[零基礎VB外掛] 取得遊戲進程《OP》& 血魔保護《WPM & RPM》& 寫入記憶體《WPM & AobWrite函數》
很久以前的東西了...也不是我寫得這樣
[零基礎VB外掛] 取得遊戲進程《OP》& 血魔保護《WPM & RPM》& 寫入記憶體《WPM & AobWrite函數》
調用方法:
尋找遊戲:
寫入數據:
讀取血魔值:
[零基礎VB外掛] 取得遊戲進程《OP》& 血魔保護《WPM & RPM》& 寫入記憶體《WPM & AobWrite函數》
調用方法:
尋找遊戲:
If FindGame("MapleStory") = True Then '判斷是否 MsgBox "偵測成功!", , "Successful" Else MsgBox "遊戲尚未啟動或被保護!", , "Fail" '大多線上遊戲都會保護自己的遊戲不被輕易的取得進成 End If
寫入數據:
'//Twms V1.26.1 影分身 這裡拿楓之谷動態數據"影分身"當示範 '[ENABLE] //起動 '00CE8711: //寫入位置 'db 90 D6 8D 5C D4 1C D9 A3 E6 C8 76 C5 6F E6 01 79 F0 DF 06 57 0A 37 18 5A 9A 1A BE '[DISABLE] //關閉 '00CE8711: //寫入位置 'db 90 D6 8D 78 11 32 D1 8B 90 89 C6 96 8F E6 71 C3 A1 9B 5E 0E DD F4 1A 9C 8F 16 92 If ck1.Value = 1 And FindGame("MapleStory") = True Then '判斷是否啟動遊戲和勾選狀態 kiiAob Phandle, "00CE8711", "90 D6 8D 5C D4 1C D9 A3 E6 C8 76 C5 6F E6 01 79 F0 DF 06 57 0A 37 18 5A 9A 1A BE" '記得把db去掉 Else kiiAob Phandle, "00CE8711", "90 D6 8D 78 11 32 D1 8B 90 89 C6 96 8F E6 71 C3 A1 9B 5E 0E DD F4 1A 9C 8F 16 92" End If
讀取血魔值:
Dim Hp As Long, Mp As Long, Add As Long '存放HP,MP,Add ReadProcessMemory Phandle, ByVal &HBBADC4, Add, 4, ByVal 0& '讀取Add WriteProcessMemory hProcess, ByVal &HBBADC4, 20, 1, ByVal 0& '寫入HP警告值20 WriteProcessMemory hProcess, ByVal &HBBADC4, 20, 1, ByVal 0& '寫入MP警告值20 ReadProcessMemory Phandle, ByVal Add + &H90, Hp, 4, ByVal 0& '讀取Add+HP偏移值 ReadProcessMemory Phandle, ByVal Add + &H94, Mp, 4, ByVal 0& '讀取Add+MP偏移值 lblHP = Hp lblMP = Mp
補血按鍵: If FindGame("MapleStroy") = True Then If ckHP.Value = 1 And Hp <= Val(txtHP) Then RingPst hwn, "Press", cboHP.Text If ckMP.Value = 1 And Mp <= Val(txtMP) Then RingPst hwn, "Press", cboMP.Text End If模組:modProcess
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Integer Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long Public Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long Public hwn As Long 'Handle Of Window 視窗鉤子 Public Phandle As Long 'Handle Of Process 程序鉤子 Public Pid As Long 'Process ID 程序ID Public Function FindGame(strGame As String) As Boolean hwn = FindWindow(vbNullString, strGame) '尋找遊戲視窗 GetWindowThreadProcessId hwn, Pid '取得程序ID Phandle = OpenProcess(&H1F0FFF, False, Pid) '取得遊戲進程 If hwn <> 0 Then FindGame = True '判斷並傳回是否取得進程 End Function Public Function kiiAob(hProcess As Long, Address As String, strAob As String) Dim Counts As Long, WriteCode As Long '次數 & 寫入的值 Do '迴圈 DoEvents '增加程式穩定度 On Error GoTo er: '結束後跳出 Code = Split(Trim(strAob), " ") '去除前後空白並分割字串 WriteCode = Val("&H" & Code(Counts)) '轉換成16進位 WriteProcessMemory hProcess, ByVal Val("&H" & Address) + Counts, WriteCode, 1, ByVal 0& '寫入值 Counts = Counts + 1 '寫入下一個值 Loop er: End Function模組:modPst
Public opIndex As Long Public OpCode() As Byte Dim hModuleNoFree As Long Public Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long Public Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long Public Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hwnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long Public Declare Function FreeLibrary Lib "kernel32" (ByVal hLibModule As Long) As Long Public Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (ByVal lpDest As Any, ByVal lpSource As Any, ByVal cBytes As Long) Public Declare Function PostMessage Lib "user32" Alias "PostMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long Public Declare Function ShellExecute Lib "shell32.dll" Alias "ShellExecuteA" (ByVal hwnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long Public Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long) Public Declare Function MapVirtualKey Lib "user32" Alias "MapVirtualKeyA" (ByVal wCode As Long, ByVal wMapType As Long) As Long Public Function RingPst(handle As Long, KeyType As String, KeyCode As String) Dim KeyValue As Long KeyValue = 0 ' '判斷按鍵並轉換成code If KeyCode = "Left" Then KeyValue = &H25 If KeyCode = "Up" Then KeyValue = &H26 If KeyCode = "Right" Then KeyValue = &H27 If KeyCode = "Down" Then KeyValue = &H28 If KeyCode = "Enter" Then KeyValue = &HD If KeyCode = "Shift" Then KeyValue = &H10 If KeyCode = "Ctrl" Then KeyValue = &H11 If KeyCode = "Alt" Then KeyValue = &H12 If KeyCode = "Space" Then KeyValue = &H20 If KeyCode = "PageUp" Then KeyValue = &H21 If KeyCode = "PageDown" Then KeyValue = &H22 If KeyCode = "End" Then KeyValue = &H23 If KeyCode = "Home" Then KeyValue = &H24 If KeyCode = "Insert" Then KeyValue = &H2D If KeyCode = "Delete" Then KeyValue = &H2E If KeyCode = "0" Then KeyValue = &H30 If KeyCode = "1" Then KeyValue = &H31 If KeyCode = "2" Then KeyValue = &H32 If KeyCode = "3" Then KeyValue = &H33 If KeyCode = "4" Then KeyValue = &H34 If KeyCode = "5" Then KeyValue = &H35 If KeyCode = "6" Then KeyValue = &H36 If KeyCode = "7" Then KeyValue = &H37 If KeyCode = "8" Then KeyValue = &H38 If KeyCode = "9" Then KeyValue = &H39 If KeyCode = "A" Then KeyValue = &H41 If KeyCode = "B" Then KeyValue = &H42 If KeyCode = "C" Then KeyValue = &H43 If KeyCode = "D" Then KeyValue = &H44 If KeyCode = "E" Then KeyValue = &H45 If KeyCode = "F" Then KeyValue = &H46 If KeyCode = "G" Then KeyValue = &H47 If KeyCode = "H" Then KeyValue = &H48 If KeyCode = "I" Then KeyValue = &H49 If KeyCode = "J" Then KeyValue = &H4A If KeyCode = "K" Then KeyValue = &H4B If KeyCode = "L" Then KeyValue = &H4C If KeyCode = "M" Then KeyValue = &H4D If KeyCode = "N" Then KeyValue = &H4E If KeyCode = "O" Then KeyValue = &H4F If KeyCode = "P" Then KeyValue = &H50 If KeyCode = "Q" Then KeyValue = &H51 If KeyCode = "R" Then KeyValue = &H52 If KeyCode = "S" Then KeyValue = &H53 If KeyCode = "T" Then KeyValue = &H54 If KeyCode = "U" Then KeyValue = &H55 If KeyCode = "V" Then KeyValue = &H56 If KeyCode = "W" Then KeyValue = &H57 If KeyCode = "X" Then KeyValue = &H58 If KeyCode = "Y" Then KeyValue = &H59 If KeyCode = "Z" Then KeyValue = &H5A If KeyCode = "F1" Then KeyValue = &H70 If KeyCode = "F2" Then KeyValue = &H71 If KeyCode = "F3" Then KeyValue = &H72 If KeyCode = "F4" Then KeyValue = &H73 If KeyCode = "F5" Then KeyValue = &H74 If KeyCode = "F6" Then KeyValue = &H75 If KeyCode = "F7" Then KeyValue = &H76 If KeyCode = "F8" Then KeyValue = &H77 If KeyCode = "F9" Then KeyValue = &H78 If KeyCode = "F10" Then KeyValue = &H79 If KeyCode = "F11" Then KeyValue = &H7A If KeyCode = "F12" Then KeyValue = &H7B If KeyCode = "無" Then KeyValue = 0 '判斷按件格式 Select Case KeyType Case "Press" '按下彈起 rundll32 "user32", "PostMessageA", handle, &H100, KeyValue, MakeKeyLparam(KeyValue, &H100) rundll32 "user32", "PostMessageA", handle, &H101, KeyValue, MakeKeyLparam(KeyValue, &H101) Case "Down" '按下 rundll32 "user32", "PostMessageA", handle, &H100, KeyValue, MakeKeyLparam(KeyValue, &H100) Case "Up" '彈起 rundll32 "user32", "PostMessageA", handle, &H101, KeyValue, MakeKeyLparam(KeyValue, &H101) End Select End Function Function MakeKeyLparam(ByVal VirtualKey As Long, ByVal flag As Long) As Long '參數VirtualKey表示按鍵虛擬碼,flag表示是按下鍵還是釋放鍵,用WM_KEYDOWN和WM_KEYUP這兩個常數表示 Dim s As String Dim Firstbyte As String 'lparam參數的24-31位 If flag = WM_KEYDOWN Then '如果是按下鍵 Firstbyte = "00" Else Firstbyte = "C0" '如果是釋放鍵 End If Dim Scancode As Long '獲得鍵的掃描碼 Scancode = MapVirtualKey(VirtualKey, 0) Dim Secondbyte As String 'lparam參數的16-23位元,即虛擬鍵掃描碼 Secondbyte = Right("00" & Hex(Scancode), 2) s = Firstbyte & Secondbyte & "0001" '0001為lparam參數的0-15位,即發送次數和其他擴展資訊 MakeKeyLparam = Val("&H" & s) End Function Public Sub AddByteToCode(bData As Byte) OpCode(opIndex) = bData opIndex = opIndex + 1 End Sub Public Sub AddLongToCode(lData As Long) CopyMemory VarPtr(OpCode(opIndex)), VarPtr(lData), 4 opIndex = opIndex + 4 End Sub '將Integer型態的變數寫到OpCode種 Public Sub AddIntToCode(iData As Byte) CopyMemory VarPtr(OpCode(opIndex)), VarPtr(iData), 2 opIndex = opIndex + 2 End Sub Public Function RunDll32NoFree(LibFileName As String, ProcName As String, ParamArray Params()) As Long Dim hProc As Long Dim hModule As Long Dim i As Long, CodeStar As Long ReDim OpCode(400 + 6 * UBound(Params)) '保留用來寫OPCODE '讀取模組 If hModuleNoFree <> 0 Then hModule = hModuleNoFree Else hModule = LoadLibrary(ByVal LibFileName) If hModule = 0 Then MsgBox "Library讀取失敗" Exit Function End If hModuleNoFree = hModule End If '取得函數位址 hProc = GetProcAddress(hModule, ByVal ProcName) If hProc = 0 Then MsgBox "函數讀取失敗", vbCritical FreeLibrary hModule Exit Function End If '---以下為Assembly-- '程式起始位址必須是16的倍數 CodeStar = (VarPtr(OpCode(0)) Or &HF) + 1 opIndex = CodeStar - VarPtr(OpCode(0)) '程式開始的元素位置 '前端部份以中斷點填滿 For i = 0 To opIndex - 1 OpCode(i) = &HCC 'int 3 Next '--------以下開始放入所需的程式---------- '將參數push到堆疊 '由於是STDCall CALL 參數由最後一個開始放到堆疊 For i = UBound(Params) To 0 Step -1 AddByteToCode &H68 'push AddLongToCode CLng(Params(i)) '參數位址 Next i 'call hProc AddByteToCode &HE8 'call AddLongToCode hProc - VarPtr(OpCode(opIndex)) - 4 '函數位址 用call的定址 '-----------結束所需的程式-------------- '返回呼叫函數 AddByteToCode &HC2 'ret 10h AddByteToCode &H10 AddByteToCode &H0 '執行剛剛寫完的Assembly Code RunDll32NoFree = CallWindowProc(CodeStar, 0, 1, 2, 3) 'FreeLibrary hModule '釋放模組 End Function Public Function rundll32(LibFileName As String, ProcName As String, ParamArray Params()) As Long Dim hProc As Long Dim hModule As Long Dim i As Long, CodeStar As Long ReDim OpCode(400 + 6 * UBound(Params)) '保留用來寫OPCODE '讀取模組 hModule = LoadLibrary(ByVal LibFileName) If hModule = 0 Then MsgBox "Library讀取失敗" Exit Function End If '取得函數位址 hProc = GetProcAddress(hModule, ByVal ProcName) If hProc = 0 Then MsgBox "函數讀取失敗", vbCritical FreeLibrary hModule Exit Function End If '---以下為Assembly-- '程式起始位址必須是16的倍數 CodeStar = (VarPtr(OpCode(0)) Or &HF) + 1 opIndex = CodeStar - VarPtr(OpCode(0)) '程式開始的元素位置 '前端部份以中斷點填滿 For i = 0 To opIndex - 1 OpCode(i) = &HCC 'int 3 Next '--------以下開始放入所需的程式---------- '將參數push到堆疊 '由於是STDCall CALL 參數由最後一個開始放到堆疊 For i = UBound(Params) To 0 Step -1 AddByteToCode &H68 'push AddLongToCode CLng(Params(i)) '參數位址 Next i 'call hProc AddByteToCode &H68 '// push AddLongToCode VarPtr(OpCode(opIndex)) + 5 + 4 + 5 '// add 5 bytes AddByteToCode &H8B AddByteToCode &HFF '// mov edi,edi AddByteToCode &H55 '// push ebp AddByteToCode &H8B AddByteToCode &HEC '// mov ebp,esp AddByteToCode &HE9 AddLongToCode hProc - VarPtr(OpCode(opIndex)) + 1 '函數位址 用call的定址 'AddByteToCode &HE8 'call 'AddLongToCode hProc - VarPtr(OpCode(opIndex)) - 4 '函數位址 用call的定址 '-----------結束所需的程式-------------- '返回呼叫函數 AddByteToCode &HC2 'ret 10h AddByteToCode &H10 AddByteToCode &H0 '執行剛剛寫完的Assembly Code rundll32 = CallWindowProc(CodeStar, 0, 1, 2, 3) FreeLibrary hModule '釋放模組 End Function Public Function RunDll32Add5(LibFileName As String, ProcName As String, ParamArray Params()) As Long Dim hProc As Long Dim hModule As Long Dim i As Long, CodeStar As Long ReDim OpCode(400 + 6 * UBound(Params)) '保留用來寫OPCODE '讀取模組 hModule = LoadLibrary(ByVal LibFileName) If hModule = 0 Then MsgBox "Library讀取失敗" Exit Function End If '取得函數位址 hProc = GetProcAddress(hModule, ByVal ProcName) If hProc = 0 Then MsgBox "函數讀取失敗", vbCritical FreeLibrary hModule Exit Function End If '---以下為Assembly-- '程式起始位址必須是16的倍數 CodeStar = (VarPtr(OpCode(0)) Or &HF) + 1 opIndex = CodeStar - VarPtr(OpCode(0)) '程式開始的元素位置 '前端部份以中斷點填滿 For i = 0 To opIndex - 1 OpCode(i) = &HCC 'int 3 Next '--------以下開始放入所需的程式---------- '將參數push到堆疊 '由於是STDCall CALL 參數由最後一個開始放到堆疊 For i = UBound(Params) To 0 Step -1 AddByteToCode &H68 'push AddLongToCode CLng(Params(i)) '參數位址 Next i 'call hProc AddByteToCode &H68 '// push AddLongToCode VarPtr(OpCode(opIndex)) + 5 + 4 + 5 '// add 5 bytes AddByteToCode &H8B AddByteToCode &HFF '// mov edi,edi AddByteToCode &H55 '// push ebp AddByteToCode &H8B AddByteToCode &HEC '// mov ebp,esp AddByteToCode &HE9 AddLongToCode hProc - VarPtr(OpCode(opIndex)) + 1 '函數位址 用call的定址 'AddByteToCode &HE8 'call 'AddLongToCode hProc - VarPtr(OpCode(opIndex)) - 4 '函數位址 用call的定址 '-----------結束所需的程式-------------- '返回呼叫函數 AddByteToCode &HC2 'ret 10h AddByteToCode &H10 AddByteToCode &H0 '執行剛剛寫完的Assembly Code RunDll32Add5 = CallWindowProc(CodeStar, 0, 1, 2, 3) FreeLibrary hModule '釋放模組 End Function Function AddKey(ByRef myCombo As ComboBox) '新增按鍵函數 With myCombo .AddItem "無" .AddItem "Enter" .AddItem "Shift" .AddItem "Ctrl" .AddItem "Alt" .AddItem "Space" .AddItem "PageUp" .AddItem "PageDown" .AddItem "Insert" .AddItem "Delete" .AddItem "Home" .AddItem "End" .AddItem "Left" .AddItem "Up" .AddItem "Right" .AddItem "Down" .AddItem "A" .AddItem "B" .AddItem "C" .AddItem "D" .AddItem "E" .AddItem "F" .AddItem "G" .AddItem "H" .AddItem "I" .AddItem "J" .AddItem "K" .AddItem "L" .AddItem "M" .AddItem "N" .AddItem "O" .AddItem "P" .AddItem "Q" .AddItem "R" .AddItem "S" .AddItem "T" .AddItem "U" .AddItem "V" .AddItem "W" .AddItem "X" .AddItem "Y" .AddItem "Z" .AddItem "0" .AddItem "1" .AddItem "2" .AddItem "3" .AddItem "4" .AddItem "5" .AddItem "6" .AddItem "7" .AddItem "8" .AddItem "9" .AddItem "F1" .AddItem "F2" .AddItem "F3" .AddItem "F4" .AddItem "F5" .AddItem "F6" .AddItem "F7" .AddItem "F8" .AddItem "F9" .AddItem "F10" .AddItem "F11" .AddItem "F12" End With Key = "無" End Function
洋蔥 既然...這文章又復活了ˊ
回覆刪除我看午也因該把楓之谷小黑 給整理一夏程式碼 分出來好了...
大大加油
回覆刪除請問一下可以幫忙轉成VB.NET的嗎?
回覆刪除VB.NET這類的資訊特別少...大多都是VB6的..
(尤其是某大大發的clsHack)
可以給源碼??
回覆刪除洋蔥大大:
回覆刪除不知可否請教您…,如果想把ICS的數據寫入VB中的話,應該要如何處理????
不知道洋蔥大可否分享相關教學???
感恩~~~~~~