/// <summary> /// Инжект движения /// </summary> /// <param name="processID"></param> /// <param name="X"></param> /// <param name="Y"></param> /// <param name="Z"></param> /// <param name="fly_mode"></param> public static void WalkTo(IntPtr oph, float X, float Y, float Z, int walk) { try { //так как при walk_mode=2 надо инжектить значение 1 int walk_mode = 1; if (walk == 0) { walk_mode = 0; } // ---- Создаем скелет пакета для инжектирования #region my_inject byte[] walk_packet = { 0x60, //pushad 0xB8, /*2*/ 0x00,0x00, 0x00, 0x00, //mov eax, BA 0x8B, 0x00, //mox eax, dword ptr [eax] 0x8B, 0x40, 0x1c, //mov eax, dword ptr[eax + 1C] 0x8B, 0x78, 0x34, //mov edi, dword ptr[eax + 0x34] 0x8B, 0x8F, 0xC4, 0x15, 0x00, 0x00, //mov ecx, dword ptr[edi + 0x154C] 0x6A, 0x01, //push 1 0xB8, /*23*/ 0x00,0x00, 0x00, 0x00, //mov eax, action_1 0xFF, 0xD0, //call eax 0x8D, 0x54, 0x24, 0x1C, //lea edx, dword ptr[esp + 0x1C] 0x8B, 0xD8, //mov ebx, eax 0x52, //push edx 0x68, /*37*/ 0x00,0x00, 0x00, 0x00, //push walk_mode 0x8B, 0xCB, //mov ecx, ebx 0xB8, /*44*/ 0x00,0x00, 0x00, 0x00, //mov eax, action_2 0xFF, 0xD0, //call eax 0x8B, 0x8F, 0xC4, 0x15, 0x00, 0x00, //mov ecx, dword ptr [edi + 0x154C] 0xB8, /*57*/ 0x00,0x00, 0x00, 0x00, //mov eax, x 0x89, 0x43, 0x20, //mov dword ptr[ebx + 0x20], eax 0xB8, /*65*/ 0x00,0x00, 0x00, 0x00, //mov eax, z 0x89, 0x43, 0x24, //mov dword ptr[ebx + 0x24], eax 0xB8, /*73*/ 0x00,0x00, 0x00, 0x00, //mov eax, y 0x89, 0x43, 0x28, //mov dword ptr[ebx + 0x28], eax 0x6A, 0x00, //push 0 0x53, //push ebx 0x6A, 0x01, //push 1 0xB8, /*86*/ 0x00,0x00, 0x00, 0x00, //mov eax, action_2 0xFF, 0xD0, //call eax 0x61, //popad 0xC3 //ret }; #endregion // ---- пишем BA Buffer.BlockCopy(BitConverter.GetBytes(Offsets.BaseAdress), 0, walk_packet, 2, 4); // ---- пишем Action_1, Action_2, Action_3 Buffer.BlockCopy(BitConverter.GetBytes(Offsets.Action_1), 0, walk_packet, 23, 4); Buffer.BlockCopy(BitConverter.GetBytes(Offsets.Action_2), 0, walk_packet, 44, 4); Buffer.BlockCopy(BitConverter.GetBytes(Offsets.Action_3), 0, walk_packet, 86, 4); // ---- пишем walk_mode Buffer.BlockCopy(BitConverter.GetBytes(walk_mode), 0, walk_packet, 37, 4); // ---- пишем X, Y, Z Buffer.BlockCopy(BitConverter.GetBytes(X), 0, walk_packet, 57, 4); Buffer.BlockCopy(BitConverter.GetBytes(Z * 2), 0, walk_packet, 65, 4); Buffer.BlockCopy(BitConverter.GetBytes(Y), 0, walk_packet, 73, 4); // ---- временные переменные int lpNumberOfBytesWritten = 0; IntPtr lpThreadId; // ---- выделяем место в памяти IntPtr walk_address = WinApi.VirtualAllocEx(oph, IntPtr.Zero, walk_packet.Length, WinApi.AllocationType.Commit, WinApi.MemoryProtection.ReadWrite); // ---- записываем в выделенную память наш пакет WinApi.WriteProcessMemory(oph, (int)walk_address, walk_packet, walk_packet.Length, out lpNumberOfBytesWritten); // ---- запускаем записанную в память функцию IntPtr hProcThread = WinApi.CreateRemoteThread(oph, IntPtr.Zero, 0, walk_address, IntPtr.Zero, 0, out lpThreadId); // ---- Ожидаем завершения функции WinApi.WaitForSingleObject(hProcThread, WinApi.INFINITE); // ---- подчищаем за собой WinApi.VirtualFreeEx(oph, walk_address, walk_packet.Length, WinApi.FreeType.Release); WinApi.VirtualFreeEx(oph, hProcThread, walk_packet.Length, WinApi.FreeType.Release); } catch (Exception ex) { throw ex; } }