高分求解：如何实现在DirectX的程序窗口中显示文本而且不闪烁，就像游戏外挂一样(300分)

能不能得到游戏的时钟句柄,<br><br>让两者的时钟一致,或尽量接近<br><br>...

to tt.t<br>等待。。。。：D

程序仅实现了HOOK IDirectDrawSurface.Flip，所以仅对使用了DirectDraw且使用Flip进行翻页操作的程序（即直接textout到上面会消失）有效。对采用Direct3D和OpenGL的程序无效。解决方法同HOOK IDirectDrawSurface.Flip类似，自己搞吧。最近很忙，心情也不好，不想玩了。如果你做好了清mail给我：dbin＠sohu.com.<br>ps:如果符合你的要求记得给分<br>//-----------------ptdll.dpr------------------------<br>library ptdll;<br><br>uses<br>&nbsp; SysUtils,<br>&nbsp; Classes,<br>&nbsp; Windows,<br>&nbsp; Messages,<br>&nbsp; dll_vol in 'dll_vol.pas';<br><br>{$R *.RES}<br><br>exports sethook,endhook;<br>begin<br>hNextHookProc := 0;<br>procSaveExit := ExitProc;<br>ExitProc := @HotKeyHookExit;<br>end.<br>//---------------dll_vol.pas--------------------<br>unit dll_vol;<br><br>interface<br><br>uses Windows,Messages,Dialogs,Sysutils,Graphics,DirectDraw;<br>//DirectDraw.pas is the JEDI-DirectX headfile for Delphi. And u should modify it as described here:<br>//http://www.delphibbs.com/delphibbs/dispq.asp?lid=2135796<br><br>var<br>&nbsp; hNextHookProc: HHook;<br>&nbsp; procSaveExit: Pointer;<br>&nbsp; pDirectDrawCreate:function (lpGUID: PGUID;out lplpDD: IDirectDraw;pUnkOuter: IUnknown) : HResult; stdcall;<br><br>&nbsp; function sethook:bool;export;<br>&nbsp; function hookproc(iCode:Integer;wParam: WPARAM;lParam: LPARAM):LRESULT; stdcall;<br>&nbsp; function endhook:bool;export;<br>&nbsp; procedure HotKeyHookExit;far;<br><br>implementation<br><br>var<br>&nbsp; OldBytes:Array [0..4] of Char;<br>&nbsp; Bytes:Array [0..4] of Char;<br>&nbsp; RtnAddr:Cardinal;<br>&nbsp; pFuncAddrointer;<br>&nbsp; hProcess:Cardinal;<br>&nbsp; HR:integer;<br>&nbsp; Rlt:integer;<br><br>&nbsp; w1,w2,w3:dword;<br>&nbsp; dc:hdc;<br>&nbsp; BKMode:integer;<br>&nbsp; myBitmap:TBitMap;<br>&nbsp; i:cardinal;<br><br>procedure t;<br>begin<br>&nbsp; asm<br>&nbsp; &nbsp; add esp,4<br>&nbsp; &nbsp; pop RtnAddr<br>&nbsp; &nbsp; pop w1<br>&nbsp; &nbsp; pop w2<br>&nbsp; &nbsp; pop w3<br>&nbsp; end;<br>&nbsp; WriteProcessMemory(hProcess,pFuncAddr,@OldBytes,5,i);<br>&nbsp; asm<br>&nbsp; &nbsp; push w3<br>&nbsp; &nbsp; push w2<br>&nbsp; &nbsp; push w1<br>&nbsp; &nbsp; call [pFuncAddr]<br>&nbsp; &nbsp; mov Rlt,eax<br>&nbsp; end;<br>//===Inject part STARTS here===<br>&nbsp; asm<br>&nbsp; &nbsp; lea eax,DC<br>&nbsp; &nbsp; push eax<br>&nbsp; &nbsp; mov eax,w1<br>&nbsp; &nbsp; push eax<br>&nbsp; &nbsp; mov eax,[eax]<br>&nbsp; &nbsp; call [eax+$44] &nbsp; &nbsp; //PSurface.GetDC<br>&nbsp; &nbsp; mov HR,eax<br>&nbsp; end;<br>&nbsp; if HR=0 then<br>&nbsp; begin<br>&nbsp; &nbsp; BitBlt(DC,10,10,myBitMap.Width,myBitMap.Height,myBitMap.Canvas.Handle,0,0,SRCCOPY);<br>// &nbsp; &nbsp;BKMode:=SetBkMode(dc,TRANSPARENT);<br>&nbsp; &nbsp; textout(dc,20,40,'宋体123',4);<br>&nbsp; &nbsp; asm<br>&nbsp; &nbsp; &nbsp; mov eax,[dc]<br>&nbsp; &nbsp; &nbsp; push eax<br>&nbsp; &nbsp; &nbsp; mov eax,w1<br>&nbsp; &nbsp; &nbsp; push eax<br>&nbsp; &nbsp; &nbsp; mov eax,[eax]<br>&nbsp; &nbsp; &nbsp; call [eax+$68] &nbsp; &nbsp; //PSurface.ReleaseDC<br>&nbsp; &nbsp; &nbsp; mov HR,eax<br>&nbsp; &nbsp; end;<br>&nbsp; end;<br>//===Inject part ENDS here===<br>&nbsp; try<br>&nbsp; &nbsp; WriteProcessMemory(hProcess,pFuncAddr,@Bytes,5,i);<br>&nbsp; except<br>&nbsp; end;<br>&nbsp; asm<br>&nbsp; &nbsp; push RtnAddr<br>&nbsp; &nbsp; mov eax,Rlt<br>&nbsp; &nbsp; ret<br>&nbsp; end;<br>end;<br><br>function ModiFunc(FuncAddr,pProcointer):integer;<br>var<br>&nbsp; i:Cardinal;<br>begin<br>&nbsp; result:=0;<br>&nbsp; i:=0;<br>&nbsp; if FuncAddr=nil then<br>&nbsp; begin<br>&nbsp; &nbsp; result:=-3; &nbsp;//Can't find the proc/func !!<br>&nbsp; &nbsp; exit;<br>&nbsp; end;<br>&nbsp; hProcess:=GetCurrentProcess;<br>&nbsp; if not ReadProcessMemory(hProcess,FuncAddr,@Bytes,5,i) then<br>&nbsp; begin<br>&nbsp; &nbsp; result:=-4; &nbsp;//Can't get the Original first 5 bytes !!<br>&nbsp; &nbsp; exit;<br>&nbsp; end;<br>&nbsp; if Ord(Bytes[0])&lt;&gt;$E9 then<br>&nbsp; begin<br>&nbsp; &nbsp; asm<br>&nbsp; &nbsp; &nbsp; lea esi,bytes<br>&nbsp; &nbsp; &nbsp; lea edi,OldBytes<br>&nbsp; &nbsp; &nbsp; mov ecx,1<br>&nbsp; &nbsp; &nbsp; rep movsd<br>&nbsp; &nbsp; &nbsp; inc ecx<br>&nbsp; &nbsp; &nbsp; rep movsb<br>&nbsp; &nbsp; end;<br>&nbsp; &nbsp; myBitmap:=TBitMap.Create;<br>&nbsp; &nbsp; if not fileexists('c:/b1.bmp') then<br>&nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; showmessage('Cannot find c:/b1.bmp!'+#13+#10+'Hook failed!');<br>&nbsp; &nbsp; &nbsp; exit;<br>&nbsp; &nbsp; end;<br>&nbsp; &nbsp; myBitmap.LoadFromFile('c:/b1.bmp'); &nbsp;//要在c:/下放一个b1.bmp<br>&nbsp; end<br>&nbsp; else exit;<br>&nbsp; if not VirtualProtect(FuncAddr,5,PAGE_EXECUTE_READWRITE,@i) then<br>&nbsp; begin<br>&nbsp; &nbsp; result:=-6; &nbsp;//Can't Change protect mode !!<br>&nbsp; &nbsp; exit;<br>&nbsp; end;<br>&nbsp; try<br>&nbsp; &nbsp; asm<br>&nbsp; &nbsp; &nbsp; mov edx,pProc<br>&nbsp; &nbsp; &nbsp; mov eax,FuncAddr<br>&nbsp; &nbsp; &nbsp; sub edx,eax<br>&nbsp; &nbsp; &nbsp; lea eax,bytes<br>&nbsp; &nbsp; &nbsp; mov [eax],$E9 &nbsp; //asm JMP<br>&nbsp; &nbsp; &nbsp; inc eax<br>&nbsp; &nbsp; &nbsp; mov [eax],edx<br>&nbsp; &nbsp; end; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;//Assemble the code jmp to my code:E9 XX XX XX XX<br>&nbsp; &nbsp; if not WriteProcessMemory(hProcess,FuncAddr,@bytes,5,i) then<br>&nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; result:=-7; &nbsp;//Can't Modify the Entry of the proc/func !!<br>&nbsp; &nbsp; &nbsp; exit;<br>&nbsp; &nbsp; end;<br>&nbsp; except<br>&nbsp; end;<br>&nbsp; result:=1; &nbsp; &nbsp; //Succeed!<br>end;<br><br>function HookProc(iCode: integer; wParam: wParam; lParam: lParam):LResult; stdcall;<br>var<br>&nbsp; dh:dword;<br>&nbsp; pddcointer;<br>&nbsp; pflip,a,b:dword;<br>&nbsp; fd:IDirectDraw;<br>begin<br>&nbsp; result:=0;<br>&nbsp; &nbsp; if iCode&lt;0 then<br>&nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; CallNextHookEx(hnexthookproc,iCode,wParam,lParam);<br>&nbsp; &nbsp; &nbsp; result:=0;<br>&nbsp; &nbsp; &nbsp; Exit;<br>&nbsp; &nbsp; end;<br>&nbsp; if ((lParam and $80000000)=0) and<br>&nbsp; &nbsp; &nbsp;(GetKeyState(VK_LWIN)&lt;0) and (wParam=$6a) then &nbsp;//热键：左win键+数字键盘*<br>&nbsp; begin<br>&nbsp; &nbsp; try<br>&nbsp; &nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; &nbsp; dh:=GetModuleHandle('ddraw.dll');<br>&nbsp; &nbsp; &nbsp; &nbsp; if dh&lt;&gt;0 then<br>&nbsp; &nbsp; &nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dh:=dword(GetProcAddress(dh,'DirectDrawCreate'));<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if dh&lt;&gt;0 then<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; pDirectDrawCreate:=Pointer(dh);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if pDirectDrawCreate(nil,FD,nil)=0 then<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; pddc:=@fd;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; a:=dword(pointer(dword(pddc^)+8)^);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; b:=dword(pointer(dword(pointer(a+4)^)+44)^);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; pflip:=dword(pointer(b)^)+$2c;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; pFuncAddr:=pointer(pointer(pflip)^);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; modiFunc(pFuncAddr,@t);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; fd:=nil;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; end;<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; end;<br>&nbsp; &nbsp; &nbsp; &nbsp; end;<br>&nbsp; &nbsp; &nbsp; end;<br>&nbsp; &nbsp; finally<br><br>&nbsp; &nbsp; end;<br>&nbsp; &nbsp; result:=1;<br>&nbsp; end;<br>end;<br><br>function sethook:bool;export;<br>begin<br>&nbsp; result:=false;<br>&nbsp; if hnexthookproc&lt;&gt;0 then exit;<br>&nbsp; hNextHookProc := SetWindowsHookEx(WH_KEYBOARD,hookproc,HInstance,0);<br>&nbsp; Result := hNextHookProc &lt;&gt; 0;<br>end;<br><br>procedure hotkeyhookexit;<br>begin<br>&nbsp; if hNextHookProc &lt;&gt; 0 then endHook;<br>&nbsp; ExitProc := procSaveExit;<br>end;<br><br>function endhook:bool;export;<br>begin<br>&nbsp; if hNextHookProc &lt;&gt; 0 then<br>&nbsp; begin<br>&nbsp; &nbsp; UnhookWindowshookEx(hNextHookProc);<br>&nbsp; &nbsp; hNextHookProc := 0;<br>&nbsp; &nbsp; try<br>&nbsp; &nbsp; &nbsp; if assigned(MyBitMap) then MyBitMap.Free;<br>&nbsp; &nbsp; except<br>&nbsp; &nbsp; end;<br>&nbsp; end;<br>&nbsp; Result := hNextHookProc = 0;<br>end;<br><br>end.<br>//-------------------------------------------------<br>调用示例：<br>form上放2个button。运行后按button1，运行游戏，按热键即可看到效果<br><br>unit unit1;<br><br>interface<br><br>uses<br>&nbsp; Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, <br><br>Dialogs,<br>&nbsp; StdCtrls;<br><br>type<br>&nbsp; TForm1 = class(TForm)<br>&nbsp; &nbsp; Button1: TButton;<br>&nbsp; &nbsp; Button2: TButton;<br>&nbsp; &nbsp; procedure Button1Click(Sender: TObject);<br>&nbsp; &nbsp; procedure Button2Click(Sender: TObject);<br>&nbsp; &nbsp; procedure FormDestroy(Sender: TObject);<br>&nbsp; &nbsp; procedure FormCreate(Sender: TObject);<br>&nbsp; private<br>&nbsp; &nbsp; { Private declarations }<br>&nbsp; public<br>&nbsp; &nbsp; { Public declarations }<br>&nbsp; end;<br><br>var<br>&nbsp; Form1: TForm1;<br><br>implementation<br><br>{$R *.DFM}<br>function sethook:bool;external 'ptdll.dll';<br>function endhook:bool;external 'ptdll.dll';<br><br>procedure TForm1.Button1Click(Sender: TObject);<br>begin<br>&nbsp; if sethook then showmessage('Hook Successful');<br>end;<br><br>procedure TForm1.Button2Click(Sender: TObject);<br>begin<br>&nbsp; if endhook then showmessage('Unhook Successful!!');<br>end;<br><br>procedure TForm1.FormDestroy(Sender: TObject);<br>begin<br>&nbsp; endhook;<br>end;<br><br>procedure TForm1.FormCreate(Sender: TObject);<br>begin<br>//sethook;<br>end;<br><br>end.

程序只适用于win2k以上系统

喂！<br>我的代码到底行不行啊，至少回个话吧！

不好意思，年底太忙了（拿年终奖），哈哈，空下来好好研究一下你的代码<br>先谢过，分不会忘的：）

我做了一个模仿《金山游侠》的小程序，可以查找修改游戏的内存，感兴趣的朋友去下载？<br>http://www.efile.com.cn/eFile/liumazi/GameMer.rar

用一个透明的窗口覆盖游戏的窗口。在上面写字。<br>把对窗口的操作传给游戏窗口

能不能帮忙看看。<br>http://www.delphibbs.com/delphibbs/dispq.asp?lid=2408639

用钩子，把窗体写到dll中，qq:71892967

先找到游戏显示文字的那个CALL<br>然后在把我们的代码写入游戏进程中，然后调用这个CALL，最后在回到我们的程序！！！<br>

同意FYL。<br>但那样没有通用性，游戏随便更新一下就不能用了，兼容性太差

但是有别的方法吗？<br>我听别人说是要写入内存，不过怎么个写法就不清楚了！！！<br>

原码我不都写了吗，帮忙测试一下吧<br>记得看注释

经测试！！<br>不行！

hehe,我在多台机器上测试没问题的,估计是你没有完全按照我写的作.<br>修改ddraw.pas了美?有没有在c:/下放b1.bmp?<br>如在不行留下你的油箱给你发个可执行版本试试.<br>btw,thanx 4 ur test&amp;areply

我忘了修改ddraw.pas了！！！<br>

改了后还是一样！！<br><br>我的EM：wangziyao11@163.com

以发，查收！！<br>另外，你太喜欢用叹号了吧！！！

习惯，呵呵。<br>测试OK了，感谢。<br>不过兼容性如你所说的——不好。<br>如果能象http://www.fraps.com/上的那个软件1.9D版一样的效果就好了。<br>兼容所有系统而且全屏或着窗口都可以显示。<br>（PS：这次坚决不用感叹号了）