经常上hf平台,挤不进去自己想进去的房间,花了一天多时间研究了一下,因此有了以下的文章.
- /*
- witten by : edmonddonteszhang@gmail.com (applebomb)
- history : 2012/6/2 (ver 1)
- information : 一直在玩浩方DOTA IMBA, 总是进不了450人房间, 一气之下花了时间研究
- 怎么搞自动挤房间. 因此有了下面的程序
- 浩方版本: 5.8.1.516-20120528
- how to use : 打开电信 DOTA IMBA 房间, 运行程序进行自动挤房间
- attention!! : 花时间自己写的同学注意两点, 在这两点上浪费了一天时间.
- 第一: WM_NOTIFY 的消息结构是发送给父窗口而非控件本身, 不过对于ListView控件
- 来说, 似乎用WM_NOTIFY发送双击动作结构体 不起作用
- { 如果有成功的同学请邮件告诉我方法, 谢谢! }
- 第二: 运行程序时候需要以Administrator身份, 否则用 GetLastError() = Access Denied
- how to do : step 1. 找出浩方窗口
- step 2. 找出登录列表
- step 3. openProcess 浩方进程, 在里面分配几个获取信息的变量
- step 4. 发送消息让取得信息
- step 5. ReadProcessMemory 读取 step4得到的信息
- step 6. 获取房间在控件中的相对坐标
- step 7. 发送信息点击登陆房间
- step 8. 如果弹出 Type: "#32770", Name: "浩方电竞平台" 的窗口, 则登录不成功
- step 9. 如果看不见登录列表, 则登录成功
- */
- #include <stdio.h>
- #include <Windows.h>
- #include <WinDef.h>
- #include <CommCtrl.h>
- #include <WinUser.h>
- /* funciton declare */
- BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lparam); /* 枚举浩方主进程 */
- BOOL CALLBACK EnumChildWindowsProc(HWND hwnd, LPARAM lparam); /* 枚举窗口子进程 */
- int main (int argc, const char *argv[])
- {
- ::EnumWindows((WNDENUMPROC)EnumWindowsProc, 0); // 查找浩方主进程
- getchar();
- return 0;
- }
- /*
- 查找浩方主进程
- */
- BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lparam)
- {
- char programName[256];
- ::GetWindowTextA(hwnd, programName, 256-1);
- if (strstr(programName, "浩方电竞平台")!=NULL)
- {
- printf ("Found main program window. \n");
- ::EnumChildWindows(hwnd, (WNDENUMPROC)EnumChildWindowsProc, 0); /* 找到主窗口, 枚举找出ListView控件*/
- }
- return true;
- }
- /*
- 查找ListView控件
- */
- BOOL CALLBACK EnumChildWindowsProc(HWND hwnd, LPARAM lparam)
- {
- char hwndName[256];
- ::GetClassNameA(hwnd, hwndName, 256-1); //hwnd 正在枚举的控件
- if (strcmp(hwndName,"SysListView32") == 0) {
- int nID = ::GetDlgCtrlID(hwnd);
- printf("nID : %d\n",nID);
- if (nID == 257) /*这里我是找出ListView的控件ID = 257 (还有id = 340, 513, 12001 这三个没有用)*/
- {
- int find = SendMessageA(hwnd, LVM_GETITEMCOUNT, 0,0);
- //打开浩方进程
- DWORD ProcessID;
- HANDLE handle;
- ::GetWindowThreadProcessId(hwnd, &ProcessID);
- handle = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, false, ProcessID);
- LVITEM *_lvi, lvi; /* 指向一条ListView 记录*/
- WCHAR *_item, *_subitem; /* */
- WCHAR item[512], subitem[512];
- PPOINT ppoint;
- POINT pt;
- /* 在浩方进程分配获取信息空间 */
- _lvi = (LVITEM*)VirtualAllocEx(handle, NULL, sizeof(LVITEM), MEM_COMMIT, PAGE_READWRITE);
- _item = (WCHAR*)VirtualAllocEx(handle, NULL, 512, MEM_COMMIT, PAGE_READWRITE);
- _subitem = (WCHAR*)VirtualAllocEx(handle, NULL, 512, MEM_COMMIT, PAGE_READWRITE);
- ppoint = (PPOINT)VirtualAllocEx(handle, NULL, sizeof(POINT), MEM_COMMIT, PAGE_READWRITE);
- int roomindex = 0; /* 从0开始枚举房间 */
- bool getinflag =false; /* 登陆成功标志 */
- while (!getinflag)
- {
- lvi.iSubItem=0; /* Listview中第一项房间名 */
- lvi.cchTextMax=512; /*Number of TCHARs in the buffer pointed to by pszText, including the terminating NULL.*/
- lvi.pszText=(LPWSTR)_item; /* 将浩方进程里面将要存放房间名称的地址传递给lvi */
- WriteProcessMemory(handle, _lvi, &lvi, sizeof(LVITEM), NULL); /* 将定义好的lvi结构写到上面在浩方分配的内存里 */
- SendMessage(hwnd, LVM_GETITEMTEXT, (WPARAM)roomindex, (LPARAM)_lvi); /* 发送消息将结果写在 _item指定的内存里*/
- lvi.iSubItem=1; /*人数*/
- lvi.pszText=(LPWSTR)_subitem;
- WriteProcessMemory(handle, _lvi, &lvi, sizeof(LVITEM), NULL);
- SendMessage(hwnd, LVM_GETITEMTEXT, (WPARAM)roomindex, (LPARAM)_lvi);
- // 将浩方进程里取得的结果读回登陆器进程内存
- ReadProcessMemory(handle, _item, item, 512, NULL);
- ReadProcessMemory(handle, _subitem, subitem, 512, NULL);
- // 比较当前房间是否是需要进入的房间
- wchar_t *pRoomName = wcsstr(item, L"IMBA"); /* 电信 IMBA */
- wchar_t *pRoomCont = wcsstr(subitem, L"/450"); /* 450人 */
- if (pRoomName && pRoomCont){
- printf ("find the room."); //找到合适的房间, 尝试登陆
- //选择房间
- lvi.state = LVIS_SELECTED;
- lvi.stateMask = LVIS_SELECTED;
- WriteProcessMemory(handle, _lvi, &lvi, sizeof(LVITEM), NULL);
- ::SendMessage(hwnd, LVM_SETITEMSTATE, (WPARAM)roomindex, (LPARAM)_lvi );
- /* 取得房间一栏在浩方里面的相对位置, LVM_GETITEMPOSITION 消息比较简单,
- 不需要用到WriteProcessMemory 写入控制信息 */
- ::SendMessage(hwnd, LVM_GETITEMPOSITION, roomindex, (LPARAM)ppoint);
- ::ReadProcessMemory(handle, ppoint, &pt, sizeof(POINT), NULL);
- // 模拟双击房间, postmessage 直接返回, sendmessage 等待结果再返回
- PostMessage(hwnd, WM_LBUTTONDBLCLK, MK_LBUTTON, MAKELPARAM(pt.x, pt.y));
- // 检查是弹出"人满不能进入, 或者登陆上了房间"
- int waittime = 0; /* 超时从新尝试另一个房间 */
- while(1)
- {
- /* 不能进入房间, 这里参考了
- http://blog.csdn.net/courage3000/article/details/7526475 检查代码
- */
- HWND hRenMan = FindWindowA("#32770", "浩方电竞平台");
- if (hRenMan) {
- printf("fail to login in. find next room.\n");
- SendMessage(hRenMan, WM_CLOSE, 0, 0);
- break;
- }else{
- if (!IsWindowVisible(hwnd))
- {
- getinflag = true;
- break;
- } // !iswindowvisible
- } // if hRenMan
- waittime++; // 超时尝试登陆另一个房间
- if (waittime > 10) break;
- Sleep(1000);
- } // while(1)
- } //if pRoomName && pRoomCont
- if (roomindex++ >= find) /*不能登陆成功重新尝试*/
- roomindex =0;
- }
- VirtualFreeEx(handle, _lvi, 0, MEM_RELEASE); // 释放内存
- VirtualFreeEx(handle, _item, 0, MEM_RELEASE);
- VirtualFreeEx(handle, _subitem, 0, MEM_RELEASE);
- VirtualFreeEx(handle, ppoint, 0, MEM_RELEASE);
- }
- }
- return true;
- }
- /*
- * subprogram : 用鼠标找出鼠标位置的子窗口句柄
- */
- void subprogram_findWNDbyMouse()
- {/*
- POINT pt;
- ::GetCursorPos(&pt);
- HWND wfp = ::WindowFromPoint(pt);
- if (wfp != NULL && ::GetParent(wfp) == hwnd)
- {
- printf ("mouse point at: %d, %d",pt.x,pt.y);
- printf ("mouse point: find window : ");
- char lpsubWinName[256], plsubWinText[256];
- ::GetClassNameA(wfp, lpsubWinName, 256 - 1);
- ::GetWindowTextA(wfp, plsubWinText, 256-1);
- printf (" %s %s\n", lpsubWinName, plsubWinText);
- }
- */
- }
转载于:https://blog.51cto.com/applebomb1/884893
扫一扫
1049
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
