public void Asm_SetTimer(Action <string> writeLogLine) { writeLogLine("VirtualAddr = " + Convert.ToString(virtualAddr, 16)); gMrw.writeInt32(virtualAddr + 0x990, virtualAddr + 0x9A0); gMrw.writeInt8(virtualAddr + 0x9A0, 0xC3); Int32 hWnd = (Int32)FindWindow("地下城与勇士", "地下城与勇士"); Int32 procAddr = virtualAddr + 0xF00; clear(); //mov_addr_XXX(virtualAddr,virtualAddr + 0x1900); call_addr(virtualAddr + 0x990); writeInt8(0xC3); Int32 m = 0; foreach (Byte a in Code) { gMrw.writeInt8((procAddr + m++), a); } setEvent(); clear(); pushad(); push(0x100); push(hWnd); mov_eax(KillTimer); call_eax(); push(procAddr); push(0x1); push(0x100); push(hWnd); mov_eax(SetTimer); call_eax(); popad(); retn(); RunRemoteThread(); clear(); gMrw.writeInt32(virtualAddr + 0x500, 1701667143); gMrw.writeInt32(virtualAddr + 0x504, 1935896658); gMrw.writeInt32(virtualAddr + 0x508, 1819042862); gMrw.writeInt32(virtualAddr + 0x50C, 0); pushad(); push(virtualAddr + 0x500); mov_eax(MyGetModuleHandleA); call_eax(); mov_xxx_eax(virtualAddr + 0x500); popad(); retn(); RunRemoteThread(); while (gMrw.readInt32(virtualAddr + 0x500) == 1701667143) { Thread.Sleep(0); } }
int getCurrentAttackEmery() { Int32 chr = gMrw.readInt32(baseAddr.dwBase_Character); Int32 map = gMrw.readInt32(chr + 0xC8); Int32 dest = gMrw.readInt32(map + 0xC4); Int32 x, y, z; for (Int32 i = gMrw.readInt32(map + 0xC0); i < dest; i += 4) { Int32 onobj = gMrw.readInt32(i); Int32 zy = gMrw.readInt32(onobj + 0x870); Int32 type = gMrw.readInt32(onobj + 0xA4); Int32 grope = gMrw.readInt32(onobj + 0x870); if (grope == 0) { continue; } if (onobj == gMrw.readInt32(baseAddr.dwBase_Character)) { continue; } if (gMrw.readInt32(onobj + 0x3AE4) == 0) { continue; } x = fun.getObjPos(onobj).x; y = fun.getObjPos(onobj).y; z = fun.getObjPos(onobj).z; if (x == 0 || y == 0) { continue; } return(onobj); } return(0); }
//常量 public AssemblyTools(Int32 hProcess, Int32 Lenth, MemRWer gMrwA, Action <string> writeLogLine) { if (Lenth == 0) { Lenth = 0x1000; } // gMrw = new MemRWer((uint)hProcess); mhProcess = hProcess; gMrw = gMrwA; int twice = 0; while (virtualAddr == 0) { //0331CCC0 E8 2AA9D25B call 5F0475EF virtualAddr = /*VirtualAllocEx(hProcess, 0, 0x1000, 0x103000, 0x40)*/ gMrw.readInt32(0x02FF98D0 + 1) + 0x02FF98D0 + 0x100; //033558A0 E8 28203C10 call 137178CD //033C96A0 E8 BEE26D5A call 5DAA7963 //033558A0 E8 28203C10 call 137178CD //033560D0 E8 8E181A58 call 5B4F7963 //virtualAddr = GetProcAddress(GetModuleHandleA("ntdll.dll"), "RtlFreeMemoryBlockLookaside"); Int32 eid = (Int32)GetLastError(); if (virtualAddr == 0) { if (eid == 8L) { writeLogLine("由于客户端工作集内存不足,无法分配内存 重试第 " + twice + "次" + "期间最好进行选择角色等操作"); Thread.Sleep(500); } else { writeLogLine("289行 错误代码 : " + eid); return; } } if (twice >= 99) { writeLogLine("等待次数过多 终止重试"); return; } } hModule = GetModuleHandleA("User32.dll"); if (hModule == IntPtr.Zero) { MessageBox.Show("303 行 句柄错误"); } CallProcAddress = GetProcAddress(hModule, "CallWindowProcW"); GetWindowLongW = GetProcAddress(hModule, "GetWindowLongW"); SetWindowLongW = GetProcAddress(hModule, "SetWindowLongW"); SetTimer = GetProcAddress(hModule, "SetTimer"); KillTimer = GetProcAddress(hModule, "KillTimer"); PostMessage = GetProcAddress(hModule, "PostMessageW"); SendMessage = GetProcAddress(hModule, "SendMessageW"); hModule = GetModuleHandleA("kernel32.dll"); GetTickCount = GetProcAddress(hModule, "GetTickCount"); writeLogLine("GetTickCount = " + GetTickCount); hModule = GetModuleHandleA("ntdll.dll"); memcpy = GetProcAddress(hModule, "memcpy"); writeLogLine("memcpy = " + memcpy); //MyGetModuleHandleA = GetProcAddress(hModule, "KillTimer"); hModule = GetModuleHandleA("Kernel32.dll"); MyGetModuleHandleA = GetProcAddress(hModule, "GetModuleHandleA"); GetModuleHandleW = GetProcAddress(hModule, "GetModuleHandleW"); GetLastErrorC = GetProcAddress(hModule, "GetLastError"); //CloseHandle(hProcess); if (CallProcAddress == 0) { MessageBox.Show("306 行 句柄错误"); } }
static public void F4() { //else if (b == block{ out,in,in,in }) // cout << 490008370 << endl; string result = "else if (b == block{"; string[] vs = fm1.getTextBox1Text().Split(' '); foreach (var s in vs) { switch (s) { case "0": { result += "in,"; break; } case "1": { result += "none,"; break; } case "2": { result += "out,"; break; } } } result = result.Substring(0, result.Length - 1); result += "})\r\n cout << " + gMrw.readInt32(baseAddr.dwBase_Mouse, 0x20) + " << endl;"; fm1.writeLogLine(result); }