无聊时写的简单的植物僵尸的简单刷金币,把游戏开到冒险那级前就行
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
[System.Runtime.InteropServices.DllImport("user32.dll", EntryPoint = "SendMessageA")]
private static extern int SendMessage(IntPtr hwnd, int wMsg, IntPtr wParam, IntPtr lParam);
[System.Runtime.InteropServices.DllImport("user32.dll", EntryPoint = "GetWindowThreadProcessId")]
private static extern IntPtr GetWindowThreadProcessId(IntPtr hwnd, ref IntPtr lpdwProcessId);
[System.Runtime.InteropServices.DllImport("User32.dll", EntryPoint = "FindWindowA")]
public static extern System.IntPtr FindWindow(string strclass, string strname);
[System.Runtime.InteropServices.DllImport("kernel32.dll", EntryPoint = "OpenProcess")]
private static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, IntPtr dwProcessId);
[System.Runtime.InteropServices.DllImport("kernel32.dll")]
public static extern System.IntPtr WriteProcessMemory(IntPtr hProcess, int lpBaseAddress, byte[] lpBuffer, int nSize, ref int lpNumberOfBytesWritten);
[System.Runtime.InteropServices.DllImport("kernel32.dll",EntryPoint ="CloseHandle")]
public static extern int CloseHandle(IntPtr hObject);
//[System.Runtime.InteropServices.DllImport("Kernel32.dll")]
//private static extern void ReadProcessMemory(IntPtr handle, uint address, out byte[] data, int size, int read);
[DllImport("kernel32.dll ")]
static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, IntPtr lpBuffer, uint nSize, ref uint lpNumberOfBytesRead);
const int WM_LBUTTONDOWN = 0x201; // Left click down code
const int WM_LBUTTONUP = 0x202; // Left click up code
private const int PROCESS_ALL_ACCESS = 0x1F0FFF;
int writeSize, sunShineaddress;
string processname = "PlantsVsZomBies";
string TitleName = "植物大战僵尸中文版";
byte[] buffer = BitConverter.GetBytes(9999999);
bool run = false;
System.Threading.Thread thd = null;
IntPtr frmHwnd, proHwnd, proID;
IntPtr levelPoint, chanpinPoint;
int levelX, levelY, chanpinX, chanpinY;
void MainPro()
{
while (run)
{
//System.Threading.Thread.Sleep(1000);
writeSize = 0;
Microsoft.VisualBasic.Interaction.AppActivate(TitleName);
SendMessage(frmHwnd, WM_LBUTTONDOWN, IntPtr.Zero, levelPoint);
SendMessage(frmHwnd, WM_LBUTTONUP, IntPtr.Zero, levelPoint);
sunShineaddress = GetSunShineAddress();
System.Threading.Thread.Sleep(39);
WriteProcessMemory(proHwnd, sunShineaddress, buffer, buffer.Length, ref writeSize);
Microsoft.VisualBasic.Interaction.AppActivate(TitleName);
SendMessage(frmHwnd, WM_LBUTTONDOWN, IntPtr.Zero, chanpinPoint);
SendMessage(frmHwnd, WM_LBUTTONUP, IntPtr.Zero, chanpinPoint);
System.Threading.Thread.Sleep(6110);
}
thd.Abort();
thd = null;
}
int GetSunShineAddress()
{
//int vInt = 0x006a9ec0;
//byte[] vBuffer = new byte[4];
//IntPtr vBytesAddress = IntPtr.Zero;
//vBytesAddress = Marshal.UnsafeAddrOfPinnedArrayElement(vBuffer, 0); // 得到缓冲区的地址
//uint vNumberOfBytesRead = 0;
//ReadProcessMemory(proHwnd, (IntPtr)vInt, vBytesAddress, (uint)vBuffer.Length, ref vNumberOfBytesRead);
//vInt = Marshal.ReadInt32(vBytesAddress); // 读取数据
//byte[] vBuffer1 = new byte[4];
//IntPtr vBytesAddress1 = IntPtr.Zero;
//vBytesAddress1 = Marshal.UnsafeAddrOfPinnedArrayElement(vBuffer1, 0); // 得到缓冲区的地址
//uint vNumberOfBytesRead1 = 0;
//ReadProcessMemory(proHwnd, (IntPtr)(vInt+0x768), vBytesAddress1, (uint)vBuffer1.Length, ref vNumberOfBytesRead1);
//vInt = Marshal.ReadInt32(vBytesAddress); // 读取数据
//return ((int)vInt)+0x5560;
int vInt = 0x006a9ec0;
int[] py = new int[2] { 0, 0x768 };
byte[] vBuffer = new byte[4];
IntPtr vBytesAddress = Marshal.UnsafeAddrOfPinnedArrayElement(vBuffer, 0); // 得到缓冲区的地址
uint vNumberOfBytesRead = 0;
//for (int i=0;i<py.Length ;i++)
//{
ReadProcessMemory(proHwnd, (IntPtr)(vInt + py[0]), vBytesAddress, (uint)vBuffer.Length, ref vNumberOfBytesRead);
vInt = Marshal.ReadInt32(vBytesAddress); // 读取数据
ReadProcessMemory(proHwnd, (IntPtr)(vInt + py[1]), vBytesAddress, (uint)vBuffer.Length, ref vNumberOfBytesRead);
vInt = Marshal.ReadInt32(vBytesAddress); // 读取数据
//}
return vInt + 0x5560;
}
void GetBaseInfo()
{
levelPoint = (IntPtr)(levelX << 16 | levelY);
chanpinPoint = (IntPtr)(chanpinX << 16 | chanpinY);
frmHwnd = FindWindow(null, TitleName);
GetWindowThreadProcessId(frmHwnd,ref proID);
proHwnd = OpenProcess(PROCESS_ALL_ACCESS, false, proID);
}
private void btnMoney_Click(object sender, EventArgs e)
{
levelX = 240;
levelY = 370;
chanpinX = 70;
chanpinY = 200;
GetBaseInfo();
run = true;
thd = new System.Threading.Thread(new System.Threading.ThreadStart(MainPro));
thd.Start();
}
private void btnStopMoney_Click(object sender, EventArgs e)
{
run = false;
}
bool runShine = false;
private void BtnSunShine_Click(object sender, EventArgs e)
{
runShine = true;
System.Threading.Thread thd1 = new System.Threading.Thread(delegate()
{
while (runShine)
{
WriteProcessMemory(proHwnd, sunShineaddress, buffer, buffer.Length, ref writeSize);
System.Threading.Thread.Sleep(10000);
}
});
thd1.Start();
}
private void button1_Click(object sender, EventArgs e)
{
runShine = false;
}
}
浙公网安备 33010602011771号