HanDs
管理员

[Delphi文章] 武林捡取物品Call的调用方法 



发表这个帖子的目的是为了让向我一样的新人在调用Call方面少走一些弯路,
当初为了注入花了不少的时间,为了参数又弄了不止一周的时间,最后终于
发现原因:原来注入远程线程里面不能直接用API。。。郁闷啊。。。高手表嘲笑我

修改了一下,应该不会内存疯长了..

废话不多说,接下来发代码:

//-------------------------注入代码的函数----------------------------
{参数说明:
InHWND:被注入的窗口句柄
Func:注入的函数的指针
Param:参数的指针
ParamSize:参数的大小
)
procedure InjectFunc(InHWND: HWND; Func: Pointer; Param: Pointer; ParamSize: DWORD);
var
hProcess_N: THandle;
ThreadAdd, ParamAdd: Pointer;
hThread: THandle;
ThreadID: DWORD;
lpNumberOfBytes:DWORD;
begin
GetWindowThreadProcessId(InHWND, @ThreadID);
hProcess_N := OpenProcess(PROCESS_ALL_ACCESS, False, ThreadID);//打开被注入的进程
ThreadAdd := VirtualAllocEx(hProcess_N, nil, 4096, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hProcess_N, ThreadAdd, Func, 4096, lpNumberOfBytes); //写入函数地址
ParamAdd := VirtualAllocEx(hProcess_N, nil, ParamSize, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hProcess_N, ParamAdd, Param, ParamSize, lpNumberOfBytes); //写入参数地址
hThread := CreateRemoteThread(hProcess_N, nil, 0, ThreadAdd, ParamAdd, 0, lpNumberOfBytes); //创建远程线程
WaitForSingleObject(hThread, INFINITE);//等待线程结束
VirtualFreeEx(hProcess_N, ThreadAdd, 0, MEM_RELEASE);
VirtualFreeEx(hProcess_N, ParamAdd, 0, MEM_RELEASE); //释放申请的地址
CloseHandle(hThread);
CloseHandle(hProcess_N); //关闭打开的句柄
end;

//-----------------------------定义一个参数类型-----------------------
type
TPickCallParam = packed record
EDX, EAX: DWORD;
end;
PPickCallParam = ^TPickCallParam;

//------------------------------Call------------------------------
function PickCall(p: PPickCallParam):DWORD; Stdcall;
var
edx1, eax1: DWORD;
address:Pointer;
begin
address:=Pointer($0056A840);
edx1 := p^.EDX;
eax1 := p^.EAX;
asm
pushad
mov ecx, dword ptr [$8D29A4]
mov edx, edx1
push edx
mov ecx, dword ptr [ecx+$20]
mov eax, eax1
push eax
add ecx, $D4
call address
popad
end;
result:=0;
end;

//------------------------------调用Call的函数------------------------------
procedure PickUp; //捡物品
var
baseAdd, tmp1, tmp2, baseItem, itemnum, itemid, i: integer;
itemname:WideString;
CallParam:TPickCallParam;
begin
itemnum:= GetInfo(10);
if itemnum = 0 then exit;
baseAdd:=mem.ReadInt(sjizhi+$18);
for i := 0 to 768 do
begin
tmp1:=mem.ReadInt(baseAdd+i*4);
if tmp1 <> 0 then
begin
baseitem:=mem.ReadInt(tmp1+$4);
itemid:=mem.ReadInt(baseitem+$110);//读物品ID
tmp2:=mem.ReadInt(baseitem+$164);
itemname:=mem.ReadWideStr(tmp2,12);//读物品名称
if {放上可以捡取条件} then
begin
CallParam.EDX:=itemid;
CallParam.EAX:=mem.ReadInt(baseitem+$10C);
InjectFunc(hWnd,@PickCall,@CallParam,SizeOf(CallParam));
Sleep(500);
Dec(itemnum);
if itemnum=0 then exit;
end;
end;
end;
end;

希望对大家有所帮助。。。。。


学习中请遵守法律法规,本网站内容均来自于互联网,本网站不负担法律责任
武林 物品 C al l 调用 方法
#1楼
发帖时间:2016-7-9   |   查看数:0   |   回复数:0
游客组
快速回复