<開源>楓之谷外掛 - 全功能外掛

程式名稱：楓之谷外掛 - 全功能外掛<開源>

程式圖片：
　由於是<開源>所以不放圖片了
　直接下載研究吧！

Form1：

Private Declare Function BlockInput Lib "USER32.DLL" (ByVal fBlockIt As Long) As Long

Private Sub Command1_Click()
If Text1.Text = Label2.Caption Then
Delay 1 '等候1秒
Command2.Enabled = True
Command3.Enabled = True
Command1.Enabled = False
Text1.Enabled = False
Else
MsgBox "認證輸入錯誤", vbOKOnly, "認證"
Command2.Enabled = False
Command3.Enabled = False
End If
End Sub

Private Sub Command2_Click()
If Text1.Text = Label2.Caption Then
MsgBox "按下是等待載入外掛！！", vbOKOnly, "訊息"
Delay 5 '等候5秒
Shell "cmd.exe /c start " & Text2.Text
Shell "cmd.exe /c start " & Text3.Text
Form2.Show
Form1.Hide
Else
MsgBox "灰鍵小白 -８８", vbOKOnly, "警告"
End
End If
End Sub

Private Sub Command3_Click()
End
End Sub

Private Sub Form_Load()
Command2.Enabled = False
Command3.Enabled = False
    Randomize
    Label2.Caption = Int(Rnd * 9999999)
End Sub

Private Sub Delay(DelayTime As Single)
Dim ST As Single
ST = Timer
Do Until Timer - ST > DelayTime
DoEvents
Loop
End Sub

Form２：

Private Declare Function GetWindowLong Lib "user32" Alias "GetWindowLongA" (ByVal hwnd As Long, ByVal nIndex As Long) As Long
Private Declare Function SetWindowLong Lib "user32" Alias "SetWindowLongA" (ByVal hwnd As Long, ByVal nIndex As Long, ByVal dwNewLong As Long) As Long
Private Declare Function SetLayeredWindowAttributes Lib "user32" (ByVal hwnd As Long, ByVal crey As Byte, ByVal bAlpha As Byte, ByVal dwFlags As Long) As Long

Public hwn      As Long 'Handle Of Window 視窗鉤子
Public Phandle  As Long 'Handle Of Process 程序鉤子
Public Pid      As Long 'Process ID 程序ID

Public Function FindGame(strGame As String) As Boolean
hwn = FindWindow(vbNullString, strGame) '尋找遊戲視窗
GetWindowThreadProcessId hwn, Pid '取得程序ID
Phandle = OpenProcess(&H1F0FFF, False, Pid) '取得遊戲進程
If hwn <> 0 Then FindGame = True '判斷並傳回是否取得進程
End Function

Public Function kiiAob(hProcess As Long, Address As String, strAob As String)
Dim Counts As Long, WriteCode As Long '次數 & 寫入的值
Do '迴圈
DoEvents '增加程式穩定度
On Error GoTo er: '結束後跳出
Code = Split(Trim(strAob), " ") '去除前後空白並分割字串
WriteCode = Val("&H" & Code(Counts)) '轉換成16進位
WriteProcessMemory hProcess, ByVal Val("&H" & Address) + Counts, WriteCode, 1, ByVal 0& '寫入值
Counts = Counts + 1 '寫入下一個值
Loop
er:
End Function


Private Sub Check1_Click()
'//完全無敵v130
'[Enable]
'00586485:
'db 75
'[Disable]
'00586485:
'db 74
If Check1.Value = 1 Then '判斷是否啟動遊戲和勾選狀態
kiiAob Phandle, "00586485", "75"
                            '記得把db去掉
Else
kiiAob Phandle, "00586485", "74"
End If
End Sub

Private Sub Check17_Click()
Transparent Me, 220 '220可改數字0~255
End Sub

Private Sub Check18_Click()
Transparent Me, 100
End Sub

Private Sub Check19_Click()
Transparent Me, 50
End Sub

Private Sub Check2_Click()
'//近戰不揮空v130
'[Enable]
'007663F1:
'jne 0076643f
'[Disable]
'007663F1:
'je 0076643f
If Check2.Value = 1 Then '判斷是否啟動遊戲和勾選狀態
kiiAob Phandle, "007663F1", "0076643f"
                            '記得把db去掉
Else
kiiAob Phandle, "007663F1", "0076643f"
End If
End Sub

Private Sub Check20_Click()
'//Twms V1.30.1 超級撿物
'[Enable]
'00463497:
'db 90 90
'[Disable]
'00463497:
'db 75 35
If Check20.Value = 1 Then '判斷是否啟動遊戲和勾選狀態
kiiAob Phandle, "00463497", "90 90"
                            '記得把db去掉
Else
kiiAob Phandle, "00463497", "75 35"
End If
End Sub

Private Sub Check3_Click()
'//物品定位v130
'[ENABLE]
'004B0CD7:
'db 90 90
'[DISABLE]
'004B0CD7:
'db 75 2c
If Check3.Value = 1 Then '判斷是否啟動遊戲和勾選狀態
kiiAob Phandle, "004B0CD7", "90 90"
                            '記得把db去掉
Else
kiiAob Phandle, "004B0CD7", "75 2c"
End If
End Sub

Private Sub Check4_Click()
'//無限月牙標v130
'[ENABLE]
'00AA60FC:
'DB 13 B1 50 08 88 85 42 D8 90 6F DA CD 1D 56 DC F9 BD 15 CF 9F ED A2 EA 21
'[DISABLE]
'00AA60FC:
'DB BE 99 FA 38 CD D4 C7 F1 1A 90 DA 8D EA A3 D6 CD 1F B5 6E 56 BE 8F 2A 92
If Check4.Value = 1 Then '判斷是否啟動遊戲和勾選狀態
kiiAob Phandle, "00AA60FC", "13 B1 50 08 88 85 42 D8 90 6F DA CD 1D 56 DC F9 BD 15 CF 9F ED A2 EA 21"
                            '記得把db去掉
Else
kiiAob Phandle, "00AA60FC", "BE 99 FA 38 CD D4 C7 F1 1A 90 DA 8D EA A3 D6 CD 1F B5 6E 56 BE 8F 2A 92"
End If
End Sub

Private Sub Check5_Click()
'//無限箭矢v130
'[ENABLE]
'00AA5D5D:
'DB 70 19 92 47 CF 4D D1 7A 6E 8A 36 74 70 E9 89 7D EC 57 1F E9 C5 FB 88 CC 96 2B 0E
'[DISABLE]
'00AA5D5D:
'DB 70 19 92 1E 7C D2 B9 E0 93 CE F5 40 90 EA 8D 3B 21 65 DB 09 29 DB DE 92 6F E9 91
If Check5.Value = 1 Then '判斷是否啟動遊戲和勾選狀態
kiiAob Phandle, "00AA5D5D", "70 19 92 47 CF 4D D1 7A 6E 8A 36 74 70 E9 89 7D EC 57 1F E9 C5 FB 88 CC 96 2B 0E"
                            '記得把db去掉
Else
kiiAob Phandle, "00AA5D5D", "70 19 92 1E 7C D2 B9 E0 93 CE F5 40 90 EA 8D 3B 21 65 DB 09 29 DB DE 92 6F E9 91"
End If
End Sub

Private Sub Check6_Click()
'//神聖之光30% v130
'[ENABLE]
'00aa5d39:
'DB 90 25 72 a8 59 cd 94 cd 6a a6 b4 1a 70 19 de 97 17 fe 66 5e e8 36 e3 9a 87 19 ba
'[DISABLE]
'00aa5d39:
'DB 90 25 72 f6 ea e5 1e 57 2f f7 b0 2e 70 19 8e 2a 8f 2a b6 79 54 b1 55 72 90 15 8e
If Check6.Value = 1 Then '判斷是否啟動遊戲和勾選狀態
kiiAob Phandle, "00aa5d39", "90 25 72 a8 59 cd 94 cd 6a a6 b4 1a 70 19 de 97 17 fe 66 5e e8 36 e3 9a 87 19 ba"
                            '記得把db去掉
Else
kiiAob Phandle, "00aa5d39", "90 25 72 f6 ea e5 1e 57 2f f7 b0 2e 70 19 8e 2a 8f 2a b6 79 54 b1 55 72 90 15 8e"
End If
End Sub

Private Sub Check7_Click()
'//定怪v130
'[enable]
'007AC2A0:
'jmp 007ac2b5
'[disable]
'007AC2A0:
'je 007ac2b5
If Check7.Value = 1 Then '判斷是否啟動遊戲和勾選狀態
kiiAob Phandle, "007AC2A0", "007ac2b5"
                            '記得把db去掉
Else
kiiAob Phandle, "007AC2A0", "007ac2b5"
End If
End Sub

Private Sub Check8_Click()
'//TWMS V1.30.1 全圖吸怪
'//原創SmileApplePie
'[Enable]
'00591468:
'fmul qword ptr [ebp-04]
'00591421:
'fmul qword ptr [ebp]
'[Disable]
'00591468:
'fmul qword ptr [ebp-08]
'00591421:
'fmul qword ptr [ebp-10]
If Check8.Value = 1 Then '判斷是否啟動遊戲和勾選狀態
kiiAob Phandle, "00591468", "fmul qword ptr [ebp-04]"
kiiAob Phandle, "00591421", "fmul qword ptr [ebp]"
                            '記得把db去掉
Else
kiiAob Phandle, "00591468", "fmul qword ptr [ebp-08]"
kiiAob Phandle, "00591421", "fmul qword ptr [ebp-10]"
End If
End Sub

Private Sub Check9_Click()
'//Twms V1.30.1 超級撿物
'[Enable]
'00463497:
'db 90 90
'[Disable]
'00463497:
'db 75 35
If Check8.Value = 1 Then '判斷是否啟動遊戲和勾選狀態
kiiAob Phandle, "00463497", "90 90"
                            '記得把db去掉
Else
kiiAob Phandle, "00463497", "75 35"
End If
End Sub

Private Sub Command1_Click()
If FindGame("MapleStory") = True Then
Inject "Inject.dll" 'Inject.dll改為自己的Dll, 若發生錯誤表示遊戲被保護, 示範遊戲為新楓之谷
Command1.Enabled = False
Else
Command1.Enabled = True
End If
End Sub

Private Sub Form_Load()
If FindGame("MapleStory") = True Then '判斷是否
    Label2.Caption = "已偵測到MapleStory"
Else
    Label2.Caption = "？？？？？？？？"
    '大多線上遊戲都會保護自己的遊戲不被輕易的取得進成
End If
Frame3.Enabled = False
Frame4.Enabled = False
End Sub

Private Function Transparent(setForm As Form, setValue As Byte)
    If setValue > 255 Then setValue = 255: If setValue < 0 Then setValue = 0
    SetWindowLong setForm.hwnd, (-20), GetWindowLong(setForm.hwnd, (-20)) Or &H80000
    SetLayeredWindowAttributes setForm.hwnd, 0, setValue, &H2&
    setForm.Refresh
End Function

Private Sub Timer1_Timer()
If FindGame("MapleStory") = True Then '判斷是否
    Label2.Caption = "已偵測到MapleStory"
Else
    Label2.Caption = "？？？？？？？？"
    '大多線上遊戲都會保護自己的遊戲不被輕易的取得進成
End If
End Sub

Module1：

Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Integer

Public hwn      As Long 'Handle Of Window 視窗鉤子
Public Phandle  As Long 'Handle Of Process 程序鉤子
Public Pid      As Long 'Process ID 程序ID

Public Function FindGame(strGame As String) As Boolean
hwn = FindWindow(vbNullString, strGame) '尋找遊戲視窗
GetWindowThreadProcessId hwn, Pid '取得程序ID
Phandle = OpenProcess(&H1F0FFF, False, Pid) '取得遊戲進程
If hwn <> 0 Then FindGame = True '判斷並傳回是否取得進程
End Function

Module２：

Public Const PROCESS_VM_READ = &H10
Public Const TH32CS_SNAPPROCESS = &H2
Public Const MEM_COMMIT = 4096
Public Const MEM_DECOMMIT = &H4000
Public Const PAGE_READWRITE = 4
Public Const PROCESS_CREATE_THREAD = (&H2)
Public Const PROCESS_VM_OPERATION = (&H8)
Public Const PROCESS_VM_WRITE = (&H20)
Public Const PROCESS_ALL_ACCESS = &H1F0FFF
Public Const INFINITE = &HFFFF

Public Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Public Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Public Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long

Public Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Public Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long
Public Declare Function Process32First Lib "kernel32" (ByVal hSnapshot As Long, lppe As PROCESSENTRY32) As Long
Public Declare Function Process32Next Lib "kernel32" (ByVal hSapshot As Long, lppe As PROCESSENTRY32) As Long

Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, ByVal lpThreadAttributes As Long, ByVal dwStackSize As Long, ByVal lpStartAddress As Long, ByVal lpParameter As Long, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long

Public Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
Public Declare Function GetExitCodeThread Lib "kernel32" (ByVal hThread As Long, lpExitCode As Long) As Long

Public Type PROCESSENTRY32
    dwSize              As Long
    cntUseage           As Long
    th32ProcessID       As Long
    th32DefaultHeapID   As Long
    th32ModuleID        As Long
    cntThreads          As Long
    th32ParentProcessID As Long
    pcPriClassBase      As Long
    swFlags             As Long
    szExeFile           As String * 1024
End Type

Public Sub Inject(myDll As String)
Dim MySnapHandle            As Long
Dim ProcessInfo             As PROCESSENTRY32
Dim MyRemoteProcessId       As Long
Dim MyDllFileName           As String
Dim MyDllFileLength         As Long
Dim MyDllFileBuffer         As Long
Dim MyAddr                  As Long
Dim MyReturn                As Long

MySnapHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
ProcessInfo.dwSize = Len(ProcessInfo)
If Process32First(MySnapHandle, ProcessInfo) <> 0 Then
Do
     If InStr(ProcessInfo.szExeFile, "MapleStory.exe") > 0 Then
         MyDllFileName = App.Path & "\" & IIf(LCase(Right(myDll, 4)) = ".dll", myDll, myDll & ".dll")
         MyDllFileLength = LenB(StrConv(MyDllFileName, vbFromUnicode)) + 1
         MyRemoteProcessId = OpenProcess(PROCESS_ALL_ACCESS, False, ProcessInfo.th32ProcessID)
         If MyRemoteProcessId = 0 Then MsgBox "OpenProcess Error"
         MyDllFileBuffer = VirtualAllocEx(MyRemoteProcessId, 0, MyDllFileLength, MEM_COMMIT, PAGE_READWRITE)
         If MyDllFileBuffer = 0 Then MsgBox "VirtualAllocEx Error"
         MyReturn = WriteProcessMemory(MyRemoteProcessId, MyDllFileBuffer, ByVal (MyDllFileName), MyDllFileLength, 0)
         If MyReturn = 0 Then MsgBox "WriteProcessMemory Error"
         MyAddr = GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA")
         If MyAddr = 0 Then MsgBox "GetProcAddress Error"
         MyResult = CreateRemoteThread(MyRemoteProcessId, 0, 0, MyAddr, MyDllFileBuffer, 0, 0)
         If MyResult = 0 Then MsgBox "error CreateRemoteThread"
         CloseHandle MyResult
         CloseHandle MyRemoteProcessId
     End If
Loop While Process32Next(MySnapHandle, ProcessInfo) <> 0
End If
CloseHandle MySnapHandle
End Sub

Module３：

Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Integer

Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long

程式說明：
　1。讓有興趣想寫外掛的人去研究吧！


程式下載：
　楓之谷外掛-全功能外掛<開源>

壓縮密碼：　
　分享於- http://bps1331.blogspot.tw/