DLL 代码
#DIM ALL '申明所有
#REGISTER ALL '注册所有
#COMPILE DLL "WuLin.DLL" '生成文件类型及名字
#INCLUDE "WIN32API.INC" '引用API
GLOBAL hWnd AS DWORD '全局hwnd,记录游戏的hwnd
GLOBAL hProcess AS DWORD '全局process 记录游戏的线程
GLOBAL hThread AS DWORD '全局thread 代码线程
GLOBAL lpNumberOfBytes AS DWORD '全局函数变量
GLOBAL ThreadAdd AS DWORD POINTER '全局注入线程指针
GLOBAL Pid AS DWORD '线程id
GLOBAL FirstAdr AS DWORD '全局变量 游戏基址
'''''''''''''''''''' DLL文件初始函数 ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
FUNCTION LIBMAIN(BYVAL hInstance AS DWORD, _
BYVAL lReason AS LONG, _
BYVAL lReserved AS LONG) AS LONG
SELECT CASE AS LONG lReason
CASE %DLL_PROCESS_ATTACH
LIBMAIN = 1
EXIT FUNCTION
CASE %DLL_PROCESS_DETACH
EXIT FUNCTION
CASE %DLL_THREAD_ATTACH
EXIT FUNCTION
CASE %DLL_THREAD_DETACH
EXIT FUNCTION
END SELECT
LIBMAIN = 0
END FUNCTION
'''''''''''''''''''''''' 游戏检测初始函数 '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
FUNCTION CheckIn STDCALL ALIAS "CheckIn" () EXPORT AS LONG
hWnd = FindWindow("QElementClient Window", "Element Client") '获取游戏hwnd
GetWindowThreadProcessId(hWnd, Pid) '获取游戏线程
hProcess = OpenProcess(%PROCESS_ALL_ACCESS, %False, Pid) '打开线程
IF hProcess = 0 THEN '如果打开线程为0,即失败退出
FUNCTION = 0
EXIT FUNCTION
END IF
ThreadAdd = VirtualAllocEx(hProcess, BYVAL 0&, 2048, %MEM_COMMIT, %PAGE_READWRITE) '申请内存空间,准备注入
FirstAdr = &H00911B24 '初始化游戏基址
FUNCTION = 1 '设置返回参数
END FUNCTION
'''''''''''''''''''''''' 读取内存 ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
FUNCTION ReadM STDCALL ALIAS "ReadM" (BYVAL mAdr AS LONG, _ '读取内存数值
BYVAL mSize AS LONG) EXPORT AS LONG
DIM mValue AS LONG
ReadProcessMemory(hProcess, BYVAL mAdr, BYVAL VARPTR(mValue), mSize, lpNumberOfBytes)
FUNCTION = mValue
END FUNCTION
FUNCTION ReadMf STDCALL ALIAS "ReadMf" (BYVAL mAdr AS LONG, _ '读取内存数值浮点
BYVAL mSize AS LONG) EXPORT AS DOUBLE
DIM mValue AS DOUBLE
ReadProcessMemory(hProcess, BYVAL mAdr, BYVAL VARPTR(mValue), mSize, lpNumberOfBytes)
FUNCTION = mValue
END FUNCTION
''''''''''''''''''''''''''''' 释放内存,退出 ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
FUNCTION EndQuit STDCALL ALIAS "EndQuit" () AS LONG
VirtualFreeEx(hProcess, BYVAL ThreadAdd, 2048, %MEM_RELEASE)
SLEEP(1000)
FUNCTION = 1&
END FUNCTION
''''''''''''''''''''''''''' 注入程序 ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
FUNCTION FuncIn ALIAS "FuncIn" (BYVAL Func AS DWORD POINTER, _
BYVAL CallType AS DWORD, _ '注入类型
BYVAL Param1 AS DWORD, _ '注入参数1
BYVAL Param2 AS DWORD, _ '注入参数2
BYVAL Param3 AS DWORD, _ '注入参数3
BYVAL Param4 AS DWORD) EXPORT AS LONG '注入参数4
DIM TempAdd AS DWORD POINTER
WriteProcessMemory(hProcess, BYVAL ThreadAdd, @Func, 4096, lpNumberOfBytes)
SELECT CASE CallType
CASE 0 '无参数Call
CASE 1 '使用技能
TempAdd = ThreadAdd + 33
WriteProcessMemory(hProcess, BYVAL TempAdd, Param1, 4, lpNumberOfBytes)
CASE 2
TempAdd = ThreadAdd + 43
WriteProcessMemory(hProcess, BYVAL TempAdd, Param1, 4, lpNumberOfBytes)
END SELECT
hThread = CreateRemoteThread(hProcess, BYVAL 0&, 0, ThreadAdd, BYVAL 0&, 0, lpNumberOfBytes)
WaitForSingleObject(hThread, %INFINITE)
CloseHandle(hThread)
FUNCTION = -1&
END FUNCTION
''''''''''''''''''''''' CallType 0 无参数注入''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
FUNCTION pAttackCall ALIAS "pAttackCall" () AS LONG '普通攻击
DIM Address AS LONG
Address = &H005A7810
!pushad
!CALL Address
!popad
END FUNCTION
FUNCTION DazuoCall ALIAS "DazuoCall" () AS LONG '运气(打坐)
DIM Address AS LONG
Address = &H005A7E90
!pushad
!CALL Address
!popad
END FUNCTION
FUNCTION UnDazuoCall ALIAS "UnDazuoCall" () AS LONG
DIM Address AS LONG
Address = &H00465680
!pushad
!CALL Address
!popad
END FUNCTION
FUNCTION PressTabCall ALIAS "PressTab" () AS LONG
DIM Address AS LONG
Address = &H0045B4E0
!pushad
!mov ecx, dword ptr [&H911B24]
!mov ecx, dword ptr [ecx + &H24]
!push 0
!call Address
!popad
END FUNCTION
FUNCTION CallSingle ALIAS "CallSingle" (BYVAL wCase AS INTEGER) EXPORT AS LONG '无参数CALL调用函数
SELECT CASE wCase
CASE 1
FuncIn(CODEPTR(DazuoCall), 0, 0, 0, 0, 0)
CASE 2
FuncIn(CODEPTR(UnDazuoCall), 0, 0, 0, 0, 0)
CASE 3
FuncIn(CODEPTR(pAttackCall), 0, 0, 0, 0, 0)
CASE 4
FuncIn(CODEPTR(PressTabCall), 0, 0, 0, 0, 0)
END SELECT
FUNCTION = -1&
END FUNCTION
'''''''''''''''''''' CallType 1 使用技能 ''''''''''''''''''''''''''''''''''''
FUNCTION UseSkillsCall ALIAS "UseSkillsCall" () AS LONG
DIM Address AS LONG
DIM edx1 AS LONG
Address = &H00461E90
edx1 = 999
!pushad
!mov eax, edx1
!mov ecx, dword ptr [&H90E034]
!mov ecx, dword ptr [ecx + &H1C]
!mov ecx, dword ptr [ecx + &H24]
!push -1
!push 0
!push 0
!push eax
!call Address
!popad
END FUNCTION
FUNCTION UseSkills ALIAS "UseSkills" (BYVAL sKillsID AS DWORD) EXPORT AS LONG
FuncIn(CODEPTR(UseSkillsCall), 1, sKillsID, 0, 0, 0)
SLEEP(500)
FUNCTION = -1&
END FUNCTION
VB 代码
Option Explicit
'Win32 API 基本定义
Private Declare Function GetAsyncKeyState Lib "user32" (ByVal vkey As Long) As Integer
'游戏CALL函数定义 特别需要注意,Function 过程名称中的大小写必须与现在的一致,否则将无法找到函数入口而提示错误
'CheckIn 用于检查游戏是否运行和初始化设置的函数,其中包括申请内存区域等操作
Private Declare Function CheckIn Lib "WuLin.Dll" () As Long
'简单的CALL,其中包含了4个基本的call,1 是运气打坐,2 是取消运气打坐,3 是普通攻击,4 是发送TabCall找怪
Private Declare Function CallSingle Lib "WuLin.Dll" (ByVal lpSinglecall As Integer) As Long
'使用技能的Call,其参数为技能的ID,例如清风破ID为2
Private Declare Function UseSkills Lib "WuLin.Dll" (ByVal sKillsID As Long) As Long
'退出的函数,主要用于清理退出后内存中的 GHOFFICE过滤词语啊这些东西的
Private Declare Function EndQuit Lib "WuLin.Dll" (ByVal EndType As Long) As Long
Private Sub Form_Load()
Dim gStart As Long
gStart = CheckIn
If gStart = 0 Then
MsgBox "游戏未启动!"
End
End If
THook.Enabled = True
End Sub
Private Function MyHotKey(vKeyCode) As Boolean
MyHotKey = (GetAsyncKeyState(vKeyCode) < 0)
End Function
Private Sub Form_QueryUnload(Cancel As Integer, UnloadMode As Integer)
Call EndQuit(1)
End Sub
'************************热健定义*************************************
Private Sub Thook_Timer()
If MyHotKey(33) Then 'PageUP
Call CallSingle(4) '发TabCall选怪
'Call CallSingle(1) '打坐运气
'Call CallSingle(2) '取消打坐状态
'Call CallSingle(3) '普通攻击
ElseIf MyHotKey(34) Then 'PageDown
Call UseSkills(2) '使用技能 参数2表示清风破的ID
End If
End Sub
程序运行后可以用pageup和pagedown测试