/// <summary> /// 内存申请 /// </summary> /// <param name="hwnd">窗口句柄</param> /// <param name="addr">地址</param> /// <param name="size">区域大小</param> /// <param name="attr">设置为PAGE_EXECUTE_READWRITE(0x40)时该内存页为可读可写可执行。</param> /// <param name="prevValue">内存原始属性类型保存地址</param> /// <returns></returns> public static int MemoryAlloc(IntPtr hwnd, int addr, int size, int attr, int prevValue) { IntPtr pid = IntPtr.Zero; //获取窗口句柄 GetWindowThreadProcessId(hwnd, out pid); IntPtr hWnd = LoadDll.OpenProcess(0x1F0FFF, false, pid.ToInt32()); //获取进程句柄 return(VirtualProtectEx(hwnd, addr, 4096, 64, ref prevValue)); //执行VirtualProtectEx函数 }
/// <summary> /// 初始化游戏 /// </summary> /// <param name="hwnd"></param> public void initMhSystem(IntPtr hwnd) { // string path = "E:\\mh_code\\mh\\mh\\bin\\x86\\Debug\\mhxy_kernel.dll"; string path = Path.GetFullPath("mhxy_kernel.dll"); //获取远程进程的函数地址 mhMsgCallBack = new LoadDll.ResvMhMsg(CallBackHandle); //远程调用初始化 //LoadDll.InitSystemRemoteThread(path, hwnd, this.Handle, mhMsgCallBack); //本地初始化 LoadDll.InitSystemMhxy(path, hwnd, this.Handle, mhMsgCallBack); //跳过已经载入的窗口 if (mh_excute.ContainsKey(hwnd) == false) { //启动任务处理 mh_excute[hwnd] = new biz.Execute(hwnd); } IntPtr pid = IntPtr.Zero; //获取窗口句柄 LoadDll.GetWindowThreadProcessId(hwnd, out pid); //放置修改前的保护方式 Int32 prev = 0; //获取进程句柄 IntPtr hWnd = LoadDll.OpenProcess(0x1F0FFF, false, pid.ToInt32()); //执行VirtualProtectEx函数 LoadDll.VirtualProtectEx(hWnd, 0x11000900, 4096, 64, ref prev); LoadDll.CloseHandle(hWnd); //更新基址 if (Global.addr == null) { Global.addr = new mhxy.AddrManager().loadAddr(hwnd.ToInt32()); } //加载用户配置 string wName = mhxy.Common.GetMHName(hwnd.ToInt32()); if (wName != "mh") { //读取用户ID加载配置 int peopleID = Global.addr.GetPeopleID(hwnd.ToInt32()); Global.mh_cfg[hwnd] = model.MhxyConfig.GetID(peopleID); Log.WriteLine("配置加载:{0}", peopleID); } }
/// <summary> /// 初始化游戏 /// </summary> /// <param name="hwnd"></param> public void initMhxy(IntPtr hwnd) { //获取梦幻西游句柄 btn_send.Enabled = true; //初始化基本信息 LoadDll.initmhDll(hwnd.ToInt32(), this.Handle.ToInt32()); //bug 需要两次 LoadDll.subPkg(0, hwnd); LoadDll.subPkg(1, hwnd); //跳过已经载入的窗口 if (mh_excute.ContainsKey(hwnd) == false) { //启动任务处理 mh_excute[hwnd] = new biz.Execute(hwnd); } IntPtr pid = IntPtr.Zero; //获取窗口句柄 LoadDll.GetWindowThreadProcessId(hwnd, out pid); //放置修改前的保护方式 Int32 prev = 0; //获取进程句柄 IntPtr hWnd = LoadDll.OpenProcess(0x1F0FFF, false, pid.ToInt32()); //执行VirtualProtectEx函数 LoadDll.VirtualProtectEx(hWnd, 0x11000900, 4096, 64, ref prev); LoadDll.CloseHandle(hWnd); //更新基址 if (Global.addr == null) { Global.addr = new mhxy.AddrManager().loadAddr(hwnd.ToInt32()); } //加载用户配置 string wName = mhxy.Common.GetMHName(hwnd.ToInt32()); if (wName != "mh") { //读取用户ID加载配置 int peopleID = Global.addr.GetPeopleID(hwnd.ToInt32()); Global.mh_cfg[hwnd] = model.MhxyConfig.GetID(peopleID); Log.WriteLine("配置加载:{0}", peopleID); } }
/// <summary> /// 读取浮点数据 /// </summary> /// <param name="hwnd"></param> /// <param name="baseAddress"></param> /// <returns></returns> public static float ReadHwndMemoryFloatValue(IntPtr hwnd, int baseAddress) { IntPtr pid = IntPtr.Zero; //获取窗口句柄 LoadDll.GetWindowThreadProcessId(hwnd, out pid); byte[] buffer = new byte[4]; IntPtr byteAddress = Marshal.UnsafeAddrOfPinnedArrayElement(buffer, 0); IntPtr hProcess = LoadDll.OpenProcess(0x1F0FFF, false, pid.ToInt32()); LoadDll.ReadProcessMemory(hProcess, (IntPtr)baseAddress, byteAddress, 4, IntPtr.Zero); float ret = BitConverter.ToSingle(buffer, 0); //关闭操作 CloseHandle(hProcess); return(ret); }