c#写游戏外挂，声明，本文为转载

本文介绍使用C#开发《植物大战僵尸》游戏辅助工具的过程，包括无线阳光、无线金钱及快速过关等功能实现。通过定时刷新游戏内存地址，实现资源无限，并提供了具体的代码示例。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

最近闲来无事发现周围的朋友都在玩《植物大战僵尸》的游戏！于是动了制作这游戏工具的念头！虽然在网上同类工具很多但是用C#写的我几乎看不到！所以我想用C#写一个！
首先用CE或者OD或者其他反汇编工具找出游戏的内存基址！
游戏内存基址：base = 0x006A9EC0
游戏阳光地址：[base+0x768]+0x5560
游戏金钱地址：[base+0x82C]+0x28
游戏关卡地址：[base+0x82C]+0x24 //关卡如：A-B 实际值为：（A-1）×10＋B
至于如何获取这些地址不在我们这论坛研究的范围中！
对了我是用工具vs2008编写的！
新建窗体：

C# code

using System;using System.Drawing;using System.Text;using

System.Windows.Forms;

namespace

PlantsVsZombiesTool

{

/// <summary> ///

/// </summary> public partial class

Form1 : Form

{

public

Form1()

{

InitializeComponent();

}

private void Form1_Load(object

sender, EventArgs e)

{

}

//启动无线阳光 private void btnGet_Click(object

sender, EventArgs e)

{

if (Helper.GetPidByProcessName(processName) == 0

)

{

MessageBox.Show(

"哥们启用之前游戏总该运行吧！"

);

return

;

}

if (btnGet.Text == "启用-阳光无限"

)

{

timer1.Enabled

= true

;

btnGet.Text

= "关闭-阳光无限"

;

}

else

{

timer1.Enabled

= false

;

btnGet.Text

= "启用-阳光无限"

;

}

private void timer1_Tick(object

sender, EventArgs e)

{

if (Helper.GetPidByProcessName(processName) == 0

)

{

timer1.Enabled

= false

;

btnGet.Text

= "启用-阳光无限"

;

}

int address = ReadMemoryValue(baseAddress); //读取基址(该地址不会改变) address = address + 0x768; //获取2级地址 address =

ReadMemoryValue(address);

address

= address + 0x5560; //获取存放阳光数值的地址 WriteMemory(address, 0x1869F); //写入数据到地址（0x1869F表示99999） timer1.Interval =1000

;

}

//启动无线金钱 private void btnMoney_Click(object

sender, EventArgs e)

{

if (Helper.GetPidByProcessName(processName) == 0

)

{

MessageBox.Show(

"哥们启用之前游戏总该运行吧！"

);

return

;

}

if (btnMoney.Text == "启用-金钱无限"

)

{

timer2.Enabled

= true

;

btnMoney.Text

= "关闭-金钱无限"

;

}

else

{

timer2.Enabled

= false

;

btnMoney.Text

= "启用-金钱无限"

;

}

private void timer2_Tick(object

sender, EventArgs e)

{

if (Helper.GetPidByProcessName(processName) == 0

)

{

timer2.Enabled

= false

;

btnMoney.Text

= "启用-金钱无限"

;

}

int address = ReadMemoryValue(baseAddress); //读取基址(该地址不会改变) address = address + 0x82C; //获取2级地址 address =

ReadMemoryValue(address);

address

= address + 0x28; //得到金钱地址 WriteMemory(address, 0x1869F); //写入数据到地址（0x1869F表示99999） timer2.Interval = 1000

;

}

private void btnGo_Click(object

sender, EventArgs e)

{

if (Helper.GetPidByProcessName(processName) == 0

)

{

MessageBox.Show(

"哥们启用之前游戏总该运行吧！"

);

return

;

}

int address = ReadMemoryValue(baseAddress); //读取基址(该地址不会改变) address = address + 0x82C; //获取2级地址 address =

ReadMemoryValue(address);

address

= address + 0x24

;

int lev = 1

;

try

{

lev

= int

.Parse(txtLev.Text.Trim());

}

catch

{

MessageBox.Show(

"输入的关卡格式不真确！默认设置为1"

);

}

WriteMemory(address, lev);

}

//读取制定内存中的值 public int ReadMemoryValue(int

baseAdd)

{

return

Helper.ReadMemoryValue(baseAdd, processName);

}

//将值写入指定内存中 public void WriteMemory(int baseAdd, int

value)

{

Helper.WriteMemoryValue(baseAdd, processName, value);

}

private int baseAddress = 0x006A9EC0; //游戏内存基址 private string processName = "PlantsVsZombies"; //游戏进程名字

}

下面这个类是整个工具的核心

C# code

using System;using

System.Text;

using System.Diagnostics;using

System.Runtime.InteropServices;

namespace

PlantsVsZombiesTool

{

public abstract class

Helper

{

[DllImportAttribute(

"kernel32.dll", EntryPoint = "ReadProcessMemory"

)]

public static extern bool

ReadProcessMemory

(

IntPtr hProcess,

IntPtr lpBaseAddress,

IntPtr lpBuffer,

int

nSize,

IntPtr lpNumberOfBytesRead

);

[DllImportAttribute(

"kernel32.dll", EntryPoint = "OpenProcess"

)]

public static extern

IntPtr OpenProcess

(

int

dwDesiredAccess,

bool

bInheritHandle,

int

dwProcessId

);

[DllImport(

"kernel32.dll"

)]

private static extern void

CloseHandle

(

IntPtr hObject

);

//写内存 [DllImportAttribute("kernel32.dll", EntryPoint = "WriteProcessMemory"

)]

public static extern bool

WriteProcessMemory

(

IntPtr hProcess,

IntPtr lpBaseAddress,

int

[] lpBuffer,

int

nSize,

IntPtr lpNumberOfBytesWritten

);

//获取窗体的进程标识ID public static int GetPid(string

windowTitle)

{

int rs = 0

;

Process[] arrayProcess

Process.GetProcesses();

foreach (Process p in

arrayProcess)

{

if (p.MainWindowTitle.IndexOf(windowTitle) != -1

)

{

p.Id;

break

;

}

return

rs;

}

//根据进程名获取PID public static int GetPidByProcessName(string

processName)

{

Process[] arrayProcess

Process.GetProcessesByName(processName);

foreach (Process p in

arrayProcess)

{

return

p.Id;

}

return 0

;

}

//根据窗体标题查找窗口句柄（支持模糊匹配） public static IntPtr FindWindow(string

title)

{

Process[] ps

Process.GetProcesses();

foreach (Process p in

ps)

{

if (p.MainWindowTitle.IndexOf(title) != -1

)

{

return

p.MainWindowHandle;

}

return

IntPtr.Zero;

}

//读取内存中的值 public static int ReadMemoryValue(int baseAddress,string

processName)

{

try

{

byte[] buffer = new byte[4

];

IntPtr byteAddress

= Marshal.UnsafeAddrOfPinnedArrayElement(buffer, 0); //获取缓冲区地址 IntPtr hProcess = OpenProcess(0x1F0FFF, false

, GetPidByProcessName(processName));

ReadProcessMemory(hProcess, (IntPtr)baseAddress, byteAddress,

4, IntPtr.Zero); //将制定内存中的值读入缓冲区

CloseHandle(hProcess);

return

Marshal.ReadInt32(byteAddress);

}

catch

{

return 0

;

}

//将值写入指定内存地址中 public static void WriteMemoryValue(int baseAddress, string processName, int

value)

{

IntPtr hProcess

= OpenProcess(0x1F0FFF, false, GetPidByProcessName(processName)); //0x1F0FFF 最高权限 WriteProcessMemory(hProcess, (IntPtr)baseAddress, new int[] { value }, 4

, IntPtr.Zero);

CloseHandle(hProcess);

}