大战2013之二:破解浴火银河2硬盘版
续上文:
破解了IC卡读写器的动态库,实在让人心力交瘁,蛋疼之下,随便找了个游戏玩玩
一不小心,玩上浴火银河2硬盘版(Galaxy On Fire),这个游戏有很多个不同平台的版本
感觉移动好吃力,跑半天都不到目的地,我们这样的人怎么能忍受龟速?更不用说是蜗牛了!
于是抄家伙,疯狂破解!(- -!这家伙,破解上瘾了……)
最先破解的是后燃器的加速时间、冷却时间和加速倍率,我改过最高的如下:
加速时间1分钟,冷却1秒,加速1000倍!
主要是我想撞一个行星看看是什么样的效果,结果我飞了半天硬是没撞上!
而且,加速太快,摄像机跟不上,直接往后面看了……
因此,这一块就不跟大家共享了,只贴一张图证实真相:
一次加速就飞了4000多公里,星球还是望尘莫及,于是回头截个图……
破解出来比较实用的是修改飞船仓库容量和装甲等,先上个图:
我不想破解别人的东西,我只想传播下技术。
某人说,某人有些虚荣心,喜欢做些惊世骇俗的小动作,不为建功立业……
下面是动态库各个文件的C/C++源代码(按文件名顺序),编译为DLL即可调用(太累了,主程序不想写了,源码也在有空再上传了)。
API.DEF
EXPORTSReadShipsGetShipSetShipSaveShips
Exports.cpp
#include "Exports.h"#include "Ship.h"inline DWORD fnRev(DWORD dwNumber){// 转换字节序register DWORD dw1;dw1 = dwNumber << 24;dw1 |= (dwNumber << 8) & 0xFF0000;dw1 |= (dwNumber >> 8) & 0xFF00;dw1 |= (dwNumber >> 24) & 0xFF;return dw1;}// DLL入口函数BOOL APIENTRY DllMain(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved){//printf("hModule.%p lpReserved.%p \n", hModule, lpReserved);switch(ul_reason_for_call){case DLL_PROCESS_ATTACH:// 进程装载SpaceShips = (PSPACESHIP)malloc(sizeof(SPACESHIP) * 44);if(!SpaceShips)return FALSE;break;case DLL_PROCESS_DETACH:// 线程卸载if(SpaceShips != NULL){// ...free(SpaceShips);SpaceShips = NULL;}break;case DLL_THREAD_ATTACH:break;case DLL_THREAD_DETACH:break;}return TRUE;}EXPORT_API LONG __stdcall ReadShips(LPCSTR lpShipFile, DWORD *pHash){return (LONG)fnReadShips(lpShipFile, pHash);}EXPORT_API DWORD __stdcall GetShip(DWORD dwIndex, DWORD dwPropId){return fnGetShip(dwIndex, dwPropId);}EXPORT_API BOOL __stdcall SetShip(DWORD dwIndex, DWORD dwPropId, DWORD dwValue){return fnSetShip(dwIndex, dwPropId, dwValue);}EXPORT_API BOOL __stdcall SaveShips(LPCSTR lpShipFile){return fnSaveShips(lpShipFile);}
Exports.h
/**/#ifndef __GAL32_EXP_H_#define __GAL32_EXP_H_#if _MSC_VER > 1000#pragma once#endif // _MSC_VER > 1000//#define WIN32_LEAN_AND_MEAN#include <windows.h>#include <stdio.h>// FILE#define EXPORT_API __declspec(dllexport)#define DESDW(d) ((d << 24) | ((d << 16) & 0xFF0000) | ((d >> 8) & 0xFF00) | ((d >> 24) & 0xFF))extern inline DWORD fnRev(DWORD);#endif
Hash.cpp和Hash.h是计算MD5的,可以计算任意内存块的md5,目的是检测玩家是否修改了文件
以确定要修改,还是先做备份……主程序都没写,这个也不发上来了,而且容易泄露大侠我的加密风格……
Ship.cpp
//#include "Exports.h"#include "Ship.h"#include "Hash.h"PSPACESHIP SpaceShips;DWORD dwShipCount = 0;BOOL fnReadShips(LPCSTR lpShipFile, DWORD *pHash){// ..DWORD dwLoop;FILE *pfs = fopen(lpShipFile, "rb");if(pfs == NULL){// ..return 0;}dwShipCount = fread(SpaceShips, sizeof(SPACESHIP), 44, pfs);fclose(pfs);if(dwShipCount != 44){// ..return -1;}dwLoop = sizeof(SPACESHIP) * 44;// 用Hash判断是否是安全的文件fnCalcHash(SpaceShips, dwLoop, (DWORD)pHash);//for(dwLoop = 0; dwLoop < 44; dwLoop++)//{// ..//if(SpaceShips[dwLoop].dwIndex != dwLoop)//return -3;//}// 主调程序自动用fnSaveShips保存一个备份return dwLoop;}DWORD fnGetShip(DWORD dwIndex, DWORD dwPropId){// 返回值应小于0x3FFFFFFFif(dwIndex >= dwShipCount)return 0x80000000;switch(dwPropId){case 1:return fnRev(SpaceShips[dwIndex].dwArmor);break;case 2:return fnRev(SpaceShips[dwIndex].dwCargo);break;case 3:return fnRev(SpaceShips[dwIndex].dwPrice);break;case 4:return fnRev(SpaceShips[dwIndex].dwPriWeap);break;case 5:return fnRev(SpaceShips[dwIndex].dwSecWeap);break;case 6:return fnRev(SpaceShips[dwIndex].dwTurret);break;case 7:return fnRev(SpaceShips[dwIndex].dwEquip);break;case 8:return fnRev(SpaceShips[dwIndex].dwHandle);break;default:return fnRev(SpaceShips[dwIndex].dwIndex);break;}return 0x80000001;}BOOL fnSetShip(DWORD dwIndex, DWORD dwPropId, DWORD dwValue){// 返回值应小于0x3FFFFFFFif((dwIndex >= dwShipCount)||(dwValue >= 0x40000000))return FALSE;switch(dwPropId){case 1:SpaceShips[dwIndex].dwArmor = fnRev(dwValue);break;case 2:SpaceShips[dwIndex].dwCargo = fnRev(dwValue);break;case 3:SpaceShips[dwIndex].dwPrice = fnRev(dwValue);break;case 4:SpaceShips[dwIndex].dwPriWeap = fnRev(dwValue);break;case 5:SpaceShips[dwIndex].dwSecWeap = fnRev(dwValue);break;case 6:SpaceShips[dwIndex].dwTurret = fnRev(dwValue);break;case 7:SpaceShips[dwIndex].dwEquip = fnRev(dwValue);break;case 8:SpaceShips[dwIndex].dwHandle = fnRev(dwValue);break;default:SpaceShips[dwIndex].dwIndex = fnRev(dwValue);break;}return TRUE;}BOOL fnSaveShips(LPCSTR lpShipFile){// ..FILE *pfs = fopen(lpShipFile, "wb");if(pfs == NULL){// ..return FALSE;}dwShipCount = fwrite(SpaceShips, sizeof(SPACESHIP), 44, pfs);fclose(pfs);//if(dwShipCount != 44)return TRUE;}
Ship.h
/**/#ifndef __GAL32_SHIP_H_#define __GAL32_SHIP_H_#if _MSC_VER > 1000#pragma once#endif // _MSC_VER > 1000typedef struct _tagSpaceShip{DWORD dwIndex;DWORD dwArmor;DWORD dwCargo;DWORD dwPrice;DWORD dwPriWeap;DWORD dwSecWeap;DWORD dwTurret;DWORD dwEquip;DWORD dwHandle;} SPACESHIP, *PSPACESHIP;extern PSPACESHIP SpaceShips;extern DWORD dwShipCount;extern BOOL fnReadShips(LPCSTR, PDWORD);extern DWORD fnGetShip(DWORD, DWORD);extern BOOL fnSetShip(DWORD, DWORD, DWORD);extern BOOL fnSaveShips(LPCSTR);#endif
目前只公布修改飞船的代码,看看大家反应如何先,如果都有需要,那我就为人民服务一下下吧%……
2013-02-17 22:56:38
妈妈的,明天又要开工了