`
369540808
  • 浏览: 197029 次
文章分类
社区版块
存档分类
最新评论

纯代码,你懂的

 
阅读更多

1. dump.h

#ifndef __SPIDER_DUMP_H_
#define __SPIDER_DUMP_H_

#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000

typedef struct _CARDINFO{
	DWORD dwIndex;		// 牌的序号
	_CARDINFO *pPrev;	// 前一张指针(NULL为第一张)
	_CARDINFO *pNext;	// 下一张指针(NULL最后一张)
} CARDINFO, *PCARDINFO;

typedef struct _CARDPROP{
	DWORD Class;	// 花色: 梅花=0, 方块=1, 红桃=2, 黑桃=3
	DWORD Order;	// 序列: A-K, A=0
	DWORD Opened;	// 状态: 未翻开=0
} CARDPROP, *PCARDPROP;

typedef struct _GAMEPROP{
	LPVOID lpCardList[10];	// 链表指针数组
	DWORD dwCardCount[10];	// 每列牌数数组
	DWORD dwHideCount[10];	// 未翻牌数数组
} GAMEPROP, *PGAMEPROP;

typedef struct _GAMEDATA{
	HWND hWnd;
	LPVOID lpDifficulty;
	LPVOID lppTrainList;
} GAMEDATA, *PGAMEDATA;

#endif


2.dump.cpp

#include <windows.h>
#include "dump.h"
#include <stdio.h>

const char *szClass[] = {
	"梅花",
	"方块",
	"红桃",
	"黑桃"
};
const char *szOrder[] = {
	"A",
	"2",
	"3",
	"4",
	"5",
	"6",
	"7",
	"8",
	"9",
	"10",
	"J",
	"Q",
	"K"
};
const char *szOpened[] = {
	"未翻开",
	"已翻开"
};

LPVOID lpBaseAddress = (LPVOID)0x01012008;	// 全局指针
//LPVOID lpPropAddress = (LPVOID)0x01012008;
//LPVOID lpViewAddress = (LPVOID)0x01012008;
//LPVOID lpShowAddress = (LPVOID)0x01012008;
//LPVOID lpHideAddress = (LPVOID)0x01012008;

GAMEDATA g_Data;
GAMEPROP g_Prop;
CARDPROP lpCards[104];
CARDINFO ci;

int fnDump()
{
	HWND hWnd;
	DWORD dwProcessId;
	HANDLE hProcess;
	LPVOID lpAddress;
	DWORD dwValue;
	DWORD dwLoop;
	DWORD dwOrder;	// 12-0循环
	DWORD dwClass;	//  7-0黑桃*2, 红桃*2, 梅花*2, 方块*2

	int dwRet;

	hWnd = FindWindow(NULL, "蜘蛛");
	if(hWnd == NULL)
	{
		printf("Can not find the spider window!\n");
		return 0;
	}
	GetWindowThreadProcessId(hWnd, &dwProcessId);	// return thread id
	hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId);
	if(hProcess == NULL)
	{
		printf("Can not open process! code: %d.\n", GetLastError());
		return 0;
	}

	dwRet = ReadProcessMemory(hProcess, lpBaseAddress, &g_Data, sizeof(GAMEDATA), NULL);
	if(dwRet == 0)
	{
		printf("Can not read global data! code: %d.\n", GetLastError());
		CloseHandle(hProcess);
		return 0;
	}
	if(g_Data.hWnd != hWnd)
	{
		printf("Global data mismatch!\n");
		CloseHandle(hProcess);
		return 0;
	}
	lpAddress = (LPVOID)((DWORD)lpBaseAddress + 0xF1C);
	dwRet = ReadProcessMemory(hProcess, lpAddress, &dwValue, sizeof(DWORD), NULL);
	if(dwRet == 0)
	{
		printf("Can not determine whether partially completed or not! code: %d.\n", GetLastError());
		CloseHandle(hProcess);
		return 0;
	}
	if(dwValue != 0)
	{
		printf("Game is partially completed!\n");
		CloseHandle(hProcess);
		return 0;
	}
	lpAddress = (LPVOID)((DWORD)lpBaseAddress + 0x58);
	dwRet = ReadProcessMemory(hProcess, lpAddress, &dwValue, sizeof(DWORD), NULL);
	if(dwRet == 0)
	{
		printf("Can not read remaining card count! code: %d.\n", GetLastError());
		CloseHandle(hProcess);
		return 0;
	}
	dwValue = 5 - dwValue;	// 发完是5次
	printf("There are(is) %d time(s) remaining.\n", dwValue);
	if(dwValue > 0)
	{
		SetForegroundWindow(hWnd);
		for(dwLoop = 0; dwLoop < dwValue; dwLoop++)
		{	// 把所有的牌发完 -> 发送点击发牌菜单的命令
			dwRet = SendMessage(hWnd, WM_COMMAND, 40016, 0);
		}
	}
	dwRet = ReadProcessMemory(hProcess, g_Data.lpDifficulty, &dwValue, sizeof(DWORD), NULL);
	if(dwRet == 0)
	{
		printf("Can not read difficulty data! code: %d.\n", GetLastError());
		CloseHandle(hProcess);
		return 0;
	}
	if((dwValue != 1) && (dwValue != 2) && (dwValue != 4))
	{
		printf("Difficulty data mismatch!\n");
		CloseHandle(hProcess);
		return 0;
	}
	dwValue = (DWORD)g_Data.lpDifficulty;
	dwValue += 0xC;
	lpAddress = (LPVOID)dwValue;	// 牌属性指针地址
	dwRet = ReadProcessMemory(hProcess, lpAddress, &dwValue, sizeof(DWORD), NULL);
	if(dwRet == 0)
	{
		printf("Can not read card property pointer! code: %d.\n", GetLastError());
		CloseHandle(hProcess);
		return 0;
	}
	lpAddress = (LPVOID)dwValue;	// 牌属性指针
	dwRet = ReadProcessMemory(hProcess, lpAddress, lpCards, sizeof(CARDPROP) * 104, NULL);
	if(dwRet == 0)
	{
		printf("Can not read card property array! code: %d.\n", GetLastError());
		CloseHandle(hProcess);
		return 0;
	}
	dwRet = ReadProcessMemory(hProcess, g_Data.lppTrainList, &g_Prop, sizeof(GAMEPROP), NULL);
	if(dwRet == 0)
	{
		printf("Can not read train list data! code: %d.\n", GetLastError());
		CloseHandle(hProcess);
		return 0;
	}
	printf("======== begin dumping card data ========\n");
	dwOrder = 12;	// ..
	dwClass = 7;	// ..
	for(dwLoop = 0; dwLoop < 10; dwLoop++)
	{	// 遍历每一列
		dwRet = ReadProcessMemory(hProcess, g_Prop.lpCardList[dwLoop], &dwValue, sizeof(DWORD), NULL);
		if(dwRet == 0)
		{	// 此次是根据元素(链表指针读取链表地址)
			printf("Can not read train %d pointer! code: %d.\n", dwLoop, GetLastError());
			CloseHandle(hProcess);
			return 0;
		}
		//lpAddress = (LPVOID)dwValue;
		//dwRet = ReadProcessMemory(hProcess, lpAddress, &dwValue, sizeof(DWORD), NULL);
		//if(dwRet == 0)
		//{
		//	printf("Can not read train %d data! code: %d.\n", dwLoop, GetLastError());
		//	CloseHandle(hProcess);
		//	return 0;
		//}
		lpAddress = (LPVOID)dwValue;
		dwRet = ReadProcessMemory(hProcess, lpAddress, &ci, sizeof(CARDINFO), NULL);
		if(dwRet == 0)
		{	// 此次读取链表第一个元素(要求游戏一行都没有收起, 也没有空行)
			printf("Can not read train %d data! code: %d.\n", dwLoop, GetLastError());
			CloseHandle(hProcess);
			return 0;
		}
		dwValue = 0;
		// 显示当前实际的卡片属性
		printf("第 %d 张牌序号为: %d(%s 的 %s%s).\n",
				dwValue,
				ci.dwIndex,
				szOpened[lpCards[ci.dwIndex].Opened],
				szClass[lpCards[ci.dwIndex].Class],
				szOrder[lpCards[ci.dwIndex].Order]);
		// 修改为我们想要的属性值
		lpCards[ci.dwIndex].Opened = 1;				// 已经翻开
		lpCards[ci.dwIndex].Class = dwClass / 2;	// 花色
		lpCards[ci.dwIndex].Order = dwOrder;		// 序号
		if(dwOrder == 0)
		{	// 已经排到A了
			if(dwClass == 0) break;	// 尽头了
			dwOrder = 12;
			dwClass--;
		}else dwOrder--;
		while(ci.pNext != 0)
		{
			lpAddress = (LPVOID)ci.pNext;
			dwRet = ReadProcessMemory(hProcess, lpAddress, &ci, sizeof(CARDINFO), NULL);
			if(dwRet == 0)
			{
				printf("Can not read train %d data!! code: %d.\n", dwLoop, GetLastError());
				CloseHandle(hProcess);
				return 0;
			}
			dwValue++;
			// 显示当前实际的卡片属性
			printf("第 %d 张牌序号为: %d(%s 的 %s%s).\n",
					dwValue,
					ci.dwIndex,
					szOpened[lpCards[ci.dwIndex].Opened],
					szClass[lpCards[ci.dwIndex].Class],
					szOrder[lpCards[ci.dwIndex].Order]);
			// 修改为我们想要的属性值
			lpCards[ci.dwIndex].Opened = 1;				// 已经翻开
			lpCards[ci.dwIndex].Class = dwClass / 2;	// 花色
			lpCards[ci.dwIndex].Order = dwOrder;		// 序号
			if(dwOrder == 0)
			{	// 已经排到A了
				if(dwClass == 0) break;	// 尽头了
				dwOrder = 12;
				dwClass--;
			}else dwOrder--;
		}
		if(ci.pNext) break;	// 中断跳出的while循环
		if(dwLoop < 9) printf("\n");
	}
	if(dwLoop < 10)
	{
		printf("Card count mismatch.\n");
		CloseHandle(hProcess);
		return 0;
	}
	printf("======== Cracking game memory ========\n");
	dwValue = (DWORD)g_Data.lpDifficulty;
	dwValue += 0xC;
	lpAddress = (LPVOID)dwValue;	// 牌属性指针地址
	dwRet = ReadProcessMemory(hProcess, lpAddress, &dwValue, sizeof(DWORD), NULL);
	lpAddress = (LPVOID)dwValue;	// 牌属性指针
	dwRet = WriteProcessMemory(hProcess, lpAddress, lpCards, sizeof(CARDPROP) * 104, NULL);
	// 修改已翻开的牌数
	for(dwLoop = 0; dwLoop < 10; dwLoop++)
	{
		g_Prop.dwHideCount[dwLoop] = 0;
	}
	dwValue = (DWORD)g_Data.lppTrainList;
	dwValue += (sizeof(DWORD) * 20);
	lpAddress = (LPVOID)dwValue;
	dwRet = WriteProcessMemory(hProcess, lpAddress, g_Prop.dwHideCount, sizeof(DWORD) * 10, NULL);
	if(dwRet == 0)
	{
		printf("Can not crack card view property! code: %d.\n", GetLastError());
		CloseHandle(hProcess);
		return 0;
	}
	InvalidateRect(hWnd, NULL, TRUE);
	printf("======== finish dumping card data ========\n");
	CloseHandle(hProcess);
	return 1;
}

int main(int argc, char* argv[])
{
	printf("============================================\n");
	printf("======== 游侠技术研究,请勿非法使用 ========\n");
	printf("============================================\n");
	return fnDump();
}


至于是干嘛的,看得懂就懂,不懂也就这样了,至于你懂不懂,反正我懂了.

无图有真相...

分享到:
| CodeForces 366C Dima and Salad
评论
发表评论

您还没有登录,请您登录后再发表评论

相关推荐

    C++源代码 恶搞一下,你懂的,嘿嘿。

    C++源代码 恶搞一下,你懂的,嘿嘿。很好玩的

    vax10.7.1918with你懂的

    vax10.7.1918with你懂的补丁

    1433最新解封代码

    1433代码你懂的,最新解封的啊,好不容易的来的现在拿出来分享啦!!

    别告诉我你懂电脑

    内容摘要:内容简介《别告诉我你懂电脑:150个意想不到的省时实用电脑操作秒杀秘技》内容简介:看到同事和朋友娴熟地运用着电脑,并时不时炫耀着令人惊讶的操作妙招时,一点都不感至羡慕和嫉妒当别人求助自己解决电脑...

    C语言深度剖析 pdf+源代码

    C语言深度剖析 pdf+源代码 你懂的 我遇到过很多程序员和计算机系毕业的学生,也给很多程序员和计算机系毕业的学生讲 解过《高级C 语言程序设计》。每期班开课前,我总会问学生:你感觉C 语言学得怎么样? 难吗?指针...

    NET Reflector破解版--你懂的!

    NET Reflector破解版--最经典的工具,你懂的!

    很牛叉的图片抽奖软件,你懂的

    很牛叉的图片抽奖软件,你懂的 可一张一张抽,也可多张一起抽,图片、文字即可 还有更多隐藏功能,方便操控哦,你懂的 已破解

    u盘模式的说明你懂的

    这个比交好用的工具你看就指的了,赶快下载把,素度的可以用爱的

    大型多人在线游戏开发iso(你懂的)

    我们为下列文章提供了C++或是Python源代码: 2.3 为游戏脚本创建一个“安全沙盘” 2.5 使用Twisted框架进行MMP服务整合 3.5 使用Python进行精确的游戏事件广播 4.3 使用程序生成游戏世界:避免数据激增 4.4 为固定...

    别说你懂PPT

    入职后如何制作专业翔实的PPT的实用教程 以及相关的表述技巧

    别说你懂ppt

    主要介绍制作ppt的构思,创意,也有技巧。帮助你设计ppt。

    《华为人,你懂的》

    石楠的《华为人,你懂的》。清华大学出版署

    MD5码 你懂的

    MD5码查看工具,建议方便 绿色环保,是居家必备工具

    FTP关键字,做外连的好工具,你懂的

    FTP关键字,做外连的好工具,你懂的 我就不说那么多的,你应该懂的这个工具

    [别告诉我你懂电脑]

    看到别人娴熟的运用电脑,并时不时炫耀着令人惊讶的操作妙招时,是不是总是会有种不可名状的郁闷感?take it easy!本书将帮你重建电脑高手的成就感,教会你150个意想不到的省时实用的电脑操作的秒杀妙招!

    史上最全C++教程,看看你懂不懂

    史上最全C++教程,看看你懂不懂 史上最全C++教程,看看你懂不懂 史上最全C++教程,看看你懂不懂 史上最全C++教程,看看你懂不懂 史上最全C++教程,看看你懂不懂 史上最全C++教程,看看你懂不懂 史上最全C++教程,看...

    别说你懂iPad2.pdf

    中文名: 别说你懂iPad2 作者: 王毅 资源格式: PDF 版本: 扫描版 出版社: 重庆出版社书号: 9787229042158发行时间: 2011年6月 地区: 大陆 语言: 简体中文 简介: 内容介绍: 要想玩转iPad2,最重要的当然是玩转...

    原版MyCCL,你懂的

    MyCCL原版,懂的人都懂,呵呵,仅限于研究使用,请勿非法使用,谢谢配合

    不要告诉我 你懂ppt

    ppt经典之作 没看可惜了 授人以渔不如授人以鱼

Magicbox
Global site tag (gtag.js) - Google Analytics