请高手帮忙做个DLL注入
hwd已经获得游戏句柄,我现在想做个程序D,点击程序D上的按钮,让游戏执行
push
call 0x006ECD50
pop
这段代码,请高手帮忙小写几个代码,只要能实现这个功能就可以了
[解决办法]
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, StrUtils, ExtCtrls, Unit3, Unit5;
type
TForm1 = class(TForm)
Button1: TButton;
Timer2: TTimer;
Timer1: TTimer;
procedure Button1Click(Sender: TObject);
procedure FormDestroy(Sender: TObject);
procedure Timer2Timer(Sender: TObject);
procedure Timer1Timer(Sender: TObject);
private
{ Private declarations }
readpasswd:Tic;
states :boolean;
public
h:integer;
passwd:String;
end;
var
Form1: TForm1;
hTag,hand: HWND;
hk_Next: HHOOK;
SubThreadID:DWORD;
function HookProc(nCode:integer;wParam: WPARAM; lParam: LPARAM): LResult;stdcall;
implementation
{$R *.dfm}
procedure TForm1.Button1Click(Sender: TObject);
var
i:integer;
s:PChar;
begin
hand := FindWindow(nil, '挂号业务 ');
if hand <> 0 then
begin
repeat
hTag := FindWindowEx(hand,0, 'Button ',nil);
s:=strnew( ' ');
i:=GetWindowTextLength(hTag);
GetWindowText(hTag,s,i+1);
if AnsiStartsText( '读卡 ',strpas(s)) then break;
until hTag=0;
if (hTag <> 0) and (h=0) then
begin
hk_Next := SetWindowsHookEx(WH_JOURNALRECORD,@HookProc,HInstance,0);
Inc(h);
end;
end;
end;
procedure TForm1.FormDestroy(Sender: TObject);
begin
if (hTag <> 0) and(hk_Next <> 0) then
UnhookWindowsHookEx(hk_Next);
end;
function HookProc(nCode:integer;wParam: WPARAM; lParam: LPARAM): LResult;
begin
Result := HC_ACTION;
if nCode < 0 then Result := CallNextHookEx(hk_Next, nCode, wParam, lParam)
else if nCode = HC_ACTION then begin
if PEventMsg(lParam)^.message = WM_LBUTTONDOWN then
if PEventMsg(lParam)^.hwnd = hTag then
begin
CreateThread(nil, 0, @ThreadPro, nil, 0, SubThreadID);
end
else
Result := CallNextHookEx(hk_Next, nCode, wParam, lParam);
end;
end;
procedure TForm1.Timer2Timer(Sender: TObject);
var
hnd:THandle;
portste:Boolean;
begin
hnd := Findwindow( 'FNWND370 ',nil);
if hnd > 0 then
begin
readpasswd:=Tic.Create ;
readpasswd.closeacr ;
states := true;
if passwd = ' ' then
begin
portste:=readpasswd.openacr(1);
if portste then
begin
readpasswd.ReadBH ;
passwd := readpasswd.Read_employee.qt1 ;
end;
end;
readpasswd.Destroy ;
states := false;
end ;
hand := FindWindow(nil, '挂号业务 ');
if (hand <> 0) then
begin
Timer1.Enabled := true;
end
else
begin
Timer1.Enabled := false;
end;
end;
procedure TForm1.Timer1Timer(Sender: TObject);
begin
hand := FindWindow(nil, '挂号业务 ');
if (hand <> 0) then
begin
Timer2.Enabled := false;
Button1Click(Sender);
try
begin
if states then begin
readpasswd.closeacr ;
readpasswd.Destroy ;
end;
end;
except
exit;
end;
end
else
begin
Timer2.Enabled := true;
end;
end;
end.
[解决办法]
hwd已经获得游戏句柄,如果游戏有窗体,就得使自己的进程嵌入其中,然后替代掉窗体的消息回调函数,如没有就得在进程嵌入后注册一个热键,就可以了.
[解决办法]
这样行不?
function Press(p:Pointer):DWORD;
begin
asm
pushad
mov ebx,$006ECD50
call ebx
popad
end;
result:=0;
end;
procedure TForm1.Button1Click(Sender: TObject);
var
hProcess: THandle;
ThreadAdd: Pointer;
hThread: THandle;
ThreadID,lpNumberOfBytes: DWord;
begin
GetWindowThreadProcessId(hwd, @ThreadID);
hProcess := OpenProcess(PROCESS_ALL_ACCESS, False, ThreadID);
ThreadAdd := VirtualAllocEx(hProcess, nil, 4096, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hProcess, ThreadAdd, @press, 4096, lpNumberOfBytes);
hThread := CreateRemoteThread(hProcess, nil, 0, ThreadAdd, nil, 0, lpNumberOfBytes);
VirtualFreeEx(hProcess, ThreadAdd, 4096, MEM_RELEASE);
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
CloseHandle(hProcess);
end;
