[原创]多年前写的一套dnf源码-软件逆向-看雪-安全社区|安全招聘|kanxue.com

[原创]多年前写的一套dnf源码

发表于: 2014-8-15 00:04 35641

[原创]多年前写的一套dnf源码

ericzw

2014-8-15 00:04

35641

学习研究，并没有销售过，可放心看！
Core.cpp

#include "stdafx.h"
#include "Core.h"
#include "GameFun.h"
#include "Map.h"
#include "MemPatch.h"
#include <shlwapi.h>
#include <TLHELP32.H>

#include "publib.h"
#include "publib_m.h"

#ifdef _DEBUG
#define new DEBUG_NEW
#endif

//
//TODO: If this DLL is dynamically linked against the MFC DLLs,
// any functions exported from this DLL which call into
// MFC must have the AFX_MANAGE_STATE macro added at the
// very beginning of the function.
//
// For example:
//
// extern "C" BOOL PASCAL EXPORT ExportedFunction()
// {
// AFX_MANAGE_STATE(AfxGetStaticModuleState());
// // normal function body here
// }
//
// It is very important that this macro appear in each
// function, prior to any calls into MFC.  This means that
// it must appear as the first statement within the
// function, even before any object variable declarations
// as their constructors may generate calls into the MFC
// DLL.
//
// Please see MFC Technical Notes 33 and 58 for additional
// details.
//

// CCoreApp

BEGIN_MESSAGE_MAP(CCoreApp, CWinApp)
END_MESSAGE_MAP()

int ConfusionPeHeader(LPCSTR lpszMoudleName);
BOOL HideMyMoudle(LPCSTR lpszMoudleName);
DWORD WINAPI HelpSelfProcess(LPVOID lpParameter);
int WINAPI HelpSelfProcess_g();
// CCoreApp construction

CCoreApp::CCoreApp()
{
// TODO: add construction code here,
// Place all significant initialization in InitInstance
}

extern DWORD GAME_ADDR_ROLE_BASE;
// The one and only CCoreApp object

CCoreApp theApp;

int roomst=0;
int attackspeed=0;
int pickspeed=0;
int attack=0;
//int isstop=0;
int bloodexit=0;//为1锁血。为0不锁
int bossAdd=0;//为1boss房加攻击。为0不加
int monstAdd=0;//为1普通怪房加攻击。为0不加
int isdisconnect=0; //是否断线

int isMail;//为1开启邮寄为0不开启
int mailMoney;//保留身上有多少钱
char mailName[80];//收件人名字
char mailNr[80];//邮寄内容

int isWzjb;//是否只进王者级别地图 1是 0不是

DWORD WINAPI LockBloodProc(
   LPVOID lpParameter
   )
{
CGameFun g;
while (1)
{
if (bloodexit)
{
//OutputDebugString("锁血");
g.LockBlood();
}
else
{
//OutputDebugString("停止锁血");
}
Sleep(50);

}
return 1;
}
DWORD WINAPI SellGoodsProc(
   LPVOID lpParameter
   )
{

CGameFun g;

g.SellAllGoods();

return 1;
}
DWORD WINAPI EditAttackProc1(
   LPVOID lpParameter
   )
{
int i=0;
CGameFun g;

while (1)
{

if(monstAdd)//monstAdd=0;//为1普通怪房加攻击。为0不加
{
if (g.IsMonsterDead())//怪物死亡
{
Sleep(1000);
i++;
if (i>=roomst)
{
i=0;
g.EditAttack((*(int*)GAME_ADDR_ROLE_BASE)+4,0x298,attack);
OutputDebugString("普通房加攻击");
}
}
else
{
OutputDebugString("普通房加攻击结束");
monstAdd=0;
}
}
Sleep(200);
}
return 1;
}
DWORD WINAPI EditAttackProc2(
   LPVOID lpParameter
   )
{
int i=0;
CGameFun g;
while (1)
{
if(bossAdd)//bossAdd=0;//为1boss房加攻击。为0不加
{

if (g.IsBossDead())
{
Sleep(1000);
i++;
if (i>=(2*roomst))
{
i=0;
g.EditAttack((*(int*)GAME_ADDR_ROLE_BASE)+4,0x298,attack);
OutputDebugString("boss房加攻击");
}
}
else
{
OutputDebugString("boss房加攻击结束");
bossAdd=0;
}
}
Sleep(200);
}
OutputDebugString("释放攻击线程2");
return 1;
}
// CCoreApp initialization
char settingpath[MAX_PATH];

char goodspath[MAX_PATH];
char retaingoods[1024][64];

void Initthing()
{
ZeroMemory(settingpath,MAX_PATH);
ZeroMemory(goodspath,MAX_PATH);
GetModuleFileName((HMODULE)AfxGetInstanceHandle(),settingpath,MAX_PATH);
PathRemoveFileSpec(settingpath);

int len=lstrlen(settingpath);//取dll再上级的目录
for(int i=len;i>0;i--)
{
if(settingpath[i]=='\\')
{
settingpath[i]=0;
break;
}
}
strcpy_s(goodspath,settingpath);
strcat_s(settingpath,"\\ini\\setting.ini");
strcat_s(goodspath,"\\ini\\保留材料.txt");

}
char comstr[64];

void LoadSetting()
{

ZeroMemory(comstr,64);
if (GetPrivateProfileString("攻击速度","时间间隔",NULL,comstr,64,settingpath))
{
attackspeed=atoi(comstr);
if (attackspeed==0)
{
attackspeed=450;
}
}
else
{
WritePrivateProfileString("攻击速度","时间间隔","1000",settingpath);
attackspeed=450;
}
ZeroMemory(comstr,64);

if (GetPrivateProfileString("邮寄功能","收件人名字",NULL,mailName,64,settingpath))
{
isMail=1;//开启邮寄
GetPrivateProfileString("邮寄功能","邮寄内容",NULL,mailNr,64,settingpath);
GetPrivateProfileString("邮寄功能","保留身上有多少钱",NULL,comstr,64,settingpath);
mailMoney=atoi(comstr);

}
else
{
isMail=0;//关闭邮寄
WritePrivateProfileString("邮寄功能","收件人名字","",settingpath);
WritePrivateProfileString("邮寄功能","邮寄内容","请查收..",settingpath);
WritePrivateProfileString("邮寄功能","保留身上有多少钱","20000",settingpath);
}

// if (GetPrivateProfileString("是否只进王者级别的地图","是否只进王者级别的地图",NULL,comstr,64,settingpath))
// {
// if(comstr[0]=="Y" || comstr[0]=="y")
// {
// isWzjb=1;//是否只进王者级别地图 1是 0不是
// }
// else
// {
// isWzjb=0;//是否只进王者级别地图 1是 0不是
// }
//
// }
// else
// {
// isWzjb=0;//是否只进王者级别地图 1是 0不是
// WritePrivateProfileString("是否只进王者级别的地图","是否只进王者级别的地图","Y",settingpath);
// }

// ZeroMemory(comstr,64);
// if (GetPrivateProfileString("攻击修改","加物理攻击",NULL,comstr,64,settingpath))
// {
// attack=atoi(comstr);
// if (attack==0)
// {
// attack=10;
// }
// }
// else
// {
// WritePrivateProfileString("攻击修改","加物理攻击","10",settingpath);
// attack=10;
// }
//开始修改攻击
CGameFun gamefun ;
char level[64];
ZeroMemory(level,64);
sprintf_s(level,"等级%d加攻击",gamefun.GetRoleGrade());

char outstr[512];
ZeroMemory(outstr,512);
//取每一个等级的攻击配置
attack=GetPrivateProfileInt("攻击修改",level,-1,settingpath);
if (attack==-1)
{
WritePrivateProfileString("攻击修改",level,"0",settingpath);
attack=0;

sprintf_s(outstr, "读取攻击失败**%s 路径是=%s", level,settingpath);
OutputDebugString(outstr);
}
else
{
sprintf_s(outstr, "读取攻击成功**%s=%d 路径是=%s", level,attack,settingpath);
OutputDebugString(outstr);
}

//改技能
//gamefun.PowerSkill(1);//改技能

if (GetPrivateProfileString("房间停留","停留几秒后加攻击",NULL,comstr,64,settingpath))
{
roomst=atoi(comstr);
}
else
{
WritePrivateProfileString("房间停留","停留几秒后加攻击","3",settingpath);
roomst=3;
}
if(GetPrivateProfileInt("地图选择","1-2",0,settingpath)==0)
{
WritePrivateProfileString("地图选择","1-2","1",settingpath);
WritePrivateProfileString("地图选择","2-6","2",settingpath);
WritePrivateProfileString("地图选择","6-9","5",settingpath);
WritePrivateProfileString("地图选择","9-12","6",settingpath);
WritePrivateProfileString("地图选择","12-17","8",settingpath);
WritePrivateProfileString("地图选择","17-23","11",settingpath);
WritePrivateProfileString("地图选择","23-27","11",settingpath);//本来是17
WritePrivateProfileString("地图选择","27-35","23",settingpath);
WritePrivateProfileString("地图选择","35-37","23",settingpath);//本来是31
WritePrivateProfileString("地图选择","37-39","23",settingpath);//本来是32
WritePrivateProfileString("地图选择","39-60","23",settingpath);//本来是32
}

}

void LoadRetainGoods()
{
ZeroMemory(retaingoods,sizeof(retaingoods));
CStdioFile file;
int i=0;
if (file.Open(goodspath, CFile::modeRead))
{
OutputDebugString("打开保留材料文件成功！");
while (file.ReadString(retaingoods[i],64))//ReadString读取碰到0a0d会停止，并把0d换成00,保留0a
{

char *p=retaingoods[i];//去掉读取的0a
int len=lstrlen(p);
if(p[len-1]==0x0a)
p[len-1]=0;

i++;
}
OutputDebugString("关闭保留材料文件成功！");
file.Close();
}
}

#define WM_FA  WM_USER+3//dll向程序回发疲劳值为0的processId
DWORD WINAPI StartProc(
   LPVOID lpParameter
   )
{
char outstr[512];
ZeroMemory(outstr,512);
int coin=0;
HANDLE shandle;

int attackl=0;
int bug=0;
int attackcou=0;
CGameFun gamefun;
CGameMap gamemap;
int mapid,maplevel=-1;

DWORD dwTimeSs = 0, dwTimeEs = 0;

DWORD dwTimeSs2 = 0, dwTimeEs2 = 0;
dwTimeSs2 = GetTickCount();
int firstLogin=0;//刚进入的时候是0 然后修一次装备后马上设置为1

mapid=gamefun.SelRightMap();//根据等级读取配置文件中要进入的地图id
sprintf_s(outstr, "mapid::%d", mapid);
OutputDebugString(outstr);

OutputDebugString("主线程开启,开始挂机!");
while (1)
{

// while(1)
// {
//    bloodexit=1;//开始锁血
// LoadSetting();
//
// if(gamefun.IsDiXia()==3)
// {
// gamefun.trimGoods();//修理武器
// __asm
// {
// mov eax,1
// add eax,3
// }
//
// }
// Sleep(5000);
// }

//
// int ii=0;
//    while(1)
//    {
// // if(ii==0)
// // {
// // //SellGoodsProc(NULL);
// // //gamefun.DnfPostMan("丫可爱哈", 1200, 0, 0, 0, 0, "kkk");
// // ii++;
// // }
//
//    //gamefun.PowerSkill(1);//改技能
//
// int dqmoney=gamefun.GetCoinCou();//取得金钱数量
// if(isMail)//为1开启邮寄为0不开启
// {
// gamefun.mailGoods(mailName,mailNr);//邮寄物品
// int jmailMoney=dqmoney-mailMoney;//现有的钱-保留的钱=将要寄的钱
// if(jmailMoney>0)//为正才寄钱
// {
// gamefun.DnfPostMan(mailName, mailMoney, 0, 0, 0, 0, mailNr);//邮件只寄钱
// }
// //ExitProcess(0);
// OutputDebugString("邮寄完了，退出游戏");
// while(1)
// {
// Sleep(5000);
// }
// }
//
// LoadSetting();
// Sleep(10*1000);
//    }

//    int ii=0;
// while(1)
// {
//    if(ii==0)
//    {
//    __asm
// {
// mov edx,0x096B24A0
// call edx
// }
//    ii++;
//    }
//
//
//    Sleep(10*1000);
// }

dwTimeSs = GetTickCount() / 1000;
while (gamefun.IsDiXia()!=1)//判断是否在地下城 1在城里 2在选择地图界面 3在地下城
{
dwTimeEs = GetTickCount() / 1000;
if ((dwTimeEs-dwTimeSs) > 60)
{
OutputDebugString("60秒过去了，还没出现在城里,结束游戏.");
ExitProcess(0);
}
Sleep(1000);
}

// //刚进入的时候是0 然后修一次装备后马上设置为1
// if(firstLogin==0)
// {
// firstLogin+=1;
// gamefun.trimGoods();//修理武器
// OutputDebugString("刚进入游戏,修理一次修理武器.");
// }
// //每8分钟修理一次装备
// dwTimeEs2 = GetTickCount();
// if ((dwTimeEs2-dwTimeSs2) > 8*60*1000)
// {
// dwTimeSs2=GetTickCount();
// OutputDebugString("8分钟到了,修理一次修理武器.");
//
// }

if(0==gamefun.GetFatigue())//疲劳为0就退出程序
{
HWND hWnd = ::FindWindow(NULL, "东方外语");//发送疲劳值为0的进程id给主程序
DWORD processId=::GetCurrentProcessId();
::SendMessage(hWnd,WM_FA,(WPARAM)processId,0);
OutputDebugString("疲劳值为0，结束游戏.");

int dqmoney=gamefun.GetCoinCou();//取得金钱数量
if(isMail)//为1开启邮寄为0不开启
{
gamefun.mailGoods(mailName,mailNr);//邮寄物品
int jmailMoney=dqmoney-mailMoney;//现有的钱-保留的钱=将要寄的钱
if(jmailMoney>0)//为正才寄钱
{
gamefun.DnfPostMan(mailName, mailMoney, 0, 0, 0, 0, mailNr);//邮件只寄钱
}
//ExitProcess(0);
OutputDebugString("邮寄完了，退出游戏");
}
break;//结束掉游戏，代码在下面
}

attackl=gamefun.SelRightAttack();//获得人物等级小于14级返回0 大于14返回实际等级

Sleep(3000);
OutputDebugString("开始卖物品！！");
SellGoodsProc(NULL);
// shandle=::CreateThread(NULL,NULL,SellGoodsProc,NULL,NULL,NULL);
// WaitForSingleObject(shandle,INFINITE);
// CloseHandle(shandle);
OutputDebugString("结束卖物品！！");

Sleep(5000);
if (mapid==gamefun.SelRightMap())//根据等级读取配置文件中要进入的地图id
{
maplevel++;
if (mapid==1)
{
if (maplevel>=2)
{
gamefun.GotoBattlefield(mapid,2);
}
else
{
gamefun.GotoBattlefield(mapid,maplevel);

}
}
else
{
if (maplevel>=3)
{
gamefun.GotoBattlefield(mapid,3);
}
else
{
gamefun.GotoBattlefield(mapid,maplevel);

}
}

}
else
{
maplevel=0;
mapid=gamefun.SelRightMap();//根据等级读取配置文件中要进入的地图id
gamefun.GotoBattlefield(mapid,0);
}

OutputDebugString("结束地图选择！！");
Sleep(3000);

// HANDLE hThrad1=::CreateThread(NULL,NULL,LockBloodProc,NULL,NULL,NULL);//锁红
// CloseHandle(hThrad1);
bloodexit=1;//开始锁血

// bug=0;
// while (gamefun.IsDiXia()!=3)//判断是否在地下城
// {
// if (bug==5)
// {
// bug=0;
//
// switch (gamefun.IsDiXia())
// {
// case 1:
// gamefun.GotoBattlefield(mapid,0);
// break;
// case 2:
// gamefun.SelectMap( mapid, 0);
// break;
// default:
// ExitProcess(0);
// }
// }
// bug++;
// Sleep(2000);
// }
bug=0;
Sleep(1000);
OutputDebugString("结束IsDiXia！！");
gamemap.InitRoomData(gamefun.GetMapType());

gamemap.SetStartEndCoor(gamefun.GetRoleRoomX(),gamefun.GetRoleRoomY(),gamefun.GetBossRoomX(),gamefun.GetBossRoomY());

while (1)
{
LoadSetting();
OutputDebugString("开始LoadSetting！！");
bug =0;
if (gamefun.IsBossDead())//判断BOSS是否死亡在boss房间就进入下面。不在boss房间就进入else
{

// HANDLE hThread1=::CreateThread(NULL,NULL,EditAttackProc2,NULL,NULL,NULL);
// CloseHandle(hThread1);
bossAdd=1;//为1boss房加攻击。为0不加

//gamefun.EditAttack((*(int*)0x00D7A8BC)+4,0x298,attackl);//修改攻击
attackcou=0;
while (gamefun.IsBossDead())
{
if(!gamefun.IsBossDead())
break;
if (attackcou==10)
{
attackcou=0;
}
attackcou++;
//gamefun.AttractMonster();//吸怪

// if(gamefun.GetRoleGrade()>=10)//获得人物等级 10级以上用银光 10级以下用普通技能
// {
// gamefun.RoleJmp();//跳跃
// Sleep(500);
// gamefun.RoleYgdr();//银光落刃
//
// }
// else
// {
gamefun.RoleAction(0x8);//0x8=按x键普通攻击  0x1d=枪手的追击者技能 0xd捡物品

// }

//gamefun.RoleJmp();//跳跃  (改技能)

// //gamefun.RoleJ();//追击者技能

Sleep(attackspeed);
}
Sleep(1000);
gamefun.EditAttack((*(int*)GAME_ADDR_ROLE_BASE)+4,0x298,0);

bloodexit=0;
gamefun.SSSGrade(1000);//sss评分

Sleep(3500);

// gamefun.AttractGoods();//吸物
while(gamefun.IsGoodsEmpty())
{
// if(bug==15)
// {
// bug=0;
// break;
// }
// else if (bug%5==0)
// {
// gamefun.AttractGoods();
// }
// bug++;
// Sleep(pickspeed);
// gamefun.RoleAction(0xd);//0x8=按x键普通攻击  0x1d=枪手的追击者技能 0xd捡物品

gamefun.PickupAllGoods();//捡物品
}

coin=gamefun.GetCoinCou();

while (coin==gamefun.GetCoinCou())
{
Sleep(1000);
}

Sleep(12000);

gamefun.BackToTown();//返回城镇

while(gamefun.IsDiXia()==3)//检测是否还在地下城还在就再call返回城镇
{
Sleep(5000);
gamefun.BackToTown();//返回城镇
}

break;
}
else
{
// HANDLE hThread1=::CreateThread(NULL,NULL,EditAttackProc1,NULL,NULL,NULL);
// CloseHandle(hThread1);
monstAdd=1;//为1普通怪房加攻击。为0不加
attackcou=0;

// gamefun.EditAttack((*(int*)0x00D7A8BC)+4,0x298,attackl);
while(gamefun.IsMonsterDead())
{
if(!gamefun.IsMonsterDead())
break;
if (attackcou==10)
{
attackcou=0;
}
attackcou++;

//gamefun.AttractMonster();//吸怪

// if(gamefun.GetRoleGrade()>=10)//获得人物等级 10级以上用银光 10级以下用普通技能
// {
// gamefun.RoleJmp();//跳跃
// Sleep(500);
// gamefun.RoleYgdr();//银光落刃
//
// }
// else
// {
gamefun.RoleAction(0x8);//0x8=按x键普通攻击  0x1d=枪手的追击者技能 0xd捡物品

// }

//gamefun.RoleJmp();//跳跃 (改技能)

//gamefun.RoleJ();//追击者技能
//

Sleep(attackspeed);
}
Sleep(1000);
gamefun.EditAttack((*(int*)GAME_ADDR_ROLE_BASE)+4,0x298,0);

    Sleep(2000);
//    gamefun.AttractGoods();//吸物
    while(gamefun.IsGoodsEmpty())
    {
//    if(bug==15)
//    {
//    bug=0;
//    break;
//    }
//    else if (bug%5==0)
//    {
//    gamefun.AttractGoods();
//    }
//    bug++;
//    Sleep(pickspeed);
//    gamefun.RoleAction(0xd);//0x8=按x键普通攻击  0x1d=枪手的追击者技能 0xd捡物品
//
gamefun.PickupAllGoods();//捡物品
}

Sleep(2000);

gamefun.EnterDoor(gamemap.GetNextDoorWay(gamefun.GetRoleRoomX(),gamefun.GetRoleRoomY()));

Sleep(1000);
}
}
}
OutputDebugString("结束打怪！！");
shandle=::CreateThread(NULL,NULL,SellGoodsProc,NULL,NULL,NULL);
WaitForSingleObject(shandle,INFINITE);
Sleep(5000);
ExitProcess(0);
//卖东西，下线
return 1;
}

DWORD WINAPI PathProc(
   LPVOID lpParameter
   )
{
CMemPatch m_net_2;
CMemPatch m_net_3;
CMemPatch m_net_4;
CMemPatch m_net_5;
CMemPatch m_net_6;

char szPatch2[] = {'\xB8','\x01','\x00','\x00','\x00','\xC3','\x90','\x90','\x90'};
m_net_2.Initialize(0x00A09AA0,szPatch2,9);

DWORD dwPatch3Addr = (DWORD)GetModuleHandle("TenSLX.dll") + 0x7b1f;

char szPatch3[] = {'\x83','\xC4','\x18','\x90','\x90','\x90'};
m_net_3.Initialize(dwPatch3Addr,szPatch3,6);

char szPatch4[] = {'\x33','\xC0','\xc2','\x04','\x00'};
m_net_4.Initialize(*(DWORD*)(*(DWORD*)(0x00a09acc)),szPatch4,5);

char szPatch5[] = {'\xeb'};
m_net_5.Initialize(0x00a411fd,szPatch5,1);

DWORD dwPatch6Addr = (DWORD)GetModuleHandle("wininet.dll") + 0x5a52;

char szPatch6[] = {'\x6a','\x24','\x68','\x60','\x5b','\x69','\x76'};
m_net_6.Initialize(dwPatch6Addr,szPatch6,7);

m_net_2.SetPatchOn();
// m_net_3.SetPatchOn();
m_net_4.SetPatchOn();
// m_net_5.SetPatchOn();
m_net_6.SetPatchOn();

// OutputDebugStringA("Path success!!!!");

return 1;

}
unsigned long jmpback;
unsigned long jmpback1;
unsigned long jmpback2;

__declspec(naked) void myfun()
{
/*
__asm
{
pushad
mov eax,1;
mov isdisconnect,eax
popad
push ebp
mov ebp,esp
jmp jmpback
}

*/

__asm pushad
OutputDebugStringA("断线了！");
__asm
{
popad
push ebp
mov ebp,esp
jmp jmpback

}
}
void _stdcall printsend(DWORD add,DWORD len)
{
char* sendstr;
char outs[128];
ZeroMemory(outs,128);
sendstr=(char*)add;
sprintf_s(outs,"type:send len: %0x8x data: ",len);
OutputDebugStringA(outs);

for (int i=0;i<len;i++)
{
sprintf_s(outs,"%2x ",sendstr[i]);
OutputDebugStringA(outs);
}

OutputDebugStringA("\n");

}
__declspec(naked) void myfun1()
{

__asm
{
pushad
push dword ptr [esp+0x18]
push dword ptr [esp+0x1c]
call printsend
popad
push ebp
mov ebp,esp
jmp jmpback1

}
}
void _stdcall printrecv(DWORD add,DWORD len)
{
char* recvstr;
char outs[128];
ZeroMemory(outs,128);
recvstr=(char*)add;
sprintf_s(outs,"type:recv len: %0x8x data: ",len);
OutputDebugStringA(outs);
for (int i=0;i<len;i++)
{
sprintf_s(outs,"%2x ",recvstr[i]);
OutputDebugStringA(outs);
}

OutputDebugStringA("\n");

}
__declspec(naked) void myfun2()
{
__asm
{
pushad
push dword ptr [esp+0x8]
push dword ptr [esp+0xc]
call printrecv
popad
push ebp
mov ebp,esp
jmp jmpback2

}
}

BYTE orig_code[5] = {0x90, 0x90, 0x90, 0x90, 0x90};//存放原始的指令
unsigned long funadd;

BYTE orig_code1[5] = {0x90, 0x90, 0x90, 0x90, 0x90};//存放原始的指令
unsigned long funadd1;

BYTE orig_code2[5] = {0x90, 0x90, 0x90, 0x90, 0x90};//存放原始的指令
unsigned long funadd2;

void Hook()
{
DWORD dwOldFlag;
unsigned long addr=0xaeb554;
unsigned long addr1=0xaeb53c;
unsigned long addr2=0xaeb544;

BYTE hook_code[5] = {0xe9, 0, 0, 0, 0};//存放跳转到的指令
BYTE hook_code1[5] = {0xe9, 0, 0, 0, 0};//存放跳转到的指令
BYTE hook_code2[5] = {0xe9, 0, 0, 0, 0};//存放跳转到的指令

funadd=*(unsigned long*)addr;
memcpy(orig_code,(byte*)funadd,5);

funadd1=*(unsigned long*)addr1;
memcpy(orig_code1,(byte*)funadd1,5);

funadd2=*(unsigned long*)addr2;
memcpy(orig_code2,(byte*)funadd2,5);

*(unsigned long*)((unsigned long)hook_code+1)=(unsigned long)((unsigned long)myfun-funadd-5);
*(unsigned long*)((unsigned long)hook_code1+1)=(unsigned long)((unsigned long)myfun1-funadd1-5);
*(unsigned long*)((unsigned long)hook_code2+1)=(unsigned long)((unsigned long)myfun2-funadd2-5);

VirtualProtect((LPVOID)funadd,5,PAGE_EXECUTE_READWRITE,&dwOldFlag);
memcpy((byte*)funadd,hook_code,5);
VirtualProtect((LPVOID)funadd,5,dwOldFlag,&dwOldFlag);
jmpback=funadd+5;

VirtualProtect((LPVOID)funadd1,5,PAGE_EXECUTE_READWRITE,&dwOldFlag);
memcpy((byte*)funadd1,hook_code1,5);
VirtualProtect((LPVOID)funadd1,5,dwOldFlag,&dwOldFlag);
jmpback1=funadd1+5;

VirtualProtect((LPVOID)funadd2,5,PAGE_EXECUTE_READWRITE,&dwOldFlag);
memcpy((byte*)funadd2,hook_code2,5);
VirtualProtect((LPVOID)funadd2,5,dwOldFlag,&dwOldFlag);
jmpback2=funadd2+5;

}
void Unhook()
{
DWORD dwOldFlag;
VirtualProtect((LPVOID)funadd,5,PAGE_EXECUTE_READWRITE,&dwOldFlag);
memcpy((byte*)funadd,orig_code,5);
VirtualProtect((LPVOID)funadd,5,dwOldFlag,&dwOldFlag);
VirtualProtect((LPVOID)funadd1,5,PAGE_EXECUTE_READWRITE,&dwOldFlag);
memcpy((byte*)funadd1,orig_code1,5);
VirtualProtect((LPVOID)funadd1,5,dwOldFlag,&dwOldFlag);
VirtualProtect((LPVOID)funadd2,5,PAGE_EXECUTE_READWRITE,&dwOldFlag);
memcpy((byte*)funadd2,orig_code2,5);
VirtualProtect((LPVOID)funadd2,5,dwOldFlag,&dwOldFlag);

}
DWORD WINAPI ExitProc(
   LPVOID lpParameter
   )
{
HANDLE handle;
DWORD pid;
int f=0;
pid=GetCurrentProcessId();
HANDLE hProcessSnap;
PROCESSENTRY32 pe32;

while (1)
{
f=0;
hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
if( hProcessSnap == INVALID_HANDLE_VALUE )
{
return 0;
}
pe32.dwSize = sizeof( PROCESSENTRY32 );
if( !Process32First( hProcessSnap, &pe32 ) )
{
CloseHandle( hProcessSnap );
return 0;
}

do
{
if (pid==pe32.th32ProcessID)
{
handle=OpenProcess(PROCESS_TERMINATE, FALSE,pid);
TerminateProcess(handle,4);
f++;

}

} while( Process32Next( hProcessSnap, &pe32 ) );
CloseHandle( hProcessSnap );
if (!f)
{
break;
}

}

return 1;

}

DWORD WINAPI IsDisconnectProc(
   LPVOID lpParameter
   )
{

CGameFun g;
// HANDLE handle;
char outstr[512];
ZeroMemory(outstr,512);

while (1)
{
if (g.IsCloseSocket())
{
Sleep(200);
ExitProcess(0);
sprintf_s(outstr,512,"mapid:%x role x:%d role y:%d boss x:%d boss y:%d ",g.GetMapType(),g.GetRoleRoomX(),g.GetRoleRoomY(),g.GetBossRoomX(),g.GetBossRoomY());
OutputDebugStringA(outstr);

}

Sleep(1000);
}

return 1;

}

DWORD WINAPI StartProc1(
LPVOID lpParameter
)
{

return 1;
}

//隐藏dll

//隐藏dll

typedef struct _LDR_MODULE
{
LIST_ENTRY       InLoadOrderModuleList; //+0x00
LIST_ENTRY       InMemoryOrderModuleList; //+0x08
LIST_ENTRY       InInitializationOrderModuleList; //+0x10
void*             BaseAddress;  //+0x18
void*             EntryPoint; //+0x1c
ULONG             SizeOfImage;
UNICODE_STRING    FullDllName;
UNICODE_STRING    BaseDllName;
ULONG             Flags;
SHORT             LoadCount;
SHORT             TlsIndex;
HANDLE             SectionHandle;
ULONG             CheckSum;
ULONG             TimeDateStamp;
} LDR_MODULE, *PLDR_MODULE;
void HideDll()
{
HMODULE hMod = ::GetModuleHandle("VC32B.dll"); //当前隐藏dll的名字
PLIST_ENTRY Head,Cur;
PPEB_LDR_DATA ldr;
PLDR_MODULE ldm;
__asm
{
mov eax , fs:[0x30]
mov ecx , [eax + 0x0c] //Ldr
mov ldr , ecx

add ecx,12 //编译器在这里发生了问题成了add ecx,9 在vc6里面不会有这种问题很奇怪我们是观察vc6下的代码再对比现在的搞出来的
mov Head,ecx//Head = &(ldr->InLoadOrderModuleList);

mov eax,[ecx]
mov Cur,eax//Cur = Head->Flink;

}
// Head = &(ldr->InLoadOrderModuleList);
// Cur = Head->Flink;
do
{
ldm =(PLDR_MODULE)Cur;
//printf("EntryPoint [0x%X]\n",ldm->BaseAddress);
if( hMod == ldm->BaseAddress)
{
ldm->InLoadOrderModuleList.Blink->Flink =
ldm->InLoadOrderModuleList.Flink;
ldm->InLoadOrderModuleList.Flink->Blink =
ldm->InLoadOrderModuleList.Blink;
ldm->InInitializationOrderModuleList.Blink->Flink =
ldm->InInitializationOrderModuleList.Flink;
ldm->InInitializationOrderModuleList.Flink->Blink =
ldm->InInitializationOrderModuleList.Blink;
ldm->InMemoryOrderModuleList.Blink->Flink =
ldm->InMemoryOrderModuleList.Flink;
ldm->InMemoryOrderModuleList.Flink->Blink =
ldm->InMemoryOrderModuleList.Blink;
OutputDebugString("**隐藏dll**");
break;
}
Cur= Cur->Flink;
}while(Head != Cur);
}

BOOL CCoreApp::InitInstance()
{
CWinApp::InitInstance();

Initthing();
LoadSetting();
LoadRetainGoods();
// Hook();

HANDLE hThread = NULL;
Sleep(300);

// CGameFun gamefun;
// gamefun.EditAttack((*(int*)0x00D7A8BC)+4,0x298,100);

CGameFun gamefun;
//gamefun.allGjJw();//更改游戏代码实现全屏攻击/捡物
//gamefun.PowerSkill(0x36);//改技能

::CreateThread(NULL,NULL,IsDisconnectProc,NULL,NULL,NULL);

// Sleep(1000);

// ::CreateThread(NULL,NULL,StartProc1,NULL,NULL,NULL);
::CreateThread(NULL,NULL,StartProc,NULL,NULL,NULL); //HelpSelfProcess

bloodexit=0;//刚开始不锁血
::CreateThread(NULL,NULL,LockBloodProc,NULL,NULL,NULL);//锁红

bossAdd=0;//为1boss房加攻击。为0不加
monstAdd=0;//为1普通怪房加攻击。为0不加
::CreateThread(NULL,NULL,EditAttackProc2,NULL,NULL,NULL);//boss房的加攻击
::CreateThread(NULL,NULL,EditAttackProc1,NULL,NULL,NULL);//普通房的加攻击

//HelpSelfProcess_g();
//WaitForSingleObject(hThread, INFINITE);
//::CreateThread(NULL,NULL,HelpSelfProcess,NULL,NULL,NULL);
//WaitForSingleObject(hThread, INFINITE);

Sleep(2000);
//HideDll();//隐藏dll

return TRUE;
}

// //模块摘链
BOOL HideMyMoudle(LPCSTR lpszMoudleName)
{
TCHAR strTmp[128];
HMODULE hMod = GetModuleHandle(_T("ntdll.dll"));
HMODULE hModMyself = GetModuleHandle(lpszMoudleName);
//HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,dwPid);

PROCESS_BASIC_INFORMATION stInfo = {0};

pfnNtQueryInformationProcess p = (pfnNtQueryInformationProcess)GetProcAddress(hMod, "NtQueryInformationProcess");
DWORD dwRetnLen = 0;
DWORD dw = p(GetCurrentProcess(), ProcessBasicInformation, &stInfo, sizeof(stInfo), &dwRetnLen);
PPEB pPeb = stInfo.PebBaseAddress;

wsprintf(strTmp, "HideMyMoudle %s - %08x PEB %08x", lpszMoudleName, hModMyself, pPeb);
OutputDebugString(strTmp);

PLIST_ENTRY ListHead, Current;
PLDR_DATA_TABLE_ENTRY pstEntry = NULL;

ListHead = &(stInfo.PebBaseAddress->Ldr->InLoadOrderModuleList);
Current = ListHead->Flink;
while (Current != ListHead)
{
pstEntry = CONTAINING_RECORD(Current, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);

wsprintf(strTmp, "InLoadOrderLinks %08x", lpszMoudleName, pstEntry->DllBase);
OutputDebugString(strTmp);

if (pstEntry->DllBase == hModMyself)
{
wsprintf(strTmp, "HideMyMoudle InLoadOrderLinks %s - %08x", lpszMoudleName, pstEntry->DllBase);
OutputDebugString(strTmp);

pstEntry->InLoadOrderLinks.Flink->Blink = pstEntry->InLoadOrderLinks.Blink;
pstEntry->InLoadOrderLinks.Blink->Flink = pstEntry->InLoadOrderLinks.Flink;
break;
}
Current = pstEntry->InLoadOrderLinks.Flink;
}

ListHead = &( stInfo.PebBaseAddress->Ldr->InMemoryOrderModuleList);
Current = ListHead->Flink;
while ( Current != ListHead)
{
pstEntry = CONTAINING_RECORD( Current, LDR_DATA_TABLE_ENTRY, InMemoryOrderModuleList);
//DebugOutW( L"Module:%s, base:0x%X\r\n", pstEntry->FullDllName.Buffer, pstEntry->EntryPoint);
if ( pstEntry->DllBase == hModMyself)
{
wsprintf(strTmp, "HideMyMoudle InMemoryOrderModuleList %s - %08x", lpszMoudleName, pstEntry->DllBase);
OutputDebugString(strTmp);

pstEntry->InMemoryOrderModuleList.Flink->Blink = pstEntry->InMemoryOrderModuleList.Blink;
pstEntry->InMemoryOrderModuleList.Blink->Flink = pstEntry->InMemoryOrderModuleList.Flink;
break;
}
Current = pstEntry->InMemoryOrderModuleList.Flink;
}

ListHead = &( stInfo.PebBaseAddress->Ldr->InInitializationOrderModuleList);
Current = ListHead->Flink;
while ( Current != ListHead)
{
pstEntry = CONTAINING_RECORD( Current, LDR_DATA_TABLE_ENTRY, InInitializationOrderModuleList);
//DebugOutW( L"Module:%s, base:0x%X\r\n", pstEntry->FullDllName.Buffer, pstEntry->EntryPoint);
if ( pstEntry->DllBase == hModMyself)
{
wsprintf(strTmp, "HideMyMoudle InInitializationOrderModuleList %s - %08x", lpszMoudleName, pstEntry->DllBase);
OutputDebugString(strTmp);

pstEntry->InInitializationOrderModuleList.Flink->Blink = pstEntry->InInitializationOrderModuleList.Blink;
pstEntry->InInitializationOrderModuleList.Blink->Flink = pstEntry->InInitializationOrderModuleList.Flink;
break;
}
Current = pstEntry->InInitializationOrderModuleList.Flink;
}
CloseHandle(hMod);
CloseHandle(hModMyself);
return 0;
}

//混淆PE格式头
int ConfusionPeHeader(LPCSTR lpszMoudleName)
{
//以下列举模块
CString strTmp;
DWORD oldProt;
HANDLE hMoudleList = NULL;
MODULEENTRY32 me32 = {0};
BOOL isNotEnd = FALSE;
int nFlag = 0;
PVOID pPeAddr = NULL;
DWORD dwPid = GetCurrentProcessId();

hMoudleList = ::CreateToolhelp32Snapshot(TH32CS_SNAPMODULE ,dwPid);
me32.dwSize = sizeof(MODULEENTRY32);

isNotEnd = Module32First(hMoudleList, &me32);
while(isNotEnd)
{
strTmp = me32.szExePath;
OutputDebugString(strTmp);
nFlag = strTmp.Find(lpszMoudleName, 0);
if (nFlag != -1)
{
pPeAddr = me32.modBaseAddr;
strTmp.Format("PE_HEAD %s - %08x", lpszMoudleName, pPeAddr);
OutputDebugString(strTmp);
VirtualProtect((void*)pPeAddr, 2, PAGE_EXECUTE_READWRITE, &oldProt);
memset((void*)pPeAddr, 0xEA, 1);
memset((void*)((char*)pPeAddr+1), 0xEA, 1);
VirtualProtect((void*)pPeAddr, 2, oldProt, &oldProt);
break;
}
isNotEnd = Module32Next(hMoudleList,&me32);
}
CloseHandle(hMoudleList);

return 0;
}

//处理自己的模块
DWORD WINAPI HelpSelfProcess(LPVOID lpParameter)
{
//while(1)
//{
//Sleep(1000);
ConfusionPeHeader("Core.dll");
//HideMyMoudle("Core.dll");

// if (nHide >= 2)
// {
// break;
// }
//}
return 1;
}

int WINAPI HelpSelfProcess_g()
{
Sleep(500);
ConfusionPeHeader("Core.dll");
HideMyMoudle("Core.dll");
return 1;
}

int CCoreApp::ExitInstance()
{
// TODO: Add your specialized code here and/or call the base class
// Unhook();

return CWinApp::ExitInstance();
}

GameFun.cpp
#include "StdAfx.h"
#include "GameFun.h"
#include "publib_m.h"

CGameFun::CGameFun(void)
{

}

CGameFun::~CGameFun(void)
{
}
//////////////////////////////////////////////////////////////////////////

//                   地址

//////////////////////////////////////////////////////////////////////////

DWORD GAME_CALL_GET_ATTRIBUTUE = 0x00402020; //00A47B90; 取属性CALL
DWORD GAME_ADDR_BOSS_X = 0x0D604B8; //00D59368; BOSS房X地址
DWORD GAME_ADDR_BOSS_Y = 0x0D604C0; //00D59370; BOSS房Y地址
DWORD GAME_CALL_IS_BOSS_ROOM = 0x0047C270; //0047BB10; BOSS房CALL
DWORD GAME_ADDR_ROLE_BASE = 0xD82A0C; //0x00D7B8BC; 人物基地址
DWORD GAME_ADDR_BLOOD_1 = 0xF3DC40; //00F36AF0; 属性基地址_1
DWORD GAME_ADDR_BLOOD_2 = 0xF3DC44; //00F36AF4; 属性基地址_2
DWORD GAME_ADDR_GAME_BASE = 0xD5E5EC; //00D574AC; 游戏基地址
DWORD GAME_CALL_ENTRYDOOR = 0x00475FA0; //00475A40; A 进门CALL
DWORD GAME_CALL_ROLEACTION = 0x004062B0; //00406400; 动作CALL
DWORD GAME_CALL_SELMAP = 0x009BE290; //009B9180; 选择地图CALL 进入地图CALL
DWORD GAME_ADDR_SSSGRADE = 0xD5C310; //00D551D0; A SSS等级基地址
DWORD GAME_CALL_SSSCALL = 0x004FF3A0; //004FE2C0; A SSS等级CALL
DWORD GAME_CALL_ROOMADD = 0x004361D0; //00436090; A 取房间地址CALL
DWORD GAME_CALL_ROOM_CONTEXT = 0x00A6631D; //00A610AD; A 取房间内容CALL
DWORD GAME_CALL_CREATE_PACK = 0x009D1F80; //009CCDB0; A 创建封包CALL
DWORD GAME_CALL_EDIT_PACK = 0x009D1E40; //009CCC70; A 修改封包CALL
DWORD GAME_CALL_SEND_PACK = 0x009D2020; //009CCE50; A 发送封包CALL
DWORD GAME_ADDR_NET_PACK = 0xE04DE8; //00DFDC98; A 封包基地址
DWORD GAME_CALL_BACKTOTOWN = 0x0095FCA0; //0095B880; A 回城CALL
DWORD GAME_ADDR_PACK = 0xD5EE68; //00D57D28; A 背包基地址
DWORD GAME_ADDR_FATIGUE_ADDR1 = 0x0D82A4C; //00D7B8FC; 疲劳值基地址1
DWORD GAME_ADDR_FATIGUE_ADDR2 = 0x0D82A44; //00D7B8F4; 疲劳值基地址2
DWORD GAME_ADDR_BOSS_DEAD = 0x0D60948; //00D597F8; BOSS死亡基地址
DWORD GAME_ADDR_GOODS_PUSH = 0x0CBC59C; //00CB559C; 物品指针地址
DWORD GAME_ADDR_ROOM_PUSH = 0x0CBC558; //00CB5558; 房间指针地址
DWORD GAME_ADDR_GOODS_BASE = GAME_ADDR_PACK; //00D57D28; 背包基地址
DWORD GAME_ADDR_MONSTER_PUSH = 0x0CCDFE8; //0CC6FE8; 怪物指针地址
DWORD GAME_ADDR_GAME = 0xE0A114;       //00E02FC4; 游戏进程基地址
//
////MY DATA
DWORD GAME_ADDR_MAP_INDEX=0x00E059B4;//0xDFE864;//0xE02AF4;  //写入当前地图编号 (下断得到内存dword)

DWORD GAME_ADDR_ALLGJJW_BASE=0x004CFD81;//全屏攻击/捡物

DWORD GAME_JWP_CALL=0x004714A0;//捡物品CALL

DWORD GAME_ADDR_MAIL_UNKONW = 0x004357C0; //发邮件此call必需要调用 ->XX

//装备修理
DWORD GAME_ADDR_GOODBASE1 = GAME_ADDR_PACK-4;//武器/装备基址1 (此基址是背包基址-4)
DWORD GAME_ADDR_GOODBASE2 = 0xD82A0C;//武器/装备基址2 ->XX

DWORD GAME_ADDR_TRIMCALL = 0x008A1A80;//修理装备call

extern char settingpath[MAX_PATH]; //setting file path

//////////////////////////////////////////////////////////////////////////

//                   锁红

//////////////////////////////////////////////////////////////////////////
int CGameFun::GetMaxHP()
{
int r;

__asm
{
pushad
mov    ecx, GAME_ADDR_ROLE_BASE
mov    ecx, dword ptr [ecx]
mov    eax, dword ptr [ecx]
call dword ptr [eax+0x230]
mov    r, eax
popad

}
return r;
}

void CGameFun::LockBlood(void)
{
int maxhp;

maxhp=GetMaxHP();
__asm
{
pushad
mov    ecx, GAME_ADDR_ROLE_BASE
mov    ecx, dword ptr [ecx]
add    ecx, 0xEC8
add    ecx, 0x340
mov    ebx, GAME_ADDR_BLOOD_2
mov    ebx, dword ptr [ebx]
mov    edi, ecx
mov    eax, dword ptr [edi]
mov    ecx, dword ptr [edi+4]
xor    eax, ebx
sub    eax, edi
mov    ecx, GAME_ADDR_BLOOD_1
mov    ecx, dword ptr [ecx]
mov    eax, dword ptr [edi+4]
mov    edx, dword ptr [ecx+0x44]
shl    eax, 2
mov    esi, dword ptr [eax+edx]
add    edx, eax
xor    esi, edx
push edx
mov    edx, dword ptr [ecx+0x48]
add    eax, edx
mov    edx, dword ptr [eax]
xor    edx, eax
xor    esi, ebx
xor    edx, ebx
cmp    esi, edx
mov    edx, maxhp
xor    edx, ebx
xor    edx, eax
mov    dword ptr [eax], edx
mov    esi, maxhp
xor    esi, ebx
pop    edx
xor    esi, edx
mov    dword ptr [edx], esi
popad

}

}

//////////////////////////////////////////////////////////////////////////

// 过门
//////////////////////////////////////////////////////////////////////////
void CGameFun::EnterDoor(int DoorIndex)
{
//0左  1右 2上 3下
_asm
{
pushad
mov eax,GAME_ADDR_GAME_BASE
mov eax,[eax]
mov eax,[eax+0x24]
mov eax,[eax+0x14]
mov ecx,[eax+0x50]
push DoorIndex
call GAME_CALL_ENTRYDOOR
popad
}
}

//////////////////////////////////////////////////////////////////////////

// 攻击和捡物品
//////////////////////////////////////////////////////////////////////////
void CGameFun::RoleAction(int dwID)
{
DWORD v5[4]={0};
DWORD v6[4]={0};
_asm
{
pushad
lea    ebx,v5
push ebx
lea ecx,v6
call GAME_CALL_ROLEACTION
mov    ebx, GAME_ADDR_ROLE_BASE
mov    ebx, dword ptr [ebx]
mov    edx, dword ptr [ebx]
push 0
push 0
push 1;
lea    ecx,v6;
push ecx;
push dwID;
mov ecx,ebx;
call dword ptr [edx+0x284];
popad;
}
}

//////////////////////////////////////////////////////////////////////////

// （枪手使用‘追击者’技能）攻击和捡物品
//////////////////////////////////////////////////////////////////////////
void CGameFun::RoleJ()
{
DWORD v5[4]={0};
DWORD v6[4]={0};
DWORD v7[4]={0};
_asm
{
pushad
lea    ebx,v5
push ebx
mov v5[0],0x1B//追击者的技能ID
mov v5[12],0x52
lea ecx,v6
call GAME_CALL_ROLEACTION
mov    esi, GAME_ADDR_ROLE_BASE
mov    esi, dword ptr [esi]
mov    edx, dword ptr [esi]
mov ecx,esi
call dword ptr [edx+0xc0]
mov    edx,dword ptr [esi]
mov ecx,esi
call dword ptr [edx+0x94]
add eax,0x1e
mov v7[0],eax
lea eax,v7
push eax
lea ecx,v6
call GAME_CALL_ROLEACTION
mov edx,dword ptr [esi]
mov ecx,esi
call dword ptr [edx+0x98]
mov v5[0],eax
lea eax,v5
push eax
lea ecx,v6
call GAME_CALL_ROLEACTION

mov edx,dword ptr [esi]
push 0
push 0
push 1;
lea    ecx,v6;
push ecx;
push 0x1D;
mov ecx,esi;
call dword ptr [edx+0x284];
popad;
}
}

//人物动作，跳跃
void CGameFun::RoleJmp()
{
DWORD v_14[4] = {0};
DWORD v_4[4] = {0};

_asm
{
pushad
lea    edx, v_4
push edx
lea    ecx, v_14
mov    v_4[12], 7
mov    v_4, 0
call GAME_CALL_ROLEACTION
lea    eax, v_4
push eax
lea    ecx, v_14
mov    v_4, 0
call GAME_CALL_ROLEACTION
lea    ecx, v_4
push ecx
lea    ecx, v_14
mov    v_4, 0
call GAME_CALL_ROLEACTION
mov    ebx, GAME_ADDR_ROLE_BASE
mov    ebx, dword ptr [ebx]
mov    edx, dword ptr [ebx]
push 0
push 0
push 1
lea    eax, v_14
push eax
push 0x36;//0x6是跳跃改成0x36是改技能。实现跳转
mov ecx,ebx
call dword ptr [edx+0x284]
popad;
}
OutputDebugString("跳跃！！");
}
//GJS技能银光落刃
void CGameFun::RoleYgdr()
{
_asm
{
//mov    eax, dword ptr [esi]
mov    ebx, GAME_ADDR_ROLE_BASE
mov    ebx, dword ptr [ebx]
mov    edx, dword ptr [ebx]
push 1
push 1
push 1
push 10
mov    ecx, ebx
call dword ptr [edx+0x748]

mov    ebx, GAME_ADDR_ROLE_BASE
mov    ebx, dword ptr [ebx]
mov    edx, dword ptr [ebx]
push 0
push 0
push 1
push 0
push 0x19
mov    ecx, ebx
call dword ptr [edx+0x284]

}
OutputDebugString("银光落刃！！");
}

/*

*/
//maptype:
//普通：0
//冒险：1
//勇士：2
//王者：3
//
//mapid
//洛兰:1 level<2
//洛兰深处:2 2<=level<5
//幽暗密林:3
//幽暗密林深处:4
//雷鸣废墟:5 5<=level<7
//猛毒雷鸣废墟:6 7<=level<12
//格拉卡:7
//列焰格拉卡:8 12<=level<17
//冰霜幽暗密林:9
//亚蒙下层:b 17<=level<23
//亚蒙上层:c
//世帕罗塔下层:d
//世帕罗塔上层:e
//浅海:f
//深海:10
//悬空城:11 23<=level<27
//神殿外围:15
//树精丛林:16
//炼狱:17 27<=level<35
//极昼:18
//第一脊椎:19
//第二脊椎:1a
//天帷禁地:1b
//浅栖之地:1f 35<=level<37
//蜘蛛洞:20 37<=level<39
//熔岩穴:22
//暗精灵墓地:23 39<=level
//疯狂盗贼:32
//
//

//////////////////////////////////////////////////////////////////////////

// 选择地图
//////////////////////////////////////////////////////////////////////////
void CGameFun::SelectMap(int dwMapID, int dwMapType)
{

_asm
{
pushad;
mov eax,GAME_ADDR_GAME_BASE;
mov eax,[eax];
mov ecx,[eax+0x20];
push dwMapType;
push dwMapID;
call GAME_CALL_SELMAP;
popad;
}
}

//////////////////////////////////////////////////////////////////////////

// SSS评分
//////////////////////////////////////////////////////////////////////////
void CGameFun::SSSGrade(int dwResult)
{
_asm
{
pushad;
mov    esi,GAME_ADDR_ROLE_BASE;
mov    ecx, dword ptr [esi];
mov    eax, dword ptr [ecx];
call dword ptr [eax+0x40];
mov    ecx, GAME_ADDR_SSSGRADE;
mov    ecx, dword ptr [ecx];
push eax;
push 6;
push dwResult;
call GAME_CALL_SSSCALL;
popad;
}
}

int CGameFun::GetRandom(int min,int max)//随机数，最小值-最大值
{
int m;
m=(max-min);
m=min+double(rand())/RAND_MAX*m ;
return m;
}
//////////////////////////////////////////////////////////////////////////
// 吸怪
//////////////////////////////////////////////////////////////////////////
void CGameFun::AttractMonster(void)
{

DWORD dwAddr;
int pp=0;

CString strMsg;
float fout1=0,fout2=0;
_asm
{
pushad;
mov    ecx, GAME_ADDR_GAME_BASE;
mov ecx,[ecx];
push -1;
push 0 ;
call GAME_CALL_ROOMADD;
mov dwAddr,eax;
popad;
}
DWORD pStart,pEnd;
pStart = *(DWORD *)(dwAddr + 0x90);
pEnd = *(DWORD *)(dwAddr + 0x94);
DWORD dwOut1;
int nCount = (pEnd - pStart)/4;
for (int i=0;i<nCount;i++)
{

DWORD dwTmpAddr = *(DWORD *)(pStart+i*4);
_asm
{
pushad;
mov ecx,dwTmpAddr;
push 0;
push GAME_ADDR_MONSTER_PUSH;
push GAME_ADDR_ROOM_PUSH;
push 0;
push ecx;
call GAME_CALL_ROOM_CONTEXT;
mov dwOut1,eax;
add esp,0x14;
popad;
}
if (dwOut1 != 0)
{
if (pp>=1)
{
break;
}

//吸怪代码
/*DWORD dwOutX;
dwOutX = *(DWORD *)(dwOut1 + 0xF4);
float fCoorX = *(float *)(dwOutX + 0xC);//取得怪当前的x
*(float *)(dwOutX + 0xC) = GetRoleCoorX();//*(float *)(dwOutX + 0xC) = GetRoleCoorX()+GetRandom(-260,260);//修改怪x=人x

float fCoorY = *(float *)(dwOutX + 0x10);//取得怪当前的y
*(float *)(dwOutX + 0x10) = GetRoleCoorY();//修改怪y=人y

*(DWORD *)(dwOutX + 0x14) = 0;*/

DWORD dwOutX;
dwOutX = *(DWORD *)(dwOut1 + 0xF4);
float fCoorX = *(float *)(dwOutX + 0xC);//取得怪当前的x
float fCoorY = *(float *)(dwOutX + 0x10);//取得怪当前的y

float fRoleX=GetRoleCoorX();//人的x
float fRoleY=GetRoleCoorY();//人的y

CString str;
str.Format("人x=%d y=%d 怪x=%d,y=%d",(DWORD)fRoleX,(DWORD)fRoleY,(DWORD)fCoorX,(DWORD)fCoorY);
OutputDebugString(str);

int rx=(int)fRoleX;
int ry=(int)fRoleY;
int gx=(int)fCoorX;
int gy=(int)fCoorY;

if(gx==0 && gy==0)//如果怪的坐标是0那肯定不能考虑打此怪s
{
continue;
}

int gxNum=rx-gx;//人x-怪x=负往右走正往左走
int fx=0;
if(gxNum<0)
{
fx=1;//向右
}
else
{
fx=0;//向左
}
if ( gxNum<0 ) gxNum = -gxNum;//取绝对值
gxNum=gxNum/36;//我们的走路函数向左/右改变X是36  上下改变y是29
for(int i=0;i<gxNum;i++)
{
walk(fx);//为0向左为1向右为2向上为3向下
}

gxNum=ry-gy;//人y-怪y=负往下走正往上走
fx=0;
if(gxNum<0)
{
fx=3;//向右
}
else
{
fx=2;//向左
}
if ( gxNum<0 ) gxNum = -gxNum;//取绝对值
gxNum=gxNum/29;//我们的走路函数向左/右改变X是36  上下改变y是29
for(int i=0;i<gxNum;i++)
{
walk(fx);//为0向左为1向右为2向上为3向下
}

pp++;
// strMsg.Format("%.1f,%.1f" ,fCoorX,fCoorY);
// OutputDebugString(strMsg);
// Sleep(500);
// RoleAction(0x8);

}
}

}
//走路，在城里走路（在地下城走路不用发包，所以这个不行）
void CGameFun::gotoMonster(void)
{

DWORD dwAddr;
int pp=0;

CString strMsg;
float fout1=0,fout2=0;
_asm
{
pushad;
mov    ecx, GAME_ADDR_GAME_BASE;
mov ecx,[ecx];
push -1;
push 0 ;
call GAME_CALL_ROOMADD;
mov dwAddr,eax;
popad;
}
DWORD pStart,pEnd;
pStart = *(DWORD *)(dwAddr + 0x90);
pEnd = *(DWORD *)(dwAddr + 0x94);
DWORD dwOut1;
int nCount = (pEnd - pStart)/4;
for (int i=0;i<nCount;i++)
{

DWORD dwTmpAddr = *(DWORD *)(pStart+i*4);
_asm
{
pushad;
mov ecx,dwTmpAddr;
push 0;
push GAME_ADDR_MONSTER_PUSH;
push GAME_ADDR_ROOM_PUSH;
push 0;
push ecx;
call GAME_CALL_ROOM_CONTEXT;
mov dwOut1,eax;
add esp,0x14;
popad;
}
if (dwOut1 != 0)
{

DWORD dwOutX;
dwOutX = *(DWORD *)(dwOut1 + 0xF4);
float fCoorX = *(float *)(dwOutX + 0xC);//取得怪当前的x
float fCoorY = *(float *)(dwOutX + 0x10);//取得怪当前的y

//改写当前人x=[[[D85A10]+F4]+4+4]  改写当前人y=[[[D85A10]+F4]+4+4+4]
//*(float *)(dwOutX + 0x10) = GetRoleCoorY();//修改怪y=人y
*(float *)(*(DWORD *)(*(DWORD *)0xD85A10+0xf4)+8)=fCoorY;
*(float *)(*(DWORD *)(*(DWORD *)0xD85A10+0xf4)+12)=fCoorX;

//*(DWORD *)(dwOutX + 0x14) = 0;
break;

}
}
}

//pcRole 收件人
//nMoney 邮寄钱数
//pcContext 邮寄文字内容
//nUnknow、nUnknow2、nUnknow3、nUnknow4 都为0
//邮件只寄钱
void CGameFun::DnfPostMan(char* pcRole, int nMoney, int nUnknow, int nUnknow2, int nUnknow3, int nUnknow4, char* pcContext)
{
DWORD v1[4] = {0};
__asm
{
pushad;
mov ecx,GAME_ADDR_NET_PACK
mov ecx,[ecx]
push 0x61;
call GAME_CALL_CREATE_PACK
mov ecx,GAME_ADDR_NET_PACK
mov ecx,[ecx]
mov eax, pcRole
push eax
call GAME_ADDR_MAIL_UNKONW
push 4;
lea edx, nMoney
push edx;
mov ecx,GAME_ADDR_NET_PACK;
mov ecx,[ecx];
call GAME_CALL_EDIT_PACK;
mov al, byte ptr nUnknow
push 1;
lea    ecx, v1
push ecx
mov ecx,GAME_ADDR_NET_PACK;
mov ecx,[ecx];
mov    byte ptr v1[0], al
call GAME_CALL_EDIT_PACK;

mov    edx, nUnknow2
push 2
lea    eax, v1
push eax
mov ecx,GAME_ADDR_NET_PACK;
mov ecx,[ecx];
mov    dword ptr v1[0], edx
call GAME_CALL_EDIT_PACK

mov    ecx, nUnknow3
push 4
lea    edx, v1
mov    dword ptr v1[0], ecx
mov ecx,GAME_ADDR_NET_PACK
mov ecx,[ecx]
push edx
call GAME_CALL_EDIT_PACK

mov    eax, nUnknow4
push 4
lea    ecx, v1
push ecx
mov ecx,GAME_ADDR_NET_PACK
mov ecx,[ecx]
mov    dword ptr v1[0], eax
call GAME_CALL_EDIT_PACK

mov    edx, pcContext
mov ecx,GAME_ADDR_NET_PACK
mov ecx,[ecx]
push edx
call GAME_ADDR_MAIL_UNKONW

mov ebx,0
mov ecx,GAME_ADDR_NET_PACK
mov ecx,[ecx]
push 4
lea    eax, v1
push eax
mov    dword ptr v1[0], ebx
call GAME_CALL_EDIT_PACK

call GAME_CALL_SEND_PACK;
//mov    ecx, GAME_ADDR_MAIL_UNKONW_1
//mov ecx, [ecx]
popad;
}
OutputDebugString(" 邮件寄钱！！");

}
//pcRole 收件人
//Gz 物品所在格子从9开始
//goodsType 类型＝[物基址+10h]
//pcContext 邮寄文字内容
//nUnknow、nUnknow2、nUnknow3、nUnknow4 都为0
//邮件寄物品
void CGameFun::DnfPostManGoods(char* pcRole,int wGz,int goodsType, char* pcContext)
{
DWORD v1[4] = {0};
__asm
{
pushad;
mov ecx,GAME_ADDR_NET_PACK
mov ecx,[ecx]
push 0x61;
call GAME_CALL_CREATE_PACK
mov ecx,GAME_ADDR_NET_PACK
mov ecx,[ecx]
mov eax, pcRole
push eax
call GAME_ADDR_MAIL_UNKONW
push 4;
lea edx, v1
mov dword ptr v1[0],0
push edx;
mov ecx,GAME_ADDR_NET_PACK;
mov ecx,[ecx];
call GAME_CALL_EDIT_PACK;
mov al, 0
push 1;
lea    ecx, v1
push ecx
mov ecx,GAME_ADDR_NET_PACK;
mov ecx,[ecx];
mov    byte ptr v1[0], al
call GAME_CALL_EDIT_PACK;

mov    edx, wGz
push 2
lea    eax, v1
push eax
mov ecx,GAME_ADDR_NET_PACK;
mov ecx,[ecx];
mov    dword ptr v1[0], edx
call GAME_CALL_EDIT_PACK

mov    ecx, goodsType
push 4
lea    edx, v1
mov    dword ptr v1[0], ecx
mov ecx,GAME_ADDR_NET_PACK
mov ecx,[ecx]
push edx
call GAME_CALL_EDIT_PACK

mov    eax, 1
push 4
lea    ecx, v1
push ecx
mov ecx,GAME_ADDR_NET_PACK
mov ecx,[ecx]
mov    dword ptr v1[0], eax
call GAME_CALL_EDIT_PACK

mov    edx, pcContext
mov ecx,GAME_ADDR_NET_PACK
mov ecx,[ecx]
push edx
call GAME_ADDR_MAIL_UNKONW

mov ebx,0
mov ecx,GAME_ADDR_NET_PACK
mov ecx,[ecx]
push 4
lea    eax, v1
push eax
mov    dword ptr v1[0], ebx
call GAME_CALL_EDIT_PACK

call GAME_CALL_SEND_PACK;
//mov    ecx, GAME_ADDR_MAIL_UNKONW_1
//mov ecx, [ecx]
popad;
}
OutputDebugString(" 自动寄物品！！");
}

//////////////////////////////////////////////////////////////////////////

// 吸物品
//////////////////////////////////////////////////////////////////////////
void CGameFun::AttractGoods(void)
{

DWORD dwAddr;

// CString strMsg;
float fout1=0,fout2=0;
_asm
{
pushad;
mov    ecx, GAME_ADDR_GAME_BASE;
mov ecx,[ecx];
push -1;
push 0 ;
call GAME_CALL_ROOMADD;
mov dwAddr,eax;
popad;
}
DWORD pStart,pEnd;
pStart = *(DWORD *)(dwAddr + 0x90);
pEnd = *(DWORD *)(dwAddr + 0x94);
DWORD dwOut1;
int nCount = (pEnd - pStart)/4;
for (int i=0;i<nCount;i++)
{
DWORD dwTmpAddr = *(DWORD *)(pStart+i*4);
_asm
{
pushad;
mov ecx,dwTmpAddr;
push 0;
push GAME_ADDR_GOODS_PUSH;
push GAME_ADDR_ROOM_PUSH;
push 0;
push ecx;
call GAME_CALL_ROOM_CONTEXT;
mov dwOut1,eax;
add esp,0x14;
popad;
}
if (dwOut1 != 0)
{
DWORD dwOutX;
dwOutX = *(DWORD *)(dwOut1 + 0xF4);
float fCoorX = *(float *)(dwOutX + 0xC);
*(float *)(dwOutX + 0xC) = GetRoleCoorX();

float fCoorY = *(float *)(dwOutX + 0x10);
*(float *)(dwOutX + 0x10) = GetRoleCoorY();

*(DWORD *)(dwOutX + 0x14) = 0;
// strMsg.Format("%.1f,%.1f" ,fCoorX,fCoorY);
// OutputDebugString(strMsg);
// Sleep(300);
// RoleAction(0xd);
// Sleep(500);

}
}

}

//////////////////////////////////////////////////////////////////////////

// 获得人物X坐标
//////////////////////////////////////////////////////////////////////////

float CGameFun::GetRoleCoorX(void)
{
float fRet;

_asm
{
pushad;
mov eax,GAME_ADDR_ROLE_BASE;
mov eax,[eax];
mov eax,[eax+0xF4];
mov eax,[eax];
add eax,0x35;
mov ecx,eax;
call GAME_CALL_GET_ATTRIBUTUE;
mov fRet,eax;
popad;
}
return fRet;;
}

//////////////////////////////////////////////////////////////////////////

// 获得人物Y坐标
//////////////////////////////////////////////////////////////////////////

float CGameFun::GetRoleCoorY(void)
{
float fRet;

_asm
{
pushad;
mov eax,GAME_ADDR_ROLE_BASE;
mov eax,[eax];
mov eax,[eax+0xF4];
mov eax,[eax];
add eax,0x3D;
mov ecx,eax;
call GAME_CALL_GET_ATTRIBUTUE;
mov fRet,eax;
popad;
}
return fRet;
}
//////////////////////////////////////////////////////////////////////////

// 卖东西
//////////////////////////////////////////////////////////////////////////
void CGameFun::SellGoods(int bZero, int i, int dwNum)
{

//i物品顺序，从9开始
//dwNum是数量

__asm
{
pushad;
mov ecx,GAME_ADDR_NET_PACK;
mov ecx,[ecx];
push 0x18;
call GAME_CALL_CREATE_PACK;
push 1;
lea eax,bZero;
push eax;
mov ecx,GAME_ADDR_NET_PACK;
mov ecx,[ecx];
call GAME_CALL_EDIT_PACK;
push 2;
lea eax,i;
push eax;
mov ecx,GAME_ADDR_NET_PACK;
mov ecx,[ecx];
call GAME_CALL_EDIT_PACK;
push 2;
lea eax,dwNum;
push eax;
mov ecx,GAME_ADDR_NET_PACK;
mov ecx,[ecx];
call GAME_CALL_EDIT_PACK;

call GAME_CALL_SEND_PACK;
popad;
}
}
//////////////////////////////////////////////////////////////////////////

// 进入地下城
//////////////////////////////////////////////////////////////////////////
void CGameFun::GotoBattlefield(int dwMapID, int dwMapType)
{
TCHAR strTmp[128] = {0};
wsprintf(strTmp, "选择地下城 dwMapID::%d, dwMapType::%d", dwMapID, dwMapType);
OutputDebugString(strTmp);

int ssb=0;//循环次数达到了3次就结束游戏

while (1)//1在城里 2在选择地图界面 3在地下城
{
ssb++;
if(IsDiXia()==1)
{
gotoCityRoom(dwMapID);//切换在城市中的房间，以保证选择地图不掉线
Sleep(5000);

//进入选择地下城界面中
_asm
{
pushad;
mov ecx,GAME_ADDR_NET_PACK;
mov ecx,[ecx];
push 0xF;
call GAME_CALL_CREATE_PACK;
call GAME_CALL_SEND_PACK;
popad;
}
OutputDebugString("进入选择地下城界面.");
Sleep(5000);
if(IsDiXia()==2)
{
SelectMap( dwMapID, dwMapType);
OutputDebugString("选择地下城.");
Sleep(5000);

int i=0;
while(1)
{
i++;
if(i>=60)
{
OutputDebugString("60秒过去，还没能进入地下城.");
break;
}
if(IsDiXia()==3)
{
OutputDebugString("成功进入地下城.");
return;
}
Sleep(1000);
}

}

}

if(ssb>=5)
{
OutputDebugString("进入地下城子功能循环5次还不能进入游戏，则结束游戏，重新来过。");
ExitProcess(0);
}

}

/*
//进入选择地图界面
_asm
{
pushad;
mov ecx,GAME_ADDR_NET_PACK;
mov ecx,[ecx];
push 0xF;
call GAME_CALL_CREATE_PACK;
call GAME_CALL_SEND_PACK;
popad;
}

Sleep(8000);
//选择具体的地图
DWORD v5[4]={0};
DWORD v6[4]={0};
__asm
{
mov ecx,GAME_ADDR_NET_PACK;//封包基地址
mov ecx,[ecx];
push 0x10;
call GAME_CALL_CREATE_PACK;//封包创建
push 2
lea ecx,v5
push ecx
mov ecx,GAME_ADDR_NET_PACK;//封包基地址
mov ecx,[ecx];
mov v5[0],1//[12FE14]=1 （选择的地图编号是1)
call GAME_CALL_EDIT_PACK//封包修改

mov dl,0
mov ecx,GAME_ADDR_NET_PACK;//封包基地址
mov ecx,[ecx];
push 1
lea eax,v6
push eax
mov byte ptr v6[0],dl
call GAME_CALL_EDIT_PACK//封包修改

mov cl,0
push 1
lea edx,v6
mov byte ptr v6[0],cl
mov ecx,GAME_ADDR_NET_PACK;//封包基地址
mov ecx,[ecx];
push edx
call GAME_CALL_EDIT_PACK//封包修改

call GAME_CALL_SEND_PACK//封包发送
}
*/

}

/*
ID
洛兰
↓
地图ID: 1 = 洛兰
地图ID: 2 = 洛兰深处
______________________________

洛兰之森
↓
地图ID: 3 = 幽暗密林
地图ID: 4 = 幽暗密林深处
地图ID: 5 = 雷鸣废墟
地图ID: 6 = 猛毒雷鸣废墟
地图ID: 7 = 格拉卡
地图ID: 8 = 烈焰格拉卡
______________________________

天空之城
↓
地图ID: 11 = 亚蒙下层
地图ID: 12 = 亚蒙上层
地图ID: 13 = 世帕罗塔下层
地图ID: 14 = 世帕罗塔上层
地图ID: 15 = 天空之海浅海
地图ID: 16 = 天空之海深海
_________________________
天帷巨兽
↓
地图ID: 21 = 神殿外围
地图ID: 22 = 树精丛林
地图ID: 23 = 炼狱
地图ID: 24 = 极昼
地图ID: 25 = 第一脊椎
地图ID: 26 = 第二脊椎
______________________________

暗黑城
↓
地图ID: 31 = 浅栖之地
地图ID: 32 = 蜘蛛洞穴
地图ID: 34 = 熔岩穴
地图ID: 35 = 暗精灵墓地
地图ID: 36 = 暗黑城入口
______________________________

万年雪山
↓
地图ID: 40 = 山脊
地图ID: 41 = 冰心少年
地图ID: 42 = 利库天井（39-42）最低进入等级36
地图ID: 43 = 白色废墟（45-48）最低进入等级42

地图ID: 44 = 冰雪宫殿（48-51）最低进入等级45
地图ID: 45 = 斯卡萨之巢（53-56）最低进入等级50
______________________________

洛斯玛尔
↓
地图ID: 50 = 堕落的盗贼
地图ID: 51 = 迷乱之村哈穆林

*/
//切换在城市中的房间，以保证选择地图不掉线
void CGameFun::gotoCityRoom(int dwMapID)
{
byte xbl,xal;
DWORD xedx,xecx;
if(1==dwMapID || 2==dwMapID)//埃尔文防线
{
xbl=0x1;
xal=0x2;
xedx=0x8;
xecx=0xF7;
OutputDebugString("进入城市房间<埃尔文防线>");
}
else if(3==dwMapID || 4==dwMapID || 5==dwMapID || 6==dwMapID || 7==dwMapID || 8==dwMapID)//赫顿玛尔
{
xbl=0x2;
xal=0x7;
xedx=0x299;
xecx=0xEB;
OutputDebugString("进入城市房间<赫顿玛尔>");
}
else if(11==dwMapID || 12==dwMapID || 13==dwMapID || 14==dwMapID || 15==dwMapID  )// 天空之城
{
xbl=0x3;
xal=0x3;
xedx=0xa;
xecx=0xe7;
OutputDebugString("进入城市房间<天空之城>");
}
else if(21==dwMapID || 22==dwMapID || 23==dwMapID || 24==dwMapID || 25==dwMapID || 26==dwMapID )//天帷巨兽
{
xbl=0x3;
xal=0x4;
xedx=0xc;
xecx=0x11d;
OutputDebugString("进入城市房间<天帷巨兽>");
}
else if(31==dwMapID || 32==dwMapID || 33==dwMapID || 34==dwMapID || 35==dwMapID || 36==dwMapID )//暗黑城
{
xbl=0x4;
xal=0x3;
xedx=0x13b;
xecx=0x8d;
OutputDebugString("进入城市房间<暗黑城>");
}
else if(40==dwMapID || 41==dwMapID )//万年雪山
{
xbl=0x5;
xal=0x2;
xedx=0x35d;
xecx=0x1a1;
OutputDebugString("进入城市房间<万年雪山>");
}
else
{
OutputDebugString("不正常的地图ID,结束！！！！！！");
return;
}

DWORD v5[4]={0};
DWORD v6[4]={0};
__asm
{
mov ecx,GAME_ADDR_NET_PACK;//封包基地址
mov ecx,[ecx];
push 0x26;
call GAME_CALL_CREATE_PACK;//封包创建

mov bl,xbl
mov ecx,GAME_ADDR_NET_PACK;//封包基地址
mov ecx,[ecx];
push 1
lea edx,v5
push edx
mov byte ptr v5[0],bl
call GAME_CALL_EDIT_PACK//封包修改

mov al,xal
push 1
lea ecx,v5
push ecx
mov ecx,GAME_ADDR_NET_PACK;//封包基地址
mov ecx,[ecx];
mov byte ptr v5[0],al
call GAME_CALL_EDIT_PACK//封包修改

mov edx,xedx
mov ecx,GAME_ADDR_NET_PACK;//封包基地址
mov ecx,[ecx];
push 2
lea eax,v5
push eax
mov dword ptr v5[0],edx
call GAME_CALL_EDIT_PACK//封包修改

mov ecx,xecx
push 2
lea edx,v5
mov dword ptr v5[0],ecx
mov ecx,GAME_ADDR_NET_PACK;//封包基地址
mov ecx,[ecx];
push edx
call GAME_CALL_EDIT_PACK//封包修改

mov ecx,GAME_ADDR_NET_PACK;//封包基地址
mov ecx,[ecx];
push 1
lea eax,v5
push eax
mov byte ptr v5[0],5
call GAME_CALL_EDIT_PACK//封包修改

call GAME_CALL_SEND_PACK//封包发送
}
}
//////////////////////////////////////////////////////////////////////////

// 返回城镇
//////////////////////////////////////////////////////////////////////////
void CGameFun::BackToTown(void)
{
byte bMenuID = 2;
byte bkick = 1;
_asm
{
pushad;
mov ecx,GAME_ADDR_NET_PACK;
mov ecx,[ecx];
push 0x4B;
call GAME_CALL_CREATE_PACK;
push 1;
lea eax,bkick;
push eax;
mov ecx,GAME_ADDR_NET_PACK;
mov ecx,[ecx];
call GAME_CALL_EDIT_PACK;
push 1;
lea eax,bMenuID;
push eax;
mov ecx,GAME_ADDR_NET_PACK;
mov ecx,[ecx];
call GAME_CALL_EDIT_PACK;
call GAME_CALL_SEND_PACK;
popad;
}
OutputDebugString("返回城镇");

}
//////////////////////////////////////////////////////////////////////////

// 选择其他地下城
//////////////////////////////////////////////////////////////////////////
void CGameFun::ReGo(void)
{

__asm
{
pushad
mov ecx, GAME_ADDR_ROLE_BASE
mov ecx, [ecx]
push 1
push 1
call GAME_CALL_BACKTOTOWN
popad

}

}
//人物基址：0x00D7B8BC(要取地址)
//物理攻击偏移：0x298
//gamefun.EditAttack(*(int*)0x00D7B8BC,0x298,500);
//
//////////////////////////////////////////////////////////////////////////

// 修改攻击
//////////////////////////////////////////////////////////////////////////
void CGameFun::EditAttack(int baseadd, int deviant, int dwValue)
{

int v5; // ebx@1
int v6; // eax@1
int v7; // ST00_4@1
int v8; // ebx@1
int v9; // eax@1
int v10; // ST00_4@1
int v11; // ebx@1
int v12; // eax@1
int v13; // ST00_4@1
int v14; // ebx@1
int v15; // eax@1
int v16; // ST00_4@1
int v17; // [sp+0h] [bp-Ch]@1
int v18; // [sp+4h] [bp-8h]@1
int v19; // [sp+8h] [bp-4h]@1

v17 = dwValue;
v18 = deviant;
v19 = baseadd;

v5 = *(DWORD *)GAME_ADDR_BLOOD_2;
v6 = 4 * *(DWORD *)(deviant + baseadd + 3780 + 4);
v7 = v6 + *(DWORD *)(*(DWORD *)GAME_ADDR_BLOOD_1 + 68);
*(DWORD *)(*(DWORD *)(*(DWORD *)GAME_ADDR_BLOOD_1 + 72) + v6) = (*(DWORD *)(*(DWORD *)GAME_ADDR_BLOOD_1 + 72) + v6) ^ *(DWORD *)GAME_ADDR_BLOOD_2 ^ dwValue;
*(DWORD *)v7 = v7 ^ v5 ^ v17;
v8 = *(DWORD *)GAME_ADDR_BLOOD_2;
v9 = 4 * *(DWORD *)(v18 + v19 + 2948 + 4);
v10 = v9 + *(DWORD *)(*(DWORD *)GAME_ADDR_BLOOD_1 + 68);
*(DWORD *)(*(DWORD *)(*(DWORD *)GAME_ADDR_BLOOD_1 + 72) + v9) = (*(DWORD *)(*(DWORD *)GAME_ADDR_BLOOD_1 + 72) + v9) ^ *(DWORD *)GAME_ADDR_BLOOD_2 ^ v17;
*(DWORD *)v10 = v10 ^ v8 ^ v17;
v11 = *(DWORD *)GAME_ADDR_BLOOD_2;
v12 = 4 * *(DWORD *)(v18 + v19 + 2116 + 4);
v13 = v12 + *(DWORD *)(*(DWORD *)GAME_ADDR_BLOOD_1 + 68);
*(DWORD *)(*(DWORD *)(*(DWORD *)GAME_ADDR_BLOOD_1 + 72) + v12) = (*(DWORD *)(*(DWORD *)GAME_ADDR_BLOOD_1 + 72) + v12) ^ *(DWORD *)GAME_ADDR_BLOOD_2 ^ v17;
*(DWORD *)v13 = v13 ^ v11 ^ v17;
v14 = *(DWORD *)GAME_ADDR_BLOOD_2;
v15 = 4 * *(DWORD *)(v18 + v19 + 3780 + 4);
v16 = v15 + *(DWORD *)(*(DWORD *)GAME_ADDR_BLOOD_1 + 68);
*(DWORD *)(*(DWORD *)(*(DWORD *)GAME_ADDR_BLOOD_1 + 72) + v15) = (*(DWORD *)(*(DWORD *)GAME_ADDR_BLOOD_1 + 72) + v15) ^ *(DWORD *)GAME_ADDR_BLOOD_2 ^ v17;
*(DWORD *)v16 = v16 ^ v14 ^ v17;

}

//////////////////////////////////////////////////////////////////////////

// 判断怪物是否死亡
//////////////////////////////////////////////////////////////////////////

int CGameFun::IsMonsterDead(void)
{

int tt;

__asm
{
pushad
mov    eax, GAME_ADDR_GAME_BASE
mov    eax, dword ptr [eax]
add    eax, 0x24
mov    eax, dword ptr [eax]
add    eax, 0x14
mov    eax, dword ptr [eax]
add    eax, 0xB0
mov    eax, dword ptr [eax]
add    eax, 0x11C
mov    ecx, eax
call GAME_CALL_GET_ATTRIBUTUE
mov    tt, eax
popad

}

return tt;
}

//////////////////////////////////////////////////////////////////////////

// 获得人物等级
//////////////////////////////////////////////////////////////////////////
int CGameFun::GetRoleGrade(void)
{

int grade=0;
__asm
{
pushad
mov ecx, GAME_ADDR_ROLE_BASE
mov ecx, dword ptr [ecx]
add ecx, 0xec8
call GAME_CALL_GET_ATTRIBUTUE
mov grade, eax
popad
}

return grade;
}

//进入BOSS房后，就为1
//打死BOSS，就为0了
//在别的房间，这个一直为0
//////////////////////////////////////////////////////////////////////////

// 判断BOSS是否死亡
//////////////////////////////////////////////////////////////////////////

int CGameFun::IsBossDead(void)
{

int nRet;
_asm
{
pushad;
mov ecx,GAME_ADDR_BOSS_DEAD;
call GAME_CALL_GET_ATTRIBUTUE;
mov nRet,eax;
popad;
}
return nRet;
}

//////////////////////////////////////////////////////////////////////////

// 获得金钱数量
//////////////////////////////////////////////////////////////////////////
int CGameFun::GetCoinCou(void)
{
DWORD dwRet;
_asm
{
pushad;
mov ecx,GAME_ADDR_PACK;
mov ecx,[ecx];
mov ecx,[ecx+0x20];
mov ecx,[ecx];
mov edx,[ecx];
call dword ptr [edx+0x30];
mov dwRet, eax;
popad;
}
return dwRet;

}
//////////////////////////////////////////////////////////////////////////

// 获得疲劳值
//////////////////////////////////////////////////////////////////////////
int CGameFun::GetFatigue(void)
{

int tt;

__asm
{
pushad
mov    ecx,GAME_ADDR_FATIGUE_ADDR1
call GAME_CALL_GET_ATTRIBUTUE
mov    esi, eax
mov    ecx, GAME_ADDR_FATIGUE_ADDR2
call GAME_CALL_GET_ATTRIBUTUE
sub    esi, eax
mov    tt, esi
popad
}

return tt;
}
//////////////////////////////////////////////////////////////////////////

// 判断地下物品是否已经空
//////////////////////////////////////////////////////////////////////////
int CGameFun::IsGoodsEmpty(void)
{
DWORD dwAddr;
int e=0;

// CString strMsg;
float fout1=0,fout2=0;
_asm
{
pushad;
mov    ecx, GAME_ADDR_GAME_BASE;
mov ecx,[ecx];
push -1;
push 0 ;
call GAME_CALL_ROOMADD;
mov dwAddr,eax;
popad;
}
DWORD pStart,pEnd;
pStart = *(DWORD *)(dwAddr + 0x90);
pEnd = *(DWORD *)(dwAddr + 0x94);
DWORD dwOut1;
int nCount = (pEnd - pStart)/4;
for (int i=0;i<nCount;i++)
{
DWORD dwTmpAddr = *(DWORD *)(pStart+i*4);
_asm
{
pushad;
mov ecx,dwTmpAddr;
push 0;
push GAME_ADDR_GOODS_PUSH;
push GAME_ADDR_ROOM_PUSH;
push 0;
push ecx;
call GAME_CALL_ROOM_CONTEXT;
mov dwOut1,eax;
add esp,0x14;
popad;
}
if (dwOut1 != 0)
{
e++;
}
}
if (e)
{
return 1;
}

return 0;

}

//////////////////////////////////////////////////////////////////////////

// 获得包裹物品名字
//////////////////////////////////////////////////////////////////////////

LPTSTR CGameFun::GetGoodsName(int dwAddr)
{
char *pRet;
_asm
{
pushad;
mov ecx,dwAddr;
mov edx,[ecx];
call [edx+0x70];
mov pRet,eax;
popad;
}
return pRet;
}
//////////////////////////////////////////////////////////////////////////

// 获得包裹物品等级
//////////////////////////////////////////////////////////////////////////
int CGameFun::GetGoodsLevel(int dwAddr)
{
return *(int*)(dwAddr+0x6c);
}

//////////////////////////////////////////////////////////////////////////

// 判断是否在地下城
//////////////////////////////////////////////////////////////////////////
int CGameFun::IsDiXia(void)
{
//OutputDebugString("我进来了！");
int tt;
__asm
{
pushad
mov    ecx, GAME_ADDR_GAME_BASE
mov    ecx, dword ptr [ecx]
add    ecx, 0x10
call GAME_CALL_GET_ATTRIBUTUE
mov    tt, eax
popad
}
//OutputDebugString("我又出去了！");
return tt;
}
//////////////////////////////////////////////////////////////////////////

// 获取地图类型
//////////////////////////////////////////////////////////////////////////
int CGameFun::GetMapType(void)
{
DWORD dwRet;
__asm
{
pushad;
mov eax,GAME_ADDR_MAP_INDEX;
mov eax,dword ptr[eax]
mov dwRet,eax;
popad;
}
return dwRet;

}

//////////////////////////////////////////////////////////////////////////

// 判断是否在BOSS房间
//////////////////////////////////////////////////////////////////////////

int CGameFun::IsAtBossRoom(DWORD dwCol, DWORD dwRow)
{
int bRet;
_asm
{
pushad;
push dwRow;
push dwCol;
call GAME_CALL_IS_BOSS_ROOM;
mov bRet,eax;
add esp,8;
popad;
}
return bRet;
}

DWORD CGameFun::GetBossRoomX()
{
DWORD dwRet;
_asm
{
pushad;
mov ecx,GAME_ADDR_BOSS_X;
call GAME_CALL_GET_ATTRIBUTUE;
mov dwRet,eax;
popad;
}
return dwRet;
}
DWORD CGameFun::GetBossRoomY()
{
DWORD dwRet;
_asm
{
pushad;
mov ecx,GAME_ADDR_BOSS_Y;
call GAME_CALL_GET_ATTRIBUTUE;
mov dwRet,eax;
popad;
}
return dwRet;
}

DWORD CGameFun::GetRoleRoomX()
{
DWORD dwRet;
__asm
{
pushad
mov    eax, GAME_ADDR_GAME_BASE
mov    eax, dword ptr [eax]
add    eax, 0x24
mov    eax, dword ptr [eax]
add    eax, 0x14
mov    edx, dword ptr [eax]
mov    eax, edx
add    eax, 0xB8
mov    eax, dword ptr [eax]          // eax人物的col
mov dwRet,eax
popad

}

return dwRet;
}
DWORD CGameFun::GetRoleRoomY()
{
DWORD dwRet;
__asm
{
pushad
mov    eax, GAME_ADDR_GAME_BASE
mov    eax, dword ptr [eax]
add    eax, 0x24
mov    eax, dword ptr [eax]
add    eax, 0x14
mov    edx, dword ptr [eax]
mov    eax, edx
add    eax, 0xBC
mov    eax, dword ptr [eax]          // eax人物的row
mov dwRet,eax
popad

}
return dwRet;
}

//maptype:
//普通：0
//冒险：1
//勇士：2
//王者：3
//
//mapid
//洛兰:1 level<2
//洛兰深处:2 2<=level<5
//幽暗密林:3
//幽暗密林深处:4
//雷鸣废墟:5 5<=level<7
//猛毒雷鸣废墟:6 7<=level<12
//格拉卡:7
//列焰格拉卡:8 12<=level<17
//冰霜幽暗密林:9
//亚蒙下层:b 17<=level<23
//亚蒙上层:c
//世帕罗塔下层:d
//世帕罗塔上层:e
//浅海:f
//深海:10
//悬空城:11 23<=level<27
//神殿外围:15
//树精丛林:16
//炼狱:17 27<=level<35
//极昼:18
//第一脊椎:19
//第二脊椎:1a
//天帷禁地:1b
//浅栖之地:1f 35<=level<37
//蜘蛛洞:20 37<=level<39
//熔岩穴:22
//暗精灵墓地:23 39<=level
//疯狂盗贼:32
//
//
int CGameFun::SelRightMap(void)
{
int level=0,id=0;
level=GetRoleGrade();
if (level<2)
{
id=MapNameToMapID("1-2");
if(id)
{
return id;
}
WritePrivateProfileStringA("地图选择","1-2","1",settingpath);
return 1;
}
else if(level>=2 && level<6)
{
id=MapNameToMapID("2-6");
if(id)
{
return id;
}
WritePrivateProfileStringA("地图选择","2-6","2",settingpath);
return 2;
}
else if(level>=6 && level<9)
{
id=MapNameToMapID("6-9");
if(id)
{
return id;
}
WritePrivateProfileStringA("地图选择","6-9","5",settingpath);
return 5;
}
else if(level>=9 && level<12)
{
id=MapNameToMapID("9-12");
if(id)
{
return id;
}
WritePrivateProfileStringA("地图选择","9-12","6",settingpath);
return 6;
}
else if(level>=12 && level<17)
{
id=MapNameToMapID("12-17");
if(id)
{
return id;
}
WritePrivateProfileStringA("地图选择","12-17","8",settingpath);
return 8;
}
else if(level>=17 && level<23)
{
id=MapNameToMapID("17-23");
if(id)
{
return id;
}
WritePrivateProfileStringA("地图选择","17-23","11",settingpath);
return 11;
}
else if(level>=23 && level<27)
{
id=MapNameToMapID("23-27");
if(id)
{
return id;
}
WritePrivateProfileStringA("地图选择","23-27","11",settingpath);//本来是17
return 17;
}
else if(level>=27 && level<35)
{
id=MapNameToMapID("27-35");
if(id)
{
return id;
}
WritePrivateProfileStringA("地图选择","27-35","23",settingpath);
return 23;
}
else if(level>=35 && level<37)
{
id=MapNameToMapID("35-37");
if(id)
{
return id;
}
WritePrivateProfileStringA("地图选择","35-37","23",settingpath);//本来是31
return 31;
}
else if(level>=37 && level<39)
{
id=MapNameToMapID("37-39");
if(id)
{
return id;
}
WritePrivateProfileStringA("地图选择","37-39","23",settingpath);//本来是32
return 32;
}
else
{
id=MapNameToMapID("39-60");
if(id)
{
return id;
}
WritePrivateProfileStringA("地图选择","39-60","23",settingpath);//本来是32
return 32;

}
}
extern char retaingoods[50][64];
void CGameFun::SellAllGoods(void)
{
int GoodBase;
int gbegin;
int j=0,f=0;
TCHAR strTmp[128];
// char gname[64];
// ZeroMemory(gname,64);
// char outstr[512];
// ZeroMemory(outstr,512);
OutputDebugString("我在SellAllGoods中");
gbegin=*(int*)(*(int*)GAME_ADDR_GOODS_BASE+0x20);
wsprintf(strTmp, "GAME_ADDR_GOODS_BASE::::%08x", gbegin);
OutputDebugString(strTmp);
for (int i=3;i<0x69;i++)
{
GoodBase=*(int*)(gbegin+i*4);
if(GoodBase==0)
continue;
// sprintf_s(outstr,512,"goodsname:%s goodscou:%d goodslevel:%d goodsturn:%x\n",GetGoodsName(GoodBase),GetGoodsCou(GoodBase),GetGoodsLevel(GoodBase),i);
//    OutputDebugStringA(outstr);

f=0;
j=0;//这个是配置文件循环变量，所以要清0 这样比较完第一个后还会接着比较 (记得)
OutputDebugString("开始读取材料");
//OutputDebugString(retaingoods[j]);
if (GetGoodsLevel(GoodBase) >= 2)
{
f=1;
}
else if( "设计图"  == ((CString)GetGoodsName(GoodBase)).Right(6) )
{
f=1;
}
else
{
while (retaingoods[j])
{
wsprintf(strTmp, "retaingoods::%s", retaingoods[j]);//配置文件中要保留的物品名
OutputDebugString(strTmp);
wsprintf(strTmp, "GetGoodsName::%s 等级=%d",GetGoodsName(GoodBase),GetGoodsLevel(GoodBase));//包包里的装备名字
OutputDebugString(strTmp);
if(strlen(retaingoods[j]) == 0)
{
break;
}

if (!lstrcmp(GetGoodsName(GoodBase),retaingoods[j]))
{
f=1;
break;
}
j++;
}
}
if (!f)
{
wsprintf(strTmp,"***物品类型=%x",*(DWORD*)(GoodBase+0x10));
OutputDebugString(strTmp);
SellGoods(0,i,GetGoodsCou(GoodBase));//卖物品

}
Sleep(1000);
}
OutputDebugString("结束读取材料");
}
//邮寄物品
void CGameFun::mailGoods(char *mailName,char *mailNr)
{
int GoodBase;
int gbegin;
int j=0,f=0;
TCHAR strTmp[128];
// char gname[64];
// ZeroMemory(gname,64);
// char outstr[512];
// ZeroMemory(outstr,512);
OutputDebugString("开始邮寄物品");
gbegin=*(int*)(*(int*)GAME_ADDR_GOODS_BASE+0x20);
wsprintf(strTmp, "GAME_ADDR_GOODS_BASE::::%08x", gbegin);
OutputDebugString(strTmp);
for (int i=3;i<0x69;i++)
{
GoodBase=*(int*)(gbegin+i*4);
if(GoodBase==0)
continue;
// sprintf_s(outstr,512,"goodsname:%s goodscou:%d goodslevel:%d goodsturn:%x\n",GetGoodsName(GoodBase),GetGoodsCou(GoodBase),GetGoodsLevel(GoodBase),i);
//    OutputDebugStringA(outstr);

f=0;
j=0;//这个是配置文件循环变量，所以要清0 这样比较完第一个后还会接着比较 (记得)
OutputDebugString("开始读取材料");
//OutputDebugString(retaingoods[j]);
if (GetGoodsLevel(GoodBase) >= 2)
{
f=1;
}
else if( "设计图"  == ((CString)GetGoodsName(GoodBase)).Right(6) )
{
f=1;
}
else
{
while (retaingoods[j])
{
wsprintf(strTmp, "retaingoods::%s", retaingoods[j]);//配置文件中要保留的物品名
OutputDebugString(strTmp);
wsprintf(strTmp, "GetGoodsName::%s 等级=%d",GetGoodsName(GoodBase),GetGoodsLevel(GoodBase));//包包里的装备名字
OutputDebugString(strTmp);
if(strlen(retaingoods[j]) == 0)
{
break;
}

if (!lstrcmp(GetGoodsName(GoodBase),retaingoods[j]))
{
f=1;
break;
}
j++;
}
}
if (f)//非0 是要保留的物品则邮寄
{
wsprintf(strTmp,"***物品类型=%x",*(DWORD*)(GoodBase+0x10));
OutputDebugString(strTmp);
//SellGoods(0,i,GetGoodsCou(GoodBase));//卖物品
DnfPostManGoods(mailName,i,*(DWORD*)(GoodBase+0x10),mailNr);//寄物品

}
Sleep(1000);
}
OutputDebugString("结束邮寄物品");
}

int CGameFun::GetGoodsCou(int GoodsBase)
{

int nRet;
_asm
{
pushad;
mov ecx,GoodsBase;
mov eax,[ecx];
call [eax+0x30];
mov nRet,eax;
popad;
}

return nRet;
}
BOOL CGameFun::IsCloseSocket()
{
return (*(int *)(*(DWORD *)(*(DWORD *)GAME_ADDR_GAME + 0x80)+0x1B4) == -1);
}
int CGameFun::SelRightAttack(void)
{
int level=0;
level=GetRoleGrade();
if (level>14)
{
return level;

}
return 0;
}

int CGameFun::MapNameToMapID(LPTSTR MapName)
{
int mapid;
char comstr[64];
ZeroMemory(comstr,64);
mapid=GetPrivateProfileInt("地图选择",MapName,0,settingpath);
return mapid;
// else
// {
// WritePrivateProfileString("攻击速度",MapName,"200",settingpath);
// mapid=1;
// }

}
//使角色对着左边或者对着右边方向call
void CGameFun::leftOrRight(DWORD fx)//向左边0 向右边1
{
__asm
{
mov    ecx, GAME_ADDR_ROLE_BASE
mov    ecx, dword ptr [ecx]
mov edi,[ecx]
push fx
call dword ptr [edi+0xb8]

}
}
//在地下城走路
void CGameFun::walk(DWORD fx)//为0向左为1向右为2向上为3向下
{
if(fx==0)//为0向左为1向右
{
leftOrRight(0);//人也对着左边
}
else if(fx==1)
{
leftOrRight(1);//人也对着右边
}

int isN=0;
if(fx==2 || fx==3)
{
isN=1;
}
__asm
{
mov esi,GAME_ADDR_ROLE_BASE
mov esi,[esi]
mov edx,[esi]
push 0
push 0
push fx
push isN//是向上2 或下向3 这个就必需是1  为左或右这里就是0
mov ecx,esi
call dword ptr [edx+0x488]
}
jmpWalk();
Sleep(300);//休息300ms  则左/右改变X是36  上下改变y是29
__asm
{
mov esi,GAME_ADDR_ROLE_BASE
mov esi,[esi]
mov edx,[esi]
push 0
push 0
push 4//传入4表示停止走路动作
push isN//是向上2 或下向3 这个就必需是1  为左或右这里就是0
mov ecx,esi
call dword ptr [edx+0x488]
}

//输出当前坐标
float x=GetRoleCoorX();
float y=GetRoleCoorY();
int xd=(int)x,yd=(int)y;
CString str;
str.Format("x=%d y=%d",xd,yd);
OutputDebugString(str);

}
//往此内存数据写入0才能保证下面的代码不被执行也就是不会打断我们自己的走路 dw[esi+15A2]=0 ->XX  esi=人物基址
void CGameFun::jmpWalk(void)
{
*(WORD*)(*(DWORD*)(GAME_ADDR_ROLE_BASE)+0x15A2)=0;//往此内存数据写入0才能保证下面的代码不被执行也就是不会打断我们自己的走路 dw[esi+15A2]=0 ->XX  esi=人物基址
}

//全屏攻击/捡物
void CGameFun::allGjJw(void)
{
DWORD flOldProtected;
if (VirtualProtect((LPVOID)GAME_ADDR_ALLGJJW_BASE, 5, PAGE_READWRITE, &flOldProtected))//更改页面属性
{
*(BYTE*)GAME_ADDR_ALLGJJW_BASE = 0xEB;//把jnz改成jmp 实现全屏攻击/捡物
VirtualProtect((LPVOID)GAME_ADDR_ALLGJJW_BASE, 5, flOldProtected, &flOldProtected);
}
}
//更改  红色龙技能  可惜没什么用先留着 ->XX  (调用是PowerSkill(0x36))
void CGameFun::PowerSkill(DWORD Skillid)
{

DWORD flOldProtected;
if(VirtualProtect((LPVOID)0x004C4305, 5, PAGE_READWRITE, &flOldProtected))//改‘按C键动作(跳)’此call的参数由6改成0x36就跳转到下面这个代码执行处
{
*(BYTE*)0x004C4306 = 0x36;
VirtualProtect((LPVOID)0x004C4305, 5, flOldProtected, &flOldProtected);
}

if(VirtualProtect((LPVOID)0x006D1707, 5, PAGE_READWRITE, &flOldProtected))
{
DWORD wIs=(DWORD)GetPrivateProfileInt("改技能","改技能",0,settingpath);
*(DWORD*)0x006D1708 =wIs;
VirtualProtect((LPVOID)0x006D1707, 5, flOldProtected, &flOldProtected);
}

}

// 拾取所有物品 _OK
//[[[[[0E01FC4]+7C]+3*4+18]+14]+0xB0]
VOID WINAPI CGameFun::PickupAllGoods()
{
char msg[100] = {0};
DWORD dwMyInfoAddr = 0;
DWORD dwAddr = 0, dwStartAddr = 0, dwEndAddr;
int ob_num = 0; // 目标数量（包括建筑，怪物，物品等等）
__try
{
dwAddr = *(PDWORD)ULongToPtr(*(PDWORD)ULongToPtr(*(PDWORD)ULongToPtr(*(PDWORD)ULongToPtr(*(PDWORD)ULongToPtr(GAME_ADDR_GAME) + 0x7C) + 0x24) + 0x14) + 0xB0);
if ( dwAddr != 0 )
{
dwStartAddr = *(PDWORD)ULongToPtr(dwAddr + 0x10);
dwEndAddr = *(PDWORD)ULongToPtr(dwAddr + 0x14);
ob_num = (dwEndAddr - dwStartAddr) / 4;
for (int i = 0; i < ob_num; i++)
{
dwAddr = ((PDWORD)ULongToPtr(dwStartAddr))[i];
if ( dwAddr != 0 && *(PDWORD)ULongToPtr(dwAddr + 0xe0) == 0x111 ) //111 是自己的标志
{
dwMyInfoAddr = dwAddr; // 取出自己的信息结构首地址
}
}

for (int i = 0; i < ob_num; i++)
{
dwAddr = ((PDWORD)ULongToPtr(dwStartAddr))[i];
if ( dwAddr != 0 && *(PDWORD)ULongToPtr(dwAddr + 0xe0) == 0x121 ) //121 是物品的标志
{
__asm
{
pushad
mov esi, dwMyInfoAddr //类型为111的地址也就是角色的地址
mov ecx, dword ptr[esi+0x262c]
lea eax, dword ptr[esi+0x2384]
mov edx, dwAddr
mov [eax], edx
mov eax,[eax] //周围物品地址
push eax
mov eax, GAME_JWP_CALL
call eax
popad
}
OutputDebugString("捡物品");
Sleep(2000);
}
}
}
}
__except ( EXCEPTION_EXECUTE_HANDLER )
{
}
}

//修理装备
void CGameFun::trimGoods(void)
{
__asm
{
//以下是取得武器/装备基址1
mov ecx,GAME_ADDR_GOODBASE1
mov ecx,[ecx]
push ecx

//以下是取得武器/装备基址2
mov ecx,GAME_ADDR_GOODBASE2
mov ecx,[ecx]
mov edx,[ecx]
push 0x9//武器是9 装戴栏是A 护肩C 鞋子E 腰带F  其他的再下断可取到
call dword ptr [edx+0x41C]
push eax

call GAME_ADDR_TRIMCALL//修理装备call
add    esp, 8
}
OutputDebugString("修理武器");
}

Map.cpp
// Map.cpp: implementation of the CMap class.
//
//////////////////////////////////////////////////////////////////////

#include "stdafx.h"
#include "Map.h"
#include "MapData.h"
#include "GameFun.h"
//#include "publib.h"

#ifdef _DEBUG
#undef THIS_FILE
static char THIS_FILE[]=__FILE__;
#define new DEBUG_NEW
#endif

//////////////////////////////////////////////////////////////////////
// Construction/Destruction
//////////////////////////////////////////////////////////////////////

CGameMap::CGameMap()
{

}

CGameMap::~CGameMap()
{
m_list[0].RemoveAll();
m_list[1].RemoveAll();
}

void CGameMap::InitRoomData(DWORD dwMapID)
{
ZeroMemory(m_Room,256);

switch (dwMapID)
{
case 1:
case 0x1000001:
case 0x2000001:
case 0x3000001:
memcpy(m_Room,MAP_01,sizeof(MAP_01));
break;
case 0x10001:
case 0x1010001:
case 0x2010001:
case 0x3010001:
memcpy(m_Room,MAP_10001,sizeof(MAP_10001));
break;
case 2:
case 0x1000002:
case 0x2000002:
case 0x3000002:
memcpy(m_Room,MAP_02,sizeof(MAP_02));
break;
case 0x10002:
case 0x1010002:
case 0x2010002:
case 0x3010002:
memcpy(m_Room,MAP_10002,sizeof(MAP_10002));
break;
case 3:
case 0x1000003:
case 0x2000003:
case 0x3000003:
memcpy(m_Room,MAP_03,sizeof(MAP_03));
break;
case 0x10003:
case 0x1010003:
case 0x2010003:
case 0x3010003:
memcpy(m_Room,MAP_10003,sizeof(MAP_10003));
break;
case 4:
case 0x1000004:
case 0x2000004:
case 0x3000004:
memcpy(m_Room,MAP_04,sizeof(MAP_04));
break;
case 0x10004:
case 0x1010004:
case 0x2010004:
case 0x3010004:
memcpy(m_Room,MAP_10004,sizeof(MAP_10004));
break;
case 0x10005:
case 0x1010005:
case 0x2010005:
case 0x3010005:
memcpy(m_Room,MAP_10005,sizeof(MAP_10005));
break;
case 5:
case 0x1000005:
case 0x2000005:
case 0x3000005:
memcpy(m_Room,MAP_05,sizeof(MAP_05));
break;
case 6:
case 0x1000006:
case 0x2000006:
case 0x3000006:
memcpy(m_Room,MAP_06,sizeof(MAP_06));
break;
case 0x10006:
case 0x1010006:
case 0x2010006:
case 0x3010006:
memcpy(m_Room,MAP_10006,sizeof(MAP_10006));
break;
case 7:
case 0x1000007:
case 0x2000007:
case 0x3000007:
case 0x10007:
case 0x1010007:
case 0x2010007:
case 0x3010007:
memcpy(m_Room,MAP_07,sizeof(MAP_07));
break;
case 8:
case 0x1000008:
case 0x2000008:
case 0x3000008:
case 0x10008:
case 0x1010008:
case 0x2010008:
case 0x3010008:
memcpy(m_Room,MAP_08,sizeof(MAP_08));
break;
case 0xb:
case 0x100000b:
case 0x200000b:
case 0x300000b:
memcpy(m_Room,MAP_11,sizeof(MAP_11));
break;
case 0xc:
case 0x100000c:
case 0x200000c:
case 0x300000c:
memcpy(m_Room,MAP_12,sizeof(MAP_12));
break;
case 0xd:
case 0x100000d:
case 0x200000d:
case 0x300000d:
memcpy(m_Room,MAP_13,sizeof(MAP_13));
break;
case 0xe:
case 0x100000e:
case 0x200000e:
case 0x300000e:
memcpy(m_Room,MAP_14,sizeof(MAP_14));
break;
case 0xf:
case 0x100000f:
case 0x200000f:
case 0x300000f:
memcpy(m_Room,MAP_15,sizeof(MAP_15));
break;
case 0x15:
case 0x1000015:
case 0x2000015:
case 0x3000015:
memcpy(m_Room,MAP_21,sizeof(MAP_21));
break;
case 0x16:
case 0x1000016:
case 0x2000016:
case 0x3000016:
memcpy(m_Room,MAP_22,sizeof(MAP_22));
break;

case 0x17:
case 0x1000017:
case 0x2000017:
case 0x3000017:
memcpy(m_Room,MAP_23,sizeof(MAP_23));
break;
case 0x18:
case 0x1000018:
case 0x2000018:
case 0x3000018:
memcpy(m_Room,MAP_24,sizeof(MAP_24));
break;
case 0x19:
case 0x1000019:
case 0x2000019:
case 0x3000019:
memcpy(m_Room,MAP_25,sizeof(MAP_25));
break;
case 0x1a:
case 0x100001a:
case 0x200001a:
case 0x300001a:
memcpy(m_Room,MAP_26,sizeof(MAP_26));
break;
case 0x1f:
case 0x100001f:
case 0x200001f:
case 0x300001f:
memcpy(m_Room,MAP_31,sizeof(MAP_31));
break;
case 0x20:
case 0x1000020:
case 0x2000020:
case 0x3000020:
memcpy(m_Room,MAP_32,sizeof(MAP_32));
break;
case 0x21:
case 0x1000021:
case 0x2000021:
case 0x3000021:
memcpy(m_Room,MAP_33,sizeof(MAP_33));
break;
case 0x22:
case 0x1000022:
case 0x2000022:
case 0x3000022:
memcpy(m_Room,MAP_34,sizeof(MAP_34));
break;
case 0x23:
case 0x1000023:
case 0x2000023:
case 0x3000023:
memcpy(m_Room,MAP_35,sizeof(MAP_35));
break;
case 0x24:
case 0x1000024:
case 0x2000024:
case 0x3000024:
memcpy(m_Room,MAP_36,sizeof(MAP_36));
break;
case 0x28:
case 0x1000028:
case 0x2000028:
case 0x3000028:
memcpy(m_Room,MAP_40,sizeof(MAP_40));
break;
case 0x29:
case 0x1000029:
case 0x2000029:
case 0x3000029:
memcpy(m_Room,MAP_41,sizeof(MAP_41));
break;
case 0x32:
case 0x1000032:
case 0x2000032:
case 0x3000032:
memcpy(m_Room,MAP_50,sizeof(MAP_50));
break;
case 0x33:
case 0x1000033:
case 0x2000033:
case 0x3000033:
memcpy(m_Room,MAP_51,sizeof(MAP_51));
break;
}
}

void CGameMap::SetStartEndCoor(DWORD dwStartX, DWORD dwStartY, DWORD dwEndX, DWORD dwEndY)
{
m_Start.x = dwStartX;
m_Start.y = dwStartY;
m_End.x = dwEndX;
m_End.y = dwEndY;
AccountWay_1();
AccountWay_2();
if (m_list[0].GetCount()<=m_list[1].GetCount())
{
m_nIndex = 0;
}
else
{
m_nIndex = 1;
}
}

//1上 2右 4下 8左
void CGameMap::AccountWay_1()
{
char outstr[64];
ZeroMemory(outstr,64);
CGameFun t;

MAP_DATA coor;
m_list[0].RemoveAll();
POINT myCoor;
myCoor = m_Start;
InitBKRoom();
sprintf_s(outstr,64,"mapt:%x role x:%d role y:%d boss x: %d  boss y: %d\n",t.GetMapType(),t.GetRoleRoomX(),t.GetRoleRoomY(),t.GetBossRoomX(),t.GetBossRoomY());
OutputDebugStringA(outstr);

m_BKRoom[myCoor.y][myCoor.x] = 1;
while (!((myCoor.x == m_End.x) && (myCoor.y == m_End.y)))
{
OutputDebugString("Go......");

if (((m_Room[myCoor.y][myCoor.x] & 1) != 0) && (m_BKRoom[myCoor.y-1][myCoor.x] == 0))
{ // up
OutputDebugString("Go UP");
coor.m_pos = myCoor;
coor.m_way = GO_UP;
m_list[0].AddTail(coor);
m_BKRoom[myCoor.y-1][myCoor.x] = 1;
myCoor.y = myCoor.y - 1;
myCoor.x = myCoor.x;
}
else if (((m_Room[myCoor.y][myCoor.x] & 2) != 0) && (m_BKRoom[myCoor.y][myCoor.x+1] == 0))
{ // right
OutputDebugString("Go right");
coor.m_pos = myCoor;
coor.m_way = GO_RIGHT;
m_list[0].AddTail(coor);
m_BKRoom[myCoor.y][myCoor.x+1] = 1;
myCoor.y = myCoor.y;
myCoor.x = myCoor.x + 1;
}
else if (((m_Room[myCoor.y][myCoor.x] & 4) != 0) && (m_BKRoom[myCoor.y + 1][myCoor.x] == 0))
{ // down
OutputDebugString("Go down");
coor.m_pos = myCoor;
coor.m_way = GO_DOWN;
m_list[0].AddTail(coor);
m_BKRoom[myCoor.y + 1][myCoor.x] = 1;
myCoor.y = myCoor.y + 1;
myCoor.x = myCoor.x;
}
else if (((m_Room[myCoor.y][myCoor.x] & 8) != 0) && (m_BKRoom[myCoor.y][myCoor.x - 1] == 0))
{ // left
OutputDebugString("Go left");
coor.m_pos = myCoor;
coor.m_way = GO_LEFT;
m_list[0].AddTail(coor);
m_BKRoom[myCoor.y][myCoor.x - 1] = 1;
myCoor.y = myCoor.y;
myCoor.x = myCoor.x - 1;
}
else
{
OutputDebugString("Break");
coor = m_list[0].GetTail();
myCoor = coor.m_pos;
m_list[0].RemoveTail();
}
}
OutputDebugString("over");
}

void CGameMap::InitBKRoom()
{
for (int i=0;i<MAX_ROOM_LEN;i++)
{
for (int j=0;j<MAX_ROOM_LEN;j++)
{
m_BKRoom[i][j] = 0;
}
}
}

void CGameMap::AccountWay_2()
{
char outstr[64];
ZeroMemory(outstr,64);

MAP_DATA coor;
m_list[1].RemoveAll();
POINT myCoor;
myCoor = m_Start;
InitBKRoom();
m_BKRoom[myCoor.y][myCoor.x] = 1;
while (!((myCoor.x == m_End.x) && (myCoor.y == m_End.y)))
{
OutputDebugString("Go......");
if (((m_Room[myCoor.y][myCoor.x] & 4) != 0) && (m_BKRoom[myCoor.y + 1][myCoor.x] == 0))
{ // down
OutputDebugString("Go down");
coor.m_pos = myCoor;
coor.m_way = GO_DOWN;
m_list[1].AddTail(coor);
m_BKRoom[myCoor.y + 1][myCoor.x] = 1;
myCoor.y = myCoor.y + 1;
myCoor.x = myCoor.x;
}
else if (((m_Room[myCoor.y][myCoor.x] & 8) != 0) && (m_BKRoom[myCoor.y][myCoor.x - 1] == 0))
{ // left
OutputDebugString("Go left");
coor.m_pos = myCoor;
coor.m_way = GO_LEFT;
m_list[1].AddTail(coor);
m_BKRoom[myCoor.y][myCoor.x - 1] = 1;
myCoor.y = myCoor.y;
myCoor.x = myCoor.x - 1;
}
else if (((m_Room[myCoor.y][myCoor.x] & 1) != 0) && (m_BKRoom[myCoor.y-1][myCoor.x] == 0))
{ // up
OutputDebugString("Go UP");
coor.m_pos = myCoor;
coor.m_way = GO_UP;
m_list[1].AddTail(coor);
m_BKRoom[myCoor.y-1][myCoor.x] = 1;
myCoor.y = myCoor.y - 1;
myCoor.x = myCoor.x;
}
else if (((m_Room[myCoor.y][myCoor.x] & 2) != 0) && (m_BKRoom[myCoor.y][myCoor.x+1] == 0))
{ // right
OutputDebugString("Go right");
coor.m_pos = myCoor;
coor.m_way = GO_RIGHT;
m_list[1].AddTail(coor);
m_BKRoom[myCoor.y][myCoor.x+1] = 1;
myCoor.y = myCoor.y;
myCoor.x = myCoor.x + 1;
}
else
{
OutputDebugString("Break");
coor = m_list[1].GetTail();
myCoor = coor.m_pos;
m_list[1].RemoveTail();
}
}
OutputDebugString("over");
}

DWORD CGameMap::GetNextDoorWay(DWORD dwCoorX, DWORD dwCoorY)
{
POSITION pos = FindCoorInWay(dwCoorX,dwCoorY);
if (pos != NULL)
{
MAP_DATA coor = m_list[m_nIndex].GetAt(pos);
return coor.m_way;
}
return 5;
}

POSITION CGameMap::FindCoorInWay(DWORD dwCoorX, DWORD dwCoorY)
{
POSITION pos;
MAP_DATA coor;
pos = m_list[m_nIndex].GetHeadPosition();
while (pos != NULL)
{
coor = m_list[m_nIndex].GetAt(pos);
if (((DWORD)coor.m_pos.x == dwCoorX) && ((DWORD)coor.m_pos.y == dwCoorY))
{
return pos;
}
m_list[m_nIndex].GetNext(pos);
}
return NULL;
}

主要代码全在上面。
另外，我自己的一些经历，历程想写下来链接是：
http://bbs.pediy.com/showthread.php?p=1308408#post1308408
有兴趣的朋友请支持一下。谢谢

登录后可查看完整内容

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

收藏・44

免费・8

支持

最新回复 (28) 1 2 ▶
蛋蛋好疼雪币： 376 活跃值： (92) 能力值： ( LV2，RANK：10 ) 在线值：发帖 25 回帖 247 粉丝 0 关注私信	蛋蛋好疼 2 楼看了楼主赚了不是就跑路了吧 2014-8-15 00:26 0
ericzw 雪币： 408 活跃值： (158) 能力值： ( LV9，RANK：210 ) 在线值：发帖 13 回帖 61 粉丝 7 关注私信	ericzw 4 3 楼做好后我并没有卖过，也没有赚过TX的什么钱，你可以放心的看， 2014-8-15 00:32 0
云才哥雪币： 222 活跃值： (185) 能力值： ( LV2，RANK：15 ) 在线值：发帖 9 回帖 279 粉丝 3 关注私信	云才哥 4 楼基址估计都变了 2014-8-15 00:55 0
kuty 雪币： 66 活跃值： (41) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 132 粉丝 1 关注私信	kuty 5 楼代码看不下去了，贴一大陀. 2014-8-15 07:36 0
注册章雪币： 3 活跃值： (18) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 26 粉丝 0 关注私信	注册章 6 楼不能用就放出工程文件吧 2014-8-15 08:19 0
friendanx 雪币： 7885 活跃值： (2285) 能力值： ( LV2，RANK：10 ) 在线值：发帖 18 回帖 185 粉丝 2 关注私信	friendanx 7 楼还是上传工程好些。 2014-8-16 14:07 0
grusirna 雪币： 85 活跃值： (51) 能力值： ( LV5，RANK：60 ) 在线值：发帖 7 回帖 167 粉丝 2 关注私信	grusirna 1 8 楼 mark~~~ 2014-8-17 13:38 0
mumaren 雪币： 71 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 48 回帖 659 粉丝 0 关注私信	mumaren 9 楼不错啊放出工程文件看着更好了谢谢 2014-8-17 18:23 0
langzii 雪币： 55 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 58 粉丝 0 关注私信	langzii 10 楼 mark~ 2014-8-17 21:17 0
Mr志志雪币： 4 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 5 回帖 42 粉丝 0 关注私信	Mr志志 11 楼 mark 2014-8-17 23:02 0
freakish 雪币： 1157 活跃值： (847) 能力值： ( LV8，RANK：150 ) 在线值：发帖 33 回帖 203 粉丝 91 关注私信	freakish 1 12 楼代码风格差点意思 2014-8-18 10:18 0
七苦雪币： 0 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 4 粉丝 0 关注私信	七苦 13 楼脱机挂。。厉害 2014-8-18 10:48 0
kxltsuper 雪币： 5 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 21 回帖 188 粉丝 0 关注私信	kxltsuper 14 楼 mark 2014-8-18 11:50 0
誓言剑雪币： 218 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 15 回帖 249 粉丝 0 关注私信	誓言剑 15 楼 CGameFun类的实现都没有 2014-8-18 22:16 0
最后的最后雪币： 80 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 13 粉丝 0 关注私信	最后的最后 16 楼可惜了好东西不好好利用 2014-8-18 22:39 0
RtlFree 雪币： 236 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 126 粉丝 0 关注私信	RtlFree 17 楼一大片,好难看. 2014-8-19 09:04 0
Fido 雪币： 107 活跃值： (404) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 1019 粉丝 1 关注私信	Fido 18 楼看起来真的是"多年前"写得呢... 2014-8-19 09:59 0
网络游侠雪币： 0 活跃值： (954) 能力值： ( LV3，RANK：30 ) 在线值：发帖 19 回帖 971 粉丝 15 关注私信	网络游侠 19 楼代码发出来也没用，辅助重在分析。 2014-8-19 14:00 0
luojicuowu 雪币： 25 活跃值： (15) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 35 粉丝 2 关注私信	luojicuowu 20 楼是啊,要是能把特征贴上来就好了. 不过也挺好,看了一下除了锁血比另外一款同性质游戏麻烦一点其他的好像都差不多. 物品的结构体都差不多,也能直接飞BOSS房间. 2014-8-19 22:22 0
kxzb 雪币： 202 活跃值： (25) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 84 粉丝 0 关注私信	kxzb 21 楼额，小说？？？ 2014-8-19 22:34 0
樊辉雪币： 45 活跃值： (1369) 能力值： ( LV2，RANK：10 ) 在线值：发帖 10 回帖 152 粉丝 1 关注私信	樊辉 22 楼明显是内存挂 2014-8-21 15:55 0
hahao 雪币： 181 活跃值： (248) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 25 粉丝 1 关注私信	hahao 23 楼 mark 2014-8-26 18:03 0
徐沐雨雪币： 2273 活跃值： (2386) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 129 粉丝 0 关注私信	徐沐雨 24 楼看过，高大上，看了你的程序员之路，想对你说好样的。向你学习。 2014-9-25 23:34 0
jikong 雪币： 1 活跃值： (26) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 17 粉丝 0 关注私信	jikong 25 楼的确，看过楼主可以说是自传吧，看的真是振奋人心，希望楼主继续保持更新 2014-9-26 13:27 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

ericzw

发帖

回帖

210

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (28) 1 2 ▶
蛋蛋好疼雪币： 376 活跃值： (92) 能力值： ( LV2，RANK：10 ) 在线值：发帖 25 回帖 247 粉丝 0 关注私信	蛋蛋好疼 2 楼看了楼主赚了不是就跑路了吧 2014-8-15 00:26 0
ericzw 雪币： 408 活跃值： (158) 能力值： ( LV9，RANK：210 ) 在线值：发帖 13 回帖 61 粉丝 7 关注私信	ericzw 4 3 楼做好后我并没有卖过，也没有赚过TX的什么钱，你可以放心的看， 2014-8-15 00:32 0
云才哥雪币： 222 活跃值： (185) 能力值： ( LV2，RANK：15 ) 在线值：发帖 9 回帖 279 粉丝 3 关注私信	云才哥 4 楼基址估计都变了 2014-8-15 00:55 0
kuty 雪币： 66 活跃值： (41) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 132 粉丝 1 关注私信	kuty 5 楼代码看不下去了，贴一大陀. 2014-8-15 07:36 0
注册章雪币： 3 活跃值： (18) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 26 粉丝 0 关注私信	注册章 6 楼不能用就放出工程文件吧 2014-8-15 08:19 0
friendanx 雪币： 7885 活跃值： (2285) 能力值： ( LV2，RANK：10 ) 在线值：发帖 18 回帖 185 粉丝 2 关注私信	friendanx 7 楼还是上传工程好些。 2014-8-16 14:07 0
grusirna 雪币： 85 活跃值： (51) 能力值： ( LV5，RANK：60 ) 在线值：发帖 7 回帖 167 粉丝 2 关注私信	grusirna 1 8 楼 mark~~~ 2014-8-17 13:38 0
mumaren 雪币： 71 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 48 回帖 659 粉丝 0 关注私信	mumaren 9 楼不错啊放出工程文件看着更好了谢谢 2014-8-17 18:23 0
langzii 雪币： 55 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 58 粉丝 0 关注私信	langzii 10 楼 mark~ 2014-8-17 21:17 0
Mr志志雪币： 4 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 5 回帖 42 粉丝 0 关注私信	Mr志志 11 楼 mark 2014-8-17 23:02 0
freakish 雪币： 1157 活跃值： (847) 能力值： ( LV8，RANK：150 ) 在线值：发帖 33 回帖 203 粉丝 91 关注私信	freakish 1 12 楼代码风格差点意思 2014-8-18 10:18 0
七苦雪币： 0 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 4 粉丝 0 关注私信	七苦 13 楼脱机挂。。厉害 2014-8-18 10:48 0
kxltsuper 雪币： 5 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 21 回帖 188 粉丝 0 关注私信	kxltsuper 14 楼 mark 2014-8-18 11:50 0
誓言剑雪币： 218 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 15 回帖 249 粉丝 0 关注私信	誓言剑 15 楼 CGameFun类的实现都没有 2014-8-18 22:16 0
最后的最后雪币： 80 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 13 粉丝 0 关注私信	最后的最后 16 楼可惜了好东西不好好利用 2014-8-18 22:39 0
RtlFree 雪币： 236 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 126 粉丝 0 关注私信	RtlFree 17 楼一大片,好难看. 2014-8-19 09:04 0
Fido 雪币： 107 活跃值： (404) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 1019 粉丝 1 关注私信	Fido 18 楼看起来真的是"多年前"写得呢... 2014-8-19 09:59 0
网络游侠雪币： 0 活跃值： (954) 能力值： ( LV3，RANK：30 ) 在线值：发帖 19 回帖 971 粉丝 15 关注私信	网络游侠 19 楼代码发出来也没用，辅助重在分析。 2014-8-19 14:00 0
luojicuowu 雪币： 25 活跃值： (15) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 35 粉丝 2 关注私信	luojicuowu 20 楼是啊,要是能把特征贴上来就好了. 不过也挺好,看了一下除了锁血比另外一款同性质游戏麻烦一点其他的好像都差不多. 物品的结构体都差不多,也能直接飞BOSS房间. 2014-8-19 22:22 0
kxzb 雪币： 202 活跃值： (25) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 84 粉丝 0 关注私信	kxzb 21 楼额，小说？？？ 2014-8-19 22:34 0
樊辉雪币： 45 活跃值： (1369) 能力值： ( LV2，RANK：10 ) 在线值：发帖 10 回帖 152 粉丝 1 关注私信	樊辉 22 楼明显是内存挂 2014-8-21 15:55 0
hahao 雪币： 181 活跃值： (248) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 25 粉丝 1 关注私信	hahao 23 楼 mark 2014-8-26 18:03 0
徐沐雨雪币： 2273 活跃值： (2386) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 129 粉丝 0 关注私信	徐沐雨 24 楼看过，高大上，看了你的程序员之路，想对你说好样的。向你学习。 2014-9-25 23:34 0
jikong 雪币： 1 活跃值： (26) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 17 粉丝 0 关注私信	jikong 25 楼的确，看过楼主可以说是自传吧，看的真是振奋人心，希望楼主继续保持更新 2014-9-26 13:27 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复