mdlsubinfo.bas

武林外传外挂源代码

Attribute VB_Name = "mdlSubInfo"
Option Explicit
'防挂机信息
Public Sub GetAntiRobot()
    Dim hProcess As Long
    hProcess = OpenProcess(PROCESS_VM_READ, 0, dwProcessId)
    If hProcess = 0 Then Exit Sub
    '防挂机检测窗口标志：[[[[AlertBaseAddr]+0]+C]+64]
    Dim addr As Long
    ReadProcessMemory hProcess, AlertBaseAddr, addr, 4, 0&
    ReadProcessMemory hProcess, addr, addr, 4, 0&
    ReadProcessMemory hProcess, addr + &HC, addr, 4, 0&
    ReadProcessMemory hProcess, addr + &H64, lAntiRobot, 4, 0&
    CloseHandle hProcess
End Sub
'角色信息
Public Sub GetCharInfo()
    Dim hProcess As Long
    hProcess = OpenProcess(PROCESS_VM_READ, 0, dwProcessId)
    If hProcess = 0 Then Exit Sub
    Dim addr As Long
    '角色名字 [[[[[CharBaseAddr]+64]+154]+4]+30]
    '角色等级 [[[[[CharBaseAddr]+64]+154]+4]+5C]
    '角色HP [[[[[CharBaseAddr]+64]+154]+4]+6D4]
    '角色MP [[[[[CharBaseAddr]+64]+154]+4]+6D8]
    '角色EXP [[[[[CharBaseAddr]+64]+154]+4]+6DC]
    '角色MAXHP [[[[[CharBaseAddr]+64]+154]+4]+73C]
    '角色MAXMP [[[[[CharBaseAddr]+64]+154]+4]+740]
    ReadProcessMemory hProcess, CharBaseAddr, addr, 4, 0&
    ReadProcessMemory hProcess, addr + &H64, addr, 4, 0&
    ReadProcessMemory hProcess, addr + &H154, addr, 4, 0&
    ReadProcessMemory hProcess, addr + &H4, addr, 4, 0&
    ReadProcessMemory hProcess, addr + &H30, ByVal bbChar.sz, 12, 0&
    ReadProcessMemory hProcess, addr + &H5C, bbChar.lvl, 4, 0&
    ReadProcessMemory hProcess, addr + &H6D4, bbChar.hp, 4, 0&
    ReadProcessMemory hProcess, addr + &H6D8, bbChar.mp, 4, 0&
    ReadProcessMemory hProcess, addr + &H6DC, bbChar.exp, 4, 0&
    ReadProcessMemory hProcess, addr + &H73C, bbChar.hpmax, 4, 0&
    ReadProcessMemory hProcess, addr + &H740, bbChar.mpmax, 4, 0&
    '是否在忙 [[[CharBaseAddr]+64]+274]
    ReadProcessMemory hProcess, CharBaseAddr, addr, 4, 0&
    ReadProcessMemory hProcess, addr + &H64, addr, 4, 0&
    ReadProcessMemory hProcess, addr + &H274, lBusy, 4, 0&
    'ReadProcessMemory hProcess, &H62D295, lBusy, 4, 0&
    '上次技能 [[[[CharBaseAddr]+64]+160]+84]
    '目标怪ID [[[[CharBaseAddr]+64]+160]+8C]
    ReadProcessMemory hProcess, CharBaseAddr, addr, 4, 0&
    ReadProcessMemory hProcess, addr + &H64, addr, 4, 0&
    ReadProcessMemory hProcess, addr + &H160, addr, 4, 0&
    ReadProcessMemory hProcess, addr + &H84, lLastSkill, 4, 0&
    ReadProcessMemory hProcess, addr + &H8C, lTargetId, 4, 0&
    '角色ID [[[CharBaseAddr]+64]+34]
    'x坐标 [[[CharBaseAddr]+64]+44]
    'z坐标 [[[CharBaseAddr]+64]+48]
    'y坐标 [[[CharBaseAddr]+64]+4C]
    ReadProcessMemory hProcess, CharBaseAddr, addr, 4, 0&
    ReadProcessMemory hProcess, addr + &H64, addr, 4, 0&
    ReadProcessMemory hProcess, addr + &H34, bbChar.id, 4, 0&
    ReadProcessMemory hProcess, addr + &H44, bbChar.x, 4, 0&
    ReadProcessMemory hProcess, addr + &H48, bbChar.z, 4, 0&
    ReadProcessMemory hProcess, addr + &H4C, bbChar.y, 4, 0&
    '出战的是第几只珍兽 [[PetPBaseAddr]+5C]
    ReadProcessMemory hProcess, PetPnlBaseAddr, addr, 4, 0&
    ReadProcessMemory hProcess, addr + &H5C, bbPet.num, 4, 0&
    '珍兽数据 [[[PetBaseAddr]+45E34]+F0*i+j]
    ReadProcessMemory hProcess, PetDatBaseAddr, addr, 4, 0&
    ReadProcessMemory hProcess, addr + &H45E34, addr, 4, 0&
    ReadProcessMemory hProcess, addr + bbPet.num * &HF0 + &HC, bbPet.id, 4, 0&
    ReadProcessMemory hProcess, addr + bbPet.num * &HF0 + &H1C, ByVal bbPet.sz, 12, 0&
    ReadProcessMemory hProcess, addr + bbPet.num * &HF0 + &H34, bbPet.lvl, 4, 0&
    ReadProcessMemory hProcess, addr + bbPet.num * &HF0 + &H3C, bbPet.hp, 4, 0&
    ReadProcessMemory hProcess, addr + bbPet.num * &HF0 + &H40, bbPet.hpmax, 4, 0&
    ReadProcessMemory hProcess, addr + bbPet.num * &HF0 + &H4C, bbPet.happy, 4, 0&
    
    CloseHandle hProcess
End Sub

' 周围怪物基址
Public Sub GetMonster()
    Dim hProcess As Long, cnt As Long
    hProcess = OpenProcess(PROCESS_VM_READ, 0, dwProcessId)
    If hProcess = 0 Then Exit Sub
    '怪数组首地址 [MobBaseAddr]+7C
    '怪数组长度 [[MobBaseAddr] + 54]
    Dim lpBaseAddr As Long, addr As Long, ii As Long, buf As typMONSTERINFO
    lpBaseAddr = MobBaseAddr
    ReadProcessMemory hProcess, lpBaseAddr, lpBaseAddr, 4, 0&   '二级地址
    ReadProcessMemory hProcess, lpBaseAddr + &H54, cntMonster, 4, 0&   '数组的长度
    lpBaseAddr = lpBaseAddr + &H7C  '第一个元素
    cntMonster = cntMonster + 1 '长度可能有点问题
    For ii = 0 To cntMonster - 1
        addr = lpBaseAddr + ii * &H40
        ReadProcessMemory hProcess, addr + &H2C, buf.id, 4, 0&
        ReadProcessMemory hProcess, addr, buf.x, 4, 0&
        ReadProcessMemory hProcess, addr + 8, buf.y, 4, 0&
        buf.sz = Space(12)
        ReadProcessMemory hProcess, addr + &H14, ByVal buf.sz, 12, 0&
        bbMonster(ii) = buf
    Next
    CloseHandle hProcess
End Sub

' 遍历ID二叉树
Public Sub GetObjectId()
    Dim hProcess As Long, ii As Long
    hProcess = OpenProcess(PROCESS_VM_READ, 0, dwProcessId)
    If hProcess = 0 Then Exit Sub
    'ID二叉树树根 [[[CharBaseAddr]+54+4]+4]
    Dim lpBaseAddr As Long, addr As Long, tntNode As typNODE
    ReadProcessMemory hProcess, CharBaseAddr, addr, 4, 0&
    ReadProcessMemory hProcess, addr + &H54 + &H4, addr, 4, 0&
    ReadProcessMemory hProcess, addr + &H4, addr, 4, 0&
    cntObjectId = 0
    Call VisitTNT(addr)
    CloseHandle hProcess
End Sub
Private Sub VisitTNT(root As Long)
    If cntObjectId > 256 Then Exit Sub
    
    Dim hProcess As Long, lng As Long
    hProcess = OpenProcess(PROCESS_VM_READ, 0, dwProcessId)
    If hProcess = 0 Then Exit Sub
    Dim node As typNODE
    Dim xOff As Long, zOff As Long, yOff As Long
    ReadProcessMemory hProcess, root + &H15, node.flag, 1, 0&
    If node.flag = 0 Then
        '访问根结点
        ReadProcessMemory hProcess, root + &HC, node.id, 4, 0&
        ReadProcessMemory hProcess, root + &H8, node.lpRight, 4, 0&
        ReadProcessMemory hProcess, root + &H0, node.lpLeft, 4, 0&
        ReadProcessMemory hProcess, root + &H10, node.lpContent, 4, 0&
        If node.id > 0 Then
            '筛选
            bbObjectId(cntObjectId).id = node.id
            '类型
            ReadProcessMemory hProcess, node.lpContent, lng, 4, 0&
            bbObjectId(cntObjectId).cls = Hex(lng)
            '坐标
            Select Case lng
                Case &H5FC9B0, &H5FBC20 '包包
                    xOff = &H44: zOff = &H48: yOff = &H4C
                Case Else
                    xOff = &H5C: zOff = &H60: yOff = &H64
            End Select
            ReadProcessMemory hProcess, node.lpContent + xOff, bbObjectId(cntObjectId).x, 4, 0&
            ReadProcessMemory hProcess, node.lpContent + zOff, bbObjectId(cntObjectId).z, 4, 0&
            ReadProcessMemory hProcess, node.lpContent + yOff, bbObjectId(cntObjectId).y, 4, 0&
            cntObjectId = cntObjectId + 1
        End If
        '访问左子树
        'If node.lpLeft > 0 Then
        Call VisitTNT(node.lpLeft)
        '访问右子树
        'If node.lpRight > 0 Then
        Call VisitTNT(node.lpRight)
    End If
    CloseHandle hProcess
End Sub