PopCap Games
&2016 Electronic Arts Inc.Windows GUI Program(1)
/*************************************/
/***********************************/
#pragma once
#define WM_GRAYCO***OLES WM_USER+100
#define APP_NAME L&植物大战僵尸修改器 v1.2&
#define WND_W 360
#define WND_H 230
#define IMG_H 55
#define ID_TIMER 1
#define TIMER_SLEEP_TIME 1000
#include &windows.h&
#include &tchar.h&
#include &Commctrl.h&
#include &psapi.h&
#include &process.h&
#pragma comment(lib, &psapi&)
#pragma comment(lib, &comctl32.lib&)
#pragma comment(linker,&/manifestdependency:\&type='win32'\
name='mon-Controls' &\
&version='6.0.0.0' \
processorArchitecture='*'\
publicKeyToken='ccf1df' \
language='*'\&&)
BOOL CALLBACK DlgProc(HWND,UINT,WPARAM,LPARAM);
LRESULT CALLBACK WndProc(HWND,UINT,WPARAM,LPARAM);
BOOL EnableDebugPrivilege(HANDLE hProcess);
HWND FindDestWnd();
DWORD GetPIDFromeWnd();
HANDLE OpenProcessWithDbg(DWORD PID);
////////////////////////////////////
DWORD GetPIDFromeProcesses(LPCTSTR lpWndName);
/*************************************/
/***********************************/
#include &Wnd.h&
#include &resource.h&
#include &InjectCode.h&
BOOL g_bWndActive =
BOOL EnableDebugPrivilege(HANDLE hProcess)
TOKEN_PRIVILEGES
//打开令牌环
BOOL bOK = OpenProcessToken(hProcess,TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken);
return FALSE;
bOK = LookupPrivilegeValue(NULL,SE_SECURITY_NAME,&luid);
return FALSE;
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid =
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
//调整权限
bOK = AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES),NULL,NULL);
return FALSE;
CloseHandle(hToken);
return TRUE;
int WINAPI WinMain(HINSTANCE hInst, HINSTANCE, LPSTR lpCmdLine, int nShowCmd)
InitCommonControls();
TCHAR szClsName[] = L&MainWnd&;
WNDCLASSEX
wcex.cbSize = sizeof(WNDCLASSEX);
wcex.hInstance = hI
wcex.lpfnWndProc = WndP
wcex.cbClsExtra = 0;
wcex.cbWndExtra = 0;
wcex.hCursor = LoadCursor(NULL, IDC_ARROW);
wcex.hbrBackground = (HBRUSH)(COLOR_MENUBAR+1);
wcex.lpszClassName = szClsN
wcex.lpszMenuName = NULL;
wcex.style = 0;
wcex.hIconSm = LoadIcon(hInst, MAKEI***ESOURCE(IDI_ICON1));
wcex.hIcon = LoadIcon(hInst, MAKEI***ESOURCE(IDI_ICON2));
if(!RegisterClassEx(&wcex))
hWnd = CreateWindowEx(
WS_EX_CO***OLPARENT,
szClsName,
(WS_CLIPCHILDREN
|WS_CLIPSIBLINGS
|WS_MINIMIZEBOX
|WS_SYSMENU
|WS_CAPTION
|WS_TABSTOP)
&(~WS_MAXIMIZEBOX ),
GetSystemMetrics(SM_CXFULLSCREEN)/2-WND_W/2,
GetSystemMetrics(SM_CYFULLSCREEN)/2-WND_H/2,
hInst,NULL);
ShowWindow(hWnd, nShowCmd);
UpdateWindow(hWnd);
while(GetMessage(&msg, NULL, 0, 0))
TranslateMessage(&msg);
DispatchMessage(&msg);
return msg.wP
LRESULT CALLBACK WndProc(HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
static HWND hD
static RECT rectW
RECT rectD
static HANDLE hB
HDC hdcWnd, hdcM
PAINTSTRUCT
switch(uMsg)
case WM_KEYDOWN:
switch(wParam)
case VK_F1:
ID = IDC_CHECK1;
case VK_F2:
ID = IDC_CHECK2;
case VK_F3:
ID = IDC_CHECK3;
case VK_F4:
ID = IDC_CHECK4;
case VK_F5:
ID = IDC_CHECK5;
case VK_F6:
ID = IDC_CHECK6;
case VK_F7:
ID = IDC_CHECK7;
case VK_F8:
ID = IDC_CHECK8;
return DefWindowProc(hWnd, uMsg, wParam, lParam);;
PostMessage(hDlg, WM_COMMAND, (WPARAM)ID, NULL);
case WM_PAINT:
hdcWnd = BeginPaint(hWnd, &ps);
hdcMem = CreateCompatibleDC (hdcWnd);
SelectObject(hdcMem,hBmp);
BitBlt(hdcWnd,0,0,WND_W,WND_H,hdcMem,0,0,SRCCOPY);
DeleteDC(hdcMem);
EndPaint(hWnd, &ps);
case WM_TIMER:
if( FindDestWnd() == NULL)
g_bWndActive = FALSE;
g_bWndActive = TRUE;
PostMessage(hDlg, WM_GRAYCO***OLES,0,g_bWndActive);
SetTimer(hWnd, ID_TIMER, TIMER_SLEEP_TIME, NULL);
case WM_DESTROY:
KillTimer(hWnd, ID_TIMER);
EndDialog(hDlg, 0);
PostQuitMessage(0);
case WM_CREATE:
if( FindDestWnd() == NULL)
g_bWndActive = FALSE;
g_bWndActive = TRUE;
hBmp = LoadImage(
(HINSTANCE)GetModuleHandle(0),
MAKEI***ESOURCE(IDB_BITMAP1),
IMAGE_BITMAP,
LR_DEFAULTSIZE);
hDlg = CreateDialogParam(
(HINSTANCE)GetModuleHandle(0),
MAKEI***ESOURCE(IDD_FORMVIEW),
GetWindowRect(hDlg,&rectDlg);
GetClientRect(hWnd, &rectWnd);
MoveWindow(hDlg,
(rectWnd.right-rectWnd.left)/2 - (rectDlg.right-rectDlg.left)/2,
IMG_H+1,rectDlg.right-rectDlg.left,rectDlg.bottom-rectDlg.top,NULL);
ShowWindow(hDlg,SW_SHOW);
SetFocus(GetParent(hDlg));
SetTimer(hWnd, ID_TIMER, TIMER_SLEEP_TIME, NULL);
return DefWindowProc(hWnd, uMsg, wParam, lParam);
BOOL CALLBACK DlgProc(HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
BOOL bSetS
DWORD PID;
HANDLE hProcess = NULL;
BOOL bSuccess = FALSE;
static INJECT_BLOCK
AutoCollect,
Nondecrease,
DoubleSun_1,
DoubleSun_2,
DoubleMoney,
SecKill_1,
SecKill_2,
UnlockSlot_1,
UnlockSlot_2;
static GOODS_BACKUP goodsBackup[GOODS_COUNT];
PINJECT_BLOCK pInjectes[3] = {NULL,NULL,NULL};
switch(uMsg)
case WM_COMMAND:
if(g_bWndActive == FALSE)
return FALSE;
ctrlID = LOWORD(wParam);
if(IsDlgButtonChecked(hDlg, ctrlID) == BST_CHECKED)
bSetState = FALSE;
bSetState = TRUE;
switch(ctrlID)
case IDC_CHECK1:
pInjectes[0] = &AutoC
case IDC_CHECK2:
pInjectes[0] = &N
case IDC_CHECK3:
pInjectes[0] = &DoubleSun_1;
pInjectes[1] = &DoubleSun_2;
case IDC_CHECK4:
pInjectes[0] = &DoubleM
case IDC_CHECK5:
case IDC_CHECK6:
PID = GetPIDFromeWnd();
if(PID &= 0)
return FALSE;
hProcess = OpenProcessWithDbg(PID);
if(hProcess == NULL)
return FALSE;
bSuccess = WriteGoodsAttrToMem(hProcess,
(ctrlID==IDC_CHECK5)?GOODS_ATTR_PRICE:GOODS_ATTR_TIME,
goodsBackup,
bSetState);
case IDC_CHECK7:
pInjectes[0] = &SecKill_1;
pInjectes[1] = &SecKill_2;
case IDC_CHECK8:
pInjectes[0] = &UnlockSlot_2;
pInjectes[1] = &UnlockSlot_1;
return FALSE;
PID = GetPIDFromeWnd();
if(PID &= 0)
return FALSE;
hProcess = OpenProcessWithDbg(PID);
if(hProcess == NULL)
return FALSE;
for(int i=0; i&3; i++)
if(pInjectes[i] != NULL)
bSuccess = WriteCodeToMem(hProcess,
pInjectes[i],
bSetState);
hereleave:
SetFocus(GetParent(hDlg));
if(bSuccess)
CheckDlgButton(hDlg, ctrlID, bSetState);
return TRUE;
case WM_GRAYCO***OLES:
EnableWindow(GetDlgItem(hDlg,IDC_CHECK1), lParam);
EnableWindow(GetDlgItem(hDlg,IDC_CHECK2), lParam);
EnableWindow(GetDlgItem(hDlg,IDC_CHECK3), lParam);
EnableWindow(GetDlgItem(hDlg,IDC_CHECK4), lParam);
EnableWindow(GetDlgItem(hDlg,IDC_CHECK5), lParam);
EnableWindow(GetDlgItem(hDlg,IDC_CHECK6), lParam);
EnableWindow(GetDlgItem(hDlg,IDC_CHECK7), lParam);
EnableWindow(GetDlgItem(hDlg,IDC_CHECK8), lParam);
if(lParam == FALSE)
CheckDlgButton(hDlg, IDC_CHECK1, BST_UNCHECKED);
CheckDlgButton(hDlg, IDC_CHECK2, BST_UNCHECKED);
CheckDlgButton(hDlg, IDC_CHECK3, BST_UNCHECKED);
CheckDlgButton(hDlg, IDC_CHECK4, BST_UNCHECKED);
CheckDlgButton(hDlg, IDC_CHECK5, BST_UNCHECKED);
CheckDlgButton(hDlg, IDC_CHECK6, BST_UNCHECKED);
CheckDlgButton(hDlg, IDC_CHECK7, BST_UNCHECKED);
CheckDlgButton(hDlg, IDC_CHECK8, BST_UNCHECKED);
return TRUE;
case WM_INITDIALOG:
AutoCollect.dwBaseAddr = 0x44c5f1;
AutoCollect.dwSize = 1;
AutoCollect.sbNewCode[0] = 0x1;
Nondecrease.dwBaseAddr = 0x433f86;
Nondecrease.dwSize = 6;
memset(&Nondecrease.sbNewCode, 0x90, 6);
DoubleSun_1.dwBaseAddr = 0x44ba22;
DoubleSun_1.dwSize = 1;
DoubleSun_1.sbNewCode[0] = 0x32;
DoubleSun_2.dwBaseAddr = 0x44ba2e;
DoubleSun_2.dwSize = 1;
DoubleSun_2.sbNewCode[0] = 0x19;
DoubleMoney.dwBaseAddr = 0x44ba92;
DoubleMoney.dwSize = 1;
DoubleMoney.sbNewCode[0] = 0x2;
SecKill_1.dwBaseAddr = 0x5671f9;
SecKill_1.dwSize = 2;
SecKill_1.sbNewCode[0] = 0
SecKill_1.sbNewCode[1] = 0x16;
SecKill_2.dwBaseAddr = 0x566d07;
SecKill_2.dwSize = 3;
SecKill_2.sbNewCode[0] = 0xf6;
SecKill_2.sbNewCode[1] = 0x90;
SecKill_2.sbNewCode[2] = 0x90;
UnlockSlot_1.dwBaseAddr = 0x43470f;
UnlockSlot_1.dwSize = 2;
UnlockSlot_1.sbNewCode[0] = 0xEB;
UnlockSlot_1.sbNewCode[1] = 0x15;
UnlockSlot_2.dwBaseAddr = 0x434726;
UnlockSlot_2.dwSize = 8;
*(LONGLONG*)UnlockSlot_2.sbNewCode = 0xE9EB0ABC;
SendMessage(hDlg, WM_GRAYCO***OLES,0,(LPARAM)g_bWndActive?TRUE:FALSE);
return TRUE;
return FALSE;
HWND FindDestWnd()
HWND h = NULL;
TCHAR* szDestWndNames[] =
{L&Plants vs. Zombies 1.2.0.1073 RELEASE&},
{L&植物大战僵尸中文版&},
{L&植物大战僵尸&},
{L&PlantsVsZombies&}
for(int i=0; i&sizeof(szDestWndNames)/sizeof(TCHAR*); i++)
h = FindWindow(NULL, szDestWndNames[i]);
if(NULL != h)
DWORD GetPIDFromeWnd()
DWORD id = -1;
if( (hWnd = FindDestWnd()) == NULL)
return -1;
GetWindowThreadProcessId(hWnd,&id);
HANDLE OpenProcessWithDbg(DWORD PID)
hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,PID);
if(hProcess == NULL)
return NULL;
if(!EnableDebugPrivilege(hProcess))
MessageBox(0, L&提升权限失败!&, L&错误提示&, 0);
CloseHandle(hProcess);
return NULL;
/***********************************
************************************
************************************/
BOOL IsDestPID(DWORD PID)
TCHAR szProcessName[MAX_PATH];
TCHAR szDestName[] = L&PlantsVsZombies.exe&;
HANDLE hProc = OpenProcess(PROCESS_QUERY_INFORMATION |PROCESS_VM_READ,FALSE,PID);
if(hProc == NULL)
return FALSE;
HMODULE hM
if ( !EnumProcessModules( hProc, &hMod, sizeof(hMod),&cbNeeded ))
if(GetModuleBaseName( hProc, hMod, szProcessName,sizeof(szProcessName)/sizeof(TCHAR)) ==0)
if(_wcsicmp(szProcessName, szDestName) == 0)
CloseHandle(hProc);
return TRUE;
CloseHandle(hProc);
return FALSE;
DWORD GetPIDFromeProcesses(LPCTSTR lpWndName)
DWORD aProcesses[1024],cbNeeded, cP
EnumProcesses(aProcesses, sizeof(aProcesses),&cbNeeded);
cProcesses = cbNeeded / sizeof(DWORD);
for ( i = 0; i & cP i++ )
if( aProcesses[i] != 0 )
if(IsDestPID(aProcesses[i]))
pid = aProcesses[i];
return -1;
/*************************************/
//InjectCode.cpp
/***********************************/
#pragma once
#define BUF_LEN 20
//缓存大小
#define GOODS_COUNT 53
//物品的数目
#define GOODS_ATTR_PRICE 1 //物品价格属性标记
#define GOODS_ATTR_TIME 2
//物品冷却时间属性标记
#include &windows.h&
//物品属性
typedef struct _GOODS_ATTRIBUTE
//物品种类
DWORD unknown2;
DWORD unknown3;
DWORD unknown4;
DWORD coolingT
//冷却时间
DWORD unknown7;
DWORD unknown8;
DWORD unknown9;
}GOODS_ATTRIBUTE,*PGOODS_ATTRIBUTE;
//保存物品属性
typedef struct _GOODS_BACKUP
}GOODS_BACKUP,*PGOODS_BACKUP;
typedef struct _tagINJECT_BLOCK
DWORD dwBaseA
//注入基址
//注入字节数
BYTE sbNewCode[BUF_LEN];
//要注入的代码
BYTE sbOldCode[BUF_LEN];
//保存原来的代码
}INJECT_BLOCK,*PINJECT_BLOCK;
BOOL WriteCodeToMem(HANDLE hProcess,
PINJECT_BLOCK pInjectBlock,
BOOL writeNew);
BOOL WriteGoodsAttrToMem(HANDLE hProcess,
DWORD AttrBitMark,
PGOODS_BACKUP pBackup,
BOOL writeNew);
/*************************************/
//InjectCode.cpp
/***********************************/
#include &InjectCode.h&
BOOL WriteCodeToMem(HANDLE hProcess,
PINJECT_BLOCK pInjectBlock,
BOOL writeNew)
BOOL bRtn = FALSE;
bRtn = VirtualProtectEx(hProcess,
(void*)pInjectBlock-&dwBaseAddr,
pInjectBlock-&dwSize,
PAGE_READWRITE,
&pInjectBlock-&dwOldProtect);
return FALSE;
if(writeNew)
bRtn = ReadProcessMemory(hProcess,
(void*)pInjectBlock-&dwBaseAddr,
pInjectBlock-&sbOldCode,
pInjectBlock-&dwSize,
return FALSE;
bRtn = WriteProcessMemory(hProcess,
(void*)pInjectBlock-&dwBaseAddr,
pInjectBlock-&sbNewCode,
pInjectBlock-&dwSize,
return FALSE;
bRtn = WriteProcessMemory(hProcess,
(void*)pInjectBlock-&dwBaseAddr,
pInjectBlock-&sbOldCode,
pInjectBlock-&dwSize,
return FALSE;
bRtn = VirtualProtectEx(hProcess,
(void*)pInjectBlock-&dwBaseAddr,
pInjectBlock-&dwSize,
pInjectBlock-&dwOldProtect,
&pInjectBlock-&dwOldProtect);
return FALSE;
BOOL WriteGoodsAttrToMem(HANDLE hProcess,
DWORD AttrBitMark,
PGOODS_BACKUP pBackup,
BOOL writeNew)
const DWORD dwGoodsBase = 0x76c600;
bRtn = FALSE;
DWORD dwInject = 0;
DWORD dwPriceAddr, dwTimeA
DWORD dwGoodsAddr = dwGoodsB
bRtn = VirtualProtectEx(hProcess,
(void*)dwGoodsAddr,
sizeof(GOODS_ATTRIBUTE)*GOODS_COUNT,
PAGE_READWRITE,
&dwProtect);
return FALSE;
for(int i=0; i&GOODS_COUNT; i++)
dwPriceAddr = dwGoodsAddr+ 16;
dwTimeAddr = dwGoodsAddr +20;
if(writeNew)
if(GOODS_ATTR_PRICE ==(AttrBitMark & GOODS_ATTR_PRICE))
bRtn = ReadProcessMemory(hProcess,
(void*)dwPriceAddr,
(LPVOID)&pBackup-&price,
return FALSE;
bRtn = WriteProcessMemory(hProcess,
(void*)dwPriceAddr,
(void*)&dwInject,
return FALSE;
if(GOODS_ATTR_TIME ==(AttrBitMark & GOODS_ATTR_TIME))
bRtn = ReadProcessMemory(hProcess,
(void*)dwTimeAddr,
(LPVOID)&pBackup-&time,
return FALSE;
bRtn = WriteProcessMemory(hProcess,
(void*)dwTimeAddr,
(void*)&dwInject,
return FALSE;
if(GOODS_ATTR_PRICE ==(AttrBitMark & GOODS_ATTR_PRICE))
bRtn = WriteProcessMemory(hProcess,
(void*)dwPriceAddr,
(void*)&pBackup-&price,
return FALSE;
if(GOODS_ATTR_TIME ==(AttrBitMark & GOODS_ATTR_TIME))
bRtn = WriteProcessMemory(hProcess,
(void*)dwTimeAddr,
(void*)&pBackup-&time,
return FALSE;
dwGoodsAddr += sizeof(GOODS_ATTRIBUTE);
bRtn = VirtualProtectEx(hProcess,
(void*)dwGoodsBase,
sizeof(GOODS_ATTRIBUTE),
dwProtect,
&dwProtect);
return FALSE;
参考知识库
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
访问:7865次
排名:千里之外
原创:10篇
(1)(2)(1)(1)(2)(3)后使用我的收藏没有帐号?
关注:1231
所属分类: &
查看: 12|回复: 0
植物大战僵尸 1.2.0.1073 RELEASE 金币修改器
植物大战僵尸 1.2.0.1073 RELEASE 金币修改器
点这里&&&&
支持你喜欢的王者主播领大奖!
