War3(魔兽争霸III)地图全开的源代码 | 雨律在线

War3(魔兽争霸III)地图全开的源代码 2/14

没试过,网上流传的代码。估计是1.20e版本用的。

#include <windows.h>
#include <winbase.h>
int main()
{
//Find wc3 windows
HWND hwar3=::FindWindow(NULL,"Warcraft III");

HANDLE hcurrent=GetCurrentProcess();
HANDLE hToken;

BOOL bret=OpenProcessToken(hcurrent,40,&hToken);

LUID luid;

bret=LookupPrivilegeValue(NULL,"SeDebugPrivilege",&luid);

TOKEN_PRIVILEGES NewState,PreviousState;
DWORD ReturnLength;

NewState.PrivilegeCount =1;
NewState.Privileges[0].Luid =luid;
NewState.Privileges[0].Attributes=2;

bret=AdjustTokenPrivileges(hToken,FALSE,&NewState,28,&PreviousState,&ReturnLength);

DWORD PID, TID;
TID = ::GetWindowThreadProcessId (hwar3, &PID);
//Open wc3 process
HANDLE hopen=OpenProcess( PROCESS_ALL_ACCESS|PROCESS_TERMINATE|PROCESS_VM_OPERATION|PROCESS_VM_READ|PROCESS_VM_WRITE,FALSE,PID);


//Write memory
DWORD data=0x74;
bret=WriteProcessMemory(hopen,(LPVOID)0x6F4069F0,&data,1,0);
data=0x8B;
bret=WriteProcessMemory(hopen,(LPVOID)0x6F406A0E,&data,1,0);
data=0x09;
bret=WriteProcessMemory(hopen,(LPVOID)0x6F406A0F,&data,1,0);
data=0x90;
bret=WriteProcessMemory(hopen,(LPVOID)0x6F406A10,&data,1,0);
data=0x8B;
bret=WriteProcessMemory(hopen,(LPVOID)0x6F406A13,&data,1, or="#800080">0);
data=0x09;
bret=WriteProcessMemory(hopen,(LPVOID)0x6F406A14,&data,1,0);
data=0x90;
bret=WriteProcessMemory(hopen,(LPVOID)0x6F406A15,&data,1,0);
data=0x90;
bret=WriteProcessMemory(hopen,(LPVOID)0x6F29FE20,&data,1,0);
data=0x90;
bret=WriteProcessMemory(hopen,(LPVOID)0x6F29FE21,&data,1,0);
data=0x00;
bret=WriteProcessMemory(hopen,(LPVOID)0x6F149198,&data,1,0);
data=0x40;
bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A0803,&data,1,0);
data=0x33;
bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A0804,&data,1,0);
data=0xC0;
bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A0805,&data,1,0);
data=0x42;
bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A0806,&data,1,0);
data=0x33;
bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A0807,&data,1,0);
data=0xD2;
bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A0808,&data,1,0);
data=0xEB;
bret=WriteProcessMemory(hopen,(LPVOID)0x6F14A0B4,&data,1,0);
data=0xEB;
bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A0703,&data,1,0);

//Close handle
bret=CloseHandle(hopen);
return 0;
}


 
目前有1条回应
Comment
Trackback
Loading ....
  • Liufy 回应于2009/08/28 10:33 回复TA

    - -
    好纯粹啊···
    找窗口 提权 拿进程句柄 硬编码写内存···

  • 本篇文章没有Trackback
清空内容粗体斜体下划线删除线链接字体颜色表情
icon_wink.gificon_neutral.gificon_mad.gificon_twisted.gificon_smile.gificon_eek.gificon_sad.gificon_rolleyes.gificon_razz.gificon_redface.gificon_surprised.gificon_mrgreen.gificon_lol.gificon_idea.gificon_biggrin.gificon_evil.gificon_cry.gificon_cool.gificon_arrow.gificon_confused.gificon_question.gificon_exclaim.gif
你目前的身份是游客,请输入昵称和电邮!