智能判定魔兽是否在聊天状态

第一步就是用CE查内存啦，配合魔兽窗口化工具大概需要二十分钟

1.20E     ：0x0045CB8C

1.24E     ：Game.dll+0x0AE8450

1.21       ：War3.exe+5CB8C

1.26       ：Game.dll+AD15F0

其他版本：Game.dll+ABDFE0

//由进程名获取进程ID，【出自百度空间，具体出处无法考证】

DWORD   GetProcessIdFromName(LPCTSTR  name)   

{     

PROCESSENTRY32   pe;   

DWORD   id   =   0;   

HANDLE   hSnapshot   =  CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);   

pe.dwSize   =   sizeof(PROCESSENTRY32);   

if(   !Process32First(hSnapshot,&pe)   )   

return   0;   

do   

{   

pe.dwSize   =   sizeof(PROCESSENTRY32);   

if(   Process32Next(hSnapshot,&pe)==FALSE   )   

break;   

if(strcmp(pe.szExeFile,name)   ==   0)   

{   

id   =   pe.th32ProcessID;   

break;   

}   

}   while(1);   

CloseHandle(hSnapshot);   

return   id;   

}  

//枚举进程模块，查找Game.dll基址，【出自MSDN】

DWORD ListProcessModules( DWORD dwPID ) 

{ 

HANDLE hModuleSnap = INVALID_HANDLE_VALUE; 

MODULEENTRY32 me32; 

//  Take a snapshot of all modules in the specified process. 

hModuleSnap = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, dwPID ); 

if( hModuleSnap == INVALID_HANDLE_VALUE ) 

{ 

//printError( "CreateToolhelp32Snapshot (of modules)" ); 

return( FALSE ); 

} 

//  Set the size of the structure before using it. 

me32.dwSize = sizeof( MODULEENTRY32 ); 

//  Retrieve information about the first module, 

//  and exit if unsuccessful 

if( !Module32First( hModuleSnap, &me32 ) ) 

{ 

//printError( "Module32First" );  // Show cause of failure 

CloseHandle( hModuleSnap );     // Must clean up the snapshot object! 

return( FALSE ); 

} 

//  Now walk the module list of the process, 

//  and display information about each module 

CString name;

do 

{ 

name=me32.szModule;

if (name=="Game.dll")

{

CloseHandle( hModuleSnap ); 

return (DWORD) me32.modBaseAddr;

}

} while( Module32Next( hModuleSnap, &me32 ) ); 

//  Do not forget to clean up the snapshot object. 

CloseHandle( hModuleSnap ); 

return( 0 ); 

} 

//读取对应内存

int isInput()

{

int IsInput;

DWORD dwProcID;

//提高权限

HANDLE hToken;

HWND _hWnd=::FindWindow(NULL,"Warcraft III");

::OpenProcessToken(::GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken);

LUID uID;

::LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&uID);

TOKEN_PRIVILEGES tp;

tp.PrivilegeCount=1;

tp.Privileges[0].Luid=uID;

tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;

::AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(tp),NULL,NULL);

::CloseHandle(hToken); 

//打开进程

::GetWindowThreadProcessId(_hWnd, &dwProcID);

HANDLE hProc = ::OpenProcess(PROCESS_VM_READ|PROCESS_VM_WRITE, FALSE, dwProcID);

HWND hd=FindWindow(NULL,"WarIIIKey 1.3");

//1.20E

if (IsDlgButtonChecked(hd,IDC_120E))

{

int b=::ReadProcessMemory(hProc, (LPVOID)0x0045CB8C, (LPVOID)&IsInput,4, NULL);

::CloseHandle(hProc);hProc=NULL;

return IsInput;

}

//1.24E

if (IsDlgButtonChecked(hd,IDC_124E))

{

int b=::ReadProcessMemory(hProc, (LPVOID)(hModule+0x0AE8450), (LPVOID)&IsInput,4, NULL);

::CloseHandle(hProc);hProc=NULL;

return IsInput;

}

//1.26

if (IsDlgButtonChecked(hd,IDC_126))

{

//DWORD hModule=ListProcessModules(GetProcessIdFromName("War3.exe"));

int b=::ReadProcessMemory(hProc, (LPVOID)(hModule+0xAD15F0), (LPVOID)&IsInput,4, NULL);

::CloseHandle(hProc);hProc=NULL;

return IsInput;

}else{

//DWORD hModule=ListProcessModules(GetProcessIdFromName("War3.exe"));

int b=::ReadProcessMemory(hProc, (LPVOID)(hModule+0xABDFE0), (LPVOID)&IsInput,4, NULL);

::CloseHandle(hProc);hProc=NULL;

return IsInput;

}

::CloseHandle(hProc);hProc=NULL;

return IsInput;

}