unit1.pas

delphi写的几个CALL.有打坐CALL.取消打坐CALL.还有一个普通攻击CALL.游戏2008.9.26号测试有用

unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls;

type
  TForm1 = class(TForm)
    Button1: TButton;
    Button2: TButton;
    Button3: TButton;
    procedure Button1Click(Sender: TObject);
    procedure Button2Click(Sender: TObject);
    procedure Button3Click(Sender: TObject);
    procedure FormCreate(Sender: TObject);
    procedure FormDestroy(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.dfm}
var
  pHandle:Thandle;

function FunIn(Hid:cardinal;FunName:pointer):cardinal;
var 
{要注入线程的窗口句柄和临时存放的句柄} 
TmpHandle: THandle;
ThreadID: Thandle; 
ThreadAdd:pointer; 
WriteCount: DWORD; 
begin 
ThreadAdd := VirtualAllocEx(Hid, nil, 4096, MEM_COMMIT, PAGE_EXECUTE_READWRITE);//在目标进程建立内存空间
WriteProcessMemory(Hid, ThreadAdd, FunName , 4096, WriteCount);//将要注入的过程写到上面建立的内存空间中 
TmpHandle := CreateRemoteThread(Hid, nil, 0, ThreadAdd, nil, CREATE_SUSPENDED, ThreadID);//获得注入后过程的句柄ID
result:=TmpHandle;//返回句柄ID 
end;


procedure DaZuo; //打坐CALL过程
  var
    Address:pointer;
  begin
    Address:=Pointer($005ACCE0); //函数入口地址
      asm
        pushad
          CALL Address
        popad
      end;
  end;
procedure QXDaZuo; //取消打坐CALL过程
  var
    Address:pointer;
  begin
    Address:=Pointer($005ACCA0); //函数入口地址
      asm
        pushad
          CALL Address
        popad
      end;
  end;

procedure PTGJ; //普通攻击CALL过程
  var
    Address:pointer;
  begin
    Address:=Pointer($005AC660); //函数入口地址
      asm
        pushad
          CALL Address
        popad
      end;
  end;

procedure TForm1.Button1Click(Sender: TObject); //打坐按钮
begin
  FunIn(pHandle, @DaZuo);//调用注入函数
  ResumeThread( FunIn(pHandle, @DaZuo )); //运行注入的CALL线程
end;


procedure TForm1.Button2Click(Sender: TObject);  //取消打坐按钮
begin
  FunIn(pHandle, @QXDaZuo );//调用注入函数
  ResumeThread( FunIn(pHandle, @QXDaZuo )); //运行注入的CALL线程
end;
procedure TForm1.Button3Click(Sender: TObject);     //普通攻击按钮

begin
  FunIn(pHandle, @PTGJ);//调用注入函数
  ResumeThread( FunIn(pHandle, @PTGJ )); //运行注入的CALL线程
end;

procedure TForm1.FormCreate(Sender: TObject);
 var
  thwnd :Thandle ;   //声明变量 窗口句柄
  pid:Thandle;      //进程句柄

begin
   thWnd := FindWindow(nil,'Element Client'); //得窗口句柄
   GetWindowThreadProcessId(thwnd,@pid);//得进程ID
   phandle := OpenProcess(PROCESS_ALL_ACCESS,False,pid); //打开进程
   if phandle=0 then
      begin
        Application.MessageBox ('请先运行游戏再打开本程序','友情提示',MB_OK);
        Application.Terminate;
      end;

end;

procedure TForm1.FormDestroy(Sender: TObject);
begin
  CloseHandle(pHandle);
end;

end.