www.pudn.com > zxxx.1.rar > Form1.cs
/*
* WinXP (Professional SP2)
* Microsoft Visual Studio 2005 (Installed Edition: C# Express)
* Version 8.0.50727.762 (SP.050727-7600)
* Microsoft .NET Framework
* Version 2.0.50727
*
*/
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Windows.Forms;
using System.Threading;
using System.Runtime.InteropServices;
namespace ProcessMemoryWork_Demo
{
public partial class Form1 : Form
{
IntPtr PinballHandle;//游戏进程
uint JIZHI = 0x12F830; //基址
uint basse;//base
string asmPram;//机器码
private UInt32 MEM_COMMIT = 0x1000;
private UInt32 PAGE_EXECUTE_READWRITE = 0x40;
private UInt32 MEM_RELEASE = 0x8000;
IntPtr hThread;//线程
int hp; //当前的生命
int hpMax; //生命的最大值
int mp; //蓝
int mpMax;
int renwuId; //人物ID
int mubiaoId; //目标ID
int itemCount; //地面的物品数量
int nearItemCount; //有效距离内的物品
int killId=0;
public Form1()
{
InitializeComponent();
}
private void chushihua()//获取所有需要的指针
{
System.Diagnostics.Process[] PinballProcessID
= System.Diagnostics.Process.GetProcessesByName("elementclient"); //根据进程名获取进程ID
if (PinballProcessID.Length != 0)
{
PinballHandle = ProcessMemoryWorkApi.OpenProcess(0x1F0FFF, 0, (UInt32)PinballProcessID[0].Id); //获得游戏进程
basse=gvba(gvba(JIZHI)+0x28);
timer1.Enabled = true;
timer2.Enabled = true;
labelStatus.Text = "正常";
}
else
{
labelStatus.Text = "游戏没有运行";
MessageBox.Show("\"诛仙OL\" 还没有运行吧?", "垃圾外挂");
button.Text = "停止";
}
}
private void button_Click(object sender, EventArgs e)
{
if (button.Text == "开始")
{
chushihua(); //初始化
button.Text = "停止";
}
else
{
timer1.Enabled = false;
button.Text = "开始";
labelStatus.Text = "停止";
}
}
bool NEEDREST = false;
bool RESTING = false;
bool YOUGUAI;
bool PINXUE;
bool MANXUE;
bool DEADING;
bool DEAD;
bool DIAOXIAN;
bool PK;
private void timer1_Tick(object sender, EventArgs e)
{
hp = (int)gvba(basse+0x254);//生命
hpMax = (int)gvba(basse + 0x26c);//生命最大值
mp = (int)gvba(basse + 0x258);
mpMax = (int)gvba(basse + 0x270);
labelhp.Text = hp.ToString() + "/" + hpMax.ToString();
labelmp.Text = mp.ToString() + "/" + mpMax.ToString();
renwuId = (int)gvba(basse + 0x240);//人物ID
labelid.Text = renwuId.ToString();
mubiaoId = (int)gvba(basse + 0x7b8); //目标ID
labelMubiao.Text = mubiaoId.ToString();
itemCount = (int)gvba(gvba(gvba(gvba(JIZHI)+0x8)+0x24)+0x14); //地面物品数量
//int x=0, y=0;
//for (int i = 1; i < itemCount; i++)
//{
// uint GoodsBase;
// GoodsBase=gvba(gvba(gvba(gvba(gvba(JIZHI)+0x8)+0x24)+0x18 + (uint)(i * 0x4)) + 0x4);
// x = (int)gvba(GoodsBase + 0x3c);
// y = (int)gvba(GoodsBase + 0x44);
//}
//label10.Text = x.ToString() + "," + y.ToString();
labelItemCount.Text = itemCount.ToString();
PINXUE = hpMax * trackBar6.Value / 100 > hp ? true : false;
DEADING = hpMax * trackBar7.Value / 100 > hp ? true : false;
DEAD = hp == 0 ? true : false;
MANXUE = hp == hpMax ? true : false;
YOUGUAI = mubiaoId < 0 ? true : false;
PK = mubiaoId > 0 ? true : false;
labelKill.Text = kill.ToString();
work();
}
int loop = 0;
int loopfk = 0;
int loopwait=0;
int itemNo=0;
int kill = 0;
public void work()
{
if (WindowXY.GetWindowName() != "Element Client ")
{
labelStatus.Text = "游戏失去焦点";
//return;
}
else { labelStatus.Text = "正常"; }
loop++;
loopfk++;//防卡
if (DEADING&&loop%4==0)
{
presskey("6");
// NEEDREST = true;
}
//if (mp < 100 && loop % 4 == 0)
//{
// presskey("8");
// NEEDREST = true;
//}
if (killId != mubiaoId)
{
loopfk = 0;
if (mubiaoId == 0)
kill++;
killId = mubiaoId;
}
if (YOUGUAI)//目标为怪物
{
if (RESTING)
{
RESTING = false;
NEEDREST = true;
}
//if (loop % 6 == 0 && checkBox4.Checked == true)
// presskey("4");
else if (loop % 2 == 1 && checkBox5.Checked == true)
presskey("5");
else if (mp > 100&&checkBox4.Checked == true)
presskey("2");
else
presskey("1");
if (loopfk > 30&&mubiaoId<0)//如果30秒没有杀死怪物
{
presskey("tab");//换个怪杀
loopfk = 0;
}
}
else if (PK)//目标为玩家
{
presskey("F8");
}
else//没有目标
{
loop = 0;
if (RESTING)//如果在休息,就休息到满血
if (MANXUE)
{
RESTING = false;
NEEDREST = false;
presskey("tab");
}
else
return;
if (itemCount > 0 && loopwait < 3)//如果地上有物品
{
//if (itemNo != 0 && itemNo == itemCount)//如果捡了没捡起来
//{
// loopwait++;//就不捡了
// return;
//}
//itemNo = itemCount;//记下捡前的物品数
//presskey("3");//捡
//loopwait = 0;//准备继续捡
//return;
presskey("3");//捡
}
else if (PINXUE || NEEDREST)//如果贫血或者需要休息
{
presskey("7");
RESTING = true;
loopwait = 0;
return;
}
else if (loopwait == 3)
{
itemNo = 0;
presskey("tab");//选怪
loopwait = 0;
}
loopwait++;
}
}
private uint gvba(uint add)//把add中的值取出来,返回
{
uint[] r = new uint[1];
ProcessMemoryWorkApi.ReadProcessMemory(PinballHandle, (IntPtr)add, r, 4, (IntPtr)0);
return (uint)r[0];
}
public void presskey(string s)
{
switch (s)
{
case "1":
asmPram = "60A130F812008B40288B80D80800008B400C8B40008BC88B118B4208FFD061C3";
docall();
//Keyboard.SetState(VirtualKeys.VK_1, !Keyboard.GetState(VirtualKeys.VK_1));
break;
case "2":
asmPram = "60A130F812008B40288B80D80800008B400C8B40048BC88B118B4208FFD061C3";
docall();
//Keyboard.SetState(VirtualKeys.VK_2, !Keyboard.GetState(VirtualKeys.VK_2));
break;
case "3":
asmPram = "60A130F812008B40288B80D80800008B400C8B40088BC88B118B4208FFD061C3";
docall();
//Keyboard.SetState(VirtualKeys.VK_3, !Keyboard.GetState(VirtualKeys.VK_3));
break;
case "4":
asmPram = "60A130F812008B40288B80D80800008B400C8B400C8BC88B118B4208FFD061C3";
docall();
//Keyboard.SetState(VirtualKeys.VK_4, !Keyboard.GetState(VirtualKeys.VK_4));
break;
case "5":
asmPram = "60A130F812008B40288B80D80800008B400C8B40108BC88B118B4208FFD061C3";
docall();
//Keyboard.SetState(VirtualKeys.VK_5, !Keyboard.GetState(VirtualKeys.VK_5));
break;
case "6":
asmPram = "60A130F812008B40288B80D80800008B400C8B40148BC88B118B4208FFD061C3";
docall();
//Keyboard.SetState(VirtualKeys.VK_6, !Keyboard.GetState(VirtualKeys.VK_6));
break;
case "7":
asmPram = "60A130F812008B40288B80D80800008B400C8B40188BC88B118B4208FFD061C3";
docall();
//Keyboard.SetState(VirtualKeys.VK_7, !Keyboard.GetState(VirtualKeys.VK_7));
break;
case "8":
asmPram = "60A130F812008B40288B80D80800008B400C8B401C8BC88B118B4208FFD061C3";
docall();
//Keyboard.SetState(VirtualKeys.VK_8, !Keyboard.GetState(VirtualKeys.VK_8));
break;
case "9":
Keyboard.SetState(VirtualKeys.VK_9, !Keyboard.GetState(VirtualKeys.VK_9));
break;
case "0":
Keyboard.SetState(VirtualKeys.VK_0, !Keyboard.GetState(VirtualKeys.VK_0));
break;
case "F8":
Keyboard.SetState(VirtualKeys.VK_F8, !Keyboard.GetState(VirtualKeys.VK_F8));
break;
case "tab":
asmPram = "60A17C3C90008B401C8B40288BC86A00BBB0F34500FFD361C3";
docall();
//Keyboard.SetState(VirtualKeys.VK_TAB, !Keyboard.GetState(VirtualKeys.VK_TAB));
break;
case "enter":
Keyboard.SetState(VirtualKeys.VK_RETURN, !Keyboard.GetState(VirtualKeys.VK_RETURN));
break;
}
}
private void docall()
{
byte[] reAsmCode = new byte[asmPram.Length / 2];
for (int i = 0; i < reAsmCode.Length; i++)
{
reAsmCode[i] = Convert.ToByte(Int32.Parse(asmPram.Substring(i * 2, 2), System.Globalization.NumberStyles.AllowHexSpecifier));
}
//第2步,在进程中申请空间
UInt32 ThreadAdd = ProcessMemoryWorkApi.VirtualAllocEx(PinballHandle, 0, (UInt32)reAsmCode.Length, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
//第3步,在申请的空间中,写入要执行的代码
ProcessMemoryWorkApi.WriteProcessMemory(PinballHandle, (IntPtr)ThreadAdd, reAsmCode, (UInt32)reAsmCode.Length, (IntPtr)0); //写入函数地址
//第4步,调用远程线程
uint threadId = 0;//为了最后一个破参数,随便定义个变量
hThread = (IntPtr)ProcessMemoryWorkApi.CreateRemoteThread(PinballHandle, 0, 0, ThreadAdd, (IntPtr)0, 0, ref threadId); //创建远程线程
//第5步,等待线程结束
ProcessMemoryWorkApi.WaitForSingleObject(hThread, 0xFFFFFFFF);//等待线程结束
//第6步,释放申请的地址
ProcessMemoryWorkApi.VirtualFreeEx(PinballHandle, (IntPtr)ThreadAdd, (UInt32)reAsmCode.Length, MEM_RELEASE); //释放申请的地址
ProcessMemoryWorkApi.CloseHandle(hThread);
//关闭打开的句柄
}
private void trackBar6_Scroll(object sender, EventArgs e)
{
label6.Text = trackBar6.Value.ToString() + "/100";
}
private void trackBar7_Scroll(object sender, EventArgs e)
{
label7.Text = trackBar7.Value.ToString() + "/100";
}
private void buttonZero_Click(object sender, EventArgs e)
{
kill = 0;
}
byte[] uuuint = { 1,0,0,0 };
private void timer2_Tick(object sender, EventArgs e)
{
ProcessMemoryWorkApi.WriteProcessMemory(PinballHandle, (IntPtr)0x45DA3A, uuuint, 1, (IntPtr)0);//飞
}
}
}
class ProcessMemoryWorkApi
{
[DllImport("kernel32.dll")]
public static extern
IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheritHandle, UInt32 dwProcessId);
[DllImport("kernel32.dll")]
public static extern
Int32 CloseHandle(IntPtr hObject);
[DllImport("kernel32.dll")]
public static extern
Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, UInt32 nSize, IntPtr lpNumberOfBytesWritten);
[DllImport("kernel32.dll")]
public static extern
Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, uint[] lpBuffer, UInt32 nSize, IntPtr lpNumberOfBytesRead);
[DllImport("Kernel32.dll")]
public static extern System.UInt32 VirtualAllocEx(
IntPtr hProcess,
UInt32 lpAddress,
UInt32 dwSize,
UInt32 flAllocationType,
UInt32 flProtect
);
[DllImport("kernel32.dll")]
public static extern bool VirtualFreeEx(
IntPtr hProcess,
IntPtr lpAddress,
UInt32 dwSize,
UInt32 dwFreeType
);
[DllImport("kernel32.dll")]
public static extern IntPtr CreateRemoteThread(
IntPtr hProcess,
UInt32 lpThreadAttributes,
UInt32 dwStackSize,
UInt32 lpStartAddress,
IntPtr param,
UInt32 dwCreationFlags,
ref UInt32 lpThreadId
);
[DllImport("kernel32.dll")]
public static extern UInt32 WaitForSingleObject(
IntPtr hHandle,
UInt32 dwMilliseconds
);
}
class WindowXY
{
[StructLayout(LayoutKind.Explicit)]
public struct Rect
{
[FieldOffset(0)]
public int left;
[FieldOffset(4)]
public int top;
[FieldOffset(8)]
public int right;
[FieldOffset(12)]
public int bottom;
}
[DllImport("user32.dll")]
private static extern
IntPtr GetForegroundWindow();
[DllImport("user32.dll")]
public static extern bool GetWindowRect(IntPtr hWnd, ref Rect r);
[DllImport("User32.dll")]
static extern int GetWindowText(IntPtr handle, StringBuilder text, int MaxLen);
public static Point GetWindowXY()
{
Rect rect = new Rect();
Point t = new Point();
if (GetWindowRect(GetForegroundWindow(), ref rect))
{
t.X = rect.left;
t.Y = rect.top;
return t;
}
t = new Point(-1, -1);
return t;
}
public static string GetWindowName()
{
int len = 100;
StringBuilder text = new StringBuilder(len);
int i = GetWindowText(GetForegroundWindow(), text, len);
return text.ToString();
}
}
public enum VirtualKeys : byte
{
VK_TAB = 0x09,
VK_0 = 0x30,
VK_1 = 0x70,
VK_2 = 0x32,
VK_3 = 0x33,
VK_4 = 0x34,
VK_5 = 0x35,
VK_6 = 0x36,
VK_7 = 0x37,
VK_8 = 0x38,
VK_9 = 0x39,
VK_F8 = 0x77,
VK_RETURN = 0x0D,
}
class Keyboard
{
const uint KEYEVENTF_EXTENDEDKEY = 0x1;
const uint KEYEVENTF_KEYUP = 0x2;
[DllImport("user32.dll")]
static extern short GetKeyState(int nVirtKey);
[DllImport("user32.dll")]
static extern void keybd_event(byte bVk, byte bScan, uint dwFlags, uint dwExtraInfo);
public static bool GetState(VirtualKeys Key)
{
return (GetKeyState((int)Key) == 1);
}
public static void SetState(VirtualKeys Key, bool State)
{
if (State != GetState(Key))
{
keybd_event((byte)Key, 0x45, KEYEVENTF_EXTENDEDKEY | 0, 0);
keybd_event((byte)Key, 0x45, KEYEVENTF_EXTENDEDKEY | KEYEVENTF_KEYUP, 0);
}
}
}