- 注册时间
- 2011-3-10
- 最后登录
- 1970-1-1
该用户从未签到
|
#include "windows.h"
#include "wulinDLL.h"
HHOOK hHook=NULL;
HINSTANCE pInstance=NULL;
void selectMonster(DWORD monsterID);
void normalAttack();
void beginDaZuo();
void endDaZuo();
BOOL WINAPI DllMain(HINSTANCE hInst, DWORD ul_reason_for_call, LPVOID lpReserved)
{
pInstance = hInst;
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
break;
case DLL_THREAD_ATTACH:
break;
case DLL_PROCESS_DETACH:
break;
case DLL_THREAD_DETACH:
break;
}
return TRUE;
}
LRESULT CALLBACK getMsgProc(int nCode, WPARAM wParam, LPARAM lParam)
{
MSG msg = *(MSG *)lParam;
switch (msg.message)
{
case WM_SelectMonster:
selectMonster((DWORD)msg.wParam);
break;
case WM_NormalAttack:
normalAttack();
break;
case WM_BeginDaZuo:
beginDaZuo();
break;
case WM_EndDaZuo:
endDaZuo();
break;
}
return CallNextHookEx(hHook, nCode, wParam, lParam);
}
BOOL WINAPI startHook(DWORD threadID)
{
hHook = SetWindowsHookEx(WH_GETMESSAGE, getMsgProc, pInstance, threadID);
if (hHook == NULL) return FALSE;
return TRUE;
}
BOOL WINAPI stopHook()
{
return UnhookWindowsHookEx(hHook);
}
void selectMonster(DWORD monsterID)
{
DWORD addr = 0x0056A8B0;
_asm
{
pushad
mov eax, dword ptr [0x8d29a4]
mov esi, monsterID
push esi
mov ecx, dword ptr [eax+0x20]
add ecx, 0xd4
call addr
popad
}
}
void normalAttack()
{
DWORD addr = 0x00593290;
_asm
{
pushad
call addr
popad
}
}
void beginDaZuo()
{
DWORD addr = 0x00593910;
_asm
{
pushad
call addr
popad
}
}
void endDaZuo()
{
DWORD addr = 0x005938D0;
_asm
{
pushad
call addr
popad
}
}
}
这是个wh_getmessage的线程钩子,为啥调选怪的call时候会非法操作,武林窗口自动关闭,而其它3个call都是能用的,哪位帮忙看一下,谢谢。 |
|
发表于 2011-4-6 09:05:48
