本帖最后由 Eorton 于 2020-3-15 17:36 编辑
这两天有空,就写个文章互相交流吧,嗯......还是写植物大战僵尸的吧,杠精们别喷我,我只是一个小白。
先引用本人所写的上一篇帖子:
准备:
- 软件:植物大战僵尸中文版
- 工具:CheatEngine 、Python3.8、PIP、Pywin32、Pycharm等
- 目标:实现植物大战僵尸随意修改阳光,修改金币,修改无冷却,修改小蜗牛巧克力、修改杀虫剂、修改智慧树化肥、修改普通化肥等
开始:
- 关于CE部分,本人不展开详细找地址,直接放出汇编地址:
[Asm] 纯文本查看 复制代码
冷却偏移:
第1格:[[[6A9EC0]+768]+144]+70 
第2格:[[[6A9EC0]+768]+144]+C0 
第3格:[[[6A9EC0]+768]+144]+110 
第4格:[[[6A9EC0]+768]+144]+160 
第5格:[[[6A9EC0]+768]+144]+1B0 
第6格:[[[6A9EC0]+768]+144]+200 
第7格:[[[6A9EC0]+768]+144]+250 
第8格:[[[6A9EC0]+768]+144]+2A0 
第9格:[[[6A9EC0]+768]+144]+2F0 
第10格:[[[6A9EC0]+768]+144]+340
[Asm] 纯文本查看 复制代码
[*]阳光:[[6a9ec0]+768]+5560
[*]金币:[[6a9ec0]+82C]+28
[*]普通肥料:[[6a9f78]+82C]+1f8
[*]智慧树化肥:[[6aa00c]+82C]+230
[*]蜗牛巧克力:[[6aa00c]+82C]+228
[*]杀虫剂:[[6a9f38]+82C]+1fc
[*]
- Python3.8 一定要安装pywin32,安装命令 :pip install pywin32
如图:
安装pywin32
- 安装完毕即可开工:
打开Pycharm:- 导入Python库:
[Python] 纯文本查看 复制代码 import win32gui
import win32process
import win32api
import ctypes
import time - 阳光修改代码:
[Python] 纯文本查看 复制代码 def change_sun(Phand, sun_num):
sun_date = ctypes.c_long()
kernel32.ReadProcessMemory(int(Phand), 0x6A9EC0, ctypes.byref(sun_date), 4, None)
kernel32.ReadProcessMemory(int(Phand), sun_date.value + 0x768, ctypes.byref(sun_date), 4, None)
new_sun_date = ctypes.c_long(sun_num)
kernel32.WriteProcessMemory(int(Phand), sun_date.value + 0x5560, ctypes.byref(new_sun_date), 4, None)
- 金钱修改代码:
[Python] 纯文本查看 复制代码 def change_money(Phand, money):
money_date = ctypes.c_long()
kernel32.ReadProcessMemory(int(Phand), 0x6A9EC0, ctypes.byref(money_date), 4, None)
kernel32.ReadProcessMemory(int(Phand), money_date.value + 0x82C, ctypes.byref(money_date), 4, None)
new_money_date = ctypes.c_long(money)
kernel32.WriteProcessMemory(int(Phand), money_date.value + 0x28, ctypes.byref(new_money_date), 4, None)
- 冷却时间修改代码:
[Python] 纯文本查看 复制代码 def change_cooling(Phand, cooling):
while 1000:
time.sleep(1)
cooling_data = ctypes.c_long()
kernel32.ReadProcessMemory(int(Phand), 0x6A9EC0, ctypes.byref(cooling_data), 4, None)
kernel32.ReadProcessMemory(int(Phand), cooling_data.value + 0x768, ctypes.byref(cooling_data), 4, None)
kernel32.ReadProcessMemory(int(Phand), cooling_data.value + 0x144, ctypes.byref(cooling_data), 4, None)
# kernel32.ReadProcessMemory(int(Phand),cooling_data.value,ctypes.byref(cooling_data),4,None)
new_cooling_date = ctypes.c_long(cooling)
kernel32.WriteProcessMemory(int(Phand), cooling_data.value + 0x70, ctypes.byref(new_cooling_date), 4, None)
kernel32.WriteProcessMemory(int(Phand), cooling_data.value + 0xC0, ctypes.byref(new_cooling_date), 4, None)
kernel32.WriteProcessMemory(int(Phand), cooling_data.value + 0x110, ctypes.byref(new_cooling_date), 4, None)
kernel32.WriteProcessMemory(int(Phand), cooling_data.value + 0x160, ctypes.byref(new_cooling_date), 4, None)
kernel32.WriteProcessMemory(int(Phand), cooling_data.value + 0x1B0, ctypes.byref(new_cooling_date), 4, None)
kernel32.WriteProcessMemory(int(Phand), cooling_data.value + 0x200, ctypes.byref(new_cooling_date), 4, None)
kernel32.WriteProcessMemory(int(Phand), cooling_data.value + 0x250, ctypes.byref(new_cooling_date), 4, None)
kernel32.WriteProcessMemory(int(Phand), cooling_data.value + 0x2A0, ctypes.byref(new_cooling_date), 4, None)
kernel32.WriteProcessMemory(int(Phand), cooling_data.value + 0x2F0, ctypes.byref(new_cooling_date), 4, None)
kernel32.WriteProcessMemory(int(Phand), cooling_data.value + 0x340, ctypes.byref(new_cooling_date), 4, None)
- 小蜗牛巧克力修改代码:
[Python] 纯文本查看 复制代码 def change_chotolate(Phand, chotolate):
chotolate_data = ctypes.c_long()
kernel32.ReadProcessMemory(int(Phand), 0x6A9F38, ctypes.byref(chotolate_data), 4, None)
kernel32.ReadProcessMemory(int(Phand), chotolate_data.value + 0x82C, ctypes.byref(chotolate_data), 4, None)
new_chotolate_date = ctypes.c_long(1000 + chotolate)
kernel32.WriteProcessMemory(int(Phand), chotolate_data.value + 0x228, ctypes.byref(new_chotolate_date), 4, None)
- 智慧树肥料修改代码:
[Python] 纯文本查看 复制代码 def change_tree(Phand, tree):
tree_data = ctypes.c_long()
kernel32.ReadProcessMemory(int(Phand), 0x6AA00C, ctypes.byref(tree_data), 4, None)
kernel32.ReadProcessMemory(int(Phand), tree_data.value + 0x82C, ctypes.byref(tree_data), 4, None)
new_tree_date = ctypes.c_long(1000 + tree)
kernel32.WriteProcessMemory(int(Phand), tree_data.value + 0x230, ctypes.byref(new_tree_date), 4, None)
- 普通化肥修改代码:
[Python] 纯文本查看 复制代码 def change_fertilizer(Phand,fertilizer):
fertilizer_data = ctypes.c_long()
kernel32.ReadProcessMemory(int(Phand), 0x6A9F78, ctypes.byref(fertilizer_data), 4, None)
kernel32.ReadProcessMemory(int(Phand), fertilizer_data.value + 0x82C, ctypes.byref(fertilizer_data), 4, None)
new_fertilizer_date = ctypes.c_long(1000 + fertilizer)
kernel32.WriteProcessMemory(int(Phand), fertilizer_data.value + 0x1F8, ctypes.byref(new_fertilizer_date), 4, None)
- 杀虫剂修改代码:
[Python] 纯文本查看 复制代码 def change_insecticide(Phand,insecticide):
insecticide_data = ctypes.c_long()
kernel32.ReadProcessMemory(int(Phand), 0x6A9F38, ctypes.byref(insecticide_data), 4, None)
kernel32.ReadProcessMemory(int(Phand), insecticide_data.value + 0x82C, ctypes.byref(insecticide_data), 4, None)
new_insecticide_data = ctypes.c_long(1000 + insecticide)
kernel32.WriteProcessMemory(int(Phand), insecticide_data.value + 0x1FC, ctypes.byref(new_insecticide_data), 4, None)
- 主线程代码:
[Python] 纯文本查看 复制代码 def change():
# 调用修改函数
number_change = input("请输入序号")
if number_change == "1":
change_sun(Phand, int(input("请输入所需要的阳光:")))
elif number_change == "2":
change_sun(Phand, int(input("请输入所需要的阳光:")))
elif number_change == "3":
change_money(Phand,int(input("请输入所需要的金币:")))
elif number_change == "4":
change_chotolate(Phand, int(input("请输入所需要的蜗牛巧克力:")))
elif number_change == "5":
change_tree(Phand, int(input("请输入所需要的智慧树肥料:")))
elif number_change == "6":
change_fertilizer(Phand,int(input("请输入所需要的普通肥料:")))
elif number_change == "7":
change_insecticide(Phand,int(input("请输入所需要的杀虫剂:")))
elif number_change == "8":
change_cooling(Phand,1) #冷却时间
return change()
- 全局变量:
[Python] 纯文本查看 复制代码
if __name__ == '__main__':
# 调用动态链接库
kernel32 = ctypes.windll.LoadLibrary('kernel32.dll')
# 调用最高权限执行
PROCESS_ALL_ACCESS = (0x000F0000 | 0x00100000 | 0xFFF)
# 获取窗口句柄
windos_handle = win32gui.FindWindow(None, "植物大战僵尸中文版")
# 获取进程PID
read, pid = win32process.GetWindowThreadProcessId(windos_handle)
# 获取进程句柄
Phand = win32api.OpenProcess(PROCESS_ALL_ACCESS, False, pid)
# 调用修改函数
change()
代码分析:此代码类似C写法,也是调用win32API来做偏移读写,所以,ctypes 在C语言和Python用法对比如下:
结果:
在Pycharm写完后,我们来验证一下结果:
注:结果按现截图电脑时间修改,无可作假,可看电脑时间!
- 阳光:
- 金币:
- 智慧树肥料 :
- 普通化肥,蜗牛巧克力,杀虫剂:
OK修改成功!希望各位大佬别喷!顺手刷一下小评分呗,谢谢!
|