极点博客 - 青色咖啡的博客

unit Main;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls, OleCtrls,ShellApi, ExtCtrls, SHDocVw,
  ComCtrls;

type
  TForm1 = class(TForm)
    Edit1: TEdit;
    Button1: TButton;
    Button2: TButton;
    WebBrowser1: TWebBrowser;
    Label1: TLabel;
    Label2: TLabel;
    StatusBar1: TStatusBar;
    Label3: TLabel;
    procedure Button1Click(Sender: TObject);
    procedure Button2Click(Sender: TObject);
    procedure StatusBar1Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.dfm}

procedure TForm1.Button1Click(Sender: TObject);
var
mystream:TMemoryStream;
strurl:string;
bp:TBitmap;
begin
WebBrowser1.Navigate('http://wpa.qq.com/pa?p=1:'+edit1.text+':1');
end;

procedure TForm1.Button2Click(Sender: TObject);
var
s: string;
haima:Integer;
begin
  if Edit1.Text<>'17306119' then
begin
haima:=StrToInt(Edit1.Text);
s:='Tencent://Message/?Menu=YES&Exe=&Uin='+inttostr(haima);;
Shellexecute(handle,nil,pchar(s),nil,nil,SW_MINIMIZE);
end else
begin
ShowMessage('莫要实验本人ＱＱ号，呵呵');
end;
end;

procedure TForm1.StatusBar1Click(Sender: TObject);
var
  s: string;
begin
edit1.text:='17306119';
s:='http://www.t522.com/plus/guestbook/';
Shellexecute(handle,nil,pchar(s),nil,nil,SW_MINIMIZE);
end;

end.

unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, ComCtrls, StdCtrls, ExtCtrls, StrUtils;

type
  TForm1 = class(TForm)
    PageControl1: TPageControl;
    Button3: TButton;
    Button4: TButton;
    TabSheet2: TTabSheet;
    Button5: TButton;
    Button6: TButton;
    Button7: TButton;

    procedure Button4Click(Sender: TObject);
    procedure FormCreate(Sender: TObject);
    procedure FormDestroy(Sender: TObject);

    procedure JiNeng;
    procedure dazhuo;    //打坐
    procedure dazhuo1;   //取消 打坐
    procedure putong1;  //普能攻击
    procedure xg;       //选怪
    procedure Button5Click(Sender: TObject);
    procedure Button6Click(Sender: TObject);
    procedure Button7Click(Sender: TObject);


  private
    { Private declarations }

  public
    { Public declarations }

  end;

type  // ---- 定义参数指针

  PGetGwCallParam = ^TGetGwCallParam;
  TGetGwCallParam = packed record
  EDX, EAX: DWORD;
  end;
   type  // ---- 定义参数指针
  P1_STR = packed record
  Param1: DWORD;
  Param2: DWORD;
  end;
  dazuobao = packed record
  len:dword;
  tou:word;
  id:DWORD;
  end;

var
  Form1: TForm1;
  base0:Cardinal;
  MyHwnd:Hwnd;
  hProcess_N: THandle;
  ThreadAdd, ParamAdd: Pointer;
  ThreadID: DWORD;

  MemSize, JNID: DWORD;
  ByteRead: Cardinal;

implementation

{$R *.dfm}


procedure TForm1.FormCreate(Sender: TObject);
begin
  MyHwnd:=findwindow(nil, 'Element Client');
  GetWindowThreadProcessId(MyHwnd, @ThreadID);
  hProcess_N := OpenProcess(PROCESS_ALL_ACCESS, False, ThreadID);
  if hProcess_N = 0 then
  begin
    Messagebox(handle, '　请退出先登录运行《武林》游戏。　','提示',MB_OK+MB_IconError);
    exit;
  end;

  Base0:=$912BA4;           // $12F82C
  MemSize:=128;

  ThreadAdd := VirtualAllocEx(hProcess_N, nil, MemSize, MEM_COMMIT, PAGE_READWRITE);
  ParamAdd := VirtualAllocEx(hProcess_N, nil, 20, MEM_COMMIT, PAGE_READWRITE);
end;


procedure TForm1.FormDestroy(Sender: TObject);
begin
  VirtualFreeEx(hProcess_N, ThreadAdd, MemSize, MEM_RELEASE);
  VirtualFreeEx(hProcess_N, ParamAdd, 20, MEM_RELEASE);
  CloseHandle(hProcess_N);
end;


procedure InjectFunc(Func: Pointer; Param: Pointer; ParamSize: DWORD);
var
  hThread: THandle;
  lpNumberOfBytes: DWORD;

begin
  if hProcess_N<>0 then
  begin
    // ---- 写入函数地址
    WriteProcessMemory(hProcess_N, ThreadAdd, Func, MemSize, lpNumberOfBytes);
    // ---- 写入参数地址
    WriteProcessMemory(hProcess_N, ParamAdd, Param, ParamSize, lpNumberOfBytes);
    // ---- 创建远程线程
    hThread := CreateRemoteThread(hProcess_N, nil, 0, ThreadAdd, ParamAdd, 0, lpNumberOfBytes);
    // ---- 等待线程结束
    WaitForSingleObject(hThread, INFINITE);
    CloseHandle(hThread);
  end;
end;



//----------发包call－－公用
procedure putong(p:pointer); stdcall;
var
  tt:dword;
  len:dword;
  address:Pointer;
  begin
    address:=Pointer($5811B0);  //发包call地址
    len:=pdword(p)^;
    tt:=dword(p)+4;
    asm
    pushad
      MOV ECX,DWORD PTR [$90f0b4]   //call地址
      PUSH len        //包长                       //    ; /Arg2 = 00000003
      PUSH tt        //包内容
      MOV ECX,DWORD PTR [ECX+$20]
      CALL address;          
    popad
    end;
    end;

// --- 退出
procedure TForm1.Button4Click(Sender: TObject);
begin
  Close;
end;


//----调用call 打坐
procedure TForm1.dazhuo;
var
bao:dazuobao;
begin
bao.len:=2;
bao.tou:=$2E;
InjectFunc(@putong,@bao, SizeOf(bao));
    end;


//----调用call 打坐 取消
procedure TForm1.dazhuo1;
var
bao:dazuobao;
begin
bao.len:=2;
bao.tou:=$2A;
InjectFunc(@putong,@bao, SizeOf(bao));
    end;
//---调用普通攻击

procedure TForm1.putong1;
var
bao:dazuobao;
begin
bao.len:=3;
bao.tou:=$3;
InjectFunc(@putong,@bao, SizeOf(bao));
    end;

procedure TForm1.JiNeng;
var
  MyParam : P1_STR;
  ParamSum: DWORD;
begin
  MyParam.Param1:=JNID;
  ParamSum:=SizeOf(MyParam);
  if MyHwnd<>0 then
  begin
    //injectfunc(@MyCall8, @MyParam, ParamSum);
  end;
end;


procedure TForm1.Button5Click(Sender: TObject);
begin
if Button5.Caption= '打坐' then
begin
Button5.Caption:='取消';
dazhuo;
end
else
begin
dazhuo1;
Button5.Caption:='打坐';
end;
end;
procedure TForm1.Button6Click(Sender: TObject);
begin
putong1;
end;
procedure TForm1.Button7Click(Sender: TObject);
begin
XG;
end;
procedure Tform1.XG;
var
   g_N,g_Max,r_Exp,g_oleID,gecxi,xzgwID,gstart,
   geax,r_UpExp,ByteRead:Cardinal;
   g_x,g_y,rg_Local,Gwjl,x,y:Single;
  bao:dazuobao;
tgName: string;
  pGname,i: Integer;
  Gwid,G_id:DWORD;
  gname: array [0..36] of WideChar;
begin
  ReadProcessMemory(hProcess_N, Pointer(base0), @Gecxi, 4, ByteRead);
  ReadProcessMemory(hProcess_N, Pointer(gEcxi + $8), @Gecxi, 4, ByteRead);
  ReadProcessMemory(hProcess_N, Pointer(gEcxi + $20), @Gecxi, 4, ByteRead);
  ReadProcessMemory(hProcess_N, Pointer(gEcxi + $14), @G_N, 4, ByteRead);
  ReadProcessMemory(hProcess_N, Pointer(gEcxi + $24), @G_max, 4, ByteRead);
  ReadProcessMemory(hProcess_N, Pointer(gEcxi + $18), @GStart, 4, ByteRead);
  ReadProcessMemory(hProcess_N, pointer(gecxi + $7d4), @xzgwID, 4, ByteRead); //目标ID
  Gwjl:=30;
  GWID:=0;
  for i := 0 to g_Max do
  begin
  ReadProcessMemory(hProcess_N, Pointer(gStart +4 * i), @geax, 4, ByteRead);
    if gEax > 0 then begin
    ReadProcessMemory(hProcess_N, Pointer(gEax + $4), @Geax, 4, ByteRead);
    ReadProcessMemory(hProcess_N, Pointer(gEax + $11C), @g_ID, 4, ByteRead);
    ReadProcessMemory(hProcess_N, Pointer(gEax + $3C), @g_X, 4, ByteRead);
    ReadProcessMemory(hProcess_N, Pointer(gEax + $44), @g_Y, 4, ByteRead);
    ReadProcessMemory(hProcess_N, Pointer(gEax + $234), @rg_Local, 4, ByteRead);     //米
    if rg_Local < Gwjl then begin
    Gwjl:=rg_Local;
    GWID:=g_ID;
    if xzgwID>0 then begin
    bao.ID:=gwid;
    bao.len:=6;
    bao.tou:=$02;
   InjectFunc(@putong,@bao, SizeOf(bao));
end;
end;
end;
end;
end;
end.

unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls,tlhelp32;

type
  TForm1 = class(TForm)
    ListBox1: TListBox;
    Button1: TButton;
    procedure Button1Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.dfm}


procedure TForm1.Button1Click(Sender: TObject);
var
  ProcessName: string;
  ProcessID: integer;
  ListLoop: Boolean;
  FsnapShotHandle: Thandle;
  FProcessEntry32:TProcessEntry32;
begin
  Fsnapshothandle := CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS, 0);
  FProcessEntry32.dwsize := SizeOF(FProcessEntry32);
  Listloop := Process32First(FSnapshotHandle, FProcessEntry32);
  while Listloop do
  begin
    ProcessName:=FprocessEntry32.szExeFile;
    ProcessID:=FProcessEntry32.th32ProcessID;
    ListLoop := Process32Next(FSnapshotHandle, FprocessEntry32);
    end;
    if ProcessName='elementclient.exe' then
    begin
    listbox1.Items.Add(ProcessNAme+' PID: '+inttostr(processid));
      end;
CloseHandle(FSnapshotHandle);
end;


end.