📄 unit1.pas
字号:
//外挂饭馆www.wgum.net
//中国最大的专业免费外挂教学,外挂研究,技术交流网站
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ExtCtrls;
type
TForm1 = class(TForm)
Label3: TLabel;
label1: TLabel;
Label2: TLabel;
Labname: TLabel;
Labhp: TLabel;
Labmp: TLabel;
Button1: TButton;
Label4: TLabel;
Lablevel: TLabel;
Timer1: TTimer;
Button2: TButton;
procedure FormCreate(Sender: TObject);
procedure FormDestroy(Sender: TObject); //窗体关闭过程
procedure Button1Click(Sender: TObject);
procedure Timer1Timer(Sender: TObject);
procedure Button2Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
aatom:atom;
procedure hotkey(var msg:tmessage);message wm_hotkey;
end;
var
Form1: TForm1;
ProcessID: Thandle;
ProcID: Thandle;
Ghwnd: Thandle;
Ecxi: Cardinal;
mytime:integer;
r_level,r_hp,r_maxhp,r_mp,r_maxmp:Cardinal;
r_Name:array[0..16] of WideChar;
r_Name1:integer;
const baseadr = $912BA4; //一级基址
implementation
{$R *.dfm}
//注入CALL的函数(无参数)
function FunIn(Hid:cardinal;FunName:pointer):cardinal;
var
TmpHandle: THandle;
ThreadID: Thandle;
ThreadAdd:pointer;
WriteCount: DWORD;
begin
ThreadAdd := VirtualAllocEx(Hid, nil, 4096, MEM_COMMIT, PAGE_EXECUTE_READWRITE); //在目标进程建立内存空间
WriteProcessMemory(Hid, ThreadAdd,FunName, 4096, WriteCount); //将要注入的CALL写到上面建立的内存空间中
TmpHandle := CreateRemoteThread(Hid, nil, 0, ThreadAdd, nil, CREATE_SUSPENDED, ThreadID); //获得注入后线程的句柄ID
result:=TmpHandle; //返回句柄ID
end;
procedure dazu; //打坐的CALL
var
address:pointer;
begin
address:=pointer($5A82A0); //打坐CALL地址
asm
pushad
call address
popad
end;
end;
procedure TForm1.FormCreate(Sender: TObject);
var
Num: Cardinal;
begin
Ghwnd := FindWindow('QElementClient Window', 'Element Client'); //获取窗口
if Ghwnd = 0 then
begin
ShowMessage('游戏未启动');
Application.Terminate();
end;
GetWindowThreadProcessId(Ghwnd, ProcID); //进程ID
ProcessID := OpenProcess(PROCESS_ALL_ACCESS, False, ProcID); // 进程句柄
if ProcessID = 0 then
begin
showMessage('无法打开线程');
Application.Terminate();
end;
ReadProcessMemory(ProcessID, Pointer(baseadr), @ECXI, 4, Num);
ReadProcessMemory(ProcessID, Pointer(ECXI + $24), @ECXI, 4, Num);
ReadProcessMemory(ProcessID, Pointer(ECXI + $398), @r_Name1, 4, Num);
ReadProcessMemory(ProcessID, Pointer(r_Name1), @r_Name, 34, Num);
LabName.Caption := r_Name;
aatom:=globaladdatom('hotkey'); //为全局原子表添加一个原子
RegisterHotKey(form1.Handle,aatom,MOD_ALT,vk_f3); //在FORM1窗口,注册全局热键ALT+F3
CloseHandle(ProcessID); //关闭进程句柄
end;
procedure TForm1.FormDestroy(Sender: TObject);
begin
globalDeleteatom(aatom); //窗体关闭时,删除指定义的全局原子
//UnRegisterHotKey(form1.handle, aatom); //注销HotKey, 释放资源
end;
{捕获热键消息}
procedure TForm1.hotkey(var msg:tmessage);
begin
if (msg.LParamHi=VK_F3) and (msg.LParamLo=MOD_ALT) then
begin
showMessage('热键ALT+F3启动'); //热键响应代码
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
close;
end;
procedure TForm1.Timer1Timer(Sender: TObject);
var
Num: Cardinal;
begin
if myTime = 31 then
begin
myTime := 0;
end
else
begin
myTime := myTime + 1;
end;
ProcessID := OpenProcess(PROCESS_ALL_ACCESS, False, ProcID);
ReadProcessMemory(ProcessID, Pointer(baseadr), @ECXI, 4, Num);
ReadProcessMemory(ProcessID, Pointer(ECXI + $24), @ECXI, 4, Num);
ReadProcessMemory(ProcessID, Pointer(ECXI + $25C), @r_HP, 4, Num);
ReadProcessMemory(ProcessID, Pointer(ECXI + $274), @r_MAXHP, 4, Num);
ReadProcessMemory(ProcessID, Pointer(ECXI + $260), @r_mp, 4, Num);
ReadProcessMemory(ProcessID, Pointer(ECXI + $278), @r_maxmp, 4, Num);
ReadProcessMemory(ProcessID, Pointer(ECXI + $250), @r_level, 4, Num);
labhp.Caption:=inttostr(r_hp)+'/'+inttostr(r_maxhp);
labmp.Caption:=inttostr(r_mp)+'/'+inttostr(r_maxmp);
lablevel.Caption:=inttostr(r_level)+'级';
end;
procedure TForm1.Button2Click(Sender: TObject);
var
homeadd: Thandle;
begin
ProcessID := OpenProcess(PROCESS_ALL_ACCESS, False, ProcID); //取得游戏进程句柄
homeadd:=funin(processid,@dazu); //注入CALL
ResumeThread(homeadd); //执行注入的CALL
end;
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -