标签:function count try for ott tom sed nec 图片
只包含主程序,比较简陋,仅供参考。
1 #include <Windows.h> 2 #include <stdio.h> 3 #include <WINBASE.H> 4 #include <string.h> 5 #include <tchar.h> 6 #include <psapi.h> 7 #include <tlhelp32.h> 8 #include <math.h> 9 //定义全局变量 10 COLORREF SnapLineCOLOR; 11 COLORREF TextCOLOR; 12 HANDLE _hGameHandle; 13 RECT m_rect; 14 DWORD ProcessId; 15 HDC HDC_Desktop; 16 HBRUSH EnemyBrush = CreateSolidBrush(RGB(255, 0, 0)); 17 HWND Handle; 18 HFONT Font; 19 float cx=1380; 20 float fovX = 3.1415 * 84 / 180; 21 float fovY = 3.1415 * 60 / 180; 22 #define BasePtr 0x204D6D0 23 #define ArrayPtr 0x2635890 24 #define mousexptr 0x264AAA4 25 #define crmeraptr 0x264A4A0 26 27 void DrawFilledRect(int x, int y, int w, int h) 28 { 29 //We create our rectangle to draw on screen 30 RECT rect = { x, y, x + w, y + h }; 31 //We clear that portion of the screen and display our rectangle 32 FillRect(HDC_Desktop, &rect, EnemyBrush); 33 } 34 35 36 void DrawBorderBox(int x, int y, int w, int h, int thickness) 37 { 38 //Top horiz line 39 DrawFilledRect(x, y, w, thickness); 40 //Left vertical line 41 DrawFilledRect(x, y, thickness, h); 42 //right vertical line 43 DrawFilledRect((x + w), y, thickness, h); 44 //bottom horiz line 45 DrawFilledRect(x, y + h, w + thickness, thickness); 46 } 47 48 49 //Here is where we draw our line from point A to Point B 50 void DrawLine(float StartX, float StartY, float EndX, float EndY, COLORREF Pen) 51 { 52 int a, b = 0; 53 HPEN hOPen; 54 // penstyle, width, color 55 HPEN hNPen = CreatePen(PS_SOLID, 2, Pen); 56 hOPen = (HPEN)SelectObject(HDC_Desktop, hNPen); 57 // starting point of line 58 MoveToEx(HDC_Desktop, StartX, StartY, NULL); 59 // ending point of line 60 a = LineTo(HDC_Desktop, EndX, EndY); 61 DeleteObject(SelectObject(HDC_Desktop, hOPen)); 62 } 63 64 //Draw our text with this function 65 void DrawString(int x, int y, COLORREF color, const char* text) 66 { 67 SetTextAlign(HDC_Desktop, TA_CENTER | TA_NOUPDATECP); 68 69 SetBkColor(HDC_Desktop, RGB(0, 0, 0)); 70 SetBkMode(HDC_Desktop, TRANSPARENT); 71 72 SetTextColor(HDC_Desktop, color); 73 74 SelectObject(HDC_Desktop, Font); 75 76 TextOutA(HDC_Desktop, x, y, text, strlen(text)); 77 78 DeleteObject(Font); 79 } 80 81 //********************************************************************************************************************************** 82 83 //自己封装的函数 84 85 //取进程ID函数 86 DWORD _GetProcessId(char* ClassName, char* WindowName) 87 { 88 //取游戏窗口的句柄 89 DWORD _pid; 90 HWND hGameWindow; 91 hGameWindow = FindWindowA(ClassName, WindowName); 92 GetWindowThreadProcessId(hGameWindow, &_pid); 93 return _pid; 94 } 95 96 //获取进程的句柄 97 HANDLE _GetProcessHandle(DWORD _pid) 98 { 99 HANDLE hGameHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, _pid); 100 return hGameHandle; 101 } 102 103 //读内存4字节整数型 104 DWORD _ReadMemeryInt(HANDLE hGameHandle, DWORD _address) 105 { 106 DWORD buffer; 107 ReadProcessMemory(hGameHandle, LPCVOID(_address), &buffer, sizeof(buffer), NULL); 108 return buffer; 109 } 110 111 //读内存小数型 112 FLOAT _ReadMemeryFloat(HANDLE hGameHandle, DWORD _address) 113 { 114 FLOAT buffer; 115 ReadProcessMemory(hGameHandle, LPCVOID(_address), &buffer, sizeof(buffer), NULL); 116 return buffer; 117 } 118 119 //读内存文本型 120 char* _ReadMemeryString(HANDLE hGameHandle, DWORD _address) 121 { 122 char read[256]; 123 char* pa; 124 125 pa = read; 126 127 ReadProcessMemory(hGameHandle, LPCVOID(_address), read, sizeof(read), NULL); 128 129 for (pa; *pa != ‘\0‘; pa++) 130 { 131 return pa; 132 } 133 134 } 135 136 //写内存整数型 137 BOOL WriteMemeryInt(HANDLE hGameHandle, DWORD _address, DWORD Data) 138 { 139 return WriteProcessMemory(hGameHandle, LPVOID(_address), &Data, sizeof(Data), NULL); 140 } 141 142 //写内存小数型 143 BOOL WriteMemeryFloat(HANDLE hGameHandle, DWORD _address, FLOAT Data) 144 { 145 return WriteProcessMemory(hGameHandle, LPVOID(_address), &Data, sizeof(Data), NULL); 146 } 147 148 //写内存字节数组 149 BOOL WriteMemeryBytes(HANDLE hGameHandle, DWORD _address, BYTE Data[], SIZE_T Bytes) 150 { 151 return WriteProcessMemory(hGameHandle, LPVOID(_address), Data, Bytes, NULL); 152 } 153 154 //取本程序模块地址 155 DWORD_PTR GetProcessBaseAddress(DWORD processID) 156 { 157 DWORD_PTR baseAddress = 0; 158 HANDLE processHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processID); 159 HMODULE *moduleArray; 160 LPBYTE moduleArrayBytes; 161 DWORD bytesRequired; 162 163 if (processHandle) 164 { 165 if (EnumProcessModules(processHandle, NULL, 0, &bytesRequired)) 166 { 167 if (bytesRequired) 168 { 169 moduleArrayBytes = (LPBYTE)LocalAlloc(LPTR, bytesRequired); 170 171 if (moduleArrayBytes) 172 { 173 unsigned int moduleCount; 174 175 moduleCount = bytesRequired / sizeof(HMODULE); 176 moduleArray = (HMODULE *)moduleArrayBytes; 177 178 if (EnumProcessModules(processHandle, moduleArray, bytesRequired, &bytesRequired)) 179 { 180 baseAddress = (DWORD_PTR)moduleArray[0]; 181 } 182 LocalFree(moduleArrayBytes); 183 } 184 } 185 } 186 CloseHandle(processHandle); 187 } 188 return baseAddress; 189 } 190 191 //通杀调用Call 192 void MyCall_All(DWORD Pid, DWORD _CallAddress, LPVOID FuncName) 193 { 194 //获取进程句柄 195 HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, Pid); 196 197 //有参数的Call 198 if (_CallAddress == NULL) 199 { 200 //申请一块内存给整个Call 201 LPVOID MyCallAddress = VirtualAllocEx(hProcess, NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE); 202 //写入Call的数据到上一行代码申请的内存中 203 WriteProcessMemory(hProcess, MyCallAddress, FuncName, 0x1000, NULL); 204 //创建远程线程-并获取线程的句柄 205 HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)MyCallAddress, NULL, 0, NULL); 206 //等待线程事件 207 WaitForSingleObject(hThread, 2000); 208 //防止内存泄露 209 CloseHandle(hThread); 210 CloseHandle(hProcess); 211 } 212 else 213 { 214 //创建远程线程-并获取线程的句柄 215 HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)_CallAddress, NULL, 0, NULL); 216 //等待线程事件 217 WaitForSingleObject(hThread, 2000); 218 //防止内存泄露 219 CloseHandle(hThread); 220 CloseHandle(hProcess); 221 } 222 } 223 224 225 //********************************************************************************************************************************** 226 227 228 //修改口袋西游血量函数 229 BOOL ChangeBlood() 230 { 231 DWORD Address = 0x2e2626b8; 232 BYTE Code[] = { 0x00,0x23,0x24,0x25,0xAE,0x04,0x04,0x04,0x04,0x04 }; 233 //字节数组 234 return WriteMemeryBytes(_hGameHandle, Address, Code, 10); 235 } 236 237 //插件初始化 238 VOID Begin() 239 { 240 SetConsoleTitleA("创世战车人物遍历 cmd版本"); 241 242 //取进程ID 243 ProcessId = _GetProcessId(NULL,(char*)"Crossout 0.10.48.109594"); 244 245 printf("\n进程ID:%d\n", ProcessId); 246 247 //获取进程的句柄 248 _hGameHandle = _GetProcessHandle(ProcessId); 249 250 printf("进程句柄:%x\n", (unsigned int)_hGameHandle); 251 252 //_ReadMemeryString(_hGameHandle, 0x04389308); 253 254 //printf("\n字符串:%s\n", _ReadMemeryString(_hGameHandle, 0x04389308)); 255 256 257 } 258 259 bool worldtosc(float mousex, float mousey, float juli, float nowx, float nowy, float scX, float scY) 260 { 261 int flagX = 0; 262 int entryX = 0; 263 float leftborderX = nowx - 3.14 / 4; 264 if (leftborderX < -3.14) { 265 leftborderX += 3.14; 266 flagX = 1; 267 } 268 float rightborderX = nowx + 3.14 / 4; 269 if (rightborderX > 3.14) { 270 rightborderX -= 3.14; 271 flagX = 1; 272 } 273 if (flagX == 1) 274 { 275 if (mousex > leftborderX || mousex < rightborderX) 276 { 277 entryX = 1; 278 } 279 } 280 else if(mousex>leftborderX&&mousex<rightborderX) 281 { 282 entryX = 1; 283 } 284 if (fabs(nowy - mousey)<=fovY/2&&entryX==1) 285 { 286 //printf("nowx = %f \nnowy= %f\nmousex=%f\nmousey=%f\n宽=%d\n高=%d\n", nowx, nowy, mousex, mousey, m_rect.right - m_rect.left, m_rect.bottom - m_rect.top); 287 //float lineA = juli * sin(mousex-nowx); 288 //float lineB = juli * sin(nowy -mousey); 289 //float lineAA = cos(nowx - mousex)*juli; 290 //float lineBB = cos(nowy - mousey)*juli; 291 //float lineAAA = tan(fovX / 2)*lineAA; 292 //float lineBBB = tan(fovY / 2)*lineBB; 293 float len = (m_rect.right - m_rect.left) / 2; 294 float high = (m_rect.bottom - m_rect.top) / 2; 295 //printf("%f %f", len*2, high*2); 296 //printf("x=%d y=%d\n", m_rect.left, m_rect.top); 297 scX = tan(mousex - nowx)*len / tan(fovX / 2) + len+ m_rect.left; 298 scY = tan(nowy - mousey)*high / tan(fovY / 2) + high + m_rect.top; 299 //printf("scX = %f\nscY = %f \n", scX, scY); 300 //printf("lineA = %f lineB = %f \n line AA = %f ,lineBB = %f \n line AAA = %f lineBBB = %f \n scX = %f scY = %f \n", lineA, lineB,lineAA,lineBB,lineAAA,lineBBB,scX,scY); 301 //DrawString((int)(scX-cx/juli), (int)(scY - cx / juli - 48), RGB(255, 0, 0), "Miraculous_B"); 302 DrawBorderBox((int)(scX-cx/juli), (int)(scY-cx/juli-48), (int)2500.0/juli, (int)2500.0/juli, (int)8.0); 303 //DrawFilledRect((int)scX, (int)scY - 48, (int)2500.0); 304 return 1; 305 } 306 } 307 void SetupDrawing(HDC hDesktop, HWND handle) 308 { 309 HDC_Desktop = hDesktop; 310 Handle = handle; 311 EnemyBrush = CreateSolidBrush(RGB(0, 255, 0)); 312 //Color 313 SnapLineCOLOR = RGB(0, 0, 255); 314 TextCOLOR = RGB(0, 255, 0); 315 } 316 VOID ReadValue() 317 { 318 HWND h_wnd = ::FindWindow(_T("Crossout 0.10.48.109594"), NULL); 319 HDC HDC_Desktop = GetDC(h_wnd); 320 SetupDrawing(HDC_Desktop, h_wnd); 321 DWORD_PTR modbase = GetProcessBaseAddress(ProcessId); 322 DWORD TempAddress, RetTemp, GetBase, ObjectAddress, ObjectValue; 323 HWND qwq = FindWindow(NULL, "Crossout 0.10.48.109594"); 324 GetWindowRect(qwq, &m_rect); 325 printf("x=%d y=%d\n",m_rect.left, m_rect.top); 326 //基地址 327 //DWORD BaseAddress = modbase + BasePtr; 328 //DWORD BaseAddress = 0x2D5D6D0; 329 DWORD BaseAddress = GetProcessBaseAddress(ProcessId) + BasePtr; 330 //数组基地址 331 //DWORD Address_Array = modbase + ArrayPtr; 332 //DWORD Address_Array = 0x3345890; 333 DWORD Address_Array = GetProcessBaseAddress(ProcessId) + ArrayPtr; 334 printf("%x\n%x\n", BaseAddress, Address_Array); 335 char* Name = NULL; 336 int Count = 1; 337 int n=-1; 338 int duiyou[50]; 339 memset(duiyou, 0, sizeof(duiyou)); 340 while (1) { 341 float minjuli = 9999999999; 342 float x1 = 0, y1 = 0, z1 = 0; // 最近敌人位置 343 float x0 = 0, y0 = 0, z0 = 0; // 摄像机位置 344 y0 = _ReadMemeryFloat(_hGameHandle, modbase + 0x264A4A8); 345 x0 = _ReadMemeryFloat(_hGameHandle, modbase + 0x264A4A0); 346 z0 = _ReadMemeryFloat(_hGameHandle, modbase + 0x264A4A4); 347 int xiabiao = 0; 348 for (int i = 0; i < 16; i++) 349 { 350 //地址解密 351 TempAddress = i * 0x870 + Address_Array + 0x3638; 352 RetTemp = _ReadMemeryInt(_hGameHandle, TempAddress); 353 //计算数组遍历地址 354 RetTemp = ((RetTemp & 0x0fff) + 0x2AAD) * 0x0c; 355 //基地址 356 GetBase = _ReadMemeryInt(_hGameHandle, BaseAddress); 357 //[[2D5D6D0] + (([03345890 + ((i * 870) + 3638)] & 0fff) + 2aad) * 3 * 4] + 0C0 358 //计算人物对象地址 359 ObjectAddress = GetBase + RetTemp; 360 //读人物对象地址 361 ObjectValue = _ReadMemeryInt(_hGameHandle, ObjectAddress); 362 //判断对象是否存在 363 if (ObjectValue != NULL&&duiyou[i]==0) 364 { 365 //读取人物血量 366 float Bloat = _ReadMemeryFloat(_hGameHandle, ObjectValue + 0xc0); 367 float y = _ReadMemeryFloat(_hGameHandle, ObjectValue + 0x2b8); 368 float x = _ReadMemeryFloat(_hGameHandle, ObjectValue + 0x2b0); 369 float z = _ReadMemeryFloat(_hGameHandle, ObjectValue + 0x2b4); 370 float juli = sqrt((y - y0)*(y - y0) + (x - x0)*(x - x0) + (z - z0)*(z - z0)); 371 372 if (minjuli > juli&&x!=0&&i!=n&&Bloat>0.00001)//获得最小距离以选中最近敌人自瞄, 不选中自己 , 去噪x2 373 { 374 xiabiao = i; 375 minjuli = juli; 376 x1 = x; 377 y1 = y; 378 z1 = z; 379 } 380 if (Bloat != 0&&x!=0) { 381 if (n == -1) //标记队友 382 { 383 duiyou[i] = 0; 384 } 385 ObjectAddress = GetBase + RetTemp; 386 printf("下标:%d 血量:%.3f 坐标:(%.0f,%.0f,%.0f),人物阵营:%x\n",i, Bloat, x, y,z, _ReadMemeryFloat(_hGameHandle, ObjectValue - 0x38)); 387 } 388 //-------------------------------------------------------------获得mousex,mousez 389 float x11 = x, y11 = y, z11 = z; 390 x11 -= x0; 391 x11 = -x11; 392 y11 -= y0; 393 y11 = -y11; 394 z11 = z11 - z0; 395 float k = fabs(atan(y11 / x11)); 396 float mousex = 0; 397 float mousez = 0; 398 if (x11 > 0 && y11 > 0) //第一向量 399 mousex = 1.57 - (k * 2 / 3.1415926*1.57); 400 if (x11 > 0 && y11 < 0) //4 401 mousex = 1.57 + (k * 2 / 3.1415926*1.57); 402 if (x11 < 0 && y11 < 0) //3 403 mousex = -1.57 - (k * 2 / 3.1415926*1.57); 404 if (x11 < 0 && y11 > 0) //2 405 mousex = -1.57 + (k * 2 / 3.1415926*1.57); 406 if (z11 > 0) 407 mousez = atan(z11 / sqrt((x11*x11 + y11 * y11))); 408 else 409 mousez = atan(z11 / sqrt((x11*x11 + y11 * y11))); 410 //mousez = -fabs(atan(z11 / juli) * 2 / 3.1415926)*1.57; 411 //-------------------------------------------------------------获得mousex,mousez 412 413 //-------------------------------------------------------------方框透视 414 float nowx = _ReadMemeryFloat(_hGameHandle, modbase + mousexptr); 415 float nowy = _ReadMemeryFloat(_hGameHandle, modbase + mousexptr + 4); 416 float scx = 0; 417 float scy = 0; 418 worldtosc(mousex, mousez, juli, nowx, nowy,scx, scy); 419 //-------------------------------------------------------------方框透视 420 ObjectAddress = NULL; 421 ObjectValue = NULL; 422 } 423 424 } 425 //-------------------------------------------------------------获得本人下标 426 if (n == -1) 427 { 428 scanf_s("%d",&n); 429 Sleep(3*1000); 430 continue; 431 } 432 //-------------------------------------------------------------获得本人下标 433 //float y2 = y1; 434 //float x2 = x1; 435 /* 436 //-------------------------------------------------------------获得mousex,mousez 437 x1 -= x0; 438 x1 = -x1; 439 y1 -= y0; 440 y1 = -y1; 441 float k = fabs(atan(y1 / x1)); 442 float mousex=0; 443 if (x1 > 0 && y1 > 0) //第一向量 444 mousex = 1.57 - (k * 2 / 3.1415926*1.57); 445 if (x1 > 0 && y1 < 0) //4 446 mousex = 1.57 + (k * 2 / 3.1415926*1.57); 447 if (x1 < 0 && y1 < 0) //3 448 mousex = -1.57 - (k * 2 / 3.1415926*1.57); 449 if (x1 < 0 && y1 > 0) //2 450 mousex = -1.57+(k * 2 / 3.1415926*1.57); 451 float z2 = z1; 452 z1 = z1 - z0; 453 float mousez = 0; 454 if (z1 > 0) 455 mousez = fabs(atan(z1 / minjuli) * 2 / 3.1415926)*1.57; 456 else 457 mousez = -fabs(atan(z1 / minjuli) * 2 / 3.1415926)*1.57; 458 //-------------------------------------------------------------获得mousex,mousez 459 460 //-------------------------------------------------------------方框透视 461 float nowx = _ReadMemeryFloat(_hGameHandle, modbase + mousexptr); 462 float nowy = _ReadMemeryFloat(_hGameHandle, modbase + mousexptr + 4); 463 float scx = 0; 464 float scy = 0; 465 worldtosc(mousex, mousez, minjuli, nowx, nowy, scx, scy); 466 //-------------------------------------------------------------方框透视 467 468 //-------------------------------------------------------------自瞄 469 //if (duiyou[xiabiao] == 0&& GetAsyncKeyState(VK_RBUTTON)) { 470 // WriteMemeryFloat(_hGameHandle, modbase + mousexptr, mousex); 471 // WriteMemeryFloat(_hGameHandle, modbase + mousexptr + 4, mousez); 472 //} 473 //-------------------------------------------------------------自瞄 474 475 */ 476 477 //printf("离最近的人的鼠标X值:%f k=%f ,x1=%f,y1=%f,z1 = %f minjuli=%f\n", mousex,k,x1,y1,z1,minjuli); 478 //printf("最近的那个人的坐标:%f %f %f\n", x2, y2,z2); 479 //printf("我的坐标:%f , %f , %f\n ", x0, y0,z0); 480 system("cls"); 481 } 482 } 483 484 485 int main() 486 { 487 //辅助的初始化 488 //scanf_s("%f", &cx); 489 Begin(); 490 ReadValue(); 491 getchar(); 492 return 0; 493 /* 494 DWORD qwq = _GetProcessId(NULL, (char*)"Crossout 0.10.48.109594"); 495 HANDLE pwp = _GetProcessHandle(qwq); 496 printf("%x\n", pwp); 497 */ 498 499 }
标签:function count try for ott tom sed nec 图片
原文地址:https://www.cnblogs.com/MiraculousB/p/12274991.html
