[已解决]植物大战僵尸阳光值修改调用WriteProcessMemory函数调用失败求大神指点

猫咪没有鱼 · 发表于 2020-12-14 20:46:18

本帖最后由猫咪没有鱼于 2020-12-14 20:49 编辑

进程权限调用的是PROCESS_ALL_ACCESS，内存可以读，但是写入总是失败，跪求各位大佬指点！！！

植物大战僵尸阳光值修改调用WriteProcessMemory函数调用失败求大神指点

附件上面是本菜鸟的源代码。

include <Windows.h>
#include "resource.h"

#define SUN_SHINE_BASE_ADDR 0x006A9EC0
#define SUN_SHINE_OFFSET_FIRST 0x768
#define SUN_SHINE_OFFSET_SECOND 0x5560

HWND hWnd;
HANDLE hProcessRet;
DWORD dwSize;
DWORD dwProcessID;
DWORD dwThreadID;
DWORD dwSunShineBaseAddress;
DWORD dwSunShineBaseAddressValue;
DWORD dwSunShineOffsetFirst;
DWORD dwSunShineOffsetFirstValue;
DWORD dwSunShineOffsetSecond;
DWORD dwSunShineOffsetSecondValue;
BOOL blTranslated;
UINT uRet;

void Initializationvariable();

BOOL CALLBACK DialogProc(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam);

int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
{
Initializationvariable();
DialogBox(hInstance, (LPCSTR)101,NULL,DialogProc);
return 0;
}

BOOL CALLBACK DialogProc(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
switch (uMsg)
{
case WM_COMMAND:
switch (wParam)
{
case IDCHECK:
{
hWnd = FindWindow(TEXT("MainWindow"), TEXT("植物大战僵尸中文版"));
dwThreadID = GetWindowThreadProcessId(hWnd, &dwProcessID);
if (dwThreadID != 0)
{
MessageBox(NULL, TEXT("本辅助适合此游戏版本!!!"), TEXT("Congratulation!!!"), MB_OK);
}
else
{
MessageBox(NULL, TEXT("游戏未运行或本辅助不适合此游戏版本，请下载符合您游戏版本的辅助!!!"), TEXT("ERRO TIPS!!!"), MB_ICONERROR);
}
SetDlgItemInt(hwndDlg, IDC_GMPROCESSID, dwProcessID, FALSE);
SetDlgItemInt(hwndDlg, IDC_GMTHREADID, dwThreadID, FALSE);
}
break;
case IDEXIT:
EndDialog(hwndDlg, IDEXIT);
break;
case IDC_CHANGESBUTTON:
uRet = GetDlgItemInt(hwndDlg, IDC_CHANGESVEDIT, &blTranslated, FALSE);

hProcessRet = OpenProcess(PROCESS_ALL_ACCESS, 0, dwProcessID);
if (hProcessRet == NULL)
{
MessageBox(hwndDlg, TEXT("进程打开失败!"), TEXT("ERROR Tips!"), MB_OK);
}
ReadProcessMemory(hProcessRet, (LPCVOID)dwSunShineBaseAddress, &dwSunShineBaseAddressValue, sizeof(DWORD), &dwSize);
ReadProcessMemory(hProcessRet, (LPVOID)(dwSunShineBaseAddressValue + dwSunShineOffsetFirst), &dwSunShineOffsetFirstValue, sizeof(DWORD), &dwSize);
ReadProcessMemory(hProcessRet, (LPVOID)(dwSunShineOffsetFirstValue + dwSunShineOffsetSecond), &dwSunShineOffsetSecondValue, sizeof(DWORD), &dwSize);

WriteProcessMemory(hProcessRet, (LPVOID)dwSunShineOffsetSecondValue, &uRet, sizeof(DWORD), &dwSize);

}

}

return FALSE;
}

void Initializationvariable()
{
hWnd = NULL;
hProcessRet = 0;
dwSize = 0;
dwProcessID = 0;
dwThreadID = 0;
dwSunShineBaseAddress = SUN_SHINE_BASE_ADDR;
dwSunShineBaseAddressValue = 0;
dwSunShineOffsetFirst = SUN_SHINE_OFFSET_FIRST;
dwSunShineOffsetFirstValue = 0;
dwSunShineOffsetSecond = SUN_SHINE_OFFSET_SECOND;
dwSunShineOffsetSecondValue = 0;
}

最佳答案

月排行榜 / 总排行榜

tony666

2020-12-15 09:20:11

WriteProcessMemory似乎没有问题，可以GetLastError看看什么错误，
最好用CE看一下，你dwSunShineOffsetSecondValue地址是否可以用CE更改，
怀疑dwSunShineOffsetSecondValue定位到了不可写的地址上了

跳转到最佳答案楼层

236a · 发表于 2020-12-15 00:16:02

本帖最后由 236a 于 2020-12-15 00:31 编辑

WriteProcessMemory的第二个参数 LPVOID lpBaseAddress, 不要用VOID强制转用BYTE字节类型

写入大小你也填错了定义UING 你填的DWORD

0x400.. 直接用的十六进制你用变量需要byte转

第四个参数是实际写入了多少可以不用管直接填0

int value=123456;
WriteProcessMemory(打开进程的句柄, 0x00400000, &value, sizeof(value),0);