用powerbasic和vb 6.0写的CALL的DLL及程序源代码,送给新人做参考

DLL 代码

#DIM ALL '申明所有
#REGISTER ALL '注册所有
#COMPILE DLL "WuLin.DLL" '生成文件类型及名字
#INCLUDE "WIN32API.INC" '引用API

GLOBAL hWnd            AS DWORD '全局hwnd,记录游戏的hwnd
GLOBAL hProcess        AS DWORD '全局process 记录游戏的线程
GLOBAL hThread          AS DWORD '全局thread 代码线程
GLOBAL lpNumberOfBytes  AS DWORD '全局函数变量
GLOBAL ThreadAdd        AS DWORD POINTER '全局注入线程指针
GLOBAL Pid              AS DWORD '线程id

GLOBAL FirstAdr        AS DWORD '全局变量 游戏基址

'''''''''''''''''''' DLL文件初始函数 ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
FUNCTION LIBMAIN(BYVAL hInstance AS DWORD, _
                BYVAL lReason  AS LONG, _
                BYVAL lReserved AS LONG) AS LONG

  SELECT CASE AS LONG lReason
    CASE %DLL_PROCESS_ATTACH
      LIBMAIN = 1
      EXIT FUNCTION
    CASE %DLL_PROCESS_DETACH
      EXIT FUNCTION
    CASE %DLL_THREAD_ATTACH
      EXIT FUNCTION
    CASE %DLL_THREAD_DETACH
      EXIT FUNCTION
  END SELECT

  LIBMAIN = 0
END FUNCTION

'''''''''''''''''''''''' 游戏检测初始函数 '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
FUNCTION CheckIn STDCALL ALIAS "CheckIn" () EXPORT AS LONG
    hWnd = FindWindow("QElementClient Window", "Element Client")  '获取游戏hwnd
    GetWindowThreadProcessId(hWnd, Pid) '获取游戏线程
    hProcess = OpenProcess(%PROCESS_ALL_ACCESS, %False, Pid) '打开线程
    IF hProcess = 0 THEN '如果打开线程为0,即失败退出
      FUNCTION = 0
      EXIT FUNCTION
    END IF
    ThreadAdd = VirtualAllocEx(hProcess, BYVAL 0&, 2048, %MEM_COMMIT, %PAGE_READWRITE) '申请内存空间,准备注入

    FirstAdr = &H00911B24 '初始化游戏基址

    FUNCTION = 1 '设置返回参数
END FUNCTION

'''''''''''''''''''''''' 读取内存 ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
FUNCTION ReadM STDCALL ALIAS "ReadM" (BYVAL mAdr AS LONG, _  '读取内存数值
                                      BYVAL mSize AS LONG) EXPORT AS LONG
    DIM mValue AS LONG
    ReadProcessMemory(hProcess, BYVAL mAdr, BYVAL VARPTR(mValue), mSize, lpNumberOfBytes)

    FUNCTION = mValue
END FUNCTION

FUNCTION ReadMf STDCALL ALIAS "ReadMf" (BYVAL mAdr AS LONG, _  '读取内存数值浮点
                                      BYVAL mSize AS LONG) EXPORT AS DOUBLE
    DIM mValue AS DOUBLE
    ReadProcessMemory(hProcess, BYVAL mAdr, BYVAL VARPTR(mValue), mSize, lpNumberOfBytes)

    FUNCTION = mValue
END FUNCTION

''''''''''''''''''''''''''''' 释放内存,退出 ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
FUNCTION EndQuit STDCALL ALIAS "EndQuit" () AS LONG
    VirtualFreeEx(hProcess, BYVAL ThreadAdd, 2048, %MEM_RELEASE)
    SLEEP(1000)
    FUNCTION = 1&
END FUNCTION

''''''''''''''''''''''''''' 注入程序 ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
FUNCTION FuncIn ALIAS "FuncIn" (BYVAL Func AS DWORD POINTER, _
                                BYVAL CallType AS DWORD, _ '注入类型
                                BYVAL Param1 AS DWORD, _ '注入参数1
                                BYVAL Param2 AS DWORD, _ '注入参数2
                                BYVAL Param3 AS DWORD, _ '注入参数3
                                BYVAL Param4 AS DWORD) EXPORT AS LONG '注入参数4
    DIM TempAdd AS DWORD POINTER

    WriteProcessMemory(hProcess, BYVAL ThreadAdd, @Func, 4096, lpNumberOfBytes)

    SELECT CASE CallType
        CASE 0 '无参数Call
        CASE 1 '使用技能
            TempAdd = ThreadAdd + 33
            WriteProcessMemory(hProcess, BYVAL TempAdd, Param1, 4, lpNumberOfBytes)
        CASE 2
            TempAdd = ThreadAdd + 43
            WriteProcessMemory(hProcess, BYVAL TempAdd, Param1, 4, lpNumberOfBytes)
    END SELECT

    hThread = CreateRemoteThread(hProcess, BYVAL 0&, 0, ThreadAdd, BYVAL 0&, 0, lpNumberOfBytes)

    WaitForSingleObject(hThread, %INFINITE)

    CloseHandle(hThread)
    FUNCTION = -1&
END FUNCTION

''''''''''''''''''''''' CallType 0 无参数注入''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
FUNCTION pAttackCall ALIAS "pAttackCall" () AS LONG '普通攻击
    DIM Address AS LONG
    Address = &H005A7810
    !pushad
    !CALL Address
    !popad
END FUNCTION

FUNCTION DazuoCall ALIAS "DazuoCall" () AS LONG '运气(打坐)
    DIM Address AS LONG
    Address = &H005A7E90
    !pushad
    !CALL Address
    !popad
END FUNCTION

FUNCTION UnDazuoCall ALIAS "UnDazuoCall" () AS LONG
    DIM Address AS LONG
    Address = &H00465680
    !pushad
    !CALL Address
    !popad
END FUNCTION

FUNCTION PressTabCall ALIAS "PressTab" () AS LONG
    DIM Address AS LONG
    Address = &H0045B4E0
    !pushad
    !mov ecx, dword ptr [&H911B24]
    !mov ecx, dword ptr [ecx + &H24]
    !push 0
    !call Address
    !popad
END FUNCTION

FUNCTION CallSingle ALIAS "CallSingle" (BYVAL wCase AS INTEGER) EXPORT AS LONG '无参数CALL调用函数
    SELECT CASE wCase
      CASE 1
        FuncIn(CODEPTR(DazuoCall), 0, 0, 0, 0, 0)
      CASE 2
        FuncIn(CODEPTR(UnDazuoCall), 0, 0, 0, 0, 0)
      CASE 3
        FuncIn(CODEPTR(pAttackCall), 0, 0, 0, 0, 0)
      CASE 4
        FuncIn(CODEPTR(PressTabCall), 0, 0, 0, 0, 0)
    END SELECT
    FUNCTION = -1&
END FUNCTION

'''''''''''''''''''' CallType 1 使用技能 ''''''''''''''''''''''''''''''''''''
FUNCTION UseSkillsCall ALIAS "UseSkillsCall" () AS LONG
    DIM Address AS LONG
    DIM edx1 AS LONG

    Address = &H00461E90
    edx1 = 999
    !pushad
    !mov eax, edx1
    !mov ecx, dword ptr [&H90E034]
    !mov ecx, dword ptr [ecx + &H1C]
    !mov ecx, dword ptr [ecx + &H24]
    !push -1
    !push 0
    !push 0
    !push eax
    !call Address
    !popad
END FUNCTION

FUNCTION UseSkills ALIAS "UseSkills" (BYVAL sKillsID AS DWORD) EXPORT AS LONG
    FuncIn(CODEPTR(UseSkillsCall), 1, sKillsID, 0, 0, 0)
    SLEEP(500)
    FUNCTION = -1&
END FUNCTION
                                                                         
VB 代码

Option Explicit

'Win32 API 基本定义
Private Declare Function GetAsyncKeyState Lib "user32" (ByVal vkey As Long) As Integer

'游戏CALL函数定义  特别需要注意,Function 过程名称中的大小写必须与现在的一致,否则将无法找到函数入口而提示错误

'CheckIn 用于检查游戏是否运行和初始化设置的函数,其中包括申请内存区域等操作
Private Declare Function CheckIn Lib "WuLin.Dll" () As Long

'简单的CALL,其中包含了4个基本的call,1 是运气打坐,2 是取消运气打坐,3 是普通攻击,4 是发送TabCall找怪
Private Declare Function CallSingle Lib "WuLin.Dll" (ByVal lpSinglecall As Integer) As Long

'使用技能的Call,其参数为技能的ID,例如清风破ID为2
Private Declare Function UseSkills Lib "WuLin.Dll" (ByVal sKillsID As Long) As Long

'退出的函数,主要用于清理退出后内存中的 GHOFFICE过滤词语啊这些东西的
Private Declare Function EndQuit Lib "WuLin.Dll" (ByVal EndType As Long) As Long

Private Sub Form_Load()
    Dim gStart As Long
 
    gStart = CheckIn
    If gStart = 0 Then
        MsgBox "游戏未启动!"
        End
    End If
    THook.Enabled = True
End Sub

Private Function MyHotKey(vKeyCode) As Boolean
    MyHotKey = (GetAsyncKeyState(vKeyCode) < 0)
End Function

Private Sub Form_QueryUnload(Cancel As Integer, UnloadMode As Integer)
    Call EndQuit(1)
End Sub

'************************热健定义*************************************
Private Sub Thook_Timer()
    If MyHotKey(33) Then 'PageUP
        Call CallSingle(4) '发TabCall选怪
        'Call CallSingle(1) '打坐运气
        'Call CallSingle(2) '取消打坐状态
        'Call CallSingle(3) '普通攻击
    ElseIf MyHotKey(34) Then 'PageDown
        Call UseSkills(2) '使用技能 参数2表示清风破的ID
    End If
End Sub

程序运行后可以用pageup和pagedown测试

你可能感兴趣的:(dll,vb,function,integer,游戏,thread)