最近某款小游戏爆火,一时间大家都在熬夜点点点,看广告想办法通关。论坛中也涌现很多大佬开发小工具帮助大家通关过瘾,js,c#,python版本的都有。
偶然一次看到两篇有用易语言从内存获取Token的工具比较跟兴趣,于是自己开始从各个网站、论坛,搜集关于Python读取内存数据的文章。
最终经过不断的改进,测试,终于成功了,下面跟大家分享下成功的喜悦!
大部分代码都是从网上摘取的,由于阅读的文章实在太多了,记不清是哪篇文章,实在抱歉。
再此声明: 代码仅提供在论坛学习讨论用,如若他人用于非法、破坏、篡改行为,均与本人无关
如若违规,烦请管理员删帖,不要记大过,谢谢~
[Python] 纯文本查看 复制代码
import ctypes
from ctypes import *
from ctypes.wintypes import *
import json
import psutil
import re
import sys
import win32api
from win32con import PROCESS_ALL_ACCESS
k32 = WinDLL('kernel32')
k32.OpenProcess.restype = HANDLE
k32.OpenProcess.argtypes = DWORD, BOOL, DWORD
k32.ReadProcessMemory.restype = BOOL
k32.ReadProcessMemory.argtypes = HANDLE, LPVOID, LPVOID, c_size_t, POINTER(c_size_t)
BUF_SIZE = 1024 * 500
prodess_name = '????.exe'
pattern = re.compile('(?<=("token":"))[.\\w]*?(?=(","))')
def get_proc_pid():
for proc in psutil.process_iter():
if proc.name() == prodess_name:
p_proc = psutil.Process(proc.pid)
return p_proc.parent().pid
def rpm(pid, address):
process = k32.OpenProcess(PROCESS_ALL_ACCESS, False, pid)
buf = create_string_buffer(BUF_SIZE)
s = c_size_t()
mem_data = k32.ReadProcessMemory(process, address, buf, BUF_SIZE, byref(s))
return address + BUF_SIZE, str(buf.raw)
def get_app_token(pid):
start_address = 0x05890000 # 0x00380000 0x05890000
end_address = 0xFF9F0000
data = rpm(pid, start_address)
token = pattern.search(data[1])
while not token and data[0] < end_address:
data = rpm(pid, data[0])
token = pattern.search(data[1])
if token:
break
token = token.group()
print('当前Token:\n' + token + '\n')
return token
if __name__ == '__main__':
pid = get_proc_pid()
if not pid:
print('请确认游戏已打开')
sys.exit()
token = get_app_token(pid)
环境是
1. python39
2. win10
操作步骤
1. 保存代码
2. 替换prodess_name
3. 打开游戏
4. 执行脚本 | 
[复制链接]
发表于 2022-9-26 18:46
|
发表于 2022-9-27 00:01
