要知道怎么过“-mh”命令,首先得知道地图的“-mh”做了些什么事情,从地图提取出war3map.j文件,搜索关键词“可能作弊”检测MH的触发器
function Trig_EagelAMH_Actions takes nothing returns nothingcall DisableTrigger(GetTriggeringTrigger())call PolledWait(2.00)call EnableTrigger(gg_trg_EagelSeekA)call EnableTrigger(gg_trg_EagelSeekB)call SetUserControlForceOff(bj_FORCE_ALL_PLAYERS)call CreateNUnitsAtLoc(1,'hfoo',Player(15),udg_EagelAMHp,bj_UNIT_FACING)set udg_EagelAMHu=bj_lastCreatedUnitset bj_forLoopAIndex=1set bj_forLoopAIndexEnd=12loopexitwhen bj_forLoopAIndex>bj_forLoopAIndexEndif(Trig_EagelAMH_Func007Func001C())thencall CreateFogModifierRadiusLocBJ(true,Player(-1+(bj_forLoopAIndex)),FOG_OF_WAR_VISIBLE,udg_EagelAMHp,512)set udg_EagelAMHfog[bj_forLoopAIndex]=bj_lastCreatedFogModifiercall SelectUnitForPlayerSingle(udg_EagelAMHu,Player(-1+(bj_forLoopAIndex)))call DestroyFogModifier(udg_EagelAMHfog[bj_forLoopAIndex])endifset bj_forLoopAIndex=bj_forLoopAIndex+1endloopcall PolledWait(1.)call RemoveUnit(udg_EagelAMHu)call TriggerExecute(gg_trg_EagelPrint)call SetUserControlForceOn(bj_FORCE_ALL_PLAYERS)call DisableTrigger(gg_trg_EagelSeekA)call DisableTrigger(gg_trg_EagelSeekB)call EnableTrigger(GetTriggeringTrigger())endfunction
创建一个单位,再选中单位是一般地图反MH的做法,Lynn的那篇文章说的也是这种,而新真三蓝宝石也是使用了这种种方法来检测MH,先调用CreateFogModifierRadiusLocBJ,创建一块迷雾,再该坐标创建一个单位(好像是个人族步兵),然后再让玩家选择该单位,反正我们的目的就是破坏这段代码的功能,最直接的就是让他不做事,直接retn(好像没什么技术含量,都是Lynn说过的...)...
下面给出关键C++代码
void CbypassDlg::OnBnClickedPatch(){ // TODO: 在此添加控件通知处理程序代码 DWORD pid; HWND hwar3=::FindWindow(L"Warcraft III",L"Warcraft III"); if(!hwar3) { MessageBox(L"can't find Warcraft III!"); return; } GetWindowThreadProcessId(hwar3, &pid); HANDLE hopen = OpenProcess(PROCESS_ALL_ACCESS, false, pid);// BYTE _data1[]= {0x33,0xC0,0xE9,0x96,0x01,0x00,0x00,0x90,0x90,0x90,0x90,0x90};//改写CreateFogModifierRadiusLoc 函数入口处的代码 BYTE _data2[]= { 0x33,0xC0,0xE9,0xFC,0x00,0x00,0x00,0x90,0x90,0x90,0x90,0x90};//改写SelectUnit函数入口处的代码 //CreateFogModifierRadiusLoc 函数入口处 地址为0x6F2B3170 //SelectUnit函数入口处 地址为 0x6F2C59A0// if(!WriteProcessMemory(hopen,(LPVOID)(0x6F2B3170), &_data1,12, NULL) || !WriteProcessMemory(hopen,(LPVOID)(0x6F2C59A0), &_data2,12, NULL)) if(!WriteProcessMemory(hopen,(LPVOID)(0x6F2C59A0), &_data2,12, NULL)) { MessageBox(L"patch error!"); return; } else MessageBox(L"success!");}
在上面的代码里可以看到我注释掉了修改CreateFogModifierRadiusLoc 函数入口处的部分,因为这样做是不行的,也就是说任何创建单位,创建物品之类的函数,如果retn掉的话,魔兽就会出现数据同步错误而掉线,所以只能修改操作函数,而不能修改影响魔兽数据的函数(在这里曾经犯过错误= =!)...
void CbypassDlg::OnBnClickedRecovery(){ // 恢复函数 DWORD pid; HWND hwar3=::FindWindow(L"Warcraft III",L"Warcraft III"); if(!hwar3) { MessageBox(L"can't find Warcraft III!"); return; } GetWindowThreadProcessId(hwar3, &pid); HANDLE hopen = OpenProcess(PROCESS_ALL_ACCESS, false, pid);// BYTE _data1[]= {0x55,0x8B,0xEC,0x83,0xEC,0x3C,0x8B,0x0D,0xBC,0x22,0x87,0x6F}; BYTE _data2[]= { 0x55,0x8B,0xEC,0x83,0xEC,0x08,0x8B,0x0D,0xBC,0x22,0x87,0x6F};// if(!WriteProcessMemory(hopen,(LPVOID)(0x6F2B3170), &_data1,12, NULL) || !WriteProcessMemory(hopen,(LPVOID)(0x6F2C59A0), &_data2,12, NULL)) if(!WriteProcessMemory(hopen,(LPVOID)(0x6F2C59A0), &_data2,12, NULL)) { MessageBox(L"recovery error!"); return; } else MessageBox(L"success!");} ============================================还是分割线===========================
相信已经说的够清楚了,程序源代码也没必要给出了,有上面两处关键代码就足够了