107. int GetDymThroughBase(int Base, int Offset[], int len)
  108. {
  109. 	int Dym_temp;
  110. 	ReadProcessMemory(h_process, (LPVOID)Base, &Dym_temp, 4, NULL);
  111. 	for (int i = 0; i < len; i++)
  112. 	{
  113. 		if (i == len - 1)
  114. 			Dym_temp += Offset[i];
  115. 		else
  116. 			ReadProcessMemory(h_process, (LPVOID)(Dym_temp + Offset[i]), &Dym_temp, 4, NULL);
  117. 	}
  118. 	return Dym_temp;
  119. }
  120. //修改阳光  
  121. void ChangeSunshine(int num)
  122. {
  123. 	int DymnamicAddress = GetDymThroughBase(Base, Offset, 2);
  124. 	int ret = WriteProcessMemory(h_process, (LPVOID)DymnamicAddress, &num, 4, NULL);
  125. 	if (ret == 0)
  126. 	{
  127. 		cout << "修改失败!" << endl;
  128. 	}
  129. 	else
  130. 	{
  131. 		cout << "修改成功!" << endl;
  132. 	}
  133. }
  134. //免CD  
  135. void DisableCoolDown()
  136. {
  137. 	int num = 0x1477;
  138. 	int ret = WriteProcessMemory(h_process, (LPVOID)0x0049CE02, &num, 2, NULL);
  139. 	if (ret)
  140. 	{
  141. 		cout << "免冷却成功!" << endl;
  142. 	}
  143. 	else
  144. 	{
  145. 		cout << "免冷却失败!" << endl;
  146. 	}
  147. }
  148.  
  149. int in()
  150. {
  151.  
  152. 	// 在远程进程地址空间分配虚拟内存
  153. 	pRemoteThread = VirtualAllocEx(h_process, 0, THREADSIZE, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
  154. 	if (!pRemoteThread)
  155. 		return 0;
  156.  
  157. 	// 将线程执行体ThreadProc写入远程进程
  158. 	if (!WriteProcessMemory(h_process, pRemoteThread, &ThreadProc, THREADSIZE, 0))
  159. 		return 0;
  160. 	
  161. 	ZeroMemory(&myRemotePara, sizeof(RemotePara));
  162. 	hUser32 = LoadLibrary((LPCWSTR)"kernel32.dll");
  163.  
  164. 	//写进目标进程 
  165. 	pRemotePara = (RemotePara *)VirtualAllocEx(h_process, 0, sizeof(RemotePara), MEM_COMMIT, PAGE_READWRITE);
  166.  
  167. 	if (pRemotePara)
  168. 	{
  169. 		return 1;
  170. 	}
  171. 	else
  172. 		return 0;
  173. }
  174.  
  175.  
  176.  
  177. int main()
  178. {
  179. 	int n_sunshine_change;
  180. 	int n_choice = 99;
  181. 	GetGameInfo();
  182.  
  183. 	DWORD pID;
  184.  
  185. 	char szSafePath[MAX_PATH] = { "C://Program Files//Safe Office//oem//BioFileLogOp.dll" };
  186. 	char szKxPath[MAX_PATH] = { "C://Program Files//KeXin WPS Office//oem//BioFileLogOp.dll" };
  187.  
  188. 	HANDLE hSafeFind;
  189. 	HANDLE hKxFind;
  190. 	WIN32_FIND_DATA FindFileData, FindKxFileData;
  191.  
  192. 	OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken); //打开进程
  193.  
  194. 	EnablePrivilege(hToken, SE_DEBUG_NAME, TRUE); //提升为调试权限
  195.  
  196. 	if (!in()) 
  197. 	{
  198. 		cout << "No!!!!!!!!!!!" << endl;
  199. 		Sleep(50000);
  200. 		return 0;
  201. 	}
  202. 	cout << "欢迎使用植物大战僵尸外挂,请选择你要实现的功能:\n1.修改阳光\n2.植物免冷却\n3.种植植物\n4.召唤炮兵连队\n5.召唤寒冰西瓜连队\n0.退出\n";
  203.  
  204.  
  205. 	while (n_choice)
  206. 	{
  207. 		cin >> n_choice;
  208. 		switch (n_choice)
  209. 		{
  210. 		case 1:
  211. 			cout << "请输入你要修改的阳光值:";
  212. 			cin >> n_sunshine_change;
  213. 			ChangeSunshine(n_sunshine_change);
  214. 			break;
  215. 		case 2:
  216. 			DisableCoolDown();
  217. 			break;
  218. 		case 3:
  219. 			cout << "请输入你要种植的植物ID:";
  220. 			cin >> myRemotePara.id;
  221. 			cout << "请输入你要种植的x坐标:";
  222. 			cin >> myRemotePara.x;
  223. 			cout << "请输入你要种植的y坐标:";
  224. 			cin >> myRemotePara.y;
  225. 			callPlant();
  226. 			break;
  227. 		case 4:
  228. 			cout << "Waiting......";
  229. 			myRemotePara.id = 40;
  230. 			myRemotePara.x = 0;
  231. 			for (int i = 0; i < 20; i++)
  232. 			{
  233. 				for (int j = 0; j < 6; j++)
  234. 				{
  235. 					myRemotePara.y = j;
  236. 					Sleep(100);
  237. 					callPlant();
  238. 				}
  239. 			}
  240. 			myRemotePara.id = 43;
  241. 			myRemotePara.x = 1; 
  242. 			for (int i = 0; i < 2; i++)
  243. 			{
  244. 				for (int j = 0; j < 6; j++)
  245. 				{
  246. 					myRemotePara.y = j;
  247. 					Sleep(100);
  248. 					callPlant();
  249. 				}
  250. 			}
  251. 			myRemotePara.id = 22;
  252. 			myRemotePara.x = 2;
  253. 			for (int j = 0; j < 6; j++)
  254. 			{
  255. 				myRemotePara.y = j;
  256. 				Sleep(100);
  257. 				callPlant();
  258. 			}
  259. 			myRemotePara.id = 25;
  260. 			myRemotePara.x = 6;
  261. 			for (int j = 0; j < 6; j++)
  262. 			{
  263. 				myRemotePara.y = j;
  264. 				Sleep(100);
  265. 				callPlant();
  266. 			}
  267. 			cout << "OK! We have done.\n";
  268. 			break;
  269. 		case 5:
  270. 			cout << "Waiting......";
  271. 			myRemotePara.id = 44;
  272. 			myRemotePara.x = 0;
  273. 			for (int i = 0; i < 40; i++)
  274. 			{
  275. 				for (int j = 0; j < 5; j++)
  276. 				{
  277. 					myRemotePara.y = j;
  278. 					Sleep(100);
  279. 					callPlant();
  280. 				}
  281. 			}
  282. 			myRemotePara.id = 43;
  283. 			myRemotePara.x = 1;
  284. 			for (int i = 0; i < 1; i++)
  285. 			{
  286. 				for (int j = 1; j < 4; j++)
  287. 				{
  288. 					myRemotePara.y = j;
  289. 					Sleep(100);
  290. 					callPlant();
  291. 				}
  292. 			}
  293. 			cout << "OK! We have done.\n";
  294. 			break;
  295. 		case 6:
  296. 			cout << "Waiting......";
  297. 			myRemotePara.id = 0;
  298. 			myRemotePara.x = 4;
  299. 			for (int i = 0; i < 40; i++)
  300. 			{
  301. 				for (int j = 0; j < 5; j++)
  302. 				{
  303. 					myRemotePara.y = j;
  304. 					Sleep(100);
  305. 					callPlant();
  306. 				}
  307. 			}
  308. 			break;
  309. 		}
  310. 	}
  311. 	return 0;
  312. }

 

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/笔触狂放9/article/detail/706845
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号