CE找《植物大战僵尸》年度版阳光基址+Delphi制作阳光锁定器

二级偏移的查找是个难点，对《植物大战僵尸》年度版二级偏移的查找，是个不错的思路，或许能广泛应用的其他游戏上。

几个要点，总结一下：

1、根据阳光数找到的第一个地址：1CDEB6F8，绝大多数人都不会有什么问题。操作要点是：接着要对其进行“找出是什么访问了这个地址”的操作。

2、然后会看到红色的[edx+00005578]的提示，和“要查找的地址指针的值可能是 1CDE6180”，这里也没什么问题。

3、需要对地址1CDE6180进行查找，查找的结果处理是个难点。要点是，多点几次“再次扫描”，直到你看到左边栏里的地址，基本上不会有改变。

4、把第一个地址添加到列表：即017D8998，然后要对其进行“找出是什么改写了这个地址”的操作。这是个难点，一开始看不到什么提示。但是当你重新开始本局游戏后，你会发现里面有东西了：[edi+00000868]的提示，还有“要查找的地址指针的值可能是 017DB130”，离胜利不远了。

5、需要对地址017DB130进行查找，居然有2000多结果，但是不用担心，因为你多搜几次就会看到绿色的基址：007794F8出现了。

基址和偏移都找到了即[[[007794F8]+868]+5578]中存储的是阳光的值，[[007794F8]+868]+5578存储的是阳光的地址，这里值和地址不要搞混了，因为下一步Delphi编程中是读出阳光的值，写入阳光的地址，这也是个要点。

  1 
  2 
  3  unit MainFrm;
  4 
  5  interface
  6 
  7  uses
  8   Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  9   Dialogs, ExtCtrls, StdCtrls;
 10 
 11 type
 12   TForm1 = class(TForm)
 13     grp1: TGroupBox;
 14     edtPTitle: TEdit;
 15     edtProcessID: TEdit;
 16     lbl1: TLabel;
 17     lbl3: TLabel;
 18     grp2: TGroupBox;
 19     edtOffset2: TEdit;
 20     edtOffset1: TEdit;
 21     edtBase: TEdit;
 22     lbl4: TLabel;
 23     lbl5: TLabel;
 24     lbl6: TLabel;
 25     grp3: TGroupBox;
 26     btnGetProcess: TButton;
 27     btn2: TButton;
 28     btn3: TButton;
 29     edtValue: TEdit;
 30     lbl7: TLabel;
 31     chk1: TCheckBox;
 32     tmr1: TTimer;
 33     procedure btnGetProcessClick(Sender: TObject);
 34     procedure btn2Click(Sender: TObject);
 35     procedure btn3Click(Sender: TObject);
 36     procedure tmr1Timer(Sender: TObject);
 37   private
 38     { Private declarations }
 39   public
 40     { Public declarations }
 41   end;
 42 
 43 var
 44   Form1: TForm1;
 45 
 46 implementation
 47 
 48 {$R *.dfm}
 49 
 50 procedure TForm1.btn2Click(Sender: TObject);
 51 var
 52 Sunny:integer;
 53 nbRead:Cardinal;
 54 h:THandle;
 55 Address:integer;
 56 begin
 57   if not (edtBase.Text='') and
 58      not(edtOffset1.Text='') and
 59      not(edtOffset2.Text='') and
 60      not(edtProcessID.Text='0') then
 61      begin
 62        h:=openProcess(PROCESS_ALL_ACCESS,false,StrToInt(edtProcessID.Text));
 63        Address:=strtoint('$'+edtBase.Text);
 64        ReadProcessMemory(h,Pointer(Address),@Sunny,4,nbRead);
 65 
 66        Address:=Dword(Sunny+strtoint('$'+edtoffset1.Text));
 67        ReadProcessMemory(h,Pointer(Address),@Sunny,4,nbRead);
 68 
 69        Address:=Dword(Sunny+strtoint('$'+edtoffset2.Text));
 70        ReadProcessMemory(h,Pointer(Address),@Sunny,4,nbRead);
 71        edtValue.Text:=IntToStr(Sunny);
 72      end;
 73 end;
 74 
 75 procedure TForm1.btn3Click(Sender: TObject);
 76 var
 77   Sunny,NewSunny,Address:integer;
 78   nbRead:Cardinal;
 79   h:THandle;
 80 begin
 81   NewSunny:=strtoint(edtValue.Text);//读取要写入的阳光值
 82   try
 83     h:=openProcess(PROCESS_ALL_ACCESS,False,Cardinal(StrToInt(edtProcessID.Text)));//打开游戏进程
 84 
 85     Address:=strtoint('$'+edtBase.Text);
 86     ReadProcessMemory(h,Pointer(Address),@Sunny,4,nbRead);//读基址
 87 
 88     Address:=Sunny+strtoint('$'+edtoffset1.Text);
 89     ReadProcessMemory(h,Pointer(Address),@Sunny,4,nbRead);//读一级偏移
 90 
 91     Address:=Sunny+strtoint('$'+edtoffset2.Text); //计算阳光的地址
 92 
 93     WriteProcessMemory(h,Pointer(Address),@NewSunny,4,nbRead); //写入新阳光值
 94   finally
 95     CloseHandle(h);//事后要关闭游戏进程句柄
 96   end;
 97 
 98 end;
 99 
100 procedure TForm1.btnGetProcessClick(Sender: TObject);
101 var
102 PID: Cardinal;
103 handle:THandle;
104 begin
105   if not (edtPTitle.Text='') then
106   begin
107     handle:=FindWindow(nil,PWideChar(edtPTitle.Text));//获取游戏句柄
108     GetWindowThreadProcessId(handle,@PID);//学习@pid的这种用法 获取PID
109     edtProcessID.Text:=IntToStr(PID);
110   end;
111 end;
112 
113 procedure TForm1.tmr1Timer(Sender: TObject);
114 begin
115   if not (edtValue.Text='') and chk1.Checked then
116   btn3Click(Sender);
117 end;
118 
119 end.
120  
121 
122

TForm代码

  1 object Form1: TForm1  2   Left = 0  3   Top = 0  4   Caption = #25351#23450#31243#24207#20869#23384#20462#25913#27979#35797  5   ClientHeight = 273  6   ClientWidth = 477  7   Color = clBtnFace  8   Font.Charset = DEFAULT_CHARSET  9   Font.Color = clWindowText 10   Font.Height = -11 11   Font.Name = 'Tahoma' 12   Font.Style = [] 13   OldCreateOrder = False 14   PixelsPerInch = 96 15   TextHeight = 13 16   object grp1: TGroupBox 17     Left = 16 18     Top = 8 19     Width = 449 20     Height = 104 21     Caption = #24453#20462#25913#31243#24207#20449#24687#65306 22     TabOrder = 0 23     object lbl1: TLabel 24       Left = 16 25       Top = 32 26       Width = 84 27       Height = 13 28       Caption = #31243#24207#31383#21475#26631#39064#65306 29     end 30     object lbl3: TLabel 31       Left = 16 32       Top = 64 33       Width = 71 34       Height = 13 35       Caption = #31243#24207#36827#31243'ID'#65306 36     end 37     object edtPTitle: TEdit 38       Left = 106 39       Top = 29 40       Width = 97 41       Height = 21 42       TabOrder = 0 43       Text = 'Plants vs. Zombies 1.2.0.1073 RELEASE' 44     end 45     object edtProcessID: TEdit 46       Left = 106 47       Top = 61 48       Width = 97 49       Height = 21 50       ReadOnly = True 51       TabOrder = 1 52     end 53     object btnGetProcess: TButton 54       Left = 222 55       Top = 27 56       Width = 75 57       Height = 25 58       Caption = #33719#21462 59       TabOrder = 2 60       OnClick = btnGetProcessClick 61     end 62   end 63   object grp2: TGroupBox 64     Left = 16 65     Top = 128 66     Width = 449 67     Height = 57 68     Caption = #22320#22336#20449#24687 69     TabOrder = 1 70     object lbl4: TLabel 71       Left = 16 72       Top = 25 73       Width = 36 74       Height = 13 75       Caption = #22522#22336#65306 76     end 77     object lbl5: TLabel 78       Left = 175 79       Top = 25 80       Width = 60 81       Height = 13 82       Caption = #19968#32423#20559#31227#65306 83     end 84     object lbl6: TLabel 85       Left = 303 86       Top = 25 87       Width = 60 88       Height = 13 89       Caption = #20108#32423#20559#31227#65306 90     end 91     object edtOffset2: TEdit 92       Left = 369 93       Top = 22 94       Width = 56 95       Height = 21 96       NumbersOnly = True 97       TabOrder = 0 98       Text = '5578' 99     end100     object edtOffset1: TEdit101       Left = 241102       Top = 22103       Width = 56104       Height = 21105       NumbersOnly = True106       TabOrder = 1107       Text = '868'108     end109     object edtBase: TEdit110       Left = 55111       Top = 22112       Width = 114113       Height = 21114       NumbersOnly = True115       TabOrder = 2116       Text = '007794F8'117     end118   end119   object grp3: TGroupBox120     Left = 16121     Top = 191122     Width = 449123     Height = 74124     Caption = #20462#25913#25805#20316125     TabOrder = 2126     object lbl7: TLabel127       Left = 106128       Top = 32129       Width = 24130       Height = 13131       Caption = #20540#65306132     end133     object btn2: TButton134       Left = 16135       Top = 27136       Width = 75137       Height = 25138       Caption = #35835#21462139       TabOrder = 0140       OnClick = btn2Click141     end142     object btn3: TButton143       Left = 233144       Top = 27145       Width = 75146       Height = 25147       Caption = #20889#20837148       TabOrder = 1149       OnClick = btn3Click150     end151     object edtValue: TEdit152       Left = 136153       Top = 29154       Width = 81155       Height = 21156       TabOrder = 2157     end158     object chk1: TCheckBox159       Left = 328160       Top = 31161       Width = 97162       Height = 17163       Caption = #38145#23450164       TabOrder = 3165     end166   end167   object tmr1: TTimer168     OnTimer = tmr1Timer169     Left = 368170     Top = 56171   end172 end
 
  