Beispiel #1
0
 private void FrmEnhanceTest_Load(object sender, EventArgs e)
 {
     //开启控制台输出
     LoadDll.AllocConsole();
     mhxy.MHKernel mk = new mhxy.MHKernel();
     mk.Init();
 }
Beispiel #2
0
        public void reSetMouse()
        {
            int x = Convert.ToInt32(txt_exit_x.Text.Trim());
            int y = Convert.ToInt32(txt_exit_y.Text.Trim());

            int c_x = LoadDll.ReadHwndMemoryOffsetValue((IntPtr)hwnd, Global.addr.MapAddr, 0xCC);
            int c_y = LoadDll.ReadHwndMemoryOffsetValue((IntPtr)hwnd, Global.addr.MapAddr, 0xD0);

            //屏幕宽高
            int[] scr = Global.addr.GetMhxyScreen(hwnd);

            //目的地址坐标
            int s_x = x * 20 + 10;
            int s_y = Global.addr.GetMapY(hwnd) - ((y * 20) + 10);

            int x_min = c_x - scr[0] / 2;
            int x_max = c_x + scr[0] / 2;

            int y_min = c_y - scr[1] / 2;
            int y_max = c_y + scr[1] / 2;

            x = s_x - x_min;
            y = s_y - y_min;


            LoadDll.WriteMemoryHwndValue((IntPtr)hwnd, Global.addr.bX, BitConverter.GetBytes(x));
            LoadDll.WriteMemoryHwndValue((IntPtr)hwnd, new IntPtr(Global.addr.bX + 4).ToInt32(), BitConverter.GetBytes(y));
        }
Beispiel #3
0
        /// <summary>
        /// 读取窗口句柄中的值
        /// </summary>
        /// <param name="hwnd"></param>
        /// <param name="offset"></param>
        /// <returns></returns>
        public static int ReadHwndMemoryOffsetValue(IntPtr hwnd, params int[] offset)
        {
            IntPtr pid = IntPtr.Zero;

            //获取窗口句柄
            LoadDll.GetWindowThreadProcessId(hwnd, out pid);
            int ret = ReadMemoryOffsetValue(pid.ToInt32(), offset);

            return(ret);
        }
Beispiel #4
0
        /// <summary>
        /// 读取句柄中内存的值
        /// </summary>
        /// <param name="hwnd"></param>
        /// <param name="baseAddress"></param>
        /// <returns></returns>
        public static int ReadHwndMemoryValue(IntPtr hwnd, int baseAddress)
        {
            IntPtr pid = IntPtr.Zero;

            //获取窗口句柄
            LoadDll.GetWindowThreadProcessId(hwnd, out pid);
            int ret = LoadDll.ReadMemoryValue(pid.ToInt32(), baseAddress);

            return(ret);
        }
Beispiel #5
0
        /// <summary>
        /// 内存申请
        /// </summary>
        /// <param name="hwnd">窗口句柄</param>
        /// <param name="addr">地址</param>
        /// <param name="size">区域大小</param>
        /// <param name="attr">设置为PAGE_EXECUTE_READWRITE(0x40)时该内存页为可读可写可执行。</param>
        /// <param name="prevValue">内存原始属性类型保存地址</param>
        /// <returns></returns>
        public static int MemoryAlloc(IntPtr hwnd, int addr, int size, int attr, int prevValue)
        {
            IntPtr pid = IntPtr.Zero;

            //获取窗口句柄

            GetWindowThreadProcessId(hwnd, out pid);
            IntPtr hWnd = LoadDll.OpenProcess(0x1F0FFF, false, pid.ToInt32()); //获取进程句柄

            return(VirtualProtectEx(hwnd, addr, 4096, 64, ref prevValue));     //执行VirtualProtectEx函数
        }
Beispiel #6
0
        /// <summary>
        /// 获取句柄进程,记得关闭
        /// </summary>
        /// <param name="hwnd"></param>
        /// <returns></returns>
        public static IntPtr GetHwndProcess(IntPtr hwnd)
        {
            IntPtr pid = IntPtr.Zero;

            //获取窗口句柄
            LoadDll.GetWindowThreadProcessId(hwnd, out pid);

            IntPtr hProcess = OpenProcess(0xFFFFF, false, pid.ToInt32());

            return(hProcess);
        }
Beispiel #7
0
        private void btnQh_Click(object sender, EventArgs e)
        {
            string selectValue = ((util.ComboxItem)cbxWin.SelectedItem).Values;

            //设置默认窗口
            current_mh = new IntPtr(Convert.ToInt32(selectValue));
            //切换到截获全部
            //bug 需要两次
            LoadDll.subPkg(0, current_mh);
            LoadDll.subPkg(1, current_mh);
            btn_data_type.Text = "截获指定";
            lab_mh_win.Text    = "梦幻窗口句柄:" + selectValue;
        }
Beispiel #8
0
        /// <summary>
        /// 初始化游戏
        /// </summary>
        /// <param name="hwnd"></param>
        public void initMhSystem(IntPtr hwnd)
        {
            // string path = "E:\\mh_code\\mh\\mh\\bin\\x86\\Debug\\mhxy_kernel.dll";
            string path = Path.GetFullPath("mhxy_kernel.dll");

            //获取远程进程的函数地址
            mhMsgCallBack = new LoadDll.ResvMhMsg(CallBackHandle);

            //远程调用初始化
            //LoadDll.InitSystemRemoteThread(path, hwnd, this.Handle, mhMsgCallBack);


            //本地初始化
            LoadDll.InitSystemMhxy(path, hwnd, this.Handle, mhMsgCallBack);


            //跳过已经载入的窗口
            if (mh_excute.ContainsKey(hwnd) == false)
            {
                //启动任务处理
                mh_excute[hwnd] = new biz.Execute(hwnd);
            }
            IntPtr pid = IntPtr.Zero;

            //获取窗口句柄
            LoadDll.GetWindowThreadProcessId(hwnd, out pid);
            //放置修改前的保护方式
            Int32 prev = 0;
            //获取进程句柄
            IntPtr hWnd = LoadDll.OpenProcess(0x1F0FFF, false, pid.ToInt32());

            //执行VirtualProtectEx函数
            LoadDll.VirtualProtectEx(hWnd, 0x11000900, 4096, 64, ref prev);
            LoadDll.CloseHandle(hWnd);
            //更新基址
            if (Global.addr == null)
            {
                Global.addr = new mhxy.AddrManager().loadAddr(hwnd.ToInt32());
            }

            //加载用户配置
            string wName = mhxy.Common.GetMHName(hwnd.ToInt32());

            if (wName != "mh")
            {
                //读取用户ID加载配置
                int peopleID = Global.addr.GetPeopleID(hwnd.ToInt32());
                Global.mh_cfg[hwnd] = model.MhxyConfig.GetID(peopleID);
                Log.WriteLine("配置加载:{0}", peopleID);
            }
        }
Beispiel #9
0
        private void btn_data_type_Click(object sender, EventArgs e)
        {
            if (btn_data_type.Text == "截获全部")
            {
                int ret = LoadDll.subPkg(1, current_mh);

                btn_data_type.Text = "截获指定";
            }
            else
            {
                int ret = LoadDll.subPkg(0, current_mh);
                btn_data_type.Text = "截获全部";
            }
        }
Beispiel #10
0
        private void btn_send_Click(object sender, EventArgs e)
        {
            //Thread rt = new Thread(tt);
            //rt.Start();
            ////mhxy.CallFunc.ReadDialog(current_mh.ToInt32());
            //IntPtr hwnd = LoadDll.FindWindow("WSGAME", null);
            //initMhSystem(hwnd);
            //return;
            string txt = txtSend.Text.Trim();

            if (txt == "" || current_mh == IntPtr.Zero)
            {
                return;
            }
            LoadDll.sendMsg(current_mh, txt);
        }
Beispiel #11
0
        /// <summary>
        /// 初始化游戏
        /// </summary>
        /// <param name="hwnd"></param>
        public void initMhxy(IntPtr hwnd)
        {
            //获取梦幻西游句柄
            btn_send.Enabled = true;
            //初始化基本信息
            LoadDll.initmhDll(hwnd.ToInt32(), this.Handle.ToInt32());
            //bug 需要两次
            LoadDll.subPkg(0, hwnd);
            LoadDll.subPkg(1, hwnd);



            //跳过已经载入的窗口
            if (mh_excute.ContainsKey(hwnd) == false)
            {
                //启动任务处理
                mh_excute[hwnd] = new biz.Execute(hwnd);
            }
            IntPtr pid = IntPtr.Zero;

            //获取窗口句柄
            LoadDll.GetWindowThreadProcessId(hwnd, out pid);
            //放置修改前的保护方式
            Int32 prev = 0;
            //获取进程句柄
            IntPtr hWnd = LoadDll.OpenProcess(0x1F0FFF, false, pid.ToInt32());

            //执行VirtualProtectEx函数
            LoadDll.VirtualProtectEx(hWnd, 0x11000900, 4096, 64, ref prev);
            LoadDll.CloseHandle(hWnd);
            //更新基址
            if (Global.addr == null)
            {
                Global.addr = new mhxy.AddrManager().loadAddr(hwnd.ToInt32());
            }

            //加载用户配置
            string wName = mhxy.Common.GetMHName(hwnd.ToInt32());

            if (wName != "mh")
            {
                //读取用户ID加载配置
                int peopleID = Global.addr.GetPeopleID(hwnd.ToInt32());
                Global.mh_cfg[hwnd] = model.MhxyConfig.GetID(peopleID);
                Log.WriteLine("配置加载:{0}", peopleID);
            }
        }
Beispiel #12
0
        public static void InitSystemRemoteThread(string path, IntPtr hwnd, IntPtr myHwnd, ResvMhMsg mhMsgCallBack)
        {
            //注入dll
            bool ret = util.WinApi.DoInjection(path, hwnd);

            if (!ret)
            {
                return;
            }
            //读取内存共享区函数基址
            util.ShareMemory recvHwnd  = new util.ShareMemory("mh_" + hwnd.ToInt32().ToString(), 4096);
            byte[]           funcBytes = recvHwnd.Read(recvHwnd.lpBase.ToInt32(), Marshal.SizeOf(typeof(MhFuncAddrs)));



            MhFuncAddrs mf = (MhFuncAddrs)StringUtil.BytesToStruct(funcBytes, typeof(MhFuncAddrs));


            //获取远程进程的函数地址

            ProCallback pro = new ProCallback();

            pro.hwnd     = myHwnd;
            pro.callBack = mhMsgCallBack;


            int size = Marshal.SizeOf(typeof(LoadDll.ProCallback));

            IntPtr process   = LoadDll.GetHwndProcess(hwnd);
            IntPtr AllocAddr = util.WinApi.VirtualAllocEx(process, 0, size, util.WinApi.AllocationType.MEM_COMMIT, 0x04);


            byte[] data = StringUtil.StructToBytes(pro, size);
            LoadDll.WriteProcessMemory(process, AllocAddr, data, size, IntPtr.Zero);


            IntPtr hRemoteThread = util.WinApi.CreateRemoteThread(process, 0, 0, mf.InitSystemRemoteThread, AllocAddr, 0, 0);

            util.WinApi.WaitForSingleObject(hRemoteThread, 0xFFFFFFFF); //等待线程结束

            int remoteModule = 0;

            util.WinApi.GetExitCodeThread(hRemoteThread, ref remoteModule);
            LoadDll.Free(process, hRemoteThread, AllocAddr);
            Global.mh_func[hwnd] = mf;
        }
Beispiel #13
0
        private void FrmMain_Load(object sender, EventArgs e)
        {
            loopMsg = new Thread(loopReadMsg);
            Control.CheckForIllegalCrossThreadCalls = true;
            //开启控制台输出
            LoadDll.AllocConsole();


            loadType();
            lv_pkg.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
            //获得当前窗口句柄
            IntPtr hwnd = this.Handle;

            lab_current_win.Text += hwnd.ToString();


            loopMsg.Start();
        }
Beispiel #14
0
        /// <summary>
        /// 读取浮点数据
        /// </summary>
        /// <param name="hwnd"></param>
        /// <param name="baseAddress"></param>
        /// <returns></returns>
        public static float ReadHwndMemoryFloatValue(IntPtr hwnd, int baseAddress)
        {
            IntPtr pid = IntPtr.Zero;

            //获取窗口句柄
            LoadDll.GetWindowThreadProcessId(hwnd, out pid);

            byte[] buffer      = new byte[4];
            IntPtr byteAddress = Marshal.UnsafeAddrOfPinnedArrayElement(buffer, 0);
            IntPtr hProcess    = LoadDll.OpenProcess(0x1F0FFF, false, pid.ToInt32());

            LoadDll.ReadProcessMemory(hProcess, (IntPtr)baseAddress, byteAddress, 4, IntPtr.Zero);
            float ret = BitConverter.ToSingle(buffer, 0);

            //关闭操作
            CloseHandle(hProcess);
            return(ret);
        }
Beispiel #15
0
        //将值写入指定内存地址中
        public static bool WriteMemoryHwndValue(IntPtr hwnd, int baseAddress, byte[] value)
        {
            bool   ret = false;
            IntPtr pid = IntPtr.Zero;

            //获取窗口句柄
            LoadDll.GetWindowThreadProcessId(hwnd, out pid);
            try
            {
                //打开一个已存在的进程对象  0x1F0FFF 最高权限
                IntPtr hProcess = OpenProcess(0x1F0FFF, false, pid.ToInt32());
                //从指定内存中写入字节集数据
                ret = WriteProcessMemory(hProcess, (IntPtr)baseAddress, value, value.Length, IntPtr.Zero);
                //关闭操作
                CloseHandle(hProcess);
            }
            catch { }
            return(ret);
        }