Hello everyone, I am, I first sent articles here, so happy that my technology is limited, don't joke, if there is a mistake, please tell me.
Just now, I played a few crazy tanks, lost a few discs, I feel bored to do this, I beg you to talk about how to get dynamic data in the game, to get a crazy tank, Tank X coordinate as an example --- -------------------------------------------------- ------------------------- Tools: Softice Dynamic Debugger, Game Modifying Tools (Jinshan Ranger), Continued (W32DASM), HEX Workshop - -------------------------------------------------- -------------------------- First, find the memory of the tank X coordinate with Jinshan Ranger search, the method is as follows (I don't say the use of Jinshan Ranger ) Some of the tanks to the left, search for "decrease"; tank move to right, search "increase" repeated search will find an address (of course other games may not only), here is 08BFAACC Note: Dynamic memory Assignment is next time you search again, the address will no longer be 08BFAACC
Second, find that code to modify this data (X coordinate) Load Softice to call up Softice in the game status Ctrl D, enter bpm 08bfaacc W, here W Representative If this address is written to go back to the game, mobile tank, left To move, the program is interrupted, and the Softice point to the above sentence is 004640B3 MOV DWORD PTR [ESI 000001A4], EAX this sentence is the code to modify the coordinate of the tank, of course, the right shift can also find a sentence, here is not repeated
Third, the modification procedure makes dynamic data into static here, the modification process includes two types, one is a direct modification, one is the program (memory patch) in the memory, here I am lazy, so I used it. The first modification: The crazy tank program exists in fortress2.dat, if you can run this file as an Exe file, we will modify him into Fortress2.exe to open the W32DASM disassembly, Shift F12 jumps to 004046B3, you see these lines 004046B3 8986A4010000 MOV DWORD PTR [ESI 000001A4], EAX 004046B9 8B8644020000 MOV EAX, DWORD PTR [ESI 00000244] 004046BF C744241001000000 MOV [ESP 10], 00000001 004046B3 we have just said is a modification of the X coordinate That statement, now we want him to save the X coordinate to a fixed address every time you modify the program. Now let it run here for JMP to a place where our own code is, so we found in the end of the program. A blank area 00465A52, then I modified 004046BF for code JMP 00465A52, machine code is E98E130600, because the length of this sentence is not enough, so we have to join several NOP, machine code is 90, so we open HEX Workshop modification Program, Ctrl G jumped to the place to 000046BF, saw C744241001000000, we modified it to E98E130600909090, now the program will run to 00465A52 to run our code. Fourth, realize our own code, then jump back to our code to do it to turn dynamically into static, Push Eax Mov Eax, [ESI 000001A4] MOV [00470000], EAX POP EAX JMP 004046C7 This value does not work Second, as long as you move (of course, right shifts should be modified) can find X coordinate at 00470000, this machine code is 50 8b86a4010000 A300004700 58 E95BECF9FF forgot to say that we just replace 004046BF [ESP 10] 100001 must also be added, so open HEX Workshop, Ctrl G jump to 00465A52, modified Join C74424100000000 50 8B86A4010000 A300004700 58 E95BECF9FF This dynamic data becomes static
-------------------------------------------------- ----------------------------
Now reviewing the first search coordinate address to find the code modification code that changed this address, let him jump into his code, run in the blank section of the program, and of course, it is necessary to replace it, and modify the register , Must first push, then the work below is to write a program to read this address, I wrote one with VC, and post the key code in the way ---------------------------------------------------------------------- -------------------------------------------------- ------------
CProcess m_process; bool m_ret = m_process.FindProcess ( "FortressII"); if (m_ret) {BYTE tank1xL = m_process.ReadByte (0x00470000); BYTE tank1xR = m_process.ReadByte (0x00470001); WORD tank1x = tank1xL tank1xR * 256; temp = TANK1X; str.format ("% D", TEMP); m_tank1x = str; Updatedata (false);} else returnaf;
-------------------------------------------------- ---------------------------
CPRocess is a game modification class I have written, the following is some of the function code:
Handle Cprocess :: OpenProcess (char * p_classname, char * p_windowtitle) {hwnd hwindow; dword pid;
Hwindow = findwindow (p_classname, p_windowtitle); if (hwindow) {getWindowThreadProcessId (Hwindow, & PID); Return :: OpenProcess (Process_All_Access, false, pid);} return null;}
bool CProcess :: FindProcess (char * p_WindowTitle) {if (m_hProcess == NULL) {m_hProcess = this-> OpenProcess (NULL, p_WindowTitle); if (m_hProcess) m_bGameRunning = true; return m_bGameRunning;} elsereturn false;}
BYTE CPROCESS :: ReadByte (DWORD P_ADDRESS) {DWORD BYTES; BYTE TMPVALUE
IF (M_BGAMERUNNING) {IF (ReadProcessMemory (M_HPRocess, (Void *) p_address, (void *) & tmpValue, 1, & Bytes) == 0) Return 0; Elsereturn TMPVALUE;} return 0;}
-------------------------------------------------- --------------------------- Here's the entire article is completed, the following is a screenshot of my program
http://www.goodassister.com/images/fortress.jpg
Thank you, good luck
