unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls,JZsd, ZnHideForm, ExtCtrls;
type
TForm1 = class(TForm)
Button1: TButton;
Label1: TLabel;
ZnHideForm1: TZnHideForm;
Timer1: TTimer;
procedure Button1Click(Sender: TObject);
private
procedure xgcall;
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
pid:Cardinal;
hwndd:HWND;
hProcess_N:Cardinal;
implementation
{$R *.dfm}
procedure Gongyongfaobo(p:pointer); stdcall;
var
tt:dword;
len:dword;
address:pointer;
begin
address:=Pointer(FbaoJz); //1.11
len:=pdword(p)^;
tt:=dword(p)+4;
asm
pushad
MOV ECX,DWORD PTR [CallJZ]
PUSH len //包长
PUSH tt //包内容
MOV ECX,DWORD PTR [ECX+$20]
CALL address;
popad
end;
end;
Function DuMemf(Addres: Cardinal): single;
var
PHND: THandle;
Num: cardinal;
bReadSucceed: LongBool;
begin
hwndd:=FindWindow('ElementClient Window', 'Element Client');
GetWindowThreadProcessId(hwndd, @PID);
hProcess_N := OpenProcess(PROCESS_ALL_ACCESS, False, pid);//打开被注入的进程
if pid <> 0 then
begin
//GetWindowThreadProcessId(MyHwnd,aproc);
PHND := OpenProcess(PROCESS_VM_READ, False,pid);
if PHND <> 0 then
begin
bReadSucceed :=ReadProcessMemory(PHND, Pointer(Addres), @Result, 4, Num);
if bReadSucceed = False then Result := 0 ;
end;
CloseHandle(PHND);
end else
Result := 0;
end;
Function DuMem(Addres: Cardinal): Cardinal;
var
PHND: THandle;
Num: cardinal;
bReadSucceed: LongBool;
Pid:Cardinal;
begin
hwndd:=FindWindow('ElementClient Window', 'Element Client');
GetWindowThreadProcessId(hwndd, @PID);
hProcess_N := OpenProcess(PROCESS_ALL_ACCESS, False, pid);//打开被注入的进程
if pid <> 0 then
begin
PHND := OpenProcess(PROCESS_VM_READ, False,pid);
if PHND <> 0 then
begin
bReadSucceed :=ReadProcessMemory(PHND, Pointer(Addres), @Result, 4, Num);
if bReadSucceed = False then Result := 0 ;
end;
CloseHandle(PHND);
end else
Result := 0;
end;
procedure InjectFunc(Func: Pointer; Param: Pointer; ParamSize: DWORD);
var
hProcess_N: THandle;
ThreadAdd, ParamAdd: Pointer;
hThread: THandle;
lpNumberOfBytes,hwndd:DWORD;
begin
hwndd:=FindWindow('ElementClient Window', 'Element Client');
GetWindowThreadProcessId(hwndd, @PID);
hProcess_N := OpenProcess(PROCESS_ALL_ACCESS, False, pid);//打开被注入的进程
ParamAdd := VirtualAllocEx(hProcess_N, nil, ParamSize, MEM_COMMIT, PAGE_READWRITE);//申请参数空间
ThreadAdd := VirtualAllocEx(hProcess_N, nil, 200, MEM_COMMIT, PAGE_READWRITE);//申请函数空间
WriteProcessMemory(hProcess_N, ParamAdd, Param, ParamSize, lpNumberOfBytes); //写入参数地址
WriteProcessMemory(hProcess_N, ThreadAdd, Func,200, lpNumberOfBytes); //写入函数地址
hThread := CreateRemoteThread(hProcess_N, nil, 0, ThreadAdd, ParamAdd, 0, lpNumberOfBytes); //创建远程线程
WaitForSingleObject(hThread, INFINITE);//等待线程结束
VirtualFreeEx(hProcess_N, ThreadAdd, 0, MEM_RELEASE);
VirtualFreeEx(hProcess_N, ParamAdd, 0, MEM_RELEASE); //释放申请的地址
CloseHandle(hProcess_N); //关闭打开的句柄
end;
procedure TForm1.xgcall;
var
ecxi,ecxi1,ecxi2,eax,gwbase,GWsl,GWZDsl,gwzdsl1,Gwdj,GWLX,GWZL,eax1,eax2:Cardinal;
i,dz:Integer;
xuzhongID,gwHP,gwHPmax:Cardinal;
GWNAME:array[0..65]of wideChar;
gwid1,gwid:Cardinal;
xx,yy,zz,gwx, gwy,gwz,GWJL,rx,ry,rz,zjjl:Single;
bao:Fabaoxx;
lsgwjl,gwzt,Num,pwname:Cardinal;
begin
ecxi:=DuMem(BASE);
ecxi2:=DuMem(ecxi+$20); //人物基址
rx:=DuMemf(ecxi2+$3C); //人物x
ry:=DuMemf(ecxi2+$44); //人物Y
Rz:=DuMemf(ecxi2+$40); //人物Z
eax:=DuMem(ecxi+$8);
ecxi1:=DuMem(eax+$24); //怪物基址
GWsl:=DuMem(ecxi1+$14); //怪物數量
GWZDsl:=DuMem(ecxi1+$24); //怪物數組最大值
gwzdsl1:=DuMem(ecxi1+$18); //怪物列表首地址
gwid1:=0;
ZJJL:=999;
for i:=0 to GWZDsl-1 do
begin
eax1:=DuMem(gwzdsl1+4*i);
If eax1 > 0 Then
begin
eax2:=DuMem(eax1+$4); //怪物信息指针
gwHP:=DuMem(eax2+$12c); //怪血
gwHPmax:=DuMem(eax2+$154); //怪最大血
Gwdj:=DuMem(eax2+$124); //怪等级
gwx:=DuMemf(eax2+$3C); //怪X
gwy:=DuMemf(eax2+$44); //怪Y
gwz:=DuMemf(eax2+$40); //怪Z
gwjl:=DuMemf(eax2+$254); //怪距離
GWLX:=DuMem(eax2+$120); //怪类别
GWzt:=DuMem(eax2+$294);
GWZL:=DuMem(eax2+$B4); //怪种类
gwid:=DuMem(eax2+$11C); //怪iD
pwname:=DuMem(eax2+$230); //怪名
ecxi2:=DuMem(ecxi+$20); //选中怪基址
xuzhongID:=DuMem(ecxi2+$A18); //选中怪ID
hProcess_N:=OpenProcess(PROCESS_ALL_ACCESS,false,pid);
ReadProcessMemory(hProcess_N,Pointer(pwNAME),@Gwname, 64, Num);
if gwzt<>4 then
if ZJJL>=GWJL then
ZJJL:=gwjl;
if(gwjl<=ZJJL) and (GWZL=6) then
begin
bao.len:=6;
bao.tou:=$02;
bao.ID:=gwid;
InjectFunc(@Gongyongfaobo,@bao, SizeOf(bao));
end;
end;
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
xgcall;
end;
end.
更外一个是基址数据,可以自己更改
unit JZsd;
interface
uses windows;
const
BASE = $92764C; //基址
FbaoJz = $589F20; //發包基址
CallJZ = $00926FD4; //Call 基址
Zhoulu1 =$0045D9F0;
Zhoulu2 = $00461470;
Zhoulu3 = $0045DDF0;
zhoulupy = $BB8; //走路偏移
jlcall = $4559D0; //技能call
hanhua = $58A007; //說辭CALL
type
PDrugs=^TDrugs;
TDrugs = record
ID:cardinal;
name:string;
end;
Fabaoxx = packed record //公用(选怪,打坐)
len:dword;
tou:word;
id:DWORD;
end;
TJianwu= packed record //捡物发包
len:DWORD;
tou:Word;
C1:dword;
id:dword;
end;
chiyao = packed record //吃藥發包
len:DWORD;
tou:Word;
x1:Byte;
x2:Byte;
c1:Byte;
x3:Byte;
ID:DWORD;
end;
//拾取物品参数
PPickUp =^TPickUp;
TPickUp = record
id:cardinal;
sysNum:cardinal;
name:array[0..32]of WideChar;
itemX,itemY:single;
end;
//自动寻路参数
PGetGwCallParam = ^TGetGwCallParam;
TGetGwCallParam = packed record
EDX, EAX: Cardinal;
x0, y0, z0:Single;
dwnum, dwid, dwpos:Integer;
end;
//包裹物品信息
PPackItem =^TPackItem;
TPackItem = record
id:cardinal;
num:cardinal;
end;
PItemFilter =^TItemFilter;
TItemFilter =record
id:cardinal;
name:string;
end;
//技能信息
PSkill=^TSkill;
TSkill = record
id:cardinal;
name:array[0..20] of widechar;
Lcsj:Cardinal;
end;
ATItemFilter=array of TItemFilter;
ATSkill = array of TSkill;
implementation
end.
下载文件 (已下载 248 次)
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls,JZsd, ZnHideForm, ExtCtrls;
type
TForm1 = class(TForm)
Button1: TButton;
Label1: TLabel;
ZnHideForm1: TZnHideForm;
Timer1: TTimer;
procedure Button1Click(Sender: TObject);
private
procedure xgcall;
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
pid:Cardinal;
hwndd:HWND;
hProcess_N:Cardinal;
implementation
{$R *.dfm}
procedure Gongyongfaobo(p:pointer); stdcall;
var
tt:dword;
len:dword;
address:pointer;
begin
address:=Pointer(FbaoJz); //1.11
len:=pdword(p)^;
tt:=dword(p)+4;
asm
pushad
MOV ECX,DWORD PTR [CallJZ]
PUSH len //包长
PUSH tt //包内容
MOV ECX,DWORD PTR [ECX+$20]
CALL address;
popad
end;
end;
Function DuMemf(Addres: Cardinal): single;
var
PHND: THandle;
Num: cardinal;
bReadSucceed: LongBool;
begin
hwndd:=FindWindow('ElementClient Window', 'Element Client');
GetWindowThreadProcessId(hwndd, @PID);
hProcess_N := OpenProcess(PROCESS_ALL_ACCESS, False, pid);//打开被注入的进程
if pid <> 0 then
begin
//GetWindowThreadProcessId(MyHwnd,aproc);
PHND := OpenProcess(PROCESS_VM_READ, False,pid);
if PHND <> 0 then
begin
bReadSucceed :=ReadProcessMemory(PHND, Pointer(Addres), @Result, 4, Num);
if bReadSucceed = False then Result := 0 ;
end;
CloseHandle(PHND);
end else
Result := 0;
end;
Function DuMem(Addres: Cardinal): Cardinal;
var
PHND: THandle;
Num: cardinal;
bReadSucceed: LongBool;
Pid:Cardinal;
begin
hwndd:=FindWindow('ElementClient Window', 'Element Client');
GetWindowThreadProcessId(hwndd, @PID);
hProcess_N := OpenProcess(PROCESS_ALL_ACCESS, False, pid);//打开被注入的进程
if pid <> 0 then
begin
PHND := OpenProcess(PROCESS_VM_READ, False,pid);
if PHND <> 0 then
begin
bReadSucceed :=ReadProcessMemory(PHND, Pointer(Addres), @Result, 4, Num);
if bReadSucceed = False then Result := 0 ;
end;
CloseHandle(PHND);
end else
Result := 0;
end;
procedure InjectFunc(Func: Pointer; Param: Pointer; ParamSize: DWORD);
var
hProcess_N: THandle;
ThreadAdd, ParamAdd: Pointer;
hThread: THandle;
lpNumberOfBytes,hwndd:DWORD;
begin
hwndd:=FindWindow('ElementClient Window', 'Element Client');
GetWindowThreadProcessId(hwndd, @PID);
hProcess_N := OpenProcess(PROCESS_ALL_ACCESS, False, pid);//打开被注入的进程
ParamAdd := VirtualAllocEx(hProcess_N, nil, ParamSize, MEM_COMMIT, PAGE_READWRITE);//申请参数空间
ThreadAdd := VirtualAllocEx(hProcess_N, nil, 200, MEM_COMMIT, PAGE_READWRITE);//申请函数空间
WriteProcessMemory(hProcess_N, ParamAdd, Param, ParamSize, lpNumberOfBytes); //写入参数地址
WriteProcessMemory(hProcess_N, ThreadAdd, Func,200, lpNumberOfBytes); //写入函数地址
hThread := CreateRemoteThread(hProcess_N, nil, 0, ThreadAdd, ParamAdd, 0, lpNumberOfBytes); //创建远程线程
WaitForSingleObject(hThread, INFINITE);//等待线程结束
VirtualFreeEx(hProcess_N, ThreadAdd, 0, MEM_RELEASE);
VirtualFreeEx(hProcess_N, ParamAdd, 0, MEM_RELEASE); //释放申请的地址
CloseHandle(hProcess_N); //关闭打开的句柄
end;
procedure TForm1.xgcall;
var
ecxi,ecxi1,ecxi2,eax,gwbase,GWsl,GWZDsl,gwzdsl1,Gwdj,GWLX,GWZL,eax1,eax2:Cardinal;
i,dz:Integer;
xuzhongID,gwHP,gwHPmax:Cardinal;
GWNAME:array[0..65]of wideChar;
gwid1,gwid:Cardinal;
xx,yy,zz,gwx, gwy,gwz,GWJL,rx,ry,rz,zjjl:Single;
bao:Fabaoxx;
lsgwjl,gwzt,Num,pwname:Cardinal;
begin
ecxi:=DuMem(BASE);
ecxi2:=DuMem(ecxi+$20); //人物基址
rx:=DuMemf(ecxi2+$3C); //人物x
ry:=DuMemf(ecxi2+$44); //人物Y
Rz:=DuMemf(ecxi2+$40); //人物Z
eax:=DuMem(ecxi+$8);
ecxi1:=DuMem(eax+$24); //怪物基址
GWsl:=DuMem(ecxi1+$14); //怪物數量
GWZDsl:=DuMem(ecxi1+$24); //怪物數組最大值
gwzdsl1:=DuMem(ecxi1+$18); //怪物列表首地址
gwid1:=0;
ZJJL:=999;
for i:=0 to GWZDsl-1 do
begin
eax1:=DuMem(gwzdsl1+4*i);
If eax1 > 0 Then
begin
eax2:=DuMem(eax1+$4); //怪物信息指针
gwHP:=DuMem(eax2+$12c); //怪血
gwHPmax:=DuMem(eax2+$154); //怪最大血
Gwdj:=DuMem(eax2+$124); //怪等级
gwx:=DuMemf(eax2+$3C); //怪X
gwy:=DuMemf(eax2+$44); //怪Y
gwz:=DuMemf(eax2+$40); //怪Z
gwjl:=DuMemf(eax2+$254); //怪距離
GWLX:=DuMem(eax2+$120); //怪类别
GWzt:=DuMem(eax2+$294);
GWZL:=DuMem(eax2+$B4); //怪种类
gwid:=DuMem(eax2+$11C); //怪iD
pwname:=DuMem(eax2+$230); //怪名
ecxi2:=DuMem(ecxi+$20); //选中怪基址
xuzhongID:=DuMem(ecxi2+$A18); //选中怪ID
hProcess_N:=OpenProcess(PROCESS_ALL_ACCESS,false,pid);
ReadProcessMemory(hProcess_N,Pointer(pwNAME),@Gwname, 64, Num);
if gwzt<>4 then
if ZJJL>=GWJL then
ZJJL:=gwjl;
if(gwjl<=ZJJL) and (GWZL=6) then
begin
bao.len:=6;
bao.tou:=$02;
bao.ID:=gwid;
InjectFunc(@Gongyongfaobo,@bao, SizeOf(bao));
end;
end;
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
xgcall;
end;
end.
更外一个是基址数据,可以自己更改
unit JZsd;
interface
uses windows;
const
BASE = $92764C; //基址
FbaoJz = $589F20; //發包基址
CallJZ = $00926FD4; //Call 基址
Zhoulu1 =$0045D9F0;
Zhoulu2 = $00461470;
Zhoulu3 = $0045DDF0;
zhoulupy = $BB8; //走路偏移
jlcall = $4559D0; //技能call
hanhua = $58A007; //說辭CALL
type
PDrugs=^TDrugs;
TDrugs = record
ID:cardinal;
name:string;
end;
Fabaoxx = packed record //公用(选怪,打坐)
len:dword;
tou:word;
id:DWORD;
end;
TJianwu= packed record //捡物发包
len:DWORD;
tou:Word;
C1:dword;
id:dword;
end;
chiyao = packed record //吃藥發包
len:DWORD;
tou:Word;
x1:Byte;
x2:Byte;
c1:Byte;
x3:Byte;
ID:DWORD;
end;
//拾取物品参数
PPickUp =^TPickUp;
TPickUp = record
id:cardinal;
sysNum:cardinal;
name:array[0..32]of WideChar;
itemX,itemY:single;
end;
//自动寻路参数
PGetGwCallParam = ^TGetGwCallParam;
TGetGwCallParam = packed record
EDX, EAX: Cardinal;
x0, y0, z0:Single;
dwnum, dwid, dwpos:Integer;
end;
//包裹物品信息
PPackItem =^TPackItem;
TPackItem = record
id:cardinal;
num:cardinal;
end;
PItemFilter =^TItemFilter;
TItemFilter =record
id:cardinal;
name:string;
end;
//技能信息
PSkill=^TSkill;
TSkill = record
id:cardinal;
name:array[0..20] of widechar;
Lcsj:Cardinal;
end;
ATItemFilter=array of TItemFilter;
ATSkill = array of TSkill;
implementation
end.
下载文件 (已下载 248 次)作者:青色咖啡@极点博客 - 青色咖啡的博客
地址:http://www.t522.com/post/7/
极点博客版权所有©转载时必须以链接形式注明作者和原始出处及本声明!
查找游戏的运行目录
完美内存选怪易语言源码