public int getPID()
{
IntPtr pid = IntPtr.Zero;
LoadDll.GetWindowThreadProcessId((IntPtr)this.hwnd, out pid);
return(pid.ToInt32());
}
/// <summary>
/// 申请内存
/// </summary>
/// <param name="hwnd"></param>
/// <returns></returns>
public static IntPtr MallocMemory(IntPtr hwnd, int size)
{
IntPtr pid = IntPtr.Zero;
//获取窗口句柄
LoadDll.GetWindowThreadProcessId(hwnd, out pid);
//获取进程句柄
IntPtr prohWnd = LoadDll.OpenProcess(0x1F0FFF, false, pid.ToInt32());
if (prohWnd != IntPtr.Zero)
{
//执行VirtualProtectEx函数
IntPtr addr = VirtualAllocEx(prohWnd, 0, size, AllocationType.MEM_COMMIT, 64);
LoadDll.CloseHandle(prohWnd);
return(addr);
}
return(IntPtr.Zero);
}
/// <summary>
/// 获得地图最大的XY坐标
/// 第一个是x
/// 第二个是y
/// </summary>
/// <param name="hwnd"></param>
/// <returns></returns>
public int[] GetMapMaxXY(int hwnd)
{
int[] xy = new int[2];
IntPtr pid = IntPtr.Zero;
LoadDll.GetWindowThreadProcessId((IntPtr)hwnd, out pid);
byte[] buffer = new byte[4];
IntPtr byteAddress = Marshal.UnsafeAddrOfPinnedArrayElement(buffer, 0);
IntPtr hProcess = LoadDll.OpenProcess(0x1F0FFF, false, pid.ToInt32());
//读取x坐标上限
xy[0] = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), MapAddr, 0x60, 0x10);
//读取y坐标上限
xy[1] = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), MapAddr, 0x60, 0x14);
//日狗的游戏算法*20
xy[0] = (int)(xy[0] / 20);
xy[1] = (int)(xy[1] / 20);
//换算游戏坐标
return(xy);
}
/// <summary>
/// 返回人物坐标
/// 第一个是x
/// 第二个是y
/// </summary>
/// <param name="hwnd"></param>
/// <returns></returns>
public int[] getPeopleXY(int hwnd)
{
int[] xy = new int[2];
IntPtr pid = IntPtr.Zero;
LoadDll.GetWindowThreadProcessId((IntPtr)hwnd, out pid);
byte[] buffer = new byte[4];
IntPtr byteAddress = Marshal.UnsafeAddrOfPinnedArrayElement(buffer, 0);
IntPtr hProcess = LoadDll.OpenProcess(0x1F0FFF, false, pid.ToInt32());
//读取x坐标
bool ret = LoadDll.ReadProcessMemory(hProcess, new IntPtr(this.x), byteAddress, 4, IntPtr.Zero);
double val = BitConverter.ToSingle(buffer, 0);
xy[0] = (int)Math.Floor(val / 20);
//读取y坐标
int mapY = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), this.MapAddr, 0x50, 0x14);
LoadDll.ReadProcessMemory(hProcess, new IntPtr(this.y), byteAddress, 4, IntPtr.Zero);
val = BitConverter.ToSingle(buffer, 0);
xy[1] = (int)Math.Floor((mapY - val) / 20);
LoadDll.CloseHandle(hProcess);
return(xy);
}
/// <summary>
/// 寻路call
/// </summary>
/// <param name="em"></param>
public static void way(mhxy.EventMsg em)
{
IntPtr pid = IntPtr.Zero;
LoadDll.GetWindowThreadProcessId(em.hwnd, out pid);
int map = Global.addr.GetMapY(em.hwnd.ToInt32());
//==================
em.posX = em.posX * 20;
em.posY = map - em.posY * 20 - 10;
//=======================
int wayPos = Global.addr.way;
long dwTempAddr = 0x11000900 - wayPos;
dwTempAddr = 0xFFFFFFFF - dwTempAddr - 0x20;
string szHookString = "85 C9 0F 95 C0 0F B6 C0 50 6A 01 51 55 FF B6 14 01 00 00 8B CF FF B6 10 01 00 00";
szHookString = szHookString + "B8";
szHookString = szHookString + StringUtil.FormatIntToHex(Global.addr.GetPeopleID(em.hwnd.ToInt32()));
szHookString = szHookString + " 39 46 0C 75 12 3E C7 44 24 08 ";
szHookString = szHookString + StringUtil.FormatIntToHex(em.posX);
szHookString = szHookString + " 3E C7 44 24 0C ";
szHookString = szHookString + StringUtil.FormatIntToHex(em.posY);
szHookString = szHookString + " E9 ";
szHookString = szHookString + StringUtil.FormatIntToHex((int)dwTempAddr);
szHookString = szHookString + " 00 00 00 00";
szHookString = szHookString.Replace(" ", "");
//==================================================
byte[] data = StringUtil.strToToHexByte(szHookString);
bool success = LoadDll.WriteMemoryValue(pid.ToInt32(), 0x11000900, data);
//==================================================
szHookString = "E9 ";
dwTempAddr = 0x11000900 - wayPos - 0x5;
szHookString = szHookString + StringUtil.FormatIntToHex((int)dwTempAddr);
szHookString = szHookString.Replace(" ", "");
data = StringUtil.strToToHexByte(szHookString);
success = LoadDll.WriteMemoryValue(pid.ToInt32(), wayPos, data);
//===================================================================
//隐藏UI
//UIShowStatus(em.hwnd.ToInt32(), false);
////隐藏玩家和摊位
//HidePlayer(em.hwnd.ToInt32());
//HideShop(em.hwnd.ToInt32());
//CloseDia(em.hwnd.ToInt32());
//System.Threading.Thread.Sleep(100);
////调用鼠标触发call
//clickWin(em.hwnd.ToInt32(), em.mX, em.mY);
//System.Threading.Thread.Sleep(300);
//UIShowStatus(em.hwnd.ToInt32(), true);
System.Threading.Thread.Sleep(5000);
//==================================================================
//复位call代码
data = StringUtil.strToToHexByte("85D20F95C0");
success = LoadDll.WriteMemoryValue(pid.ToInt32(), wayPos, data);
}
public static void clickPeople(int hwnd)
{
//防止小杂碎检测
Random r = new Random();
int ry = r.Next(-12, -5);
IntPtr pid = IntPtr.Zero;
LoadDll.GetWindowThreadProcessId((IntPtr)hwnd, out pid);
//第一步先定位一个临时地址,也就是4小人黑框的地址
int tmpPtr = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), Global.addr.win, 0x68, 0x04, 0x68);
//判断界面是否打开
int no = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), tmpPtr, 0x28);
if (no != 0)
{
return;
}
bool find = false;
// 黑框的X起点坐标
int x = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), tmpPtr, 0x08);
//黑框的Y起点坐标
int y = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), tmpPtr, 0x0c);
//伪基址 黑框向下一层继续读地址
int wPtr = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), tmpPtr, 0x54);
//二级基址 找到第一个小人方向所在的地址
int twoPtr = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), new IntPtr(wPtr + 0x04).ToInt32(), 0x8C, 0x28, 0x04, 0x14);
//用第一个地址向下继续读 C 30 如果读到1证明这个小人面对你,获取小人坐标
if (LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), twoPtr + 0x0c, 0x30) == 1)
{
x += 50;
y = y + LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), tmpPtr, 0x54, 0x4, 0xc) + ry;
find = true;
}
//找到第二个小人方向所在的地址
twoPtr = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), new IntPtr(wPtr + 0x08).ToInt32(), 0x8C, 0x28, 0x04, 0x14);
// 用第二个地址向下继续读 C 30 如果读到1证明这个小人面对你,获取小人坐标
if (LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), twoPtr + 0x0c, 0x30) == 1)
{
x += 140;
y = y + LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), tmpPtr, 0x54, 0x08, 0xC) + ry;
find = true;
}
//找到第三个小人方向所在的地址
twoPtr = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), new IntPtr(wPtr + 0x0C).ToInt32(), 0x8C, 0x28, 0x04, 0x14);
//用第三个地址向下继续读 C 30 如果读到1证明这个小人面对你,获取小人坐标
if (LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), twoPtr + 0x0c, 0x30) == 1)
{
x += 230;
y = y + LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), tmpPtr, 0x54, 0x0C, 0xC) + ry;
find = true;
}
// 找到第四个小人方向所在的地址
twoPtr = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), new IntPtr(wPtr + 0x10).ToInt32(), 0x8C, 0x28, 0x04, 0x14);
if (LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), twoPtr + 0x0c, 0x30) == 1)
{
x += 320;
y = y + LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), tmpPtr, 0x54, 0x10, 0xC) + ry;
find = true;
}
if (find == true)
{
clickWin(hwnd, x, y);
Log.WriteLine("点击小人");
find = false;
}
}
/// <summary>
/// 更新梦幻西游基址
/// </summary>
/// <param name="hwnd"></param>
public Addr loadAddr(int hwnd)
{
Addr addr = new Addr();
//读取进程内存
IntPtr pid = IntPtr.Zero;
LoadDll.GetWindowThreadProcessId((IntPtr)hwnd, out pid);
//如果(读内存(pid, 模块起址, AA, 7340032, 容器))
byte[] buffer = new byte[7340032];
//获取缓冲区地址
int start = 0x11000000;
IntPtr byteAddress = Marshal.UnsafeAddrOfPinnedArrayElement(buffer, 0);
IntPtr hProcess = LoadDll.OpenProcess(0x1F0FFF, false, pid.ToInt32());
bool ret = LoadDll.ReadProcessMemory(hProcess, new IntPtr(start), byteAddress, 7340032, IntPtr.Zero);
if (ret)
{
//查找摊位基址
int idx = BytesIndexOf(buffer, StringUtil.strToToHexByte("8B C6 8B 4C 24 38 64 89 0D 00 00 00 00 59 5F 5E 83 C4 38 C3"));
if (idx > 0)
{
addr.shop = BitConverter.ToInt32(buffer.Skip(idx + 65).Take(4).ToArray(), 0);
}
//搜索人物坐标基址
idx = StringUtil.IndexOfBytes(buffer, "83 C8 01 A3 ?? ?? ?? ?? 83 EC 08 C7 44 24 14 00 00 00 00 B9 ?? ?? ?? ?? C7 44 24 04 00 00 00 00 C7 04 24 00 00 00 00");
if (idx > 0)
{
addr.x = BitConverter.ToInt32(buffer.Skip(idx + 20).Take(4).ToArray(), 0);
addr.y = addr.x + 4;
Log.WriteLine("人物X地址:{0}", StringUtil.IntToHex(addr.x));
Log.WriteLine("人物Y地址:{0}", StringUtil.IntToHex(addr.y));
}
//搜索地图基址
idx = BytesIndexOf(buffer, new byte[] { 199, 68, 36, 52, 255, 255, 255, 255, 15, 90, 192, 131, 236, 8, 185 });
if (idx > 0)
{
addr.MapAddr = BitConverter.ToInt32(buffer.Skip(idx + 15).Take(4).ToArray(), 0);
Log.WriteLine("地图基址{0}", StringUtil.IntToHex(addr.MapAddr));
}
//搜索人物ID基址
//idx = BytesIndexOf(buffer, StringUtil.strToToHexByte("89 44 24 10 55 85 C0 75 2A 8D 44 24 14 50"));
//if (idx > 0)
//{
// addr.PeopleID = BitConverter.ToInt32(buffer.Skip(idx - 4).Take(4).ToArray(), 0);
// Log.WriteLine("人物ID基址{0}", StringUtil.IntToHex(addr.PeopleID));
//}
//白鼠基址
addr.bX = 0x11F01994;
addr.bY = 0x11F01998;
Log.WriteLine("白鼠基址{0}", StringUtil.IntToHex(addr.bX));
//搜索蓝鼠基址
idx = BytesIndexOf(buffer, StringUtil.strToToHexByte("8D 44 24 08 83 C4 04 50 8B 01"));
if (idx > 0)
{
addr.ls = BitConverter.ToInt32(buffer.Skip(idx + 15).Take(4).ToArray(), 0);
Log.WriteLine("蓝鼠基址{0}", StringUtil.IntToHex(addr.ls));
}
//搜索战斗基址
idx = BytesIndexOf(buffer, new byte[] { 139, 76, 36, 4, 139, 84, 36, 8, 139, 4, 141 });
if (idx > 0)
{
addr.zd = BitConverter.ToInt32(buffer.Skip(idx + 11).Take(4).ToArray(), 0) + 96;
Log.WriteLine("战斗基址{0}", StringUtil.IntToHex(addr.zd));
}
//搜索窗口地址
idx = BytesIndexOf(buffer, StringUtil.strToToHexByte("83 C4 04 85 C9 74 06 8B 01 56 FF 50 28"));
if (idx > 0)
{
addr.win = BitConverter.ToInt32(buffer.Skip(idx + 15).Take(4).ToArray(), 0);
Log.WriteLine("窗口地址{0}", StringUtil.IntToHex(addr.win));
addr.dialogue = LoadDll.ReadMemoryValue(pid.ToInt32(), addr.win);
addr.dialogue = LoadDll.ReadMemoryValue(pid.ToInt32(), addr.dialogue + 84);
addr.dialogue = LoadDll.ReadMemoryValue(pid.ToInt32(), addr.dialogue + 4);
addr.dialogue = LoadDll.ReadMemoryValue(pid.ToInt32(), addr.dialogue + 64);
addr.dialogue = LoadDll.ReadMemoryOffsetValue(pid.ToInt32(), addr.dialogue, 4);
Log.WriteLine("基址对话:{0}", StringUtil.IntToHex(addr.dialogue));
}
////寻路HOOK
idx = BytesIndexOf(buffer, StringUtil.strToToHexByte("85 D2 0F 95 C0 0F B6 C0 50 6A 01 51 55 FF B6 14 01 00 00 8B CF FF B6 10 01 00 00"));
if (idx > 0)
{
addr.way = idx + start;
Log.WriteLine("寻路基址:{0}", StringUtil.IntToHex(addr.way));
}
//包开始地址
idx = BytesIndexOf(buffer, StringUtil.strToToHexByte("7E 08 8A C2 B3 35 F6 EB"));
if (idx > 0)
{
addr.toPkg = start + idx + 1 + 27;
addr.pkgEnd = addr.toPkg - 41;
Log.WriteLine("转包基址:{0}", StringUtil.IntToHex(addr.toPkg));
Log.WriteLine("包止基址:{0}", StringUtil.IntToHex(addr.pkgEnd));
}
//明文地址
idx = BytesIndexOf(buffer, StringUtil.strToToHexByte("8B 44 24 04 8A 4C 24 0C"));
if (idx > 0)
{
addr.msg = start + idx + 1 + 7;
Log.WriteLine("明文基址:{0}", StringUtil.IntToHex(addr.msg));
}
}
LoadDll.CloseHandle(hProcess);
return(addr);
}
