-
-
[原创]从来没人公开的秘密 -----D3D HOOK的捷径
-
发表于: 2014-6-28 22:46
-
D3D HOOK,google baidu 一大把的东西,要么是劫持的,要么是硬编码的,我介绍一种通吃各个系统DX版本的方法
分为EXE和DLL,DLL采用驱动注入,然后内存重载DLL并且抹PE标志。
EXE通过FileMap与游戏内存中的DLL通信,主要是通信一些D3D偏移
部分代码是内存的 所以只发关键 
表达有限 看不懂勿喷
EXE层: cpp
#ifndef _FINDDNF_H
#include <highgui.h>
#include <atlstr.h>
//#include "Find.h"
//#include "MyOcr.h"
//#include "GobalStruct.h"// MOMO 命令目标
#include <d3d9.h>
typedef struct _ImeMessage
{
bool IsSendIme;
char SendStr[102400];
LONG SendImeLenth;
}MyImeStr,*PMyImeStr;
typedef struct _FindPicdx
{
char FindPicDx_Path[1024];
int FindPic_simmin;
int FindPic_simmax;
int FindPic_x1;
int FindPic_x2;
int FindPic_y1;
int FindPic_y2;
int FindPic_RetX;
int FindPic_RetY;
int FindPic_Retsim;
}FindPicdx,*PFindPicdx;
typedef struct _SendKey
{
int HasDownKey;
bool IsSendKey;
BYTE SendGameDxKeyDate[0xed];
}SendKey,*PSendKey;
typedef struct _SendMouse
{
bool IsSendMouse;
int x;
int y;
}SendMouse,*PSendMouse;
typedef struct _KuoZan
{
bool IsHookGetSelfWindow;
bool IsHookGetCurSor;
}Kuozan,*Pkuozan;
typedef struct _MyDic
{
char Dic1Path[256];
char Dic2Path[256];
bool IsloadOk;
}MyDic,*PMyDic;
typedef struct _MyShowDic
{
char Strname[256];
int DicIndex;
bool IsshowDic;
}MyShowDic,*PMyShowDic;
/*
BSTR MOMO::FindStrII(
LONG Index,
LONG DicIndex
,LONG X1,
LONG Y1,
LONG X2,LONG Y2,
LPCTSTR StrName,
LPCTSTR ColorStr,
VARIANT* FindCout)
*/
typedef struct _MyFindDxStr
{
int DicIndex;
int X1;
int Y1;
int X2;
int Y2;
char StrnameS[256];
char Colors[256];
int RetFindHows;//返回的数据,找到多少字
char RetStr[1024];
bool IsFindOk;
}MyFindDxStr,*PMyFindDxStr;
typedef struct _Test_XY
{
int X;
int Y;
bool IsOk;
}TESTXY,*PTESTXY;
typedef struct _RENWU_GOTO_XY
{
int X;
int Y;
int Z;
}RENWU_GOTO_XY,*PRENWU_GOTO_XY;
typedef struct _Wupinsub
{
WCHAR Name[50];
int ShuLiang;
WCHAR LeiXingName1[50];
int Lv;
int ZhongLiang;
WCHAR ZhongLeiName[50];//魔法封印此处字符串是"1" 未启用 崩溃
int NaiJiu;//当前耐久
}Wupinsub,*PWupinsub;
typedef struct _WupinAll
{
Wupinsub JinBi_FuHuo[3];
Wupinsub KuaiJieLan[6];
Wupinsub ZhuangBeiLan[56];
Wupinsub XiaoHaoLan[56];
Wupinsub CaiLiaoLan[56];
Wupinsub RenWuLan[48];
}WupinAll,*PWupinAll;
typedef struct _SmallCangku
{
Wupinsub Cangku[6];
}SmallCangku,*PSmallCangku;
typedef struct _CurZhuangBei
{
Wupinsub Wuqi;
Wupinsub ShangYi;
Wupinsub HuJian;
Wupinsub XiaZhuang;
Wupinsub XieZi;
Wupinsub YaoDai;
Wupinsub HuWan;
Wupinsub JieZhi ;
Wupinsub XiangLian;
}CurZhuangBei,*PCurZhuangBei;
typedef struct _GetLv_Name_Info
{
int Level;
WCHAR Name[200];
int Pilao;
int CurFuzhong;
int MaxFuzhong;
}GetLv_Name_Info;
typedef struct _XiGuai_GOTO_XY
{
int X;
int Y;
}XiGuai_GOTO_XY,*PXiGuai_GOTO_XY;
typedef struct _3S
{
int BIG;
int SMALL;
}SSS3,*P3S;
typedef struct _ZhiYe
{
BOOL IsGetZhiYe;
WCHAR Zhiye[256];
}ZhiYe,*PZhiYe;
typedef struct _DATA_TO_DX
{
int Bind_moshi;
int Bind_moshi_KEY;
bool NeedWait;
bool iscpu;
int cpu_sleepTime;
bool IsScreen;
char ScreenPath[1024];
HWND thisWindow;
HWND MYWINDOWS;
bool IsFindPic_QuanPing;
char FindPci_Path[1024];
bool Begin_CF;
DWORD D3D_44;//SetTransform偏移量
DWORD D3D_17;//Present偏移量
DWORD D3D_81;
DWORD D3D_82;//DrawIndexedPrimitive偏移量
DWORD D3D_65;//DrawIndexedPrimitive偏移量
bool Is_Bind2_ok;
bool Is_Bind1_ok;
bool Is_Bind_KEY1_ok;
bool IsScreenXY;
int x1;
int x2;
int y1;
int y2;
bool IS_FindPicDX;
FindPicdx findPicdx_struct;
bool IS_FindPicDX_XY;
FindPicdx findPicdx_xy_struct;
MyImeStr myImeMessage;
HWND ImeHwnd;
DWORD D3DKEY_9;
DWORD D3DKEY_10;
DWORD Unacquire_8;
DWORD SetCooperativeLevel_13;
SendKey DxKeyTogame;
SendMouse DxMouseTogame;
Kuozan SuperKuozan;
POINT MOUSE_MOVE_WINDOWS;
MyDic mydic;
MyShowDic myshowdic;
MyFindDxStr myDxStr;
BYTE ASM_CODE[1024];
int Asm_code_len;
TESTXY TestXY;
int GuaiwuShuliang;
int WUPUN_WULIANG;
BOOL ISXIGUAI;
BOOL ISXIWU;
RENWU_GOTO_XY RENWU_XY;
WupinAll GameBeiBao;
GetLv_Name_Info Name_Lv;
bool IsChuShou;
CurZhuangBei curzb;
bool IsXiuli;
bool Isadd_Liliang;
int liliang;
bool IsRetTili;
int Rettili;
int Tili;
int Lv;
bool IsGetName_Lv_Pilao;
bool IsGetJinbi;
int jinbi;
BOOL IsGetBeibao;
BOOL IsGetCurZhuangBei;
BOOL IsEndXiuLiMaiWu;
BOOL IsBeginXiuliMaiWu;
int XiuliMaiwuWat;
BOOL IsGetGuaiwuShuliang;
BOOL IsGetWupinShuLiang;
BOOL IsShunyibefor;
BOOL IsShunyi;
int Shunyi_Fangxiang;
BOOL IsSetXiGuaiFangXiang;
int XiGuaiFangXiang;
BOOL Is3S;
XiGuai_GOTO_XY Guai_add_xy;
BOOL ISGETFANGXIANG;
int RetGetFangXiang;
bool IsSet3s;
SSS3 sss;
bool IsAddDuli;
int Duli_Value;
bool IsAddJingShen;
int JingShen_Value;
bool IsAddZL;
int ZL_Value;
bool IsRuoGuai;
bool IsTest;
bool IsSY;
DWORD sdjz;
DWORD fx;
DWORD CallBase;
BOOL Is_GetCangku;
SmallCangku GameCanuku;
int PrintTest;
BOOL ISGOTOXY;
int XIGUAI_TYPE;//吸怪类型 1 排队 2移到怪物那
ZhiYe zhiye;
}DATA_TO_DX,*PDATA_TO_DX;
class MyMOMO
{
public:
MyMOMO();
~MyMOMO();
HANDLE File_Maping_HANDLE;
PDATA_TO_DX data; //绑定后就用它来更新控制数据
DATA_TO_DX NewData;//用来存放初始化的 不可以是指针哦
LPVOID FileMapDATA;
HWND Thehwnd;
DWORD Processid;
char FileName[1024];
bool IsBind;
LONG BindWindow(HWND hwnd,LONG BIND_MOSHI,LONG BIND_MOSHI_KEYBORD);
void SendTo_Game(DATA_TO_DX* data);
//MyFind myfind;
//MyOcr myocr[2];
//KeyArrayMap Keymap;
void GetWuPinArray();
void GetCurZhungbeiArray();
protected:
private:
};
class MOMO{
public:
MOMO();
//virtual ~MOMO();
MyMOMO momo1[1];
IplImage* imagelistWindow;
ULONG_PTR Bind_shuliang;
ULONG_PTR Bind_index;
LONG MOMO::Ready1(LONG Index,LONG Hwnd, char* show,char* Key_Bord,char* HELP);
LONG LoadDic(LONG Index, char* DicPath, LONG DicIndex);//由于DNF,所以只在前台加载字库,即本进程加载字库。
LONG ShowDic(LONG Index, LONG DicIndex, char* StrName);//把字库指定文字显示为图片
BOOL ScreenShot_DxForce(LPDIRECT3DDEVICE9 lpDevice, HWND hWnd, char* fileName);//DX前台截图 HWND=0
IplImage* GetFroceDxPic_Dnf(LPDIRECT3DDEVICE9 lpDevice,HWND hWnd);//DX前台获取图像 并返回图像那块内存
LONG FindStrOne_DNF(LONG Index, char* StrName,char* RGB_STR, int* RetX, int* RetY, LONG DicIndex);
LONG FindStrOne_DNF_XY(LONG Index, char* StrName,byte R,byte G,byte B, int X1,int Y1,int X2,int Y2,int* RetX, int* RetY, LONG DicIndex,CAtlString& SaveRet,int* FindCout);
LONG FindStr_DNF_XY_OCR(LONG Index,byte R,byte G,byte B, int X1,int Y1,int X2,int Y2,int* RetX, int* RetY, LONG DicIndex,CAtlString& SaveRet,int* FindCout);//ocr功能
LONG MOMO::FindStrOne_DNF_XY_YUZHIHUA(LONG Index, char* StrName,int Throw, int X1,int Y1,int X2,int Y2,int* RetX, int* RetY, LONG DicIndex,CAtlString& SaveRet,int* FindCout);
//////////////////////////////////////////////////////////////////////////
};
//////////////////////////////////////////////////////////////////////////
/************************************************************************/
/*
用于DNF找图写的功能函数, 通用
正在完善...
沫D
*/
/************************************************************************/
/************************************************************************/
/*
提供2张图片,第一张大,第二张小,然后载入内存查找。可直接屏幕查找
参数1:第一张图片的内存,
2:第二图片内存
3:返回找到的X
4:返回找到的Y
返回值:没找到返回0,找到返回1
测试连续查找3次耗时47毫秒
*/
/************************************************************************/
//使用系统截图键一次图,参数,截图保存的地方
bool KeyDownPrint_Screen(char* SavePicPath);
#define _FINDDNF_H
#endif
.H
#include "stdafx.h"
#include "FindDnf.h"
#include <highgui.h>
//#include "Find.h"
//#include "MyMouseKey.h"
//#include "ImeInject.h"
#include <fstream>
#include <d3d9.h>
#include <d3dx9.h>
#define DIRECTINPUT_VERSION 0x0800 //本来800 改700
#include <dinput.h>
//#include "OlsApi.h"
//#include "Cdmsoft1.h"
//#include "NTFUNCTION.h"
MyMOMO::~MyMOMO()
{
if (this->data!=NULL)
{
OutputDebugStringA("un reset");
UnmapViewOfFile(this->data);
}
}
MyMOMO::MyMOMO()
{ this->data=NULL;
NewData.Is_Bind2_ok=FALSE;
NewData.Is_Bind1_ok=FALSE;
NewData.Is_Bind_KEY1_ok=FALSE;
NewData.NeedWait=false;
NewData.iscpu=FALSE;
this->IsBind=FALSE;
this->NewData.cpu_sleepTime=0;
this->NewData.IsScreen=FALSE;
this->NewData.IsScreenXY=FALSE;
this->NewData.DxKeyTogame.IsSendKey=FALSE;
memset(&NewData.DxKeyTogame,0,sizeof(SendKey));
memset(&NewData.SuperKuozan,0,sizeof(Kuozan));
memset(&NewData.DxMouseTogame,0,sizeof(SendMouse));
memset(NewData.ScreenPath,0,1024);
memset(NewData.FindPci_Path,0,1024);
memset(NewData.findPicdx_struct.FindPicDx_Path,0,1024);
memset(NewData.findPicdx_xy_struct.FindPicDx_Path,0,1024);
memset(NewData.myImeMessage.SendStr,0,102400);
NewData.myImeMessage.IsSendIme=FALSE;
NewData.myImeMessage.SendImeLenth=0;
this->NewData.IsFindPic_QuanPing=FALSE;
this->NewData.Begin_CF=FALSE;
this->NewData.IS_FindPicDX=FALSE;
/*
this->NewData.IS_FindPicDX_XY=FALSE;
this->NewData.findPicdx_struct.FindPic_Retsim=-1;
this->NewData.findPicdx_struct.FindPic_x1=-1;
this->NewData.findPicdx_xy_struct.FindPic_simmax=-1;
*/
}
void MyMOMO::SendTo_Game(DATA_TO_DX* data)
{
/* memcpy(this->FileMapDATA,data,sizeof(DATA_TO_DX));*/
FlushViewOfFile(this->FileMapDATA,sizeof(DATA_TO_DX));
}
LPVOID GetClassVirtualFnAddress(LPVOID pthis,int Index) //Add 2010.8.6
{
LPVOID FnAddress;
*(int*)&FnAddress = *(int*)pthis; //lpvtable
*(int*)&FnAddress = *(int*)((int*)FnAddress + Index);
return FnAddress;
}
LPDIRECT3D9 g_pD3D = NULL; // Used to create the D3DDevice
LPDIRECT3DDEVICE9 g_pd3dDevice = NULL; // Our rendering device
HRESULT InitD3D1( HWND hWnd )
{
// Create the D3D object.
if( NULL == ( g_pD3D = Direct3DCreate9( D3D_SDK_VERSION ) ) )
return E_FAIL;
// Set up the structure used to create the D3DDevice
D3DPRESENT_PARAMETERS d3dpp;
ZeroMemory( &d3dpp, sizeof( d3dpp ) );
d3dpp.Windowed = TRUE;
d3dpp.SwapEffect = D3DSWAPEFFECT_DISCARD;
d3dpp.BackBufferFormat = D3DFMT_UNKNOWN;
// Create the D3DDevice
if( FAILED( g_pD3D->CreateDevice( D3DADAPTER_DEFAULT, D3DDEVTYPE_HAL, hWnd,
D3DCREATE_SOFTWARE_VERTEXPROCESSING,
&d3dpp, &g_pd3dDevice ) ) )
{
AfxMessageBox("CreateDevice erro");
return E_FAIL;
}
return S_OK;
}
LPDIRECTINPUT8 lpDirectInput; // DirectInput object
LPDIRECTINPUTDEVICE8 lpKeyboard=NULL; // DirectInput device
BOOL InitDInput(HWND hWnd)
{
HRESULT hr;
// 创建一个 DIRECTINPUT 对象
hr = DirectInput8Create(GetModuleHandle(NULL), DIRECTINPUT_VERSION, IID_IDirectInput8,(void**)&lpDirectInput,NULL);
//hr = DirectInputCreateA(GetModuleHandle(NULL), DIRECTINPUT_VERSION, &lpDirectInput, NULL);
if FAILED(hr)
{
OutputDebugStringA("\r\n\r\n初始化1失败");
// 失败
return FALSE;
}
// 创建一个 DIRECTINPUTDEVICE 界面
hr = lpDirectInput->CreateDevice(GUID_SysKeyboard, &lpKeyboard, NULL);
if FAILED(hr)
{
// 失败
OutputDebugStringA("\r\n\r\n初始化2失败");
return FALSE;
}
// 设定为通过一个 256 字节的数组返回查询状态值
hr = lpKeyboard->SetDataFormat(&c_dfDIKeyboard);
if FAILED(hr)
{
// 失败
OutputDebugStringA("\r\n\r\n初始化3失败");
return FALSE;
}
// 设定协作模式
hr = lpKeyboard->SetCooperativeLevel(hWnd, DISCL_NONEXCLUSIVE |DISCL_BACKGROUND );//DISCL_BACKGROUND后台
if FAILED(hr)
{
// 失败
OutputDebugStringA("\r\n\r\n初始化4失败");
return FALSE;
}
// 设定缓冲区大小
// 如果不设定,缓冲区大小默认值为 0,程序就只能按立即模式工作
// 如果要用缓冲模式工作,必须使缓冲区大小超过 0
DIPROPDWORD property;
property.diph.dwSize = sizeof(DIPROPDWORD);
property.diph.dwHeaderSize = sizeof(DIPROPHEADER);
property.diph.dwObj = 0;
property.diph.dwHow = DIPH_DEVICE;
property.dwData = 16;
hr = lpKeyboard->SetProperty(DIPROP_BUFFERSIZE, &property.diph);
if FAILED(hr)
{
OutputDebugStringA("\r\n\r\n初始化5失败");
// 失败
return FALSE;
}
hr = lpKeyboard->Acquire();
if FAILED(hr)
{
// 失败
OutputDebugStringA("\r\n\r\n初始化6失败");
return FALSE;
}
return TRUE;
}
LONG MyMOMO::BindWindow(HWND hwnd,LONG BIND_MOSHI,LONG BIND_MOSHI_KEYBORD)
{
//AfxMessageBox("0");
if (g_pd3dDevice==NULL)
{InitD3D1(::GetDesktopWindow());}
if (lpKeyboard==NULL)
{
InitDInput(::GetDesktopWindow());
}
//ImeInstallEx(NULL);
//AfxMessageBox("5");
this->NewData.Bind_moshi=BIND_MOSHI;
this->NewData.Bind_moshi_KEY=BIND_MOSHI_KEYBORD;
// TODO: 在此添加控件通知处理程序代码
//AfxMessageBox("1");
if(hwnd==NULL)
{
// AfxMessageBox("窗口不存在!");
return 0;
}
DWORD d3d9_adr=(DWORD)GetModuleHandleA("d3d9.dll");
DWORD d3d9KEYBORD_adr=(DWORD)GetModuleHandleA("DINPUT8.dll");
/*
if (g_pd3dDevice==NULL)
{InitD3D1(::GetDesktopWindow());}
if (lpKeyboard==NULL)
{
InitDInput(::GetDesktopWindow());
}*/
//g_pd3dDevice->SetTransform() //44
this->NewData.D3D_44=(DWORD)GetClassVirtualFnAddress(g_pd3dDevice,44)-d3d9_adr;
this->NewData.D3D_65=(DWORD)GetClassVirtualFnAddress(g_pd3dDevice,65)-d3d9_adr;
this->NewData.D3D_81=(DWORD)GetClassVirtualFnAddress(g_pd3dDevice,81)-d3d9_adr;
this->NewData.D3D_82=(DWORD)GetClassVirtualFnAddress(g_pd3dDevice,82)-d3d9_adr;
this->NewData.D3D_17=(DWORD)GetClassVirtualFnAddress(g_pd3dDevice,17)-d3d9_adr;
this->NewData.D3DKEY_9=(DWORD)GetClassVirtualFnAddress(lpKeyboard,9)-d3d9KEYBORD_adr;
this->NewData.D3DKEY_10=(DWORD)GetClassVirtualFnAddress(lpKeyboard,10)-d3d9KEYBORD_adr;
this->NewData.Unacquire_8=(DWORD)GetClassVirtualFnAddress(lpKeyboard,8)-d3d9KEYBORD_adr;
this->NewData.SetCooperativeLevel_13=(DWORD)GetClassVirtualFnAddress(lpKeyboard,13)-d3d9KEYBORD_adr;
char DEBUGOUT[256]={0};
sprintf(DEBUGOUT,"9号STATE地址偏移:%X , 10号DATA地址偏移:%X,input模块地址:%X",this->NewData.D3DKEY_9,this->NewData.D3DKEY_10,d3d9KEYBORD_adr);
Thehwnd=hwnd;
GetWindowThreadProcessId(hwnd,&Processid);
char Des[1024]="C:\\";
char pid_str[1024]={0};
itoa(Processid,pid_str,10);
strcat(Des,pid_str);
strcat(Des,".YXP");
memset(FileName,0,1024);
memcpy(FileName,Des,1024);
using namespace std;
ofstream fin(Des,ios::binary);
HANDLE FileHandle;
ULONG_PTR FILESIZE;
BYTE* BUFER;
DWORD TEMP;
FileHandle=::CreateFileA(Des,GENERIC_READ|GENERIC_WRITE,FILE_SHARE_READ|FILE_SHARE_WRITE,0,OPEN_ALWAYS,FILE_ATTRIBUTE_SYSTEM,NULL);
if (FileHandle==(HANDLE)0 || FileHandle==(HANDLE)-1)
{
// AfxMessageBox("句柄不存在1");
return 0;
}
//::MessageBoxA(0,Des,Des,0);
this->File_Maping_HANDLE=::CreateFileMappingA(FileHandle,NULL,PAGE_READWRITE,0,0x800000,pid_str);//0x4000000 16M
while(this->File_Maping_HANDLE==(HANDLE)0 || this->File_Maping_HANDLE==(HANDLE)-1)
{
this->File_Maping_HANDLE=::CreateFileMappingA(FileHandle,NULL,PAGE_READWRITE,0,0x800000,pid_str);//0x4000000 16M
}
if (this->File_Maping_HANDLE==(HANDLE)0 || this->File_Maping_HANDLE==(HANDLE)-1)
{
DWORD dw=GetLastError();
char errostr[256]={0};
sprintf(errostr,"%d",dw);
AfxMessageBox(errostr);
CloseHandle(FileHandle);
// AfxMessageBox("句柄不存在2");
return 0;
}
this->NewData.thisWindow=hwnd;
this->NewData.Begin_CF=TRUE;
//Sleep(5000);
DWORD offset=0x4000000;//64的倍数
FileMapDATA=MapViewOfFile(this->File_Maping_HANDLE,FILE_MAP_ALL_ACCESS, 0, 0,0);
while(FileMapDATA==NULL)
{
FileMapDATA=MapViewOfFile(this->File_Maping_HANDLE,FILE_MAP_ALL_ACCESS, 0, 0,0);
}
if (FileMapDATA==NULL)
{
AfxMessageBox("erro map");
}
memcpy(FileMapDATA,&this->NewData,sizeof(DATA_TO_DX));
FlushViewOfFile(FileMapDATA,sizeof(DATA_TO_DX));
data=(PDATA_TO_DX)FileMapDATA;
// Sleep(1300);
CloseHandle(FileHandle);
/*
if (InputHandle != NULL)
{
//激活指定窗口输入法
::PostMessage(hWnd,WM_INPUTLANGCHANGEREQUEST,0x1,(LPARAM)InputHandle);
HWND mhWnd = NULL;
do
{
mhWnd = ::FindWindowExA(hWnd,mhWnd,NULL,NULL);
if (mhWnd != NULL)
{
::PostMessage(mhWnd,WM_INPUTLANGCHANGEREQUEST,0x1,(LPARAM)InputHandle);
}
} while (mhWnd != NULL);
//::PostMessage(hWnd,WM_INPUTLANGCHANGE,0x1,(LPARAM)InputHandle);
}
else
{
//句柄不存在,枚举输入法句柄,激活
HKL imehandle = EnumIme("沫、D输入法1.123","C:\\WINDOWS\\SYSTEM32\\1.ime");
if (imehandle != NULL)
{
::PostMessage(hWnd,WM_INPUTLANGCHANGEREQUEST,0x1,(LPARAM)imehandle);
HWND mhWnd = NULL;
do
{
mhWnd = ::FindWindowExA(hWnd,mhWnd,NULL,NULL);
if (mhWnd != NULL && mhWnd!=0)
{
::PostMessage(mhWnd,WM_INPUTLANGCHANGEREQUEST,0x1,(LPARAM)imehandle);
}
} while (mhWnd != NULL);
//::PostMessage(hWnd,WM_INPUTLANGCHANGE,0x1,(LPARAM)InputHandle);
}
else
{
return FALSE;
}
}*/
//IMEActivEx(hwnd,this->data);
//Sleep(100);
if (this->data->Bind_moshi==1)
{
ULONG_PTR coutBind=0;
//::SendMessageA(hwnd,WM_USER+2345,0,0);
while (this->data->Is_Bind1_ok==FALSE)
{
Sleep(100);
// ::SendMessageA(hwnd,WM_USER+2345,0,0);
if (coutBind>50)
{
// AfxMessageBox("绑定失败!");
return 0;
break;
}
coutBind++;
}
this->IsBind=TRUE;
//AfxMessageBox("绑定模式1");
}
if (this->data->Bind_moshi==0)
{
this->IsBind=TRUE;
//AfxMessageBox("绑定模式1");
}
if (this->data->Bind_moshi==2)
{
ULONG_PTR coutBind=0;
while (this->data->Is_Bind2_ok==FALSE)
{
//::SendMessageA((HWND)hwnd,WM_USER+2345,0,0);
Sleep(100);
if (coutBind>250)//等待15秒绑定就认为超时 刚2秒 游戏还在初始化呢
{
// AfxMessageBox("绑定失败2!");
return 0;
break;
}
coutBind++;
}
this->IsBind=TRUE;
}
if (this->data->Bind_moshi_KEY==1)
{
ULONG_PTR coutBind=0;
while (this->data->Is_Bind_KEY1_ok==FALSE)
{
Sleep(100);
if (coutBind>50)
{
// AfxMessageBox("绑定键盘1失败!");
return 0;
break;
}
coutBind++;
}
}
//Sleep(1000);
return 1;
// momo1.data->Begin_CF=TRUE;
}
MOMO::MOMO()
{
/*
Bind_index=All_kehuduan;
All_kehuduan++;
tiquan(SE_DEBUG_NAME);
if (IsFirst)
{
//FreeResFile(IDR_IME1,"IME","C:\\WINDOWS\\SYSTEM32\\1.IME");
IsFirst=FALSE;
Sleep(1000);
}
AfxOleLockApp();*/
}
LONG MOMO::Ready1(LONG Index,LONG Hwnd, char* show,char* Key_Bord,char* HELP)
{
//momo1[Index]=new MyMOMO;
using namespace std;
string helpStr=HELP;
// AfxMessageBox("ok");
if (helpStr.find("防键鼠后台检测")!=helpStr.npos)
{
//AfxMessageBox("防键鼠后台检测");
momo1[Index].NewData.SuperKuozan.IsHookGetSelfWindow=TRUE;
}else{
momo1[Index].NewData.SuperKuozan.IsHookGetSelfWindow=FALSE;
}
if (helpStr.find("鼠标位置拦截")!=helpStr.npos)
{
//AfxMessageBox("鼠标位置拦截");
momo1[Index].NewData.SuperKuozan.IsHookGetCurSor=TRUE;
}else{
momo1[Index].NewData.SuperKuozan.IsHookGetCurSor=FALSE;
}
CAtlString strShow;
strShow=show;
LONG BindShow=-1;
LONG BindKey=-1;
if (strShow.Find("普通图色")!=-1)
{
//AfxMessageBox("普通");
BindShow=0;
}
if (strShow.Find("GDI后台图色")!=-1)
{
//AfxMessageBox("GDI后台");
BindShow=1;
}
if (strShow.Find("DX后台图色")!=-1)
{
//AfxMessageBox("DX后台");
BindShow=2;
}
//////////////////////////////////////////////////////////////////////////
strShow.Empty();
strShow=Key_Bord;
if (strShow.Find("DX1键盘")!=-1)
{
//AfxMessageBox("DX1");
BindKey=1;
}
if (strShow.Find("普通后台键盘")!=-1)
{
//AfxMessageBox("普通后台键盘");
BindKey=0;
}
if ( momo1[Index].BindWindow((HWND)Hwnd,BindShow,BindKey)==0)
{
return 0;
}
return 1;
}
LONG MOMO::LoadDic(LONG Index, char* DicPath, LONG DicIndex)
{
if (strlen(DicPath)<1)
{
return -1;
}
if (DicIndex>1 || DicIndex<0)
{
return -2;
}
return 0;
}
LONG MOMO::ShowDic(LONG Index, LONG DicIndex, char* StrName)//把字库指定文字显示为图片
{
AFX_MANAGE_STATE(AfxGetStaticModuleState());
if (DicIndex>1 || DicIndex <0)
{
AfxMessageBox("仅支持2个字库 0号以及1号");
return 0;
}
return 1;
}
BOOL MOMO::ScreenShot_DxForce(LPDIRECT3DDEVICE9 lpDevice, HWND hWnd, char* fileName)
{
HRESULT hr;
return hr ;
}
IplImage* MOMO::GetFroceDxPic_Dnf(LPDIRECT3DDEVICE9 lpDevice,HWND hWnd)
{
return NULL ;
}
bool GetDnf_RECT(char* WindowName,LPRECT RetXY)
{
::GetWindowRect(::FindWindowA(NULL,WindowName),RetXY);
return TRUE;
}
void MyMOMO::GetWuPinArray()
{
data->IsGetBeibao=TRUE;
while(data->IsGetBeibao==TRUE)
{
OutputDebugStringA("\r\nGetWuPinArray");
Sleep(100);
}
}
void MyMOMO::GetCurZhungbeiArray()
{
::SendMessageA(Thehwnd,WM_USER+75741,1,1);
}
DLL:
#include <windows.h>
#include "MyOcr.h"
#include <d3d9.h>
#include <d3dx9tex.h>
#include "GameFun.h"
//
typedef struct _FindPicdx
{ char FindPicDx_Path[1024];
int FindPic_simmin;
int FindPic_simmax;
int FindPic_x1;
int FindPic_x2;
int FindPic_y1;
int FindPic_y2;
int FindPic_RetX;
int FindPic_RetY;
int FindPic_Retsim;
}FindPicdx,*PFindPicdx;
typedef struct _ImeMessage
{
bool IsSendIme;
char SendStr[102400];
LONG SendImeLenth;
}MyImeStr,*PMyImeStr;
typedef struct _SendKey
{
int HasDownKey;
bool IsSendKey;
BYTE SendGameDxKeyDate[0xed];
}SendKey,*PSendKey;
typedef struct _SendMouse
{
bool IsSendMouse;
int x;
int y;
}SendMouse,*PSendMouse;
typedef struct _KuoZan
{
bool IsHookGetSelfWindow;
bool IsHookGetCurSor;
}Kuozan,*Pkuozan;
typedef struct _MyDic
{
char Dic1Path[256];
char Dic2Path[256];
bool IsloadOk;
}MyDic,*PMyDic;
typedef struct _MyShowDic
{
char Strname[256];
int DicIndex;
bool IsshowDic;
}MyShowDic,*PMyShowDic;
typedef struct _MyFindDxStr
{
int DicIndex;
int X1;
int Y1;
int X2;
int Y2;
char StrnameS[256];
char Colors[256];
int RetFindHows;//返回的数据,找到多少字
char RetStr[1024];
bool IsFindOk;
}MyFindDxStr,*PMyFindDxStr;
typedef struct _Test_XY
{
int X;
int Y;
bool IsOk;
}TESTXY,*PTESTXY;
typedef struct _RENWU_GOTO_XY
{
int X;
int Y;
int Z;
}RENWU_GOTO_XY,*PRENWU_GOTO_XY;
typedef struct _XiGuai_GOTO_XY
{
int X;
int Y;
}XiGuai_GOTO_XY,*PXiGuai_GOTO_XY;
typedef struct _3S
{
int BIG;
int SMALL;
}SSS3,*P3S;
typedef struct _ZhiYe
{
BOOL IsGetZhiYe;
WCHAR Zhiye[256];
}ZhiYe,*PZhiYe;
typedef struct _DATA_TO_DX
{
int Bind_moshi;
int Bind_moshi_KEY;
bool NeedWait;
bool iscpu;
int cpu_sleepTime;
bool IsScreen;
char ScreenPath[1024];
HWND thisWindow;
HWND MYWINDOWS;
bool IsFindPic_QuanPing;
char FindPci_Path[1024];
bool Begin_CF;
DWORD D3D_44;//SetTransform偏移量
DWORD D3D_17;//Present偏移量
DWORD D3D_81;
DWORD D3D_82;//DrawIndexedPrimitive偏移量
DWORD D3D_65;//DrawIndexedPrimitive偏移量
bool Is_Bind2_ok;
bool Is_Bind1_ok;
bool Is_Bind_KEY1_ok;
bool IsScreenXY;
int x1;
int x2;
int y1;
int y2;
bool IS_FindPicDX;
FindPicdx findPicdx_struct;
bool IS_FindPicDX_XY;
FindPicdx findPicdx_xy_struct;
MyImeStr myImeMessage;
HWND ImeHwnd;
DWORD D3DKEY_9;
DWORD D3DKEY_10;
DWORD Unacquire_8;
DWORD SetCooperativeLevel_13;
SendKey DxKeyTogame;
SendMouse DxMouseTogame;
Kuozan SuperKuozan;
POINT MOUSE_MOVE_WINDOWS;
MyDic mydic;
MyShowDic myshowdic;
MyFindDxStr myDxStr;
BYTE ASM_CODE[1024];
int Asm_code_len;
TESTXY TestXY;
int GuaiwuShuliang;
int WUPUN_WULIANG;
BOOL ISXIGUAI;
BOOL ISXIWU;
RENWU_GOTO_XY RENWU_XY;
WupinAll GameBeiBao;
GetLv_Name_Info Name_Lv;
bool IsChuShou;
CurZhuangBei curzb;
bool IsXiuli;
bool Isadd_Liliang;
int liliang;
bool IsRetTili;
int Rettili;
int Tili;
int Lv;
bool IsGetName_Lv_Pilao;
bool IsGetJinbi;
int jinbi;
BOOL IsGetBeibao;
BOOL IsGetCurZhuangBei;
BOOL IsEndXiuLiMaiWu;
BOOL IsBeginXiuliMaiWu;
int XiuliMaiwuWat;
BOOL IsGetGuaiwuShuliang;
BOOL IsGetWupinShuLiang;
BOOL IsShunyibefor;
BOOL IsShunyi;
int Shunyi_Fangxiang;
BOOL IsSetXiGuaiFangXiang;
int XiGuaiFangXiang;
BOOL Is3S;
XiGuai_GOTO_XY Guai_add_xy;
BOOL ISGETFANGXIANG;
int RetGetFangXiang;
bool IsSet3s;
SSS3 sss;
bool IsAddDuli;
int Duli_Value;
bool IsAddJingShen;
int JingShen_Value;
bool IsAddZL;
int ZL_Value;
bool IsRuoGuai;
bool IsTest;
bool IsSY;
DWORD sdjz;
DWORD fx;
DWORD CallBase;
BOOL Is_GetCangku;
SmallCangku GameCanuku;
int PrintTest;
BOOL ISGOTOXY;
int XIGUAI_TYPE;
ZhiYe zhiye;
}DATA_TO_DX,*PDATA_TO_DX;
typedef HRESULT( __stdcall*_SetCooperativeLevel)(LPVOID DEV, HWND,DWORD);
class DX_FUNC
{
public:
MyOcr myocr[2];
void Get_SendData();
PDATA_TO_DX DATA2;
LPDIRECT3DDEVICE9 GameDEV;
DX_FUNC();
void Scrren(LPDIRECT3DDEVICE9 dev,char* FilePath);
void SendTo_Game();
void SaveSuf_To_File();
int FindPic_QuanPing(LPDIRECT3DDEVICE9 dev,char* FilePath,int simMin,int simMax,int *RetX,int* RetY);
int FindPic_QuanPing_xy(LPDIRECT3DDEVICE9 dev,char* FilePath,int simMin,int simMax,int x1,int y1,int x2,int y2,int *RetX,int*RetY);
LPDIRECT3DSURFACE9 Suf;
bool IS_save_tofile;
DWORD SetClassVirtualFnAddress_1(LPVOID pthis,int Index,DWORD Newadr,DWORD* SaveOLD_ADR); //用序号取其这个函数的地址
char D3D9X_DLL_NAME[1024];
DWORD OrgD3DXSaveSurfaceToFileInMemory_adr;
void ScrrenXY(LPDIRECT3DDEVICE9 dev,char* FilePath,int x1,int y1,int x2,int y2);
bool IsCur();
int Test1(int DicIndex,char* COLOR,char* StrNameS,int X1,int Y1,int X2,int Y2,CAtlString& RetStr);
protected:
private:
};
void Hook_dx();
void Hook_dx1();
bool IsCur();
.h
#include "HOOK_DX.h"
#include <d3d9.h>
#include <d3dx9tex.h>
#include <fstream>
#include "MyEat.h"
#ifndef MEM_H
#define MEM_H
#include "MemLoadDll.h"
#endif
#include "MyInlineHook.h"
#include "hook_d3d3x_.h"
#include <highgui.h>
#include "CvvImage.h"
#include "Find.h"
#include <dinput.h>
#include "User32_Hook.h"
#include "MyBmp.h"
#include "HextoBinary.h"
#include "DNF_CODE.h"
#include <atlstr.h>
#include <Mmsystem.h>
#include <winbase.h>
#include "GameFun.h"
#include "HookSystemCall.h"
#include "Common.h"
#include <Shlwapi.h>
//#include "TestLib.h"
#include "NTFUNCTION.h"
MyGame* Gamefu=NULL;
//#include <dinput.h>
CMemLoadDll* RELOAD2=NULL;
char* BUFER;
typedef void ( __stdcall* _MyDllInit)();
typedef void ( __stdcall* _My_CALL)(int nRoleAdd,int shanghai,int nCode,int MaxNum);
typedef void ( __stdcall* _My3s)(ULONG sssBaseAddr,int sssVar);
_MyDllInit MyDllInit=NULL;
_My_CALL My_CALL =NULL;
_My3s My3s1=NULL;
DWORD JIA_D3D9_82=0;
int cout_test=0;
LPDIRECT3D9 g_pD3D = NULL; // Used to create the D3DDevice
LPDIRECT3DDEVICE9 g_pd3dDevice = NULL; // Our rendering device
bool isFree=FALSE;
DX_FUNC Game_dx;
DATA_TO_DX my_dx_data;
bool Is_XiWU=FALSE;
bool Is_XiGuai=FALSE;
bool Is_END_XiGuai=TRUE;
LRESULT CALLBACK WindowProc( HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam );
void HookPrsent();
void HookDrawPrimitive();
WNDPROC OldWindowProc=0;
bool is_hook_user=FALSE;
time_t Begintime=0;
time_t EndTime;
BOOL Is_In=FALSE;
long __stdcall callback(_EXCEPTION_POINTERS* excp)
{
OutputDebugStringA("ERRO GAME 23");
Game_dx.DATA2->IsGetBeibao=FALSE;
Is_In=FALSE;
// return EXCEPTION_EXECUTE_HANDLER;//悄悄退出
return EXCEPTION_CONTINUE_EXECUTION;//继续执行
}
BOOL Type_xiguai=FALSE;
int Type_xiguai_4=0;
void SetGame()
{
SetUnhandledExceptionFilter(callback);
try{
if (Is_In==TRUE)
{
return;
}
Is_In=TRUE;
if (is_hook_user==FALSE)
{
}
if (Gamefu==NULL)
{
Gamefu=new MyGame;
}
if (Game_dx.DATA2!=NULL)
{
//设置绑定成功
PDATA_TO_DX DATA2=Game_dx.DATA2;
if (DATA2->Is_Bind1_ok==FALSE)
{
DATA2->Is_Bind1_ok=TRUE;
DATA2->Is_Bind2_ok=TRUE;
DATA2->Is_Bind_KEY1_ok=TRUE;
}
//////////////////////////////////////////////////////////////////////////
if (Game_dx.DATA2->IsGetName_Lv_Pilao==TRUE)//获取疲劳负重 名字
{
Gamefu->GetRenwu_Lv_Name(RenwuJizhi, Game_dx.DATA2->Name_Lv);
DWORD CurPilao=Gamefu->GetPiLao();
Game_dx.DATA2->Name_Lv.Pilao=CurPilao;
DWORD AllFuzhong=Gamefu->GetAllFuZhong();
Game_dx.DATA2->Name_Lv.MaxFuzhong=AllFuzhong;
DWORD CurFuzhong=Gamefu->GetFuZhong();
Game_dx.DATA2->Name_Lv.CurFuzhong=CurFuzhong;
Game_dx.DATA2->IsGetName_Lv_Pilao=FALSE;
Game_dx.SendTo_Game();
}
//////////////////////////////////////////////////////////////////////////
if (DATA2->IsGetJinbi==TRUE)//获取金币
{
DATA2->jinbi= Gamefu->GetJinBi(_BeiBaoJizhi);
DATA2->IsGetJinbi=FALSE;
}
//////////////////////////////////////////////////////////////////////////
//背包
if (Game_dx.DATA2->IsGetBeibao==TRUE)
{
OutputDebugStringA("get beibao gm");
Gamefu->GetBeiBaoToArray(_BeiBaoJizhi,&Game_dx.DATA2->GameBeiBao);
Game_dx.DATA2->IsGetBeibao=FALSE;
}
//仓库
if (Game_dx.DATA2->Is_GetCangku==TRUE)
{
OutputDebugStringA("get beibao gm");
Gamefu->GetCangKuToArray(_BeiBaoJizhi,&Game_dx.DATA2->GameCanuku);
Game_dx.DATA2->Is_GetCangku=FALSE;
}
//装备
if (Game_dx.DATA2->IsGetCurZhuangBei==TRUE)
{
Gamefu->GetCurZhuangBeiToArray(&Game_dx.DATA2->curzb);
DATA2->IsGetCurZhuangBei=FALSE;
}
//结束修理卖屋状态
if (DATA2->IsEndXiuLiMaiWu==TRUE)
{
OutputDebugStringA("gm endxiulimaiwu");
Gamefu->ChuShou(0);
Game_dx.DATA2->IsChuShou=FALSE;
Game_dx.DATA2->IsXiuli=FALSE;
DATA2->IsEndXiuLiMaiWu=FALSE;
}
//开启修理卖屋
if (DATA2->IsBeginXiuliMaiWu==TRUE)
{
DATA2->IsBeginXiuliMaiWu=FALSE;
Gamefu->ChuShou(DATA2->XiuliMaiwuWat);//开启出售或修理
if (DATA2->XiuliMaiwuWat==5)
{
Game_dx.DATA2->IsChuShou=TRUE;
}
if (DATA2->XiuliMaiwuWat==6)
{
Game_dx.DATA2->IsXiuli=TRUE;
}
}
//获取怪物数目
if (DATA2->IsGetGuaiwuShuliang==TRUE)
{
Game_dx.DATA2->GuaiwuShuliang=Gamefu->Get_GuaiWuShuLiang(0);
DATA2->IsGetGuaiwuShuliang=FALSE;
}
//获取地上物品数目
if (DATA2->IsGetWupinShuLiang==TRUE)
{
Game_dx.DATA2->WUPUN_WULIANG=Gamefu->Get_WuPinShuLiang(0);
DATA2->IsGetWupinShuLiang=FALSE;
}
//修改力量
if (DATA2->Isadd_Liliang==TRUE)
{
Gamefu->SetJiami_Hot_BeiGong_Liliang(Game_dx.DATA2->liliang);
if (Game_dx.DATA2->Tili!=0)
{
Gamefu->Add_TiLi(Game_dx.DATA2->Tili);
Gamefu->Add_JingShen(Game_dx.DATA2->Tili);
//Game_dx.DATA2->Tili=0;
}
/* if (Game_dx.DATA2->Lv!=0)
{
Gamefu->Add_Lv(Game_dx.DATA2->Lv);
Game_dx.DATA2->Lv=0;
}*/
Game_dx.DATA2->Isadd_Liliang=FALSE;
}
//SY
if (DATA2->IsSY==TRUE)
{
Gamefu->SY(DATA2->sdjz,DATA2->fx,DATA2->CallBase);
DATA2->IsSY=FALSE;
}
if (DATA2->IsShunyibefor==TRUE)
{
Gamefu->Xi_Men_Befor(DATA2->Shunyi_Fangxiang);
DATA2->IsShunyibefor=FALSE;
}
//瞬移后
if (DATA2->IsShunyi==TRUE)
{
Gamefu->Xi_Men(DATA2->Shunyi_Fangxiang);
DATA2->IsShunyi=FALSE;
}
//瞬移XY
if (DATA2->ISGOTOXY==TRUE)
{
Gamefu->Xi_Men_XY(DATA2->RENWU_XY.X,DATA2->RENWU_XY.Y,DATA2->RENWU_XY.Z);
DATA2->ISGOTOXY=FALSE;
}
//获取吸怪方向
if (DATA2->ISGETFANGXIANG==TRUE)
{
DATA2->RetGetFangXiang=Gamefu->GetFangXiang(Game_dx.DATA2->XiGuaiFangXiang);
DATA2->ISGETFANGXIANG=FALSE;
}
if (DATA2->IsSet3s==TRUE)
{
Gamefu->Set3S(DATA2->sss.BIG,DATA2->sss.SMALL);
DATA2->IsSet3s=FALSE;
}
if (DATA2->zhiye.IsGetZhiYe==TRUE)//获取职业
{
Gamefu->GetZhiye(DATA2->zhiye.Zhiye);
DATA2->zhiye.IsGetZhiYe=FALSE;
}
if (DATA2->IsTest==TRUE)
{
HMODULE M1=::GetModuleHandleA("123.DLL");
if (M1!=0)
{
FreeLibrary(M1);
}
::LoadLibraryA("123.dll");
DATA2->IsTest=FALSE;
}
}
//执行变量操作
if (Game_dx.DATA2!=NULL)
{
if (Game_dx.DATA2->IsRetTili==TRUE)
{
Game_dx.DATA2->Rettili=Gamefu->GetCurTili();
Game_dx.DATA2->IsRetTili=FALSE;
}
//OutputDebugStringA("!!!!!!!");
if (Game_dx.DATA2->ISXIGUAI==TRUE)
{
//Gamefu->Xi_GuaiWu(0);
if (Game_dx.DATA2->XIGUAI_TYPE==1)
{
Gamefu->Xi_GuaiWu_X_Y(Game_dx.DATA2->Guai_add_xy.X,Game_dx.DATA2->Guai_add_xy.Y);
}else if (Game_dx.DATA2->XIGUAI_TYPE==2)
{
Gamefu->Xi_GuaiWu_RENWU_XY(Game_dx.DATA2->Guai_add_xy.X,Game_dx.DATA2->Guai_add_xy.Y);
}else if (Game_dx.DATA2->XIGUAI_TYPE==3)
{
if (Type_xiguai==FALSE)
{
Gamefu->Xi_GuaiWu_RENWU_XY(Game_dx.DATA2->Guai_add_xy.X,Game_dx.DATA2->Guai_add_xy.Y);
Type_xiguai=TRUE;
}else{
Gamefu->Xi_GuaiWu_X_Y(Game_dx.DATA2->Guai_add_xy.X,Game_dx.DATA2->Guai_add_xy.Y);
Type_xiguai=FALSE;
}
}else if (Game_dx.DATA2->XIGUAI_TYPE==4)
{
if (Type_xiguai_4==0)
{
Gamefu->Xi_GuaiWu_X_Y(Game_dx.DATA2->Guai_add_xy.X,Game_dx.DATA2->Guai_add_xy.Y);
}else{
Gamefu->Xi_GuaiWu_RENWU_XY(Game_dx.DATA2->Guai_add_xy.X,Game_dx.DATA2->Guai_add_xy.Y);
}
Type_xiguai_4++;
if (Type_xiguai_4>8)
{
Type_xiguai_4=0;
}
}
}
if (Game_dx.DATA2->ISXIWU==TRUE)
{
// Is_XiWU=TRUE;
Gamefu->Xi_WU(0);
}
if (Game_dx.DATA2->IsChuShou==TRUE)
{
Gamefu->ChuShou(5);
}
if (Game_dx.DATA2->IsXiuli==TRUE)
{
Gamefu->ChuShou(6);
}
if (Game_dx.DATA2->IsSetXiGuaiFangXiang==TRUE)
{
extern int Xfangxiang;
Xfangxiang=Game_dx.DATA2->XiGuaiFangXiang;
Game_dx.DATA2->IsSetXiGuaiFangXiang=FALSE;
}
if (Game_dx.DATA2->IsAddDuli==TRUE)
{
Gamefu->Add_DuLi(Game_dx.DATA2->Duli_Value);
Game_dx.DATA2->IsAddDuli=FALSE;
}
if (Game_dx.DATA2->IsAddJingShen==TRUE)
{
Gamefu->Add_JingShen(Game_dx.DATA2->JingShen_Value);
Game_dx.DATA2->IsAddJingShen=FALSE;
}
if (Game_dx.DATA2->IsAddZL==TRUE)
{
Gamefu->Add_ZL(Game_dx.DATA2->ZL_Value);
Game_dx.DATA2->IsAddZL=FALSE;
}
if (Game_dx.DATA2->IsRuoGuai==TRUE)
{
Gamefu->Get_GuaiWuShuLiang_RG(0);
Game_dx.DATA2->IsRuoGuai=FALSE;
}
/*if (Game_dx.DATA2->Is3S==TRUE)
{
My3s1( 0x01F376B4,999999);
Game_dx.DATA2->Is3S=FALSE;
}*/
}
Is_In=FALSE;
return ;
}catch(...)
{
OutputDebugStringA("ERRO GAME");
Game_dx.DATA2->IsGetBeibao=FALSE;
Is_In=FALSE;
return;
}
}
#define _Out_
#define _In_
#define _In_opt_
typedef NTSTATUS (_stdcall*_ZwCreateFile)(
_Out_ PHANDLE FileHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
_In_opt_ PLARGE_INTEGER AllocationSize,
_In_ ULONG FileAttributes,
_In_ ULONG ShareAccess,
_In_ ULONG CreateDisposition,
_In_ ULONG CreateOptions,
_In_opt_ PVOID EaBuffer,
_In_ ULONG EaLength
);
_ZwCreateFile ZwCreateFile=NULL;
DWORD OldZwCreateFile;
#define STATUS_FILE_DELETED ((NTSTATUS)0xC0000123L)
NTSTATUS _stdcall MyZwCreateFile(
_Out_ PHANDLE FileHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
_In_opt_ PLARGE_INTEGER AllocationSize,
_In_ ULONG FileAttributes,
_In_ ULONG ShareAccess,
_In_ ULONG CreateDisposition,
_In_ ULONG CreateOptions,
_In_opt_ PVOID EaBuffer,
_In_ ULONG EaLength
)
{
if (isFree==FALSE)
{
HMODULE aa=GetModuleHandleA("爱冰的沫.DLL");
::FreeLibrary(GetModuleHandleA("爱冰的沫.DLL"));
isFree=TRUE;
}
if (is_hook_user==FALSE )
{
if (Game_dx.IsCur()==TRUE)
{
OutputDebugStringA("ok now");
Hook_dx();
HookPrsent();
//HookDrawPrimitive();
is_hook_user=TRUE;
}
}
// SetGame();
ZwCreateFile=(_ZwCreateFile)(OldZwCreateFile);
if (wcsstr(ObjectAttributes->ObjectName->Buffer,L"dnf.tlg")!=NULL ||wcsstr(ObjectAttributes->ObjectName->Buffer,L"dnf.cfg")!=NULL ||wcsstr(ObjectAttributes->ObjectName->Buffer,L"DNF.trc")!=NULL || wcsstr(ObjectAttributes->ObjectName->Buffer,L"abdm.sys")!=NULL || wcsstr(ObjectAttributes->ObjectName->Buffer,L"dxf")!=NULL || wcsstr(ObjectAttributes->ObjectName->Buffer,L"dm.dll")!=NULL || wcsstr(ObjectAttributes->ObjectName->Buffer,L"大漠")!=NULL )
{
//
*FileHandle=0;
return STATUS_FILE_DELETED;
}
if (wcsstr(ObjectAttributes->ObjectName->Buffer,L"PHYSICALDRIVE0")!=NULL )
{
*FileHandle=0;
return STATUS_FILE_DELETED;
}
if (wcsstr(ObjectAttributes->ObjectName->Buffer,L".tmp")!=NULL|wcsstr(ObjectAttributes->ObjectName->Buffer,L"{")!=NULL /*| || wcsstr(ObjectAttributes->ObjectName->Buffer,L".trc")!=NULL ||wcsstr(ObjectAttributes->ObjectName->Buffer,L".zip")!=NULL*/)
{
*FileHandle=0;
return STATUS_SUCCESS;
}
return ZwCreateFile(FileHandle,DesiredAccess,ObjectAttributes,IoStatusBlock,AllocationSize,FileAttributes,ShareAccess,CreateDisposition,CreateOptions,EaBuffer,EaLength);
}
typedef NTSTATUS (_stdcall* _ZwOpenFile)(OUT PHANDLE FileHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG ShareAccess,
IN ULONG OpenOptions
);
_ZwOpenFile OrgOpenFile=NULL;
HookSystemCall kihook32;
DWORD OldNtOpenFile;
NTSTATUS _stdcall MyZwOpenFile(OUT PHANDLE FileHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG ShareAccess,
IN ULONG OpenOptions
)
{
if (is_hook_user==FALSE )
{
if (Game_dx.IsCur()==TRUE)
{
OutputDebugStringA("ok now");
Hook_dx();
HookPrsent();
//HookDrawPrimitive();
is_hook_user=TRUE;
}
}
if (isFree==FALSE)
{
HMODULE aa=GetModuleHandleA("爱冰的沫.DLL");
::FreeLibrary(GetModuleHandleA("爱冰的沫.DLL"));
isFree=TRUE;
}
////OutputDebugStringA("游戏企图打开以下文件:");
////OutputDebugStringW(ObjectAttributes->ObjectName->Buffer);
////OutputDebugStringW(ObjectAttributes->ObjectName->Buffer);
OrgOpenFile=(_ZwOpenFile)(OldNtOpenFile);
if (wcsstr(ObjectAttributes->ObjectName->Buffer,L"dnf.cfg")!=NULL ||wcsstr(ObjectAttributes->ObjectName->Buffer,L"DNF.trc")!=NULL||wcsstr(ObjectAttributes->ObjectName->Buffer,L"abdm.sys")!=NULL || wcsstr(ObjectAttributes->ObjectName->Buffer,L"dxf")!=NULL || wcsstr(ObjectAttributes->ObjectName->Buffer,L"dm.dll")!=NULL || wcsstr(ObjectAttributes->ObjectName->Buffer,L"大漠")!=NULL ||wcsstr(ObjectAttributes->ObjectName->Buffer,L"dnf.tlg")!=NULL)
{
if (FileHandle!=NULL)
{
*FileHandle=0;
}
return STATUS_FILE_DELETED;
}
if (wcsstr(ObjectAttributes->ObjectName->Buffer,L".tmp")!=NULL ||wcsstr(ObjectAttributes->ObjectName->Buffer,L"{")!=NULL /*|| wcsstr(ObjectAttributes->ObjectName->Buffer,L".trc")!=NULL ||wcsstr(ObjectAttributes->ObjectName->Buffer,L".zip")!=NULL*/)
{
//
*FileHandle=0;
return STATUS_FILE_DELETED;
}
/*
if (wcsstr(ObjectAttributes->ObjectName->Buffer,L"dnf.cfg")!=NULL ||wcsstr(ObjectAttributes->ObjectName->Buffer,L"DNF.trc")!=NULL||wcsstr(ObjectAttributes->ObjectName->Buffer,L"abdm.sys")!=NULL || wcsstr(ObjectAttributes->ObjectName->Buffer,L"dxf")!=NULL || wcsstr(ObjectAttributes->ObjectName->Buffer,L"dm.dll")!=NULL || wcsstr(ObjectAttributes->ObjectName->Buffer,L"大漠")!=NULL ||wcsstr(ObjectAttributes->ObjectName->Buffer,L"dnf.tlg")!=NULL)
{
if (FileHandle!=NULL)
{
*FileHandle=0;
}
return STATUS_SUCCESS;
}else{
return OrgOpenFile(FileHandle,DesiredAccess,ObjectAttributes,IoStatusBlock,ShareAccess,OpenOptions);
}*/
return OrgOpenFile(FileHandle,DesiredAccess,ObjectAttributes,IoStatusBlock,ShareAccess,OpenOptions);
}
clock_t Begin=0;
clock_t end;
DWORD oldNtDeviceIoControlFileAdr=0;
typedef NTSTATUS (__stdcall* OrgNtDeviceIoControlFile)(
_In_ HANDLE FileHandle,
_In_ HANDLE Event,
_In_ PIO_APC_ROUTINE ApcRoutine,
_In_ PVOID ApcContext,
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
_In_ ULONG IoControlCode,
_In_ PVOID InputBuffer,
_In_ ULONG InputBufferLength,
_Out_ PVOID OutputBuffer,
_In_ ULONG OutputBufferLength
);
OrgNtDeviceIoControlFile OldNtDeviceIoControlFile;
NTSTATUS __stdcall MyNtDeviceIoControlFile(
_In_ HANDLE FileHandle,
_In_ HANDLE Event,
_In_ PIO_APC_ROUTINE ApcRoutine,
_In_ PVOID ApcContext,
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
_In_ ULONG IoControlCode,
_In_ PVOID InputBuffer,
_In_ ULONG InputBufferLength,
_Out_ PVOID OutputBuffer,
_In_ ULONG OutputBufferLength
)
{
end= clock();
if (end-Begin>100)
{
//OutputDebugStringA("in xxx");
Begin=end;
if (isFree==FALSE)
{
HMODULE aa=GetModuleHandleA("爱冰的沫.DLL");
::FreeLibrary(GetModuleHandleA("爱冰的沫.DLL"));
isFree=TRUE;
}
if (is_hook_user==FALSE )
{
if (Game_dx.IsCur()==TRUE)
{
Hook_dx();
HookPrsent();
//HookDrawPrimitive();
is_hook_user=TRUE;
}
}
SetGame();
}
OldNtDeviceIoControlFile=(OrgNtDeviceIoControlFile)oldNtDeviceIoControlFileAdr;
return OldNtDeviceIoControlFile(
FileHandle,
Event,
ApcRoutine,
ApcContext,
IoStatusBlock,
IoControlCode,
InputBuffer,
InputBufferLength,
OutputBuffer,
OutputBufferLength);
}
void Hook32()
{
OutputDebugStringA("hook Kifastcall 32");
kihook32.Initialization();
kihook32.InstallHook("NtOpenFile",(DWORD)MyZwOpenFile,&OldNtOpenFile);
kihook32.InstallHook("NtCreateFile",(DWORD)MyZwCreateFile,&OldZwCreateFile);
kihook32.InstallHook("NtDeviceIoControlFile",(DWORD)MyNtDeviceIoControlFile,&oldNtDeviceIoControlFileAdr);
}
//////////////////////////////////////////////////////////////////////////
DWORD OldCoCreateGuid_add5=0;
typedef HRESULT( __stdcall* OrgCoCreateGuid)(
GUID* pguid
);
__declspec(naked) HRESULT __stdcall TmpCoCreateGuid(
GUID* pguid
)
{
__asm{
nop
nop
nop
nop
nop
nop
nop
jmp OldCoCreateGuid_add5
}
}
unsigned long Data1=1;
unsigned short Data2=1;
unsigned short Data3=1;
unsigned char Data4[ 8 ];
HRESULT __stdcall MyCoCreateGuid(
GUID* pguid
)
{
OutputDebugStringA("old32");
GUID GI;
GI.Data1=Data1;
GI.Data2=Data2;
GI.Data3=Data3;
memcpy(GI.Data4,Data4,8);
Data1++;
Data2++;
Data3++;
(BYTE)Data4[0]++;
return S_OK;
HRESULT R1= TmpCoCreateGuid(pguid);
OutputDebugStringA((char*)pguid);
return R1;
}
void HookOle32()
{
BYTE ReSet[5]={0x8b,0xff,0x55,0x8b,0xec};
DWORD OldPro=0;
HMODULE m1=GetModuleHandleA("ole32.dll");
if (m1==NULL)
{
return ;
}
DWORD Pro1=(DWORD) ::GetProcAddress(m1,"CoCreateGuid");
VirtualProtect((BYTE*)Pro1,5,PAGE_EXECUTE_READWRITE,&OldPro);
VirtualProtect(TmpCoCreateGuid,5,PAGE_EXECUTE_READWRITE,&OldPro);
memcpy((BYTE*)Pro1,ReSet,5);
memcpy(TmpCoCreateGuid,(BYTE*)Pro1,5);
OldCoCreateGuid_add5=Pro1+5;
DWORD jmpcode=(DWORD)MyCoCreateGuid-Pro1-5;
*((BYTE*)Pro1)=0xe9;
*((DWORD*)(Pro1+1))=jmpcode;
}
//////////////////////////////////////////////////////////////////////////
DWORD OldGetLastInputInfo_add5=0;
typedef BOOL( __stdcall* OrgGetLastInputInfo)(
__out PLASTINPUTINFO plii
);
__declspec(naked) BOOL __stdcall TmpGetLastInputInfo(
__out PLASTINPUTINFO plii
)
{
__asm{
nop
nop
nop
nop
nop
nop
nop
jmp OldGetLastInputInfo_add5
}
}
BOOL __stdcall MyGetLastInputInfo(
__out PLASTINPUTINFO plii
)
{
plii->dwTime= (GetTickCount()-5000);
OutputDebugStringA("lastinput");
return TRUE;
}
void HookInputTime()
{
BYTE ReSet[5]={0x8b,0xff,0x55,0x8b,0xec};
DWORD OldPro=0;
HMODULE m1=GetModuleHandleA("user32.dll");
DWORD Pro1=(DWORD) ::GetProcAddress(m1,"GetLastInputInfo");
VirtualProtect((BYTE*)Pro1,5,PAGE_EXECUTE_READWRITE,&OldPro);
VirtualProtect(TmpGetLastInputInfo,5,PAGE_EXECUTE_READWRITE,&OldPro);
memcpy((BYTE*)Pro1,ReSet,5);
memcpy(TmpGetLastInputInfo,(BYTE*)Pro1,5);
OldGetLastInputInfo_add5=Pro1+5;
DWORD jmpcode=(DWORD)MyGetLastInputInfo-Pro1-5;
*((BYTE*)Pro1)=0xe9;
*((DWORD*)(Pro1+1))=jmpcode;
}
HKL EnumIme(char* InputName,char* FileName)
{
HKL *HKLList;
HKL Imehandle;
int StrCount=0,FileCount=0;
HKLList = NULL;
UINT uCount = GetKeyboardLayoutList(0, NULL);
if (0 != uCount)
{
HKLList = new HKL[uCount];
GetKeyboardLayoutList(uCount, HKLList);
//TRACE("GetKeyboardLayoutList OK!!\n");
}
else
{
int nErr = GetLastError();
// TRACE("Error is %d\n", nErr);
}
char strLayoutText[256];
char strFileText[256];
char InputString[256];
char InputFile[256];
for (UINT i = 0; i < uCount; i++)
{
//取得输入法名
StrCount = ImmGetDescriptionA(HKLList[i], strLayoutText, 256);
//InputString = &strLayoutText[StrCount];
strcpy(InputString,&strFileText[StrCount]);
if (InputString == InputName)
{
FileCount = ImmGetIMEFileName(HKLList[i], strFileText, 256);
strcpy(InputFile,&strFileText[FileCount]);
if (InputFile == FileName)
{
Imehandle = HKLList[i];
break;
}
}
}
delete[]HKLList;
return Imehandle;
}
//获得类虚拟成员函数指针
char Des[1024]="C:\\";
BOOL IsCur_Bool=FALSE;
void DX_FUNC::Get_SendData()
{
//OutputDebugStringA("Get_SendData");
DWORD PID=GetCurrentProcessId();
char* pid_str;
pid_str=new char[1024];
itoa(PID,pid_str,10);
HANDLE new2=OpenFileMappingA(FILE_MAP_ALL_ACCESS,0,pid_str);
if (new2==INVALID_HANDLE_VALUE)
{
//OutputDebugStringA("openfilemap erro");
}
DATA2=(PDATA_TO_DX)MapViewOfFile(new2,FILE_MAP_ALL_ACCESS, 0,0,0);
if (!DATA2)
{
//OutputDebugStringA("data2 is null!");
}
delete []pid_str;
}
char* C_PAN=NULL;
DWORD pid=0;
bool DX_FUNC::IsCur()
{
if (C_PAN==NULL)
{
C_PAN=new char[1024];
}
/*
char C_PAN[1024]="C:\\";
DWORD PID=GetCurrentProcessId();
char pid_str[1024]={0};
itoa(PID,pid_str,10);
strcat(C_PAN,pid_str);
strcat(C_PAN,".YXP");*/
if (pid==0)
{
pid=GetCurrentProcessId();
}
sprintf(C_PAN,"%s%d.YXP","C:\\",pid);
//
//OutputDebugStringA(C_PAN);
/*hFind = ::FindFirstFile(C_PAN, &FindFileData);
if (hFind == INVALID_HANDLE_VALUE && FindFileData.cFileName==NULL)
{
//OutputDebugStringA(C_PAN);
//OutputDebugStringA("-1");
return false;
} */
if(PathFileExists(C_PAN) ==FALSE )
{
return FALSE;
}
else
{
memcpy(Des,C_PAN,1024);
return true;
}
return 1;
}
LPVOID GetClassVirtualFnAddress(LPVOID pthis,int Index) //Add 2010.8.6
{
LPVOID FnAddress;
*(int*)&FnAddress = *(int*)pthis; //lpvtable
*(int*)&FnAddress = *(int*)((int*)FnAddress + Index);
return FnAddress;
}
DX_FUNC::DX_FUNC()
{
DATA2=NULL;
GameDEV=NULL;
IS_save_tofile=FALSE;
memset(this->D3D9X_DLL_NAME,0,1024);
}
void DX_FUNC::SendTo_Game()
{
//memcpy(this->DATA2,data,sizeof(DATA_TO_DX));
FlushViewOfFile(this->DATA2,sizeof(DATA_TO_DX));
}
DWORD DX_FUNC::SetClassVirtualFnAddress_1(LPVOID pthis,int Index,DWORD Newadr,DWORD* SaveOLD_ADR)
{
DWORD FnAddress;
DWORD index2=Index*4;
FnAddress = (DWORD)pthis; //lpvtable
__asm{
mov eax,dword ptr ds:[pthis]
mov eax,[eax]
add eax,index2
mov ebx, eax
mov FnAddress,ebx
}
*SaveOLD_ADR=*((DWORD*)FnAddress);
*((DWORD*)FnAddress)=Newadr;
return FnAddress;
}
DWORD RenWuJiZhi=0x1FB2A80;
DWORD HuoQuRenWuX()
{
//char outx[256]={0};
float RenWuX=*(float*)(( *(DWORD*)RenWuJiZhi)+400); //人物X
//sprintf(outx,"人物X坐标:%d",RenWuX);
////OutputDebugStringA((char*)outx);
return (DWORD)RenWuX;
}
DWORD HuoQuRenWuY()
{
//char outx[256]={0};
float RenWuY=*(float*)((*(DWORD*)RenWuJiZhi)+404); //人物Y
//sprintf(outx,"人物Y坐标:%d",RenWuY);
////OutputDebugStringA((char*)outx);
return (DWORD)RenWuY;
}
typedef struct _GuaiWu_XY
{
DWORD X;
DWORD Y;
}GuaiWu_XY,*PGuaiWu_XY;
GuaiWu_XY GWXY[256];//保存遍历的怪物坐标XY集合
int ZuobiaoShuliang=0;//保存怪物数量
int MinX=99999;
int MinY=99999;
int CurX;
int CurY;
void RenWu_X_Y()
{
CurX=0;
CurY=0;
//::MessageBoxA(0,"test","test",0);
char outx[256]={0};//定义一个输出缓冲区【outx】
float RenWuX=*(float*)(( *(DWORD*)RenWuJiZhi)+400); //人物X
float RenWuY=*(float*)((*(DWORD*)RenWuJiZhi)+404); //人物Y
sprintf(outx,"人物X: %d-------人物Y: %d",(DWORD)RenWuX,(DWORD)RenWuY);
//OutputDebugStringA((char*)outx);
DWORD RX=(DWORD)RenWuX;
DWORD RY=(DWORD)RenWuY;
Game_dx.DATA2->TestXY.X=RX;
Game_dx.DATA2->TestXY.Y=RY;
Game_dx.DATA2->TestXY.IsOk=TRUE;
}
void Do_Same()
{
memset(GWXY,0,sizeof(GuaiWu_XY)*256);
ZuobiaoShuliang=0;
//::MessageBoxA(0,"test","test",0);
char outx[256]={0};//定义一个输出缓冲区【outx】
if((DWORD*)RenWuJiZhi==NULL)//人物基址
{
return ;//人物基址为空则返回
}
int YIJiPianYi=*(int*)(*((int*)RenWuJiZhi)+0xB4);//一级偏移
if (YIJiPianYi==NULL)
{
return;//一级偏移为空则返回
}
int ErJiPianYi=*((int*)(YIJiPianYi+0xB0));//二级偏移
if (ErJiPianYi==NULL)
{
return;//二级偏移为空则返回
}
int SanJiPianYi=*((int*)(YIJiPianYi+0xB4));//三级偏移
if (SanJiPianYi==NULL)
{
return;//三级偏移为空则返回
}
int GuaiWuShuLiang=(SanJiPianYi-ErJiPianYi)/4;//怪物数量
//调试输出用===================================
sprintf(outx,"怪物数量:%d",GuaiWuShuLiang);
//OutputDebugStringA((char*)outx);
//调试输出用===================================
if (GuaiWuShuLiang>0)//怪物数量大于0则
{
ZuobiaoShuliang=0;
int DD=0;//偏移递增用
for (int X=0; X<GuaiWuShuLiang;X++)
{
//OutputDebugStringA("-----------BEGIN---------------");
if ((int*)(ErJiPianYi+DD)==NULL)
{
DD=DD+4;//递增4
//OutputDebugStringA("----------- 怪物基质为空跳出本次循环");
continue;//怪物基质为空跳出本次循环
}
int GuaiWuJiZhi= *((int*)(ErJiPianYi+DD));//怪物基址
DD=DD+4;//递增4
sprintf(outx,"怪物基址:%d",GuaiWuJiZhi);
//OutputDebugStringA((char*)outx);
int GuaiWuLeiXing= *((int*)(GuaiWuJiZhi+0x8c));//怪物类型【怪物基址的一级偏移】
sprintf(outx,"怪物类型:%d",GuaiWuLeiXing);
//OutputDebugStringA((char*)outx);
int GuaiWuZhenYing= *((int*)(GuaiWuJiZhi+0x74c));//怪物阵营【怪物基址的一级偏移】
sprintf(outx,"怪物阵营:%d",GuaiWuZhenYing);
//OutputDebugStringA((char*)outx);
if( 1/*GuaiWuLeiXing==33 && GuaiWuZhenYing==200*/)//条件
{
ZuobiaoShuliang++;
DWORD MenZuoBiaoX=(DWORD)*((float*)(GuaiWuJiZhi+400));//得到怪物X
DWORD MenZuoBiaoY=(DWORD)*((float*)(GuaiWuJiZhi+404));//得到怪物Y
sprintf(outx,"X: %d-------Y: %d",MenZuoBiaoX,MenZuoBiaoY);
//OutputDebugStringA((char*)outx);
GWXY[X].X=MenZuoBiaoX;
GWXY[X].Y=MenZuoBiaoY;
if ((DWORD*)(GuaiWuJiZhi+0x12E4)==NULL)//(0x12E4名字是偏移)
{
//OutputDebugStringA("----------- 名字地址为空跳出本次循环");
continue;//名字地址为空跳出本次循环
}
DWORD GuaiWuMingZi=*((DWORD*)(GuaiWuJiZhi+0x12E4));//(0x12E4名字是偏移)
LPCWSTR NAME=(LPCWSTR)GuaiWuMingZi;//转换地址为unicode得到名字
/* if (NAME== NULL)
{
continue;//名字为空跳出本次循环
}*/
if (lstrlenW(NAME)>20)
{
//OutputDebugStringA("----------- 溢出 返回!--------------------");
//OutputDebugStringA("溢出 返回!");
continue;
}
if (lstrlenW(NAME)==0)
{
//OutputDebugStringA("----------- 0 返回!--------------------");
//OutputDebugStringA("0 返回!");
continue;
}
//OutputDebugStringW(NAME);
//OutputDebugStringA("-----------END--------------------");
//if(wcsstr(NAME,L"门")!=NULL)//判断是否包含指定字符串
//{
// DWORD MenZuoBiaoX=(DWORD)*((float*)(GuaiWuJiZhi+400));//得到门X
// DWORD MenZuoBiaoY=(DWORD)*((float*)(GuaiWuJiZhi+404));//得到门Y
// sprintf(outx,"门X坐标:%f 门Y坐标:%f ",MenZuoBiaoX,MenZuoBiaoY);
////OutputDebugStringA(outx);
//CAtlStringW Tmp=NAME;
//Tmp.Replace(L"领主",NULL);//替换指定字符串
//
////获取下一个正确方向的门(读取文件之类)
//WCHAR* FangXiang=L"右侧门";
//
//if (Tmp.Find(FangXiang) !=-1)
//{
// __asm
// {
// mov eax,RenWuJiZhi
// mov ecx,dword ptr ss:[eax]
// mov edx,dword ptr ds:[ecx]
// push 0x0
// push MenZuoBiaoY
// push MenZuoBiaoX
// call dword ptr ds:[edx+0x9C]
// }
//}
//}
}
}
}
}
bool GetMen(int Param)
{
BOOL IsBoss=FALSE;
memset(GWXY,0,sizeof(GuaiWu_XY)*256);
ZuobiaoShuliang=0;
//::MessageBoxA(0,"test","test",0);
char outx[256]={0};//定义一个输出缓冲区【outx】
if((DWORD*)RenWuJiZhi==NULL)//人物基址
{
return 0;//人物基址为空则返回
}
int YIJiPianYi=*(int*)(*((int*)RenWuJiZhi)+0xB4);//一级偏移
if (YIJiPianYi==NULL)
{
return 0;//一级偏移为空则返回
}
int ErJiPianYi=*((int*)(YIJiPianYi+0xB0));//二级偏移
if (ErJiPianYi==NULL)
{
return 0;//二级偏移为空则返回
}
int SanJiPianYi=*((int*)(YIJiPianYi+0xB4));//三级偏移
if (SanJiPianYi==NULL)
{
return 0;//三级偏移为空则返回
}
int GuaiWuShuLiang=(SanJiPianYi-ErJiPianYi)/4;//怪物数量
//调试输出用===================================
sprintf(outx,"怪物数量:%d",GuaiWuShuLiang);
//OutputDebugStringA((char*)outx);
//调试输出用===================================
if (GuaiWuShuLiang>0)//怪物数量大于0则
{
ZuobiaoShuliang=0;
int DD=0;//偏移递增用
for (int X=0; X<GuaiWuShuLiang;X++)
{
if ((int*)(ErJiPianYi+DD)==NULL)
{
DD=DD+4;//递增4
continue;//怪物基质为空跳出本次循环
}
int GuaiWuJiZhi= *((int*)(ErJiPianYi+DD));//怪物基址
DD=DD+4;//递增4
sprintf(outx,"怪物基址:%d",GuaiWuJiZhi);
//OutputDebugStringA((char*)outx);
int GuaiWuLeiXing= *((int*)(GuaiWuJiZhi+0x8c));//怪物类型【怪物基址的一级偏移】
sprintf(outx,"怪物类型:%d",GuaiWuLeiXing);
//OutputDebugStringA((char*)outx);
int GuaiWuZhenYing= *((int*)(GuaiWuJiZhi+0x74c));//怪物阵营【怪物基址的一级偏移】
sprintf(outx,"怪物阵营:%d",GuaiWuZhenYing);
//OutputDebugStringA((char*)outx);
if(1/* GuaiWuLeiXing==33 && GuaiWuZhenYing==200*/)//条件
{
ZuobiaoShuliang++;
DWORD MenZuoBiaoX=(DWORD)*((float*)(GuaiWuJiZhi+400));//得到怪物X
DWORD MenZuoBiaoY=(DWORD)*((float*)(GuaiWuJiZhi+404));//得到怪物Y
sprintf(outx,"X: %d-------Y: %d",MenZuoBiaoX,MenZuoBiaoY);
//OutputDebugStringA((char*)outx);
GWXY[X].X=MenZuoBiaoX;
GWXY[X].Y=MenZuoBiaoY;
if ((DWORD*)(GuaiWuJiZhi+0x12E4)==NULL)//(0x12E4名字是偏移)
{
continue;//名字地址为空跳出本次循环
}
DWORD GuaiWuMingZi=*((DWORD*)(GuaiWuJiZhi+0x12E4));//(0x12E4名字是偏移)
LPCWSTR NAME=(LPCWSTR)GuaiWuMingZi;//转换地址为unicode得到名字
if (NAME== NULL)
{
continue;//名字为空跳出本次循环
}
if (lstrlenW(NAME)>20)
{
//OutputDebugStringA("溢出 返回!");
continue;
}
if (lstrlenW(NAME)==0)
{
//OutputDebugStringA("0 返回!");
continue;
}
//OutputDebugStringW(NAME);
if (Param==1)
{
if(wcsstr(NAME,L"领主")!=NULL)//判断是否包含指定字符串
{
Game_dx.DATA2->RENWU_XY.X=MenZuoBiaoX;
Game_dx.DATA2->RENWU_XY.Y=MenZuoBiaoY;
IsBoss=TRUE;
return 1;
}
if (IsBoss==FALSE)
{
if(wcsstr(NAME,L"左侧门")!=NULL)//判断是否包含指定字符串
{
Game_dx.DATA2->RENWU_XY.X=MenZuoBiaoX;
Game_dx.DATA2->RENWU_XY.Y=MenZuoBiaoY;
}
}
}
if (Param==2)
{
if(wcsstr(NAME,L"领主")!=NULL)//判断是否包含指定字符串
{
Game_dx.DATA2->RENWU_XY.X=MenZuoBiaoX;
Game_dx.DATA2->RENWU_XY.Y=MenZuoBiaoY;
IsBoss=TRUE;
return 1;
}
if (IsBoss==FALSE)
{
if(wcsstr(NAME,L"右侧门")!=NULL)//判断是否包含指定字符串
{
Game_dx.DATA2->RENWU_XY.X=MenZuoBiaoX;
Game_dx.DATA2->RENWU_XY.Y=MenZuoBiaoY;
}
}
}
if (Param==3)
{
if(wcsstr(NAME,L"领主")!=NULL)//判断是否包含指定字符串
{
Game_dx.DATA2->RENWU_XY.X=MenZuoBiaoX;
Game_dx.DATA2->RENWU_XY.Y=MenZuoBiaoY;
IsBoss=TRUE;
return 1;
}
if (IsBoss==FALSE)
{
if(wcsstr(NAME,L"上侧门")!=NULL)//判断是否包含指定字符串
{
Game_dx.DATA2->RENWU_XY.X=MenZuoBiaoX;
Game_dx.DATA2->RENWU_XY.Y=MenZuoBiaoY;
}
}
}
if (Param==4)
{
if(wcsstr(NAME,L"领主")!=NULL)//判断是否包含指定字符串
{
Game_dx.DATA2->RENWU_XY.X=MenZuoBiaoX;
Game_dx.DATA2->RENWU_XY.Y=MenZuoBiaoY;
IsBoss=TRUE;
return 1;
}
if (IsBoss==FALSE)
{
if(wcsstr(NAME,L"下侧门")!=NULL)//判断是否包含指定字符串
{
Game_dx.DATA2->RENWU_XY.X=MenZuoBiaoX;
Game_dx.DATA2->RENWU_XY.Y=MenZuoBiaoY;
}
}
}
// DWORD MenZuoBiaoX=(DWORD)*((float*)(GuaiWuJiZhi+400));//得到门X
// DWORD MenZuoBiaoY=(DWORD)*((float*)(GuaiWuJiZhi+404));//得到门Y
// sprintf(outx,"门X坐标:%f 门Y坐标:%f ",MenZuoBiaoX,MenZuoBiaoY);
////OutputDebugStringA(outx);
//CAtlStringW Tmp=NAME;
//Tmp.Replace(L"领主",NULL);//替换指定字符串
//
////获取下一个正确方向的门(读取文件之类)
//WCHAR* FangXiang=L"右侧门";
//
//if (Tmp.Find(FangXiang) !=-1)
//{
// __asm
// {
// mov eax,RenWuJiZhi
// mov ecx,dword ptr ss:[eax]
// mov edx,dword ptr ds:[ecx]
// push 0x0
// push MenZuoBiaoY
// push MenZuoBiaoX
// call dword ptr ds:[edx+0x9C]
// }
//}
//}
}
}
}
return 1;
}
void ShunTu( DWORD Faxiang)
{
DWORD shandian=0x01F335C8;
DWORD shandian_8=0x01F335C8-8;
__asm{
mov ecx,shandian_8//ShangDianJiZhi
mov ecx,[ecx]
mov ecx,[ecx+0x20A020]
mov ecx,[ecx+0x4c]
push -1
push -1
push -1
push 0
push 0
push 0x2062b210
push 0x0012eca0
push 0
mov eax,0x00A3F780//GuoTuJiZhi
call eax
}
}
extern bool Is_XiGuai;
extern bool Is_END_XiGuai;
// 临界区结构对象
CRITICAL_SECTION g_cs;
void XI_GUAI()
{// 进入临界区
if (Is_XiGuai==FALSE)
{
return ;
}
int g;
int test1=0;
if((DWORD*)RenWuJiZhi==NULL)
{
return ;//人物基址等于空则返回
}
int YIJiPianYi=*(int*)(*((int*)RenWuJiZhi)+0xB4);//一级偏移
if (YIJiPianYi==NULL)
{
return;//一级偏移等于空则返回
}
//调试输出用===================================
char outx[256]={0};
sprintf( (char*)outx,"a= %d renwu:0x%0.8x",YIJiPianYi,*((int*)RenWuJiZhi));
//OutputDebugStringA((char*)outx);
//调试输出用===================================
int ErJiPianYi=*((int*)(YIJiPianYi+0xB0));//二级偏移
int SanJiPianYi=*((int*)(YIJiPianYi+0xB4));//三级偏移
int GuaiWuShuLiang=(SanJiPianYi-ErJiPianYi)/4;//怪物数量
//调试输出用===================================
sprintf(outx,"怪物数量:%d",GuaiWuShuLiang);
//OutputDebugStringA((char*)outx);
//调试输出用===================================
if (GuaiWuShuLiang>0)
{
Is_XiGuai=FALSE;
int DD=0;//偏移递增用
for (int X=0; X<GuaiWuShuLiang;X++)
{
int GuaiWuJiZhi= *((int*)(ErJiPianYi+DD));//怪物基址
DD=DD+4;//递增4
if(GuaiWuJiZhi==NULL)
{
break;
}
sprintf(outx,"怪物基址:%d",GuaiWuJiZhi);
//OutputDebugStringA((char*)outx);
int GuaiWuLeiXing= *((int*)(GuaiWuJiZhi+0x8c));//怪物类型【怪物基址的一级偏移】
sprintf(outx,"怪物类型:%d",GuaiWuLeiXing);
//OutputDebugStringA((char*)outx);
int GuaiWuZhenYing= *((int*)(GuaiWuJiZhi+0x74c));//怪物阵营【怪物基址的一级偏移】
sprintf(outx,"怪物阵营:%d",GuaiWuZhenYing);
//OutputDebugStringA((char*)outx);
//GuaiWuLeiXing==289 && GuaiWuZhenYing==200物品
//(GuaiWuLeiXing==545 && GuaiWuZhenYing==100) 建筑物
//(GuaiWuLeiXing==1057 && GuaiWuZhenYing==200) 没用的石头装饰 会卡人
if( GuaiWuLeiXing==529 || /*(GuaiWuLeiXing==289 && GuaiWuZhenYing==200) || */ (GuaiWuLeiXing==545 && GuaiWuZhenYing==100) || (GuaiWuLeiXing==129 && GuaiWuZhenYing==0) || (GuaiWuLeiXing==100 && GuaiWuZhenYing==529)||(GuaiWuLeiXing==33 && GuaiWuZhenYing==100)||(GuaiWuLeiXing==273 && GuaiWuZhenYing==100) )
{
test1++;
/* if(test1>3)//只吸3个怪物
{
Is_XiGuai=TRUE;
return ;
}*/
DWORD RENWU_X=HuoQuRenWuX();
DWORD RENWU_Y=HuoQuRenWuY();
__asm
{
mov ecx,GuaiWuJiZhi
mov edx,dword ptr ds:[ecx]
push 0x0
push RENWU_Y
push RENWU_X
call dword ptr ds:[edx+0x9C]
}
}
}
}
Is_XiGuai=TRUE;
// 离开临界区
//Sleep(10);
}
extern bool Is_XiWU;
void XI_WU()
{// 进入临界区
if (Is_XiWU==FALSE)
{
return ;
}
int g;
int test1=0;
if((DWORD*)RenWuJiZhi==NULL)
{
return ;//人物基址等于空则返回
}
int YIJiPianYi=*(int*)(*((int*)RenWuJiZhi)+0xB4);//一级偏移
if (YIJiPianYi==NULL)
{
return;//一级偏移等于空则返回
}
/*
//调试输出用===================================
char outx[256]={0};
sprintf( (char*)outx,"a= %d renwu:0x%0.8x",YIJiPianYi,*((int*)RenWuJiZhi));
//OutputDebugStringA((char*)outx);*/
//调试输出用===================================
int ErJiPianYi=*((int*)(YIJiPianYi+0xB0));//二级偏移
int SanJiPianYi=*((int*)(YIJiPianYi+0xB4));//三级偏移
int GuaiWuShuLiang=(SanJiPianYi-ErJiPianYi)/4;//怪物数量
//调试输出用===================================
/*
sprintf(outx,"怪物数量:%d",GuaiWuShuLiang);
//OutputDebugStringA((char*)outx);*/
//调试输出用===================================
if (GuaiWuShuLiang>0)
{
Is_XiWU=FALSE;
int DD=0;//偏移递增用
for (int X=0; X<GuaiWuShuLiang;X++)
{
int GuaiWuJiZhi= *((int*)(ErJiPianYi+DD));//怪物基址
DD=DD+4;//递增4
if(GuaiWuJiZhi==NULL)
{
break;
}
/* sprintf(outx,"怪物基址:%d",GuaiWuJiZhi);
//OutputDebugStringA((char*)outx);*/
int GuaiWuLeiXing= *((int*)(GuaiWuJiZhi+0x8c));//怪物类型【怪物基址的一级偏移】
/* sprintf(outx,"怪物类型:%d",GuaiWuLeiXing);
//OutputDebugStringA((char*)outx);*/
int GuaiWuZhenYing= *((int*)(GuaiWuJiZhi+0x74c));//怪物阵营【怪物基址的一级偏移】
/*
sprintf(outx,"怪物阵营:%d",GuaiWuZhenYing);
//OutputDebugStringA((char*)outx);*/
//GuaiWuLeiXing==289 && GuaiWuZhenYing==200物品
//(GuaiWuLeiXing==545 && GuaiWuZhenYing==100) 建筑物
//(GuaiWuLeiXing==1057 && GuaiWuZhenYing==200) 没用的石头装饰 会卡人
if( (GuaiWuLeiXing==289/* && GuaiWuZhenYing==200*/) )
{
test1++;
DWORD RENWU_X=HuoQuRenWuX();
DWORD RENWU_Y=HuoQuRenWuY();
__asm
{
mov ecx,GuaiWuJiZhi
mov edx,dword ptr ds:[ecx]
push 0x0
push RENWU_Y
push RENWU_X
call dword ptr ds:[edx+0x9C]
}
}
}
}
Is_XiWU=TRUE;
// 离开临界区
//Sleep(10);
}
void XI_REN()
{
int g;
int test1=0;
if((DWORD*)RenWuJiZhi==NULL)
{
return ;//人物基址等于空则返回
}
DWORD X=Game_dx.DATA2->RENWU_XY.X;
DWORD Y=Game_dx.DATA2->RENWU_XY.Y;
DWORD RenwuJizhi_Er=*((DWORD*)RenWuJiZhi);
__asm
{
mov ecx,RenwuJizhi_Er
mov edx,dword ptr ds:[ecx]
push 0x0
push Y
push X
call dword ptr ds:[edx+0x9C]
}
}
int GET_GUAIWU_SHULIANG()
{
int g;
int test1=0;
if((DWORD*)RenWuJiZhi==NULL)
{
return 0;//人物基址等于空则返回
}
int YIJiPianYi=*(int*)(*((int*)RenWuJiZhi)+0xB4);//一级偏移
if (YIJiPianYi==NULL)
{
return 0;//一级偏移等于空则返回
}
int ErJiPianYi=*((int*)(YIJiPianYi+0xB0));//二级偏移
int SanJiPianYi=*((int*)(YIJiPianYi+0xB4));//三级偏移
int GuaiWuShuLiang=(SanJiPianYi-ErJiPianYi)/4;//怪物数量
if (GuaiWuShuLiang>0)
{
int DD=0;//偏移递增用
for (int X=0; X<GuaiWuShuLiang;X++)
{
int GuaiWuJiZhi= *((int*)(ErJiPianYi+DD));//怪物基址
DD=DD+4;//递增4
if(GuaiWuJiZhi==NULL)
{
break;
}
int GuaiWuLeiXing= *((int*)(GuaiWuJiZhi+0x8c));//怪物类型【怪物基址的一级偏移】
int GuaiWuZhenYing= *((int*)(GuaiWuJiZhi+0x74c));//怪物阵营【怪物基址的一级偏移】
//GuaiWuLeiXing==289 && GuaiWuZhenYing==200物品
//(GuaiWuLeiXing==545 && GuaiWuZhenYing==100) 建筑物
//(GuaiWuLeiXing==1057 && GuaiWuZhenYing==200) 没用的石头装饰 会卡人
//273 100 人偶
if( GuaiWuLeiXing==529 || /*(GuaiWuLeiXing==289 && GuaiWuZhenYing==200) || */ (GuaiWuLeiXing==545 && GuaiWuZhenYing==100) ||(GuaiWuLeiXing==273 && GuaiWuZhenYing==100) )
{
test1++;
}
}
}
return test1;
//Sleep(10);
}
int GET_WUPIN_SHULIANG()
{
int g;
int test1=0;
if((DWORD*)RenWuJiZhi==NULL)
{
return 0;//人物基址等于空则返回
}
int YIJiPianYi=*(int*)(*((int*)RenWuJiZhi)+0xB4);//一级偏移
if (YIJiPianYi==NULL)
{
return 0;//一级偏移等于空则返回
}
int ErJiPianYi=*((int*)(YIJiPianYi+0xB0));//二级偏移
int SanJiPianYi=*((int*)(YIJiPianYi+0xB4));//三级偏移
int GuaiWuShuLiang=(SanJiPianYi-ErJiPianYi)/4;//怪物数量
if (GuaiWuShuLiang>0)
{
int DD=0;//偏移递增用
for (int X=0; X<GuaiWuShuLiang;X++)
{
int GuaiWuJiZhi= *((int*)(ErJiPianYi+DD));//怪物基址
DD=DD+4;//递增4
if(GuaiWuJiZhi==NULL)
{
break;
}
int GuaiWuLeiXing= *((int*)(GuaiWuJiZhi+0x8c));//怪物类型【怪物基址的一级偏移】
int GuaiWuZhenYing= *((int*)(GuaiWuJiZhi+0x74c));//怪物阵营【怪物基址的一级偏移】
//GuaiWuLeiXing==289 && GuaiWuZhenYing==200物品
//(GuaiWuLeiXing==545 && GuaiWuZhenYing==100) 建筑物
//(GuaiWuLeiXing==1057 && GuaiWuZhenYing==200) 没用的石头装饰 会卡人
if( (GuaiWuLeiXing==289 && GuaiWuZhenYing==200) )
{
test1++;
}
}
}
return test1;
//Sleep(10);
}
char courStr[1024]={0};
BOOL ISNO_SHUAXIN=FALSE;
char* ImeStr;
HKL InputHandle =0;
int XIGuaiPinlv=0;
int CurTime=0;
bool Ishook=FALSE;
LRESULT CALLBACK WindowProc(
HWND hwnd,
UINT uMsg,
WPARAM wParam,
LPARAM lParam
)
{
/*
if (isFree==FALSE)
{
HMODULE aa=GetModuleHandleA("爱冰的沫.DLL");
::FreeLibrary(GetModuleHandleA("爱冰的沫.DLL"));
isFree=TRUE;
}*/
if (Gamefu==NULL)
{
Gamefu=new MyGame;
}
// OutputDebugStringA("NO");
//ShowCursor(TRUE);
if (uMsg==WM_KEYDOWN)
{
if (wParam==VK_NUMPAD0)
{
Gamefu->GetAllDataList_GuaiWu(0);
}
}
if (Game_dx.DATA2!=NULL)
{
//OutputDebugStringA("!!!!!!!");
if (Game_dx.DATA2->ISXIGUAI==TRUE)
{
Gamefu->Xi_GuaiWu(0);
}
if (Game_dx.DATA2->ISXIGUAI==FALSE)
{
Is_XiGuai=FALSE;
}
if (Game_dx.DATA2->ISXIWU==TRUE)
{
// Is_XiWU=TRUE;
Gamefu->Xi_WU(0);
}
if (Game_dx.DATA2->ISXIWU==FALSE)
{
Is_XiWU=FALSE;
}
if (Game_dx.DATA2->IsChuShou==TRUE)
{
Gamefu->ChuShou(5);
}
if (Game_dx.DATA2->IsXiuli==TRUE)
{
Gamefu->ChuShou(6);
}
}
if (uMsg==WM_USER+12121 )
{
if (lParam==0)
{
Gamefu->ChuShou(wParam);//开启出售或修理
if (wParam==5)
{
Game_dx.DATA2->IsChuShou=TRUE;
}
if (wParam==6)
{
Game_dx.DATA2->IsXiuli=TRUE;
}
return 1;
}
if (lParam==1)
{
Gamefu->ChuShou(0);
Game_dx.DATA2->IsChuShou=FALSE;
Game_dx.DATA2->IsXiuli=FALSE;
return 1;
}
}
if (uMsg==WM_USER+77777)
{
//OutputDebugStringA("!!!!!!!");
if (wParam==1)
{
//OutputDebugStringA("YES");
Is_XiGuai=TRUE;
Gamefu->Xi_GuaiWu(0);
}
if (wParam==2)
{
Is_XiGuai=FALSE;
}
}
if (uMsg==WM_USER+77778)//吸物
{
if (wParam==1)
{
Is_XiWU=TRUE;
}
if (wParam==2)
{
Is_XiWU=FALSE;
}
}
if (uMsg==WM_IME_COMPOSITION)
{
}
if(uMsg==WM_USER+1236)
{
//OutputDebugStringA("1236");
if(wParam==1)
{
if (Game_dx.DATA2->myImeMessage.IsSendIme==TRUE)
{
extern void SendSomething(HWND);
extern void SendSomething_himc(HIMC ,char* );
extern HWND uiHwnd;
extern HIMC THEHIMC;
ImeStr=new char[Game_dx.DATA2->myImeMessage.SendImeLenth];
memset(ImeStr,0,Game_dx.DATA2->myImeMessage.SendImeLenth);
strcpy(ImeStr,Game_dx.DATA2->myImeMessage.SendStr);
//OutputDebugStringA("HELLP");
HIMC myhIMC = ImmGetContext(hwnd);
SendSomething_himc(myhIMC,ImeStr);
Game_dx.DATA2->myImeMessage.IsSendIme=FALSE;
}
}
}
if(uMsg==WM_USER+2345)//检测发送过来的绑定检测消息 防止2次绑定失效
{
//OutputDebugStringA("2345");
Hook_dx();
}
if (uMsg==WM_USER+6789)//内存CALL
{
}
if (uMsg==WM_USER+67867)//测试出售功能 可删除
{
// Do_Same();
//OutputDebugStringA("chushou");
}
if (uMsg==WM_USER+6777)
{
/* RenWu_X_Y();
return 333;*/
}
if( uMsg==WM_USER+65432 )
{ //OutputDebugStringA("65432");
if(wParam==1)//得到怪物数量
{
Game_dx.DATA2->GuaiwuShuliang=Gamefu->Get_GuaiWuShuLiang(0);
return Game_dx.DATA2->GuaiwuShuliang;
}
if(wParam==3)//得到物品数量
{
Game_dx.DATA2->WUPUN_WULIANG=Gamefu->Get_WuPinShuLiang(0);
return Game_dx.DATA2->WUPUN_WULIANG;
}
if(wParam==4)//人物瞬移
{
//OutputDebugStringA("SHUN YI");
Gamefu->Xi_Men(lParam);
}
if(wParam==5)//人物瞬移
{
//OutputDebugStringA("SHUN YI");
Gamefu->Xi_Men_Befor(lParam);
}
if(wParam==6)//倍功
{
// MyCall(GetDnfPid(),RenwuJizhi,_ShangDianJiZhi,20035,2);
return Gamefu->SetJiami_Hot_BeiGong(lParam);
}
/* if(wParam==7)//修改力量
{
return Gamefu->SetJiami_Hot_BeiGong_Liliang(lParam);
}*/
if(Game_dx.DATA2->Isadd_Liliang==TRUE)
{
Gamefu->SetJiami_Hot_BeiGong_Liliang(Game_dx.DATA2->liliang);
Game_dx.DATA2->Isadd_Liliang=FALSE;
}
if (Game_dx.DATA2->IsRetTili==TRUE)
{
Game_dx.DATA2->Rettili=Gamefu->GetCurTili();
Game_dx.DATA2->IsRetTili=FALSE;
}
if (Game_dx.DATA2->Tili!=0)
{
Gamefu->Add_TiLi(Game_dx.DATA2->Tili);
Game_dx.DATA2->Tili=0;
}
if (Game_dx.DATA2->Lv!=0)
{
Gamefu->Add_Lv(Game_dx.DATA2->Lv);
Game_dx.DATA2->Lv=0;
}/*
if(wParam==8)//查血
{
return Gamefu->Add_Hp();
}
if(wParam==9)//加体力
{
return Gamefu->Add_TiLi(lParam);
}
if(wParam==10)//加等级
{
return Gamefu->Add_Lv(lParam);
}
if(wParam==11)//查体力
{
return Gamefu->GetCurTili();
}*/
return 0;
}
if (uMsg==WM_USER+89898 )
{
return GetMen(wParam);
}
if(uMsg==WM_USER+75741)
{
if(wParam==1)
{
if (lParam==0)//得到物品背吧列表
{
if(Game_dx.DATA2!=NULL)
{
Gamefu->GetBeiBaoToArray(_BeiBaoJizhi,&Game_dx.DATA2->GameBeiBao);
return 1;
}
}
if (lParam==1)
{
if(Game_dx.DATA2!=NULL)
{
Gamefu->GetCurZhuangBeiToArray(&Game_dx.DATA2->curzb);
return 1;
}
}
// Game_dx.Get_SendData();
}
if (wParam==2)
{
if (lParam==0)//得到角色等级和名字疲劳负重
{
Gamefu->GetRenwu_Lv_Name(RenwuJizhi, Game_dx.DATA2->Name_Lv);
DWORD CurPilao=Gamefu->GetPiLao();
Game_dx.DATA2->Name_Lv.Pilao=CurPilao;
DWORD AllFuzhong=Gamefu->GetAllFuZhong();
Game_dx.DATA2->Name_Lv.MaxFuzhong=AllFuzhong;
DWORD CurFuzhong=Gamefu->GetFuZhong();
Game_dx.DATA2->Name_Lv.CurFuzhong=CurFuzhong;
Game_dx.SendTo_Game();
return 1;
}
if (lParam==1)//获取金币数量
{
return Gamefu->GetJinBi(_BeiBaoJizhi);
}
}
}
return CallWindowProcA((WNDPROC) OldWindowProc,hwnd, uMsg, wParam, lParam );
}
ULONG_PTR Old_GetForegroundWindow_add5=0;
__declspec(naked) HWND __stdcall TMP_MyGetForegroundWindow()
{
__asm{
nop
nop
nop
nop
nop
nop
jmp Old_GetForegroundWindow_add5
}
}
HWND __stdcall MyGetForegroundWindow()
{
if (is_hook_user==FALSE )
{
if (Game_dx.IsCur()==TRUE)
{
Hook_dx();
HookPrsent();
is_hook_user=TRUE;
}
}
HWND wnd1=TMP_MyGetForegroundWindow();
wnd1=::FindWindowA(NULL,"地下城与勇士");
return wnd1;
}
ULONG_PTR Old_GetTopWindow_add5=0;
__declspec(naked) HWND __stdcall TMP_MyGetTopWindow( __in_opt HWND hWnd)
{
__asm{
nop
nop
nop
nop
nop
nop
jmp Old_GetTopWindow_add5
}
}
HWND __stdcall MyGetTopWindow( __in_opt HWND hWnd)
{
if (is_hook_user==FALSE )
{
if (Game_dx.IsCur()==TRUE)
{
Hook_dx();
HookPrsent();
is_hook_user=TRUE;
}
}
//OutputDebugStringA("MyGetTopWindow");
HWND wnd1=TMP_MyGetTopWindow(hWnd);
if (hWnd==0)
{
wnd1=::FindWindowA(NULL,"地下城与勇士");
}
return wnd1;
}
ULONG_PTR Old_GetFocus_add5=0;
__declspec(naked) HWND __stdcall TMP_MyGetFocus( )
{
__asm{
nop
nop
nop
nop
nop
nop
jmp Old_GetFocus_add5
}
}
HWND __stdcall MyGetFocus( )
{
if (is_hook_user==FALSE )
{
if (Game_dx.IsCur()==TRUE)
{
Hook_dx();
HookPrsent();
is_hook_user=TRUE;
}
}
//OutputDebugStringA("MyGetFocus");
HWND wnd1=::FindWindowA(NULL,"地下城与勇士");
return wnd1;
//= TMP_MyGetFocus();
}
ULONG_PTR OldGetActiveWindow_add5=0;
__declspec(naked) HWND __stdcall TMP_MyGetActiveWindow()
{
__asm{
nop
nop
nop
nop
nop
nop
jmp OldGetActiveWindow_add5
}
}
HWND __stdcall MyGetActiveWindow()
{
if (is_hook_user==FALSE )
{
if (Game_dx.IsCur()==TRUE)
{
Hook_dx();
HookPrsent();
is_hook_user=TRUE;
}
}
//OutputDebugStringA("MyGetActiveWindow");
HWND wnd1=::FindWindowA(NULL,"地下城与勇士");
return wnd1;
}
void SetMyTop()
{
DWORD OldProtect;
ULONG_PTR GetForegroundWindow_adr=(ULONG_PTR)GetForegroundWindow;
VirtualProtect((LPVOID)GetForegroundWindow_adr,5,PAGE_EXECUTE_READWRITE,&OldProtect);
VirtualProtect((LPVOID)TMP_MyGetForegroundWindow,5,PAGE_EXECUTE_READWRITE,&OldProtect);
extern ULONG_PTR Old_GetForegroundWindow_add5;
Old_GetForegroundWindow_add5=GetForegroundWindow_adr+5;
memcpy((LPVOID)TMP_MyGetForegroundWindow,(LPVOID)GetForegroundWindow_adr,5);
*((byte*)GetForegroundWindow_adr)=0xe9;
DWORD jimpcodexx11=(DWORD)MyGetForegroundWindow-GetForegroundWindow_adr-5;
*((DWORD*)(GetForegroundWindow_adr+1))=jimpcodexx11;
//////////////////////////////////////////////////////////////////////////
ULONG_PTR GetTopWindow_adr=(ULONG_PTR)GetTopWindow;
VirtualProtect((LPVOID)GetTopWindow_adr,5,PAGE_EXECUTE_READWRITE,&OldProtect);
VirtualProtect((LPVOID)TMP_MyGetTopWindow,5,PAGE_EXECUTE_READWRITE,&OldProtect);
extern ULONG_PTR Old_GetTopWindow_add5;
Old_GetTopWindow_add5=GetTopWindow_adr+5;
memcpy((LPVOID)TMP_MyGetTopWindow,(LPVOID)GetTopWindow_adr,5);
*((byte*)GetTopWindow_adr)=0xe9;
jimpcodexx11=(DWORD)MyGetTopWindow-GetTopWindow_adr-5;
*((DWORD*)(GetTopWindow_adr+1))=jimpcodexx11;
//////////////////////////////////////////////////////////////////////////
ULONG_PTR GetFucus_adr=(ULONG_PTR)GetFocus;
VirtualProtect((LPVOID)GetFucus_adr,5,PAGE_EXECUTE_READWRITE,&OldProtect);
VirtualProtect((LPVOID)TMP_MyGetFocus,5,PAGE_EXECUTE_READWRITE,&OldProtect);
extern ULONG_PTR Old_GetFocus_add5;
Old_GetFocus_add5=GetFucus_adr+5;
memcpy((LPVOID)TMP_MyGetFocus,(LPVOID)GetFucus_adr,5);
*((byte*)GetFucus_adr)=0xe9;
jimpcodexx11=(DWORD)MyGetFocus-GetFucus_adr-5;
*((DWORD*)(GetFucus_adr+1))=jimpcodexx11;
//////////////////////////////////////////////////////////////////////////
ULONG_PTR GetActiveWindow_adr=(ULONG_PTR)GetActiveWindow;
VirtualProtect((LPVOID)GetActiveWindow_adr,5,PAGE_EXECUTE_READWRITE,&OldProtect);
VirtualProtect((LPVOID)TMP_MyGetActiveWindow,5,PAGE_EXECUTE_READWRITE,&OldProtect);
extern ULONG_PTR OldGetActiveWindow_add5;
OldGetActiveWindow_add5=GetActiveWindow_adr+5;
memcpy((LPVOID)TMP_MyGetActiveWindow,(LPVOID)GetActiveWindow_adr,5);
*((byte*)GetActiveWindow_adr)=0xe9;
jimpcodexx11=(DWORD)MyGetActiveWindow-GetActiveWindow_adr-5;
*((DWORD*)(GetActiveWindow_adr+1))=jimpcodexx11;
}
void Hook_dx()
{
OutputDebugStringA("CHECK");
if (Ishook==FALSE)
{
// Hook32();
Ishook=TRUE;
}
//GetWindowThreadProcessId()
extern BOOL ISOK;
if (!Game_dx.IsCur())
{
IsCur_Bool=FALSE;
OutputDebugStringA("no cur");
return ;
}
ISOK=TRUE;
IsCur_Bool=TRUE;
Game_dx.Get_SendData();
Game_dx.SendTo_Game();
//////////////////////////////////////////////////////////////////////////
Game_dx.DATA2->Is_Bind_KEY1_ok=TRUE;
if (Game_dx.DATA2->Bind_moshi_KEY==1)
{
Game_dx.DATA2->Is_Bind_KEY1_ok=TRUE;
}
//////////////////////////////////////////////////////////////////////////
if (Game_dx.DATA2->SuperKuozan.IsHookGetSelfWindow==TRUE)
{
}
//////////////////////////////////////////////////////////////////////////
if (Game_dx.DATA2->SuperKuozan.IsHookGetCurSor==TRUE)
{
/*
拦截游戏获取当前鼠标坐标
HOOK_GetCursorPos();
HOOK_GetCapture();*/
}
if (Game_dx.DATA2->Bind_moshi==1)
{
Game_dx.DATA2->Is_Bind1_ok=TRUE;
//OldWindowProc=(WNDPROC)::SetWindowLongA(Game_dx.DATA2->thisWindow,GWL_WNDPROC,(LONG)::WindowProc);
//OutputDebugStringA("模式1");
/* Game_dx.DATA2->Is_Bind1_ok=TRUE;
return ;*/
}
if (Game_dx.DATA2->Bind_moshi==2)
{
//OutputDebugStringA("模式2");
// OldWindowProc=(WNDPROC)::SetWindowLongA(Game_dx.DATA2->thisWindow,GWL_WNDPROC,(LONG)::WindowProc);
Game_dx.DATA2->Is_Bind2_ok=TRUE;
//EATT.EAT_GetFunction((DWORD)MyReload->pDosHeader,"Direct3DCreate9",&old_Direct3DCreate9_adr);
}
}
ULONG_PTR OldPresend_Add5;
__declspec(naked) HRESULT __stdcall Temp_Present(LPDIRECT3DDEVICE9 pdev, RECT* pSourceRect,CONST RECT* pDestRect,HWND hDestWindowOverride,CONST RGNDATA* pDirtyRegion)
{
__asm{
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
jmp OldPresend_Add5
}
}
clock_t Begin2=0;
clock_t End2=0;
HRESULT __stdcall MyuPresent (LPDIRECT3DDEVICE9 pdev, RECT* pSourceRect,CONST RECT* pDestRect,HWND hDestWindowOverride,CONST RGNDATA* pDirtyRegion)
{
End2= clock();
if (End2-Begin2>100)
{
SetGame();
}
return Temp_Present(pdev,pSourceRect,pDestRect,hDestWindowOverride,pDirtyRegion);
}
void HookPrsent()
{
BYTE ReSet[5]={0x8b,0xff,0x55,0x8b,0xec};
HMODULE HD3d9=::GetModuleHandleA("d3d9.dll");
DWORD OldProtect,JmpCode;
DWORD DX_17=Game_dx.DATA2->D3D_17+(DWORD)GetModuleHandleA("D3D9.DLL");
VirtualProtect((LPVOID)DX_17,5,PAGE_EXECUTE_READWRITE,&OldProtect);
VirtualProtect(Temp_Present,5,PAGE_EXECUTE_READWRITE,&OldProtect);
char out11[256]={0};
sprintf(out11,"dx_17= %x",DX_17);
OutputDebugStringA(out11);
memcpy((LPVOID)DX_17,ReSet,5);
OldPresend_Add5=DX_17+5;
memcpy(Temp_Present ,(LPVOID)DX_17,5);
*((BYTE*)DX_17)=0xe9;
JmpCode=(DWORD)MyuPresent-DX_17-5;
*((DWORD*)(DX_17+1))=JmpCode;
}
ULONG_PTR SetTexture_add5;
__declspec(naked) HRESULT Temp_SetTexture(LPDIRECT3DDEVICE9 pdev, DWORD Stage,IDirect3DBaseTexture9* pTexture) //65
{
__asm{
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
jmp SetTexture_add5
}
}
char writea[256]={0};
HRESULT __stdcall MySetTexture(LPDIRECT3DDEVICE9 pdev, DWORD Stage,IDirect3DBaseTexture9* pTexture) //65
{
if (pTexture!=NULL)
{
memset(writea,0,256);
sprintf(writea,"Stage %d pTexture %d ",Stage,pTexture);
OutputDebugStringA(writea);
::WritePrivateProfileStringA("test",writea,"1","C:\\TT.TXT");
return S_FALSE;
if ((DWORD)472450720==(DWORD)pTexture)
{
return S_OK;
}
}
/*
IDirect3DVertexBuffer9* Pstreamdata=NULL;
UINT ioffsetInbytes,iStride;
if (pdev->GetStreamSource(0,&Pstreamdata,&ioffsetInbytes,&iStride)==D3D_OK)
{
Pstreamdata->Release();
if (Game_dx.DATA2!=NULL)
{
if ( ( PrimitiveCount>(Game_dx.DATA2->PrintTest-100 )|| PrimitiveCount<(Game_dx.DATA2->PrintTest+100 ) ) && iStride==28 / * && (type!=Game_dx.DATA2->PrintTest)* / )
{
}
}
IDirect3DBaseTexture9* T1; */
return Temp_SetTexture(pdev,Stage,pTexture);
return S_OK;
}
void HookDrawPrimitive()
{
/*
BYTE ReSet[5]={0x8b,0xff,0x55,0x8b,0xec};
HMODULE HD3d9=::GetModuleHandleA("d3d9.dll");
DWORD OldProtect,JmpCode;
DWORD DX_65=Game_dx.DATA2->D3D_65+(DWORD)GetModuleHandleA("D3D9.DLL");
VirtualProtect((LPVOID)DX_65,5,PAGE_EXECUTE_READWRITE,&OldProtect);
VirtualProtect(Temp_SetTexture,5,PAGE_EXECUTE_READWRITE,&OldProtect);
char out11[256]={0};
sprintf(out11,"dx_81= %x",DX_65);
OutputDebugStringA(out11);
memcpy((LPVOID)DX_65,ReSet,5);
SetTexture_add5=DX_65+5;
memcpy(Temp_SetTexture ,(LPVOID)DX_65,5);
*((BYTE*)DX_65)=0xe9;
JmpCode=(DWORD)MySetTexture-DX_65-5;
*((DWORD*)(DX_65+1))=JmpCode;*/
}
BOOL isha_hookWM=FALSE;
time_t time1=0;
time_t time2;
BOOL ISGOGO=FALSE;
VOID MYTHREAD()
{
while(1)
{
/* if (is_hook_user==FALSE )
{
if (Game_dx.IsCur()==TRUE)
{
Hook_dx();
HookPrsent();
is_hook_user=TRUE;
}
}*/
OutputDebugStringA("11");
if (isFree==FALSE)
{
HMODULE aa=GetModuleHandleA("爱冰的沫.DLL");
::FreeLibrary(GetModuleHandleA("爱冰的沫.DLL"));
isFree=TRUE;
}
SetGame();
}
}
#include <boost/archive/BINARY_iarchive.hpp>
#include <boost/archive/binary_oarchive.hpp>
#include <boost/archive/text_iarchive.hpp>
#include <boost/archive/text_oarchive.hpp>
#include <boost/archive/XML_iarchive.hpp>
#include <boost/archive/XML_oarchive.hpp>
#include <boost/serialization/base_object.hpp>
#include <iostream>
#include <fstream>
typedef struct _sYY{
int a;
int b;
int c;
}sYY1,*PSS;
sYY1 sYY;
void Hook_dx1()
{
OutputDebugStringA("ininininininin__________________________________");
//OutputDebugStringA("进入");
/*if (isFree==FALSE)
{
HMODULE aa=GetModuleHandleA("爱冰的沫.DLL");
::FreeLibrary(GetModuleHandleA("爱冰的沫.DLL"));
isFree=TRUE;
}*/
if (Ishook==FALSE)
{
Hook32();
char filename[256];
::GetModuleFileNameA(NULL,filename,256);
// OutputDebugStringA(filename);
if (strstr(filename,"DNF.exe")!=NULL || strstr(filename,"dnf.exe")!=NULL )
{
HookInputTime();
HookOle32();
/*
FILE*stream;
stream=fopen("C:\\showBase","r");
int a,b,c;
fscanf(stream,"%d,%d,%d",&a,&b,&c);
fclose(stream);*/
}
/*
int allSafe[3];
using namespace std;
std::ifstream file("C:\\archive");
boost::archive::text_iarchive ia(file);
ia>>allSafe;
if(allSafe[0]==1)
{
HookInputTime();
}
if (allSafe[2]==1)
{
HookOle32();
}*/
//
//
Ishook=TRUE;
}
if (ISGOGO==TRUE)
{
return ;
}
//SetMyTop();
ISGOGO=TRUE;
return ;
OldWindowProc=(WNDPROC)::SetWindowLongA(::FindWindowA(NULL,"地下城与勇士"),GWL_WNDPROC,(LONG)::WindowProc);
//OutputDebugStringA("进入");
return ;
//GetWindowThreadProcessId()
extern BOOL ISOK;
//OutputDebugStringA("Hook_dx");
if (ISOK==FALSE)
{
if (!Game_dx.IsCur())
{
//OutputDebugStringA("!IsCur");
IsCur_Bool=FALSE;
return ;
}
ISOK=TRUE;
//OutputDebugStringA("IsCur");
IsCur_Bool=TRUE;
Game_dx.SendTo_Game();
//////////////////////////////////////////////////////////////////////////
Game_dx.DATA2->Is_Bind_KEY1_ok=TRUE;
if (Game_dx.DATA2->Bind_moshi_KEY==1)
{
Game_dx.DATA2->Is_Bind_KEY1_ok=TRUE;
/*
注释 : 此处使得游戏的DX键盘能响应后台
HMODULE d3d9_Key=GetModuleHandleA("DINPUT8.dll");
if (d3d9_Key!=NULL && d3d9_Key!=(HMODULE)-1)
{
HOOK_KEY_User32();
//OutputDebugStringA("键盘模式1");
HOOK_KEY1((DWORD)d3d9_Key);
Game_dx.DATA2->Is_Bind_KEY1_ok=TRUE;
}*/
}
//////////////////////////////////////////////////////////////////////////
if (Game_dx.DATA2->SuperKuozan.IsHookGetSelfWindow==TRUE)
{
// SetMyTop(); //使得前台其他窗口的键盘能影响到后台游戏
}
//////////////////////////////////////////////////////////////////////////
if (Game_dx.DATA2->SuperKuozan.IsHookGetCurSor==TRUE)
{
/*
拦截游戏获取当前鼠标坐标
HOOK_GetCursorPos();
HOOK_GetCapture();*/
}
if (Game_dx.DATA2->Bind_moshi==1)
{
Game_dx.DATA2->Is_Bind1_ok=TRUE;
OldWindowProc=(WNDPROC)::SetWindowLongA(Game_dx.DATA2->thisWindow,GWL_WNDPROC,(LONG)::WindowProc);
//OutputDebugStringA("模式1");
/* Game_dx.DATA2->Is_Bind1_ok=TRUE;
return ;*/
}
if (Game_dx.DATA2->Bind_moshi==2)
{
//OutputDebugStringA("模式2");
OldWindowProc=(WNDPROC)::SetWindowLongA(Game_dx.DATA2->thisWindow,GWL_WNDPROC,(LONG)::WindowProc);
Game_dx.DATA2->Is_Bind2_ok=TRUE;
//EATT.EAT_GetFunction((DWORD)MyReload->pDosHeader,"Direct3DCreate9",&old_Direct3DCreate9_adr);
}
}
}
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 支持一个
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
