扫雷游戏外挂例子
实现功能:
1再菜单中添加自动完成菜单
![\"\"](\"/Files/BeyondPic/2007-11/16/1.jpg\")
2显示鼠标当前位置是否为雷
![\"\"](\"/Files/BeyondPic/2007-11/16/2.jpg\")
源代码分为两部分
1app部分
.h//---------------------------------------------------------------------------
#
ndefH#
H//---------------------------------------------------------------------------
#
<Classes.hpp>#
<Controls.hpp>#
<StdCtrls.hpp>#
<Forms.hpp>#
WM_MYHOOK(WM_APP+1024)//---------------------------------------------------------------------------
TForm1:publicTForm{
__published://IDE-managedComponents
TButton*Button2;
TButton*Button3;
void__fastcallFormCreate(TObject*Sender);
void__fastcallButton2Click(TObject*Sender);
void__fastcallButton3Click(TObject*Sender);
private://Userdeclarations
HINSTANCEhDLL;
HWNDhHookedWindow;
unsignedlongMineHeight;//雷区高度起始地址
unsignedlongMineWidth;//雷区?度起始地址
unsignedlongMineStartAddress;
//雷区内容起始地址,依次是0x01005361+高*32+?
void__fastcallWMMYHOOK(TMessage&Message);
public://Userdeclarations
__fastcallTForm1(TComponent*Owner);
BEGIN_MESSAGE_MAP
MESSAGE_HANDLER(WM_MYHOOK,TMessage,WMMYHOOK);
END_MESSAGE_MAP(TForm);
};
//---------------------------------------------------------------------------
externPACKAGETForm1*Form1;
//---------------------------------------------------------------------------
#end
.cpp//---------------------------------------------------------------------------
#
<vcl.h>#pragmahdrstop
#
\".h\"//---------------------------------------------------------------------------
#pragmapackage(smart_init)
#pragmaresource\"*.dfm\"
TForm1*Form1;
typedef
(WINAPI*sthndl)(HWND,HWND);sthndlSetHandle;
typedef
(WINAPI*unsub)
;unsubUnSubClass;
//---------------------------------------------------------------------------
__fastcallTForm1::TForm1(TComponent*Owner)
:TForm(Owner)
{
hDLL=NULL;
MineHeight=0x01005338;
MineWidth=0x01005334;
MineStartAddress=0x01005361;
}
//---------------------------------------------------------------------------
void__fastcallTForm1::FormCreate(TObject*Sender)
{
hDLL=LoadLibrary((LPCTSTR)\"ShaoLeiWaiGua.dll\");
(hDLL
NULL){exit(1);
}
hHookedWindow=FindWindow(NULL,\"マインスイーパ\");
SetHandle=(sthndl)GetProcAddress(hDLL,\"SetHandle\");
UnSubClass=(unsub)GetProcAddress(hDLL,\"UnSub
\");}
//---------------------------------------------------------------------------
void__fastcallTForm1::Button2Click(TObject*Sender)
{
hHookedWindow=FindWindow(NULL,\"マインスイーパ\");
(hHookedWindowNULL){hHookedWindow=FindWindow(NULL,\"Minesweeper\");
}
(hHookedWindowNULL){MessageBox(0,\"CouldNotfindarunninginstanceofMymine. PleaseStartNotepadandtryagain\",\"Error\",0);
;}
HMENUhAppMenu;
hAppMenu=GetMenu(hHookedWindow);
AppendMenu(GetSubMenu(hAppMenu,1),MF_STRING,125,\"AutoComplete\");
SetHandle(hHookedWindow,this
->Handle);
}
//---------------------------------------------------------------------------
void__fastcallTForm1::Button3Click(TObject*Sender)
{
UnSubClass
;FreeLibrary(hDLL);
}
//---------------------------------------------------------------------------
void__fastcallTForm1::WMMYHOOK(TMessage&Message)
{
unsignedlongMineID;
GetWindowThreadProcessId(hHookedWindow,&MineID);
HANDLEMine=OpenProcess(PROCESS_VM_READ,true,MineID);
unsignedlongnSize=1;
unsignedlonglpNumberOfByteRead;
PBYTElpBuffer=StrAlloc(nSize);
ZeroMemory(lpBuffer,nSize);
mWidth,mHeight;(ReadProcessMemory(Mine,(LPCVOID)MineWidth,(LPVOID)lpBuffer,nSize,&lpNumberOfByteRead)){
mWidth=*(unsignedlong*)lpBuffer;
}
(ReadProcessMemory(Mine,(LPCVOID)MineHeight,(LPVOID)lpBuffer,nSize,&lpNumberOfByteRead)){
mHeight=*(unsignedlong*)lpBuffer;
}
yOffSet=60;xOffSet=20;row;col;for(row=0;row<=mHeight;row
){
for(col=0;col<=mWidth;col
){
(ReadProcessMemory(Mine,(LPCVOID)(MineStartAddress+row*32+col),(LPVOID)lpBuffer,nSize,&lpNumberOfByteRead)){
(*(unsignedlong*)lpBuffer!=0x8F){
SendMessage(hHookedWindow,WM_LBUTTONDOWN,0,(LPARAM)MAKELPARAM(xOffSet+16*col,yOffSet+16*row));
SendMessage(hHookedWindow,WM_LBUTTONUP,0,(LPARAM)MAKELPARAM(xOffSet+16*col,yOffSet+16*row));
SendMessage(hHookedWindow,WM_RBUTTONDOWN,0,(LPARAM)MAKELPARAM(xOffSet+16*col,yOffSet+16*row));
SendMessage(hHookedWindow,WM_RBUTTONUP,0,(LPARAM)MAKELPARAM(xOffSet+16*col,yOffSet+16*row));
SendMessage(hHookedWindow,WM_RBUTTONDOWN,0,(LPARAM)MAKELPARAM(xOffSet+16*col,yOffSet+16*row));
SendMessage(hHookedWindow,WM_RBUTTONUP,0,(LPARAM)MAKELPARAM(xOffSet+16*col,yOffSet+16*row));
}
{
SendMessage(hHookedWindow,WM_RBUTTONDOWN,0,(LPARAM)MAKELPARAM(xOffSet+16*col,yOffSet+16*row));
SendMessage(hHookedWindow,WM_RBUTTONUP,0,(LPARAM)MAKELPARAM(xOffSet+16*col,yOffSet+16*row));
}
}
}
}
StrDispose(lpBuffer);
CloseHandle(hHookedWindow);
}
[Page]
2dll部分
//---------------------------------------------------------------------------
#
<vcl.h>#
<windows.h>#
<iostream.h>#
<tlhelp32.h>#pragmahdrstop
//---------------------------------------------------------------------------
//ImportantnoteaboutDLLmemorymanagementwhenyourDLLusesthe
//
versionoftheRunTimeLibrary://
//IfyourDLLexportsanyfunctionsthatpassStringobjects(orstructs/
//
escontainingnestedStrings)asparameterorfunctionresults,//youwillneedtoaddthelibraryMEMMGR.LIBtoboththeDLLprojectand
//anyotherprojectsthatu
heDLL.YouwillalsoneedtouseMEMMGR.LIB//
anyotherprojectswhichuheDLLwillbeperforming
ordelete//operationsonanynon-TObject-derived
eswhichareexportedfromthe//DLL.AddingMEMMGR.LIBtoyourprojectwillchangetheDLLanditscalling
//EXE\'stou
heBORLNDMM.DLLastheirmemorymanager.Inthese
s,//thefileBORLNDMM.DLLshouldbedeployedalongwithyourDLL.
//
//ToavoidusingBORLNDMM.DLL,pass
informationusing\"char*\"or//ShortStringparameters.
//
//IfyourDLLusesthedynamicversionoftheRTL,youdonotneedto
//explicitlyaddMEMMGR.LIBasthiswillbedoneimplicitlyforyou
//---------------------------------------------------------------------------
#pragmaargsused
extern\"C\"__declspec(dllexport)
WINAPISetHandle(HWND,HWND);extern\"C\"__declspec(dllexport)
WINAPIUnSub;LRESULTCALLBACKWindowProc(HWNDhwnd,UINTuMsg,WPARAMwParam,LPARAMlParam);
LRESULTCALLBACKCBTProc(
nCode,WPARAMwParam,LPARAMlParam);LRESULTCALLBACKMouseProc(
nCode,WPARAMwParam,LPARAMlParam);HANDLEMapGlobalData(constAnsiStringMapName,
Size,LPVOID&P);voidReleaseGlobalData(HANDLEhandle,void*&Ptr);
typedefstruct{
HWNDhTarget;
HWNDhApp;
HINSTANCEhInstance;
longOldWndHndl;
BOOLblnsub
ed;HHOOKhWinHook;
HHOOKhMouseHook;
}TGlobalData,*PGlobalData;
constchar*GLOBAL_DATA_MAPNAME=
\"HOOK_GLOBAL_DATA\";
//---------------------------------------------------------------------------
PGlobalDatag_Data;
HANDLEMapHandle;
TH
Window*ht;unsignedlongMineHeight=0x01005338;
unsignedlongMineWidth=0x01005334;
unsignedlongMineStartAddress=0x01005361;
//---------------------------------------------------------------------------
//WindowProceduresofthesub
edwindowsLRESULTCALLBACKWindowProc(
HWNDhwnd,
UINTuMsg,
WPARAMwParam,
LPARAMlParam
)
{
(g_Data->hTargethwnd){longresult;
(uMsg273){//MessageImplyingMenuClicks(HIWORD(wParam)0&&LOWORD(wParam)125){result=SendNot
yMessage(g_Data->hApp,WM_APP+1024,(WPARAM)(LOWORD(wParam)),(LPARAM)uMsg);//Sendthemessagetothevbapp}
}
(uMsgWM_MOUSEMOVE){SendNot
yMessage(g_Data->hApp,WM_APP+1025,(WPARAM)(LOWORD(wParam)),(LPARAM)uMsg);//Sendthemessagetothevbapp
}
}
CallWindowProc((WNDPROC)(g_Data->OldWndHndl),hwnd,uMsg,wParam,lParam);}//EndProcedure
//---------------------------------------------------------------------------
//Functionto
theoriginalwindowprocedureofeachsubedwindowWINAPIUnSub{
(()g_Data->hTarget>1){SetWindowLong(g_Data->hTarget,GWL_WNDPROC,g_Data->OldWndHndl);//Setbacktheoldwindowprocedure
}
1;}//EndUnSub
function//---------------------------------------------------------------------------
WINAPIDllEntryPo(HINSTANCEhinst,unsignedlongreason,void*lpReserved){
MapHandle=MapGlobalData(GLOBAL_DATA_MAPNAME,
(TGlobalData),Poer(g_Data));g_Data->hInstance=hinst;
1;}
//---------------------------------------------------------------------------
//GetthehandlesoftheTargetwindowandoftheOurapplication
WINAPISetHandle(HWNDHandleofTarget,HWNDHandleofApp){
g_Data->hTarget=HandleofTarget;
g_Data->hApp=HandleofApp;
g_Data->hWinHook=SetWindowsHookEx(WH_CBT,(HOOKPROC)CBTProc,g_Data->hInstance,GetWindowThreadProcessId(g_Data->hTarget,NULL));
g_Data
->hMouseHook=SetWindowsHookEx(WH_MOUSE,(HOOKPROC)MouseProc,g_Data->hInstance,GetWindowThreadProcessId(g_Data->hTarget,NULL));
1;}//Endthisfunction
//----------------------------------------------------------------------------------------------------
//TheCBThookProc(ComputerBasedTrainingHook)
LRESULTCALLBACKCBTProc(
nCode,WPARAMwParam,LPARAMlParam){
(nCodeHCBT_ACTIVATE){//Calledwhentheapplicationwindowisactivated((HWND)(wParam)g_Data->hTarget){//checkthewindowactivatedisOurTargerApp(g_Data->blnsubedFALSE){((()g_Data->hTarget)>1){g_Data->OldWndHndl=SetWindowLong(g_Data->hTarget,GWL_WNDPROC,(long)WindowProc);//Sub
!!!!}
g_Data->blnsub
ed=TRUE;//Setstateassubed}
}
}
CallNextHookEx(NULL,nCode,wParam,lParam);}//Endofthehookprocedure
//----------------------------------------------------------------------------------------------------
//TheMouseProchookProc(ComputerBasedTrainingHook)
LRESULTCALLBACKMouseProc(
nCode,WPARAMwParam,LPARAMlParam){
(wParamWM_MOUSEMOVE){POINTpt;
GetCursorPos(&pt);
ScreenToClient(g_Data->hTarget,&pt);
pt.x=pt.x-12;
pt.y=pt.y-56;
(pt.x<0||pt.y<0){CallNextHookEx(NULL,nCode,wParam,lParam);}
col=pt.x/16;row=pt.y/16;oldrow=-1;oldcol=-1;((oldrowrow)&&(oldcolcol)){CallNextHookEx(NULL,nCode,wParam,lParam);}
{deleteht;
ht
=NULL;
}
oldrow=row;
oldcol=col;
unsignedlongnSize=1;
unsignedlonglpNumberOfByteRead;
PBYTElpBuffer=StrAlloc(nSize);
ZeroMemory(lpBuffer,nSize);
unsignedlongMineID;
GetWindowThreadProcessId(g_Data->hTarget,&MineID);
HANDLEMine=OpenProcess(PROCESS_VM_READ,true,MineID);
mWidth,mHeight;(ReadProcessMemory(Mine,(LPCVOID)MineWidth,(LPVOID)lpBuffer,nSize,&lpNumberOfByteRead)){
mWidth=*(unsignedlong*)lpBuffer;
}
(ReadProcessMemory(Mine,(LPCVOID)MineHeight,(LPVOID)lpBuffer,nSize,&lpNumberOfByteRead)){
mHeight=*(unsignedlong*)lpBuffer;
}
(row<=mHeight&&col<=mWidth&&ReadProcessMemory(Mine,(LPCVOID)(MineStartAddress+row*32+col),(LPVOID)lpBuffer,nSize,&lpNumberOfByteRead)){ht=
THWindow(g_Data->hTarget);pt.x=pt.x+15;
pt.y=pt.y+48;
ClientToScreen(g_Data->hTarget,&pt);
(*(unsignedlong*)lpBuffer!=0x8F){
TRectrect=Rect(pt.x,pt.y,pt.x+ht->Canvas->TextWidth(\"NotLei\")+5,pt.y+ht->Canvas->TextHeight(\"NotLei\")+2);
ht->ActivateH
(rect,\"NotLei\");}
{TRectrect=Rect(pt.x,pt.y,pt.x+ht->Canvas->TextWidth(\"Lei\")+5,pt.y+ht->Canvas->TextHeight(\"Lei\")+2);
ht->ActivateH
(rect,\"Lei\");}
}
CloseHandle(g_Data->hTarget);
}
CallNextHookEx(NULL,nCode,wParam,lParam);}//Endofthehookprocedure
//----------------------------------------------------------------------------------------------------
HANDLEMapGlobalData(constAnsiStringMapName,
Size,LPVOID&P){
HANDLEret=CreateFileMapping((HANDLE)0xFFFFFFFF,NULL,PAGE_READWRITE,0,Size,MapName.c_str
);(ret0){(GetLastErrorERROR_ALREADY_EXISTS){ret=OpenFileMapping(FILE_MAP_ALL_ACCESS,false,MapName.c_str
);(ret0)ret;}
{ret;}
}
P=(LPVOID)MapViewOfFile(ret,FILE_MAP_ALL_ACCESS,0,0,0);
(PNULL){CloseHandle(ret);
ret=0;
}
ret;}
//----------------------------------------------------------------------------------------------------
voidReleaseGlobalData(HANDLEhandle,void*&Ptr)
{
(Ptr){UnmapViewOfFile(Ptr);
Ptr=
NULL;
}
(handle!=0){CloseHandle(handle);
handle=0;
}
}
//----------------------------------------------------------------------------------------------------
最新评论