public int getPID() { IntPtr pid = IntPtr.Zero; LoadDll.GetWindowThreadProcessId((IntPtr)this.hwnd, out pid); return(pid.ToInt32()); }
/// <summary> /// 申请内存 /// </summary> /// <param name="hwnd"></param> /// <returns></returns> public static IntPtr MallocMemory(IntPtr hwnd, int size) { IntPtr pid = IntPtr.Zero; //获取窗口句柄 LoadDll.GetWindowThreadProcessId(hwnd, out pid); //获取进程句柄 IntPtr prohWnd = LoadDll.OpenProcess(0x1F0FFF, false, pid.ToInt32()); if (prohWnd != IntPtr.Zero) { //执行VirtualProtectEx函数 IntPtr addr = VirtualAllocEx(prohWnd, 0, size, AllocationType.MEM_COMMIT, 64); LoadDll.CloseHandle(prohWnd); return(addr); } return(IntPtr.Zero); }
/// <summary> /// 获得地图最大的XY坐标 /// 第一个是x /// 第二个是y /// </summary> /// <param name="hwnd"></param> /// <returns></returns> public int[] GetMapMaxXY(int hwnd) { int[] xy = new int[2]; IntPtr pid = IntPtr.Zero; LoadDll.GetWindowThreadProcessId((IntPtr)hwnd, out pid); byte[] buffer = new byte[4]; IntPtr byteAddress = Marshal.UnsafeAddrOfPinnedArrayElement(buffer, 0); IntPtr hProcess = LoadDll.OpenProcess(0x1F0FFF, false, pid.ToInt32()); //读取x坐标上限 xy[0] = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), MapAddr, 0x60, 0x10); //读取y坐标上限 xy[1] = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), MapAddr, 0x60, 0x14); //日狗的游戏算法*20 xy[0] = (int)(xy[0] / 20); xy[1] = (int)(xy[1] / 20); //换算游戏坐标 return(xy); }
/// <summary> /// 返回人物坐标 /// 第一个是x /// 第二个是y /// </summary> /// <param name="hwnd"></param> /// <returns></returns> public int[] getPeopleXY(int hwnd) { int[] xy = new int[2]; IntPtr pid = IntPtr.Zero; LoadDll.GetWindowThreadProcessId((IntPtr)hwnd, out pid); byte[] buffer = new byte[4]; IntPtr byteAddress = Marshal.UnsafeAddrOfPinnedArrayElement(buffer, 0); IntPtr hProcess = LoadDll.OpenProcess(0x1F0FFF, false, pid.ToInt32()); //读取x坐标 bool ret = LoadDll.ReadProcessMemory(hProcess, new IntPtr(this.x), byteAddress, 4, IntPtr.Zero); double val = BitConverter.ToSingle(buffer, 0); xy[0] = (int)Math.Floor(val / 20); //读取y坐标 int mapY = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), this.MapAddr, 0x50, 0x14); LoadDll.ReadProcessMemory(hProcess, new IntPtr(this.y), byteAddress, 4, IntPtr.Zero); val = BitConverter.ToSingle(buffer, 0); xy[1] = (int)Math.Floor((mapY - val) / 20); LoadDll.CloseHandle(hProcess); return(xy); }
/// <summary> /// 寻路call /// </summary> /// <param name="em"></param> public static void way(mhxy.EventMsg em) { IntPtr pid = IntPtr.Zero; LoadDll.GetWindowThreadProcessId(em.hwnd, out pid); int map = Global.addr.GetMapY(em.hwnd.ToInt32()); //================== em.posX = em.posX * 20; em.posY = map - em.posY * 20 - 10; //======================= int wayPos = Global.addr.way; long dwTempAddr = 0x11000900 - wayPos; dwTempAddr = 0xFFFFFFFF - dwTempAddr - 0x20; string szHookString = "85 C9 0F 95 C0 0F B6 C0 50 6A 01 51 55 FF B6 14 01 00 00 8B CF FF B6 10 01 00 00"; szHookString = szHookString + "B8"; szHookString = szHookString + StringUtil.FormatIntToHex(Global.addr.GetPeopleID(em.hwnd.ToInt32())); szHookString = szHookString + " 39 46 0C 75 12 3E C7 44 24 08 "; szHookString = szHookString + StringUtil.FormatIntToHex(em.posX); szHookString = szHookString + " 3E C7 44 24 0C "; szHookString = szHookString + StringUtil.FormatIntToHex(em.posY); szHookString = szHookString + " E9 "; szHookString = szHookString + StringUtil.FormatIntToHex((int)dwTempAddr); szHookString = szHookString + " 00 00 00 00"; szHookString = szHookString.Replace(" ", ""); //================================================== byte[] data = StringUtil.strToToHexByte(szHookString); bool success = LoadDll.WriteMemoryValue(pid.ToInt32(), 0x11000900, data); //================================================== szHookString = "E9 "; dwTempAddr = 0x11000900 - wayPos - 0x5; szHookString = szHookString + StringUtil.FormatIntToHex((int)dwTempAddr); szHookString = szHookString.Replace(" ", ""); data = StringUtil.strToToHexByte(szHookString); success = LoadDll.WriteMemoryValue(pid.ToInt32(), wayPos, data); //=================================================================== //隐藏UI //UIShowStatus(em.hwnd.ToInt32(), false); ////隐藏玩家和摊位 //HidePlayer(em.hwnd.ToInt32()); //HideShop(em.hwnd.ToInt32()); //CloseDia(em.hwnd.ToInt32()); //System.Threading.Thread.Sleep(100); ////调用鼠标触发call //clickWin(em.hwnd.ToInt32(), em.mX, em.mY); //System.Threading.Thread.Sleep(300); //UIShowStatus(em.hwnd.ToInt32(), true); System.Threading.Thread.Sleep(5000); //================================================================== //复位call代码 data = StringUtil.strToToHexByte("85D20F95C0"); success = LoadDll.WriteMemoryValue(pid.ToInt32(), wayPos, data); }
public static void clickPeople(int hwnd) { //防止小杂碎检测 Random r = new Random(); int ry = r.Next(-12, -5); IntPtr pid = IntPtr.Zero; LoadDll.GetWindowThreadProcessId((IntPtr)hwnd, out pid); //第一步先定位一个临时地址,也就是4小人黑框的地址 int tmpPtr = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), Global.addr.win, 0x68, 0x04, 0x68); //判断界面是否打开 int no = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), tmpPtr, 0x28); if (no != 0) { return; } bool find = false; // 黑框的X起点坐标 int x = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), tmpPtr, 0x08); //黑框的Y起点坐标 int y = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), tmpPtr, 0x0c); //伪基址 黑框向下一层继续读地址 int wPtr = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), tmpPtr, 0x54); //二级基址 找到第一个小人方向所在的地址 int twoPtr = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), new IntPtr(wPtr + 0x04).ToInt32(), 0x8C, 0x28, 0x04, 0x14); //用第一个地址向下继续读 C 30 如果读到1证明这个小人面对你,获取小人坐标 if (LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), twoPtr + 0x0c, 0x30) == 1) { x += 50; y = y + LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), tmpPtr, 0x54, 0x4, 0xc) + ry; find = true; } //找到第二个小人方向所在的地址 twoPtr = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), new IntPtr(wPtr + 0x08).ToInt32(), 0x8C, 0x28, 0x04, 0x14); // 用第二个地址向下继续读 C 30 如果读到1证明这个小人面对你,获取小人坐标 if (LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), twoPtr + 0x0c, 0x30) == 1) { x += 140; y = y + LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), tmpPtr, 0x54, 0x08, 0xC) + ry; find = true; } //找到第三个小人方向所在的地址 twoPtr = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), new IntPtr(wPtr + 0x0C).ToInt32(), 0x8C, 0x28, 0x04, 0x14); //用第三个地址向下继续读 C 30 如果读到1证明这个小人面对你,获取小人坐标 if (LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), twoPtr + 0x0c, 0x30) == 1) { x += 230; y = y + LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), tmpPtr, 0x54, 0x0C, 0xC) + ry; find = true; } // 找到第四个小人方向所在的地址 twoPtr = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), new IntPtr(wPtr + 0x10).ToInt32(), 0x8C, 0x28, 0x04, 0x14); if (LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), twoPtr + 0x0c, 0x30) == 1) { x += 320; y = y + LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), tmpPtr, 0x54, 0x10, 0xC) + ry; find = true; } if (find == true) { clickWin(hwnd, x, y); Log.WriteLine("点击小人"); find = false; } }
/// <summary> /// 更新梦幻西游基址 /// </summary> /// <param name="hwnd"></param> public Addr loadAddr(int hwnd) { Addr addr = new Addr(); //读取进程内存 IntPtr pid = IntPtr.Zero; LoadDll.GetWindowThreadProcessId((IntPtr)hwnd, out pid); //如果(读内存(pid, 模块起址, AA, 7340032, 容器)) byte[] buffer = new byte[7340032]; //获取缓冲区地址 int start = 0x11000000; IntPtr byteAddress = Marshal.UnsafeAddrOfPinnedArrayElement(buffer, 0); IntPtr hProcess = LoadDll.OpenProcess(0x1F0FFF, false, pid.ToInt32()); bool ret = LoadDll.ReadProcessMemory(hProcess, new IntPtr(start), byteAddress, 7340032, IntPtr.Zero); if (ret) { //查找摊位基址 int idx = BytesIndexOf(buffer, StringUtil.strToToHexByte("8B C6 8B 4C 24 38 64 89 0D 00 00 00 00 59 5F 5E 83 C4 38 C3")); if (idx > 0) { addr.shop = BitConverter.ToInt32(buffer.Skip(idx + 65).Take(4).ToArray(), 0); } //搜索人物坐标基址 idx = StringUtil.IndexOfBytes(buffer, "83 C8 01 A3 ?? ?? ?? ?? 83 EC 08 C7 44 24 14 00 00 00 00 B9 ?? ?? ?? ?? C7 44 24 04 00 00 00 00 C7 04 24 00 00 00 00"); if (idx > 0) { addr.x = BitConverter.ToInt32(buffer.Skip(idx + 20).Take(4).ToArray(), 0); addr.y = addr.x + 4; Log.WriteLine("人物X地址:{0}", StringUtil.IntToHex(addr.x)); Log.WriteLine("人物Y地址:{0}", StringUtil.IntToHex(addr.y)); } //搜索地图基址 idx = BytesIndexOf(buffer, new byte[] { 199, 68, 36, 52, 255, 255, 255, 255, 15, 90, 192, 131, 236, 8, 185 }); if (idx > 0) { addr.MapAddr = BitConverter.ToInt32(buffer.Skip(idx + 15).Take(4).ToArray(), 0); Log.WriteLine("地图基址{0}", StringUtil.IntToHex(addr.MapAddr)); } //搜索人物ID基址 //idx = BytesIndexOf(buffer, StringUtil.strToToHexByte("89 44 24 10 55 85 C0 75 2A 8D 44 24 14 50")); //if (idx > 0) //{ // addr.PeopleID = BitConverter.ToInt32(buffer.Skip(idx - 4).Take(4).ToArray(), 0); // Log.WriteLine("人物ID基址{0}", StringUtil.IntToHex(addr.PeopleID)); //} //白鼠基址 addr.bX = 0x11F01994; addr.bY = 0x11F01998; Log.WriteLine("白鼠基址{0}", StringUtil.IntToHex(addr.bX)); //搜索蓝鼠基址 idx = BytesIndexOf(buffer, StringUtil.strToToHexByte("8D 44 24 08 83 C4 04 50 8B 01")); if (idx > 0) { addr.ls = BitConverter.ToInt32(buffer.Skip(idx + 15).Take(4).ToArray(), 0); Log.WriteLine("蓝鼠基址{0}", StringUtil.IntToHex(addr.ls)); } //搜索战斗基址 idx = BytesIndexOf(buffer, new byte[] { 139, 76, 36, 4, 139, 84, 36, 8, 139, 4, 141 }); if (idx > 0) { addr.zd = BitConverter.ToInt32(buffer.Skip(idx + 11).Take(4).ToArray(), 0) + 96; Log.WriteLine("战斗基址{0}", StringUtil.IntToHex(addr.zd)); } //搜索窗口地址 idx = BytesIndexOf(buffer, StringUtil.strToToHexByte("83 C4 04 85 C9 74 06 8B 01 56 FF 50 28")); if (idx > 0) { addr.win = BitConverter.ToInt32(buffer.Skip(idx + 15).Take(4).ToArray(), 0); Log.WriteLine("窗口地址{0}", StringUtil.IntToHex(addr.win)); addr.dialogue = LoadDll.ReadMemoryValue(pid.ToInt32(), addr.win); addr.dialogue = LoadDll.ReadMemoryValue(pid.ToInt32(), addr.dialogue + 84); addr.dialogue = LoadDll.ReadMemoryValue(pid.ToInt32(), addr.dialogue + 4); addr.dialogue = LoadDll.ReadMemoryValue(pid.ToInt32(), addr.dialogue + 64); addr.dialogue = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), addr.dialogue, 4); Log.WriteLine("基址对话:{0}", StringUtil.IntToHex(addr.dialogue)); } ////寻路HOOK idx = BytesIndexOf(buffer, StringUtil.strToToHexByte("85 D2 0F 95 C0 0F B6 C0 50 6A 01 51 55 FF B6 14 01 00 00 8B CF FF B6 10 01 00 00")); if (idx > 0) { addr.way = idx + start; Log.WriteLine("寻路基址:{0}", StringUtil.IntToHex(addr.way)); } //包开始地址 idx = BytesIndexOf(buffer, StringUtil.strToToHexByte("7E 08 8A C2 B3 35 F6 EB")); if (idx > 0) { addr.toPkg = start + idx + 1 + 27; addr.pkgEnd = addr.toPkg - 41; Log.WriteLine("转包基址:{0}", StringUtil.IntToHex(addr.toPkg)); Log.WriteLine("包止基址:{0}", StringUtil.IntToHex(addr.pkgEnd)); } //明文地址 idx = BytesIndexOf(buffer, StringUtil.strToToHexByte("8B 44 24 04 8A 4C 24 0C")); if (idx > 0) { addr.msg = start + idx + 1 + 7; Log.WriteLine("明文基址:{0}", StringUtil.IntToHex(addr.msg)); } } LoadDll.CloseHandle(hProcess); return(addr); }