unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, ComCtrls, StdCtrls, ExtCtrls, StrUtils;
type
TForm1 = class(TForm)
PageControl1: TPageControl;
Button3: TButton;
Button4: TButton;
TabSheet2: TTabSheet;
Button5: TButton;
Button6: TButton;
Button7: TButton;
procedure Button4Click(Sender: TObject);
procedure FormCreate(Sender: TObject);
procedure FormDestroy(Sender: TObject);
procedure JiNeng;
procedure dazhuo; //打坐
procedure dazhuo1; //取消 打坐
procedure putong1; //普能攻击
procedure xg; //选怪
procedure Button5Click(Sender: TObject);
procedure Button6Click(Sender: TObject);
procedure Button7Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
type // ---- 定义参数指针
PGetGwCallParam = ^TGetGwCallParam;
TGetGwCallParam = packed record
EDX, EAX: DWORD;
end;
type // ---- 定义参数指针
P1_STR = packed record
Param1: DWORD;
Param2: DWORD;
end;
dazuobao = packed record
len:dword;
tou:word;
id:DWORD;
end;
var
Form1: TForm1;
base0:Cardinal;
MyHwnd:Hwnd;
hProcess_N: THandle;
ThreadAdd, ParamAdd: Pointer;
ThreadID: DWORD;
MemSize, JNID: DWORD;
ByteRead: Cardinal;
implementation
{$R *.dfm}
procedure TForm1.FormCreate(Sender: TObject);
begin
MyHwnd:=findwindow(nil, 'Element Client');
GetWindowThreadProcessId(MyHwnd, @ThreadID);
hProcess_N := OpenProcess(PROCESS_ALL_ACCESS, False, ThreadID);
if hProcess_N = 0 then
begin
Messagebox(handle, ' 请退出先登录运行《武林》游戏。 ','提示',MB_OK+MB_IconError);
exit;
end;
Base0:=$912BA4; // $12F82C
MemSize:=128;
ThreadAdd := VirtualAllocEx(hProcess_N, nil, MemSize, MEM_COMMIT, PAGE_READWRITE);
ParamAdd := VirtualAllocEx(hProcess_N, nil, 20, MEM_COMMIT, PAGE_READWRITE);
end;
procedure TForm1.FormDestroy(Sender: TObject);
begin
VirtualFreeEx(hProcess_N, ThreadAdd, MemSize, MEM_RELEASE);
VirtualFreeEx(hProcess_N, ParamAdd, 20, MEM_RELEASE);
CloseHandle(hProcess_N);
end;
procedure InjectFunc(Func: Pointer; Param: Pointer; ParamSize: DWORD);
var
hThread: THandle;
lpNumberOfBytes: DWORD;
begin
if hProcess_N<>0 then
begin
// ---- 写入函数地址
WriteProcessMemory(hProcess_N, ThreadAdd, Func, MemSize, lpNumberOfBytes);
// ---- 写入参数地址
WriteProcessMemory(hProcess_N, ParamAdd, Param, ParamSize, lpNumberOfBytes);
// ---- 创建远程线程
hThread := CreateRemoteThread(hProcess_N, nil, 0, ThreadAdd, ParamAdd, 0, lpNumberOfBytes);
// ---- 等待线程结束
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
end;
end;
//----------发包call--公用
procedure putong(p:pointer); stdcall;
var
tt:dword;
len:dword;
address:Pointer;
begin
address:=Pointer($5811B0); //发包call地址
len:=pdword(p)^;
tt:=dword(p)+4;
asm
pushad
MOV ECX,DWORD PTR [$90f0b4] //call地址
PUSH len //包长 // ; /Arg2 = 00000003
PUSH tt //包内容
MOV ECX,DWORD PTR [ECX+$20]
CALL address;
popad
end;
end;
// --- 退出
procedure TForm1.Button4Click(Sender: TObject);
begin
Close;
end;
//----调用call 打坐
procedure TForm1.dazhuo;
var
bao:dazuobao;
begin
bao.len:=2;
bao.tou:=$2E;
InjectFunc(@putong,@bao, SizeOf(bao));
end;
//----调用call 打坐 取消
procedure TForm1.dazhuo1;
var
bao:dazuobao;
begin
bao.len:=2;
bao.tou:=$2A;
InjectFunc(@putong,@bao, SizeOf(bao));
end;
//---调用普通攻击
procedure TForm1.putong1;
var
bao:dazuobao;
begin
bao.len:=3;
bao.tou:=$3;
InjectFunc(@putong,@bao, SizeOf(bao));
end;
procedure TForm1.JiNeng;
var
MyParam : P1_STR;
ParamSum: DWORD;
begin
MyParam.Param1:=JNID;
ParamSum:=SizeOf(MyParam);
if MyHwnd<>0 then
begin
//injectfunc(@MyCall8, @MyParam, ParamSum);
end;
end;
procedure TForm1.Button5Click(Sender: TObject);
begin
if Button5.Caption= '打坐' then
begin
Button5.Caption:='取消';
dazhuo;
end
else
begin
dazhuo1;
Button5.Caption:='打坐';
end;
end;
procedure TForm1.Button6Click(Sender: TObject);
begin
putong1;
end;
procedure TForm1.Button7Click(Sender: TObject);
begin
XG;
end;
procedure Tform1.XG;
var
g_N,g_Max,r_Exp,g_oleID,gecxi,xzgwID,gstart,
geax,r_UpExp,ByteRead:Cardinal;
g_x,g_y,rg_Local,Gwjl,x,y:Single;
bao:dazuobao;
tgName: string;
pGname,i: Integer;
Gwid,G_id:DWORD;
gname: array [0..36] of WideChar;
begin
ReadProcessMemory(hProcess_N, Pointer(base0), @Gecxi, 4, ByteRead);
ReadProcessMemory(hProcess_N, Pointer(gEcxi + $8), @Gecxi, 4, ByteRead);
ReadProcessMemory(hProcess_N, Pointer(gEcxi + $20), @Gecxi, 4, ByteRead);
ReadProcessMemory(hProcess_N, Pointer(gEcxi + $14), @G_N, 4, ByteRead);
ReadProcessMemory(hProcess_N, Pointer(gEcxi + $24), @G_max, 4, ByteRead);
ReadProcessMemory(hProcess_N, Pointer(gEcxi + $18), @GStart, 4, ByteRead);
ReadProcessMemory(hProcess_N, pointer(gecxi + $7d4), @xzgwID, 4, ByteRead); //目标ID
Gwjl:=30;
GWID:=0;
for i := 0 to g_Max do
begin
ReadProcessMemory(hProcess_N, Pointer(gStart +4 * i), @geax, 4, ByteRead);
if gEax > 0 then begin
ReadProcessMemory(hProcess_N, Pointer(gEax + $4), @Geax, 4, ByteRead);
ReadProcessMemory(hProcess_N, Pointer(gEax + $11C), @g_ID, 4, ByteRead);
ReadProcessMemory(hProcess_N, Pointer(gEax + $3C), @g_X, 4, ByteRead);
ReadProcessMemory(hProcess_N, Pointer(gEax + $44), @g_Y, 4, ByteRead);
ReadProcessMemory(hProcess_N, Pointer(gEax + $234), @rg_Local, 4, ByteRead); //米
if rg_Local < Gwjl then begin
Gwjl:=rg_Local;
GWID:=g_ID;
if xzgwID>0 then begin
bao.ID:=gwid;
bao.len:=6;
bao.tou:=$02;
InjectFunc(@putong,@bao, SizeOf(bao));
end;
end;
end;
end;
end;
end.
下载文件 (已下载 192 次)