Board logo

标题: 【分享】delphi 写外挂的模板 [打印本页]
作者: 卡多佐    时间: 2009-10-23 15:02     标题: 【分享】delphi 写外挂的模板

unit Unit1;

interface

uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,信息来自:http://www.3ast.com.cn
Dialogs, ComCtrls, StdCtrls, ExtCtrls, StrUtils;

type
TForm1 = class(TForm)
PageControl1: TPageControl;
TabSheet1: TTabSheet;
GroupBox1: TGroupBox;
Label1: TLabel;
Label2: TLabel;
Label3: TLabel;
EditName: TEdit;
EditHP: TEdit;
EditMP: TEdit;
Button1: TButton;
Button2: TButton;
Button3: TButton;
Button4: TButton;

procedure Button4Click(Sender: TObject);黑客
procedure Button1Click(Sender: TObject);网络安全
procedure FormCreate(Sender: TObject);网络安全
procedure FormDestroy(Sender: TObject);信息来自:http://www.3ast.com.cn

procedure RetCity;
procedure JiNeng;
procedure Button2Click(Sender: TObject);网络安全
procedure Button3Click(Sender: TObject);黑客


private
{ Private declarations }

public
{ Public declarations }

end;

type // ---- 定义参数指针
P1_STR = packed record
Param1: DWORD;
Param2: DWORD;
end;
PP1_STR = ^P1_STR;

var
Form1: TForm1;
Base0, Base1, BaseT1: Integer;
HP, MP: Integer;

MyHwnd:Hwnd;
hProcess_N: THandle;
ThreadAdd, ParamAdd: Pointer;
ThreadID: DWORD;

MemSize, JNID: DWORD;
ByteRead: Cardinal;

implementation

{$R *.dfm}


procedure TForm1.FormCreate(Sender: TObject);黑客
begin
MyHwnd:=findwindow(nil, 'Element Client');网络安全
GetWindowThreadProcessId(MyHwnd, @ThreadID);网络安全
hProcess_N := OpenProcess(PROCESS_ALL_ACCESS, False, ThreadID);黑客
if hProcess_N = 0 then
begin
Messagebox(handle, ' 请退出先登录运行《诛仙》游戏。 ','提示',MB_OK+MB_IconError);黑客
exit;
end;

Base0:=$9045EC; // $12F82C
MemSize:=128;

ThreadAdd := VirtualAllocEx(hProcess_N, nil, MemSize, MEM_COMMIT, PAGE_READWRITE);网络安全
ParamAdd := VirtualAllocEx(hProcess_N, nil, 20, MEM_COMMIT, PAGE_READWRITE);网络安全
end;


procedure TForm1.FormDestroy(Sender: TObject);网络安全
begin
VirtualFreeEx(hProcess_N, ThreadAdd, MemSize, MEM_RELEASE);
VirtualFreeEx(hProcess_N, ParamAdd, 20, MEM_RELEASE);
CloseHandle(hProcess_N);
end;


procedure InjectFunc(Func: Pointer; Param: Pointer; ParamSize: DWORD);黑客
var
hThread: THandle;
lpNumberOfBytes: DWORD;

begin
if hProcess_N<>0 then
begin
// ---- 写入函数地址
WriteProcessMemory(hProcess_N, ThreadAdd, Func, MemSize, lpNumberOfBytes);网络安全
// ---- 写入参数地址
WriteProcessMemory(hProcess_N, ParamAdd, Param, ParamSize, lpNumberOfBytes);
// ---- 创建远程线程
hThread := CreateRemoteThread(hProcess_N, nil, 0, ThreadAdd, ParamAdd, 0, lpNumberOfBytes);黑客
// ---- 等待线程结束
WaitForSingleObject(hThread, INFINITE);网络安全
CloseHandle(hThread);
end;
end;

// ---- 死亡回城 CALL
procedure MyCall1; Stdcall;
var
Address:pointer;
begin
Address:=Pointer($5A1F70);
asm
pushad
call Address
popad
end;
end;


// ---- 技能 CALL
procedure MyCall8(PP1_STR); Stdcall;信息来自:http://www.3ast.com.cn
var
Address: pointer;
P1: DWORD;
begin
Address:=Pointer($4656F0);
P1:=P^.Param1; // ---- 技能ID号
asm
pushad
push -1
push 0
push 0
push P1
mov ecx,DWORD PTR DS:[$900adc]
mov edx,DWORD PTR DS:[ecx+$1c]
mov ecx,DWORD PTR DS:[edx+$28]
call address
popad
end;
end;


// --- 退出
procedure TForm1.Button4Click(Sender: TObject);
var
FTxt: TextFile;
S: String;

begin
SetWindowText(MyHwnd, 'Element Client');网络安全
Close;
end;

// ---- 读角色信息
procedure TForm1.Button1Click(Sender: TObject);信息来自:http://www.3ast.com.cn
var
FTxt: TextFile;
S: String;
Name: array [0..16] of WideChar;

begin
ReadProcessMemory(hProcess_N, Pointer(Base0), @BaseT1, 4, ByteRead);网络安全
ReadProcessMemory(hProcess_N, Pointer(BaseT1+($28)), @Base1, 4, ByteRead);信息来自:http://www.3ast.com.cn

ReadProcessMemory(hProcess_N, Pointer(Base1+($3A4)), @BaseT1, 4, ByteRead);信息来自:http://www.3ast.com.cn
ReadProcessMemory(hProcess_N, Pointer(BaseT1+($0)), @Name, 16, ByteRead); // ---- 主角信息网络安全
ReadProcessMemory(hProcess_N, Pointer(Base1+($254)), @HP, 4, ByteRead);黑客
ReadProcessMemory(hProcess_N, Pointer(Base1+($258)), @MP, 4, ByteRead);信息来自:http://www.3ast.com.cn

EditName.Text:=Name;
EditHP.Text:=IntToStr(HP);
EditMP.Text:=IntToStr(MP);
end;


// --- 调用CALL 回城
procedure TForm1.RetCity;
var
MyParam : P1_STR;
ParamSum: DWORD;
begin
ParamSum:=0;
if MyHwnd<>0 then
begin
injectfunc(@MyCall1, @MyParam, ParamSum);黑客
end;
end;


// ---- 调用CALL 技能
procedure TForm1.JiNeng;
var
MyParam : P1_STR;
ParamSum: DWORD;
begin
MyParam.Param1:=JNID;
ParamSum:=SizeOf(MyParam);
if MyHwnd<>0 then
begin
injectfunc(@MyCall8, @MyParam, ParamSum);黑客
end;
end;


procedure TForm1.Button2Click(Sender: TObject);黑客
begin
RetCity;
end;

procedure TForm1.Button3Click(Sender: TObject);
begin
JNID:=$DA;
JiNeng;
end;

end.
作者: 良思俊旭    时间: 2009-10-23 15:02

能把那个界面发来出来下不!最近我在研究外挂!



欢迎光临 【3.A.S.T】网络安全爱好者 (http://3ast.com/) Powered by Discuz! 7.2