大战2013之二:破解浴火银河2硬盘版
程序员文章站
2022-06-08 19:18:13
...
续上文: 破解了IC卡读写器的动态库,实在让人心力交瘁,蛋疼之下,随便找了个游戏玩玩 一不小心,玩上浴火银河2硬盘版(Galaxy On Fire),这个游戏有很多个不同平台的版本 感觉移动好吃力,跑半天都不到目的地,我们这样的人怎么能忍受龟速?更不用说是蜗
续上文:
破解了IC卡读写器的动态库,实在让人心力交瘁,蛋疼之下,随便找了个游戏玩玩
一不小心,玩上浴火银河2硬盘版(Galaxy On Fire),这个游戏有很多个不同平台的版本
感觉移动好吃力,跑半天都不到目的地,我们这样的人怎么能忍受龟速?更不用说是蜗牛了!
于是抄家伙,疯狂破解!(- -!这家伙,破解上瘾了……)
最先破解的是后燃器的加速时间、冷却时间和加速倍率,我改过最高的如下:
加速时间1分钟,冷却1秒,加速1000倍!
主要是我想撞一个行星看看是什么样的效果,结果我飞了半天硬是没撞上!
而且,加速太快,摄像机跟不上,直接往后面看了……
因此,这一块就不跟大家共享了,只贴一张图证实真相:
一次加速就飞了4000多公里,星球还是望尘莫及,于是回头截个图……
破解出来比较实用的是修改飞船仓库容量和装甲等,先上个图:
我不想破解别人的东西,我只想传播下技术。
某人说,某人有些虚荣心,喜欢做些惊世骇俗的小动作,不为建功立业……
下面是动态库各个文件的C/C++源代码(按文件名顺序),编译为DLL即可调用(太累了,主程序不想写了,源码也在有空再上传了)。
API.DEF
EXPORTS ReadShips GetShip SetShip SaveShips
Exports.cpp
#include "Exports.h"
#include "Ship.h"
inline DWORD fnRev(DWORD dwNumber)
{ // 转换字节序
register DWORD dw1;
dw1 = dwNumber > 8) & 0xFF00;
dw1 |= (dwNumber >> 24) & 0xFF;
return dw1;
}
// DLL入口函数
BOOL APIENTRY DllMain(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{ //printf("hModule.%p lpReserved.%p \n", hModule, lpReserved);
switch(ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
// 进程装载
SpaceShips = (PSPACESHIP)malloc(sizeof(SPACESHIP) * 44);
if(!SpaceShips)
return FALSE;
break;
case DLL_PROCESS_DETACH:
// 线程卸载
if(SpaceShips != NULL)
{ // ...
free(SpaceShips);
SpaceShips = NULL;
}
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
}
return TRUE;
}
EXPORT_API LONG __stdcall ReadShips(LPCSTR lpShipFile, DWORD *pHash)
{ return (LONG)fnReadShips(lpShipFile, pHash);
}
EXPORT_API DWORD __stdcall GetShip(DWORD dwIndex, DWORD dwPropId)
{ return fnGetShip(dwIndex, dwPropId);
}
EXPORT_API BOOL __stdcall SetShip(DWORD dwIndex, DWORD dwPropId, DWORD dwValue)
{ return fnSetShip(dwIndex, dwPropId, dwValue);
}
EXPORT_API BOOL __stdcall SaveShips(LPCSTR lpShipFile)
{ return fnSaveShips(lpShipFile);
}
Exports.h
/**/ #ifndef __GAL32_EXP_H_ #define __GAL32_EXP_H_ #if _MSC_VER > 1000 #pragma once #endif // _MSC_VER > 1000 //#define WIN32_LEAN_AND_MEAN #include#include // FILE #define EXPORT_API __declspec(dllexport) #define DESDW(d) ((d > 8) & 0xFF00) | ((d >> 24) & 0xFF)) extern inline DWORD fnRev(DWORD); #endif
Hash.cpp和Hash.h是计算MD5的,可以计算任意内存块的md5,目的是检测玩家是否修改了文件
以确定要修改,还是先做备份……主程序都没写,这个也不发上来了,而且容易泄露大侠我的加密风格……
Ship.cpp
//
#include "Exports.h"
#include "Ship.h"
#include "Hash.h"
PSPACESHIP SpaceShips;
DWORD dwShipCount = 0;
BOOL fnReadShips(LPCSTR lpShipFile, DWORD *pHash)
{ // ..
DWORD dwLoop;
FILE *pfs = fopen(lpShipFile, "rb");
if(pfs == NULL)
{ // ..
return 0;
}
dwShipCount = fread(SpaceShips, sizeof(SPACESHIP), 44, pfs);
fclose(pfs);
if(dwShipCount != 44)
{ // ..
return -1;
}
dwLoop = sizeof(SPACESHIP) * 44;
// 用Hash判断是否是安全的文件
fnCalcHash(SpaceShips, dwLoop, (DWORD)pHash);
//for(dwLoop = 0; dwLoop = dwShipCount)
return 0x80000000;
switch(dwPropId){
case 1:
return fnRev(SpaceShips[dwIndex].dwArmor);
break;
case 2:
return fnRev(SpaceShips[dwIndex].dwCargo);
break;
case 3:
return fnRev(SpaceShips[dwIndex].dwPrice);
break;
case 4:
return fnRev(SpaceShips[dwIndex].dwPriWeap);
break;
case 5:
return fnRev(SpaceShips[dwIndex].dwSecWeap);
break;
case 6:
return fnRev(SpaceShips[dwIndex].dwTurret);
break;
case 7:
return fnRev(SpaceShips[dwIndex].dwEquip);
break;
case 8:
return fnRev(SpaceShips[dwIndex].dwHandle);
break;
default:
return fnRev(SpaceShips[dwIndex].dwIndex);
break;
}
return 0x80000001;
}
BOOL fnSetShip(DWORD dwIndex, DWORD dwPropId, DWORD dwValue)
{ // 返回值应小于0x3FFFFFFF
if((dwIndex >= dwShipCount)||(dwValue >= 0x40000000))
return FALSE;
switch(dwPropId){
case 1:
SpaceShips[dwIndex].dwArmor = fnRev(dwValue);
break;
case 2:
SpaceShips[dwIndex].dwCargo = fnRev(dwValue);
break;
case 3:
SpaceShips[dwIndex].dwPrice = fnRev(dwValue);
break;
case 4:
SpaceShips[dwIndex].dwPriWeap = fnRev(dwValue);
break;
case 5:
SpaceShips[dwIndex].dwSecWeap = fnRev(dwValue);
break;
case 6:
SpaceShips[dwIndex].dwTurret = fnRev(dwValue);
break;
case 7:
SpaceShips[dwIndex].dwEquip = fnRev(dwValue);
break;
case 8:
SpaceShips[dwIndex].dwHandle = fnRev(dwValue);
break;
default:
SpaceShips[dwIndex].dwIndex = fnRev(dwValue);
break;
}
return TRUE;
}
BOOL fnSaveShips(LPCSTR lpShipFile)
{ // ..
FILE *pfs = fopen(lpShipFile, "wb");
if(pfs == NULL)
{ // ..
return FALSE;
}
dwShipCount = fwrite(SpaceShips, sizeof(SPACESHIP), 44, pfs);
fclose(pfs);
//if(dwShipCount != 44)
return TRUE;
}
Ship.h
/**/
#ifndef __GAL32_SHIP_H_
#define __GAL32_SHIP_H_
#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000
typedef struct _tagSpaceShip{
DWORD dwIndex;
DWORD dwArmor;
DWORD dwCargo;
DWORD dwPrice;
DWORD dwPriWeap;
DWORD dwSecWeap;
DWORD dwTurret;
DWORD dwEquip;
DWORD dwHandle;
} SPACESHIP, *PSPACESHIP;
extern PSPACESHIP SpaceShips;
extern DWORD dwShipCount;
extern BOOL fnReadShips(LPCSTR, PDWORD);
extern DWORD fnGetShip(DWORD, DWORD);
extern BOOL fnSetShip(DWORD, DWORD, DWORD);
extern BOOL fnSaveShips(LPCSTR);
#endif
目前只公布修改飞船的代码,看看大家反应如何先,如果都有需要,那我就为人民服务一下下吧%……
2013-02-17 22:56:38
妈妈的,明天又要开工了
推荐阅读