C# 操做地址 從內存中讀取寫入數據(初級)
本示例以植物大戰殭屍爲例, 實現功能爲 每1秒讓陽光刷新爲 9999.本示例使用的遊戲版本爲 [植物大戰殭屍2010年度版], 使用的輔助查看內存地址的工具是 CE.安全
因爲每次啓動遊戲, 遊戲中陽光地址都是變的, 惟一不變的基址1, 咱們要經過CE工具找到基址1的地址, 能夠算出陽光的地址.ide
基址2的地址 = 基址1中的值 + 偏移1;工具
陽光的的地址 = 基址2中的值 + 偏移2;spa
如下爲簡單示例: 窗口界面一個按鈕 和 一個定時器線程
using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using System.Windows.Forms; using System.Runtime.InteropServices; using System.Diagnostics; namespace ZhiWuDaZhanJiangShi { public partial class Form1 : Form { public Form1() { InitializeComponent(); } #region API //從指定內存中讀取字節集數據 [DllImportAttribute("kernel32.dll", EntryPoint = "ReadProcessMemory")] public static extern bool ReadProcessMemory(IntPtr hProcess,IntPtr lpBaseAddress,IntPtr lpBuffer,int nSize,IntPtr lpNumberOfBytesRead); //從指定內存中寫入字節集數據 [DllImportAttribute("kernel32.dll", EntryPoint = "WriteProcessMemory")] public static extern bool WriteProcessMemory(IntPtr hProcess,IntPtr lpBaseAddress,int[] lpBuffer,int nSize, IntPtr lpNumberOfBytesWritten ); //打開一個已存在的進程對象,並返回進程的句柄 [DllImportAttribute("kernel32.dll", EntryPoint = "OpenProcess")] public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId); //關閉一個內核對象。其中包括文件、文件映射、進程、線程、安全和同步對象等。 [DllImport("kernel32.dll")] private static extern void CloseHandle(IntPtr hObject); #endregion #region 使用方法 //根據進程名獲取PID public static int GetPidByProcessName(string processName) { Process[] arrayProcess = Process.GetProcessesByName(processName); foreach (Process p in arrayProcess) { return p.Id; } return 0; } //讀取內存中的值 public static int ReadMemoryValue(int baseAddress, string processName) { try { byte[] buffer = new byte[4]; //獲取緩衝區地址 IntPtr byteAddress = Marshal.UnsafeAddrOfPinnedArrayElement(buffer, 0); //打開一個已存在的進程對象 0x1F0FFF 最高權限 IntPtr hProcess = OpenProcess(0x1F0FFF, false, GetPidByProcessName(processName)); //將制定內存中的值讀入緩衝區 ReadProcessMemory(hProcess, (IntPtr)baseAddress, byteAddress, 4, IntPtr.Zero); //關閉操做 CloseHandle(hProcess); //從非託管內存中讀取一個 32 位帶符號整數。 return Marshal.ReadInt32(byteAddress); } catch { return 0; } } //將值寫入指定內存地址中 public static void WriteMemoryValue(int baseAddress, string processName, int value) { try { //打開一個已存在的進程對象 0x1F0FFF 最高權限 IntPtr hProcess = OpenProcess(0x1F0FFF, false, GetPidByProcessName(processName)); //從指定內存中寫入字節集數據 WriteProcessMemory(hProcess, (IntPtr)baseAddress, new int[] { value }, 4, IntPtr.Zero); //關閉操做 CloseHandle(hProcess); } catch { } } #endregion //遊戲內存基址 private int baseAddress = 0x0015E944; //遊戲進程名字 private string processName = "PlantsVsZombies"; //開啓/關閉 功能 的按鈕 private void button1_Click(object sender, EventArgs e) { if (GetPidByProcessName(processName) == 0) { MessageBox.Show("遊戲沒有運行!"); return; } if (button1.Text == "開啓") { button1.Text = "關閉"; timer1.Enabled = true; } else { button1.Text = "開啓"; timer1.Enabled = false; } } //定時器 private void timer1_Tick(object sender, EventArgs e) { if (GetPidByProcessName(processName) == 0) { timer1.Enabled = false; } //baseAddress : 遊戲內存基址 processName : 遊戲進程名 //讀取 基址1 中存放的值 int address = ReadMemoryValue(baseAddress, processName); //計算 基址2的地址 = 基址1中的值 + 偏移量1 address = address + 0x868; //讀取 基址2 中存放的值 address = ReadMemoryValue(address, processName); //計算 陽光的地址 = 基址2中的值 + 偏移量2 address = address + 0x5578; //給陽光地址中寫入數值,0x378 : 888 WriteMemoryValue(address, processName, 0x378); } } }
下面增長了一個刷新金幣的示例 (注意, 金幣值是界面的金幣輸 除以 10 , 咱們刷100 在界面裏面顯示爲1000)3d
private void button2_Click(object sender, EventArgs e) { if (GetPidByProcessName(processName) == 0) { MessageBox.Show("遊戲沒有運行!"); return; } //baseAddress : 遊戲內存基址 processName : 遊戲進程名 //讀取 基址1 中存放的值 int address = ReadMemoryValue(baseAddress, processName); //計算 基址2的地址 = 基址1中的值 + 偏移量1 address = address + 0x950; //讀取 基址2 中存放的值 address = ReadMemoryValue(address, processName); //計算 陽光的地址 = 基址2中的值 + 偏移量2 address = address + 0x50; //給陽光地址中寫入數值,0x378 : 888 WriteMemoryValue(address, processName, GetInt(textBox2.Text)); } private int GetInt(string s) { int n = 0; int.TryParse(s, out n); if (n <= 0) { n = 100; } return n; }
今天又增長了無植物無冷卻時間的功能code
int count = 0; private void Form1_Load(object sender, EventArgs e) { if (GetPidByProcessName(processName) != 0) { int address = ReadMemoryValue(baseAddress, processName); address = address + 0x868; address = ReadMemoryValue(address, processName); address = address + 0x15c; address = ReadMemoryValue(address, processName); address = address + 0x24; address = ReadMemoryValue(address, processName); count = address; label3.Text = "植物欄個數: " + address.ToString() + " 個"; } } private void timer2_Tick(object sender, EventArgs e) { if (GetPidByProcessName(processName) == 0) { timer2.Enabled = false; } if (count > 0) { for (int i = 0; i < count; i++) { int address = ReadMemoryValue(baseAddress, processName); address = address + 0x868;//一級地址 address = ReadMemoryValue(address, processName); address = address + 0x15c;//二級地址 address = ReadMemoryValue(address, processName); address = address + 0x4c;//第一欄 植物的地址 // 每後一個植物 地址 偏移 50 (在十進制裏是80) //偏移 0x24 的地址 是標示是否在冷卻中 值 :( 0 : 爲冷卻中, 1 爲冷卻完成) address = address + 80 * i + 0x24; WriteMemoryValue(address, processName, 1); //若是不偏移 0x24 的地址爲冷卻時間地址, 值不肯定, 通常最大設爲6000 也能夠完成此功能 //address = address + 80 * i; //WriteMemoryValue(address, processName, 6000); } } else { int address = ReadMemoryValue(baseAddress, processName); address = address + 0x868; address = ReadMemoryValue(address, processName); address = address + 0x15c; address = ReadMemoryValue(address, processName); address = address + 0x24; address = ReadMemoryValue(address, processName); count = address; label3.Text = "植物欄個數: " + address.ToString() + " 個"; } } private void button3_Click(object sender, EventArgs e) { if (GetPidByProcessName(processName) == 0) { MessageBox.Show("遊戲沒有運行!"); return; } if (button3.Text == "有冷卻") { button3.Text = "無冷卻"; timer2.Enabled = true; } else { button3.Text = "有冷卻"; timer2.Enabled = false; } }
相關文章
- 1. C# 操做地址 從內存中讀取寫入數據(初級)
- 2. C#中NPOI操做excel之讀取和寫入excel數據
- 3. 【解決方案】SQLite操做優化:從內存中讀取,寫入內存和本地
- 4. C/C++程序從文本文件中讀取(保存)數據
- 5. spark從hbase讀取寫入數據
- 6. ffmpeg 從內存中讀取數據(或將數據輸出到內存)
- 7. 從內存數據讀取osg::node
- 8. Flink 使用(一)——從kafka中讀取數據寫入到HBASE中
- 9. Android數據讀取 寫入操做(SD卡文件存儲、SharedPreferences存儲)
- 10. 讀取、寫入文件 、存儲數據
- 更多相關文章...
- • 物理地址(MAC地址)是什麼? - TCP/IP教程
- • PHP MySQL 讀取數據 - PHP教程
- • Flink 數據傳輸及反壓詳解
- • C# 中 foreach 遍歷的用法
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
歡迎關注本站公眾號,獲取更多信息
相關文章