游戏注入CALL
2007-06-26 17:06
232 查看
主窗口代码
Option Explicit
Private Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Const WM_USER = &H400
Dim AppPath As String
Private Sub cmdExit_Click()
Unload Me
End Sub
Private Sub cmdNotePad_Click()
Shell "elementclient.exe", vbMinimizedNoFocus
End Sub
Private Sub cmdInject_Click()
Dim hwnd As Long, PID As Long, hProcess As Long
Dim hBlock As Long, hLoad As Long, hThread As Long
Dim DllPath As String
Dim cb As Long, lpBuf As Long
DllPath = AppPath & "/ZXDLL.dll"
cb = 1 + LenB(StrConv(DllPath, vbFromUnicode))
hwnd = FindWindow("ZElementClient Window", "Element Client")
If hwnd = 0 Then
MsgBox "游戏没有运行!", vbInformation
Exit Sub
End If
Call GetWindowThreadProcessId(hwnd, PID)
If PID = 0 Then
MsgBox "无法取得进程ID!", vbInformation
Exit Sub
End If
hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, PID)
If hProcess = 0 Then
MsgBox "没有权限打开进程!", vbInformation
Exit Sub
End If
hBlock = VirtualAllocEx(hProcess, 0&, cb, MEM_COMMIT, PAGE_READWRITE)
If hBlock = 0 Then
MsgBox "无法分配内存空间!", vbInformation
Exit Sub
End If
lpBuf = WriteProcessMemory(hProcess, hBlock, ByVal DllPath, cb, ByVal 0&)
If lpBuf = 0 Then
MsgBox "无法写入内存!", vbInformation
Exit Sub
End If
hLoad = GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA")
hThread = CreateRemoteThread(hProcess, ByVal 0&, 0&, ByVal hLoad, hBlock, 0&, ByVal 0&)
If hThread = 0 Then
MsgBox "创建远线程失败!", vbInformation
Exit Sub
End If
End Sub
Private Sub Command1_Click()
Dim Phwnd As Long
Phwnd = FindWindow(vbNullString, "ZX_DLL")
SendMessage Phwnd, WM_USER + 403, 0, 0
End Sub
Private Sub Command2_Click()
Dim Phwnd As Long
Phwnd = FindWindow(vbNullString, "ZX_DLL")
SendMessage Phwnd, WM_USER + 404, 0, 0
End Sub
Private Sub Command3_Click()
Dim Phwnd As Long
Phwnd = FindWindow(vbNullString, "ZX_DLL")
SendMessage Phwnd, WM_USER + 402, 0, 0
End Sub
Private Sub Command4_Click()
Dim Phwnd As Long
Phwnd = FindWindow(vbNullString, "ZX_DLL")
SendMessage Phwnd, WM_USER + 400, 0, 0
End Sub
Private Sub Command5_Click()
Dim GuaiWuID As Long
Dim hwnd As Long
hwnd = FindWindow(vbNullString, "ZX_DLL")
GuaiWuID = Text1.Text
SendMessage hwnd, WM_USER + 401, 0, VarPtr(GuaiWuID)
End Sub
Private Sub Form_Load()
AppPath = IIf(Len(App.Path) = 3, App.Path, App.Path & "/")
End Sub
模块代码
Public Const PROCESS_VM_WRITE = &H20 'For WriteProcessMemory
Public Const PROCESS_VM_OPERATION = &H8 'For VirtualAllocEx
Public Const PROCESS_ALL_ACCESS& = &H1F0FFF
Public Const CREATE_SUSPENDED = &H4
Public Const MEM_COMMIT = &H1000
Public Const PAGE_READWRITE = &H4
Public Const PAGE_EXECUTE_READWRITE = &H40
Public Const MEM_RESERVE = &H2000
Public Const MEM_RELEASE = &H8000
Public Const INFINITE = &HFFFF
Public Const WM_SYSCOMMAND = &H112
Public Const PROCESS_VM_READ = &H10
Public Const PROCESS_QUERY_INFORMATION = &H400
Public Const MAX_PATH = 260
Public Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long
Public Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Public Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Public Declare Function ResumeThread Lib "kernel32" (ByVal hThread As Long) As Long
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Public Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Public Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, lpThreadAttributes As Any, ByVal dwStackSize As Long, lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long
Public Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Public Declare Function lstrlen Lib "kernel32" Alias "lstrlenA" (ByVal lpString As String) As Long
Public Declare Function EnumProcessModules Lib "PSAPI.DLL" (ByVal hProcess As Long, hModule As Long, ByVal cb As Long, cbNeeded As Long) As Long
Public Declare Function GetModuleFileNameEx Lib "PSAPI.DLL" Alias "GetModuleFileNameExA" (ByVal hProcess As Long, ByVal hModule As Long, ByVal lpFileName As String, ByVal nSize As Long) As Long
Public Declare Function GetCurrentProcessId Lib "kernel32" () As Long
DLL.bas模块代码
#COMPILE DLL
#REGISTER NONE
#DIM ALL
#INCLUDE "Win32Api.Inc"
GLOBAL hDlg AS DWORD
GLOBAL ghInstance AS DWORD
FUNCTION CallTabKey() AS LONG
LOCAL Address AS DWORD
Address = &H45f440
!PUSHAD
!MOV EAX,DWORD PTR DS:[&H8F3CC4]
!MOV EAX,DWORD PTR DS:[EAX+&H1C]
!MOV EAX,DWORD PTR DS:[EAX+&H28] ';此处执行完,EAX保存的是人物基地址
!MOV ECX, EAX ';人物基地址要作为此函数调用的this指针
!PUSH 0
!CALL Address
!POPAD
END FUNCTION
FUNCTION CallSelectGuaiWu(ID AS LONG) AS LONG '根据ID选怪
LOCAL Address AS DWORD
Address = &H5779d0
!PUSHAD
!PUSH ID
!MOV EAX,DWORD PTR DS:[&H8F3CC4]
!MOV ECX,DWORD PTR DS:[EAX+&H20]
!ADD ECX,&HD4
!CALL Address
!POPAD
END FUNCTION
FUNCTION CallNormalAttack() AS LONG '普通攻击Call
LOCAL Address AS DWORD
Address = &H5a0d10
CALL DWORD Address
END FUNCTION
FUNCTION CallZazen() AS LONG '打坐Call
LOCAL Address AS DWORD
Address = &H5A1390
CALL DWORD Address
END FUNCTION
FUNCTION CallUnZazen() AS LONG '取消打坐CALL
LOCAL Address AS DWORD
Address = &H5A1350
CALL DWORD Address
END FUNCTION
FUNCTION CallSkillAttack(ID AS DWORD) AS LONG '使用技能Call
LOCAL Address AS DWORD
Address = &H4658d0
!PUSHAD
!MOV ECX,DWORD PTR DS:[&H8F3CC4]
!MOV EAX,ID
!PUSH -1
!PUSH 0
!MOV EDX,DWORD PTR DS:[ECX+&H1C]
!PUSH 0
!PUSH EAX
!MOV ECX,DWORD PTR DS:[EDX+&H28]
!CALL Address
!POPAD
END FUNCTION
FUNCTION CallPickItem(ID AS DWORD,ID2 AS DWORD) AS LONG '物品拾取Call
LOCAL Address AS DWORD
Address = &H577960
!PUSHAD
!PUSH ID
!PUSH ID2
!MOV ECX,DWORD PTR DS:[&H8F3CC4]
!MOV ECX,DWORD PTR DS:[ECX+&H20]
!ADD ECX,&HD4
!CALL Address
!POPAD
END FUNCTION
FUNCTION CallUseItem(ID AS DWORD,ID2 AS DWORD) AS LONG '使用物品Call
LOCAL Address AS DWORD
Address = &H577790
!PUSHAD
!PUSH 1
!MOV EDX, ID
!PUSH EDX
!MOV EAX, ID2
!PUSH EAX
!PUSH 0
!MOV ESI,DWORD PTR DS:[&H8F3CC4]
!MOV ESI,DWORD PTR DS:[ESI+&H20]
!LEA ECX, DWORD PTR [ESI+&HD4]
!CALL Address
!POPAD
END FUNCTION
FUNCTION CallRunMap(ID AS DWORD,x AS SINGLE,y AS SINGLE,z AS SINGLE) AS LONG '后台走路Call
LOCAL Address AS DWORD
Address = &H42B6F0
!PUSHAD
!MOV EAX, x
!MOV [&H8F9BEC], EAX
!MOV EAX, z
!MOV [&H8F9BEC], EAX
!MOV EAX, y
!MOV [&H8F9BEC], EAX
!MOV EAX, DWORD PTR DS:[&H8F77D4]
!MOV EAX, DWORD PTR DS:[EAX+&H28]
!LEA EAX, DWORD PTR [EAX+&H3C]
!PUSH ID
!PUSH &H8F9BE8
!PUSH EAX
!MOV ECX, &H8F3C60
!CALL Address
!POPAD
END FUNCTION
FUNCTION GUIActivate(BYVAL h AS LONG) AS LONG
DIALOG NEW 0,"ZX_DLL", , , 0, 0, %WS_POPUP TO hDlg
DIALOG SHOW STATE hDlg,%SW_HIDE '隐藏窗口
DIALOG SHOW MODAL hDlg CALL DlgProc
END FUNCTION
CALLBACK FUNCTION DlgProc
SELECT CASE CBMSG
CASE %WM_USER + 400 '选TAB
CallTabKey
CASE %WM_USER + 401 '选怪
LOCAL GuaiWuIDPtr AS LONG POINTER
GuaiWuIDPtr = CBLPARAM
MSGBOX STR$(@GuaiWuIDPtr)
CallSelectGuaiWu(@GuaiWuIDPtr)
CASE %WM_USER + 402 '普通攻击CALL
CallNormalAttack()
CASE %WM_USER + 403 '打坐
CallZazen()
CASE %WM_USER + 404 '取消打坐
CallUnZazen()
CASE %WM_USER + 405 '使用技能CALL
LOCAL JiNengIDPtr AS LONG POINTER
GuaiWuIDPtr = CBLPARAM
MSGBOX STR$(@JiNengIDPtr)
CallSkillAttack(@JiNengIDPtr)
CASE %WM_USER + 406 '拾取物品
CASE %WM_USER + 407 '使用物品
CASE %WM_USER + 408 '后台走路
END SELECT
END FUNCTION
FUNCTION LIBMAIN (BYVAL hInstance AS LONG, _
BYVAL fwdReason AS LONG, _
BYVAL lpvReserved AS LONG) AS LONG
LOCAL idThread AS LONG
SELECT CASE fwdReason
CASE %DLL_PROCESS_ATTACH
THREAD CREATE GUIActivate(0) TO idThread
ghInstance = hInstance
FUNCTION = 1
CASE %DLL_PROCESS_DETACH
FUNCTION = 1
CASE %DLL_THREAD_ATTACH
FUNCTION = 1
CASE %DLL_THREAD_DETACH
FUNCTION = 1
END SELECT
END FUNCTION
Option Explicit
Private Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Const WM_USER = &H400
Dim AppPath As String
Private Sub cmdExit_Click()
Unload Me
End Sub
Private Sub cmdNotePad_Click()
Shell "elementclient.exe", vbMinimizedNoFocus
End Sub
Private Sub cmdInject_Click()
Dim hwnd As Long, PID As Long, hProcess As Long
Dim hBlock As Long, hLoad As Long, hThread As Long
Dim DllPath As String
Dim cb As Long, lpBuf As Long
DllPath = AppPath & "/ZXDLL.dll"
cb = 1 + LenB(StrConv(DllPath, vbFromUnicode))
hwnd = FindWindow("ZElementClient Window", "Element Client")
If hwnd = 0 Then
MsgBox "游戏没有运行!", vbInformation
Exit Sub
End If
Call GetWindowThreadProcessId(hwnd, PID)
If PID = 0 Then
MsgBox "无法取得进程ID!", vbInformation
Exit Sub
End If
hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, PID)
If hProcess = 0 Then
MsgBox "没有权限打开进程!", vbInformation
Exit Sub
End If
hBlock = VirtualAllocEx(hProcess, 0&, cb, MEM_COMMIT, PAGE_READWRITE)
If hBlock = 0 Then
MsgBox "无法分配内存空间!", vbInformation
Exit Sub
End If
lpBuf = WriteProcessMemory(hProcess, hBlock, ByVal DllPath, cb, ByVal 0&)
If lpBuf = 0 Then
MsgBox "无法写入内存!", vbInformation
Exit Sub
End If
hLoad = GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA")
hThread = CreateRemoteThread(hProcess, ByVal 0&, 0&, ByVal hLoad, hBlock, 0&, ByVal 0&)
If hThread = 0 Then
MsgBox "创建远线程失败!", vbInformation
Exit Sub
End If
End Sub
Private Sub Command1_Click()
Dim Phwnd As Long
Phwnd = FindWindow(vbNullString, "ZX_DLL")
SendMessage Phwnd, WM_USER + 403, 0, 0
End Sub
Private Sub Command2_Click()
Dim Phwnd As Long
Phwnd = FindWindow(vbNullString, "ZX_DLL")
SendMessage Phwnd, WM_USER + 404, 0, 0
End Sub
Private Sub Command3_Click()
Dim Phwnd As Long
Phwnd = FindWindow(vbNullString, "ZX_DLL")
SendMessage Phwnd, WM_USER + 402, 0, 0
End Sub
Private Sub Command4_Click()
Dim Phwnd As Long
Phwnd = FindWindow(vbNullString, "ZX_DLL")
SendMessage Phwnd, WM_USER + 400, 0, 0
End Sub
Private Sub Command5_Click()
Dim GuaiWuID As Long
Dim hwnd As Long
hwnd = FindWindow(vbNullString, "ZX_DLL")
GuaiWuID = Text1.Text
SendMessage hwnd, WM_USER + 401, 0, VarPtr(GuaiWuID)
End Sub
Private Sub Form_Load()
AppPath = IIf(Len(App.Path) = 3, App.Path, App.Path & "/")
End Sub
模块代码
Public Const PROCESS_VM_WRITE = &H20 'For WriteProcessMemory
Public Const PROCESS_VM_OPERATION = &H8 'For VirtualAllocEx
Public Const PROCESS_ALL_ACCESS& = &H1F0FFF
Public Const CREATE_SUSPENDED = &H4
Public Const MEM_COMMIT = &H1000
Public Const PAGE_READWRITE = &H4
Public Const PAGE_EXECUTE_READWRITE = &H40
Public Const MEM_RESERVE = &H2000
Public Const MEM_RELEASE = &H8000
Public Const INFINITE = &HFFFF
Public Const WM_SYSCOMMAND = &H112
Public Const PROCESS_VM_READ = &H10
Public Const PROCESS_QUERY_INFORMATION = &H400
Public Const MAX_PATH = 260
Public Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long
Public Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Public Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Public Declare Function ResumeThread Lib "kernel32" (ByVal hThread As Long) As Long
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Public Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Public Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, lpThreadAttributes As Any, ByVal dwStackSize As Long, lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long
Public Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Public Declare Function lstrlen Lib "kernel32" Alias "lstrlenA" (ByVal lpString As String) As Long
Public Declare Function EnumProcessModules Lib "PSAPI.DLL" (ByVal hProcess As Long, hModule As Long, ByVal cb As Long, cbNeeded As Long) As Long
Public Declare Function GetModuleFileNameEx Lib "PSAPI.DLL" Alias "GetModuleFileNameExA" (ByVal hProcess As Long, ByVal hModule As Long, ByVal lpFileName As String, ByVal nSize As Long) As Long
Public Declare Function GetCurrentProcessId Lib "kernel32" () As Long
DLL.bas模块代码
#COMPILE DLL
#REGISTER NONE
#DIM ALL
#INCLUDE "Win32Api.Inc"
GLOBAL hDlg AS DWORD
GLOBAL ghInstance AS DWORD
FUNCTION CallTabKey() AS LONG
LOCAL Address AS DWORD
Address = &H45f440
!PUSHAD
!MOV EAX,DWORD PTR DS:[&H8F3CC4]
!MOV EAX,DWORD PTR DS:[EAX+&H1C]
!MOV EAX,DWORD PTR DS:[EAX+&H28] ';此处执行完,EAX保存的是人物基地址
!MOV ECX, EAX ';人物基地址要作为此函数调用的this指针
!PUSH 0
!CALL Address
!POPAD
END FUNCTION
FUNCTION CallSelectGuaiWu(ID AS LONG) AS LONG '根据ID选怪
LOCAL Address AS DWORD
Address = &H5779d0
!PUSHAD
!PUSH ID
!MOV EAX,DWORD PTR DS:[&H8F3CC4]
!MOV ECX,DWORD PTR DS:[EAX+&H20]
!ADD ECX,&HD4
!CALL Address
!POPAD
END FUNCTION
FUNCTION CallNormalAttack() AS LONG '普通攻击Call
LOCAL Address AS DWORD
Address = &H5a0d10
CALL DWORD Address
END FUNCTION
FUNCTION CallZazen() AS LONG '打坐Call
LOCAL Address AS DWORD
Address = &H5A1390
CALL DWORD Address
END FUNCTION
FUNCTION CallUnZazen() AS LONG '取消打坐CALL
LOCAL Address AS DWORD
Address = &H5A1350
CALL DWORD Address
END FUNCTION
FUNCTION CallSkillAttack(ID AS DWORD) AS LONG '使用技能Call
LOCAL Address AS DWORD
Address = &H4658d0
!PUSHAD
!MOV ECX,DWORD PTR DS:[&H8F3CC4]
!MOV EAX,ID
!PUSH -1
!PUSH 0
!MOV EDX,DWORD PTR DS:[ECX+&H1C]
!PUSH 0
!PUSH EAX
!MOV ECX,DWORD PTR DS:[EDX+&H28]
!CALL Address
!POPAD
END FUNCTION
FUNCTION CallPickItem(ID AS DWORD,ID2 AS DWORD) AS LONG '物品拾取Call
LOCAL Address AS DWORD
Address = &H577960
!PUSHAD
!PUSH ID
!PUSH ID2
!MOV ECX,DWORD PTR DS:[&H8F3CC4]
!MOV ECX,DWORD PTR DS:[ECX+&H20]
!ADD ECX,&HD4
!CALL Address
!POPAD
END FUNCTION
FUNCTION CallUseItem(ID AS DWORD,ID2 AS DWORD) AS LONG '使用物品Call
LOCAL Address AS DWORD
Address = &H577790
!PUSHAD
!PUSH 1
!MOV EDX, ID
!PUSH EDX
!MOV EAX, ID2
!PUSH EAX
!PUSH 0
!MOV ESI,DWORD PTR DS:[&H8F3CC4]
!MOV ESI,DWORD PTR DS:[ESI+&H20]
!LEA ECX, DWORD PTR [ESI+&HD4]
!CALL Address
!POPAD
END FUNCTION
FUNCTION CallRunMap(ID AS DWORD,x AS SINGLE,y AS SINGLE,z AS SINGLE) AS LONG '后台走路Call
LOCAL Address AS DWORD
Address = &H42B6F0
!PUSHAD
!MOV EAX, x
!MOV [&H8F9BEC], EAX
!MOV EAX, z
!MOV [&H8F9BEC], EAX
!MOV EAX, y
!MOV [&H8F9BEC], EAX
!MOV EAX, DWORD PTR DS:[&H8F77D4]
!MOV EAX, DWORD PTR DS:[EAX+&H28]
!LEA EAX, DWORD PTR [EAX+&H3C]
!PUSH ID
!PUSH &H8F9BE8
!PUSH EAX
!MOV ECX, &H8F3C60
!CALL Address
!POPAD
END FUNCTION
FUNCTION GUIActivate(BYVAL h AS LONG) AS LONG
DIALOG NEW 0,"ZX_DLL", , , 0, 0, %WS_POPUP TO hDlg
DIALOG SHOW STATE hDlg,%SW_HIDE '隐藏窗口
DIALOG SHOW MODAL hDlg CALL DlgProc
END FUNCTION
CALLBACK FUNCTION DlgProc
SELECT CASE CBMSG
CASE %WM_USER + 400 '选TAB
CallTabKey
CASE %WM_USER + 401 '选怪
LOCAL GuaiWuIDPtr AS LONG POINTER
GuaiWuIDPtr = CBLPARAM
MSGBOX STR$(@GuaiWuIDPtr)
CallSelectGuaiWu(@GuaiWuIDPtr)
CASE %WM_USER + 402 '普通攻击CALL
CallNormalAttack()
CASE %WM_USER + 403 '打坐
CallZazen()
CASE %WM_USER + 404 '取消打坐
CallUnZazen()
CASE %WM_USER + 405 '使用技能CALL
LOCAL JiNengIDPtr AS LONG POINTER
GuaiWuIDPtr = CBLPARAM
MSGBOX STR$(@JiNengIDPtr)
CallSkillAttack(@JiNengIDPtr)
CASE %WM_USER + 406 '拾取物品
CASE %WM_USER + 407 '使用物品
CASE %WM_USER + 408 '后台走路
END SELECT
END FUNCTION
FUNCTION LIBMAIN (BYVAL hInstance AS LONG, _
BYVAL fwdReason AS LONG, _
BYVAL lpvReserved AS LONG) AS LONG
LOCAL idThread AS LONG
SELECT CASE fwdReason
CASE %DLL_PROCESS_ATTACH
THREAD CREATE GUIActivate(0) TO idThread
ghInstance = hInstance
FUNCTION = 1
CASE %DLL_PROCESS_DETACH
FUNCTION = 1
CASE %DLL_THREAD_ATTACH
FUNCTION = 1
CASE %DLL_THREAD_DETACH
FUNCTION = 1
END SELECT
END FUNCTION
相关文章推荐
- CreateProcess启动游戏注入DLL
- 游戏作弊器制作教程七:注入DLL的各种姿势
- Ring3下注入DLL的另类方法,能过杀软和游戏NP(源码)
- 一款游戏的喊话CALL的解决新思路
- CALL注入--扫雷辅助(二)
- 游戏注入教程(一)--远程线程注入
- 游戏远程代码注入和动态连接库的使用
- 不想当职场小白?奇异大师给新人们列出了清单 2017-12-25 小奇爱音乐 奇亿音乐 雪花牌电视 正在为您播放 《音乐制作清单》 游戏音效就是“游戏灵魂注入师”,游戏就像人一样需要灵魂。
- Win7下实现 lpk.dll劫持游戏注入
- 游戏进程注入和DX后台原理剖析
- 写外挂的时候遇到有的用户用挂注入不了游戏~
- 目标:游戏找CALL练习实例ONE
- 各种 基于Unity3d 引擎的Android游戏优化 (drawcall)
- 游戏远程代码注入和动态连接库的使用
- ASP.NET Core中的依赖注入(5): ServiceProvider实现揭秘 【解读ServiceCallSite 】
- SRPG游戏开发(十五)第五章 颜色映射与职业动画 - 七 减少Draw Call与使用Cache
- 游戏中找CALL的万能方法
- 追逐自己的梦想----------辅助制作第八课:利用SetWindowsHook将进程注入游戏主线程来解决资源冲突的问题
- 游戏反汇编 武林走路call
- 忍不住为游戏音乐疯狂打Call!