It has been hanging up in the game very early. In the past few years, people called "game modifiers" for memory control. But we have to admit "game modifiers" is also one of the game plug-in. Nowadays, many games are stored in memory cells, then we only need to modify the specific memory value to modify the properties in the game, and many online games are not outside. Once upon a time, some online games can also be modified by memory. Later, after these games change a single memory address into multi-memory address check, increase the modification, but still can be cracked by memory analyzers. . Software such as "FPE" provides a certain memory analysis function. "FPE" is based on the leader in memory, and is a household name game modification software. Many similar software are imitating "FPE" to get the player's recognition. The techniques of "FPE" are not open now, many people can only achieve similar plug-in by guessing the implementation of "FPE". The author has also imitated "FPE" to achieve corresponding functions, such as "Memory Modification", "Memory Query" and other technologies. This technology will be analyzed later. Since you have to do memory plug-in, you must have aware of Windows's memory mechanism. Computer's memory (RAM) is always insufficient. In the operating system, there is a physical memory and virtual memory score, because the program created in the physical memory is changed, so when it gets the game properties, do not Ability to access physical memory addresses directly. In V86 mode, the segment register use is the same as the real mode, then the linear address can be obtained by adding 4 digits by the value of the segment register to obtain the address offset, and the program is created in the linear address in the middle address 4MB-2GB A address, the properties in the game are placed here. In Windows, the virtual memory block is called page, and each page is 4KB, when reading the game properties when accessing the memory, it is best to access a page in order to do not destroy the data integrity. When operating the process memory, no need to use the assembly language, and the API of the access process memory space is provided in Windows, and the process memory can be operated directly. However, beginners generally can't grasp this technology. In order to make the beginners can operate in memory, the memory-based plug-in, the author has encapsulated some memory operations and some memory operation logic, and the control is provided to the initial scholar. The control is called: MPMEMCTL. Beginner When using this control, you must install the plug-in engine control package (in each article, the external engine control package only provides the control control corresponding to this article), the specific control installation method, please refer to the "Delphi Guide", Due to the limited space limit, it will not be available in detail. After the engine installation is complete, you can find the [MP GameControls] control group in the component column in Delphi, where the [MPMEMCTL] control can be found. Beginners can use this control to control the memory. First, get the process handle needs to operate game memory, then you must first confirm the game you want to operate, and the game program has a unique handle every process generated at runtime. There are three ways to get the handle using the control: 1. Open the program via the control to get the handle. In the control, a StartProgram method is provided. By this method, you can open the program to get the process handle, and process information can be returned.
PROCICINFO: process_information; mpMemctl.StartProgram (filepath: string; // Program path var aproc_info: process_information // process information): Boolean
This method provides two parameters, the first parameter is the program path to be opened, and the second parameter is the process information of the process created after the program is opened. Using this method, the process information is obtained, and the control's prochandle property is added, and you can use the control to read and write the memory process directly. Its application examples are as follows: var pprocinfo: process_information; beginmpmemctl1.startprogram (Edit1.Text, PProcinfo) 2, by the control based on the program name. In the control, there is also a corresponding description of the system running process, and the control provides two methods for obtaining the corresponding process handle according to the program name. GetProcids () can get the name list of all programs that the system is now running. getProcid () can get the handle of the corresponding process by running the program name.
getProcids (): Tstrings // Return to Multi-Bank String
GetProcid (APROCNAME: STRING / / Application Name): THANDLE; / / Application Procedure Handle
Its application examples are as follows: First, you can return to ComboBox1.Items through getProcids (): ComboBox1.items: = mpMemctl1.getProcids (); then you can get the corresponding process handle and give the control's prochandle ( The process handle) The property is added, and the control can be read and write directly using the control. MPMemctL1.GetProcid (ComboBoX1.Text)
3. Get the handle according to the window name via the control. In the control, the control provides two methods for obtaining the corresponding process handle based on the window name. You can get all windows running in the process via getAllWindow (). getWinProchandle () can get the handle of the corresponding process by the corresponding window name.
GetAllWindow (Ahandle: Thandle // Handle in the current window): tstrings; // Returns the name of all current running windows
getWinProchandle (Awindowname: String // Incoming the current window name): Thandle; // Return to the handle of the window
Its application examples are as follows: First, you can return to ComboBox1.Items through getAllWindow (): ComboBox1.Items: = mpMemctL1. GetAllWindow (Handle); then you can get the corresponding process handle with GetWinProchandle (), and give control Prochandle (Procedure Handle) Attributes with respect to the value, then you can use the control directly to read and write the memory process. MPMemctL1. GetWinProchandle (ComboBoX1.text);
Second, the game is suspended in the program, in order to facilitate better get the current attribute of the game. The game pause method is provided in the control. Just call the method, the game can be freely suspended or started. This method is: pauseproc ()
Pauseproc (atype: integer // control type)
The control type can only be passed to parameter 0 or 1, 0 representatives to cause the game to be suspended, and 1 represents cancel pause. Its application examples are as follows: mpmemctl1.pauseproc (0); // Pause game
MPMemctl1.pauseProc (1); // Restore suspension
Third, the read and write memory value game attribute is actually stored in the memory address value, and the game is to be understood or modify the game properties, and can be done by reading or writing to the memory value. Through the control, it is easy to read and write the memory address value. You can confirm that the method is to be added to the prochandle property by calling the getaddressValue () and setaddressValue () of the control. The method given to the prochandle attribute, which has been described above. Whether it is read or written on the memory value, it is necessary to clarify the memory address to operate. GetDressValue (// Read Memory Method Aaddress: Pointer; // Operation Memory Address VAR Avalue: Integer // Read the value): boolean;
SetAddressValue (// Write Memory Method Aaddress: Pointer; // Operation Memory address Avalue: Integer // Write the value): boolean;
It should be noted that the memory address must be the Pointer type when passing into the memory address. Its application examples are as follows: The address stored in the address value (if the protagonist "is 4549632): var Avalue: integer; beginmpmemctl1.getaddressValue (Pointer ('4549632'), avalue; at this time the value in the Avalue variable is The value of the memory address [4549632]. Write address value: mpMemctL1.SetaddressValue (Pointer), strthannel (87)); can change the memory address value to be modified to 87 by this method, that is, change the "protagonal" level to 87. 4. Memory address value analysis In the game, you want to go to the memory address stored by the game properties, then the corresponding memory address is modeled, and the number of game properties stored will be available after analysis. The control provides two analytical methods based on memory addresses. One is to search according to the precise address value, and the other is to search according to the amount of memory changes. 1. If it is clearly known that the current value of the currently wants to modify, then use the exact address value to search and analyze in the game, you need to modify the experience of the person, then you must first get experience information from the game screen, such as the game character. The current experience value is 9800, you need to increase the empirical value, then you need to get the corresponding memory address in memory at this time, of course, it is likely that the address value is 9800 in memory, the first time is likely Searched the address of several address values to 9800. Waiting for the empirical value and change, if you change from 9800 to 20000, you can search again, then from the address just searched, you can further get a few more memory addresses, so on, then you can finally experience The address of the specific stored address. If you want to use a control to implement the memory value, it is very simple, and it is easy to call the Search () method of the control. However, to confirm the scope of the search before search, as mentioned above: "The program is now created in the linear address of 4MB-2GB of address", so the address to search should be between 4MB-2GB, so Set the control's MaxAddress property to 2GB, set the control's MinadDress property to 4MB. There is also a value that needs to be confirmed is the value you need to search, so you should set the SearchValue property to the current search value. If you need to display a search schedule, you can hang a corresponding TGAUGE control (the control is schedule control). Search (isfirst: boolean // is the first search): Boolean
In the search rate, in order to improve search efficiency, implement business logic, then it is necessary to pass a parameter, which is confirmed whether it is the first time memory. Its application examples are as follows:
Maxv: = 1024 * 1024 * 1024; Maxv: = 2 * maxv; minv: = 4 * 1024 * 1024; v: = strt (edit1.text); with mpmemctl1 do beg, maxaddress: = maxv; minaddress: = minv; searchValue : = Seaarchv; showgauge: = gauge1; search (first) end; if first the first: = false; 2, if you don't explicitly want to modify the address value, you only know that the value you want to change is large or smaller, then Search by the amount of memory changes. If some games have no blood value, it is necessary to modify the blood value of the characters, then search for the number of blood value storage of the character is analyzed by means of the amount of memory increase or decrease. If the characters are played by the monster, then the blood value will be reduced, then search and analyze the reduction at this time, if the character eats "blood", the blood value will increase, then search at this time. Search analysis. After continuous search, finalize the memory address of the range to the search. If you want to use a control to implement the exact search, the method is simple, just call the compare () method of the control. MaxAddress, MinadDress property sets in detail in the above chapters, which is no longer rescheduled. You don't need to specify the SearchValue property in this analysis. If you need to display a search schedule, you can hang a corresponding TGAUGE control. Compare (isfirst: boolean // is the first search atYPE: integer // Search type): Boolean
In the search rate, in order to improve search efficiency, implement business logic, then it is necessary to pass a parameter, which is confirmed whether it is the first time memory. There are two types of search analysis: if the parameter value is 0, then the incremental searches are represented. If the parameter value is 1, then the reduction searches are represented. Its application examples are as follows:
if Radiobutton1.checked TENV: = 0 else v: = 1; Maxv: = 1024 * 1024 * 1024; Maxv: = 2 * MaxV; minv: = 4 * 1024 * 1024; with mpmemctl1 do beg, maxaddress: = maxv; minaddress : = minv; showgauge: = gauge1; Compare (first, v); end; if first the first: = false; 5 () Methods, you can get a list of analytical processes or analyze the results addresses. However, if you use a method of searching for a search analysis by memory change, then a lot of addresses may be searched, causing return speed too long, then it is recommended to use the getaddressCount () method to determine the return list as a certain length. Give it back.
GetDressList (): TStrings // Return the address string list
getaddressCount (): Integer // Returns the length of the address string list
Its application examples are as follows: if mpmemctl1.getaddresscount () <100 kilistbox1.items: = mpMemctL1.GetDressList (); through the above five steps, it can be integrated into a functionally complete, a memory control method-based game plug-in. With the key part of "FPE". With this tool, through some methods, not only, the game properties single memory address, but also a multi-memory game attribute storage address can be analyzed.
