扫雷大概来说就是
| 墙 |
墙 |
墙 |
墙 |
墙 |
墙 |
| 墙 |
|
|
雷 |
|
墙 |
| 墙 |
|
雷 |
|
雷 |
墙 |
| 墙 |
雷 |
|
|
|
墙 |
| 墙 |
|
|
雷 |
|
墙 |
| 墙 |
墙 |
墙 |
墙 |
墙 |
墙 |
一个二维数组 0x8fU表示雷 0x10U表示墙,那么思路就有了。我们只要扫描内存,就可以知道哪些是雷哪些不是。然后更具位置可以计算出,对应的雷的相对坐标(基于扫雷程序的相对坐标)。这要感谢扫雷不能缩放。。。。那么只要我们用程序模拟鼠标把所有不是雷的方块全部左键单击一下即可。具体看代码。有注释。。
#include <windows.h>
#define REMOVEALL 1
#define bool int
#define TRUE 1
#define FALSE 0
#define gamex 14+6
#define gamey 56+6
#define nWith 180
#define nHeigh 100
#define MINE 0x8fU
#define WALL 0x10U
LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
int tq_debug();
int removeall();
HINSTANCE hInst;
int WINAPI WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpszCmdLine,
int nCmdShow)
{
HWND hWnd;
MSG msg;
WNDCLASS wc;
int x, y;
hInst = hInstance;
if (tq_debug() == 0)
{
MessageBox(NULL, TEXT("初始化失败!"), NULL, MB_OK | MB_ICONERROR);
return 0;
}
wc.style = 0;
wc.lpfnWndProc = (WNDPROC)WndProc;
wc.cbClsExtra = 0;
wc.cbWndExtra = 0;
wc.hInstance = hInstance;
wc.hIcon = LoadIcon(NULL, IDI_WINLOGO);
wc.hCursor = LoadCursor(NULL, IDC_ARROW);
wc.hbrBackground = (HBRUSH)(COLOR_WINDOW + 1);
wc.lpszMenuName = NULL;
wc.lpszClassName = TEXT("MyWndClass");
RegisterClass(&wc);
x = GetSystemMetrics(SM_CXSCREEN);
y = GetSystemMetrics(SM_CYSCREEN);
x = (x - nWith) / 2;
y = (y - nHeigh) / 2;
hWnd = CreateWindow(
TEXT("MyWndClass"),
TEXT("By:Serious Snow"),
WS_CAPTION | WS_POPUPWINDOW,
x,
y,
nWith,
nHeigh,
NULL,
NULL,
hInstance,
NULL);
ShowWindow(hWnd, nCmdShow);
UpdateWindow(hWnd);
while (GetMessage(&msg, NULL, 0, 0))
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
return msg.wParam;
}
LRESULT CALLBACK WndProc(HWND hWnd,
UINT message,
WPARAM wParam,
LPARAM lParam)
{
int wmId;
switch (message)
{
case WM_CREATE:
CreateWindow(TEXT("button"), TEXT("秒杀"), BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE, 10, 10, 140, 36, hWnd, (HMENU)REMOVEALL, hInst, NULL);
break; 0;
case WM_COMMAND:
wmId = LOWORD(wParam);
switch (wmId)
{
case REMOVEALL:
removeall();
break;
default:
return DefWindowProc(hWnd, message, wParam, lParam);
break;
}
break;
case WM_DESTROY:
PostQuitMessage(0);
break; 0;
}
return DefWindowProc(hWnd, message, wParam, lParam);
}
int removeall()
{
unsigned char gamebase[24][32];
DWORD high = 0, byteRead = 0, pid = 0;
WORD yx[2], y, x;
HANDLE hProcess = 0;
HWND hWindow = 0;
hWindow = FindWindow(TEXT("扫雷"), TEXT("扫雷"));
if (hWindow)
{
GetWindowThreadProcessId(hWindow, &pid);
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (hProcess)
{
if (ReadProcessMemory(hProcess, (LPCVOID)0x1005361, gamebase, 32 * 24, &byteRead)
&& byteRead == 32 * 24
&& ReadProcessMemory(hProcess, (LPVOID)0x1005338, &high, 4, &byteRead)
&& byteRead == 4)
{
for (y = 0; y < high; y++)
{
for (x = 0; x < 32; x++)
{
if (gamebase[y][x] == WALL)
break;
if (gamebase[y][x] != MINE)
{
yx[0] = gamex + x * 16;
yx[1] = gamey + y * 16;
PostMessage(hWindow, WM_LBUTTONDOWN, 0, *(INT *)yx);
PostMessage(hWindow, WM_LBUTTONUP, 0, *(INT *)yx);
}
}
}
CloseHandle(hProcess);
return 1;
}
}
}
return 0;
}
int tq_debug()
{
int retn;
TOKEN_PRIVILEGES token_privileges;
HANDLE pToken, hProcess;
hProcess = GetCurrentProcess();
OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &pToken);
LookupPrivilegeValueA(NULL, "SeDebugPrivilege", &token_privileges.Privileges->Luid);
token_privileges.PrivilegeCount = 1;
token_privileges.Privileges->Attributes = SE_PRIVILEGE_ENABLED;
retn = AdjustTokenPrivileges(pToken, 0, &token_privileges, (DWORD)0, NULL, NULL);
CloseHandle(hProcess);
return retn;
}
