想做个游戏修改器,可是遇到了问题,请高手指教.(关于readprocessmemory和进程的问题)(50分)

我想做一个仙剑2的游戏修改器,该游戏的进程名是pal2.tmp0,进程ID都已经找到了,可为什么就是不能显示出体力的值呢?<br>源程序如下,无法正确地显示出内存的数值呢?<br><br>unit Unit1;<br><br>interface<br><br>uses<br>&nbsp; Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,<br>&nbsp; Dialogs,tlhelp32, StdCtrls;<br><br>type<br>&nbsp; TForm1 = class(TForm)<br>&nbsp; &nbsp; Button1: TButton;<br>&nbsp; &nbsp; Edit1: TEdit;<br>&nbsp; &nbsp; procedure Button1Click(Sender: TObject);<br>&nbsp; private<br>&nbsp; &nbsp; { Private declarations }<br>&nbsp; public<br>&nbsp; &nbsp; { Public declarations }<br>&nbsp; end;<br><br><br>var<br>&nbsp; Form1: TForm1;<br>&nbsp; theprohandle:Thandle;<br>&nbsp; c1:integer;<br>implementation<br><br>{$R *.dfm}<br><br>procedure TForm1.Button1Click(Sender: TObject);<br>var<br>&nbsp;cLoop:boolean;<br>&nbsp;FSnapshotHandle:THandle;<br>&nbsp;FProcessEntry32:TProcessEntry32;<br>&nbsp;addre:integer;<br>&nbsp;re:cardinal;<br>begin<br>addre:=$72c2e4;//游戏里存放体力值的内存地址,用金山游侠查出来的.<br>&nbsp;FSnapshotHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);<br>&nbsp;FProcessEntry32.dwSize:=Sizeof(FProcessEntry32);<br>&nbsp;cLoop:=Process32First(FSnapshotHandle,FProcessEntry32);<br>&nbsp;while integer(cLoop)&lt;&gt;0 do<br>&nbsp;begin<br>&nbsp; &nbsp;if FProcessEntry32.szExeFile='PAL2.TMP0' then<br>&nbsp; &nbsp; &nbsp;begin<br>&nbsp; &nbsp; &nbsp;theprohandle:=OpenProcess(PROCESS_ALL_ACCESS or PROCESS_TERMINATE or PROCESS_VM_OPERATION or PROCESS_VM_READ or PROCESS_VM_WRITE,false,FProcessEntry32.th32processid); &nbsp;//打开进程并得到读与权限<br>&nbsp; &nbsp; &nbsp;end;<br>&nbsp; &nbsp;cLoop:=Process32Next(FSnapshotHandle,FProcessEntry32);<br>&nbsp;end;<br>if theprohandle=0 then<br>showmessage('游戏没运行')<br>else<br>&nbsp; begin<br>&nbsp; readprocessmemory(theprohandle,@addre,@c1,4,re);<br>&nbsp; showmessage('体力:'+inttostr(c1));//这里总是显示1<br>&nbsp; end;<br><br>end;<br><br><br>end.

我找了一个小的游戏做试验发现用两findwindow可以成功找到线程.但是用上面的方法就不行了,这到底是什么事?我用两种方法找到的线程ID都是一样的可是,再用<br>OpenProcess(PROCESS_ALL_ACCESS or PROCESS_TERMINATE or PROCESS_VM_OPERATION or PROCESS_VM_READ or PROCESS_VM_WRITE,false,pid);打开进程句柄,居然会不一样.<br>两种法的pid是一样的.怎么会有这样的问题????<br>源程序如下:<br>unit Unit1;<br><br>interface<br><br>uses<br>&nbsp; Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,<br>&nbsp; Dialogs,tlhelp32, StdCtrls;<br><br>type<br>&nbsp; TForm1 = class(TForm)<br>&nbsp; &nbsp; Button1: TButton;<br>&nbsp; &nbsp; Edit1: TEdit;<br>&nbsp; &nbsp; procedure Button1Click(Sender: TObject);<br>&nbsp; private<br>&nbsp; &nbsp; { Private declarations }<br>&nbsp; public<br>&nbsp; &nbsp; { Public declarations }<br>&nbsp; end;<br><br><br>var<br>&nbsp; Form1: TForm1;<br>&nbsp; theprohandle,theprohandle2:Thandle;<br>&nbsp; whwnd,pid:hwnd;<br>&nbsp; c1:integer;<br>implementation<br><br>{$R *.dfm}<br><br>procedure TForm1.Button1Click(Sender: TObject);<br>var<br>&nbsp;cLoop:boolean;<br>&nbsp;FSnapshotHandle:THandle;<br>&nbsp;FProcessEntry32:TProcessEntry32;<br>begin<br>&nbsp;FSnapshotHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);<br>&nbsp;FProcessEntry32.dwSize:=Sizeof(FProcessEntry32);<br>&nbsp;cLoop:=Process32First(FSnapshotHandle,FProcessEntry32);<br>&nbsp;while integer(cLoop)&lt;&gt;0 do<br>&nbsp;begin<br>&nbsp; &nbsp;if FProcessEntry32.szExeFile='down100.EXE' then<br>&nbsp; &nbsp; &nbsp;begin<br>&nbsp; &nbsp; &nbsp;theprohandle:=OpenProcess(PROCESS_ALL_ACCESS or PROCESS_TERMINATE or PROCESS_VM_OPERATION or PROCESS_VM_READ or PROCESS_VM_WRITE,false,FProcessEntry32.th32ProcessID);//FProcessEntry32.th32ProcessID的值是1444跟下面的pid一样.<br>&nbsp; &nbsp; &nbsp;showmessage(inttostr(theprohandle));//这里显示1848,不是我要的句柄.<br>&nbsp; &nbsp; &nbsp;end;<br>&nbsp; &nbsp;cLoop:=Process32Next(FSnapshotHandle,FProcessEntry32);<br>&nbsp;end;<br>&nbsp;closehandle(FSnapshothandle);<br><br>//findowindow的方法<br>&nbsp; whwnd:=findwindow(nil,'NS-SHAFT');<br>if whwnd=0 then<br>&nbsp; &nbsp;showmessage('游戏没打开')<br>else<br>&nbsp; begin<br>&nbsp; GetWindowThreadProcessId(whwnd,@pid); // 从窗口句柄得到进程ID,pid的值显示为1444跟上面一样.<br>&nbsp; theprohandle2:=OpenProcess(PROCESS_ALL_ACCESS or PROCESS_TERMINATE or PROCESS_VM_OPERATION or PROCESS_VM_READ or PROCESS_VM_WRITE,false,pid); <br>&nbsp; if theprohandle2=0 then<br>&nbsp; showmessage('失败')<br>&nbsp; else<br>&nbsp; begin<br>&nbsp; showmessage(inttostr(theprohandle2));//这里显示1852,是正确的句柄<br>&nbsp; end;<br>&nbsp; end;<br>end;<br><br>end.<br><br><br>这到底是怎么回事?相同的ID居然有不同的句柄?<br>我把这个小游戏放在了这个网址,请大家有空的话<br>http://www.168mm.com/down100.rar<br>帮我调试一下.

可能仙剑用的是双效验。<br>我的qq:71892967,欢迎交流<br><br>to 楼下：我讲的是内存双效验！！！

这不是双效验的原因.因为进程的句柄与程序是不是双效验应该没有关系.<br>我曾经试过用在一个过程中findwindow和GetWindowThreadProcessId和OpenProcess得到一个进程句柄,用showmessage显示出来.点第一次和点第二次显示的东西居然也会不一样.所以到底是怎么回事.我也不清楚.希望有高手回答一下.

兄弟我初步实现了一个游戏修改器(象金山那样查找的)，你要不要代码？<br>代码我已经上传，可以在这里下栽，现在只是初步实现，修改另一个程序的全局变量<br>http://www.efile.com.cn/?liumazi

我在上面讲的压缩包中加了一个小游戏，可以修改成功

好学习一下。

游戏修改器代码已重新上传，解决了原来一些<br>小问题，现在已经可以正常修改我在包中提供<br>的两个程序，请到这里下栽其代码：<br>http://www.efile.com.cn/?liumazi

to koy0755：<br>GetWindowThreadProcessId和OpenProcess<br>好象他们返回值的意义不一样<br>