unit1gg.pas

so good ver easy~~~~~~~

unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, ComCtrls, StdCtrls, ExtCtrls, StrUtils;

type
  TForm1 = class(TForm)
    PageControl1: TPageControl;
    TabSheet1: TTabSheet;
    GroupBox1: TGroupBox;
    Label1: TLabel;
    Label2: TLabel;
    Label3: TLabel;
    EditName: TEdit;
    EditHP: TEdit;
    EditMP: TEdit;
    Button1: TButton;
    Button2: TButton;
    Button3: TButton;
    Button4: TButton;

    procedure Button4Click(Sender: TObject);
    procedure Button1Click(Sender: TObject);
    procedure FormCreate(Sender: TObject);
    procedure FormDestroy(Sender: TObject);

    procedure RetCity;
    procedure JiNeng;
    procedure Button2Click(Sender: TObject);
    procedure Button3Click(Sender: TObject);


  private
    { Private declarations }

  public
    { Public declarations }

  end;

type  // ---- 定义参数指针
  P1_STR = packed record
  Param1: DWORD;
  Param2: DWORD;
  end;
  PP1_STR = ^P1_STR;

var
  Form1: TForm1;
  Base0, Base1, BaseT1: Integer;
  HP, MP: Integer;

  MyHwnd:Hwnd;
  hProcess_N: THandle;
  ThreadAdd, ParamAdd: Pointer;
  ThreadID: DWORD;

  MemSize, JNID: DWORD;
  ByteRead: Cardinal;

implementation

{$R *.dfm}


procedure TForm1.FormCreate(Sender: TObject);
begin
  MyHwnd:=findwindow(nil, 'Element Client');
  GetWindowThreadProcessId(MyHwnd, @ThreadID);
  hProcess_N := OpenProcess(PROCESS_ALL_ACCESS, False, ThreadID);
  if hProcess_N = 0 then
  begin
    Messagebox(handle, '　请退出先登录运行《诛仙》游戏。　','提示',MB_OK+MB_IconError);
    exit;
  end;

  Base0:=$9045EC;           // $12F82C
  MemSize:=128;

  ThreadAdd := VirtualAllocEx(hProcess_N, nil, MemSize, MEM_COMMIT, PAGE_READWRITE);
  ParamAdd := VirtualAllocEx(hProcess_N, nil, 20, MEM_COMMIT, PAGE_READWRITE);
end;


procedure TForm1.FormDestroy(Sender: TObject);
begin
  VirtualFreeEx(hProcess_N, ThreadAdd, MemSize, MEM_RELEASE);
  VirtualFreeEx(hProcess_N, ParamAdd, 20, MEM_RELEASE);
  CloseHandle(hProcess_N);
end;


procedure InjectFunc(Func: Pointer; Param: Pointer; ParamSize: DWORD);
var
  hThread: THandle;
  lpNumberOfBytes: DWORD;

begin
  if hProcess_N<>0 then
  begin
    // ---- 写入函数地址
    WriteProcessMemory(hProcess_N, ThreadAdd, Func, MemSize, lpNumberOfBytes);
    // ---- 写入参数地址
    WriteProcessMemory(hProcess_N, ParamAdd, Param, ParamSize, lpNumberOfBytes);
    // ---- 创建远程线程
    hThread := CreateRemoteThread(hProcess_N, nil, 0, ThreadAdd, ParamAdd, 0, lpNumberOfBytes);
    // ---- 等待线程结束
    WaitForSingleObject(hThread, INFINITE);
    CloseHandle(hThread);
  end;
end;

// ---- 死亡回城 CALL
procedure MyCall1; Stdcall;
var
  Address:pointer;
begin
  Address:=Pointer($5A1F70);
  asm
    pushad
    call Address
    popad
  end;
end;


// ---- 技能 CALL
procedure MyCall8(P:PP1_STR); Stdcall;
var
  Address: pointer;
  P1: DWORD;
begin
  Address:=Pointer($4656F0);
  P1:=P^.Param1;          // ---- 技能ID号
  asm
    pushad
    push -1
    push 0
    push 0
    push P1
    mov ecx,DWORD PTR DS:[$900adc]
    mov edx,DWORD PTR DS:[ecx+$1c]
    mov ecx,DWORD PTR DS:[edx+$28]
    call address
    popad
  end;
end;


// --- 退出
procedure TForm1.Button4Click(Sender: TObject);
var
  FTxt: TextFile;
  S: String;

begin
  SetWindowText(MyHwnd, 'Element Client');
  Close;
end;

// ---- 读角色信息
procedure TForm1.Button1Click(Sender: TObject);
var
  FTxt: TextFile;
  S: String;
  Name: array [0..16] of WideChar;

begin
  ReadProcessMemory(hProcess_N, Pointer(Base0), @BaseT1, 4, ByteRead);
  ReadProcessMemory(hProcess_N, Pointer(BaseT1+($28)), @Base1, 4, ByteRead);

  ReadProcessMemory(hProcess_N, Pointer(Base1+($3A4)), @BaseT1, 4, ByteRead);
  ReadProcessMemory(hProcess_N, Pointer(BaseT1+($0)),  @Name, 16, ByteRead);    // ---- 主角信息
  ReadProcessMemory(hProcess_N, Pointer(Base1+($254)), @HP, 4, ByteRead);
  ReadProcessMemory(hProcess_N, Pointer(Base1+($258)), @MP, 4, ByteRead);

  EditName.Text:=Name;
  EditHP.Text:=IntToStr(HP);
  EditMP.Text:=IntToStr(MP);
end;


// --- 调用CALL 回城
procedure TForm1.RetCity;
var
  MyParam : P1_STR;
  ParamSum: DWORD;
begin
  ParamSum:=0;
  if MyHwnd<>0 then
  begin
    injectfunc(@MyCall1, @MyParam, ParamSum);
  end;
end;


// ---- 调用CALL 技能
procedure TForm1.JiNeng;
var
  MyParam : P1_STR;
  ParamSum: DWORD;
begin
  MyParam.Param1:=JNID;
  ParamSum:=SizeOf(MyParam);
  if MyHwnd<>0 then
  begin
    injectfunc(@MyCall8, @MyParam, ParamSum);
  end;
end;


procedure TForm1.Button2Click(Sender: TObject);
begin
  RetCity;
end;

procedure TForm1.Button3Click(Sender: TObject);
begin
  JNID:=$DA;
  JiNeng;
end;

end.