零基础制作【武林外传】辅助工具(二)

来源：互联网发布：极域电子教室网络锁屏编辑：程序博客网时间：2024/04/30 23:18

零基础制作【武林外传】辅助工具(二)

1.建立一个新的标准EXE工程，我们就可以开始这次的学习了。

2.我们要建立一个模块，然后添加以下代码：

Option Explicit
'---------------声明函数-----------------------
'得到窗体句柄的函数,FindWindow函数用来返回符合指定的类名( ClassName )和窗口名( WindowTitle )的窗口句柄
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
'得到窗体控件句柄的函数
Public Declare Function FindWindowEx Lib "user32" Alias "FindWindowExA" (ByVal hWnd1 As Long, ByVal hWnd2 As Long, ByVal lpsz1 As String, ByVal lpsz2 As String) As Long
'得到进程标识符的函数
Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
'得到目标进程句柄的函数
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
'关闭句柄的函数
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
'读取进程内存的函数
Public Declare Function ReadProcessMemory Lib "kernel32.dll" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, ByRef lpBuffer As Any, ByVal nSize As Long, ByRef lpNumberOfBytesWritten As Long) As Long
'参数决定了对进程的存储权限，使用完全控制
Public Const PROCESS_ALL_ACCESS = &H1F0FFF

3.接下来Form中，我们要在程序启动时连接游戏窗口，以下是Form_Load的代码：
Dim hwd As Long ‘ 储存 FindWindow 函数返回的句柄
Dim pid As Long
Dim hProcess As Long '存放进程句柄

Private Sub Form_Load()
hwd = FindWindow("QElementClient Window", "Element Client")
If hwd = 0 Then
  MsgBox "未启动游戏", vbOKOnly, "提示"
  Unload Form1
End If
GetWindowThreadProcessId hwd, pid   '获取进程标识符
'将进程标识符做为参数，返回目标进程PID的句柄，得到此句柄后
'即可对目标进行读写操,PROCESS_ALL_ACCESS表示完全控制,权限最大
hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, pid)
If hProcess = 0 Then
  MsgBox "不能打开进程", vbOKOnly, "提示"
  Unload Form1
End If
CloseHandle hProcess

4.我们在Form中添加一个Label控件和一个Timer控件，设置Timer的Interval属性为100，Timer1_Timer的代码如下：
Dim h As Long
hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, pid)

If hProcess Then
  ReadProcessMemory hProcess, ByVal &H8C6A54, h, 4, 0& ‘这三条代码读取获得生命值
  ReadProcessMemory hProcess, ByVal h + &H24, h, 4, 0&
  ReadProcessMemory hProcess, ByVal h + &H254, h, 4, 0&

CloseHandle hProcess
End If

Label1.Caption = h '输出生命值

下面我们来给外挂增加自动保护功能.
1.首先我们要绘制一个界面，最先添加一个Frame控件、最少两个Label控件用于输出生命和真气值、两个Text控件用于输入数据还有两个Timer控件，分别改名为TimerList及TimerAdd，最后添加一个Command控件。可以参考下图，呵呵~我知道你可以画的更好看！

2.下一步就是添加代码了，和上次一样新建一个模块，模块内容如下：

发送消息函数和延迟函数是以前内容没有用过的，这回我们将涉及发送模拟键盘消息给窗口，所以加入这两个函数。
3.做好模块，下一步该写Form了。同样还是声明一些变量及Form_Load，代码如下：

[code]
Dim hwd As Long
Dim pid As Long
Dim hProcess As Long '存放进程句柄
Dim base As Long   '存放人物基地址
Dim hp As Long     '存储生命值
Dim hpmax As Long   '存储生命最大值
Dim mp As Long     '存储真气值
Dim mpmax As Long   '存储真气最大值

4.下一步，我们通过TimerList显示人物信息，设置TimerList的Interval属性值为1000，其代码如下：
[code]
Private Sub TimerList_Timer() '显示人物信息时钟
Dim name(31) As Byte '存储人物名称
Dim name_temp As Long

hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
If hProcess Then
  ReadProcessMemory hProcess, ByVal &H8C9E54, base, 4, 0&
  ReadProcessMemory hProcess, ByVal base + &H24, base, 4, 0&     '得到为人物基地址，方便以后使用
  ReadProcessMemory hProcess, ByVal base + &H254, hp, 4, 0&     '得到生命值
  ReadProcessMemory hProcess, ByVal base + &H26C, hpmax, 4, 0&   '得到生命最大值
  ReadProcessMemory hProcess, ByVal base + &H258, mp, 4, 0&     '得到真气值
  ReadProcessMemory hProcess, ByVal base + &H270, mpmax, 4, 0&   '得到真气最大值
  ReadProcessMemory hProcess, ByVal base + &H390, name_temp, 4, 0&
  ReadProcessMemory hProcess, ByVal name_temp, name(0), 32, 0&   '得到人物名称
  CloseHandle hProcess
End If
Frame1.Caption = name   '显示人物名称
Label2.Caption = "生命值：" & hp & "/" & hpmax '显示生命值
Label3.Caption = "真气值：" & mp & "/" & mpmax '显示真气值
End Sub
[/code]

现在可以运行一下看看数值是否能正常显示！
5.在来做第二个TimerAdd，设置Enabled = False，Interval属性值为100，期代码如下：
[code]
Private Sub TimerAdd_Timer()   '加血判断时钟
If Val(Text1.Text) > hp Then   '比较当前血量是否比预定值低，是则按下F1健
  SendMessage hwd, &H100, &H70, 0&   '按住F1键，&H100代表按下，&H70代表F1
  SendMessage hwd, &H101, &H70, 0&   '松开F1键，&H101代表松开，&H70代表F1
  Sleep Val(Text2.Text)   '延迟text2中的数值，用val()取数值
End If
End Sub
[/code]

6.最后就剩下Command了，设置其Caption属性为“开始”，期代码如下：
[code]
Private Sub Command1_Click()
If Command1.Caption = "开始" Then   '按下标签为“开始”的按钮，激活TimerAdd并改变标签为“停止”
   TimerAdd.Enabled = True
   Command1.Caption = "停止"
ElseIf Command1.Caption = "停止" Then   '刚好和上面相反
   TimerAdd.Enabled = False
   Command1.Caption = "开始"
End If
End Sub

7.小功告成！运行测试看看，能否实现加血功能！那加蓝、补助技能呢？

8.本次内容重点：SendMessage /通过此函数实现模拟键盘操作功能Sleep /必不可少的延迟函数

9.当然，你看完整个文章或者在测试的时候会发现，这个程序还有很多的漏洞或者说还可以做的更完善，没错，这就是接下来你要做的，还是那句话：“因为我知道你可以做的到”

ps:自己设置按键

SendMessage hwd, &H100, Key(Combo1.ListIndex), 0&
SendMessage hwd, &H101, Key(Combo1.ListIndex), 0&

Private Function Key(Anjian As Long) As Long '用于转换按键的函数
Select Case Anjian
  Case 0
     Key = &H70 ‘F1
  Case 1
     Key = &H71 'F2
  Case 2
     Key = &H72 'F3
  Case 3
     Key = &H73 'F4
  Case 4
     Key = &H74
  Case 5
     Key = &H75
  Case 6
     Key = &H76
  Case 7
     Key = &H77
  Case 8
     Key = &H31 '1
  Case 9
     Key = &H32 '2
  Case 10
     Key = &H33 '3
  Case 11
     Key = &H34
  Case 12
     Key = &H35
  Case 13
     Key = &H36
  Case 14
     Key = &H37
  Case 15
     Key = &H38
  Case 16
     Key = &H39 '9
  Case 17
     Key = &H30 '0
End Select
End Function

我们已经学会如何监视血量达到加血的功能，其实自动攻击和加血的核心原理是一样的，同样是发送消息给游戏窗口，只不过要先通过按Tab键选去身边的怪然后按攻击快捷键打怪。

提示：
SYSKEYDOWN = &H104
KeyDOWN = &H100
KeyUP = &H101
CHAR = &H102
SHIFT = &H10 'Shift键的常数
CONTROL = &H11 'Ctrl键的常数
MENU = &H12 'Windows键的常数
TAB = &H9 'Tab键的常数

[[eax]+ &H798] '&H798 或地址 &H0354AF44 当前目标怪物ID ,为负就是怪，为正就是NPC或玩家,为0则怪物死亡或没有选择
[[eax] + &H408] '人物攻击状态，攻击时为1,无动作为0
[[eax] + &H25C] '&H25C 当前经验值，十进制
[[[[eax]+&h8]+&h24]+&h14] '地上所有物品数量，包含别人打掉地上的物品

2.我们要做一个小程序，用于显示地面上的所有物品。添加一个List控件、一个Time控件，如下图所示。

3.下面添加代码！
3.1.模块：
Option Explicit
'---------------声明函数-----------------------
'得到窗体句柄的函数,FindWindow函数用来返回符合指定的类名( ClassName )和窗口名( WindowTitle )的窗口句柄
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
'得到窗体控件句柄的函数
Public Declare Function FindWindowEx Lib "user32" Alias "FindWindowExA" (ByVal hWnd1 As Long, ByVal hWnd2 As Long, ByVal lpsz1 As String, ByVal lpsz2 As String) As Long
'得到进程标识符的函数
Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
'得到目标进程句柄的函数
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
'关闭句柄的函数
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
'读取进程内存的函数
Public Declare Function ReadProcessMemory Lib "kernel32.dll" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, ByRef lpBuffer As Any, ByVal nSize As Long, ByRef lpNumberOfBytesWritten As Long) As Long
'参数决定了对进程的存储权限，使用完全控制
Public Const PROCESS_ALL_ACCESS = &H1F0FFF

3.2.Form_Load:
Option Explicit
Dim hwd As Long
Dim pid As Long
Dim hProcess As Long '存放进程句柄

3.3.Timer_Timer:
'Timer.interval=1000，利用1秒的延迟显示列表

Private Sub Timer1_Timer() '显示地面物品名称列表
Dim base As Long   '存储地址
Dim mecxi As Long   '存储地址
Dim pn As Integer   '循环变量
Dim WpName(65) As Byte '存储物品名称

List1.Clear '用于刷新物品列表
If hProcess Then
  ReadProcessMemory hProcess, ByVal &H8C9E54, mecxi, 4, 0
  ReadProcessMemory hProcess, ByVal mecxi + &H8, mecxi, 4, 0
  ReadProcessMemory hProcess, ByVal mecxi + &H24, mecxi, 4, 0 '得到物品数量
  If mecxi <> 0 Then
    For pn = 0 To 768   '循环用来判断那个值内存在物品
      ReadProcessMemory hProcess, ByVal mecxi + &H18, base, 4, 0
      ReadProcessMemory hProcess, ByVal base + pn * 4, base, 4, 0   '从列表中选出地面上物品的地址
      If base > 0 Then '判断是否存在物品
          ReadProcessMemory hProcess, ByVal base + 4, base, 4, 0
          ReadProcessMemory hProcess, ByVal base + &H164, base, 4, 0
          ReadProcessMemory hProcess, ByVal base, WpName(0), 64, 0   '得到物品名称
           List1.AddItem WpName   '添加到List控件
        End If
    Next pn
  End If
End If
End Sub

3.4.Form_Unload：
Private Sub Form_Unload(Cancel As Integer)
CloseHandle hProcess
End Sub