#include #include #include #include uintptr_t GetModuleBaseAddress ( DWORD procId, const wchar_t* modName) { uintptr_t baseAddress = 0; HANDLE hSnap = CreateToolhelp32Snapshot ( TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId) ;if ( hSnap != INVALID_HANDLE_VALUE) { MODULEENTRY32W modEntry; modEntry.dwSize = sizeof ( modEntry) ;if ( Module32FirstW ( hSnap, &modEntry) ) { do { if ( !_wcsicmp ( modEntry.szModule, modName) ) { baseAddress = ( uintptr_t) modEntry.modBaseAddr; break;} } while ( Module32NextW ( hSnap, &modEntry) );} } CloseHandle ( hSnap) ; return baseAddress;} int main ( ) { DWORD procId = 0; HWND hGame = FindWindowW ( NULL, L"窗口标题") ; if ( !hGame) { std::cerr << "未找到游戏窗口!" << std::endl; return -1;} GetWindowThreadProcessId ( hGame, &procId) ; HANDLE hProcess = OpenProcess ( PROCESS_ALL_ACCESS, FALSE, procId) ;if ( !hProcess) { std::cerr << "无法打开进程!" << std::endl; return -1;} uintptr_t baseAddress = GetModuleBaseAddress ( procId, L"AMo.exe") ;if ( !baseAddress) { std::cerr << "无法获取模块基地址!" << std::endl;CloseHandle ( hProcess) ; return -1;} uintptr_t injectAddress = baseAddress + 0x106BB2; LPVOID newMem = VirtualAllocEx ( hProcess, NULL, 2048, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE) ;if ( !newMem) { std::cerr << "内存分配失败!" << std::endl;CloseHandle ( hProcess) ; return -1;} std::vector newMemCode = { 0xC7, 0x86, 0x34, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } ;WriteProcessMemory ( hProcess, newMem, newMemCode.data ( ) , newMemCode.size ( ) , NULL) ; int32_t jmpOffset = ( int32_t) ( ( uintptr_t) newMem - ( injectAddress + 5) ); std::vector jmpInstruction = { 0xE9 } ; jmpInstruction.insert ( jmpInstruction.end ( ) , ( uint8_t*) &jmpOffset, ( uint8_t*) &jmpOffset + sizeof ( jmpOffset) ); jmpInstruction.insert ( jmpInstruction.end ( ) , 4, 0x90) ; DWORD oldProtect;VirtualProtectEx ( hProcess, ( LPVOID) injectAddress, jmpInstruction.size ( ) , PAGE_EXECUTE_READWRITE, &oldProtect) ;WriteProcessMemory ( hProcess, ( LPVOID) injectAddress, jmpInstruction.data ( ) , jmpInstruction.size ( ) , NULL) ;VirtualProtectEx ( hProcess, ( LPVOID) injectAddress, jmpInstruction.size ( ) , oldProtect, &oldProtect) ; std::cout << "代码注入成功!" << std::endl;system ( "pause") ;CloseHandle ( hProcess) ; return 0;}