unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, ComCtrls, StdCtrls, ExtCtrls, StrUtils;
type
TForm1 = class(TForm)
PageControl1: TPageControl;
TabSheet1: TTabSheet;
GroupBox1: TGroupBox;
Label1: TLabel;
Label2: TLabel;
Label3: TLabel;
EditName: TEdit;
EditHP: TEdit;
EditMP: TEdit;
Button1: TButton;
Button2: TButton;
Button3: TButton;
Button4: TButton;
procedure Button4Click(Sender: TObject);
procedure Button1Click(Sender: TObject);
procedure FormCreate(Sender: TObject);
procedure FormDestroy(Sender: TObject);
procedure RetCity;
procedure JiNeng;
procedure Button2Click(Sender: TObject);
procedure Button3Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
type // ---- 定义参数指针
P1_STR = packed record
Param1: DWORD;
Param2: DWORD;
end;
PP1_STR = ^P1_STR;
var
Form1: TForm1;
Base0, Base1, BaseT1: Integer;
HP, MP: Integer;
MyHwnd:Hwnd;
hProcess_N: THandle;
ThreadAdd, ParamAdd: Pointer;
ThreadID: DWORD;
MemSize, JNID: DWORD;
ByteRead: Cardinal;
implementation
{$R *.dfm}
procedure TForm1.FormCreate(Sender: TObject);
begin
MyHwnd:=findwindow(nil, ''Element Client'');
GetWindowThreadProcessId(MyHwnd, @ThreadID);
hProcess_N := OpenProcess(PROCESS_ALL_ACCESS, False, ThreadID);
if hProcess_N = 0 then
begin
Messagebox(handle, '' 请退出先登录运行《诛仙》游戏。 '',''提示'',MB_OK+MB_IconError);
exit;
end;
Base0:=$9045EC; // $12F82C
MemSize:=128;
ThreadAdd := VirtualAllocEx(hProcess_N, nil, MemSize, MEM_COMMIT, PAGE_READWRITE);
ParamAdd := VirtualAllocEx(hProcess_N, nil, 20, MEM_COMMIT, PAGE_READWRITE);
end;
procedure TForm1.FormDestroy(Sender: TObject);
begin
VirtualFreeEx(hProcess_N, ThreadAdd, MemSize, MEM_RELEASE);
VirtualFreeEx(hProcess_N, ParamAdd, 20, MEM_RELEASE);
CloseHandle(hProcess_N);
end;
procedure InjectFunc(Func: Pointer; Param: Pointer; ParamSize: DWORD);
var
hThread: THandle;
lpNumberOfBytes: DWORD;
begin
if hProcess_N<>0 then
begin
// ---- 写入函数地址
WriteProcessMemory(hProcess_N, ThreadAdd, Func, MemSize, lpNumberOfBytes);
// ---- 写入参数地址
WriteProcessMemory(hProcess_N, ParamAdd, Param, ParamSize, lpNumberOfBytes);
// ---- 创建远程线程
hThread := CreateRemoteThread(hProcess_N, nil, 0, ThreadAdd, ParamAdd, 0, lpNumberOfBytes);
// ---- 等待线程结束
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
end;
end;
// ---- 死亡回城 CALL
procedure MyCall1; Stdcall;
var
Address:pointer;
begin
Address:=Pointer($5A1F70);
asm
pushad
call Address
popad
end;
end;
// ---- 技能 CALL
procedure MyCall8(P:PP1_STR); Stdcall;
var
Address: pointer;
P1: DWORD;
begin
Address:=Pointer($4656F0);
P1:=P^.Param1; // ---- 技能ID号
asm
pushad
push -1
push 0
push 0
push P1
mov ecx,DWORD PTR DS:[$900adc]
mov edx,DWORD PTR DS:[ecx+$1c]
mov ecx,DWORD PTR DS:[edx+$28]
call address
popad
end;
end;
// --- 退出
procedure TForm1.Button4Click(Sender: TObject);
var
FTxt: TextFile;
S: String;
begin
SetWindowText(MyHwnd, ''Element Client'');
Close;
end;
// ---- 读角色信息
procedure TForm1.Button1Click(Sender: TObject);
var
FTxt: TextFile;
S: String;
Name: array [0..16] of WideChar;
begin
ReadProce
