[零基礎VB外掛] 取得遊戲進程《OP》& 血魔保護《WPM & RPM》& 寫入記憶體《WPM & AobWrite函數》

很久以前的東西了...也不是我寫得這樣
[零基礎VB外掛] 取得遊戲進程《OP》& 血魔保護《WPM & RPM》& 寫入記憶體《WPM & AobWrite函數》

調用方法:

尋找遊戲:
If FindGame("MapleStory") = True Then '判斷是否
    MsgBox "偵測成功!", , "Successful"
Else
    MsgBox "遊戲尚未啟動或被保護!", , "Fail"
    '大多線上遊戲都會保護自己的遊戲不被輕易的取得進成
End If

寫入數據:
'//Twms V1.26.1 影分身 這裡拿楓之谷動態數據"影分身"當示範
'[ENABLE] //起動
'00CE8711: //寫入位置
'db 90 D6 8D 5C D4 1C D9 A3 E6 C8 76 C5 6F E6 01 79 F0 DF 06 57 0A 37 18 5A 9A 1A BE
'[DISABLE] //關閉
'00CE8711: //寫入位置
'db 90 D6 8D 78 11 32 D1 8B 90 89 C6 96 8F E6 71 C3 A1 9B 5E 0E DD F4 1A 9C 8F 16 92
If ck1.Value = 1 And FindGame("MapleStory") = True Then '判斷是否啟動遊戲和勾選狀態
kiiAob Phandle, "00CE8711", "90 D6 8D 5C D4 1C D9 A3 E6 C8 76 C5 6F E6 01 79 F0 DF 06 57 0A 37 18 5A 9A 1A BE"
                            '記得把db去掉
Else
kiiAob Phandle, "00CE8711", "90 D6 8D 78 11 32 D1 8B 90 89 C6 96 8F E6 71 C3 A1 9B 5E 0E DD F4 1A 9C 8F 16 92"
End If

讀取血魔值:
Dim Hp As Long, Mp As Long, Add As Long '存放HP,MP,Add

    ReadProcessMemory Phandle, ByVal &HBBADC4, Add, 4, ByVal 0&     '讀取Add
    WriteProcessMemory hProcess, ByVal &HBBADC4, 20, 1, ByVal 0&   '寫入HP警告值20
    WriteProcessMemory hProcess, ByVal &HBBADC4, 20, 1, ByVal 0&   '寫入MP警告值20
    ReadProcessMemory Phandle, ByVal Add + &H90, Hp, 4, ByVal 0& '讀取Add+HP偏移值
    ReadProcessMemory Phandle, ByVal Add + &H94, Mp, 4, ByVal 0& '讀取Add+MP偏移值

lblHP = Hp
lblMP = Mp
補血按鍵:
If FindGame("MapleStroy") = True Then
    If ckHP.Value = 1 And Hp <= Val(txtHP) Then RingPst hwn, "Press", cboHP.Text
    If ckMP.Value = 1 And Mp <= Val(txtMP) Then RingPst hwn, "Press", cboMP.Text
End If
模組:modProcess
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Integer

Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long

Public hwn      As Long 'Handle Of Window 視窗鉤子
Public Phandle  As Long 'Handle Of Process 程序鉤子
Public Pid      As Long 'Process ID 程序ID

Public Function FindGame(strGame As String) As Boolean
hwn = FindWindow(vbNullString, strGame) '尋找遊戲視窗
GetWindowThreadProcessId hwn, Pid '取得程序ID
Phandle = OpenProcess(&H1F0FFF, False, Pid) '取得遊戲進程
If hwn <> 0 Then FindGame = True '判斷並傳回是否取得進程
End Function

Public Function kiiAob(hProcess As Long, Address As String, strAob As String)
Dim Counts As Long, WriteCode As Long '次數 & 寫入的值
Do '迴圈
DoEvents '增加程式穩定度
On Error GoTo er: '結束後跳出
Code = Split(Trim(strAob), " ") '去除前後空白並分割字串
WriteCode = Val("&H" & Code(Counts)) '轉換成16進位
WriteProcessMemory hProcess, ByVal Val("&H" & Address) + Counts, WriteCode, 1, ByVal 0& '寫入值
Counts = Counts + 1 '寫入下一個值
Loop
er:
End Function
模組:modPst
Public opIndex As Long
Public OpCode() As Byte
Dim hModuleNoFree As Long
Public Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long
Public Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Public Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hwnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Public Declare Function FreeLibrary Lib "kernel32" (ByVal hLibModule As Long) As Long
Public Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (ByVal lpDest As Any, ByVal lpSource As Any, ByVal cBytes As Long)
Public Declare Function PostMessage Lib "user32" Alias "PostMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long
Public Declare Function ShellExecute Lib "shell32.dll" Alias "ShellExecuteA" (ByVal hwnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)
Public Declare Function MapVirtualKey Lib "user32" Alias "MapVirtualKeyA" (ByVal wCode As Long, ByVal wMapType As Long) As Long

Public Function RingPst(handle As Long, KeyType As String, KeyCode As String)

Dim KeyValue As Long
KeyValue = 0 '
'判斷按鍵並轉換成code
If KeyCode = "Left" Then KeyValue = &H25
If KeyCode = "Up" Then KeyValue = &H26
If KeyCode = "Right" Then KeyValue = &H27
If KeyCode = "Down" Then KeyValue = &H28
If KeyCode = "Enter" Then KeyValue = &HD
If KeyCode = "Shift" Then KeyValue = &H10
If KeyCode = "Ctrl" Then KeyValue = &H11
If KeyCode = "Alt" Then KeyValue = &H12
If KeyCode = "Space" Then KeyValue = &H20
If KeyCode = "PageUp" Then KeyValue = &H21
If KeyCode = "PageDown" Then KeyValue = &H22
If KeyCode = "End" Then KeyValue = &H23
If KeyCode = "Home" Then KeyValue = &H24
If KeyCode = "Insert" Then KeyValue = &H2D
If KeyCode = "Delete" Then KeyValue = &H2E
If KeyCode = "0" Then KeyValue = &H30
If KeyCode = "1" Then KeyValue = &H31
If KeyCode = "2" Then KeyValue = &H32
If KeyCode = "3" Then KeyValue = &H33
If KeyCode = "4" Then KeyValue = &H34
If KeyCode = "5" Then KeyValue = &H35
If KeyCode = "6" Then KeyValue = &H36
If KeyCode = "7" Then KeyValue = &H37
If KeyCode = "8" Then KeyValue = &H38
If KeyCode = "9" Then KeyValue = &H39
If KeyCode = "A" Then KeyValue = &H41
If KeyCode = "B" Then KeyValue = &H42
If KeyCode = "C" Then KeyValue = &H43
If KeyCode = "D" Then KeyValue = &H44
If KeyCode = "E" Then KeyValue = &H45
If KeyCode = "F" Then KeyValue = &H46
If KeyCode = "G" Then KeyValue = &H47
If KeyCode = "H" Then KeyValue = &H48
If KeyCode = "I" Then KeyValue = &H49
If KeyCode = "J" Then KeyValue = &H4A
If KeyCode = "K" Then KeyValue = &H4B
If KeyCode = "L" Then KeyValue = &H4C
If KeyCode = "M" Then KeyValue = &H4D
If KeyCode = "N" Then KeyValue = &H4E
If KeyCode = "O" Then KeyValue = &H4F
If KeyCode = "P" Then KeyValue = &H50
If KeyCode = "Q" Then KeyValue = &H51
If KeyCode = "R" Then KeyValue = &H52
If KeyCode = "S" Then KeyValue = &H53
If KeyCode = "T" Then KeyValue = &H54
If KeyCode = "U" Then KeyValue = &H55
If KeyCode = "V" Then KeyValue = &H56
If KeyCode = "W" Then KeyValue = &H57
If KeyCode = "X" Then KeyValue = &H58
If KeyCode = "Y" Then KeyValue = &H59
If KeyCode = "Z" Then KeyValue = &H5A
If KeyCode = "F1" Then KeyValue = &H70
If KeyCode = "F2" Then KeyValue = &H71
If KeyCode = "F3" Then KeyValue = &H72
If KeyCode = "F4" Then KeyValue = &H73
If KeyCode = "F5" Then KeyValue = &H74
If KeyCode = "F6" Then KeyValue = &H75
If KeyCode = "F7" Then KeyValue = &H76
If KeyCode = "F8" Then KeyValue = &H77
If KeyCode = "F9" Then KeyValue = &H78
If KeyCode = "F10" Then KeyValue = &H79
If KeyCode = "F11" Then KeyValue = &H7A
If KeyCode = "F12" Then KeyValue = &H7B
If KeyCode = "無" Then KeyValue = 0

'判斷按件格式
Select Case KeyType
    Case "Press" '按下彈起
        rundll32 "user32", "PostMessageA", handle, &H100, KeyValue, MakeKeyLparam(KeyValue, &H100)
        rundll32 "user32", "PostMessageA", handle, &H101, KeyValue, MakeKeyLparam(KeyValue, &H101)
    Case "Down" '按下
        rundll32 "user32", "PostMessageA", handle, &H100, KeyValue, MakeKeyLparam(KeyValue, &H100)
    Case "Up" '彈起
        rundll32 "user32", "PostMessageA", handle, &H101, KeyValue, MakeKeyLparam(KeyValue, &H101)
End Select

End Function

Function MakeKeyLparam(ByVal VirtualKey As Long, ByVal flag As Long) As Long
'參數VirtualKey表示按鍵虛擬碼,flag表示是按下鍵還是釋放鍵,用WM_KEYDOWN和WM_KEYUP這兩個常數表示
Dim s As String
Dim Firstbyte As String 'lparam參數的24-31位
If flag = WM_KEYDOWN Then '如果是按下鍵
Firstbyte = "00"
Else
Firstbyte = "C0" '如果是釋放鍵
End If
Dim Scancode As Long
'獲得鍵的掃描碼
Scancode = MapVirtualKey(VirtualKey, 0)
Dim Secondbyte As String 'lparam參數的16-23位元,即虛擬鍵掃描碼
Secondbyte = Right("00" & Hex(Scancode), 2)
s = Firstbyte & Secondbyte & "0001" '0001為lparam參數的0-15位,即發送次數和其他擴展資訊
MakeKeyLparam = Val("&H" & s)
End Function

Public Sub AddByteToCode(bData As Byte)
    OpCode(opIndex) = bData
    opIndex = opIndex + 1
End Sub
Public Sub AddLongToCode(lData As Long)
    CopyMemory VarPtr(OpCode(opIndex)), VarPtr(lData), 4
    opIndex = opIndex + 4
End Sub

'將Integer型態的變數寫到OpCode種
Public Sub AddIntToCode(iData As Byte)
    CopyMemory VarPtr(OpCode(opIndex)), VarPtr(iData), 2
    opIndex = opIndex + 2
End Sub
Public Function RunDll32NoFree(LibFileName As String, ProcName As String, ParamArray Params()) As Long
Dim hProc As Long
Dim hModule As Long

Dim i As Long, CodeStar As Long
ReDim OpCode(400 + 6 * UBound(Params)) '保留用來寫OPCODE
'讀取模組
If hModuleNoFree <> 0 Then
    hModule = hModuleNoFree
Else
    hModule = LoadLibrary(ByVal LibFileName)
    If hModule = 0 Then
        MsgBox "Library讀取失敗"
        Exit Function
    End If
    hModuleNoFree = hModule
End If

'取得函數位址
hProc = GetProcAddress(hModule, ByVal ProcName)
If hProc = 0 Then
   MsgBox "函數讀取失敗", vbCritical
   FreeLibrary hModule
   Exit Function
End If

'---以下為Assembly--

'程式起始位址必須是16的倍數
CodeStar = (VarPtr(OpCode(0)) Or &HF) + 1

opIndex = CodeStar - VarPtr(OpCode(0)) '程式開始的元素位置

'前端部份以中斷點填滿
For i = 0 To opIndex - 1
    OpCode(i) = &HCC 'int 3
Next

'--------以下開始放入所需的程式----------

'將參數push到堆疊
'由於是STDCall CALL 參數由最後一個開始放到堆疊
For i = UBound(Params) To 0 Step -1
   AddByteToCode &H68 'push
   AddLongToCode CLng(Params(i))  '參數位址
Next i

'call hProc
AddByteToCode &HE8 'call
AddLongToCode hProc - VarPtr(OpCode(opIndex)) - 4 '函數位址 用call的定址

'-----------結束所需的程式--------------

'返回呼叫函數
AddByteToCode &HC2 'ret 10h
AddByteToCode &H10
AddByteToCode &H0

'執行剛剛寫完的Assembly Code
RunDll32NoFree = CallWindowProc(CodeStar, 0, 1, 2, 3)

'FreeLibrary hModule '釋放模組
End Function

Public Function rundll32(LibFileName As String, ProcName As String, ParamArray Params()) As Long
Dim hProc As Long
Dim hModule As Long

Dim i As Long, CodeStar As Long
ReDim OpCode(400 + 6 * UBound(Params)) '保留用來寫OPCODE
'讀取模組
hModule = LoadLibrary(ByVal LibFileName)
If hModule = 0 Then
    MsgBox "Library讀取失敗"
    Exit Function
End If

'取得函數位址
hProc = GetProcAddress(hModule, ByVal ProcName)
If hProc = 0 Then
   MsgBox "函數讀取失敗", vbCritical
   FreeLibrary hModule
   Exit Function
End If

'---以下為Assembly--

'程式起始位址必須是16的倍數
CodeStar = (VarPtr(OpCode(0)) Or &HF) + 1

opIndex = CodeStar - VarPtr(OpCode(0)) '程式開始的元素位置

'前端部份以中斷點填滿
For i = 0 To opIndex - 1
    OpCode(i) = &HCC 'int 3
Next

'--------以下開始放入所需的程式----------

'將參數push到堆疊
'由於是STDCall CALL 參數由最後一個開始放到堆疊
For i = UBound(Params) To 0 Step -1
   AddByteToCode &H68 'push
   AddLongToCode CLng(Params(i))  '參數位址
Next i

'call hProc
AddByteToCode &H68  '// push
AddLongToCode VarPtr(OpCode(opIndex)) + 5 + 4 + 5

'// add 5 bytes
AddByteToCode &H8B
AddByteToCode &HFF  '// mov edi,edi
AddByteToCode &H55  '// push ebp
AddByteToCode &H8B
AddByteToCode &HEC  '// mov ebp,esp

AddByteToCode &HE9
AddLongToCode hProc - VarPtr(OpCode(opIndex)) + 1 '函數位址 用call的定址

'AddByteToCode &HE8 'call
'AddLongToCode hProc - VarPtr(OpCode(opIndex)) - 4 '函數位址 用call的定址

'-----------結束所需的程式--------------

'返回呼叫函數
AddByteToCode &HC2 'ret 10h
AddByteToCode &H10
AddByteToCode &H0

'執行剛剛寫完的Assembly Code
rundll32 = CallWindowProc(CodeStar, 0, 1, 2, 3)

FreeLibrary hModule '釋放模組
End Function

Public Function RunDll32Add5(LibFileName As String, ProcName As String, ParamArray Params()) As Long
Dim hProc As Long
Dim hModule As Long

Dim i As Long, CodeStar As Long
ReDim OpCode(400 + 6 * UBound(Params)) '保留用來寫OPCODE
'讀取模組
hModule = LoadLibrary(ByVal LibFileName)
If hModule = 0 Then
    MsgBox "Library讀取失敗"
    Exit Function
End If

'取得函數位址
hProc = GetProcAddress(hModule, ByVal ProcName)
If hProc = 0 Then
   MsgBox "函數讀取失敗", vbCritical
   FreeLibrary hModule
   Exit Function
End If

'---以下為Assembly--

'程式起始位址必須是16的倍數
CodeStar = (VarPtr(OpCode(0)) Or &HF) + 1

opIndex = CodeStar - VarPtr(OpCode(0)) '程式開始的元素位置

'前端部份以中斷點填滿
For i = 0 To opIndex - 1
    OpCode(i) = &HCC 'int 3
Next

'--------以下開始放入所需的程式----------

'將參數push到堆疊
'由於是STDCall CALL 參數由最後一個開始放到堆疊
For i = UBound(Params) To 0 Step -1
   AddByteToCode &H68 'push
   AddLongToCode CLng(Params(i))  '參數位址
Next i

'call hProc
AddByteToCode &H68  '// push
AddLongToCode VarPtr(OpCode(opIndex)) + 5 + 4 + 5

'// add 5 bytes
AddByteToCode &H8B
AddByteToCode &HFF  '// mov edi,edi
AddByteToCode &H55  '// push ebp
AddByteToCode &H8B
AddByteToCode &HEC  '// mov ebp,esp

AddByteToCode &HE9
AddLongToCode hProc - VarPtr(OpCode(opIndex)) + 1 '函數位址 用call的定址

'AddByteToCode &HE8 'call
'AddLongToCode hProc - VarPtr(OpCode(opIndex)) - 4 '函數位址 用call的定址

'-----------結束所需的程式--------------

'返回呼叫函數
AddByteToCode &HC2 'ret 10h
AddByteToCode &H10
AddByteToCode &H0

'執行剛剛寫完的Assembly Code
RunDll32Add5 = CallWindowProc(CodeStar, 0, 1, 2, 3)

FreeLibrary hModule '釋放模組
End Function

Function AddKey(ByRef myCombo As ComboBox) '新增按鍵函數
With myCombo
.AddItem "無"
.AddItem "Enter"
.AddItem "Shift"
.AddItem "Ctrl"
.AddItem "Alt"
.AddItem "Space"
.AddItem "PageUp"
.AddItem "PageDown"
.AddItem "Insert"
.AddItem "Delete"
.AddItem "Home"
.AddItem "End"
.AddItem "Left"
.AddItem "Up"
.AddItem "Right"
.AddItem "Down"
.AddItem "A"
.AddItem "B"
.AddItem "C"
.AddItem "D"
.AddItem "E"
.AddItem "F"
.AddItem "G"
.AddItem "H"
.AddItem "I"
.AddItem "J"
.AddItem "K"
.AddItem "L"
.AddItem "M"
.AddItem "N"
.AddItem "O"
.AddItem "P"
.AddItem "Q"
.AddItem "R"
.AddItem "S"
.AddItem "T"
.AddItem "U"
.AddItem "V"
.AddItem "W"
.AddItem "X"
.AddItem "Y"
.AddItem "Z"
.AddItem "0"
.AddItem "1"
.AddItem "2"
.AddItem "3"
.AddItem "4"
.AddItem "5"
.AddItem "6"
.AddItem "7"
.AddItem "8"
.AddItem "9"
.AddItem "F1"
.AddItem "F2"
.AddItem "F3"
.AddItem "F4"
.AddItem "F5"
.AddItem "F6"
.AddItem "F7"
.AddItem "F8"
.AddItem "F9"
.AddItem "F10"
.AddItem "F11"
.AddItem "F12"
End With
Key = "無"
End Function

留言

  1. 洋蔥 既然...這文章又復活了ˊ
    我看午也因該把楓之谷小黑 給整理一夏程式碼 分出來好了...

    回覆刪除
  2. 請問一下可以幫忙轉成VB.NET的嗎?
    VB.NET這類的資訊特別少...大多都是VB6的..
    (尤其是某大大發的clsHack)

    回覆刪除
  3. 洋蔥大大:
    不知可否請教您…,如果想把ICS的數據寫入VB中的話,應該要如何處理????
    不知道洋蔥大可否分享相關教學???
    感恩~~~~~~

    回覆刪除

張貼留言

本月最夯

偷用電腦,怎知?事件檢視器全記錄!(開機時間、啟動項時間...)