奇迹外挂预览(无源码,无程序)
本帖最后由 lanfengc 于 2010-7-6 10:26 编辑呵呵。研究了2天。总算有点眉目了。 打怪的功能还没完善好。。
目前完成的功能:
1.自动加血加蓝
2.实时刷新人物信息并显示到外挂
3.当前地图缩略图显示及人物在缩略图上的标注(图中的小红点)
4.游戏服务器读取及用挂启动相应的服务器客户端
MU..很久没玩了 ..怎么楼主会做个外挂 呢? 回复 2# ixxxxyou
这个游戏的选怪模式跟大部分网游不同。 想挑战下自己。 楼主很厉害哦!一直以来对内存基址的获取和操作都很陌生,向楼主学习! 回复 4# 水木子
学会使用CE 和OD做平常的游戏外挂就没那么难。
有些游戏有驱动保护,比较难。 哈哈,我之前也有研究过。送你一段代码。引怪的,不过只能引一只。
版本应该是1.07的。期待你的大作。ProcessSetPriority(@AutoItPID, 4)
_GetPrivilege_SEDEBUG()
Dim $CurProcID = ""
$Mu = ProcessList()
For $i = 1 To $Mu
If StringLeft($Mu[$i], 2) = "mu" And StringRight($Mu[$i], 4) = ".tmp" Then
$CurProcID = $Mu[$i]
ExitLoop
EndIf
Next
If $CurProcID = "" Then
MsgBox(0, "", "获取进程失败,程序将退出")
Exit
EndIf
$Handle = _MemoryOpen($CurProcID)
$guaiMem = 0x07b379b8 ;怪物的基址
$guaiMem = _MemoryRead("0x" & Hex($guaiMem), $Handle)
$guaiNameMem = "0x" & Hex($guaiMem + 0x38)
$guaiName = _MemoryRead($guaiNameMem, $Handle, "char") ;怪物的名字
$guaiXMem = "0x" & Hex($guaiMem + 0x38 - 0xB)
$guaiX = _MemoryRead($guaiXMem, $Handle, "BYTE") ;怪物坐标X
$guaiYMem = "0x" & Hex($guaiMem + 0x38 - 0xA)
$guaiY = _MemoryRead($guaiYMem, $Handle, "BYTE") ;怪物坐标Y
$guaiSD = "0x" & Hex($guaiMem + 0x38 - 0xC) ;怪的移动速度?其实不是的。
$MeMem = 0x07B379C0 ;自己的坐标基址
$MeMem = _MemoryRead("0x" & Hex($MeMem), $Handle)
$MeXMem = "0x" & Hex($MeMem + 0x84) ;自己的坐标X
$MeYMem = "0x" & Hex($MeMem + 0x88) ;自己的坐标Y
While 1
Sleep(10)
$MeX = _MemoryRead($MeXMem, $Handle)
$MeY = _MemoryRead($MeYMem, $Handle)
$guaiX = _MemoryRead($guaiXMem, $Handle, "BYTE")
$guaiY = _MemoryRead($guaiYMem, $Handle, "BYTE")
_MemoryWrite($guaiSD, $Handle, "10", "BYTE")
_MemoryWrite($guaiXMem, $Handle, $MeX, "BYTE")
_MemoryWrite($guaiYMem, $Handle, $MeY, "BYTE")
WEnd
Func _MemoryOpen($iv_Pid, $iv_DesiredAccess = 0x1F0FFF, $if_InheritHandle = 1)
If Not ProcessExists($iv_Pid) Then
SetError(1)
Return 0
EndIf
Local $ah_Handle =
If @error Then
SetError(2)
Return 0
EndIf
Local $av_OpenProcess = DllCall($ah_Handle, 'int', 'OpenProcess', 'int', $iv_DesiredAccess, 'int', $if_InheritHandle, 'int', $iv_Pid)
If @error Then
DllClose($ah_Handle)
SetError(3)
Return 0
EndIf
$ah_Handle = $av_OpenProcess
Return $ah_Handle
EndFunc ;==>_MemoryOpen
;=================================================================================================
Func _MemoryRead($iv_Address, $ah_Handle, $sv_Type = 'dword')
If Not IsArray($ah_Handle) Then
SetError(1)
Return 0
EndIf
Local $v_Buffer = DllStructCreate($sv_Type)
If @error Then
SetError(@error + 1)
Return 0
EndIf
DllCall($ah_Handle, 'int', 'ReadProcessMemory', 'int', $ah_Handle, 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
If Not @error Then
Local $v_Value = DllStructGetData($v_Buffer, 1)
Return $v_Value
Else
SetError(6)
Return 0
EndIf
EndFunc ;==>_MemoryRead
;=================================================================================================
Func _MemoryClose($ah_Handle)
If Not IsArray($ah_Handle) Then
SetError(1)
Return 0
EndIf
DllCall($ah_Handle, 'int', 'CloseHandle', 'int', $ah_Handle)
If Not @error Then
DllClose($ah_Handle)
Return 1
Else
DllClose($ah_Handle)
SetError(2)
Return 0
EndIf
EndFunc ;==>_MemoryClose
;=================================================================================================
Func _MemoryWrite($iv_Address, $ah_Handle, $v_Data, $sv_Type = 'dword')
If Not IsArray($ah_Handle) Then
SetError(1)
Return 0
EndIf
Local $v_Buffer = DllStructCreate($sv_Type)
If @error Then
SetError(@error + 1)
Return 0
Else
DllStructSetData($v_Buffer, 1, $v_Data)
If @error Then
SetError(6)
Return 0
EndIf
EndIf
DllCall($ah_Handle, 'int', 'WriteProcessMemory', 'int', $ah_Handle, 'int', $iv_Address, 'ptr', DllStructGetPtr($v_Buffer), 'int', DllStructGetSize($v_Buffer), 'int', '')
If Not @error Then
Return 1
Else
SetError(7)
Return 0
EndIf
EndFunc ;==>_MemoryWrite
; #FUNCTION# ;===============================================================================
;
; Name...........: _GetPrivilege_SEDEBUG
; Description ...: Obtains the SE_DEBUG privilege for the running process
; Syntax.........: _GetPrivilege_SEDEBUG()
; Parameters ....:
; Return values .: Success - Returns True
; Failure - Returns False and Sets @Error to 1
; Author ........: Erik Pilsits
; Modified.......:
; Remarks .......:
; Related .......:
; Link ..........;
; Example .......;
;
; ;==========================================================================================
Func _GetPrivilege_SEDEBUG()
Local $return = False
Local $tagLUIDANDATTRIB = "int64 Luid;dword Attributes"
Local $count = 1
Local $tagTOKENPRIVILEGES = "dword PrivilegeCount;byte LUIDandATTRIB[" & $count * 12 & "]" ; count of LUID structs * sizeof LUID struct
Local $TOKEN_ADJUST_PRIVILEGES = 0x20
Local $SE_PRIVILEGE_ENABLED = 0x2
Local $curProc = DllCall("kernel32.dll", "ptr", "GetCurrentProcess")
If @error Then Return False
Local $call = DllCall("advapi32.dll", "int", "OpenProcessToken", "ptr", $curProc, "dword", $TOKEN_ADJUST_PRIVILEGES, "ptr*", 0)
If (@error Or (Not $call)) Then Return False
Local $hToken = $call
$call = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "ptr", 0, "str", "SeDebugPrivilege", "int64*", 0)
If ((Not @error) And $call) Then
Local $iLuid = $call
Local $TP = DllStructCreate($tagTOKENPRIVILEGES)
Local $LUID = DllStructCreate($tagLUIDANDATTRIB, DllStructGetPtr($TP, "LUIDandATTRIB"))
DllStructSetData($TP, "PrivilegeCount", $count)
DllStructSetData($LUID, "Luid", $iLuid)
DllStructSetData($LUID, "Attributes", $SE_PRIVILEGE_ENABLED)
$call = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "ptr", $hToken, "int", 0, "ptr", DllStructGetPtr($TP), "dword", 0, "ptr", 0, "ptr", 0)
If Not @error Then $return = ($call <> 0) ; $call <> 0 is success
EndIf
DllCall("kernel32.dll", "int", "CloseHandle", "ptr", $hToken)
Return SetError(Number(Not $return), 0, $return)
EndFunc ;==>_GetPrivilege_SEDEBUG 地图文件都让你破解了? 作品展览区必须上传exe,暂时锁定,上传后联系管理人员解封。 再加个自捡金钱的!!就很不错了!! 看来得向楼主学习经验。向难度挑战 这也太强大了吧,支持一下。 非让P版教训教训你才行! 不错啊,期待功能的完善!
能否点击缩略地图移动呢? 初中时候的MU,现在都快忘记了,呵呵 学习下看看能用不有代码没