war3辅助代码及运行方式

打开VS2019

war3辅助代码及运行方式
点这个
war3辅助代码及运行方式
war3辅助代码及运行方式
自动生成这么一堆代码,全删了,就剩这些就行
war3辅助代码及运行方式
然后点这里
war3辅助代码及运行方式
war3辅助代码及运行方式
war3辅助代码及运行方式
war3辅助代码及运行方式
war3辅助代码及运行方式
然后向CPP里粘贴以下代码

#include "tlhelp32.h"

HANDLE hwnd = { 0 };
DWORD PID = 0;

DWORD MyFindProcess(PTCHAR pnameBuffer) {
    HANDLE hHand = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    PROCESSENTRY32 processInfo = { 0 };
    processInfo.dwSize = sizeof PROCESSENTRY32;


    Process32First(hHand, &processInfo);
    do {
        if (!_tcscmp(pnameBuffer, processInfo.szExeFile)) {
            CloseHandle(hHand);
            return processInfo.th32ProcessID;
        }

    } while (Process32Next(hHand, &processInfo));
}

DWORD MyGetModule(DWORD dwPid, PTSTR strModuleName) {
    HANDLE hand = 0;
    MODULEENTRY32 ModuInfo = { 0 };
    ModuInfo.dwSize = sizeof(MODULEENTRY32);
    hand = ::CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPid);
    if (hand == INVALID_HANDLE_VALUE) {
        return 0;
    }
    ::Module32First(hand, &ModuInfo);
    do {
        
        if (!_tcscmp((PTCHAR)ModuInfo.szModule, strModuleName)) {
            return (DWORD)ModuInfo.hModule;
        }

    } while (::Module32Next(hand, &ModuInfo));
    return FALSE;
}

VOID Change(PTSTR strModuleName, DWORD offset[],int offset_num, DWORD Input) {
   DWORD BASE = MyGetModule(PID, strModuleName) + offset[0];
   for (int i = 1; i < offset_num; i++) {
       ReadProcessMemory(hwnd, (LPCVOID)BASE, &BASE, 4, NULL);
       ;
       BASE += offset[i];
   }
   WriteProcessMemory(hwnd, (LPVOID)(BASE), &Input, 4, NULL);
}
VOID BIND() {
    PID = MyFindProcess(_T("War3.exe"));
    hwnd = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
 
    LPWSTR strValue = (LPWSTR)malloc(2048);
    wsprintf(strValue, L"PID:%d", PID);
    MessageBoxW(0, strValue,_T("绑定成功"), 1);
}

bool enableDebugPriv()
{
    HANDLE hToken;
    LUID sedebugnameValue;
    TOKEN_PRIVILEGES tkp;

    if (!OpenProcessToken(GetCurrentProcess(),
        TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {
        return false;
    }
    if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue)) {
        CloseHandle(hToken);
        return false;
    }
    tkp.PrivilegeCount = 1;
    tkp.Privileges[0].Luid = sedebugnameValue;
    tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL)) {
        CloseHandle(hToken);
        return false;
    }
    return true;
}

INT_PTR CALLBACK DialogProc(
    HWND hwndDlg,
    UINT uMsg,
    WPARAM wParam,
    LPARAM lParam
) {
    DWORD os1[] = { 0xBE40A8,0x0C ,0x14,0x78 };
    DWORD os2[] = { 0xBE40A8 ,0xc,0x1c ,0x78 };
    switch (uMsg)
    {
    case WM_INITDIALOG:             //窗口初始化
        return TRUE;
    case WM_CLOSE:                  //清理
        EndDialog(hwndDlg, 0);
        return TRUE;
    case WM_COMMAND:                   //命令
        switch (LOWORD(wParam))
        {
   
        case IDC_BUTTON3:
            BIND();
            break;
        case IDC_BUTTON2:
            Change(_T("Game.dll"), os2, 4, 1000000);
            break;
        case IDC_BUTTON1:
            Change(_T("Game.dll"), os1, 4, 1000000);
            break;
        default:
            break;
        }
        return TRUE;
    default:
        break;
    }

    return FALSE;
}


int APIENTRY wWinMain(_In_ HINSTANCE hInstance,
                     _In_opt_ HINSTANCE hPrevInstance,
                     _In_ LPWSTR    lpCmdLine,
                     _In_ int       nCmdShow)
{
    BOOL A = enableDebugPriv();
    DialogBox(hInstance, MAKEINTRESOURCE(IDD_DIALOG1), NULL, DialogProc);
}

变成这样子
war3辅助代码及运行方式

若出现VS2019项目出现"const char *" 类型的实参与 “char *” 类型的形参不兼容错误的解决方法

在VS2019中依次点击项目->属性->C/C+±>语言->符合模式,将原来的“是”改为“否”即可。
war3辅助代码及运行方式

上一篇:从汇编角度看i++ 和++i的区别


下一篇:调试器与被调试进程的拆离以及结束被调试进程的实现