我爱秘籍论坛

 找回密码
 加入论坛

QQ登录

只需一步,快速开始

扫一扫,访问微社区

CE:最优秀的游戏修改工具入门:修改器制作傻瓜教程说说:你最想要找的修改器以前游戏玩我们,现在我们玩游戏
进阶:游戏修改视频教程导航必备:超2400款游戏秘籍下载:超5000款游戏修改器必读:论坛金币获得方法
查看: 20340|回复: 94

[VB] 傻瓜教程之教你用VB制作修改器

  [复制链接]
发表于 2010-5-10 21:33:40 | 显示全部楼层 |阅读模式
一般情况下做游戏修改器,无非是读内存,写内存。本教程的目的就是教会你如何用VB 读写内存,够简单了吧。前提是你要对VB稍稍懂一些,不然的话下面的内容对你来说可能就是天书。
用VB制作做修改器时,先把以下内容复制到代码最上面
首先声明,本人VB菜鸟一个,以下代码并非原创,感谢原作者的无私奉献。
这一大串代码看不懂没关系,你要做的就是复制粘贴,复制粘贴,要看的东西在2楼

  1. Option Explicit
  2. '查找窗体写内存等
  3. Private Declare Function SetWindowPos Lib "user32" (ByVal hwnd As Long, ByVal hWndInsertAfter As Long, ByVal x As Long, ByVal Y As Long, ByVal cx As Long, ByVal cy As Long, ByVal wFlags As Long) As Long
  4. Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
  5. Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
  6. Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
  7. Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
  8. Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
  9. Private Declare Function ShellExecute Lib "shell32.dll" Alias "ShellExecuteA" (ByVal hwnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long
  10. Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
  11. Private Const STANDARD_RIGHTS_REQUIRED = &HF0000
  12. Private Const SYNCHRONIZE = &H100000
  13. Private Const SPECIFIC_RIGHTS_ALL = &HFFFF
  14. Private Const STANDARD_RIGHTS_ALL = &H1F0000
  15. Private Const PROCESS_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF
  16. Private Const PROCESS_VM_OPERATION = &H8&
  17. Private Const PROCESS_VM_READ = &H10&
  18. Private Const PROCESS_VM_WRITE = &H20&

  19. '权限提升
  20. Private Declare Function GetCurrentProcess Lib "kernel32" () As Long
  21. Private Declare Function LookupPrivilegeValue Lib "advapi32.dll" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLuid As LUID) As Long
  22. Private Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long
  23. Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long

  24. Private Const TOKEN_ASSIGN_PRIMARY = &H1
  25. Private Const TOKEN_DUPLICATE = (&H2)
  26. Private Const TOKEN_IMPERSONATE = (&H4)
  27. Private Const TOKEN_QUERY = (&H8)
  28. Private Const TOKEN_QUERY_SOURCE = (&H10)
  29. Private Const TOKEN_ADJUST_PRIVILEGES = (&H20)
  30. Private Const TOKEN_ADJUST_GROUPS = (&H40)
  31. Private Const TOKEN_ADJUST_DEFAULT = (&H80)
  32. Private Const TOKEN_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED Or TOKEN_ASSIGN_PRIMARY Or _
  33. TOKEN_DUPLICATE Or TOKEN_IMPERSONATE Or TOKEN_QUERY Or TOKEN_QUERY_SOURCE Or _
  34. TOKEN_ADJUST_PRIVILEGES Or TOKEN_ADJUST_GROUPS Or TOKEN_ADJUST_DEFAULT)
  35. Private Const SE_PRIVILEGE_ENABLED = &H2
  36. Private Const ANYSIZE_ARRAY = 1
  37. Private Type LUID
  38.     lowpart As Long
  39.     highpart As Long
  40. End Type
  41. Private Type LUID_AND_ATTRIBUTES
  42.     pLuid As LUID
  43.     Attributes As Long
  44. End Type
  45. Private Type TOKEN_PRIVILEGES
  46.     PrivilegeCount As Long
  47.     Privileges(ANYSIZE_ARRAY) As LUID_AND_ATTRIBUTES
  48. End Type

  49. Private GameWinTitle As String '游戏运行时显示的标题
  50. Private gamepid As Long ' 储存进程标识符( Process Id )
  51. '提升权限为高
  52. Public Function ToKen() As Boolean
  53. Dim hdlProcessHandle As Long
  54. Dim hdlTokenHandle As Long
  55. Dim tmpLuid As LUID
  56. Dim tkp As TOKEN_PRIVILEGES
  57. Dim tkpNewButIgnored As TOKEN_PRIVILEGES
  58. Dim lBufferNeeded As Long
  59. Dim lp As Long
  60. hdlProcessHandle = GetCurrentProcess()
  61. lp = OpenProcessToken(hdlProcessHandle, TOKEN_ALL_ACCESS, hdlTokenHandle)
  62. lp = LookupPrivilegeValue("", "SeDebugPrivilege", tmpLuid)
  63. tkp.PrivilegeCount = 1
  64. tkp.Privileges(0).pLuid = tmpLuid
  65. tkp.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED
  66. lp = AdjustTokenPrivileges(hdlTokenHandle, False, tkp, Len(tkpNewButIgnored), tkpNewButIgnored, lBufferNeeded)
  67. ToKen = lp
  68. End Function

  69. '获取内存内容
  70. Public Function GetData(ByVal lppid As Long, ByVal lpADDress As Long, Optional ByVal dtLen As Long = 4) As Long
  71. Dim pHandle As Long ' 储存进程句柄
  72. ' 使用进程标识符取得进程句柄
  73. pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, lppid)
  74. ' 在内存地址中读取数据
  75. ReadProcessMemory pHandle, ByVal lpADDress, ByVal VarPtr(GetData), dtLen, 0&
  76. ' 关闭进程句柄
  77. CloseHandle pHandle
  78. End Function

  79. '将修改内存
  80. Public Function SetData(ByVal lppid As Long, ByVal lpDestAddr As Long, lpSrcAddr() As Byte, Optional ByVal dtLen As Long = 4) As Boolean
  81. On Error GoTo mErr
  82. Dim lBytesReadWrite As Long
  83. Dim pHandle As Long ' 储存进程句柄
  84. ' 使用进程标识符取得进程句柄
  85. pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, lppid)
  86. WriteProcessMemory pHandle, ByVal lpDestAddr, ByVal VarPtr(lpSrcAddr(0)), dtLen, 0&
  87. ' 关闭进程句柄
  88. CloseHandle pHandle
  89. SetData = True
  90. mErr:
  91. End Function

  92. Public Function GetPid(lpClassName As String, lpWindowName As String) As Long
  93. ' 取得进程标识符
  94. GetWindowThreadProcessId FindWindow(lpClassName, lpWindowName), GetPid
  95. End Function
  96. '写入内存
  97. Public Sub WriteData(gpid As Long, Text As Long, addr As String, Optional ByVal dtLen As Long = 4)
  98. Dim HStr As String
  99. HStr = Right$("00000000" & Hex(Text), 8)
  100. Dim mBuff(3) As Byte '修改数值
  101. mBuff(0) = "&H" & Mid(HStr, 7, 2)
  102. mBuff(1) = "&H" & Mid(HStr, 5, 2)
  103. mBuff(2) = "&H" & Mid(HStr, 3, 2)
  104. mBuff(3) = "&H" & Mid(HStr, 1, 2)
  105. SetData gpid, addr, mBuff,dtLen
  106. End Sub
  107. Public Sub ViewIE(url As String)
  108. ShellExecute Form1.hwnd, "open", url, "", App.Path, 1
  109. End Sub
复制代码
发表于 2013-11-3 10:12:36 | 显示全部楼层
"VB"两个恐怖的英语————————
回复 支持 反对

使用道具 举报

发表于 2014-10-8 15:43:08 | 显示全部楼层
謝謝站長的這一篇教學流程,還有很多看不太懂阿
回复 支持 反对

使用道具 举报

发表于 2018-1-18 20:29:31 | 显示全部楼层

謝謝站長的這一篇教學流程
回复 支持 反对

使用道具 举报

 楼主| 发表于 2010-5-10 21:34:13 | 显示全部楼层
初始化,你要改的游戏是什么?

比如要改的是红色警戒   Snap1.jpg 这个你肯定熟悉,其中显示的 Red Alert 2 就是我们下面要用到的“游戏运行时显示的标题”。
  1. Private Sub Form_Load()'这个函数就不用解释了吧
  2. GameWinTitle = "Red Alert 2"     '游戏运行时显示的标题
  3. ToKen'不要管它
  4. End Sub
复制代码
'比如我们已经找到游戏的 基址是 0ABCDEF  偏移2是 AAA 偏移1 是BBB

如果你不知道怎么找游戏的指针,你应该先学习下CE http://bbs.52miji.com/thread-2723-1-1.html

代码片段1:获得游戏的ID + 判断游戏是否运行
  1. gamepid = GetPid(vbNullString, GameWinTitle)
  2. If gamepid = 0 Then
  3.   MsgBox GameWinTitle + " 没有运行!", 64
  4.   Exit Sub
  5. End If
复制代码
代码片段2:写内存

  1. Dim addrEAX1 As Long
  2. Dim addrEAX2 As Long
  3. addrEAX1 = GetData(gamepid, &HABCDEF, 4)'读取基址中的内存地址
  4. addrEAX2 = GetData(gamepid, addrEAX1 + &HAAA, 4)'读取偏移1后的内存地址
  5. WriteData gamepid, 888888, addrEAX2 + &HBBB, 4'写入内存数据
复制代码
代码片段3:读内存

  1. Dim addrEAX1 As Long
  2. Dim addrEAX2 As Long
  3. Dim addrEAX3 As Long
  4. Dim data As Long
  5. addrEAX1 = GetData(gamepid, &HABCDEF, 4)'读取基址中的内存地址
  6. addrEAX2 = GetData(gamepid, addrEAX1 + &HAAA, 4)'读取偏移1后的内存地址
  7. addrEAX3 = GetData(gamepid, addrEAX2 + &HBBB, 4)'读取偏移2后的内存地址
  8. data= GetData(gamepid, addrEAX3, 4)'最终获得的内存数据
复制代码
如果没有偏移的话修改就更简单了

读内存就是
  1. Text1.text = GetData(gamepid, &HABCDEF, 4)
复制代码
提示:其中gamepid是由代码片段1里获得,游戏的基址前面要加上 &H

写内存就是
  1. WriteData gamepid, 888888888, &HABCDEF, 4
复制代码
88888888就是你要写的数据

代码片段4:访问网站 + 检查更新
比如要访问我爱秘籍论坛(加个自己的ID可以增加推广)

  1. ViewIE "http://bbs.52miji.com/?fromuid=1"
复制代码
是不是很简单。

总结:
当我们找到游戏的基址和偏移后,用VB做修改器的过程:
1、首先找到要游戏进程的ID 详见代码片段1
2、写入数据 详见代码片段2
3、读取数据(可有可无) 详见代码片段3

你看明白了吗?


悄悄的说下,以上代码未测试,可能会有错误,烦请各位指正。
发表于 2010-5-10 21:35:55 | 显示全部楼层
我的沙发- -
发表于 2010-5-10 21:42:26 | 显示全部楼层
我表示我不会VB
我表示好麻烦
我表示我看不懂
我表示我该洗澡睡了
晚安~~~
发表于 2010-5-10 21:54:45 | 显示全部楼层
晚安
发表于 2010-5-10 21:57:04 | 显示全部楼层
不懂函数,不懂英语—————小白路过

不知能学的懂吗
发表于 2010-5-10 23:22:25 | 显示全部楼层
回复 2# 我爱秘籍
秘大,我觉得首先弄个VB修改器的软件来,好让大家下载。
我都不知道在哪里下载VB,?
然后秘大你在辛苦一下,教大家VB是怎样使用的,
最后再做VB修改游戏的教程。
秘大,好不好?
 楼主| 发表于 2010-5-10 23:37:02 | 显示全部楼层
回复 7# 2118cc

VB 比 CE 要复杂的多。

VB也不是修改器,要有一定基础才能使用。

你如果只是想修改游戏的话,CE就足够了。
发表于 2010-5-10 23:44:54 | 显示全部楼层
回复 8# 我爱秘籍
秘大,VB是不是Visual Basic 6.0啊?
 楼主| 发表于 2010-5-10 23:46:59 | 显示全部楼层
回复 9# 2118cc


    Visual Basic 简称VB
发表于 2010-5-11 12:17:48 | 显示全部楼层
其实我本质是很想学习的...但看的好晕啊
发表于 2010-5-11 13:13:15 | 显示全部楼层
回复 11# 遗忘の小宝宝
发表于 2010-5-12 00:42:53 | 显示全部楼层
vb没我那个修改器方法,我那个可以自己生成修改器,可以自己设计图案和窗口大小。
发表于 2010-5-14 23:51:49 | 显示全部楼层
稍稍看了一下,懂得一小部分,原来,自学了一段时间VB,但是学得很糟。你使用VB 6.0编的?C语言怎么样啊?
 楼主| 发表于 2010-5-15 00:05:40 | 显示全部楼层
回复 14# 天海

别提了。我到现在电脑都没装过C++
发表于 2010-5-17 15:08:05 | 显示全部楼层
额.....你们连VB都不知道啊
发表于 2010-5-17 15:11:45 | 显示全部楼层
我看的好晕啊  哈88  我还是晚安吧
发表于 2010-5-17 15:15:24 | 显示全部楼层
学习一下
发表于 2010-5-19 13:44:11 | 显示全部楼层
。。vb的教程还是很多的 度娘都知道的
发表于 2010-5-19 13:44:54 | 显示全部楼层
吐槽一下 我头像怎么这么小.
您需要登录后才可以回帖 登录 | 加入论坛

本版积分规则

QQ|Archiver|手机版|小黑屋|我爱秘籍论坛  

GMT+8, 2019-3-23 11:20 , Processed in 0.136073 second(s), 33 queries , Gzip On.

Powered by Discuz! X3.2

© 2001-2013 Comsenz Inc.

快速回复 返回顶部 返回列表