冒险岛无敌外挂代码诠释
最新推荐文章于 2025-08-16 08:36:59 发布
原创
最新推荐文章于 2025-08-16 08:36:59 发布
·
6.6k 阅读
·
0
·
2
·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:
#timer
#function
#游戏
#integer
#string
#user
手切外挂
专栏收录该内容
5 篇文章
订阅专栏
这篇博客揭示了冒险岛无敌外挂的工作方式,通过定时器和检查点控制,使用API函数查找游戏进程,修改内存地址实现无敌状态。外挂通过监听F11和F12键激活,对内存特定地址写入特定数值以达到无敌效果。
外挂是怎么执行和实现冒险岛无敌状态的.下面外挂源程序的主窗口代码:窗口区有两个Timer和两个Check,两个Timer的Interval = 100 1000/1秒.这是主要的控件.第一个Timer的代码,因为Timer的Interval 取值是 100 ,所以每100毫秒执行一次Timer代码.先看这段:Private Sub Timer1_Timer()'用if判断语句判断是否按下了键盘F11If MyHotKey(vbKeyF11) Then'If Check1.Value Then '再次用if判断Check1是否已经选取.Value取值有0 , 1 , 2;Check1被选取成立就执行wudi的代码If Check1.Value Then'这里是wudi代码,作者把它放到Module1模块里 ,作者把执行wudi的代码简单化了.其实也可以这么写,便于理解[Aall wudi()], 函数Aall调用wudi()wudiEnd if'如果if判断成立,也就是按下了F12就执行下一段代码.ElseIf MyHotKey(vbKeyF12) ThenIf Check2.Value ThengongjiEnd IfElseEnd IfEnd Sub第二个Timer的代码,Interval 取值同样是 100 .Private Sub Timer2_Timer()'定义ID , Gamehwnd1Dim ID As Long, Gamehwnd1 As Long'查找冒险岛游戏的句柄,赋值给Gamehwnd1Gamehwnd1 = FindWindow(vbNullString, "Maplestory")'用GetWindowThreadProcessId获取冒险岛游戏的进程IDGetWindowThreadProcessId Gamehwnd1, ID '以全部权力打开进程hProces1 = OpenProcess(PROCESS_ALL_ACCESS, False, ID) '这里又用到了if , (hProces1 = 0) 就是没有冒险岛的句柄,反之游戏已加载.If (hProces1 = 0) Then'游戏未启动通过Label1标题来显示证明 "游戏未启动" ,然后关闭Timer1Label1.Caption = "游戏未启动"'其实程序在制作初期就设定Timer1的Enabled为无效 False , 写不写这段代码无所谓Timer1.Enabled = FalseElse'游戏未启动通过Label1标题来显示证明 "游戏已启动" ,然后打开Timer1Label1.Caption = "游戏已启动"Timer1. Enabled = TrueEnd If结束Timer2代码End Sub模块代码:'FindWindow :查找指定窗体的API函数Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long'GetWindowThreadProcessId : 取得指定窗体的进程ID函数Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As Long, lpdwProcessId As Long) As Long'OpenProcess : 打开指定的进程用到的函数Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long'WriteProcessMemory :写进程内存用到的函数Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long'ReadProcessMemory :写进程内存用到的函数Public Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long'CloseHandle :关闭进程用到的函数Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long' GetAsyncKeyState : 虚拟键表判断按键的类型的函数Public Declare Function GetAsyncKeyState Lib "user32" (ByVal vkey As Long) As Integer'定义hProces1Public hProces1 As Long下面定义的wudi代码Public Sub wudi()'if判断冒险岛游戏是否存在If (hProces1 = 0) Then'向目标地址写入数值, 把内存地址585D55替换成F26B07,这里有用吗?WriteProcessMemory hProces1, ByVal &H585D55, &HF2, 1, 0&WriteProcessMemory hProces1, ByVal &H585D56, &H6B, 1, 0&WriteProcessMemory hProces1, ByVal &H585D57, &H0, 1, 0&WriteProcessMemory hProces1, ByVal &H585D58, &H7, 1, 0&Else''向目标地址写入数值, 把内存地址585D55替换成E91F60.这才是重点外挂执行无敌代码WriteProcessMemory hProces1, ByVal &H585D55, &HE9, 1, 0&WriteProcessMemory hProces1, ByVal &H585D56, &H1F, 1, 0&WriteProcessMemory hProces1, ByVal &H585D57, &H6, 1, 0&WriteProcessMemory hProces1, ByVal &H585D58, &H0, 1, 0&End If'关闭进程CloseHandle hProces1End Sub下面代码解释同上Public Sub gongji()If (hProces1 = 0) ThenWriteProcessMemory hProces1, ByVal &H574F9B, &H14, 1, 0&WriteProcessMemory hProces1, ByVal &H574FA0, &H13, 1, 0&WriteProcessMemory hProces1, ByVal &H574FA0, &H0, 1, 0&WriteProcessMemory hProces1, ByVal &H574FA0, &H1 ,1, 0&ElseWriteProcessMemory hProces1, ByVal &H574F9B, &H1C, 1, 0&WriteProcessMemory hProces1, ByVal &H574F9F, &H4, 1, 0&WriteProcessMemory hProces1, ByVal &H574FA0, &H0, 1, 0&WriteProcessMemory hProces1, ByVal &H574FA0, &H0, 1, 0&End IfCloseHandle hProces1End Sub