|
  
- 帖子
- 490
- 积分
- 1232
- 威望
- 1938
- 金钱
- 990
- 在线时间
- 9 小时
|
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,信息来自:http://www.3ast.com.cn
Dialogs, ComCtrls, StdCtrls, ExtCtrls, StrUtils;
type
TForm1 = class(TForm)
PageControl1: TPageControl;
TabSheet1: TTabSheet;
GroupBox1: TGroupBox;
Label1: TLabel;
Label2: TLabel;
Label3: TLabel;
EditName: TEdit;
EditHP: TEdit;
EditMP: TEdit;
Button1: TButton;
Button2: TButton;
Button3: TButton;
Button4: TButton;
procedure Button4Click(Sender: TObject);黑客
procedure Button1Click(Sender: TObject);网络安全
procedure FormCreate(Sender: TObject);网络安全
procedure FormDestroy(Sender: TObject);信息来自:http://www.3ast.com.cn
procedure RetCity;
procedure JiNeng;
procedure Button2Click(Sender: TObject);网络安全
procedure Button3Click(Sender: TObject);黑客
private
{ Private declarations }
public
{ Public declarations }
end;
type // ---- 定义参数指针
P1_STR = packed record
Param1: DWORD;
Param2: DWORD;
end;
PP1_STR = ^P1_STR;
var
Form1: TForm1;
Base0, Base1, BaseT1: Integer;
HP, MP: Integer;
MyHwnd:Hwnd;
hProcess_N: THandle;
ThreadAdd, ParamAdd: Pointer;
ThreadID: DWORD;
MemSize, JNID: DWORD;
ByteRead: Cardinal;
implementation
{$R *.dfm}
procedure TForm1.FormCreate(Sender: TObject);黑客
begin
MyHwnd:=findwindow(nil, 'Element Client');网络安全
GetWindowThreadProcessId(MyHwnd, @ThreadID);网络安全
hProcess_N := OpenProcess(PROCESS_ALL_ACCESS, False, ThreadID);黑客
if hProcess_N = 0 then
begin
Messagebox(handle, ' 请退出先登录运行《诛仙》游戏。 ','提示',MB_OK+MB_IconError);黑客
exit;
end;
Base0:=$9045EC; // $12F82C
MemSize:=128;
ThreadAdd := VirtualAllocEx(hProcess_N, nil, MemSize, MEM_COMMIT, PAGE_READWRITE);网络安全
ParamAdd := VirtualAllocEx(hProcess_N, nil, 20, MEM_COMMIT, PAGE_READWRITE);网络安全
end;
procedure TForm1.FormDestroy(Sender: TObject);网络安全
begin
VirtualFreeEx(hProcess_N, ThreadAdd, MemSize, MEM_RELEASE);
VirtualFreeEx(hProcess_N, ParamAdd, 20, MEM_RELEASE);
CloseHandle(hProcess_N);
end;
procedure InjectFunc(Func: Pointer; Param: Pointer; ParamSize: DWORD);黑客
var
hThread: THandle;
lpNumberOfBytes: DWORD;
begin
if hProcess_N<>0 then
begin
// ---- 写入函数地址
WriteProcessMemory(hProcess_N, ThreadAdd, Func, MemSize, lpNumberOfBytes);网络安全
// ---- 写入参数地址
WriteProcessMemory(hProcess_N, ParamAdd, Param, ParamSize, lpNumberOfBytes);
// ---- 创建远程线程
hThread := CreateRemoteThread(hProcess_N, nil, 0, ThreadAdd, ParamAdd, 0, lpNumberOfBytes);黑客
// ---- 等待线程结束
WaitForSingleObject(hThread, INFINITE);网络安全
CloseHandle(hThread);
end;
end;
// ---- 死亡回城 CALL
procedure MyCall1; Stdcall;
var
Address:pointer;
begin
Address:=Pointer($5A1F70);
asm
pushad
call Address
popad
end;
end;
// ---- 技能 CALL
procedure MyCall8(PP1_STR); Stdcall; 信息来自:http://www.3ast.com.cn
var
Address: pointer;
P1: DWORD;
begin
Address:=Pointer($4656F0);
P1:=P^.Param1; // ---- 技能ID号
asm
pushad
push -1
push 0
push 0
push P1
mov ecx,DWORD PTR DS:[$900adc]
mov edx,DWORD PTR DS:[ecx+$1c]
mov ecx,DWORD PTR DS:[edx+$28]
call address
popad
end;
end;
// --- 退出
procedure TForm1.Button4Click(Sender: TObject);
var
FTxt: TextFile;
S: String;
begin
SetWindowText(MyHwnd, 'Element Client');网络安全
Close;
end;
// ---- 读角色信息
procedure TForm1.Button1Click(Sender: TObject);信息来自:http://www.3ast.com.cn
var
FTxt: TextFile;
S: String;
Name: array [0..16] of WideChar;
begin
ReadProcessMemory(hProcess_N, Pointer(Base0), @BaseT1, 4, ByteRead);网络安全
ReadProcessMemory(hProcess_N, Pointer(BaseT1+($28)), @Base1, 4, ByteRead);信息来自:http://www.3ast.com.cn
ReadProcessMemory(hProcess_N, Pointer(Base1+($3A4)), @BaseT1, 4, ByteRead);信息来自:http://www.3ast.com.cn
ReadProcessMemory(hProcess_N, Pointer(BaseT1+($0)), @Name, 16, ByteRead); // ---- 主角信息网络安全
ReadProcessMemory(hProcess_N, Pointer(Base1+($254)), @HP, 4, ByteRead);黑客
ReadProcessMemory(hProcess_N, Pointer(Base1+($258)), @MP, 4, ByteRead);信息来自:http://www.3ast.com.cn
EditName.Text:=Name;
EditHP.Text:=IntToStr(HP);
EditMP.Text:=IntToStr(MP);
end;
// --- 调用CALL 回城
procedure TForm1.RetCity;
var
MyParam : P1_STR;
ParamSum: DWORD;
begin
ParamSum:=0;
if MyHwnd<>0 then
begin
injectfunc(@MyCall1, @MyParam, ParamSum);黑客
end;
end;
// ---- 调用CALL 技能
procedure TForm1.JiNeng;
var
MyParam : P1_STR;
ParamSum: DWORD;
begin
MyParam.Param1:=JNID;
ParamSum:=SizeOf(MyParam);
if MyHwnd<>0 then
begin
injectfunc(@MyCall8, @MyParam, ParamSum);黑客
end;
end;
procedure TForm1.Button2Click(Sender: TObject);黑客
begin
RetCity;
end;
procedure TForm1.Button3Click(Sender: TObject);
begin
JNID:=$DA;
JiNeng;
end;
end. |
|
发表于 2009-10-23 15:02
| 
