I think many people play games when they are used modifier, here I introduce how to use VB, Trainer.
1, in fact, the principle is very simple modifier, in general, run of the game when we need the memory space of the game modify the data on it. For example, a simulator game King of Fighters characters We call this data to switch back, the characters of the 2, but how do we find the address of which the key? game modifiers can do, such as Kingsoft Ranger, GM and the like. As to the change of the data is just as friends.
3, the program process: first with the FindWindow function to find to the game window, and then GetWindowThreadProcessId get the process identifier, and then use OpenProcess function to obtain the process handle the game, the last WriteProcessMemory write data to the appropriate address. If need to read the data, with ReadProcessMemory function on it. I'm here to change face King as an example to illustrate. concrete into the link below.
worth noting two issues:
1, can not use the FindWindow function, how to do? FindWindow function need to provide the title of the form can only be used, but some games are difficult to do this. such as beach landing, it is difficult to find the window title, there is a Japanese game birds, the window title is the Japanese, did not come out to play. encountered such a situation how to do what? more formal and common approach is to find all the current processes one by one, to find out the game process to handle the process of finding game. This approach has introduced elsewhere. I'm here to introduce a more stupid, but relatively simple methods. GetForegroundWindow can be found in the Desktop to the top of the window, so we simply set a time, such as 3 seconds in the program settings to allow users to less than 3 seconds into the game interface, we have 3 seconds after the call to this function, access to the natural process is the game the. Oh .... Here is an example to illustrate this principle.
2, find out how to do the address changing? address some of the preservation of game data is random changes, such as Red Alert's money, the check address is out of this, the next time do not know what, after experiencing this problem do not know you should modify the memory address. encountered such a situation how to do what? need to use dynamic debugging this problem to solve. I am here Red Alert Take to illustrate the principle of other cases is similar. Red Alert is the money kept changing the address, but the address is generated by a certain place, that the program has a definite place, this place every an address randomly generated times, the program put money into this place. We just find the address of the source easier to handle. But how to find where that place? first enter the game, check out the money with Jinshan Ranger's address, for example, is c16a0450H . and then F5 transferred TRW2000, under the command bpm c16a0450 w, that is when the program memory address when writing interrupt c16a0450H. In this example, where there is a disruption include [eax] command (I forget the specific command, you then check about it), and then view d [eax], if you see here is c16a0450, it shows the source was found in the address. put this address down, but when we write programs still can not read [eax], which requires the use SMC (self modify code) technology, you can write a patch, in this address to write a jump, jump to another place, the [eax] to write the contents of a fixed memory address, such as mov 005a627b, [eax] , to write when the game modifier can be read directly 005a627b ReadProcessMemory content, this content is money in the address. after modification method in accordance with the method described above to modify it. I've never written such a program, only But the dynamic debugging a bit, proved that this method is feasible. If you do not know the SMC and the like, can go to www.pediy.com the forum to ask, not too much trouble.
patch on the memory question:
memory patching and game modification are the same. prepared in this way the memory patch has many benefits:
1, packers can get rid of some of the interference of the software, such as Asprotect encrypted software can not do memory patch, because it has a anti-debug features;
2, for some files on the disc effective, common memory patches generally require the patches, and software in the same directory, but if you install the software from the CD-ROM , you can not put the patch into the CD-ROM, but write your own patch this problem does not exist;
3, of course, is their ability to exercise, and Oh. My ability to express well, what do not know where to and I explore, but in general I can explain to you, but I do not see your code, because I really do not kung fu. Here I give some code, one is the king of face memory patch, there are A modified procedure for the window title, is written with VB. do not say I did not used to control listed, if you do not know will not even read it.
1, in fact, the principle is very simple modifier, in general, run of the game when we need the memory space of the game modify the data on it. For example, a simulator game King of Fighters characters We call this data to switch back, the characters of the 2, but how do we find the address of which the key? game modifiers can do, such as Kingsoft Ranger, GM and the like. As to the change of the data is just as friends.
3, the program process: first with the FindWindow function to find to the game window, and then GetWindowThreadProcessId get the process identifier, and then use OpenProcess function to obtain the process handle the game, the last WriteProcessMemory write data to the appropriate address. If need to read the data, with ReadProcessMemory function on it. I'm here to change face King as an example to illustrate. concrete into the link below.
worth noting two issues:
1, can not use the FindWindow function, how to do? FindWindow function need to provide the title of the form can only be used, but some games are difficult to do this. such as beach landing, it is difficult to find the window title, there is a Japanese game birds, the window title is the Japanese, did not come out to play. encountered such a situation how to do what? more formal and common approach is to find all the current processes one by one, to find out the game process to handle the process of finding game. This approach has introduced elsewhere. I'm here to introduce a more stupid, but relatively simple methods. GetForegroundWindow can be found in the Desktop to the top of the window, so we simply set a time, such as 3 seconds in the program settings to allow users to less than 3 seconds into the game interface, we have 3 seconds after the call to this function, access to the natural process is the game the. Oh .... Here is an example to illustrate this principle.
2, find out how to do the address changing? address some of the preservation of game data is random changes, such as Red Alert's money, the check address is out of this, the next time do not know what, after experiencing this problem do not know you should modify the memory address. encountered such a situation how to do what? need to use dynamic debugging this problem to solve. I am here Red Alert Take to illustrate the principle of other cases is similar. Red Alert is the money kept changing the address, but the address is generated by a certain place, that the program has a definite place, this place every an address randomly generated times, the program put money into this place. We just find the address of the source easier to handle. But how to find where that place? first enter the game, check out the money with Jinshan Ranger's address, for example, is c16a0450H . and then F5 transferred TRW2000, under the command bpm c16a0450 w, that is when the program memory address when writing interrupt c16a0450H. In this example, where there is a disruption include [eax] command (I forget the specific command, you then check about it), and then view d [eax], if you see here is c16a0450, it shows the source was found in the address. put this address down, but when we write programs still can not read [eax], which requires the use SMC (self modify code) technology, you can write a patch, in this address to write a jump, jump to another place, the [eax] to write the contents of a fixed memory address, such as mov 005a627b, [eax] , to write when the game modifier can be read directly 005a627b ReadProcessMemory content, this content is money in the address. after modification method in accordance with the method described above to modify it. I've never written such a program, only But the dynamic debugging a bit, proved that this method is feasible. If you do not know the SMC and the like, can go to www.pediy.com the forum to ask, not too much trouble.
patch on the memory question:
memory patching and game modification are the same. prepared in this way the memory patch has many benefits:
1, packers can get rid of some of the interference of the software, such as Asprotect encrypted software can not do memory patch, because it has a anti-debug features;
2, for some files on the disc effective, common memory patches generally require the patches, and software in the same directory, but if you install the software from the CD-ROM , you can not put the patch into the CD-ROM, but write your own patch this problem does not exist;
3, of course, is their ability to exercise, and Oh. My ability to express well, what do not know where to and I explore, but in general I can explain to you, but I do not see your code, because I really do not kung fu. Here I give some code, one is the king of face memory patch, there are A modified procedure for the window title, is written with VB. do not say I did not used to control listed, if you do not know will not even read it.
No comments:
Post a Comment