The game plug-in has deeply influenced many online game players. Today, I saw some techniques about the game plug-in writing, so they reprinted for the reference 1. The original intention of the game plug-in is now divided into many kinds, such as simulating keyboards, The mouse, modify the packet, and modify the local memory, but it seems that there is no modification of the server memory, huh, huh. In fact, modifying the server is also a way, but the technology is too high, there is no way to start. (For example, please give the GM to night club, gift, money, etc. can modify server data, haha) modifying the game is nothing more than modifying the data of local memory, or intercepting API functions, etc. Here I will introduce the methods you can think of, I hope everyone can make good plug-in to make game manufacturers better improve their own technology. I have seen an article is the theoretical analysis of magic baby, write a lot, probably that look. I will explain the technical things in order to make the use of jade. 2 Technical Analysis Section 2.1 Analog Keyboard or Mouse Response We Generally used:
Uint sendInput (uint ninputs, // count of infut events);
API function. The first parameter is the dimension of the matrix of the second parameter. The second parameter contains a response event. This is the first to fill, and finally this structure is very simple, this is the simplest method to simulate the keyboard. Mouse, huh, huh. Note that this function has an alternative function:
Void keybd_event (byte BVK, // Virtual key code BYTE BSCAN, / / Scan code DWORD DWFLAGS, ULONG_PTR DWEXTRAINFO // Additional key status);
versus
VOID mouse_event (DWORD dwFlags, // motion and click options DWORD dx, // horizontal position or change DWORD dy, // vertical position or change DWORD dwData, // wheel movement ULONG_PTR dwExtraInfo // application-defined information);
These two functions are very simple, I think the button elves are using this. The above is an analog keyboard, the following is an analog mouse. This is just an analog part, you have to contact the game we need to find the game's window, or contain shortcuts, just like the activation key of the button, we can use the getWindow function to enumerate the window, or use FindWindow Function to find a developed window (note, there is a findwindowex), FindWindowEx can find the child window of the window, such as buttons, what to wait. When the game switches the scene, we can use FindWindowEx to determine some of the characteristics of the current window, thus judge whether it is still in this scenario, such as getwindowInfo to determine something, such as when you find a button, you will explain The game scene has been switched, and so on. Some games have no controls inside, which is to change the image to the image, this method is limited. This requires us to use other ways to assist in analyzing. As for the shortcut, we have to be implemented with a dynamic connection library, and it is also very simple to use the Hook technology. Everyone maybe, it is actually a global HOOK object and then setwindowhook is OK, and the callback function is ready, and now the online example is more like a humm. This implementation is already very common in plug-in. If anyone else doesn't understand, let's take a look at MSDN Find SetWindowHook. Don't underestimate the role of this dynamic connection library, it can be cut into all process space, that is, you can load it into all games, as long as you use it, you will find it very use. This requires you to review the basics of Win32 programming. Oh, hurry to read the book. 2.2 Intercept messages Some game response mechanisms are relatively simple, based on messages, or what timer is used. At this time you can use intercept messages to implement some interesting features. We intercept messaging is also hook technology, including keyboard messages, mouse messages, system messages, logs, etc., other things have nothing to do, we only use the callback function of intercepting messages, this will not let I wrote an example. In fact, this is the same as the above, it is written in SETWINDOWHOOK, and you will understand very simple. As for what to intercept, you are your business, such as handling some of our data judgment in each timer message, or in the timer to simulate a timer, then some data will handle twice, huh, huh. The consequences, not necessarily a good thing, huh, huh, but if the data calculation is placed on the client, you can really change the data, huh, try it. There are still a lot of use, you can think of it, huh, huh. 2.3 Intercepting the Socket package This technology is much difficult than the original. First we have to replace WINSOCK.DLL or WINSOCK32.DLL, we write the replacement function to be consistent with the original function, that is, what is its function output, and we also have to output what is like a function, but also parameters, parameter sequence All must be just the same, then call the function in the true Winsock32.dll in our function. First of all: We can replace dynamic libraries to system paths. Second: When our application starts, the original dynamic library can be loaded, and then use this function loadLibary and locate the entry to get the entry address of each real socket function with the getProcAddress function.
