在bpsend看到的,转下来 武林外传 117 常用Call(VC Dll) 这是我用VC写的武林117版的一些常用Call 函数,现给出Dll源代码,没什么技术含量,参考一些资料 VC新建Dll工程,添加cpp文件,名字为wulin2,添加一个文本文件,命名为 wulin2.def,拷贝下面的代码到相应文件,编译后就可以使用了
//文件 wulin2.cpp // wulin2.cpp : Defines the entry point for the DLL application. // #include "StdAfx.h" #include "windows.h" #pragma data_seg("Shared") typedef struct paramdata { long param1; long param2; DWORD param3; DWORD param4; }paramdata,*paramp; #pragma data_seg() #pragma comment(linker,"/Section:Shared,RWS") LPVOID ThreadAdd; LPVOID ParamAdd; const DWORD wSize=1024*4; HANDLE hpid;
int NormalHit() //普通攻击 For 117 { DWORD addr=0x005A3090; __asm { call addr } return 0; }
int CallTab() //Tab选怪键 For 117 { DWORD addr=0x0045BF80; __asm { mov eax,0x008FC85C mov eax,[eax] mov eax,[eax+0x1C] mov ecx,[eax+0x24] push 0 call addr } return 0; }
int KuaiJie(LPVOID lParam) //1~0 分别对应 0~9 For 117 { paramdata * lp; lp=(paramdata *)lParam; DWORD lp1=lp->param1; __asm { mov eax,0x008FC85C mov eax,[eax] mov eax,[eax+0x1C] mov eax,[eax+0x24] mov eax,[eax+0x8E8] mov eax,[eax+0xC] mov edx,lp1 mov eax,[eax+edx*4] mov edx,[eax] mov ecx,eax mov eax,[edx+0x8] call eax } return 0; } int KuaiJieF(LPVOID lParam) //F1~F8 分别对应 0~7 For 117 { paramdata * lp; lp=(paramdata *)lParam; DWORD lp1=lp->param1; __asm { mov eax,0x008FC85C mov eax,[eax] mov eax,[eax+0x1C] mov eax,[eax+0x24] mov eax,[eax+0x8F4] mov eax,[eax+0xC] mov edx,lp1 mov eax,[eax+edx*4] mov edx,[eax] mov ecx,eax mov eax,[edx+0x8] call eax } return 0; } int Sit(LPVOID lParam) //打坐 For 117 { DWORD addr=0x005A3710; paramdata * lp; lp=(paramdata *)lParam; __asm { call addr } return 0; } int UnSit(LPVOID lParam) //取消打坐 For 117 { DWORD addr=0x005A36D0; paramdata * lp; lp=(paramdata *)lParam; __asm { call addr } return 0; } int DeadBack(LPVOID lParam) //死亡回城 For 117 { DWORD addr=0x005A34B0; paramdata * lp; lp=(paramdata *)lParam; __asm { call addr } return 0; } int PickUp(LPVOID lParam) //捡物 For 117 { DWORD addr=0x005A30D0; //0x00578C70; paramdata * lp; lp=(paramdata *)lParam; DWORD lp1=(DWORD)lp->param3; DWORD lp2=(DWORD)lp->param4; __asm { pushad // mov ecx,0x8FC85C // mov ecx,[ecx] mov edx, lp1 mov eax, lp2 push edx // mov ecx,[ecx+0x20] push eax // add ecx, 0xD4 call addr add esp,8 popad } return 0; } int AutoGo(LPVOID lParam) //自动寻路 For 117 { DWORD addr=0x00429F60; paramdata * lp; lp=(paramdata *)lParam; float lp1=(float)lp->param1; float lp2=(float)lp->param2; __asm { pushad mov eax,0x8FC85C mov eax,[eax] mov eax,[eax+0x1C] mov ecx,[eax+0x24] lea ecx,[ecx+0x3C] mov eax,[eax+0x8] mov eax,[eax+0x88] push eax mov eax, lp1 mov ds:[0x902568], eax mov eax, 0 mov ds:[0x90256C], eax mov eax, lp2 mov ds:[0x902570], eax push 0x00902568 push ecx mov ecx,0x008FC810 call addr popad } return 0; } void DoFunc(void *funcptr,paramdata pdata) //选择函数 { HANDLE TmpHandle; ::WriteProcessMemory(hpid, ParamAdd,&pdata, sizeof(pdata), NULL);//将要注入的参数写到上面建立的内存空间中 ::WriteProcessMemory(hpid, ThreadAdd,funcptr, wSize, NULL);//将要注入的过程写到上面建立的内存空间中 TmpHandle = ::CreateRemoteThread(hpid, NULL, 0, (LPTHREAD_START_ROUTINE)ThreadAdd,ParamAdd, 0, NULL); //获得注入后过程的句柄ID ::ResumeThread(TmpHandle); //运行注入的CALL线程 ::WaitForSingleObject(TmpHandle, INFINITE); //等待线程结束 ::CloseHandle(TmpHandle); //关闭线程 } void __stdcall ChooseKeys(HANDLE mhpid,intmkeycode,long lparm1=0,long lparm2=0,DWORD lparm3=0,DWORD lparm4=0) //可导出函数,用于其他函数声明 { hpid=mhpid; paramdata pdata; pdata.param1=lparm1; pdata.param2=lparm2; pdata.param3=lparm3; pdata.param4=lparm4; if(mkeycode==-1) { //申请内存 ThreadAdd = ::VirtualAllocEx(hpid, NULL, wSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);//在目标进程建立内存空间 ParamAdd = ::VirtualAllocEx(hpid, NULL, sizeof(paramdata), MEM_COMMIT, PAGE_READWRITE);//在目标进程建立内存空间 } else if(mkeycode==-2) { //释放内存 if(ThreadAdd!=NULL) ::VirtualFreeEx(hpid,ThreadAdd,wSize,MEM_RELEASE); if(ParamAdd!=NULL) ::VirtualFreeEx(hpid,ParamAdd,sizeof(paramdata),MEM_RELEASE); if(ThreadAdd!=NULL) ::VirtualFreeEx(hpid,ThreadAdd,wSize,MEM_RELEASE); if(ParamAdd!=NULL) ::VirtualFreeEx(hpid,ParamAdd,sizeof(paramdata),MEM_RELEASE); } else if(mkeycode==0) //普通攻击 { DoFunc(NormalHit,pdata); } else if(mkeycode==1) //捡物品 { DWORD BassAddr=0x008FC85C; DWORD mecxi,meax,m1,m2; ::ReadProcessMemory(hpid,LPVOID(BassAddr),(LPVOID)&meax,4,NULL); ::ReadProcessMemory(hpid,LPVOID(meax+0x1C),(LPVOID)&mecxi,4,NULL); ::ReadProcessMemory(hpid,LPVOID(mecxi+0x08),(LPVOID)&meax,4,NULL); ::ReadProcessMemory(hpid,LPVOID(meax+0x24),(LPVOID)&mecxi,4,NULL); ::ReadProcessMemory(hpid,LPVOID(mecxi+0x18),(LPVOID)&meax,4,NULL); ::ReadProcessMemory(hpid,LPVOID(meax+(DWORD)lparm1*0x04),(LPVOID)&mecxi,4,NULL); ::ReadProcessMemory(hpid,LPVOID(mecxi+0x04),(LPVOID)&meax,4,NULL); ::ReadProcessMemory(hpid,LPVOID(meax+0x110),(LPVOID)&m1,4,NULL); ::ReadProcessMemory(hpid,LPVOID(meax+0x10C),(LPVOID)&m2,4,NULL);
pdata.param3=m1; pdata.param4=m2; DoFunc(PickUp,pdata); } else if(mkeycode==2) //打坐 { DoFunc(Sit,pdata); } else if(mkeycode==3) //取消打坐 { DoFunc(UnSit,pdata); } else if(mkeycode==4) //死亡回城 { DoFunc(DeadBack,pdata); } else if(mkeycode==5) //自动寻路 { DoFunc(AutoGo,pdata); } else if(mkeycode==100) { //Tab 选怪 DoFunc(CallTab,pdata); } else if(mkeycode>=0x30 && mkeycode <=0x39) //快捷键0-9 { DoFunc(KuaiJie,pdata); } else if(mkeycode>=0x70 && mkeycode <=0x77) //快捷键F1-F8 { DoFunc(KuaiJieF,pdata); } } extern BOOL __stdcall APIENTRY DllMain( HINSTANCE hInstance, DWORD ul_reason_for_call, LPVOID lpReserved) {
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH: { } case DLL_THREAD_ATTACH: break; case DLL_THREAD_DETACH: break; case DLL_PROCESS_DETACH: break; } return TRUE; } //文件 wulin2.def
|
|
随笔:2
文章:5
评论:0
引用:0
| 日 | 一 | 二 | 三 | 四 | 五 | 六 |
---|
24 | 25 | 26 | 27 | 28 | 29 | 30 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 1 | 2 | 3 | 4 |
|
常用链接
留言簿(2)
随笔档案
文章分类
文章档案
开源库
搜索
最新评论
阅读排行榜
评论排行榜
|
|