📄 unitcall.pas
字号:
unit UnitCall;
interface
uses Classes,windows,Dialogs,SysUtils,consttype,Unit1;
type
FuncCall =class
procedure procPickup;
procedure UseItem(TargetID:cardinal);
procedure Attick(limit:integer);
procedure GetSkill(var skill:ATSkill);
//procedure Funcnum(idnum:integer);
procedure Init;
private
procedure EnumPack(pHandle:cardinal;PackFirst:dword;packNum:cardinal;var item:array of TPackItem);
procedure CheckHp(var MaxXue,DXue,Dlan:cardinal);
function CheckTarget:boolean;
function FilterItem(name:array of widechar):boolean;
end;
var
pHandle:cardinal;
implementation
var
coldTickCount,skillcoldTickCount: Longint;
procedure FuncCall.Init;
begin
coldTickCount:=0;
skillcoldTickCount:=0;
end;
//延时程序
procedure Delay(msecs: integer);
var
FirstTickCount: Longint;
begin
FirstTickCount := GetTickCount;
repeat
//Application.ProcessMessages();
sleep(1);
until ((GetTickCount - FirstTickCount) >= Longint(msecs));
end;
//过程注入函数
procedure InjectFunc(Func: Pointer; Param: Pointer; ParamSize: DWORD);
var
hProcess_N: THandle;
ThreadAdd, ParamAdd: Pointer;
hThread: THandle;
lpNumberOfBytes:DWORD;
aa,bb,num:cardinal;
begin
aa:=1181931;
bb:=1181812;
//proHandle:=OpenProcess(PROCESS_ALL_ACCESS,false,pid);
//writeProcessMemory(proHandle,pointer(base1),@aa, 4, Num);
//readProcessMemory(proHandle,pointer(base1),@bb, 4, Num);
//form1.Edit1.Text :=inttostr(bb);
//closeHandle(proHandle);
hProcess_N := OpenProcess(PROCESS_ALL_ACCESS, False, pid);
writeProcessMemory(hProcess_N,pointer(base1),@aa, 4, Num);//打开被注入的进程
ParamAdd := VirtualAllocEx(hProcess_N, nil, ParamSize, MEM_COMMIT, PAGE_READWRITE);//申请参数空间
ThreadAdd := VirtualAllocEx(hProcess_N, nil, 4096, MEM_COMMIT, PAGE_READWRITE);//申请函数空间
WriteProcessMemory(hProcess_N, ParamAdd, Param, ParamSize, lpNumberOfBytes); //写入参数地址
WriteProcessMemory(hProcess_N, ThreadAdd, Func, 4096, lpNumberOfBytes); //写入函数地址
hThread := CreateRemoteThread(hProcess_N, nil, 0, ThreadAdd, ParamAdd, 0, lpNumberOfBytes); //创建远程线程
WaitForSingleObject(hThread, INFINITE);//等待线程结束
VirtualFreeEx(hProcess_N, ThreadAdd, 4096, MEM_RELEASE);
VirtualFreeEx(hProcess_N, ParamAdd, ParamSize, MEM_RELEASE); //释放申请的地址
writeProcessMemory(hProcess_N,pointer(base1),@bb, 4, Num);
CloseHandle(hProcess_N); //关闭打开的句柄
closeHandle(hThread);
end;
{------------CALL方法}
//TAB选怪CALL
procedure FuncChoiceMonster;
var addr:pointer;
begin
Addr:=pointer($45f410);// 7.03更新
asm
pushad
mov eax,dword ptr ds:[$916B3C]
//push 1
mov eax,dword ptr ds:[eax+$1c]
mov eax,dword ptr ds:[eax+$28]
mov ecx, eax;
push 0
call Addr
popad
end;
end;
//普通攻击CALL
procedure FuncNomalAttick;
var
address:pointer;
begin
Address:=Pointer($5a7d40); //函数入口地址 7.3
asm
pushad
CALL Address
popad
end;
end;
//技能攻击
procedure FuncSkillAttick(i:pSkill);stdcall;
var
addr:pointer;
id:dword;
begin
id:=i^.id;
addr:=pointer($465ad0);//7.3
asm
pushad
push -1
push 0
push 0
push id //技能ID
mov ecx,DWORD PTR DS:[$916B3C]
mov edx,DWORD PTR DS:[ecx+$1c]
mov ecx,DWORD PTR DS:[edx+$28]
call addr
popad
end;
end;
//打坐CALL
procedure FuncSit;
var
address:pointer;
begin
Address:=Pointer($5a83c0);//7.3
asm
pushad
call Address
popad
end;
end;
//停止打坐CALL
procedure FuncStopSit;
var
address:pointer;
begin
Address:=Pointer($5A8380); //7.3
asm
pushad
call Address
popad
end;
end;
//拾取物品CALL
procedure FuncPickUp(pickUp:PPickUp);stdcall;
var
Address:pointer;
dw1,dw2:dword;
begin
Address:= Pointer($57da20);//7.3
dw1:=pickUp^.id;
dw2:=pickUp^.sysNum;
asm
pushad
mov ecx, dword ptr [$916B3C]
mov edx, dw1
push edx
mov ecx, dword ptr [ecx+$20]
mov eax, dw2
push eax
add ecx, $D4
call address
popad
end;
end;
//使用物品CALL
procedure FuncUseItem(temp:PPackItem);stdcall;
var
address:pointer;
dwid,dwwz:cardinal;
begin
address:=Pointer($57d850);//7.3
dwid:=temp^.id;
dwwz:=temp^.num;
asm
pushad
mov edx, dwid
mov eax, dwwz
push 1
push edx
push eax
push 0
mov esi,dword ptr [$916B3C]
mov esi,dword ptr [esi+$20]
lea ecx,dword ptr [esi+$D4]
call address
popad
end;
end;
//拾取物品过滤
function FuncCall.FilterItem(name:array of widechar):boolean;
var
i:integer;
begin
if length(itemFilter)>0 then
begin
for i:=0 to high(itemFilter) do
begin
if (pos(itemFilter[i].name,name)>0) then
begin
result:=true;
break;
end
else
begin
result:=false;
end;
end;
end
else
begin
result:=false;
end;
end;
////拾取物品
procedure FuncCall.procPickup;
var
pHandle:cardinal;
Item:TPickUp;
myPickUp:TPickUp;
itemNum:cardinal;
i:integer;
goodBaseT,goodBaseE,goodBase,nameAddr,num:cardinal;
BaseItem,BaseMan:dword;
manX,manY:single;
begin
pHandle:=OpenProcess(PROCESS_ALL_ACCESS,false,pid);
fillchar(item,sizeof(item),0);
ReadProcessMemory(pHandle,pointer(Base), @BaseMan, 4, Num);
ReadProcessMemory(pHandle,pointer(BaseMan+$28), @BaseMan, 4, Num);
ReadProcessMemory(pHandle,pointer(BaseMan +$3d8), @manX, 4, Num); //x
ReadProcessMemory(pHandle,pointer(BaseMan +$3e0), @manY, 4, Num); //y
ReadProcessMemory(pHandle,pointer(BASE), @BaseItem, 4, num);
ReadProcessMemory(pHandle,pointer(BaseItem+$8), @BaseItem, 4, num);
ReadProcessMemory(pHandle,pointer(BaseItem+$24), @BaseItem, 4, num); //地面物品基地址
ReadProcessMemory(pHandle,pointer(BaseItem+$14), @itemNum, 4, num); //地面物品数量
ReadProcessMemory(pHandle,pointer(BaseItem+$18), @goodBaseT, 4, num);
for i:=0 to 768 do
begin
ReadProcessMemory(pHandle,pointer(goodBaseT+(i*$4)), @goodBaseE, 4, num);
if goodBaseE>0 then
begin
ReadProcessMemory(pHandle,pointer(goodBaseE+($4)), @goodBase, 4, num);
ReadProcessMemory(pHandle,pointer(goodBase+($110)), @Item.id, 4, num); //物品ID
ReadProcessMemory(pHandle,pointer(goodBase+($10c)), @Item.SysNum, 4, num); //物品系统编号(拾取call有用)
ReadProcessMemory(pHandle,pointer(goodBase+($164)), @nameAddr, 4, num);
ReadProcessMemory(pHandle,pointer(nameAddr), @Item.name, 32, num);
ReadProcessMemory(pHandle,pointer(goodBase+($3C)), @item.itemX, 4, num); //物品坐标X
ReadProcessMemory(pHandle,pointer(goodBase+($44)), @item.itemY, 4, num); //物品坐标Y
if item.id<>0 then
begin
if sqr(Trunc(item.itemX)-Trunc(manX))+sqr(Trunc(item.itemY)-Trunc(manY))<sqr(10) then
begin
if not FilterItem(item.name) then
begin
myPickUp.id:=item.id;
myPickUp.sysNum:=item.sysNum;
InjectFunc(@FuncPickUp,@myPickUp,sizeof(myPickUp));
delay(300);
end;
end;
end;
end;
end;
//fillchar(Item,sizeof(item),0);
closeHandle(pHandle);
end;
//枚举包裹物品
procedure FuncCall.EnumPack(pHandle:cardinal;PackFirst:dword;packNum:cardinal;var item:array of TPackItem);
var
i:integer;
Pbase:dword;
v:cardinal;
begin
for i:=0 to packNum-1 do
begin
ReadProcessMemory(pHandle,pointer(PackFirst+i*$4), @Pbase, 4, v);
ReadProcessMemory(pHandle,pointer(Pbase+$8), @item[i].id, 4, v);
ReadProcessMemory(pHandle,pointer(Pbase+$14), @item[i].num, 4, v);
end;
end;
//使用物品
procedure FuncCall.UseItem(TargetID:cardinal);
var
pHandle:cardinal;
BasePack,PackFirst:dword;
packNum,num:cardinal;
i:integer;
item:array[0..96] of TPackItem;
useItem:TPackItem;
begin
pHandle:=OpenProcess(PROCESS_ALL_ACCESS,false,pid);
ReadProcessMemory(pHandle,pointer(BASE), @BasePack, 4, num);
ReadProcessMemory(pHandle,pointer(BasePack+$28), @BasePack, 4, num);
ReadProcessMemory(pHandle,pointer(BasePack+$87C), @BasePack, 4, num); //包裹基址
ReadProcessMemory(pHandle,pointer(BasePack+$c), @PackFirst, 4, num); //包裹首地址
ReadProcessMemory(pHandle,pointer(BasePack+$10), @packNum, 4, num); //包裹格数
//setlength(item,packNum);
fillchar(item,sizeof(item),0);
EnumPack(pHandle,PackFirst,packNum,item);
closeHandle(pHandle);
for i:=0 to packNum-1 do
begin
//outputdebugstring(pchar(inttostr(TargetID)));
if item[i].num>0 then
begin
if TargetID=item[i].id then
begin
fillchar(useItem,sizeof(useItem),0);
useItem.id:=item[i].id;
useItem.num:=i;
InjectFunc(@FuncUseItem,@useItem,sizeof(useItem));
break;
end;
end;
end;
end;
//check hp
procedure FuncCall.CheckHp(var MaxXue,DXue,Dlan:cardinal);
var
pHandle:cardinal;
BaseMan:dword;//人物基址
Num:cardinal;
begin
pHandle:=OpenProcess(PROCESS_ALL_ACCESS,false,pid);
ReadProcessMemory(pHandle,pointer(BASE),@BaseMan, 4, Num);//一级基址
ReadProcessMemory(pHandle,pointer(BaseMan + $28), @BaseMan, 4, Num);//人物基址
ReadProcessMemory(pHandle,pointer(BaseMan +$26c), @MaxXue, 4, Num);//最大血
ReadProcessMemory(pHandle,pointer(BaseMan +$254), @DXue, 4, Num);//当前血
ReadProcessMemory(pHandle,pointer(BaseMan +$258), @DLan, 4, Num);//当前蓝
closeHandle(pHandle);
end;
//检查目标
// result:= true 没有选中
// result:= false 选中
function FuncCall.CheckTarget:boolean;
var
pHandle:cardinal;
BaseMan:dword;//人物基址
Num:cardinal;
TargetID:cardinal;
begin
pHandle:=OpenProcess(PROCESS_ALL_ACCESS,false,pid);
ReadProcessMemory(pHandle,pointer(BASE),@BaseMan, 4, Num);//一级基址
ReadProcessMemory(pHandle,pointer(BaseMan + $28), @BaseMan, 4, Num);//人物基址
ReadProcessMemory(pHandle,pointer(BaseMan + $7C0), @TargetID, 4, Num); //目标ID
if TargetID = 0 then result:=true;
if TargetID<> 0 then result:=false;
closeHandle(pHandle);
end;
//打怪
procedure FuncCall.Attick(limit:integer);
var
MaxXue,DXue,DLan:cardinal; //血
sitdown:boolean;
skill:TSkill;
i:integer;
begin
CheckHp(MaxXue,DXue,DLan);
if (DXue>limit) then
begin
if Form1.fuzhu1.Checked
and (js>3000)
and (DLan>100) then
begin
skill.id:=skills[Form1.Com_fuzhu1.ItemIndex].id;
Delay(200);
InjectFunc(@FuncSkillAttick,@skill,sizeof(skill));
Delay(1500);
if Form1.fuzhu2.Checked
and (js>3000)
and (DLan>100) then
begin
skill.id:=skills[Form1.Com_fuzhu2.ItemIndex].id;
Delay(200);
InjectFunc(@FuncSkillAttick,@skill,sizeof(skill));
Delay(500);
end;
js:=0;
end;
if CheckTarget then
begin
Delay(200);
InjectFunc(@FuncChoiceMonster,@pid,1);
end;
Delay(200);
if not CheckTarget then
begin
if Form1.CheckBox_useSkill.Checked then //技能攻击
begin
skill.id:=skills[Form1.ComboBox_skill.ItemIndex].id;
Delay(200);
InjectFunc(@FuncSkillAttick,@skill,sizeof(skill));
Delay(200);
Delay(200);
Delay(200);
Delay(200);
Delay(200);
end;
InjectFunc(@FuncNomalAttick,@pid,1);
Delay(200);
end;
while not CheckTarget do
begin
InjectFunc(@FuncNomalAttick,@pid,1);
Delay(1000);
end;
Delay(100);
procPickUp;
Delay(100);
CheckHp(MaxXue,DXue,DLan);
if Form1.CheckBox_SkillAdd.Checked //技能加血
and(DXue<strtoint(Form1.Edit_skilladdlimit.Text))
and ((GetTickCount - skillcoldTickCount) >= Longint(strtoint(Form1.Edit_SkillAddDelay.Text)*1000)) then
begin
skill.id:=skills[Form1.ComboBox_skilladd.ItemIndex].id;
Delay(200);
InjectFunc(@FuncSkillAttick,@skill,sizeof(skill));
skillcoldTickCount:=GetTickCount;
end;
end
else if DXue<>MaxXue then
begin
InjectFunc(@FuncSit,@pid,1);
sitdown:=true;
while sitdown do
begin
Delay(100);
CheckHp(MaxXue,DXue,DLan);
if DXue=MaxXue then
begin
sitdown:=false;
InjectFunc(@FuncStopSit,@pid,1);
end;
end;
end;
end;
//获得技能
procedure FuncCall.GetSkill(var skill:ATSkill);
var
pHandle:cardinal;
BaseMan,skillBase,skillFirst:dword;//人物基址
Num:cardinal;
i,skillNum:integer;
begin
pHandle:=OpenProcess(PROCESS_ALL_ACCESS,false,pid);
ReadProcessMemory(pHandle,pointer(BASE),@BaseMan, 4, Num);//一级基址
ReadProcessMemory(pHandle,pointer(BaseMan + $28), @BaseMan, 4, Num);//人物基址
ReadProcessMemory(pHandle,pointer(BaseMan + $918), @skillNum, 4, Num);//技能数
ReadProcessMemory(pHandle,pointer(BaseMan + $914), @skillBase, 4, Num);//技能首地址
setlength(skill,skillNum);
for i:=0 to skillNum-1 do
begin
ReadProcessMemory(pHandle,pointer(skillBase + i*$4), @SkillFirst, 4, Num);
ReadProcessMemory(pHandle,pointer(SkillFirst + $8), @skill[i].id, 4, Num);
ReadProcessMemory(pHandle,pointer(SkillFirst + $4), @SkillFirst, 4, Num);
ReadProcessMemory(pHandle,pointer(SkillFirst + $4), @SkillFirst, 4, Num);
ReadProcessMemory(pHandle,pointer(SkillFirst + $6e), @SkillFirst, 4, Num);
ReadProcessMemory(pHandle,pointer(SkillFirst), @skill[i].name[0], 20, Num);
SkillFirst:=0;
end;
closehandle(pHandle);
end;
//procedure Funcnum(idnum:integer);stdcall;
///begin
//asm
// pushad
// mov eax,dword ptr ds:[$00910f4c]
// mov eax,dword ptr ds:[eax+$H28]
// mov eax,[eax+$H8d8]
// popad
//end;
//end;
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -