程序仅实现了HOOK IDirectDrawSurface.Flip,所以仅对使用了DirectDraw且使用Flip进行翻页操作的程序(即直接textout到上面会消失)有效。对采用Direct3D和OpenGL的程序无效。解决方法同HOOK IDirectDrawSurface.Flip类似,自己搞吧。最近很忙,心情也不好,不想玩了。如果你做好了清mail给我:dbin@sohu.com.<br>ps:如果符合你的要求记得给分<br>//-----------------ptdll.dpr------------------------<br>library ptdll;<br><br>uses<br> SysUtils,<br> Classes,<br> Windows,<br> Messages,<br> dll_vol in 'dll_vol.pas';<br><br>{$R *.RES}<br><br>exports sethook,endhook;<br>begin<br>hNextHookProc := 0;<br>procSaveExit := ExitProc;<br>ExitProc := @HotKeyHookExit;<br>end.<br>//---------------dll_vol.pas--------------------<br>unit dll_vol;<br><br>interface<br><br>uses Windows,Messages,Dialogs,Sysutils,Graphics,DirectDraw;<br>//DirectDraw.pas is the JEDI-DirectX headfile for Delphi. And u should modify it as described here:<br>//http://www.delphibbs.com/delphibbs/dispq.asp?lid=2135796<br><br>var<br> hNextHookProc: HHook;<br> procSaveExit: Pointer;<br> pDirectDrawCreate:function (lpGUID: PGUID;out lplpDD: IDirectDraw;pUnkOuter: IUnknown) : HResult; stdcall;<br><br> function sethook:bool;export;<br> function hookproc(iCode:Integer;wParam: WPARAM;lParam: LPARAM):LRESULT; stdcall;<br> function endhook:bool;export;<br> procedure HotKeyHookExit;far;<br><br>implementation<br><br>var<br> OldBytes:Array [0..4] of Char;<br> Bytes:Array [0..4] of Char;<br> RtnAddr:Cardinal;<br> pFuncAddr
ointer;<br> hProcess:Cardinal;<br> HR:integer;<br> Rlt:integer;<br><br> w1,w2,w3:dword;<br> dc:hdc;<br> BKMode:integer;<br> myBitmap:TBitMap;<br> i:cardinal;<br><br>procedure t;<br>begin<br> asm<br> add esp,4<br> pop RtnAddr<br> pop w1<br> pop w2<br> pop w3<br> end;<br> WriteProcessMemory(hProcess,pFuncAddr,@OldBytes,5,i);<br> asm<br> push w3<br> push w2<br> push w1<br> call [pFuncAddr]<br> mov Rlt,eax<br> end;<br>//===Inject part STARTS here===<br> asm<br> lea eax,DC<br> push eax<br> mov eax,w1<br> push eax<br> mov eax,[eax]<br> call [eax+$44] //PSurface.GetDC<br> mov HR,eax<br> end;<br> if HR=0 then<br> begin<br> BitBlt(DC,10,10,myBitMap.Width,myBitMap.Height,myBitMap.Canvas.Handle,0,0,SRCCOPY);<br>// BKMode:=SetBkMode(dc,TRANSPARENT);<br> textout(dc,20,40,'宋体123',4);<br> asm<br> mov eax,[dc]<br> push eax<br> mov eax,w1<br> push eax<br> mov eax,[eax]<br> call [eax+$68] //PSurface.ReleaseDC<br> mov HR,eax<br> end;<br> end;<br>//===Inject part ENDS here===<br> try<br> WriteProcessMemory(hProcess,pFuncAddr,@Bytes,5,i);<br> except<br> end;<br> asm<br> push RtnAddr<br> mov eax,Rlt<br> ret<br> end;<br>end;<br><br>function ModiFunc(FuncAddr,pProc
ointer):integer;<br>var<br> i:Cardinal;<br>begin<br> result:=0;<br> i:=0;<br> if FuncAddr=nil then<br> begin<br> result:=-3; //Can't find the proc/func !!<br> exit;<br> end;<br> hProcess:=GetCurrentProcess;<br> if not ReadProcessMemory(hProcess,FuncAddr,@Bytes,5,i) then<br> begin<br> result:=-4; //Can't get the Original first 5 bytes !!<br> exit;<br> end;<br> if Ord(Bytes[0])<>$E9 then<br> begin<br> asm<br> lea esi,bytes<br> lea edi,OldBytes<br> mov ecx,1<br> rep movsd<br> inc ecx<br> rep movsb<br> end;<br> myBitmap:=TBitMap.Create;<br> if not fileexists('c:/b1.bmp') then<br> begin<br> showmessage('Cannot find c:/b1.bmp!'+#13+#10+'Hook failed!');<br> exit;<br> end;<br> myBitmap.LoadFromFile('c:/b1.bmp'); //要在c:/下放一个b1.bmp<br> end<br> else exit;<br> if not VirtualProtect(FuncAddr,5,PAGE_EXECUTE_READWRITE,@i) then<br> begin<br> result:=-6; //Can't Change protect mode !!<br> exit;<br> end;<br> try<br> asm<br> mov edx,pProc<br> mov eax,FuncAddr<br> sub edx,eax<br> lea eax,bytes<br> mov [eax],$E9 //asm JMP<br> inc eax<br> mov [eax],edx<br> end; //Assemble the code jmp to my code:E9 XX XX XX XX<br> if not WriteProcessMemory(hProcess,FuncAddr,@bytes,5,i) then<br> begin<br> result:=-7; //Can't Modify the Entry of the proc/func !!<br> exit;<br> end;<br> except<br> end;<br> result:=1; //Succeed!<br>end;<br><br>function HookProc(iCode: integer; wParam: wParam; lParam: lParam):LResult; stdcall;<br>var<br> dh:dword;<br> pddc
ointer;<br> pflip,a,b:dword;<br> fd:IDirectDraw;<br>begin<br> result:=0;<br> if iCode<0 then<br> begin<br> CallNextHookEx(hnexthookproc,iCode,wParam,lParam);<br> result:=0;<br> Exit;<br> end;<br> if ((lParam and $80000000)=0) and<br> (GetKeyState(VK_LWIN)<0) and (wParam=$6a) then //热键:左win键+数字键盘*<br> begin<br> try<br> begin<br> dh:=GetModuleHandle('ddraw.dll');<br> if dh<>0 then<br> begin<br> dh:=dword(GetProcAddress(dh,'DirectDrawCreate'));<br> if dh<>0 then<br> begin<br> pDirectDrawCreate:=Pointer(dh);<br> if pDirectDrawCreate(nil,FD,nil)=0 then<br> begin<br> pddc:=@fd;<br> a:=dword(pointer(dword(pddc^)+8)^);<br> b:=dword(pointer(dword(pointer(a+4)^)+44)^);<br> pflip:=dword(pointer(b)^)+$2c;<br> pFuncAddr:=pointer(pointer(pflip)^);<br> modiFunc(pFuncAddr,@t);<br> fd:=nil;<br> end;<br> end;<br> end;<br> end;<br> finally<br><br> end;<br> result:=1;<br> end;<br>end;<br><br>function sethook:bool;export;<br>begin<br> result:=false;<br> if hnexthookproc<>0 then exit;<br> hNextHookProc := SetWindowsHookEx(WH_KEYBOARD,hookproc,HInstance,0);<br> Result := hNextHookProc <> 0;<br>end;<br><br>procedure hotkeyhookexit;<br>begin<br> if hNextHookProc <> 0 then endHook;<br> ExitProc := procSaveExit;<br>end;<br><br>function endhook:bool;export;<br>begin<br> if hNextHookProc <> 0 then<br> begin<br> UnhookWindowshookEx(hNextHookProc);<br> hNextHookProc := 0;<br> try<br> if assigned(MyBitMap) then MyBitMap.Free;<br> except<br> end;<br> end;<br> Result := hNextHookProc = 0;<br>end;<br><br>end.<br>//-------------------------------------------------<br>调用示例:<br>form上放2个button。运行后按button1,运行游戏,按热键即可看到效果<br><br>unit unit1;<br><br>interface<br><br>uses<br> Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, <br><br>Dialogs,<br> StdCtrls;<br><br>type<br> TForm1 = class(TForm)<br> Button1: TButton;<br> Button2: TButton;<br> procedure Button1Click(Sender: TObject);<br> procedure Button2Click(Sender: TObject);<br> procedure FormDestroy(Sender: TObject);<br> procedure FormCreate(Sender: TObject);<br> private<br> { Private declarations }<br> public<br> { Public declarations }<br> end;<br><br>var<br> Form1: TForm1;<br><br>implementation<br><br>{$R *.DFM}<br>function sethook:bool;external 'ptdll.dll';<br>function endhook:bool;external 'ptdll.dll';<br><br>procedure TForm1.Button1Click(Sender: TObject);<br>begin<br> if sethook then showmessage('Hook Successful');<br>end;<br><br>procedure TForm1.Button2Click(Sender: TObject);<br>begin<br> if endhook then showmessage('Unhook Successful!!');<br>end;<br><br>procedure TForm1.FormDestroy(Sender: TObject);<br>begin<br> endhook;<br>end;<br><br>procedure TForm1.FormCreate(Sender: TObject);<br>begin<br>//sethook;<br>end;<br><br>end.