import User32 from '../winapi/user32' import Kernel32 from '../winapi/kernel32' class L07 { private module_name_winmine = "winmine.exe"; private module_winmine: Module; private offset地雷数量: number = 0x56a4; private offset棋盘高度: number = 0x56a8; private offset棋盘宽度: number = 0x56ac; private height: number = 0; private width: number = 0; private mine_count: number = 0; private head: NativePointer = ptr(0); hWnd: NativePointer = ptr(0); constructor() { console.log( "======================", new Date().toISOString(), "==========================" ); console.log("Frida.version", Frida.version); //获取模块基址 this.module_winmine = Process.getModuleByName(this.module_name_winmine); // this.module_winmine = Process.mainModule console.log("module_winmine", JSON.stringify(this.module_winmine)); // 初始化游戏相关数据 this.height = this.module_winmine.base.add(this.offset棋盘高度).readU32(); this.width = this.module_winmine.base.add(this.offset棋盘宽度).readU32(); this.mine_count = this.module_winmine.base.add(this.offset地雷数量).readU32(); this.head = this.module_winmine.base.add(0x5340); this.hWnd = this.module_winmine.base.add(0x5B24).readPointer(); } board_repaint() { const lpRect = Memory.alloc(4 * 4); User32.GetClientRect(this.hWnd, lpRect); User32.InvalidateRect(this.hWnd, lpRect, 1); } 将目标窗口切换到前台() { let hForeWnd = User32.GetForegroundWindow(); let dwCurID = Kernel32.GetCurrentThreadId(); let dwForeID = User32.GetWindowThreadProcessId(hForeWnd, ptr(0)); User32.AttachThreadInput(dwCurID, dwForeID, 1); User32.ShowWindow(this.hWnd, User32.Const.SW_RESTORE); User32.SetForegroundWindow(this.hWnd) User32.SetWindowPos(this.hWnd, User32.Const.HWND_TOPMOST, 0, 0, 0, 0, User32.Const.SWP_NOSIZE | User32.Const.SWP_NOMOVE); User32.SetWindowPos(this.hWnd, User32.Const.HWND_NOTOPMOST, 0, 0, 0, 0, User32.Const.SWP_NOSIZE | User32.Const.SWP_NOMOVE); User32.AttachThreadInput(dwCurID, dwForeID, 0); } run() { //遍历棋盘,按行遍历 for (let i = 0; i < this.height + 2; i++) { //按列遍历 let data = []; for (let j = 0; j < this.width + 2; j++) { let byte_data = this.head.add(j + 0x20 * i).readU8(); data.push(byte_data.toString(16).padStart(2, "0")); // 如果是地雷,将其状态改为标记 if (byte_data == 0x8F) { this.head.add(j + 0x20 * i).writeU8(0x8E); } } console.log(data.join(" ")); } // 重绘窗口区域 this.board_repaint() this.将目标窗口切换到前台() } } let l07 = new L07(); l07.hWnd = ptr(0x09A51A5E) // l07.将目标窗口切换到前台(); // User32.MessageBox(l07.hWnd, // Memory.allocUtf16String("lpText"), // Memory.allocUtf16String("lpCapture"), // User32.Const.MB_OKCANCEL) l07.run();