本帖最后由 xueshanfh 于 2011-6-23 11:22 编辑
功能多多,有待大家来挖掘,我就不多说了,直接贴出代码,里面注解把功能说得非常清楚了,看不清楚的就下载附件源代码里面来看吧。
#include "StdAfx.cpp"
#include <windows.h>
#include <stdio.h>
#include <tchar.h>
// psapi.h和psapi.lib文件默认VC++6.0是不安装的需要自己把它们复制到VC++的目录里
#include "psapi.h"
#pragma comment (lib,"psapi")
void main()
{
// 根据窗口名称得到进程ID打开进程读写权限然后枚举进程所有模块(就是.exe和.dll)
HWND hWnd;
unsigned int ii;
for (ii = 0; ii < 4294967294; ii++)
{Sleep(500); if (hWnd = FindWindow(NULL,"Crysis 2 (TM)")) break;}
DWORD pid;
::GetWindowThreadProcessId(hWnd,&pid);
HANDLE hProcess;
hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,pid);
HMODULE hMods[1024];
DWORD cbNeeded;
if (EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded))
{
unsigned int i;
for (i = 0; i<(cbNeeded / sizeof(HMODULE)); i++)
{
char szModName[_MAX_PATH];
// 得到模块的名称
if (GetModuleBaseName(hProcess, hMods, szModName, sizeof(szModName)))
{
// 得到模块的信息(基地址、内存影像大小和入口点)并存入mod_info结构体变量中
MODULEINFO mod_info;
GetModuleInformation(hProcess, hMods, &mod_info, sizeof(MODULEINFO));
// 把模块名送入string变量
char string[20];
strcpy(string, szModName);
CharLower(string);
//如果模块名=crysis2.exe就执行下面的内存补丁代码
//mod_base变量用来存放模块基址," "的内容注意用小写
if (!stricmp(string, "crysis2.exe"))
{
//1dogtag就获得当前地图第三级秘技
#define CodeAddress01 (0x011b0415)
#define CodeAddress02 (0x0170bf90)
BYTE newcode01[] = {0xE9, 0x86, 0xBB, 0x55, 0x00};
BYTE newcode02[] = {0xC7, 0x46, 0x10, 0x07, 0x00, 0x00, 0x00, 0xE9, 0xAB, 0x44, 0xAA, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x74, 0xEE, 0x48, 0x0F, 0x85, 0xA2, 0x44, 0xAA, 0xFF, 0xFF, 0x76, 0x10, 0xE9, 0x6C, 0x44, 0xAA, 0xFF};
WriteProcessMemory(hProcess, (LPVOID)CodeAddress01, &newcode01, 5, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress02, &newcode02, 33, NULL);
//把当前地图所有秘技都变为suitboost
#define CodeAddress03 (0x011b05f7)
#define CodeAddress04 (0x011b060d)
#define CodeAddress05 (0x011b0623)
#define CodeAddress06 (0x0170bfc0)
#define CodeAddress07 (0x01f85ff0)//可以改成自己想要的秘技,比如落雷
BYTE newcode03[] = {0xE9, 0xC4, 0xB9, 0x55, 0x00, 0x90, 0x90, 0x90, 0x90};
BYTE newcode04[] = {0xE9, 0xC0, 0xB9, 0x55, 0x00, 0x90, 0x90, 0x90, 0x90};
BYTE newcode05[] = {0xE9, 0xBC, 0xB9, 0x55, 0x00, 0x90, 0x90, 0x90, 0x90};
BYTE newcode06[] = {0x68, 0xF0, 0x5F, 0xF8, 0x01, 0x8D, 0x4D, 0xE4, 0xE8, 0xE3, 0x65, 0xD7, 0xFE, 0xE9, 0x2E, 0x46, 0xAA, 0xFF, 0x68, 0xF0, 0x5F, 0xF8, 0x01, 0x8D, 0x4D, 0xE8, 0xE8, 0xD1, 0x65, 0xD7, 0xFE, 0xE9, 0x32, 0x46, 0xAA, 0xFF, 0x68, 0xF0, 0x5F, 0xF8, 0x01, 0x8D, 0x4D, 0xEC, 0xE8, 0xBF, 0x65, 0xD7, 0xFE, 0xE9, 0x36, 0x46, 0xAA, 0xFF};
BYTE newcode07[] = {0x54, 0x65, 0x61, 0x6D, 0x53, 0x75, 0x69, 0x74, 0x42, 0x6F, 0x6F, 0x73, 0x74};
WriteProcessMemory(hProcess, (LPVOID)CodeAddress03, &newcode03, 9, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress04, &newcode04, 9, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress05, &newcode05, 9, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress06, &newcode06, 54, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress07, &newcode07, 13, NULL);
//suitboost持续时间
/*#define CodeAddress08 (0x0170bf20)
#define CodeAddress09 (0x0104a5cb)
#define CodeAddress10 (0x0104a5db)
#define CodeAddress11 (0x01f85fec)
BYTE newcode08[] = {0xA3, 0xE4, 0x5F, 0xF8, 0x01, 0x33, 0xC0, 0x40, 0x01, 0x05, 0xE8, 0x5F, 0xF8, 0x01, 0xB8, 0x30, 0x00, 0x00, 0x00, 0x39, 0x05, 0xE8, 0x5F, 0xF8, 0x01, 0x75, 0x23, 0xA1, 0xEC, 0x5F, 0xF8, 0x01, 0x89, 0x1D, 0xD8, 0x5F, 0xF8, 0x01, 0x8B, 0x1D, 0xDC, 0x5F, 0xF8, 0x01, 0x89, 0x03, 0x8B, 0x1D, 0xD8, 0x5F, 0xF8, 0x01, 0xB8, 0x97, 0xFF, 0xFF, 0xFF, 0xA3, 0xE8, 0x5F, 0xF8, 0x01, 0xA1, 0xE4, 0x5F, 0xF8, 0x01, 0x84, 0xC0, 0x0F, 0x85, 0xAD, 0xE6, 0x93, 0xFF, 0xFF, 0x75, 0x08, 0xE9, 0x6F, 0xE6, 0x93, 0xFF, 0xA3, 0xE4, 0x5F, 0xF8, 0x01, 0x8B, 0x45, 0x10, 0xA3, 0xDC, 0x5F, 0xF8, 0x01, 0xA1, 0xE4, 0x5F, 0xF8, 0x01, 0xFF, 0x75, 0x10, 0x8B, 0x4D, 0x14, 0xE9, 0x41, 0xE6, 0x93, 0xFF};
BYTE newcode09[] = {0xE9, 0xA3, 0x19, 0x6C, 0x00, 0x90};
BYTE newcode10[] = {0xE9, 0x40, 0x19, 0x6C, 0x00, 0x90, 0x90};
BYTE newcode11[] = {0x00, 0x80, 0x3B, 0x45};//时间数值(这里为3000.0秒)
WriteProcessMemory(hProcess, (LPVOID)CodeAddress08, &newcode08, 112, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress09, &newcode09, 6, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress10, &newcode10, 7, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress11, &newcode11, 4, NULL);*/
//改rate(枪速)——包括shotgun、grendel
#define CodeAddress12 (0x01219cb8)
#define CodeAddress13 (0x0170be9d)
#define CodeAddress14 (0x012153d5)
#define CodeAddress14_1 (0x0170beb5)
#define CodeAddress14_2 (0x01218a81)//grendel
#define CodeAddress14_3 (0x0170beeb)
BYTE newcode12[] = {0xE9, 0xE0, 0x21, 0x4F, 0x00};
BYTE newcode13[] = {0x83, 0xF8, 0x15, 0x72, 0x05, 0xB8, 0xFF, 0xFF, 0xE7, 0x89, 0x89, 0x45, 0xFC, 0x8B, 0x06, 0xE9, 0x0C, 0xDE, 0xB0, 0xFF};
BYTE newcode14[] = {0xE9, 0xDB, 0x6A, 0x4F, 0x00, 0x90};
BYTE newcode14_1[] = {0xB8, 0xFF, 0xFF, 0xE7, 0x89, 0x89, 0x45, 0xFC, 0xDB, 0x45, 0xFC, 0xE9, 0x16, 0x95, 0xB0, 0xFF};
BYTE newcode14_2[] = {0xE9, 0x65, 0x34, 0x4F, 0x00};
BYTE newcode14_3[] = {0xC7, 0x45, 0x08, 0x84, 0x03, 0x00, 0x00, 0x33, 0xC9, 0xE9, 0x8D, 0xCB, 0xB0, 0xFF};//0x84, 0x03, 0x00, 0x00=900
WriteProcessMemory(hProcess, (LPVOID)CodeAddress12, &newcode12, 5, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress13, &newcode13, 20, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress14, &newcode14, 6, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress14_1, &newcode14_1, 16, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress14_2, &newcode14_2, 5, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress14_3, &newcode14_3, 14, NULL);
/*#define CodeAddress12 (0x0048e51e)
#define CodeAddress13 (0x0170be9d)
#define CodeAddress14 (0x01f85fd0)
#define CodeAddress14_1 (0x012a754d)
BYTE newcode12[] = {0xE9, 0x7A, 0xD9, 0x27, 0x01};
BYTE newcode13[] = {0x66, 0x89, 0x11, 0x66, 0xA3, 0xD5, 0x5F, 0xF8, 0x01, 0x80, 0x3D, 0xD1, 0x5F, 0xF8, 0x01, 0x01, 0x75, 0x1D, 0x66, 0x83, 0x39, 0x1E, 0x72, 0x10, 0x66, 0x81, 0x39, 0x03, 0x84, 0x77, 0x09, 0x66, 0xA1, 0xD3, 0x5F, 0xF8, 0x01, 0x66, 0x89, 0x01, 0xC6, 0x05, 0xD1, 0x5F, 0xF8, 0x01, 0x00, 0x66, 0xA1, 0xD5, 0x5F, 0xF8, 0x01, 0xB0, 0x01, 0xE9, 0x4A, 0x26, 0xD8, 0xFE, 0x00, 0x00, 0xC6, 0x05, 0xD1, 0x5F, 0xF8, 0x01, 0x01, 0x8D, 0x86, 0x90, 0x00, 0x00, 0x00, 0xE9, 0x66, 0xB6, 0xB9, 0xFF};
BYTE newcode14[] = {0x00, 0x37, 0x00, 0x0F, 0x27};//37为高斯枪和marshall,A0为grendel,5a为dsg1,84 03为scarab,0e 01为jackal,26 02为mk60,bc 02为scar,87为左轮,28为LTag
BYTE newcode14_1[] = {0xE9, 0x89, 0x49, 0x46, 0x00, 0x90};
WriteProcessMemory(hProcess, (LPVOID)CodeAddress12, &newcode12, 5, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress13, &newcode13, 80, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress14, &newcode14, 5, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress14_1, &newcode14_1, 6, NULL);*/
//无muzzleflash(枪口火光)
#define CodeAddress15 (0x018525a4)
BYTE newcode15[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
DWORD oldprot;
VirtualProtectEx(hProcess, (LPVOID)CodeAddress15, 11, PAGE_EXECUTE_READWRITE, &oldprot);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress15, &newcode15, 11, NULL);
VirtualProtectEx(hProcess, (LPVOID)CodeAddress15, 11, oldprot, NULL);
//右键瞄准改为越肩方式,把18_2的代码去掉为无枪模只剩下准星
#define CodeAddress16 (0x011b87fb)
#define CodeAddress17 (0x0170be1b)
#define CodeAddress18 (0x01142c63)
#define CodeAddress18_1 (0x0170be2d)
#define CodeAddress18_2 (0x01f85ed0)
BYTE newcode16[] = {0xE9, 0x1B, 0x36, 0x55, 0x00};
BYTE newcode17[] = {0xE8, 0x96, 0x87, 0xA3, 0xFF, 0xB8, 0xD0, 0x5E, 0xF8, 0x01, 0xE9, 0xD6, 0xC9, 0xAA, 0xFF};
//BYTE newcode17[] = {0xE8, 0x96, 0x87, 0xA3, 0xFF, 0x81, 0x38, 0x69, 0x72, 0x6F, 0x6E, 0x75, 0x06, 0xC7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x81, 0x38, 0x73, 0x68, 0x6F, 0x74, 0x75, 0x06, 0xC7, 0x00, 0x00, 0x00, 0x00, 0x00, 0xE9, 0xBF, 0xC9, 0xAA, 0xFF};
BYTE newcode18[] = {0xE9, 0xC5, 0x91, 0x5C, 0x00};
BYTE newcode18_1[] = {0xE8, 0x84, 0x87, 0xA3, 0xFF, 0xB8, 0xD0, 0x5E, 0xF8, 0x01, 0xE9, 0x2C, 0x6E, 0xA3, 0xFF};
BYTE newcode18_2[] = {0x73, 0x68, 0x6F, 0x75, 0x6C, 0x64, 0x65, 0x72};
WriteProcessMemory(hProcess, (LPVOID)CodeAddress16, &newcode16, 5, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress17, &newcode17, 15, NULL);
//WriteProcessMemory(hProcess, (LPVOID)CodeAddress17, &newcode17, 38, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress18, &newcode18, 5, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress18_1, &newcode18_1, 15, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress18_2, &newcode18_2, 8, NULL);
//无限子弹
#define CodeAddress19 (0x01141140)
BYTE newcode19[] = {0xEB};
WriteProcessMemory(hProcess, (LPVOID)CodeAddress19, &newcode19, 1, NULL);
//无限能量
#define CodeAddress20 (0x01163de1)//归零马上充
#define CodeAddress20_1 (0x01163cda)//时刻都充
#define CodeAddress20_2 (0x01163d0b)//充电延迟为0秒
#define CodeAddress20_3 (0x0170befd)
#define CodeAddress20_4 (0x01163b02)//当能量为0时充电速度倍数为999.0,到100.0时恢复正常速度
#define CodeAddress20_5 (0x0170be41)
#define CodeAddress20_6 (0x01f85cf0)
BYTE newcode20[] = {0x74};
BYTE newcode20_1[] = {0x90, 0x90};
BYTE newcode20_2[] = {0xE9, 0xED, 0x81, 0x5A, 0x00};
BYTE newcode20_3[] = {0xD9, 0x05, 0x00, 0x5D, 0xF8, 0x01, 0xDE, 0xD9, 0xE9, 0x06, 0x7E, 0xA5, 0xFF};
BYTE newcode20_4[] = {0xE9, 0x3A, 0x83, 0x5A, 0x00};
BYTE newcode20_5[] = {0x83, 0x3E, 0x00, 0x75, 0x07, 0xC6, 0x05, 0xF4, 0x5C, 0xF8, 0x01, 0x01, 0x81, 0x3E, 0x00, 0x00, 0xC8, 0x42, 0x75, 0x07, 0xC6, 0x05, 0xF4, 0x5C, 0xF8, 0x01, 0x00, 0x80, 0x3D, 0xF4, 0x5C, 0xF8, 0x01, 0x01, 0x75, 0x08, 0xD9, 0x05, 0xF0, 0x5C, 0xF8, 0x01, 0xEB, 0x03, 0xD9, 0x41, 0x50, 0xD8, 0x08, 0xE9, 0x90, 0x7C, 0xA5, 0xFF};
BYTE newcode20_6[] = {0x00, 0xC0, 0x79, 0x44};
WriteProcessMemory(hProcess, (LPVOID)CodeAddress20, &newcode20, 1, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress20_1, &newcode20_1, 2, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress20_2, &newcode20_2, 5, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress20_3, &newcode20_3, 13, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress20_4, &newcode20_4, 5, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress20_5, &newcode20_5, 54, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress20_6, &newcode20_6, 4, NULL);
/*#define CodeAddress20 (0x01163e8d)
BYTE newcode20[] = {0xEB};
WriteProcessMemory(hProcess, (LPVOID)CodeAddress20, &newcode20, 1, NULL);*/
//极速补血
#define CodeAddress20_7 (0x0101fe28)
#define CodeAddress20_8 (0x0101fe2c)
#define CodeAddress20_9 (0x0170bc2b)
#define CodeAddress20_10 (0x01f85ce0)
BYTE newcode20_7[] = {0x90, 0x90};
BYTE newcode20_8[] = {0xE9, 0xFA, 0xBD, 0x6E, 0x00, 0x90};
BYTE newcode20_9[] = {0xD9, 0x05, 0xE0, 0x5C, 0xF8, 0x01, 0xD9, 0x5D, 0x08, 0xE9, 0xF9, 0x41, 0x91, 0xFF};
BYTE newcode20_10[] = {0x00, 0x00, 0x7A, 0x44};
WriteProcessMemory(hProcess, (LPVOID)CodeAddress20_7, &newcode20_7, 2, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress20_8, &newcode20_8, 6, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress20_9, &newcode20_9, 14, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress20_10, &newcode20_10, 4, NULL);
//tagName
#define CodeAddress21 (0x0131f9d0)
BYTE newcode21[] = {0xB3, 0x01};//01为箭头+名字,02为只有箭头
WriteProcessMemory(hProcess, (LPVOID)CodeAddress21, &newcode21, 2, NULL);
//norecoil(无后座力)
#define CodeAddress22 (0x0101af59)
BYTE newcode22[] = {0xEB};
WriteProcessMemory(hProcess, (LPVOID)CodeAddress22, &newcode22, 1, NULL);
//一直显示准星
#define CodeAddress22_1 (0x012d7cd9)
BYTE newcode22_1[] = {0xeb};
WriteProcessMemory(hProcess, (LPVOID)CodeAddress22_1, &newcode22_1, 1, NULL);
//改步行速度(speed)
#define CodeAddress23 (0x0101a2dc)
#define CodeAddress24 (0x0170bd30)
#define CodeAddress25 (0x01f85fe0)
BYTE newcode23[] = {0xE9, 0x4F, 0x1A, 0x6F, 0x00, 0x90};
BYTE newcode24[] = {0xD8, 0x0D, 0xE0, 0x5F, 0xF8, 0x01, 0xE9, 0xA7, 0xE5, 0x90, 0xFF};
BYTE newcode25[] = {0x00, 0x00, 0xA0, 0x40};//speed数值,此为5.0,原值=4.0
WriteProcessMemory(hProcess, (LPVOID)CodeAddress23, &newcode23, 6, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress24, &newcode24, 11, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress25, &newcode25, 4, NULL);
//无spread(散射)——包括shotgun
#define CodeAddress26 (0x01217495)
#define CodeAddress27 (0x0170be06)
#define CodeAddress28 (0x01215cdc)
#define CodeAddress29 (0x0170bdf0)
BYTE newcode26[] = {0xE9, 0x6C, 0x49, 0x4F, 0x00};
BYTE newcode27[] = {0xBE, 0x00, 0x5D, 0xF8, 0x01, 0x57, 0xE9, 0x89, 0xB6, 0xB0, 0xFF};
BYTE newcode28[] = {0xE9, 0x0F, 0x61, 0x4F, 0x00, 0x90};
BYTE newcode29[] = {0xC7, 0x80, 0x20, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0xD8, 0x88, 0x20, 0x03, 0x00, 0x00, 0xE9, 0xDD, 0x9E, 0xB0, 0xFF};
WriteProcessMemory(hProcess, (LPVOID)CodeAddress26, &newcode26, 5, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress27, &newcode27, 11, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress28, &newcode28, 6, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress29, &newcode29, 21, NULL);
/*#define CodeAddress26 (0x01218466)
#define CodeAddress27 (0x01218532)
#define CodeAddress28 (0x01144354)
#define CodeAddress29 (0x0170be38)
#define CodeAddress30 (0x012a64be)
#define CodeAddress31 (0x0170be06)
BYTE newcode26[] = {0xE9, 0xCD, 0x39, 0x4F, 0x00};
BYTE newcode27[] = {0xE9, 0x12, 0x39, 0x4F, 0x00};
BYTE newcode28[] = {0xE9, 0x01, 0x7B, 0x5C, 0x00};
BYTE newcode29[] = {0xC6, 0x05, 0x90, 0x5F, 0xF8, 0x01, 0x01, 0xE8, 0x93, 0x84, 0xA3, 0xFF, 0xE9, 0x22, 0xC6, 0xB0, 0xFF, 0xC6, 0x05, 0x90, 0x5F, 0xF8, 0x01, 0x00, 0xE8, 0x82, 0x84, 0xA3, 0xFF, 0xE9, 0xDD, 0xC6, 0xB0, 0xFF, 0x80, 0x3D, 0x90, 0x5F, 0xF8, 0x01, 0x01, 0x75, 0x0E, 0x81, 0xF9, 0x00, 0x01, 0x00, 0x00, 0x72, 0x06, 0xC7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x80, 0x3D, 0x91, 0x5F, 0xF8, 0x01, 0x01, 0x75, 0x15, 0x81, 0xF9, 0x00, 0x01, 0x00, 0x00, 0x72, 0x06, 0xC7, 0x01, 0x00, 0x00, 0x00, 0x00, 0xC6, 0x05, 0x91, 0x5F, 0xF8, 0x01, 0x00, 0xE9, 0xDC, 0xFD, 0xFF, 0xFF};
BYTE newcode30[] = {0xE9, 0x43, 0x59, 0x46, 0x00};
BYTE newcode31[] = {0xC6, 0x05, 0x91, 0x5F, 0xF8, 0x01, 0x01, 0xE8, 0xC5, 0x84, 0xA3, 0xFF, 0xE9, 0xAC, 0xA6, 0xB9, 0xFF};
WriteProcessMemory(hProcess, (LPVOID)CodeAddress26, &newcode26, 5, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress27, &newcode27, 5, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress28, &newcode28, 5, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress29, &newcode29, 92, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress30, &newcode30, 5, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress31, &newcode31, 17, NULL);*/
//Single改Rapid、Shotgun改AutomaticShotgun(威力最大是grendel的shotgun)
#define CodeAddress39 (0x011b9fa5)
#define CodeAddress40 (0x0170bcf0)
#define CodeAddress41 (0x0121dd3b)
BYTE newcode39[] = {0xE9, 0x46, 0x1D, 0x55, 0x00, 0x90};
BYTE newcode40[] = {0x81, 0x38, 0x53, 0x68, 0x6F, 0x74, 0x75, 0x05, 0xB8, 0x38, 0xCA, 0x82, 0x01, 0x81, 0x38, 0x53, 0x69, 0x6E, 0x67, 0x75, 0x05, 0xB8, 0x0B, 0xC1, 0x87, 0x01, 0x8B, 0x4D, 0xF8, 0x8D, 0x55, 0xB4, 0xE9, 0x96, 0xE2, 0xAA, 0xFF};
BYTE newcode41[] = {0x90, 0x90};
WriteProcessMemory(hProcess, (LPVOID)CodeAddress39, &newcode39, 6, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress40, &newcode40, 37, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress41, &newcode41, 2, NULL);
//改子弹speed,站汽车上打汽车可以令你飞到天外
#define CodeAddress42 (0x01211272)
#define CodeAddress43 (0x0170bc4d)
BYTE newcode42[] = {0xE9, 0xD6, 0xA9, 0x4F, 0x00, 0x90};
BYTE newcode43[] = {0xC7, 0x40, 0x44, 0x7F, 0x96, 0x18, 0x4B, 0xD9, 0x40, 0x44, 0xD8, 0x48, 0x08, 0xE9, 0x19, 0x56, 0xB0, 0xFF};
WriteProcessMemory(hProcess, (LPVOID)CodeAddress42, &newcode42, 6, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress43, &newcode43, 18, NULL);
/*#define CodeAddress42 (0x011cffdc)
#define CodeAddress43 (0x0170bc4d)
#define CodeAddress44 (0x0170bc70)
BYTE newcode42[] = {0xE9, 0x6C, 0xBC, 0x53, 0x00};
BYTE newcode43[] = {0xC6, 0x05, 0x50, 0x5F, 0xF8, 0x01, 0x01, 0xE8, 0x7E, 0x86, 0xA3, 0xFF, 0xE9, 0x83, 0x43, 0xAC, 0xFF};
BYTE newcode44[] = {0x80, 0x3D, 0x50, 0x5F, 0xF8, 0x01, 0x01, 0x75, 0x15, 0x81, 0xF9, 0x00, 0x00, 0x10, 0x00, 0x72, 0x06, 0xC7, 0x01, 0xF0, 0x23, 0x74, 0x49, 0xC6, 0x05, 0x50, 0x5F, 0xF8, 0x01, 0x00, 0x8B, 0x4D, 0xFC, 0x8A, 0xD8, 0xE9, 0xC1, 0x86, 0xA3, 0xFF};
WriteProcessMemory(hProcess, (LPVOID)CodeAddress42, &newcode42, 5, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress43, &newcode43, 17, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress44, &newcode44, 40, NULL);*/
//ammo_type中把GaussBullet改为ScarBullet令高斯可穿墙
#define CodeAddress47 (0x0170bdd0)
#define CodeAddress48 (0x01f85f20)
#define CodeAddress49 (0x01f85f30)
BYTE newcode47[] = {0x8B, 0x0D, 0x20, 0x5F, 0xF8, 0x01, 0x39, 0x08, 0x75, 0x05, 0xB8, 0x30, 0x5F, 0xF8, 0x01, 0x8B, 0x4D, 0xFC, 0x8B, 0xF0, 0xE9, 0x4D, 0x88, 0xA3, 0xFF};
BYTE newcode48[] = {0x47, 0x61, 0x75, 0x73};
BYTE newcode49[] = {0x53, 0x63, 0x61, 0x72, 0x42, 0x75, 0x6C, 0x6C, 0x65, 0x74};
WriteProcessMemory(hProcess, (LPVOID)CodeAddress47, &newcode47, 25, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress48, &newcode48, 4, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress49, &newcode49, 10, NULL);
//damage_drop_per_meter改为0,包括shotgun和mike,shotgun和mike现在可以打无限远
#define CodeAddress50 (0x012165b5)//shotgun
#define CodeAddress51 (0x0170bf61)
#define CodeAddress52 (0x012147a6)//other gun
#define CodeAddress53 (0x0170bf31)
BYTE newcode50[] = {0xE9, 0xA7, 0x59, 0x4F, 0x00, 0x90, 0x90};
BYTE newcode51[] = {0xD9, 0x5C, 0x24, 0x08, 0xC7, 0x46, 0x40, 0x00, 0x00, 0x00, 0x00, 0xD9, 0x46, 0x40, 0xE9, 0x48, 0xA6, 0xB0, 0xFF};
BYTE newcode52[] = {0xE9, 0x86, 0x77, 0x4F, 0x00, 0x90, 0x90};
BYTE newcode53[] = {0xD9, 0x5C, 0x24, 0x08, 0xC7, 0x47, 0x40, 0x00, 0x00, 0x00, 0x00, 0xD9, 0x47, 0x40, 0xE9, 0x69, 0x88, 0xB0, 0xFF};
WriteProcessMemory(hProcess, (LPVOID)CodeAddress50, &newcode50, 7, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress51, &newcode51, 19, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress52, &newcode52, 7, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress53, &newcode53, 19, NULL);
/*#define CodeAddress50 (0x012a7742)
#define CodeAddress51 (0x0170bcd6)
#define CodeAddress52 (0x0170bc8e)
#define CodeAddress53 (0x01144354)
BYTE newcode50[] = {0xE9, 0x8F, 0x45, 0x46, 0x00};
BYTE newcode51[] = {0xC6, 0x05, 0x00, 0x5F, 0xF8, 0x01, 0x01, 0xE8, 0xF5, 0x85, 0xA3, 0xFF, 0xE9, 0x60, 0xBA, 0xB9, 0xFF};
BYTE newcode52[] = {0x80, 0x3D, 0x00, 0x5F, 0xF8, 0x01, 0x01, 0x75, 0x15, 0x81, 0xF9, 0x00, 0x00, 0x10, 0x00, 0x72, 0x06, 0xC7, 0x01, 0x00, 0x00, 0x00, 0x00, 0xC6, 0x05, 0x00, 0x5F, 0xF8, 0x01, 0x00, 0x8B, 0x4D, 0xFC, 0x8A, 0xD8, 0xE9, 0xA3, 0x86, 0xA3, 0xFF};
BYTE newcode53[] = {0xE9, 0x35, 0x79, 0x5C, 0x00};
WriteProcessMemory(hProcess, (LPVOID)CodeAddress50, &newcode50, 5, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress51, &newcode51, 17, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress52, &newcode52, 40, NULL);
WriteProcessMemory(hProcess, (LPVOID)CodeAddress53, &newcode53, 5, NULL);*/
//按左alt键可重新激活bonus perk
/*BYTE newcode53[] = {0xEB};
BYTE newcode54[] = {0x74};
while(1)
{
if( GetAsyncKeyState(VK_LMENU) )
{
WriteProcessMemory(hProcess, (LPVOID)0x11b0410, &newcode53, 1, NULL);
Sleep(1000);
WriteProcessMemory(hProcess, (LPVOID)0x11b0410, &newcode54, 1, NULL);
}
}*/
}
}
}
}
// 关闭用OpenProcess函数打开了的进程句柄
CloseHandle( hProcess );
}
|
发表于 2011-6-23 02:57:57
分享
收藏
