16,551
社区成员
发帖
与我相关
我的任务
分享小弟分析的自动扫雷程序有问题咯,贴出代码,请教高手
自己练习了一下。有些不明白,请高手指点:
下面是我用OLLYDBG拷贝下来的……
0100333C |. A3 F8560001 MOV DWORD PTR DS:[10056F8],EAX
01003341 |. 890D 685A0001 MOV DWORD PTR DS:[1005A68],ECX
01003347 |. E8 03FBFFFF CALL winmine.01002E4F
0100334C |. A1 C4520001 MOV EAX,DWORD PTR DS:[10052C4]
01003351 |. 893D 80510001 MOV DWORD PTR DS:[1005180],EDI
01003357 |. A3 6C5A0001 MOV DWORD PTR DS:[1005A6C],EAX
0100335C |> FF35 F8560001 /PUSH DWORD PTR DS:[10056F8]
01003362 |. E8 18050000 |CALL winmine.0100387F
01003367 |. FF35 685A0001 |PUSH DWORD PTR DS:[1005A68]
0100336D |. 8BF0 |MOV ESI,EAX
0100336F |. 46 |INC ESI
01003370 |. E8 0A050000 |CALL winmine.0100387F
01003375 |. 40 |INC EAX
01003376 |. 8BC8 |MOV ECX,EAX
01003378 |. C1E1 05 |SHL ECX,5
0100337B |. F68431 005700>|TEST BYTE PTR DS:[ECX+ESI+1005700],80 ;请教这里,这里明明是0x80
;可是别人的分析是0x8f,奇怪咯?郁闷的……
01003383 |.^ 75 D7 |JNZ SHORT winmine.0100335C
01003385 |. C1E0 05 |SHL EAX,5
01003388 |. 808C30 005700>|OR BYTE PTR DS:[EAX+ESI+1005700],80
01003390 |. FF0D 6C5A0001 |DEC DWORD PTR DS:[1005A6C]
01003396 |. 8D8430 005700>|LEA EAX,DWORD PTR DS:[EAX+ESI+1005700]
0100339D |.^ 75 BD \JNZ SHORT winmine.0100335C
下面是我写的代码:
void AutoMine(int b_LB,int b_RB)
{
int iRow,iCol;
int iNub,iWidth,iHeight;
int x=20,y=60;
DWORD lpMineID;
BYTE lpBuffer;
HWND hMine= ::FindWindow(0,"扫雷");
::GetWindowThreadProcessId (hMine,&lpMineID);
HANDLE pMine=::OpenProcess(PROCESS_VM_READ,true,lpMineID);
if( pMine!=0)
{
::ReadProcessMemory(pMine,(void *)0x01005A6C,&lpBuffer,1,0);
iNub=int(lpBuffer);//雷数
::ReadProcessMemory(pMine,(void *)0x010056F8,&lpBuffer,1,0);
iWidth=int(lpBuffer);//雷区的宽度
::ReadProcessMemory(pMine,(void *)0x01005A68,&lpBuffer,1,0);
iHeight=int(lpBuffer);//雷区的高度
for (iRow=0;iRow<=iHeight;iRow++)
for(iCol=0;iCol<=iWidth;iCol++)
{
::ReadProcessMemory(pMine,(void *)(0x01005700+(iRow+1)*32+(iCol+1)),&lpBuffer,1,0);
//具体雷位置的标志,我跟到的是0x80,可是别人的文章里是0x8f
//不解?请教高手……
if(int(lpBuffer)==143)//这里如果是0x80就不正确,143=0x8f。
{
if(b_RB==1){
::SendMessage(hMine,WM_RBUTTONDOWN,0,MAKELPARAM(x+16*iCol,y+16*iRow));
::SendMessage(hMine,WM_RBUTTONUP,0,MAKELPARAM(x+16*iCol,y+16*iRow));
}
}
else
{
if(b_LB==1){
::SendMessage(hMine,WM_LBUTTONDOWN,0,MAKELPARAM(x+16*iCol,y+16*iRow));
::SendMessage(hMine,WM_LBUTTONUP,0,MAKELPARAM(x+16*iCol,y+16*iRow));
}
}
}
::CloseHandle(pMine);
}
else{::MessageBox(0,"要打开扫雷游戏的哇!",0,MB_OK);}
}
××××××××××××××××××××××××
===============================================
************************************************
请教:
0100337B |. F68431 005700>|TEST BYTE PTR DS:[ECX+ESI+1005700],80
;请教这里,这里明明是0x80
;可是别人的分析是0x8f,奇怪咯?郁闷的……
//具体雷位置的标志,我跟到的是0x80,可是别人的文章里是0x8f
//不解?请教高手……
if(int(lpBuffer)==143)//这里如果是0x80就不正确,143=0x8f。
小弟初学,问题很菜。。。望高手赐教……不胜感激。
下面是我用OLLYDBG拷贝下来的……
0100333C |. A3 F8560001 MOV DWORD PTR DS:[10056F8],EAX
01003341 |. 890D 685A0001 MOV DWORD PTR DS:[1005A68],ECX
01003347 |. E8 03FBFFFF CALL winmine.01002E4F
0100334C |. A1 C4520001 MOV EAX,DWORD PTR DS:[10052C4]
01003351 |. 893D 80510001 MOV DWORD PTR DS:[1005180],EDI
01003357 |. A3 6C5A0001 MOV DWORD PTR DS:[1005A6C],EAX
0100335C |> FF35 F8560001 /PUSH DWORD PTR DS:[10056F8]
01003362 |. E8 18050000 |CALL winmine.0100387F
01003367 |. FF35 685A0001 |PUSH DWORD PTR DS:[1005A68]
0100336D |. 8BF0 |MOV ESI,EAX
0100336F |. 46 |INC ESI
01003370 |. E8 0A050000 |CALL winmine.0100387F
01003375 |. 40 |INC EAX
01003376 |. 8BC8 |MOV ECX,EAX
01003378 |. C1E1 05 |SHL ECX,5
0100337B |. F68431 005700>|TEST BYTE PTR DS:[ECX+ESI+1005700],80 ;请教这里,这里明明是0x80
;可是别人的分析是0x8f,奇怪咯?郁闷的……
01003383 |.^ 75 D7 |JNZ SHORT winmine.0100335C
01003385 |. C1E0 05 |SHL EAX,5
01003388 |. 808C30 005700>|OR BYTE PTR DS:[EAX+ESI+1005700],80
01003390 |. FF0D 6C5A0001 |DEC DWORD PTR DS:[1005A6C]
01003396 |. 8D8430 005700>|LEA EAX,DWORD PTR DS:[EAX+ESI+1005700]
0100339D |.^ 75 BD \JNZ SHORT winmine.0100335C
下面是我写的代码:
void AutoMine(int b_LB,int b_RB)
{
int iRow,iCol;
int iNub,iWidth,iHeight;
int x=20,y=60;
DWORD lpMineID;
BYTE lpBuffer;
HWND hMine= ::FindWindow(0,"扫雷");
::GetWindowThreadProcessId (hMine,&lpMineID);
HANDLE pMine=::OpenProcess(PROCESS_VM_READ,true,lpMineID);
if( pMine!=0)
{
::ReadProcessMemory(pMine,(void *)0x01005A6C,&lpBuffer,1,0);
iNub=int(lpBuffer);//雷数
::ReadProcessMemory(pMine,(void *)0x010056F8,&lpBuffer,1,0);
iWidth=int(lpBuffer);//雷区的宽度
::ReadProcessMemory(pMine,(void *)0x01005A68,&lpBuffer,1,0);
iHeight=int(lpBuffer);//雷区的高度
for (iRow=0;iRow<=iHeight;iRow++)
for(iCol=0;iCol<=iWidth;iCol++)
{
::ReadProcessMemory(pMine,(void *)(0x01005700+(iRow+1)*32+(iCol+1)),&lpBuffer,1,0);
//具体雷位置的标志,我跟到的是0x80,可是别人的文章里是0x8f
//不解?请教高手……
if(int(lpBuffer)==143)//这里如果是0x80就不正确,143=0x8f。
{
if(b_RB==1){
::SendMessage(hMine,WM_RBUTTONDOWN,0,MAKELPARAM(x+16*iCol,y+16*iRow));
::SendMessage(hMine,WM_RBUTTONUP,0,MAKELPARAM(x+16*iCol,y+16*iRow));
}
}
else
{
if(b_LB==1){
::SendMessage(hMine,WM_LBUTTONDOWN,0,MAKELPARAM(x+16*iCol,y+16*iRow));
::SendMessage(hMine,WM_LBUTTONUP,0,MAKELPARAM(x+16*iCol,y+16*iRow));
}
}
}
::CloseHandle(pMine);
}
else{::MessageBox(0,"要打开扫雷游戏的哇!",0,MB_OK);}
}
××××××××××××××××××××××××
===============================================
************************************************
请教:
0100337B |. F68431 005700>|TEST BYTE PTR DS:[ECX+ESI+1005700],80
;请教这里,这里明明是0x80
;可是别人的分析是0x8f,奇怪咯?郁闷的……
//具体雷位置的标志,我跟到的是0x80,可是别人的文章里是0x8f
//不解?请教高手……
if(int(lpBuffer)==143)//这里如果是0x80就不正确,143=0x8f。
小弟初学,问题很菜。。。望高手赐教……不胜感激。
...全文
请发表友善的回复…
发表回复
