【3.A.S.T】网络安全爱好者's Archiver

黑客学习

卡多佐 发表于 2009-10-23 15:02

【分享】delphi 写外挂的模板

unit Unit1;

interface

uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,[size=1][color=white]信息来自:[/color][/size][url=http://www.3ast.com.cn/][size=1][color=white]http://www.3ast.com.cn[/color][/size][/url]
Dialogs, ComCtrls, StdCtrls, ExtCtrls, StrUtils;

type
TForm1 = class(TForm)
PageControl1: TPageControl;
TabSheet1: TTabSheet;
GroupBox1: TGroupBox;
Label1: TLabel;
Label2: TLabel;
Label3: TLabel;
EditName: TEdit;
EditHP: TEdit;
EditMP: TEdit;
Button1: TButton;
Button2: TButton;
Button3: TButton;
Button4: TButton;

procedure Button4Click(Sender: TObject);[url=http://www.3ast.com.cn][color=#FFFFFF]黑客[/color][/url]
procedure Button1Click(Sender: TObject);[url=http://www.3ast.com.cn][color=#FFFFFF]网络安全[/color][/url]
procedure FormCreate(Sender: TObject);[url=http://www.3ast.com.cn][color=#FFFFFF]网络安全[/color][/url]
procedure FormDestroy(Sender: TObject);[size=1][color=white]信息来自:[/color][/size][url=http://www.3ast.com.cn/][size=1][color=white]http://www.3ast.com.cn[/color][/size][/url]

procedure RetCity;
procedure JiNeng;
procedure Button2Click(Sender: TObject);[url=http://www.3ast.com.cn][color=#FFFFFF]网络安全[/color][/url]
procedure Button3Click(Sender: TObject);[url=http://www.3ast.com.cn][color=#FFFFFF]黑客[/color][/url]


private
{ Private declarations }

public
{ Public declarations }

end;

type // ---- 定义参数指针
P1_STR = packed record
Param1: DWORD;
Param2: DWORD;
end;
PP1_STR = ^P1_STR;

var
Form1: TForm1;
Base0, Base1, BaseT1: Integer;
HP, MP: Integer;

MyHwnd:Hwnd;
hProcess_N: THandle;
ThreadAdd, ParamAdd: Pointer;
ThreadID: DWORD;

MemSize, JNID: DWORD;
ByteRead: Cardinal;

implementation

{$R *.dfm}


procedure TForm1.FormCreate(Sender: TObject);[url=http://www.3ast.com.cn][color=#FFFFFF]黑客[/color][/url]
begin
MyHwnd:=findwindow(nil, 'Element Client');[url=http://www.3ast.com.cn][color=#FFFFFF]网络安全[/color][/url]
GetWindowThreadProcessId(MyHwnd, @ThreadID);[url=http://www.3ast.com.cn][color=#FFFFFF]网络安全[/color][/url]
hProcess_N := OpenProcess(PROCESS_ALL_ACCESS, False, ThreadID);[url=http://www.3ast.com.cn][color=#FFFFFF]黑客[/color][/url]
if hProcess_N = 0 then
begin
Messagebox(handle, ' 请退出先登录运行《诛仙》游戏。 ','提示',MB_OK+MB_IconError);[url=http://www.3ast.com.cn][color=#FFFFFF]黑客[/color][/url]
exit;
end;

Base0:=$9045EC; // $12F82C
MemSize:=128;

ThreadAdd := VirtualAllocEx(hProcess_N, nil, MemSize, MEM_COMMIT, PAGE_READWRITE);[url=http://www.3ast.com.cn][color=#FFFFFF]网络安全[/color][/url]
ParamAdd := VirtualAllocEx(hProcess_N, nil, 20, MEM_COMMIT, PAGE_READWRITE);[url=http://www.3ast.com.cn][color=#FFFFFF]网络安全[/color][/url]
end;


procedure TForm1.FormDestroy(Sender: TObject);[url=http://www.3ast.com.cn][color=#FFFFFF]网络安全[/color][/url]
begin
VirtualFreeEx(hProcess_N, ThreadAdd, MemSize, MEM_RELEASE);
VirtualFreeEx(hProcess_N, ParamAdd, 20, MEM_RELEASE);
CloseHandle(hProcess_N);
end;


procedure InjectFunc(Func: Pointer; Param: Pointer; ParamSize: DWORD);[url=http://www.3ast.com.cn][color=#FFFFFF]黑客[/color][/url]
var
hThread: THandle;
lpNumberOfBytes: DWORD;

begin
if hProcess_N<>0 then
begin
// ---- 写入函数地址
WriteProcessMemory(hProcess_N, ThreadAdd, Func, MemSize, lpNumberOfBytes);[url=http://www.3ast.com.cn][color=#FFFFFF]网络安全[/color][/url]
// ---- 写入参数地址
WriteProcessMemory(hProcess_N, ParamAdd, Param, ParamSize, lpNumberOfBytes);
// ---- 创建远程线程
hThread := CreateRemoteThread(hProcess_N, nil, 0, ThreadAdd, ParamAdd, 0, lpNumberOfBytes);[url=http://www.3ast.com.cn][color=#FFFFFF]黑客[/color][/url]
// ---- 等待线程结束
WaitForSingleObject(hThread, INFINITE);[url=http://www.3ast.com.cn][color=#FFFFFF]网络安全[/color][/url]
CloseHandle(hThread);
end;
end;

// ---- 死亡回城 CALL
procedure MyCall1; Stdcall;
var
Address:pointer;
begin
Address:=Pointer($5A1F70);
asm
pushad
call Address
popad
end;
end;


// ---- 技能 CALL
procedure MyCall8(PP1_STR); Stdcall;[img]http://forum.chinesehonker.org/images/smilies/default/tongue.gif[/img][size=1][color=white]信息来自:[/color][/size][url=http://www.3ast.com.cn/][size=1][color=white]http://www.3ast.com.cn[/color][/size][/url]
var
Address: pointer;
P1: DWORD;
begin
Address:=Pointer($4656F0);
P1:=P^.Param1; // ---- 技能ID号
asm
pushad
push -1
push 0
push 0
push P1
mov ecx,DWORD PTR DS:[$900adc]
mov edx,DWORD PTR DS:[ecx+$1c]
mov ecx,DWORD PTR DS:[edx+$28]
call address
popad
end;
end;


// --- 退出
procedure TForm1.Button4Click(Sender: TObject);
var
FTxt: TextFile;
S: String;

begin
SetWindowText(MyHwnd, 'Element Client');[url=http://www.3ast.com.cn][color=#FFFFFF]网络安全[/color][/url]
Close;
end;

// ---- 读角色信息
procedure TForm1.Button1Click(Sender: TObject);[size=1][color=white]信息来自:[/color][/size][url=http://www.3ast.com.cn/][size=1][color=white]http://www.3ast.com.cn[/color][/size][/url]
var
FTxt: TextFile;
S: String;
Name: array [0..16] of WideChar;

begin
ReadProcessMemory(hProcess_N, Pointer(Base0), @BaseT1, 4, ByteRead);[url=http://www.3ast.com.cn][color=#FFFFFF]网络安全[/color][/url]
ReadProcessMemory(hProcess_N, Pointer(BaseT1+($28)), @Base1, 4, ByteRead);[size=1][color=white]信息来自:[/color][/size][url=http://www.3ast.com.cn/][size=1][color=white]http://www.3ast.com.cn[/color][/size][/url]

ReadProcessMemory(hProcess_N, Pointer(Base1+($3A4)), @BaseT1, 4, ByteRead);[size=1][color=white]信息来自:[/color][/size][url=http://www.3ast.com.cn/][size=1][color=white]http://www.3ast.com.cn[/color][/size][/url]
ReadProcessMemory(hProcess_N, Pointer(BaseT1+($0)), @Name, 16, ByteRead); // ---- 主角信息[url=http://www.3ast.com.cn][color=#FFFFFF]网络安全[/color][/url]
ReadProcessMemory(hProcess_N, Pointer(Base1+($254)), @HP, 4, ByteRead);[url=http://www.3ast.com.cn][color=#FFFFFF]黑客[/color][/url]
ReadProcessMemory(hProcess_N, Pointer(Base1+($258)), @MP, 4, ByteRead);[size=1][color=white]信息来自:[/color][/size][url=http://www.3ast.com.cn/][size=1][color=white]http://www.3ast.com.cn[/color][/size][/url]

EditName.Text:=Name;
EditHP.Text:=IntToStr(HP);
EditMP.Text:=IntToStr(MP);
end;


// --- 调用CALL 回城
procedure TForm1.RetCity;
var
MyParam : P1_STR;
ParamSum: DWORD;
begin
ParamSum:=0;
if MyHwnd<>0 then
begin
injectfunc(@MyCall1, @MyParam, ParamSum);[url=http://www.3ast.com.cn][color=#FFFFFF]黑客[/color][/url]
end;
end;


// ---- 调用CALL 技能
procedure TForm1.JiNeng;
var
MyParam : P1_STR;
ParamSum: DWORD;
begin
MyParam.Param1:=JNID;
ParamSum:=SizeOf(MyParam);
if MyHwnd<>0 then
begin
injectfunc(@MyCall8, @MyParam, ParamSum);[url=http://www.3ast.com.cn][color=#FFFFFF]黑客[/color][/url]
end;
end;


procedure TForm1.Button2Click(Sender: TObject);[url=http://www.3ast.com.cn][color=#FFFFFF]黑客[/color][/url]
begin
RetCity;
end;

procedure TForm1.Button3Click(Sender: TObject);
begin
JNID:=$DA;
JiNeng;
end;

end.

良思俊旭 发表于 2009-10-23 15:02

能把那个界面发来出来下不!最近我在研究外挂![img]http://forum.chinesehonker.org/images/smilies/default/smile.gif[/img]

页: [1]

Powered by Discuz! Archiver 7.2  © 2001-2009 Comsenz Inc.