简单的cs修改器
各个函数解析
这是我根据b站上面的视频使用ce初步修改,自己用vs2022用c语言实现的,完成了其中的部分功能
在自己的电脑上完美运行,不知道其他的怎么样
main()
int main()
{
int *base1 = (int*)0x2433240; //所有人的子弹基址
int *base2 = (int*)0x25069bc; //自己的子弹基址
int *bblood = (int*)0x204ba020; //血基址
int* bloodadd = (int*)0x1ff8a020;
int myp = 0x2040fbc8; //僵直
DWORD csid = 0;
csid = GetPid();
//printf("%d\n", csid);
int choice = 0;
int flag = 0; //flag用来存放是否修改(1修改,0恢复)
int yon; //是否继续修改
while (1)
{
printf("\n是否继续修改?(1|0)\n");
scanf("%d", &yon);
if (yon == 1)
{
}
else
{
printf("\n\n\n\n+++++++++++++++感谢使用++++++++++++++++\n\n\n\n");
return 0;
}
printf("1:所有人无限子弹\n\n2:自己无限子弹\n\n3:血量999999(开启此项功能后控制台无反应,关闭控制台效果结束)\n\n4:无限金币\n\n5:被击中不减速(无效果请刷新游戏)\n\n6:稳定的射击\n\n7:手枪连发\n\n");
printf("\n\n\n+++++++++++++++++++++++++++++++请输入想要达到效果前面的号码,格式:<效果> <1|0> +++++++++++++++++++++++++++++++\n");
scanf("%d", &choice);
scanf("%d", &flag);
if (choice == 1)
{
Bullet(flag, csid, base1);
}
else if (choice == 2)
{
Bullet(flag, csid, base2);
}
else if (choice == 3)
{
Blood(flag, csid, bloodadd);
}
else if (choice == 4)
{
Mymoney(flag, csid, base2);
}
else if (choice == 5)
{
Speed(flag,csid, base1, myp);
}
else if (choice == 6)
{
StableShooting(flag,csid, base2);
}
else if (choice == 7)
{
ShortGun(flag,csid);
}
else
{
printf("Input error");
}
}
return 0;
}
GetPid()
DWORD GetPid()
{
DWORD pid = 0;
HWND hcs = 0;
hcs = FindWindow(NULL, L"Counter-Strike"); //第一个参数是窗口的类型,vs的spy++可以查询,第二个参数是窗口的名称)
//printf("%d\n", hcs);
if (hcs != 0)
{
GetWindowThreadProcessId(hcs, &pid); //通过FindWindow返回的窗口的句柄来获取Pid
}
else
{
printf("please open cs\n");
return 0;
}
return pid;
}
无限子弹
这一块可以修改所有人的子弹数和自己的子弹数
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-n6WTRlpR-1665196226378)(C:\Users\春\AppData\Roaming\Typora\typora-user-images\image-20221008092341153.png)]](https://img-blog.csdnimg.cn/1e4cee40b8d24d8a9e863283246624ad.png)
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-tYeuA3pT-1665196226380)(C:\Users\春\AppData\Roaming\Typora\typora-user-images\image-20221008092356542.png)]](https://img-blog.csdnimg.cn/08b81ea0e3ae4705bbb5d1035b55648c.png)
样的
下面的代码是根据在ce中找到的多层偏移地址,通过ReadProcessMemory() 和 WriteProcessMemory() ,对存放子弹的内存空间修改,将子弹数设置为999
也可以通过修改汇编代码实现真正的子弹数不减少,但在内存中每把枪都有自己的空间,需要一个一个进行修改,创建一个专门的函数即可)
void Bullet(int flag,DWORD pid,int *base)
{
//int buadd = 0x2038151f;
//Patch(buadd, pid);
DWORD oldprotect;
HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
int base2 =0;
int base3 = 0;
int base4 = 0;
int base5 = 0;
int s1 = ReadProcessMemory(hPro, (LPCVOID)base, &base2, 4, NULL);
int t1 = GetLastError();
if (s1 == 0)
{
printf("ReadProcessMemory Error1\n");
}
int s2 = ReadProcessMemory(hPro, (LPCVOID)(base2+0x7c), &base3, 4, NULL);
int t2 = GetLastError();
if (s2 == 0)
{
printf("ReadProcessMemory Error2\n");
}
int s3 = ReadProcessMemory(hPro, (LPCVOID)(base3 +0x5ec), &base4, 4, NULL);
int t3 = GetLastError();
if (s3 == 0)
{
printf("ReadProcessMemory Error3\n");
}
int s4 = ReadProcessMemory(hPro, (LPCVOID)(base4 + 0xcc), &base5, 4, NULL);
int t4 = GetLastError();
if (s4 == 0)
{
printf("ReadProcessMemory Error4\n");
}
int address = base4+0xcc;
int nbullet = 999;
//DWORD NumberOfByteRead;
if (flag == 0)
{
nbullet = 30;
}
if (hPro == 0)
{
printf("false to get process PID\n");
return;
}
VirtualProtectEx(hPro, (LPVOID)address, 10, PAGE_READWRITE, &oldprotect);
int a = GetLastError();
int write = WriteProcessMemory(hPro, (LPVOID)address, &nbullet, 2, NULL);
if (write == 0)
{
printf("falied to WriteProcessMemory\n");
int b = GetLastError();
return ;
}
}
无限血
通过偏移地址的跟踪找到血量的内存地址并将该地址一直写入255
该方法的缺点是,只有关闭修改器才可以停止修改
int Blood(int flag,DWORD pid,int *base)
{
DWORD NumberOfByteRead;
DWORD oldprotect;
HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
int base2 = 0;
int base3 = 0;
float base4 = 0;
int s1 = ReadProcessMemory(hPro, (LPCVOID)base, &base2, 4, NULL);
int t1 = GetLastError();
if (s1 == 0)
{
printf("Blood ReadProcessMemory Error1\n");
}
int s2 = ReadProcessMemory(hPro, (LPCVOID)(base2+0x2eb0), &base3, 4, NULL); //偏移2e60
int t2 = GetLastError();
if (s2 == 0)
{
printf("Blood ReadProcessMemory Error2\n");
}
int s3 = ReadProcessMemory(hPro, (LPCVOID)(base3+0x160), &base4, 4, NULL);
int t3 = GetLastError();
if (s3 == 0)
{
printf("Blood ReadProcessMemory Error3\n");
}
int add = base3 + 0x160;
long time = 0;
int seconds;
VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
int a = GetLastError();
/*printf("how many time do you want to matain HP(minute): ");
scanf("%d", &seconds);
time = seconds * 1000;*/
float blood = 255;
while (1)
{
if (flag == 0)
{
blood = 100;
}
int write = WriteProcessMemory(hPro, (LPVOID)add, &blood, 4, NULL);
if (write == 0)
{
printf("falied to WriteProcessMemory Blood\n");
int b = GetLastError();
return 0;
if (seconds <= 0)
{
return 0;
}
}
}
//基址切换的情况
if (s1 == 0 || s2 == 0 || s3 == 0)
{
return 0;
}
else
{
return 1;
}
}
无限金币
打补丁修改汇编
void Mymoney(int flag,DWORD pid, int* base)
{
int madd = 0x2041365f;
int madd1 = 0x1fee365f;
//base = (int*)madd;
if (flag == 0)
{
int madd1 = madd + 0x4;
HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
int patch1 = 0x01cc8e89;
int patch2 = 0x0000;
VirtualProtectEx(hPro, (LPVOID)madd, 10, PAGE_READWRITE, tmp);
int write1 = WriteProcessMemory(hPro, (LPVOID)madd, &patch1, 4, NULL);
int write2 = WriteProcessMemory(hPro, (LPVOID)madd1, &patch2, 2, NULL);
printf("\nBingo\n");
}
else
{
Patch(madd, pid);
Patch(madd1, pid);
}
}
Patch()
用于修改填充六个字节NULL的补丁
void Patch(int add,DWORD pid)
{
int add2 = add + 0x4;
HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
int patch1 = 0x90909090;
int patch2 = 0x9090;
VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, tmp);
int write1 = WriteProcessMemory(hPro, (LPVOID)add, &patch1, 4, NULL);
int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &patch2, 2, NULL);
printf("\nBingo\n");
}
无僵直
void Speed(int flag,DWORD pid, int* base,int myp)
{
//DWORD NumberOfByteRead;
DWORD oldprotect;
HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
int base2 = 0;
int base3 = 0;
float base4 = 0;
int sbase = 0x25069bc,sbase1 = 0,sbase2 = 0; //判断是否改写了速度,通过这几个变量偏移读取speedadd
int add = myp;
int add2 = myp+0x4;
int add3 = add2 + 0x4;
int speed = 0x90909090;
int speed2 = 0x90909090;
int speed3 = 0x9090;
int sadd = 0; //速度的地址(变化)
if (flag == 0)
{
speed = 0x01b085c7;
speed2 = 0x00000000;
speed3 = 0x00003f00;
VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
}
else
{
VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
//步枪修复
int myp2 = myp - 0x53;
int sbyte = 0x51eb;
VirtualProtectEx(hPro, (LPVOID)myp2, 10, PAGE_READWRITE, &oldprotect);
int write4 = WriteProcessMemory(hPro, (LPVOID)myp2, &sbyte, 2, NULL);
}
//基址变化
myp = 0x1fd3fbc8;
add = myp;
add2 = myp + 0x4;
add3 = add2 + 0x4;
sadd = 0; //速度的地址(变化)
if (flag == 0)
{
speed = 0x01b085c7;
speed2 = 0x00000000;
speed3 = 0x00003f00;
VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
}
else
{
VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
//步枪修复
int myp2 = myp - 0x53;
int sbyte = 0x51eb;
VirtualProtectEx(hPro, (LPVOID)myp2, 10, PAGE_READWRITE, &oldprotect);
int write4 = WriteProcessMemory(hPro, (LPVOID)myp2, &sbyte, 2, NULL);
}
return ;
}
稳定射击
void StableShooting(int flag,DWORD pid, int* base)
{
HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
//后坐力地址
int mp5add = 0x2038a9b9; //mp5
int akadd = 0x20381479; //AK
int sgadd = 0x2038cad9; //sg552
int augadd = 0x20381e99; //aug
int m4add = 0x20389cb9; //m4a1
int tmpadd = 0x2038d8f9; ///tmp冲锋枪
int p90add = 0x2038b66e; //p90
int macadd = 0x2038a3b9; //mac冲锋枪
int m249add = 0x20388d39; //m249
//int eliteadd = 0x20383dce; //双枪
//int deagleadd = 0x20383740; //沙漠之鹰
//int p228add = 0x2038b090; //p228
//int uspadd = 0x2038e7e0; //usp
//int gloadd = 0x20386b55; //glock
if (flag == 0)
{
Depatch1(mp5add, pid);
Depatch1(akadd, pid);
Depatch1(sgadd, pid);
Depatch1(augadd, pid);
Depatch1(m4add, pid);
Depatch1(tmpadd, pid);
Depatch1(p90add, pid);
Depatch1(macadd, pid);
Depatch1(m249add, pid);
}
else
{
Patch(mp5add, pid);
Patch(akadd, pid);
Patch(sgadd, pid);
Patch(augadd, pid);
Patch(m4add, pid);
Patch(tmpadd, pid);
Patch(p90add, pid);
Patch(macadd, pid);
Patch(m249add, pid);
//Patch(eliteadd, pid);
//Patch(deagleadd, pid);
//Patch(p228add, pid);
//Patch(uspadd, pid);
//Patch(gloadd, pid);
printf(" ");
}
}
Depatch1
void Depatch1(int add, DWORD pid)
{
int add2 = add + 0x4;
HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
int patch1 = 0x0100ae89;
int patch2 = 0000;
VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, tmp);
int write1 = WriteProcessMemory(hPro, (LPVOID)add, &patch1, 4, NULL);
int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &patch2, 2, NULL);
printf("\nBingo\n");
}
上面代码中修改手枪的调用不仅会减少手枪的后坐力,还会让手枪连发
每个武器的后坐力都是单独的,这也可以自己写代码完成部分武器的修改
手枪连发
void ShortGun(int flag,DWORD pid)
{
int eliteadd = 0x20383dce; //双枪
int deagleadd = 0x20383740; //沙漠之鹰
int p228add = 0x2038b090; //p228
int uspadd = 0x2038e7e0; //usp
int gloadd = 0x20386b55; //glock
if (flag == 0)
{
Depatch(eliteadd, pid);
Depatch(deagleadd, pid);
Depatch(p228add, pid);
Depatch(uspadd, pid);
Depatch(gloadd, pid);
}
else
{
Patch(eliteadd, pid);
Patch(deagleadd, pid);
Patch(p228add, pid);
Patch(uspadd, pid);
Patch(gloadd, pid);
}
}
Depatch
void Depatch(int add, DWORD pid)
{
int add2 = add + 0x4;
HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
int patch1 = 0x01009689;
int patch2 = 0000;
VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, tmp);
int write1 = WriteProcessMemory(hPro, (LPVOID)add, &patch1, 4, NULL);
int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &patch2, 2, NULL);
printf("\nBingo\n");
}
源代码部分
// CS辅助.cpp : 此文件包含 "main" 函数。程序执行将在此处开始并结束。
//
#define _CRT_SECURE_NO_WARNINGS
#include <iostream>
#include <Windows.h>
PDWORD tmp;
void Patch(int add,DWORD pid)
{
int add2 = add + 0x4;
HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
int patch1 = 0x90909090;
int patch2 = 0x9090;
VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, tmp);
int write1 = WriteProcessMemory(hPro, (LPVOID)add, &patch1, 4, NULL);
int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &patch2, 2, NULL);
printf("\nBingo\n");
}
void Depatch(int add, DWORD pid)
{
int add2 = add + 0x4;
HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
int patch1 = 0x01009689;
int patch2 = 0000;
VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, tmp);
int write1 = WriteProcessMemory(hPro, (LPVOID)add, &patch1, 4, NULL);
int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &patch2, 2, NULL);
printf("\nBingo\n");
}
void Depatch1(int add, DWORD pid)
{
int add2 = add + 0x4;
HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
int patch1 = 0x0100ae89;
int patch2 = 0000;
VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, tmp);
int write1 = WriteProcessMemory(hPro, (LPVOID)add, &patch1, 4, NULL);
int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &patch2, 2, NULL);
printf("\nBingo\n");
}
DWORD GetPid()
{
DWORD pid = 0;
HWND hcs = 0;
hcs = FindWindow(NULL, L"Counter-Strike");
//printf("%d\n", hcs);
if (hcs != 0)
{
GetWindowThreadProcessId(hcs, &pid);
}
else
{
printf("please open cs\n");
return 0;
}
return pid;
}
void ShortGun(int flag,DWORD pid)
{
int eliteadd = 0x20383dce; //双枪
int deagleadd = 0x20383740; //沙漠之鹰
int p228add = 0x2038b090; //p228
int uspadd = 0x2038e7e0; //usp
int gloadd = 0x20386b55; //glock
if (flag == 0)
{
Depatch(eliteadd, pid);
Depatch(deagleadd, pid);
Depatch(p228add, pid);
Depatch(uspadd, pid);
Depatch(gloadd, pid);
}
else
{
Patch(eliteadd, pid);
Patch(deagleadd, pid);
Patch(p228add, pid);
Patch(uspadd, pid);
Patch(gloadd, pid);
}
}
void StableShooting(int flag,DWORD pid, int* base)
{
HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
//后坐力地址
int mp5add = 0x2038a9b9; //mp5
int akadd = 0x20381479; //AK
int sgadd = 0x2038cad9; //sg552
int augadd = 0x20381e99; //aug
int m4add = 0x20389cb9; //m4a1
int tmpadd = 0x2038d8f9; ///tmp冲锋枪
int p90add = 0x2038b66e; //p90
int macadd = 0x2038a3b9; //mac冲锋枪
int m249add = 0x20388d39; //m249
//int eliteadd = 0x20383dce; //双枪
//int deagleadd = 0x20383740; //沙漠之鹰
//int p228add = 0x2038b090; //p228
//int uspadd = 0x2038e7e0; //usp
//int gloadd = 0x20386b55; //glock
if (flag == 0)
{
Depatch1(mp5add, pid);
Depatch1(akadd, pid);
Depatch1(sgadd, pid);
Depatch1(augadd, pid);
Depatch1(m4add, pid);
Depatch1(tmpadd, pid);
Depatch1(p90add, pid);
Depatch1(macadd, pid);
Depatch1(m249add, pid);
}
else
{
Patch(mp5add, pid);
Patch(akadd, pid);
Patch(sgadd, pid);
Patch(augadd, pid);
Patch(m4add, pid);
Patch(tmpadd, pid);
Patch(p90add, pid);
Patch(macadd, pid);
Patch(m249add, pid);
//Patch(eliteadd, pid);
//Patch(deagleadd, pid);
//Patch(p228add, pid);
//Patch(uspadd, pid);
//Patch(gloadd, pid);
printf(" ");
}
}
void Speed(int flag,DWORD pid, int* base,int myp)
{
//DWORD NumberOfByteRead;
DWORD oldprotect;
HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
int base2 = 0;
int base3 = 0;
float base4 = 0;
int sbase = 0x25069bc,sbase1 = 0,sbase2 = 0; //判断是否改写了速度,通过这几个变量偏移读取speedadd
int add = myp;
int add2 = myp+0x4;
int add3 = add2 + 0x4;
int speed = 0x90909090;
int speed2 = 0x90909090;
int speed3 = 0x9090;
int sadd = 0; //速度的地址(变化)
if (flag == 0)
{
speed = 0x01b085c7;
speed2 = 0x00000000;
speed3 = 0x00003f00;
VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
}
else
{
VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
//步枪修复
int myp2 = myp - 0x53;
int sbyte = 0x51eb;
VirtualProtectEx(hPro, (LPVOID)myp2, 10, PAGE_READWRITE, &oldprotect);
int write4 = WriteProcessMemory(hPro, (LPVOID)myp2, &sbyte, 2, NULL);
}
//基址变化
myp = 0x1fd3fbc8;
add = myp;
add2 = myp + 0x4;
add3 = add2 + 0x4;
sadd = 0; //速度的地址(变化)
if (flag == 0)
{
speed = 0x01b085c7;
speed2 = 0x00000000;
speed3 = 0x00003f00;
VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
}
else
{
VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
int write1 = WriteProcessMemory(hPro, (LPVOID)add, &speed, 4, NULL);
int write2 = WriteProcessMemory(hPro, (LPVOID)add2, &speed2, 4, NULL);
int write3 = WriteProcessMemory(hPro, (LPVOID)add3, &speed3, 2, NULL);
//步枪修复
int myp2 = myp - 0x53;
int sbyte = 0x51eb;
VirtualProtectEx(hPro, (LPVOID)myp2, 10, PAGE_READWRITE, &oldprotect);
int write4 = WriteProcessMemory(hPro, (LPVOID)myp2, &sbyte, 2, NULL);
}
return ;
}
int Blood(int flag,DWORD pid,int *base)
{
//DWORD NumberOfByteRead;
DWORD oldprotect;
HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
int base2 = 0;
int base3 = 0;
float base4 = 0;
int s1 = ReadProcessMemory(hPro, (LPCVOID)base, &base2, 4, NULL);
int t1 = GetLastError();
if (s1 == 0)
{
printf("Blood ReadProcessMemory Error1\n");
}
int s2 = ReadProcessMemory(hPro, (LPCVOID)(base2+0x2eb0), &base3, 4, NULL); //偏移2e60
int t2 = GetLastError();
if (s2 == 0)
{
printf("Blood ReadProcessMemory Error2\n");
}
int s3 = ReadProcessMemory(hPro, (LPCVOID)(base3+0x160), &base4, 4, NULL);
int t3 = GetLastError();
if (s3 == 0)
{
printf("Blood ReadProcessMemory Error3\n");
}
int add = base3 + 0x160;
long time = 0;
int seconds;
VirtualProtectEx(hPro, (LPVOID)add, 10, PAGE_READWRITE, &oldprotect);
int a = GetLastError();
/*printf("how many time do you want to matain HP(minute): ");
scanf("%d", &seconds);
time = seconds * 1000;*/
float blood = 255;
if (flag == 0)
{
blood = 100;
WriteProcessMemory(hPro, (LPVOID)add, &blood, 2, NULL);
goto L1;
}
while (1)
{
int write = WriteProcessMemory(hPro, (LPVOID)add, &blood, 4, NULL);
if (write == 0)
{
printf("falied to WriteProcessMemory Blood\n");
int b = GetLastError();
return 0;
if (seconds <= 0)
{
return 0;
}
}
}
L1:
//基址切换的情况
if (s1 == 0 || s2 == 0 || s3 == 0)
{
return 0;
}
else
{
return 1;
}
}
void Mymoney(int flag,DWORD pid, int* base)
{
int madd = 0x2041365f;
int madd1 = 0x1fee365f;
//base = (int*)madd;
if (flag == 0)
{
int madd1 = madd + 0x4;
HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
int patch1 = 0x01cc8e89;
int patch2 = 0x0000;
VirtualProtectEx(hPro, (LPVOID)madd, 10, PAGE_READWRITE, tmp);
int write1 = WriteProcessMemory(hPro, (LPVOID)madd, &patch1, 4, NULL);
int write2 = WriteProcessMemory(hPro, (LPVOID)madd1, &patch2, 2, NULL);
printf("\nBingo\n");
}
else
{
Patch(madd, pid);
Patch(madd1, pid);
}
//HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
//int base2 = 0;
//int base3 = 0;
//int base4 = 0;
//int s1 = ReadProcessMemory(hPro, (LPCVOID)base, &base2, 4, NULL);
//int t1 = GetLastError();
//if (s1 == 0)
//{
// printf("Money ReadProcessMemory Error1\n");
//}
//int s2 = ReadProcessMemory(hPro, (LPCVOID)(base2+0x7c), &base3, 4, NULL);
//int t2 = GetLastError();
//if (s2 == 0)
//{
// printf("Money ReadProcessMemory Error2\n");
//}
//int s3 = ReadProcessMemory(hPro, (LPCVOID)(base3 + 0x1cc), &base4, 4, NULL);
//int t3 = GetLastError();
//if (s3 == 0)
//{
// printf("Money ReadProcessMemory Error2\n");
//}
//int address = base3 + 0x1cc;
//int mymoney =0;
//int money = 16000;
//VirtualProtectEx(hPro, (LPVOID)address, 10, PAGE_READWRITE, NULL);
//int a = GetLastError();
//while (mymoney != 16000)
//{
// int write = WriteProcessMemory(hPro, (LPVOID)address, &money, 4, NULL);
// if (write == 0)
// {
// printf("falied to WriteProcessMemory Money\n");
// int b = GetLastError();
// return;
// }
//}
}
void Bullet(int flag,DWORD pid,int *base)
{
//int buadd = 0x2038151f;
//Patch(buadd, pid);
DWORD oldprotect;
HANDLE hPro = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
int base2 =0;
int base3 = 0;
int base4 = 0;
int base5 = 0;
int s1 = ReadProcessMemory(hPro, (LPCVOID)base, &base2, 4, NULL);
int t1 = GetLastError();
if (s1 == 0)
{
printf("ReadProcessMemory Error1\n");
}
int s2 = ReadProcessMemory(hPro, (LPCVOID)(base2+0x7c), &base3, 4, NULL);
int t2 = GetLastError();
if (s2 == 0)
{
printf("ReadProcessMemory Error2\n");
}
int s3 = ReadProcessMemory(hPro, (LPCVOID)(base3 +0x5ec), &base4, 4, NULL);
int t3 = GetLastError();
if (s3 == 0)
{
printf("ReadProcessMemory Error3\n");
}
int s4 = ReadProcessMemory(hPro, (LPCVOID)(base4 + 0xcc), &base5, 4, NULL);
int t4 = GetLastError();
if (s4 == 0)
{
printf("ReadProcessMemory Error4\n");
}
int address = base4+0xcc;
int nbullet = 999;
//DWORD NumberOfByteRead;
if (flag == 0)
{
nbullet = 30;
}
if (hPro == 0)
{
printf("false to get process PID\n");
return;
}
VirtualProtectEx(hPro, (LPVOID)address, 10, PAGE_READWRITE, &oldprotect);
int a = GetLastError();
int write = WriteProcessMemory(hPro, (LPVOID)address, &nbullet, 2, NULL);
if (write == 0)
{
printf("falied to WriteProcessMemory\n");
int b = GetLastError();
return ;
}
}
int main()
{
int *base1 = (int*)0x2433240; //所有人的子弹基址
int *base2 = (int*)0x25069bc; //自己的子弹基址
int *bblood = (int*)0x204ba020; //血基址
int* bloodadd = (int*)0x1ff8a020;
int myp = 0x2040fbc8; //僵直
DWORD csid = 0;
csid = GetPid();
//printf("%d\n", csid);
int choice = 0;
int flag = 0;
int yon; //是否继续修改
while (1)
{
printf("\n是否继续修改?(1|0)\n");
scanf_s("%d", &yon);
if (yon == 1)
{
}
else
{
printf("\n\n\n\n+++++++++++++++感谢使用++++++++++++++++\n\n\n\n");
return 0;
}
printf("1:所有人无限子弹\n\n2:自己无限子弹\n\n3:血量999999(开启此项功能后控制台无反应,关闭控制台效果结束)\n\n4:无限金币\n\n5:被击中不减速(无效果请刷新游戏)\n\n6:稳定的射击\n\n7:手枪连发\n\n");
printf("\n\n\n+++++++++++++++++++++++++++++++请输入想要达到效果前面的号码,格式:<效果> <1|0> +++++++++++++++++++++++++++++++\n");
scanf_s("%d", &choice);
scanf_s("%d", &flag);
if (choice == 1)
{
Bullet(flag, csid, base1);
}
else if (choice == 2)
{
Bullet(flag, csid, base2);
}
else if (choice == 3)
{
int sign = Blood(flag, csid, bblood);
if (flag == 0)
{
Blood(flag, csid, bloodadd);
}
}
else if (choice == 4)
{
Mymoney(flag, csid, base2);
}
else if (choice == 5)
{
Speed(flag,csid, base1, myp);
}
else if (choice == 6)
{
StableShooting(flag,csid, base2);
}
else if (choice == 7)
{
ShortGun(flag,csid);
}
else
{
printf("Input error");
}
}
return 0;
}
