【转】95版武林——值得收藏的代码
本帖最后由 hapi 于 2011-11-13 16:33 编辑转自懒猫blog
这是95版武林的,照抄会封号,看看理解一下;
unit pub;
interface
uses
Windows,messages,StrUtils,SysUtils;
Procedure InjectFunc(InHWND: HWND; Func: Pointer; Param: Pointer; ParamSize: DWORD);
Procedure PickWp(p:pointer); stdcall;//捡物CALL
Procedure UseWp(p:pointer); stdcall;
procedure ChooseGW(p:pointer);stdcall;
procedure xunlu(p:pointer);stdcall;
procedure goback;//回挂机点
procedure gohome;//死亡复活回城
procedure Pick;//捡物
procedure Choose(i:integer);//选怪
procedure eatHp;//吃红
procedure fast1(i:Dword); //按快捷键1~0
procedure fast2(i:Dword); //按快捷键F1~F8
procedure pushfastkey(p:pointer);Stdcall;
procedure checkBB;
var hwd:THandle;//窗口句柄
pid,hProcess,gwid,jsmTemp,zt,exp,Hys,Lys:Dword;//游戏进程id
zt2:Word;
hp,mp,maxHp,maxMp:Integer;//存放生命,真气值
gjdx,gjdy:Single; //挂机点
jlx,jly:integer;//怪与挂机点的距离
gi:integer;//怪列表项
jsm:arrayof widechar;
isInfo,isFire:boolean; //判断线程状态
const address=$12F824; //一级地址
implementation
uses unit1;
//-------------------------注入代码的函数----------------------------
{参数说明:
InHWND:被注入的窗口句柄
Func:注入的函数的指针
Param:参数的指针
ParamSize:参数的大小
}
Procedure InjectFunc(InHWND: HWND; Func: Pointer; Param: Pointer; ParamSize: DWORD);
var
hProcess_N: THandle;
ThreadAdd, ParamAdd: Pointer;
hThread: THandle;
ThreadID: DWORD;
lpNumberOfBytes:DWORD;
begin
GetWindowThreadProcessId(InHWND, @ThreadID);
hProcess_N := OpenProcess(PROCESS_ALL_ACCESS, False, ThreadID);//打开被注入的进程
ThreadAdd := VirtualAllocEx(hProcess_N, nil, 4096, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hProcess_N, ThreadAdd, Func, 4096, lpNumberOfBytes); //写入函数地址
ParamAdd := VirtualAllocEx(hProcess_N, nil, ParamSize, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hProcess_N, ParamAdd, Param, ParamSize, lpNumberOfBytes); //写入参数地址
hThread := CreateRemoteThread(hProcess_N, nil, 0, ThreadAdd, ParamAdd, 0, lpNumberOfBytes); //创建远程线程
WaitForSingleObject(hThread, INFINITE);//等待线程结束
VirtualFreeEx(hProcess_N, ThreadAdd, 4096, MEM_RELEASE);
VirtualFreeEx(hProcess_N, ParamAdd, ParamSize, MEM_RELEASE); //释放申请的地址
CloseHandle(hThread);
CloseHandle(hProcess_N); //关闭打开的句柄
end;
//使用物品
Procedure UseWp(p:pointer); stdcall;
var addr:Dword;
begin
addr:=$0056FB80;
asm
pushad;
mov eax, dword ptr [$8EC9C4]
mov esi, dword ptr
push 1
mov edx,p
mov eax,
mov edx,
push edx //ID同捡物的+110
push eax //位置
push 0
lea ecx, dword ptr
call addr
popad;
end;
end;
//捡取物品call
Procedure PickWp(p:pointer); stdcall;
var Address:Dword;
begin
Address :=$56FD50;
asm
pushad
mov edx,p
mov eax,
push eax //压入物品系统ID
mov edx,
push edx //压入物品ID
mov ecx, dword ptr [$8EC9C4]
mov ecx, dword ptr
add ecx, $D4
call Address
popad;
end;
end;
procedure Pick;
type
pPickup = ^Pickup;//定义指针
Pickup = packed record
sid:Dword ; //物品系统ID
id: Dword; //物品ID
end;
var picktime:integer;
mypickup:Pickup;
base,gbase,dmbase,point,wpid,sysid,i:dword;
num:Cardinal;
begin
picktime:=0;
ReadProcessMemory(hProcess,pointer(address),@base, 4, num);
ReadProcessMemory(hProcess,pointer(base + $8), @base, 4, num);
ReadProcessMemory(hProcess,pointer(base + $24), @gbase, 4, num);
ReadProcessMemory(hProcess,pointer(gbase + $18), @gbase, 4, num);
for i:=0 to 768 do
begin
ReadProcessMemory(hProcess,pointer(gbase + i*4), @dmbase, 4, num);
if dmbase>0 then
begin
ReadProcessMemory(hProcess,pointer(dmbase + $4), @point, 4, num);
ReadProcessMemory(hProcess,pointer(point + $110), @wpid, 4, num);
ReadProcessMemory(hProcess,pointer(point + $10c), @sysid, 4, num);
form1.list1.AddItem (inttostr(wpid),form1.list1);//添加地面物品ID到列表1
form1.list2.AddItem (inttostr(sysid),form1.list2);//添加物品的系统ID到列表2
end;
end;
//---------------物品列表读取完毕,开始捡物------------------------
if (form1.list1.Items.count>0) and (form1.list2.Items.count>0)then//若地上有物品则开始捡物
begin
repeat
for i:=form1.list1.Items.Count-1 downto 0 do
begin
mypickup.id:=strtoint(form1.list1.Items);
mypickup.sid:=StrToInt64(form1.list2.Items);
if (mypickup.id>0) and (mypickup.sid>0) then
begin
injectfunc(hwd,@Pickwp,@MyPickup,8);//捡物call
picktime:=picktime+1;
sleep(100);
end;
end;
until (form1.list1.Items.Count=0) or (picktime>form1.List3.Items.Count-1);//控制捡物次数
//---------------捡物完毕,清空物品列表------------------------
form1.list1.Clear;
form1.list2.Clear;
end;
end;
//选怪call
procedure ChooseGW(p:pointer);stdcall;
var address:Dword;
begin
Address :=$56fdc0;
asm
pushad
mov esi,p//怪物ID
mov esi,
push esi
MOV ECX,DWORD PTR DS:[$8ec9c4]
MOV ECX,DWORD PTR DS:
add ecx,$D4
call address
popad
end;
end;
//选怪过程
procedure Choose(i:integer);
type
pXuanGuai = ^XuanGuai;//定义指针
XuanGuai = packed record
id: Dword;
end;
var MyXG:Xuanguai;
begin
gi:=gi+1;
if gi>form1.List3.Count-1 then gi:=0;
MyXG.id:=StrToInt64(form1.list3.Items);
injectfunc(hwd,@ChooseGW,@MyXG,8);//选怪call
sleep(500);
end;
procedure xunlu(p:pointer);stdcall;
begin
asm
pushad
mov ebx, p
mov eax, dword ptr //传X
mov [$8F2398], eax
mov eax, dword ptr //传Z
mov [$8F239C], eax
mov eax, dword ptr //传Y
mov [$8F23A0], eax
mov eax, dword ptr [$12F824]//基地址
mov eax, dword ptr
lea eax, dword ptr
mov ebx,dword ptr [$12F824]
mov ebx,dword ptr
mov ebx,dword ptr //计算出当前地图编号放入ebx
push ebx //压入地图编号
push $8F2398 //压入坐标x,y,z
push eax
mov ecx, $8EC978
mov eax, $42AA40
call eax
popad
end;
end;
procedure Pushfastkey(p:pointer);Stdcall;//快捷键call
begin
asm
mov ecx,p
mov ecx,
mov edx,
mov eax,
call eax
end;
end;
procedure gohome;//死亡复活回城
begin
CreateRemoteThread(hProcess,nil,0,Pointer($59A740),nil,0,pid);//复活回城
sleep(10000);
goback;//回挂机点
end;
procedure fast1(i:Dword); //按快捷键1~0
type
pFastKey=^FastKey;
Fastkey=packed record
keyid:Dword;
end;
var myFastKey:FastKey;
base:Dword;
num:Cardinal;
begin
ReadProcessMemory(hProcess,pointer(address),@base, 4, num);
ReadProcessMemory(hProcess,pointer(base + $24), @base, 4, num);//得到为人物基地址,方便以后使用
ReadProcessMemory(hProcess,pointer(base + $8e0), @base, 4, num);
ReadProcessMemory(hProcess,pointer(base + $C), @base, 4, num);
ReadProcessMemory(hProcess,pointer(base + 4*i), @base, 4, num);
myfastkey.keyid:=base;
if hwd<>0 then
//开始自动寻径
injectfunc(hwd,@pushfastkey,@myFastKey,4);
end;
procedure fast2(i:Dword); //按快捷键F1-F7
type
pFastKey=^FastKey;
Fastkey=packed record
keyid:Dword;
end;
var myFastKey:FastKey;
base:Dword;
num:Cardinal;
begin
ReadProcessMemory(hProcess,pointer(address),@base, 4, num);
ReadProcessMemory(hProcess,pointer(base + $24), @base, 4, num);//得到为人物基地址,方便以后使用
ReadProcessMemory(hProcess,pointer(base + $8ec), @base, 4, num);
ReadProcessMemory(hProcess,pointer(base + $C), @base, 4, num);
ReadProcessMemory(hProcess,pointer(base + 4*i), @base, 4, num);
myfastkey.keyid:=base;
if hwd<>0 then
//开始自动寻径
injectfunc(hwd,@pushfastkey,@myFastKey,4);
end;
procedure goback;//回挂机点
type
pzuobiao = ^zuobiao;//定义指针
zuobiao = packed record
x: single;
z: single; //无关紧要
y: single;
end;
var MyZuoBiao:zuobiao;
begin
MyZuoBiao.x:=gjdx;
MyZuoBiao.z:=0;
MyZuoBiao.y:=gjdy;
if hwd<>0 then
//开始自动寻径
injectfunc(hwd,@xunlu,@MyZuoBiao,12);
end; procedure eatHp;
type
pUse = ^Use;//定义指针
Use = packed record
id: Dword; //物品ID
number:Dword ; //在包中的位置
end;
var base,Baobase,BaoN,WpId,i:Dword;
num:Cardinal;
useHy:Use;//使用红药
begin
ReadProcessMemory(hProcess,pointer(address),@base, 4, num);
ReadProcessMemory(hProcess,pointer(base + $24), @base, 4, num);//得到为人物基地址,方便以后使用
ReadProcessMemory(hProcess,pointer(base + $884), @base, 4, num);
ReadProcessMemory(hProcess,pointer(base + $10), @BaoN, 4, num);//得到包包格数
//检查红药位置
for i:=0 to BaoN-1 do
begin
wpid:=0;
ReadProcessMemory(hProcess,pointer(base + $c), @Baobase, 4, num);
ReadProcessMemory(hProcess,pointer(Baobase + i*4), @Baobase, 4, num);
ReadProcessMemory(hProcess,pointer(Baobase + $8), @WpId, 4, num);//得到第I格物品的ID
if (WpId=1841) or (WpId=1842) or (WpId=1843) or (wpid=1725) or (wpid=1726)or (wpid=1727)or (wpid=1728)or (wpid=1729)or (wpid=1730)or (wpid=1731)or (wpid=1732)or (wpid=1733)or (wpid=1734) then
begin
useHy.id:=WpId;
useHy.number:=i;
break;
end;
end;
if (useHy.id<>0)then//包里存在红药,则吃红
begin
injectfunc(hwd,@UseWp,@UseHy,8);//加红call
sleep(strtoint(form1.EdtHp.Text)*1000);
end;
end;
procedure eatMp;
type
pUse = ^Use;//定义指针
Use = packed record
id: Dword; //物品ID
number:Dword ; //在包中的位置
end;
var base,Baobase,BaoN,WpId,i:Dword;
num:Cardinal;
useLy:Use;//使用蓝药
begin
ReadProcessMemory(hProcess,pointer(address),@base, 4, num);
ReadProcessMemory(hProcess,pointer(base + $24), @base, 4, num);//得到为人物基地址,方便以后使用
ReadProcessMemory(hProcess,pointer(base + $884), @base, 4, num);
ReadProcessMemory(hProcess,pointer(base + $10), @BaoN, 4, num);//得到包包格数
//检查蓝药位置
for i:=0 to BaoN-1 do
begin
wpid:=0;
ReadProcessMemory(hProcess,pointer(base + $c), @Baobase, 4, num);
ReadProcessMemory(hProcess,pointer(Baobase + i*4), @Baobase, 4, num);
ReadProcessMemory(hProcess,pointer(Baobase + $8), @WpId, 4, num);//得到第I格物品的ID
if (WpId=1736) or (WpId=1737) or (WpId=1738) or (wpid=1739) or (wpid=1740)or (wpid=1741)or (wpid=1742)or (wpid=1743)or (wpid=1744)or (wpid=1745)or (wpid=1847)or (wpid=1848) then
begin
usely.id:=WpId;
usely.number:=i;
break;
end;
end;
if (usely.id<>0)then//包里存在蓝药,则吃蓝
begin
injectfunc(hwd,@UseWp,@UseLy,8);//加蓝call
sleep(strtoint(form1.EdtMP.Text)*1000);
end;
end;
procedure checkBB; //检查药品数量
var base,Baobase,BaoN,WpId,i,HyNum,LyNum:Dword;
num:Cardinal;
begin
hys:=0;
lys:=0;
ReadProcessMemory(hProcess,pointer(address),@base, 4, num);
ReadProcessMemory(hProcess,pointer(base + $24), @base, 4, num);//得到为人物基地址,方便以后使用
ReadProcessMemory(hProcess,pointer(base + $884), @base, 4, num);
ReadProcessMemory(hProcess,pointer(base + $10), @BaoN, 4, num);//得到包包格数
//检查红药位置
for i:=0 to BaoN-1 do
begin
wpid:=0;
ReadProcessMemory(hProcess,pointer(base + $c), @Baobase, 4, num);
ReadProcessMemory(hProcess,pointer(Baobase + i*4), @Baobase, 4, num);
ReadProcessMemory(hProcess,pointer(Baobase + $8), @WpId, 4, num);//得到第I格物品的ID
ReadProcessMemory(hProcess,pointer(Baobase + $14), @hyNum, 4, num);//得到第I格物品的数量
if (WpId=1841) or (WpId=1842) or (WpId=1843) or (wpid=1725) or (wpid=1726)or (wpid=1727)or (wpid=1728)or (wpid=1729)or (wpid=1730)or (wpid=1731)or (wpid=1732)or (wpid=1733)or (wpid=1734) then
begin
hys:=hys+hyNum;
end;
end;
form1.lblHys.caption:='荭妖树:'+inttostr(hys);
//检查蓝药位置
for i:=0 to BaoN-1 do
begin
wpid:=0;
ReadProcessMemory(hProcess,pointer(base + $c), @Baobase, 4, num);
ReadProcessMemory(hProcess,pointer(Baobase + i*4), @Baobase, 4, num);
ReadProcessMemory(hProcess,pointer(Baobase + $8), @WpId, 4, num);//得到第I格物品的ID
ReadProcessMemory(hProcess,pointer(Baobase + $14), @LyNum, 4, num);//得到第I格物品的数量
if (WpId=1736) or (WpId=1737) or (WpId=1738) or (wpid=1739) or (wpid=1740)or (wpid=1741)or (wpid=1742)or (wpid=1743)or (wpid=1744)or (wpid=1745)or (wpid=1847)or (wpid=1848) then
begin
lys:=lys+LyNum;
end;
end;
form1.lblLys.caption:='篮妖树:'+inttostr(lys);
//sleep(100);
end;
end.
页:
[1]