📄 aionshoutdlg.cpp
字号:
}
// Global_i=0;
}
break;
case 2:
/* static DWORD dwProcessID;
dwProcessID = FindTarget( "Client.exe" );
if ( dwProcessID )
{
KillTimer(TIMER2);//停止定时器
RemoteLoadLibrary( dwProcessID, "DLL.dll" );
::AfxMessageBox("发现目标,DLL已注入目标进程。");
}*/
break;
}
CDialog::OnTimer(nIDEvent);
}
//设置static text的颜色
HBRUSH CAIONShoutDlg::OnCtlColor(CDC* pDC, CWnd* pWnd, UINT nCtlColor)
{
HBRUSH hbr = CDialog::OnCtlColor(pDC, pWnd, nCtlColor);
if(m_MyStatic.m_hWnd == pWnd->m_hWnd)
{
// pDC->SetBkMode(TRANSPARENT);
// pDC->SetBkColor(RGB(0,255,0));//背景色
// pDC->SetTextColor(RGB (255,0,0));//文本颜色
pDC->SelectObject(&m_font);//字体,字号
return m_brush;
}
return hbr;
}
void CAIONShoutDlg::OnSetfocusEdit2()
{
// TODO: Add your control notification handler code here
CString str;
m_ContentCtr.GetWindowText(str);
m_ContentCtr.SetSel(0,str.GetLength());
}
void CAIONShoutDlg::KBCWait4IBE()
{
DWORD dwVal;
do
{
GetPortVal(KBC_KEY_CMD, &dwVal, 1);
}
while (dwVal & 0x2);
}
void CAIONShoutDlg::VxdKeyDown(UINT vKey)
{
UINT iScancode = MapVirtualKey(vKey, 0);
KBCWait4IBE();
SetPortVal(KBC_KEY_CMD, 0xD2, 1);
KBCWait4IBE();
SetPortVal(KBC_KEY_DATA, iScancode, 1);
}
void CAIONShoutDlg::VxdKeyUp(UINT vKey)
{
UINT iScancode = MapVirtualKey(vKey, 0);
KBCWait4IBE();
SetPortVal(KBC_KEY_CMD, 0xD2, 1);
KBCWait4IBE();
SetPortVal(KBC_KEY_DATA, iScancode | 0x80, 1);
}
void CAIONShoutDlg::VxdKeyHit(UINT vKey)
{
VxdKeyDown(vKey);
Sleep(10);
VxdKeyUp(vKey);
}
void CAIONShoutDlg::OnCancel()
{
// TODO: Add extra cleanup here
/* static DWORD dwProcessID;
dwProcessID = FindTarget( "Client.exe" );
if (dwProcessID )
{
if ( RemoteFreeLibrary( dwProcessID, "DLL.dll" ) )
{
// ::AfxMessageBox("DLL已从目标进程卸载。");
}
}
*/
ShutdownWinIo();
CDialog::OnCancel();
}
//HC_ACTION = 0
//回调函数是应用程序提供给Windows系统DLL或其它DLL调用的函数,
//一般用于截获消息、获取系统信息或处理异步事件
//简单说回调函数就是你所写的函数满足一定条件后,被DLL调用!
//回调函数非常适合在重复执行任务的情况下使用
//你需要做三件事:
// 1. 声明;
// 2. 定义;
// 3. 设置触发条件,
// 就是在你的函数中把你的回调函数名称转化为地址作为一个参数,
// 以便于DLL调用。
//回调函数必须遵守事先规定好的参数格式和传递方式,
//否则DLL一调用它就会引起程序或系统的崩溃。
//通常情况下,回调函数采用标准WindowsAPI的调用方式,即__stdcall
//if (peventmsg(lparam)^.message = WM_KEYDOWN) then //消息等于键盘按下
//"AION Client"为AION游戏的窗口标题
//hidewindow被屏蔽,每反应
void CAIONShoutDlg::OnShout()
{
// TODO: Add your control notification handler code here
HWND hWnd = this->m_hWnd;//**
UpdateData();//////
if( OpenClipboard() )
{
HGLOBAL clipbuffer;
char * buffer;
EmptyClipboard();
clipbuffer = GlobalAlloc(GMEM_DDESHARE, m_content.GetLength()+1);//m_content
buffer = (char*)GlobalLock(clipbuffer);
strcpy(buffer, LPCSTR(m_content));//m_content
GlobalUnlock(clipbuffer);
SetClipboardData(CF_TEXT,clipbuffer);
CloseClipboard();
}//读取喊话内容到剪贴板
::SetTimer(hWnd,TIMER1,1000*m_time,NULL);//m_time
ShowWindow(SW_HIDE);//彻底隐藏
}
void CAIONShoutDlg::OneKey(BYTE key, int mSeconds)
{
INPUT input[2];
memset(input,0,sizeof(input));
input[0].type=input[1].type=INPUT_KEYBOARD;
input[0].ki.wVk=input[1].ki.wVk=key;
input[1].ki.dwFlags = KEYEVENTF_KEYUP;
SendInput(2, input, sizeof(INPUT));
Sleep(mSeconds);
}
void CAIONShoutDlg::TwoKey(BYTE key1, BYTE key2, int mSeconds)
{
INPUT input[4];
memset(input,0,sizeof(input));
input[0].type=input[1].type=input[2].type=input[3].type=INPUT_KEYBOARD;
input[0].ki.wVk=input[3].ki.wVk=key1;
input[1].ki.wVk=input[2].ki.wVk=key2;
input[2].ki.dwFlags = input[3].ki.dwFlags = KEYEVENTF_KEYUP;
SendInput(4, input, sizeof(INPUT));
Sleep(mSeconds);
}
//RemoteInjectDll
DWORD CAIONShoutDlg::FindTarget( LPCTSTR lpszProcess )
{
DWORD dwRet = 0;
HANDLE hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof( PROCESSENTRY32 );
Process32First( hSnapshot, &pe32 );
do
{
if ( lstrcmpi( pe32.szExeFile, lpszProcess ) == 0 )
{
dwRet = pe32.th32ProcessID;
break;
}
} while ( Process32Next( hSnapshot, &pe32 ) );
CloseHandle( hSnapshot );
return dwRet;
}
BOOL CAIONShoutDlg::RemoteLoadLibrary( DWORD dwProcessID, LPCSTR lpszDll )
{
// 打开目标进程
HANDLE hProcess = OpenProcess( PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, dwProcessID );
// 向目标进程地址空间写入DLL名称
DWORD dwSize, dwWritten;
dwSize = lstrlenA( lpszDll ) + 1;
LPVOID lpBuf = VirtualAllocEx( hProcess, NULL, dwSize, MEM_COMMIT, PAGE_READWRITE );
if ( NULL == lpBuf )
{
CloseHandle( hProcess );
return FALSE;
}
if ( WriteProcessMemory( hProcess, lpBuf, (LPVOID)lpszDll, dwSize, &dwWritten ) )
{
// 要写入字节数与实际写入字节数不相等,仍属失败
if ( dwWritten != dwSize )
{
VirtualFreeEx( hProcess, lpBuf, dwSize, MEM_DECOMMIT );
CloseHandle( hProcess );
return FALSE;
}
}
else
{
CloseHandle( hProcess );
return FALSE;
}
// 使目标进程调用LoadLibrary,加载DLL
DWORD dwID;
LPVOID pFunc = LoadLibraryA;
HANDLE hThread = CreateRemoteThread( hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFunc, lpBuf, 0, &dwID );
// 等待LoadLibrary加载完毕
WaitForSingleObject( hThread, INFINITE );
// 释放目标进程中申请的空间
VirtualFreeEx( hProcess, lpBuf, dwSize, MEM_DECOMMIT );
CloseHandle( hThread );
CloseHandle( hProcess );
return TRUE;
}
BOOL CAIONShoutDlg::RemoteFreeLibrary( DWORD dwProcessID, LPCSTR lpszDll )
{
// 打开目标进程
HANDLE hProcess = OpenProcess( PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, dwProcessID );
// 向目标进程地址空间写入DLL名称
DWORD dwSize, dwWritten;
dwSize = lstrlenA( lpszDll ) + 1;
LPVOID lpBuf = VirtualAllocEx( hProcess, NULL, dwSize, MEM_COMMIT, PAGE_READWRITE );
if ( NULL == lpBuf )
{
CloseHandle( hProcess );
return FALSE;
}
if ( WriteProcessMemory( hProcess, lpBuf, (LPVOID)lpszDll, dwSize, &dwWritten ) )
{
// 要写入字节数与实际写入字节数不相等,仍属失败
if ( dwWritten != dwSize )
{
VirtualFreeEx( hProcess, lpBuf, dwSize, MEM_DECOMMIT );
CloseHandle( hProcess );
return FALSE;
}
}
else
{
CloseHandle( hProcess );
return FALSE;
}
// 使目标进程调用GetModuleHandle,获得DLL在目标进程中的句柄
DWORD dwHandle, dwID;
LPVOID pFunc = GetModuleHandleA;
HANDLE hThread = CreateRemoteThread( hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFunc, lpBuf, 0, &dwID );
// 等待GetModuleHandle运行完毕
WaitForSingleObject( hThread, INFINITE );
// 获得GetModuleHandle的返回值
GetExitCodeThread( hThread, &dwHandle );
// 释放目标进程中申请的空间
VirtualFreeEx( hProcess, lpBuf, dwSize, MEM_DECOMMIT );
CloseHandle( hThread );
// 使目标进程调用FreeLibrary,卸载DLL
pFunc = FreeLibrary;
hThread = CreateRemoteThread( hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFunc, (LPVOID)dwHandle, 0, &dwID );
// 等待FreeLibrary卸载完毕
WaitForSingleObject( hThread, INFINITE );
CloseHandle( hThread );
CloseHandle( hProcess );
return TRUE;
}
/*
int CAIONShoutDlg::MainDlgProc( HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam )
{
static DWORD dwProcessID;
switch ( uMsg )
{
case WM_INITDIALOG:
{
dwProcessID = 0;
::SendDlgItemMessage( hDlg, IDC_EDT_TARGET, EM_LIMITTEXT, MAX_PATH, 0 );
}
break;
case WM_COMMAND:
{
switch ( LOWORD( wParam ) )
{
case IDC_BTN_EXIT:
{
::EndDialog( hDlg, 0 );
}
break;
case IDC_BTN_INSERT:
{
TCHAR szTarget[MAX_PATH];
::GetDlgItemText( hDlg, IDC_EDT_TARGET, szTarget, MAX_PATH );
dwProcessID = FindTarget( szTarget );
if ( 0 == dwProcessID )
{
MsgInf("找不到目标进程。");
break;
}
if ( !RemoteLoadLibrary( dwProcessID, "DLL.dll" ) )
{
MsgInf("远程DLL加载失败。");
}
}
break;
case IDC_BTN_DETACH:
{
if ( 0 == dwProcessID )
{
MsgInf("找不到目标进程。");
break;
}
if ( !RemoteFreeLibrary( dwProcessID, "DLL.dll" ) )
{
MsgInf("远程DLL卸载失败。");
}
}
break;
}
}
break;
case WM_CLOSE:
{
::EndDialog( hDlg, 0 );
}
break;
}
return 0;
}
*/
/*
\n说明:\n 一、喊话时,最好不要开其它窗口;\n 二、本喊话工具支持游戏多开;\n 三、使用了虚拟键盘驱动,及进程隐藏技术。
*/⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -