Upon, we have made a resolution of the action, and the action is the simplest plug-in. Now let's take a look, more practical plug-in plug-in - the entire production process of local modified plug-in for detailed decomposition . I know that the most typical application of local modified plug-in is to play on the "Elf" game, because I am in recent years ("Elf" is still in the test stage), there are many colleagues in my company to play "Elf". So I looked at the data processing method of the game. I found that the information it sent to the server was existing in memory (I got the first feeling: Modifying this game and modifying the stand-alone version of the game. In other words, it was possible to modify the memory address before he submitted information to the server). At that time, I found that the address was changed, and sure, according to my idea, modified the address, so that the system was automatically submitted, it really succeeded. ~~~~~, later "Elf" changed to a double address school inspection, memory school inspection, etc., I will not have nonsense here ~~~~, ok, let's take a look at how this kind of plunks are made We have to have a specific understanding of Windows's memory before doing plug-in, and the memory we refers to the system's memory offset, which is relatively memory, and we have to modify it, then we To understand several Windows APIs, OK, follow examples Let us see this plug-in production and API application (in order to ensure the normal operation of online games, I don't explain the way the memory address is detailed): 1 First we have to use FindWindow, know the handle of the game window, because we have to know the ID of the process after the game run, the following is the usage of FindWindow: hWnd FindWindow
LPCTSTR LPCLASSNAME, / / POINTER TO Class Name LPCTSTSTR LPWINDOWNAME / / POINTER TO WINDOWNAME / / POINTER TO WINDOW NAME); 2, we getWindowThreadProcessID to get the process ID of the game window correspondence process, the function usage is as follows: DWORD getWindowThreadProcessId
HWND HWND, // Handle Of Window LPDWORD LPDWPROCESSID // Address Of Variable for Process Identifier); 3, after getting the game process ID, the next thing is to open the process with the highest permission, the specific usage of the function OpenProcess used is as follows : Handle OpenProcess
DWORD DWDESIREDACCESS, // Access Flag Bool BinheritHandle, // Handle Inheritance Flag DWord DWProcessId // Process Identifier; is where you have access mode, there are a lot of permissions, we are using process_all_access Open the process, you can check the MSDN in other ways. 4, after opening the process, we can use the function to operate, here we use WriteProcessMemory to write data to the memory address (other way of operation, such as: ReadProcessMemory, I am here. introduced a), we look at WriteProcessMemory usage: BOOL WriteProcessMemory (hANDLE hProcess, // handle to process whose memory is written to LPVOID lpBaseAddress, // address to start writing to LPVOID lpBuffer, // pointer to buffer to write data to DWORD nsize, // Number of bytes to write lpdword lpnumberofbyteswritten // Actual number of bytes Written; 5, the following is done with CloseHandle Close process handle.
This is a method of implementing some of this type of game, well, there is this method, we have a rational understanding, let's take a look at the actual example, improve our sense of mind, the following is the plug-in XX game code, we correspond according to the above method to look at it: const ResourceOffset: dword = $ 004219F4; resource: dword = 3113226621; ResourceOffset1: dword = $ 004219F8; resource1: dword = 1940000000; ResourceOffset2: dword = $ 0043FA50; resource2: dword = 1280185; ResourceOffset3: dword = $ 0043FA54; resource3: dword = 3163064576; ResourceOffset4: dword = $ 0043FA58; resource4: dword = 2298478592; var hw: HWND; pid: dword; h: THandle; tt: Cardinal; begin hw: = FindWindow ( 'XX', nil); if hw = 0 then Exit; GetWindowThreadProcessId (hw, @pid); h: = OpenProcess (PROCESS_ALL_ACCESS, false, pid); if h = 0 then Exit; if flatcheckbox1.Checked = true then begin WriteProcessMemory (h, Pointer (ResourceOffset), @Resource, sizeof (Resource), tt); WriteProcessMemory (h, Pointer (ResourceOffset1), @ Resource1, sizeof (Resource1), tt); end; if flatcheckbox2.Checked = true then Begin WriteProcessMemory (H, Pointer (ResourceOffset2), @ Resource2, Sizeof (R esource2), tt); WriteProcessMemory (h, Pointer (ResourceOffset3), @ Resource3, sizeof (Resource3), tt); WriteProcessMemory (h, Pointer (ResourceOffset4), @ Resource4, sizeof (Resource4), tt); end; MessageBeep ( 0); CloseHandle (H); Close; This game is verified by multi-address to verify the data to be submitted, so this game plug-in production is not very difficult, and the hardest is to find these addresses. (The method has already seen it clearly, and the specific practice will look at everyone, huh, huh ~~~~~~, but don't be too happy, this online game is a small number, so I will be in the future article. Do a detailed explanation, yes, please follow the post, encourage, or I really don't believe in the following article, thank you) Copyright Description: You can copy, distribute, download this document. However, you may not take it, change this article, or use this article to see any form of interest.
