1.首先我們要繪製一個界面,最先添加一個Frame控件、最少兩個Label控件用於輸出生命和真氣值、兩個Text控件用於輸入數據還有兩個Timer控件,分別改名爲TimerList及TimerAdd,最後添加一個Command控件。可以參考下圖,呵呵~我知道你可以畫的更好看!
2.下一步就是添加代碼了,和上次一樣新建一個模塊,模塊內容如下:
Option Explicit '---------------聲明函數----------------------- '得到窗體句柄的函數,FindWindow函數用來返回符合指定的類名( ClassName )和窗口名( WindowTitle )的窗口句柄 Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long '得到窗體控件句柄的函數 Public Declare Function FindWindowEx Lib "user32" Alias "FindWindowExA" (ByVal hWnd1 As Long, ByVal hWnd2 As Long, ByVal lpsz1 As String, ByVal lpsz2 As String) As Long '得到進程標識符的函數 Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long '得到目標進程句柄的函數 Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long '關閉句柄的函數 Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long '讀取進程內存的函數 Public Declare Function ReadProcessMemory Lib "kernel32.dll" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, ByRef lpBuffer As Any, ByVal nSize As Long, ByRef lpNumberOfBytesWritten As Long) As Long '參數決定了對進程的存儲權限,使用完全控制 Public Const PROCESS_ALL_ACCESS = &H1F0FFF '發送信息的函數 Public Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long Public Declare Function PostMessage Lib "user32" Alias "PostMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long '延遲函數 Public Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)
發送消息函數和延遲函數是以前內容沒有用過的,這回我們將涉及發送模擬鍵盤消息給窗口,所以加入這兩個函數。
3.做好模塊,下一步該寫Form了。同樣還是聲明一些變量及Form_Load,代碼如下:Dim hwd As Long Dim pid As Long Dim hProcess As Long '存放進程句柄 Dim base As Long '存放人物基地址 Dim hp As Long '存儲生命值 Dim hpmax As Long '存儲生命最大值 Dim mp As Long '存儲真氣值 Dim mpmax As Long '存儲真氣最大值 Private Sub Form_Load() hwd = FindWindow("QElementClient Window", "Element Client") If hwd = 0 Then MsgBox "未啓動遊戲", vbOKOnly, "提示" Unload Form1 End If GetWindowThreadProcessId hwd, pid '獲取進程標識符 '將進程標識符做爲參數,返回目標進程PID的句柄,得到此句柄後 '即可對目標進行讀寫操,PROCESS_ALL_ACCESS表示完全控制,權限最大 hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, pid) If hProcess = 0 Then MsgBox "不能打開進程", vbOKOnly, "提示" Unload Form1 End If CloseHandle hProcess End Sub4.下一步,我們通過TimerList顯示人物信息,設置TimerList的Interval屬性值爲1000,其代碼如下:Private Sub TimerList_Timer() '顯示人物信息時鐘 Dim name(31) As Byte '存儲人物名稱 Dim name_temp As Long hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, pid) If hProcess Then ReadProcessMemory hProcess, ByVal &H8C9E54, base, 4, 0& ReadProcessMemory hProcess, ByVal base + &H24, base, 4, 0& '得到爲人物基地址,方便以後使用 ReadProcessMemory hProcess, ByVal base + &H254, hp, 4, 0& '得到生命值 ReadProcessMemory hProcess, ByVal base + &H26C, hpmax, 4, 0& '得到生命最大值 ReadProcessMemory hProcess, ByVal base + &H258, mp, 4, 0& '得到真氣值 ReadProcessMemory hProcess, ByVal base + &H270, mpmax, 4, 0& '得到真氣最大值 ReadProcessMemory hProcess, ByVal base + &H390, name_temp, 4, 0& ReadProcessMemory hProcess, ByVal name_temp, name(0), 32, 0& '得到人物名稱 CloseHandle hProcess End If Frame1.Caption = name '顯示人物名稱 Label2.Caption = "生命值:" & hp & "/" & hpmax '顯示生命值 Label3.Caption = "真氣值:" & mp & "/" & mpmax '顯示真氣值 End Sub現在可以運行一下看看數值是否能正常顯示!5.在來做第二個TimerAdd,設置Enabled = False,Interval屬性值爲100,期代碼如下:Private Sub TimerAdd_Timer() '加血判斷時鐘 If Val(Text1.Text) > hp Then '比較當前血量是否比預定值低,是則按下F1健 SendMessage hwd, &H100, &H70, 0& '按住F1鍵,&H100代表按下,&H70代表F1 SendMessage hwd, &H101, &H70, 0& '鬆開F1鍵,&H101代表鬆開,&H70代表F1 Sleep Val(Text2.Text) '延遲text2中的數值,用val()取數值 End If End Sub6.最後就剩下Command了,設置其Caption屬性爲“開始”,期代碼如下:Private Sub Command1_Click() If Command1.Caption = "開始" Then '按下標籤爲“開始”的按鈕,激活TimerAdd並改變標籤爲“停止” TimerAdd.Enabled = True Command1.Caption = "停止" ElseIf Command1.Caption = "停止" Then '剛好和上面相反 TimerAdd.Enabled = False Command1.Caption = "開始" End If End Sub7.小功告成!運行測試看看,能否實現加血功能!那加藍、補助技能呢?8.本次內容重點:
SendMessage /通過此函數實現模擬鍵盤操作功能
Sleep /必不可少的延遲函數
9.當然,你看完整個文章或者在測試的時候會發現,這個程序還有很多的漏洞或者說還可以做的更完善,沒錯,這就是接下來你要做的,還是那句話:“因爲我知道你可以做的到”ps:自己設置按鍵SendMessage hwd, &H100, Key(Combo1.ListIndex), 0& SendMessage hwd, &H101, Key(Combo1.ListIndex), 0& Private Function Key(Anjian As Long) As Long '用於轉換按鍵的函數 Select Case Anjian Case 0 Key = &H70 ‘F1 Case 1 Key = &H71 'F2 Case 2 Key = &H72 'F3 Case 3 Key = &H73 'F4 Case 4 Key = &H74 Case 5 Key = &H75 Case 6 Key = &H76 Case 7 Key = &H77 Case 8 Key = &H31 '1 Case 9 Key = &H32 '2 Case 10 Key = &H33 '3 Case 11 Key = &H34 Case 12 Key = &H35 Case 13 Key = &H36 Case 14 Key = &H37 Case 15 Key = &H38 Case 16 Key = &H39 '9 Case 17 Key = &H30 '0 End Select End Function
