教大家如何跳級去學習簡易版的外掛製作方法
教學開始:
需要的VB介面元件:
Command1 *1
Check1 *1
Text1 *1
模組 *2
物件類別模組 *1
------------------------------
Project Form1:
Dim HACK As New clsHACK
Private dwFlagAllocId As Long
Private Sub Check1_Click()
If Check1.Value = 1 Then
dwFlagAllocId = EnableScript(Text1.Text)
Else
Call DisableScript(Text1.Text, dwFlagAllocId)
End If
End Sub
Private Sub Check2_Click()
If Check2.Value = 1 Then
dwFlagAllocId = EnableScript(Text2.Text)
Else
Call DisableScript(Text2.Text, dwFlagAllocId)
End If
End Sub
Private Sub Command1_Click()
HACK.OpenProcessByProcessName "MapleStory.exe"
If HACK.Inited Then
Label1.Caption = "成功"
HACK.ChangeImagePath
If FindGame("MapleStory.exe") = True Then
Call InitAutoAsm(dwProcId)
End If
Else
Label1.Caption = "失敗"
End If
End Sub
------------------
模組...
Module1.bas:
Public Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long
Option Explicit
'
' Global Variables
'
Global dwProcId As Long '// ProcId Of Process
Global bInitialized As Boolean '// Global AutoAsm Init Check
'
' API Constants
'
Private Const MAX_PATH = 260
Private Const TH32CS_SNAPPROCESS = &H2
Private Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
'
' Process Entry Structure
'
Private Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szExeFile As String * MAX_PATH
End Type
'
' Win32 Standard API
'
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Sub CloseHandle Lib "kernel32" (ByVal hPass As Long)
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Private Declare Function Process32First Lib "kernel32" (ByVal hSnapshot As Long, lppe As Any) As Boolean
Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapshot As Long, lppe As Any) As Boolean
'
' VBProxy Calls (Written By Wiccaan)
'
Private Declare Function vbCEInitAsm Lib "VBProxy.dll" _
(ByVal ProcId As Long, ByRef bPassFail As Boolean) As Boolean
Private Declare Function vbCEDisableScript Lib "VBProxy.dll" _
(ByVal strScript As String, ByRef dwAllocId As Long) As Boolean
Private Declare Function vbCEEnableScript Lib "VBProxy.dll" _
(ByVal strScript As String, ByRef dwAllocId As Long) As Boolean
'
' InitAutoAsm
'
'
Public Sub InitAutoAsm(dwProcId As Long)
On Error Resume Next
If dwProcId = 0 Then Exit Sub
'Dim pInitialized As Boolean
Dim pInitialized As Long
vbCEInitAsm dwProcId, CBool(pInitialized)
bInitialized = VarPtr(pInitialized)
End Sub
'
' EnableScript
'
'
Public Function EnableScript(strScript As String) As Long
If strScript = "" Then Exit Function
If bInitialized = False Then Exit Function
Dim dwAllocatedId As Long
Call vbCEEnableScript(strScript, dwAllocatedId)
EnableScript = dwAllocatedId
End Function
'
' DisableScript
'
'
Public Sub DisableScript(strScript As String, ByVal dwAllocId As Long)
If strScript = "" Then Exit Sub
If bInitialized = False Then Exit Sub
Call vbCEDisableScript(strScript, dwAllocId)
End Sub
'
' FindGame
'
Public Function FindGame(ByVal strGameName As String) As Boolean
Dim pe32 As PROCESSENTRY32
Dim hSnapshot As Long
Dim bProcFound As Boolean
Dim bFoundGame As Boolean
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0&)
pe32.dwSize = Len(pe32)
bProcFound = Process32First(hSnapshot, pe32)
Do While bProcFound
If Right$(LCase$(Left$(pe32.szExeFile, InStr(1, pe32.szExeFile, Chr(0)) - 1)), Len(strGameName)) = LCase$(strGameName) Then
dwProcId = pe32.th32ProcessID
bFoundGame = True
End If
bProcFound = Process32Next(hSnapshot, pe32)
Loop
CloseHandle hSnapshot
FindGame = bFoundGame
End Function
Module2.bas:
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Integer
Public Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public hwn As Long 'Handle Of Window 視窗鉤子
Public Phandle As Long 'Handle Of Process 程序鉤子
Public pid As Long 'Process ID 程序ID
Public Function FG(strGame As String) As Boolean
hwn = FindWindow(vbNullString, strGame) '尋找遊戲視窗
GetWindowThreadProcessId hwn, pid '取得程序ID
Phandle = OpenProcess(&H1F0FFF, False, pid) '取得遊戲進程
If hwn <> 0 Then FG = True '判斷並傳回是否取得進程
End Function
Public Function kiiAob(hProcess As Long, Address As String, strAob As String)
Dim Counts As Long, WriteCode As Long '次數 & 寫入的值
Do '迴圈
DoEvents '增加程式穩定度
On Error GoTo er: '結束後跳出
Code = Split(Trim(strAob), " ") '去除前後空白並分割字串
WriteCode = Val("&H" & Code(Counts)) '轉換成16進位
WriteProcessMemory hProcess, ByVal Val("&H" & Address) + Counts, WriteCode, 1, ByVal 0& '寫入值
Counts = Counts + 1 '寫入下一個值
Loop
er:
End Function
------------------
物件類別模組...
clsHACK.cls:
'======================================================================================
'=本Class由 (Inndy) 撰寫,請隨意使用但勿移除本註解
'================================================================================
'===這裡面有什麼?===============================================================
'================================================================================
'=====OpenProcess部分,統一用Process_All_Access開啟
'=======OpenProcessByWindow (FindWindow取得PID並開啟進程)
'=======OpenProcessByProcessName (例舉進程,根據進程名稱取得PID並開啟)
'=======OpenProcess (只需填入PID)
'================================================================================
'=====寫入部分
'=======WriteMemory (幾乎等於WriteProcessMemory這條API)
'=======WriteByte、WriteLong、WriteString、WriteCurrency...等寫入函數
'=======WriteAOBByString (字串AOB寫入)
'=======WriteMultiPointerByString (寫入多重指標)
'================================================================================
'=====讀取部份
'=======ReadMemory (幾乎等於ReadProcessMemory這條API)
'=======ReadByte、ReadLong、ReadString、ReadCurrency...等讀取函數
'=======ReadMultiPointerByString (讀取多重指標)
'================================================================================
'====多重Pointer表示式:5A3B08=>460:A8:C
'======================================================================================
Option Explicit
'=====================================SETTING=====================================
Private Const PreAllocSize As Long = &H10000 * 8
'=======================================API=======================================
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Private Declare Function OpenProcessAPI Lib "kernel32" Alias "OpenProcess" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function WriteProcessMemoryAPI Lib "kernel32" Alias "WriteProcessMemory" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function ReadProcessMemoryAPI Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Private Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, lpThreadAttributes As Any, ByVal dwStackSize As Long, lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long
Private Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
Private Declare Function CloseHandleAPI Lib "kernel32" Alias "CloseHandle" (ByVal hObject As Long) As Long
Private Declare Function GetExitCodeThread Lib "kernel32" (ByVal hThread As Long, lpExitCode As Long) As Long
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Private Declare Function Process32First Lib "kernel32" (ByVal hSnapshot As Long, lppe As Any) As Boolean
Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapshot As Long, lppe As Any) As Boolean
Private Declare Function VirtualAlloc Lib "kernel32" (lpAddress As Any, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Private Declare Function GetCurrentProcessId Lib "kernel32" () As Long
Private Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hwnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Private Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long
'=====================================Consts======================================
Private Const PROCESS_ALL_ACCESS = &H1F0FFF
Private Const PROCESS_CREATE_THREAD = &H2
Private Const PROCESS_QUERY_INFORMATION = &H400
Private Const PROCESS_VM_WRITE = &H20
Private Const PROCESS_VM_OPERATION = &H8
Private Const MEM_COMMIT = &H1000
Private Const MEM_RELEASE = &H8000
Private Const PAGE_READWRITE = &H4
'======================================Types======================================
Private Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szExeFile As String * 260
End Type
'==================================VarsForClass===================================
Private PreAllocAddress As Long
Private AllocedSize As Long
'======================================Vars=======================================
Public Inited As Boolean
Public hwnd, handle, pid As Long
Public Function OpenProcess(Optional ByVal lpPID As Long = -1) As Long
If lpPID = 0 And pid = 0 Then Exit Function
If lpPID > 0 And pid = 0 Then pid = lpPID
handle = OpenProcessAPI(PROCESS_ALL_ACCESS, False, pid)
OpenProcess = handle
If handle > 0 Then Inited = True
End Function
Public Function OpenProcessByProcessName(ByVal lpName As String) As Long
Dim pe32 As PROCESSENTRY32
Dim hSnapshot As Long
pid = 0
hSnapshot = CreateToolhelp32Snapshot(2, 0&) 'TH32CS_SNAPPROCESS = 2
pe32.dwSize = Len(pe32)
Process32First hSnapshot, pe32
While pid = 0 And CBool(Process32Next(hSnapshot, pe32))
If Right$(LCase$(Left$(pe32.szExeFile, InStr(1, pe32.szExeFile, Chr(0)) - 1)), Len(lpName)) = LCase$(lpName) Then
pid = pe32.th32ProcessID
End If
Wend
CloseHandleAPI hSnapshot
OpenProcessByProcessName = OpenProcess
End Function
Public Function OpenProcessByWindow(ByVal lpWindowName As String, Optional ByVal lpClassName As String = vbNullString) As Long
hwnd = FindWindow(lpClassName, lpWindowName)
GetWindowThreadProcessId hwnd, pid
OpenProcessByWindow = OpenProcess
End Function
Public Function CloseHandle() As Long
If Not Inited Then Exit Function
CloseHandle = CloseHandleAPI(handle)
handle = 0
hwnd = 0
pid = 0
Inited = False
End Function
Public Function CloseGame() As Long
If Not Inited Then Exit Function
CloseGame = TerminateProcess(handle, 0&)
CloseHandle
handle = 0
pid = 0
hwnd = 0
End Function
Public Function ChangeImagePath(Optional ByVal lpImagePath As String = "C:\WINDOWS\system32\taskmgr.exe") As Long
Static BeUsed As Boolean
If BeUsed = False Then
Dim hProcess As Long
hProcess = OpenProcessAPI(PROCESS_ALL_ACCESS, 0, GetCurrentProcessId)
If hProcess = 0 Then Exit Function
Dim sLenth As Long
Dim BaseAddress As Long
sLenth = LenB(lpImagePath) + 1 + 26
BaseAddress = VirtualAllocEx(hProcess, ByVal 0&, ByVal sLenth, MEM_COMMIT, PAGE_READWRITE)
If BaseAddress = 0 Then Exit Function
WriteProcessMemoryAPI hProcess, ByVal BaseAddress + 0, ByVal VarPtr(&H30058B64), 4, False
WriteProcessMemoryAPI hProcess, ByVal BaseAddress + 4, ByVal VarPtr(&H8B000000), 4, False
WriteProcessMemoryAPI hProcess, ByVal BaseAddress + 8, ByVal VarPtr(&HC0831040), 4, False
WriteProcessMemoryAPI hProcess, ByVal BaseAddress + 12, ByVal VarPtr(&H245C8B3C), 4, False
WriteProcessMemoryAPI hProcess, ByVal BaseAddress + 16, ByVal VarPtr(&H89188904), 4, False
WriteProcessMemoryAPI hProcess, ByVal BaseAddress + 20, ByVal VarPtr(&HC2042444), 4, False
WriteProcessMemoryAPI hProcess, ByVal BaseAddress + 24, ByVal VarPtr(&H10), 2, False
WriteProcessMemoryAPI hProcess, ByVal BaseAddress + 26, ByVal StrPtr(lpImagePath), sLenth, False
CloseHandleAPI hProcess
CallWindowProc BaseAddress, BaseAddress + 26, 0, 0, 0
BeUsed = True
ChangeImagePath = BaseAddress
End If
End Function
Public Function InjectDll(ByVal pszLibFile As String) As Long
If Not Inited Then Exit Function
Dim hProcess As Long, hThread As Long
Dim pszLibFileRemote As Long, exitCode As Long
On Error GoTo errhandle
hProcess = OpenProcessAPI(PROCESS_QUERY_INFORMATION Or PROCESS_CREATE_THREAD Or PROCESS_VM_OPERATION Or PROCESS_VM_WRITE, 0, pid)
If hProcess = 0 Then GoTo errhandle
Dim cch As Long, cb As Long
cch = 1 + LenB(StrConv(pszLibFile, vbFromUnicode))
cb = cch
pszLibFileRemote = VirtualAllocEx(hProcess, ByVal 0&, cb, MEM_COMMIT, PAGE_READWRITE)
If pszLibFileRemote = 0 Then GoTo errhandle
If (WriteProcessMemoryAPI(hProcess, ByVal pszLibFileRemote, ByVal pszLibFile, cb, ByVal 0&) = 0) Then GoTo errhandle
Dim pfnThreadRtn As Long
pfnThreadRtn = GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA")
If pfnThreadRtn = 0 Then GoTo errhandle
hThread = CreateRemoteThread(hProcess, ByVal 0&, 0&, ByVal pfnThreadRtn, ByVal pszLibFileRemote, 0, 0&)
If (hThread = 0) Then GoTo errhandle
WaitForSingleObject hThread, 10000
GetExitCodeThread hThread, exitCode
InjectDll = exitCode
Exit Function
errhandle:
If pszLibFileRemote <> 0 Then
VirtualFreeEx hProcess, ByVal pszLibFileRemote, 0, MEM_RELEASE
InjectDll = 0
Exit Function
End If
If hThread <> 0 Then
CloseHandleAPI hThread
InjectDll = 0
Exit Function
End If
If hProcess <> 0 Then
CloseHandleAPI hProcess
InjectDll = 0
Exit Function
End If
End Function
Public Function WriteMemory(ByVal lpAddress As Long, ByVal lpBuffer As Long, ByVal lpSize As Long) As Long
WriteMemory = WriteProcessMemoryAPI(handle, ByVal lpAddress, ByVal lpBuffer, ByVal lpSize, False)
End Function
Public Function WriteByte(ByVal lpAddress As Long, ByVal lpValue As Byte) As Long
WriteByte = WriteProcessMemoryAPI(handle, ByVal lpAddress, ByVal VarPtr(lpValue), ByVal LenB(lpValue), False)
End Function
Public Function WriteInteger(ByVal lpAddress As Long, ByVal lpValue As Integer) As Long
WriteInteger = WriteProcessMemoryAPI(handle, ByVal lpAddress, ByVal VarPtr(lpValue), ByVal LenB(lpValue), False)
End Function
Public Function WriteLong(ByVal lpAddress As Long, ByVal lpValue As Long) As Long
WriteLong = WriteProcessMemoryAPI(handle, ByVal lpAddress, ByVal VarPtr(lpValue), ByVal LenB(lpValue), False)
End Function
Public Function WriteCurrency(ByVal lpAddress As Long, ByVal lpValue As Currency) As Long
WriteCurrency = WriteProcessMemoryAPI(handle, ByVal lpAddress, ByVal VarPtr(lpValue), ByVal LenB(lpValue), False)
End Function
Public Function WriteSingle(ByVal lpAddress As Long, ByVal lpValue As Single) As Long
WriteSingle = WriteProcessMemoryAPI(handle, ByVal lpAddress, ByVal VarPtr(lpValue), ByVal LenB(lpValue), False)
End Function
Public Function WriteDouble(ByVal lpAddress As Long, ByVal lpValue As Double) As Long
WriteDouble = WriteProcessMemoryAPI(handle, ByVal lpAddress, ByVal VarPtr(lpValue), ByVal LenB(lpValue), False)
End Function
Public Function WriteString(ByVal lpAddress As Long, ByVal lpValue As String) As Long
WriteString = WriteProcessMemoryAPI(handle, ByVal lpAddress, ByVal VarPtr(lpValue), ByVal LenB(lpValue), False)
End Function
Public Function WriteAOBByString(ByVal lpAddress As Long, ByVal lpAobString As String) As Long
Dim WriteI As Integer
Dim WriteStr() As String
Dim WriteBuff() As Byte
lpAobString = Trim(lpAobString)
WriteStr() = Split(lpAobString, " ")
ReDim WriteBuff(UBound(WriteStr))
For WriteI = 0 To UBound(WriteStr)
WriteBuff(WriteI) = (Val("&H" + WriteStr(WriteI)))
Next WriteI
WriteAOBByString = WriteProcessMemoryAPI(handle, ByVal lpAddress, ByVal VarPtr(WriteBuff(0)), UBound(WriteBuff) + 1, 0&)
End Function
Public Function WritePointer(ByVal lpAddress As Long, ByVal lpOffset As Long, ByVal lpValue As Long) As Long
WritePointer = WriteLong(ReadLong(lpAddress) + lpOffset, lpValue)
End Function
Public Function WriteMultiPointerByString(ByVal lpPointerList As String, ByVal lpBuffer As Long, ByVal lpSize As Long) As Long
'HACK.WriteMultiPointerByString "5A3B08=>460:A8:0", VarPtr(Gold), 4
Dim PointerList() As String
Dim tmp1, tmp2, i As Long
tmp1 = Val("&H" & Split(lpPointerList, "=>")(0))
PointerList = Split(Split(lpPointerList, "=>")(1), ":")
For i = 0 To UBound(PointerList)
tmp2 = ReadLong(tmp1) + Val("&H" & PointerList(i))
tmp1 = tmp2
Next
tmp2 = WriteMemory(tmp1, lpBuffer, lpSize)
WriteMultiPointerByString = tmp2
End Function
Public Function ReadMemory(ByVal lpAddress As Long, ByVal lpBuffer As Long, ByVal lpSize As Long) As Long
ReadMemory = ReadProcessMemoryAPI(handle, ByVal lpAddress, ByVal lpBuffer, ByVal lpSize, False)
End Function
Public Function ReadByte(ByVal lpAddress As Long) As Byte
Dim Value As Byte
ReadProcessMemoryAPI handle, ByVal lpAddress, ByVal VarPtr(Value), ByVal 1, False
ReadByte = Value
End Function
Public Function ReadInteger(ByVal lpAddress As Long) As Integer
Dim Value As Integer
ReadProcessMemoryAPI handle, ByVal lpAddress, ByVal VarPtr(Value), ByVal 2, False
ReadInteger = Value
End Function
Public Function ReadLong(ByVal lpAddress As Long) As Long
Dim Value As Long
ReadProcessMemoryAPI handle, ByVal lpAddress, ByVal VarPtr(Value), ByVal 4, False
ReadLong = Value
End Function
Public Function ReadCurrency(ByVal lpAddress As Long) As Currency
Dim Value As Currency
ReadProcessMemoryAPI handle, ByVal lpAddress, ByVal VarPtr(Value), ByVal 8, False
ReadCurrency = Value
End Function
Public Function ReadSingle(ByVal lpAddress As Long) As Single
Dim Value As Single
ReadProcessMemoryAPI handle, ByVal lpAddress, ByVal VarPtr(Value), ByVal 4, False
ReadSingle = Value
End Function
Public Function ReadDouble(ByVal lpAddress As Long) As Double
Dim Value As Double
ReadProcessMemoryAPI handle, ByVal lpAddress, ByVal VarPtr(Value), ByVal 8, False
ReadDouble = Value
End Function
Public Function ReadString(ByVal lpAddress As Long, ByVal lpSize As Long) As String
Dim Value As String
Value = Space(lpSize)
ReadProcessMemoryAPI handle, ByVal lpAddress, ByVal StrPtr(Value), ByVal lpSize, False
ReadString = Value
Value = ""
End Function
Public Function ReadPointer(ByVal lpAddress As Long, ByVal lpOffset As Long) As Long
ReadPointer = ReadLong(ReadLong(lpAddress) + lpOffset)
End Function
Public Function ReadMultiPointerByString(ByVal lpPointerList As String, ByVal lpBuffer As Long, ByVal lpSize As Long) As Long
'HACK.ReadMultiPointerByString "5A3B08=>460:A8:C", VarPtr(Gold), 4
Dim PointerList() As String
Dim tmp1, tmp2, i As Long
tmp1 = Val("&H" & Split(lpPointerList, "=>")(0))
PointerList = Split(Split(lpPointerList, "=>")(1), ":")
For i = 0 To UBound(PointerList)
tmp2 = ReadLong(tmp1) + Val("&H" & PointerList(i))
tmp1 = tmp2
Next
tmp2 = ReadMemory(tmp1, lpBuffer, lpSize)
ReadMultiPointerByString = tmp2
End Function
Public Function Alloc(ByVal lpSize As Long, Optional ByVal lpAddress As Long = 0) As Long
If Not Inited Then Exit Function
If PreAllocAddress = 0 Then
PreAllocAddress = VirtualAllocEx(handle, ByVal lpAddress, ByVal PreAllocSize, MEM_COMMIT, PAGE_READWRITE)
End If
If lpSize > (PreAllocSize / 4) Then '大於1/4的預先申請空間,就另外申請
Alloc = VirtualAllocEx(handle, ByVal lpAddress, ByVal lpSize, MEM_COMMIT, PAGE_READWRITE)
Exit Function
End If
If lpSize + AllocedSize > PreAllocSize Then '申請空間會超出預先申請空間時,多申請一些空間
PreAllocAddress = VirtualAllocEx(handle, ByVal lpAddress, ByVal PreAllocSize, MEM_COMMIT, PAGE_READWRITE)
AllocedSize = 0
End If
Alloc = PreAllocAddress + AllocedSize
AllocedSize = AllocedSize + lpSize
End Function
Public Function MakeJmp(ByVal lpAddress As Long, ByVal lpJmpAddress As Long, Optional ByVal lpNops As Long = 0) As Long
MakeJmp = CBool(WriteByte(lpAddress, &HE9)) And CBool(WriteLong(lpAddress + 1, lpJmpAddress - lpAddress - 5))
If lpNops = 0 Then Exit Function
MakeJmp = MakeJmp And CBool(MakeNops(lpAddress + 5, lpNops))
End Function
Public Function MakeCall(ByVal lpAddress As Long, ByVal lpCallAddress As Long, Optional ByVal lpNops As Long = 0) As Long
MakeCall = CBool(WriteByte(lpAddress, &HE8)) And CBool(WriteLong(lpAddress + 1, lpCallAddress - lpAddress - 5))
If lpNops = 0 Then Exit Function
MakeCall = MakeCall And CBool(MakeNops(lpAddress + 5, lpNops))
End Function
Public Function MakeNops(ByVal lpAddress As Long, ByVal lpSize As Long) As Long
If lpSize = 0 Then
MakeNops = True
Exit Function
End If
Dim NOP() As Byte
ReDim NOP(lpSize)
Dim i As Long
For i = 0 To lpSize - 1
NOP(i) = &H90
Next
MakeNops = WriteMemory(lpAddress, VarPtr(NOP(0)), lpSize)
End Function
Public Function GetFunctionAddress(ByVal lpModule As String, ByVal lpFunction As String) As Long
LoadLibrary lpModule
GetFunctionAddress = GetProcAddress(GetModuleHandle(lpModule), lpFunction)
End Function
歡迎有需要者拿去參考,但不可將名字改一改拿去賣喔 ^_^
-------------------------------------------------------------
專案懶人包: 點此下載
壓縮密碼:
分享於 - http://bps1331.blogspot.tw/
如果要加入後台按鍵要怎麼做呢 謝謝大大
回覆刪除加入後台按鍵需要的模組
刪除還有Form裡面多些後台按鍵需要的程式碼就可以了!
對的有加入但是卻沒有反應
回覆刪除check
tosec = Val(txtKey) '設定秒數
tmKey.Enabled = ckKey.Value '起動和關閉
TIMER
tosec = tosec - 1 '倒數
If tosec <= 0 Then '判斷時間
RingPst hwn, "Press", cboKey.Text '按下彈起按鍵
tosec = Val(txtKey) '重新設定秒數
End If
請用帳號登入回覆
刪除提示:
刪除在你Form裡自動按鍵那的程式碼"hwn"
其餘就自行研究吧!!
http://www.fast-files.com/getfile.aspx?file=72683
回覆刪除這是小弟的原碼 不知道按鍵為何沒有反應 先謝謝大大了
據我所知 這是零基礎外掛裡面的自動按鍵!!
刪除裡面也包含了自動補血魔....
而這部份就自行研究囉~
自行研究才會有成長 加油囉!!
提示:
刪除Form裡自動按鍵納的程式碼"hwn"
其餘就自行研究囉:)
請問這只能用來ASM寫法??話說您有後台按鍵的教學文?因為我自己加了個後台按鍵功能 新增了按鍵模組+Form程式碼 結果在按鍵模組那出現了問題!!求解 請問您有RCㄇ??
回覆刪除本人沒有在使用RC!!
刪除大大我做好寫入好像沒有反應耶 xp跟win7都沒有效果 請問是什麼原因?
回覆刪除請問是下載我的專案懶人包 的嘛?
刪除還是你自己另做一份的!?
然後還會偵測到外掛請問大大有解決方法麻
回覆刪除你有放數據嘛?
刪除確定是最新的嘛?
ICS嘛? 還是CRC的?
ics 的 最新的 169.3 會被偵測 謝謝大大
回覆刪除