游戏名:连连看v3.2 单机版
制作工具:VC6.0
用到工具: CE & OD
需要实现的功能: 废掉倒计时,随意消除方块
方法简介:
1 先用CE找到时间的内存地址
2 查看该内存地址
3 然后切换到游戏来单击游戏按钮
4 观察数据 可以发现 第一次单击按下 | 第二次不正确按下 | 正确的按下
5 OD 附加游戏,然后Ctrl+G 到第二次不正确按下的
6 向上找 跳转 然后 下断 就找到了如下图
备注:初学逆向与VC,不足欢迎指出,感谢
游戏与源码下载:https://download.****.net/download/weixin_44300440/10981267

下面是MFC的代码

// codeDlg.cpp : implementation file
//

#include "stdafx.h"
#include "code.h"
#include "codeDlg.h"

#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif

/////////////////////////////////////////////////////////////////////////////
// CCodeDlg dialog
HANDLE hProcess;
CCodeDlg::CCodeDlg(CWnd* pParent /*=NULL*/)
	: CDialog(CCodeDlg::IDD, pParent)
{
	//{{AFX_DATA_INIT(CCodeDlg)
		// NOTE: the ClassWizard will add member initialization here
	//}}AFX_DATA_INIT
	// Note that LoadIcon does not require a subsequent DestroyIcon in Win32
	m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}

void CCodeDlg::DoDataExchange(CDataExchange* pDX)
{
	CDialog::DoDataExchange(pDX);
	//{{AFX_DATA_MAP(CCodeDlg)
		// NOTE: the ClassWizard will add DDX and DDV calls here
	//}}AFX_DATA_MAP
}

BEGIN_MESSAGE_MAP(CCodeDlg, CDialog)
	//{{AFX_MSG_MAP(CCodeDlg)
	ON_WM_PAINT()
	ON_WM_QUERYDRAGICON()
	ON_BN_CLICKED(IDC_BUTTON1, OnButton1)
	//}}AFX_MSG_MAP
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CCodeDlg message handlers

BOOL CCodeDlg::OnInitDialog()
{
	DWORD Process_Id;
	CDialog::OnInitDialog();

	// Set the icon for this dialog.  The framework does this automatically
	//  when the application's main window is not a dialog
	SetIcon(m_hIcon, TRUE);			// Set big icon
	SetIcon(m_hIcon, FALSE);		// Set small icon
	
	// TODO: Add extra initialization here
	HWND hGame=::FindWindow("#32770","连连看");//获取游戏窗口句柄
	if(hGame == NULL) // 游戏窗口句柄获取失败后
	{
		::MessageBox(NULL,"请检查游戏是否运行!","错误",48);//弹出信息框 并退出
		exit(0);
	}else
	{
		::GetWindowThreadProcessId(hGame,&Process_Id);
		hProcess=::OpenProcess(PROCESS_ALL_ACCESS,FALSE,Process_Id); 
	}
	
	return TRUE;  // return TRUE  unless you set the focus to a control
}

// If you add a minimize button to your dialog, you will need the code below
//  to draw the icon.  For MFC applications using the document/view model,
//  this is automatically done for you by the framework.

void CCodeDlg::OnPaint() 
{
	if (IsIconic())
	{
		CPaintDC dc(this); // device context for painting

		SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);

		// Center icon in client rectangle
		int cxIcon = GetSystemMetrics(SM_CXICON);
		int cyIcon = GetSystemMetrics(SM_CYICON);
		CRect rect;
		GetClientRect(&rect);
		int x = (rect.Width() - cxIcon + 1) / 2;
		int y = (rect.Height() - cyIcon + 1) / 2;

		// Draw the icon
		dc.DrawIcon(x, y, m_hIcon);
	}
	else
	{
		CDialog::OnPaint();
	}
}

// The system calls this to obtain the cursor to display while the user drags
//  the minimized window.
HCURSOR CCodeDlg::OnQueryDragIcon()
{
	return (HCURSOR) m_hIcon;
}

void CCodeDlg::OnButton1() 
{
	// TODO: Add your control notification handler code here
	BYTE KillTime=0x90;//用来废掉倒计时
	BYTE zzllk[]={0x90,0x90,0x90,0x90,0x90,0x90};//用来随意消除
	if(::WriteProcessMemory(hProcess,(LPVOID)0x0040457A,&KillTime,sizeof(KillTime),NULL))//写入废掉倒计时数据到内存
	{
		if(::WriteProcessMemory(hProcess,(LPVOID)0x00403DC9,zzllk,sizeof(zzllk),NULL))//写入随意消除数据到内存
		{
		 	::MessageBox(NULL,"限制解除成功,可随意游戏!","系统提示",64);//写入成功后信息框提示
		}
	}else
	{
		::MessageBox(NULL,"限制解除失败!","系统提示",48);//写入失败后信息框提示
	}
	
}

效果图 随意消除不是梦