python修改植物大戰殭屍陽光值

逆向第一課,找個單機遊戲,改數據玩玩。 

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# File  : 植物大戰殭屍修改器.py
# Author: DaShenHan&道長-----先苦後甜,任憑晚風拂柳顏------
# Date  : 2019/12/28

import win32gui
import win32process
import win32api
import ctypes
handle = win32gui.FindWindow(None,"植物大戰殭屍中文版")
print(handle)
pid = win32process.GetWindowThreadProcessId(handle)[1]
print(pid)
phwnd = win32api.OpenProcess(0x1F0FFF,False,pid)
print(phwnd)
kernerl32 = ctypes.windll.LoadLibrary(r"C:\Windows\System32\kernel32.dll")
print(kernerl32)
data1 = ctypes.c_long()
kernerl32.ReadProcessMemory(int(phwnd),0x006A9EC0,ctypes.byref(data1),4,None)
print(hex(data1.value))
data2 = ctypes.c_long()
kernerl32.ReadProcessMemory(int(phwnd),data1.value+0x768,ctypes.byref(data2),4,None)
print(hex(data2.value))
data3 = ctypes.c_long()
kernerl32.ReadProcessMemory(int(phwnd),data2.value+0x5560,ctypes.byref(data3),4,None)
print(data3.value)
sun = int(input("請輸入你要的陽光值:"))
kernerl32.WriteProcessMemory(int(phwnd),data2.value+0x5560,ctypes.byref(ctypes.c_long(sun)),4,None)

 

優化增強版功能,支持熱鍵啓用,無限陽光,無cd;

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# File  : 植物大戰殭屍無敵.py
# Author: DaShenHan&道長-----先苦後甜,任憑晚風拂柳顏------
# Date  : 2019/12/28
import win32gui
import win32process
import win32api
import ctypes
from time import sleep
import ctypes.wintypes
from threading import Thread,activeCount, enumerate
import win32con

kernerl32 = ctypes.windll.LoadLibrary(r"C:\Windows\System32\kernel32.dll")

flag_lock = {
    "sun_lock":False,
    "cd_lock":False
}
h_ids = [i for i in range(2)]  # 創建兩個熱鍵序列
h_keys = {i: False for i in h_ids}  # 初始化所有熱鍵序列的標誌符爲False
h_dict = {}  # 初始化一個空的字典,記錄id與func

def thread_it(func, *args):
    t = Thread(target=func, args=args)
    t.setDaemon(True)
    t.start()

class Hotkey(Thread):  # 創建一個Thread的擴展類
    user32 = ctypes.windll.user32  # 加載user32.dll
    def regiskey(self, hwnd=None, flagid=0, fnkey=win32con.MOD_ALT, vkey=win32con.VK_F9):  # 註冊熱鍵,默認一個alt+F9
        return self.user32.RegisterHotKey(hwnd, flagid, fnkey, vkey)

    def callback(self, id, func):
        h_dict[id] = func  # 這個id對應這個func,沒有就是新增,有就是修改
        def inner():
            for key, value in h_dict.items():
                print(f'總的熱鍵池:{h_ids},當前熱鍵序號:{key}, 當前熱鍵功能:{value},當前熱鍵狀態:{h_keys[h_ids[key]]}')
            while True:
                for key, value in h_dict.items():
                    if h_keys[h_ids[key]]:
                        thread_it(value)  # 另外開線程執行value
                        h_keys[h_ids[key]] = False
        return inner

    def run(self):
        if not self.regiskey(None, h_ids[0], win32con.MOD_ALT, win32con.VK_F9):  # 註冊快捷鍵alt+F9並判斷是否成功,該熱鍵用於執行一次需要執行的內容。
            print(f"熱鍵註冊失敗! id{h_ids[0]}")  # 返回一個錯誤信息
        if not self.regiskey(None, h_ids[1], 0, win32con.VK_F10):  # 註冊快捷鍵F10並判斷是否成功,該熱鍵用於結束程序,且最好這麼結束,否則影響下一次註冊熱鍵。
            print(f"熱鍵註冊失敗! id{h_ids[1]}")

        # 以下爲檢測熱鍵是否被按下,並在最後釋放快捷鍵
        try:
            msg = ctypes.wintypes.MSG()
            while True:
                if self.user32.GetMessageA(ctypes.byref(msg), None, 0, 0) != 0:
                    if msg.message == win32con.WM_HOTKEY:
                        if msg.wParam in h_ids:
                            h_keys[msg.wParam] = True
                    self.user32.TranslateMessage(ctypes.byref(msg))
                    self.user32.DispatchMessageA(ctypes.byref(msg))
        finally:
            for i in h_ids:
                self.user32.UnregisterHotKey(None, i)
                # 必須得釋放熱鍵,否則下次就會註冊失敗,所以當程序異常退出,沒有釋放熱鍵,
                # 那麼下次很可能就沒辦法註冊成功了,這時可以換一個熱鍵測試

def modSwitch(flag,msg):
    global flag_lock
    if flag_lock[flag] == True:
        flag_lock[flag] = False
        print(f"{msg}已關閉")
    else:
        flag_lock[flag] = True
        print(f"{msg}已開啓")
def sunSwith():
    modSwitch("sun_lock","鎖陽光")
def cdSwith():
    modSwitch("cd_lock","無CD")

def hotkey_init():
    hotkey = Hotkey()
    hotkey.start()
    hotkey.callback(0, sunSwith)
    fn = hotkey.callback(1, cdSwith)
    thread_it(fn)
    sleep(0.5)
    count = activeCount()
    print(f"當前總線程數量:{count}")
    print('當前線程列表:', enumerate())
    print('熱鍵註冊初始化完畢,組合鍵alt+F9 無限陽光開關 F10 無CD開關')

def main():
    hotkey_init()
    while True:
        handle = win32gui.FindWindow(None,"植物大戰殭屍中文版")  #找到窗口句柄
        if handle:
            pid = win32process.GetWindowThreadProcessId(handle)[1]  #找到進程id
            phwnd = win32api.OpenProcess(0x1F0FFF,False,pid)  #找到進程句柄
            if flag_lock["sun_lock"]:
                sunMod(phwnd)
            if flag_lock["cd_lock"]:
                cdMod(phwnd)
        sleep(0.1)


def sunMod(phwnd,sun_num=9999):
    data1 = ctypes.c_long()
    kernerl32.ReadProcessMemory(int(phwnd), 0x006A9EC0, ctypes.byref(data1), 4, None)
    data2 = ctypes.c_long()
    kernerl32.ReadProcessMemory(int(phwnd), data1.value + 0x768, ctypes.byref(data2), 4, None)
    data3 = ctypes.c_long()
    kernerl32.ReadProcessMemory(int(phwnd), data2.value + 0x5560, ctypes.byref(data3), 4, None)
    print(f"\r陽光值:{data3.value}",end="")
    kernerl32.WriteProcessMemory(int(phwnd), data2.value + 0x5560, ctypes.byref(ctypes.c_long(int(sun_num))), 4, None)

def cdMod(phwnd):
    data1 = ctypes.c_long()
    kernerl32.ReadProcessMemory(int(phwnd), 0x6A9EC0, ctypes.byref(data1), 4, None)
    data2 = ctypes.c_long()
    kernerl32.ReadProcessMemory(int(phwnd), data1.value + 0x768, ctypes.byref(data2), 4, None)
    data3 = ctypes.c_long()
    kernerl32.ReadProcessMemory(int(phwnd), data2.value + 0x144, ctypes.byref(data3), 4, None)
    for i in range(10):
        #0到10格,全部冷卻改爲1
        kernerl32.WriteProcessMemory(int(phwnd), data3.value + 0x70+0X50*i, ctypes.byref(ctypes.c_long(1)), 2, None)
if __name__ == '__main__':
    main()

 

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章