|
ZDNetChina中文社区 » 网络安全 » c#类,封装了键盘,和鼠标模拟,和内存读取(申精)
2007-11-19 01:38 yadianna521
c#类,封装了键盘,和鼠标模拟,和内存读取(申精)
[原创]c#类,封装了键盘,和鼠标模拟,和内存读取 发一个自己写的c#类,封装了键盘,和鼠标模拟,和内存读取 键盘和鼠标模拟用了2种方式,一种是系统api,还有一种是winio 鼠标模拟不是很好,建议不要用,外带一个很简单的内存读取方法。 大家把类的功能多多修改,让我们写外挂更方便,呵呵。 我下面将开源 本主题包含附件: sf_200779104937.rar (28181bytes) key kk = new key(); // IntPtr a = new IntPtr(); kk.sendwinio(); kk.MykeyDown((int)key.VirtualKeys.VK_F1); System.Threading.Thread.Sleep(2000); kk.MykeyUp((int)key.VirtualKeys.VK_F1); 这是模拟键盘的调用方式 源码: using System; using System.Collections.Generic; using System.Text; using System.Runtime.InteropServices; using System.Diagnostics; using System.Management; namespace sendkey { public class key { const uint PROCESS_ALL_ACCESS = 0x001F0FFF; const uint KEYEVENTF_EXTENDEDKEY = 0x1; const uint KEYEVENTF_KEYUP = 0x2; private readonly int MOUSEEVENTF_LEFTDOWN = 0x2; private readonly int MOUSEEVENTF_LEFTUP = 0x4; const uint KBC_KEY_CMD = 0x64; const uint KBC_KEY_DATA = 0x60; //得到窗体句柄的函数,FindWindow函数用来返回符合指定的类名( ClassName )和窗口名( WindowTitle )的窗口句柄 [DllImport("user32.dll", CharSet = CharSet.Auto)] public static extern IntPtr FindWindow( string lpClassName, // pointer to class name string lpWindowName // pointer to window name ); [DllImport("user32.dll")] private static extern int GetWindowThreadProcessId(IntPtr id,int pid); [DllImport("kernel32.dll")] private static extern void CloseHandle ( uint hObject //Handle to object ); //读取进程内存的函数 [DllImport("kernel32.dll")] static extern bool ReadProcessMemory(uint hProcess, IntPtr lpBaseAddress, IntPtr lpBuffer, uint nSize, ref uint lpNumberOfBytesRead); //得到目标进程句柄的函数 [DllImport("kernel32.dll")] public static extern uint OpenProcess(uint dwDesiredAccess, bool bInheritHandle, int dwProcessId); //鼠标事件声明 [DllImport("user32.dll")] static extern bool setcursorpos(int x, int y); [DllImport("user32.dll")] static extern void mouse_event(mouseeventflag flags, int dx, int dy, uint data, UIntPtr extrainfo); //键盘事件声明 [DllImport("user32.dll")] static extern byte MapVirtualKey(byte wCode, int wMap); [DllImport("user32.dll")] static extern short GetKeyState(int nVirtKey); [DllImport("user32.dll")] static extern void keybd_event( byte bVk, byte bScan,uint dwFlags,uint dwExtraInfo); //键盘事件声明winio [DllImport("winio.dll")] public static extern bool InitializeWinIo(); [DllImport("winio.dll")] public static extern bool GetPortVal(IntPtr wPortAddr, out int pdwPortVal, byte bSize); [DllImport("winio.dll")] public static extern bool SetPortVal(uint wPortAddr, IntPtr dwPortVal, byte bSize); [DllImport("winio.dll")] public static extern byte MapPhysToLin(byte pbPhysAddr, uint dwPhysSize, IntPtr PhysicalMemoryHandle); [DllImport("winio.dll")] public static extern bool UnmapPhysicalMemory(IntPtr PhysicalMemoryHandle, byte pbLinAddr); [DllImport("winio.dll")] public static extern bool GetPhysLong(IntPtr pbPhysAddr, byte pdwPhysVal); [DllImport("winio.dll")] public static extern bool SetPhysLong(IntPtr pbPhysAddr, byte dwPhysVal); [DllImport("winio.dll")] public static extern void ShutdownWinIo(); /// <summary> /// 获取进程pid /// </summary> /// <param name="name"></param> /// <returns></returns> private int pid(String name) { try { ObjectQuery oQuery = new ObjectQuery("select * from Win32_Process where Name='" + name + "'"); ManagementObjectSearcher oSearcher = new ManagementObjectSearcher(oQuery); ManagementObjectCollection oReturnCollection = oSearcher.Get(); string pid = ""; string cmdLine; StringBuilder sb = new StringBuilder(); foreach (ManagementObject oReturn in oReturnCollection) { pid = oReturn.GetPropertyvalue("ProcessId").ToString(); //cmdLine = (string)oReturn.GetPropertyvalue("CommandLine"); //string pattern = "-ap \"(.*)\""; //Regex regex = new Regex(pattern, RegexOptions.IgnoreCase); // Match match = regex.Match(cmdLine); //string appPoolName = match.Groups[1].ToString(); //sb.AppendFormat("W3WP.exe PID: {0} AppPoolId:{1}\r\n", pid, appPoolName); } return Convert.ToInt32(pid); } catch (Exception ss) { return 0; } } private int pid(IntPtr id) { int pid=0; pid=GetWindowThreadProcessId(id, pid); return 260; } /// <summary> /// 读取内存值 /// </summary> /// <param name="name">进程id</param> /// <param name="dizhi">读取的内存地址</param> /// <returns></returns> //public String getread(String QEC,String EC, IntPtr dizhi, uint size) //{ // Byte bt = new Byte(); // IntPtr id=FindWindow(QEC, EC); // uint hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, pid(id)); // IntPtr fanhui = new IntPtr(); // String gg = null; // if (hProcess == 0) // { // // gg = ReadProcessMemory(hProcess, dizhi, fanhui, size, 0); // // CloseHandle(hProcess); // } // return gg; //} public String getread(String jincheng, String EC, IntPtr dizhi, uint size) { byte[] vBuffer = new byte[4]; IntPtr vBytesAddress = Marshal.UnsafeAddrOfPinnedArrayElement(vBuffer, 0); // 得到缓冲区的地址 uint vNumberOfBytesRead = 0; Byte bt = new Byte(); //IntPtr id = FindWindow(QEC, EC); uint hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, pid(jincheng)); //pid(0); IntPtr fanhui = new IntPtr(); String gg = null; //if (hProcess == 0) //{ if (ReadProcessMemory(hProcess, dizhi, vBytesAddress, (uint)vBuffer.Length, ref hProcess)) { CloseHandle(hProcess); } else { CloseHandle(hProcess); } // } int vInt = Marshal.ReadInt32(vBytesAddress); return vInt.ToString() ; } /// <summary> /// 获取键盘状态 2007-11-19 01:39 yadianna521
/// </summary>
/// <param name="Key"></param> /// <returns></returns> public bool GetState(VirtualKeys Key) { return (GetKeyState((int)Key) == 1); } /// <summary> /// 发送键盘事件 /// </summary> /// <returns></returns> public void Send(VirtualKeys Key, bool State) { if (State != GetState(Key)) { byte a= MapVirtualKey((byte)Key, 0); keybd_event((byte)Key, MapVirtualKey((byte)Key, 0), 0, 0); System.Threading.Thread.Sleep(1000); keybd_event((byte)Key, MapVirtualKey((byte)Key, 0), KEYEVENTF_KEYUP, 0); } } /// <summary> /// 初始化winio /// </summary> public void sendwinio() { if (InitializeWinIo()) { KBCWait4IBE(); } } private void KBCWait4IBE() //等待键盘缓冲区为空 { //int[] dwVal = new int[] { 0 }; int dwVal = 0; do { //这句表示从&H64端口读取一个字节并把读出的数据放到变量dwVal中 //GetPortVal函数的用法是GetPortVal 端口号,存放读出数据的变量,读入的长度 bool flag = GetPortVal((IntPtr)0x64, out dwVal, 1); } while ((dwVal & 0x2) > 0); } /// <summary> /// 模拟键盘标按下 /// </summary> /// <param name="vKeyCoad"></param> public void MykeyDown(int vKeyCoad) { int btScancode = 0; btScancode = MapVirtualKey((byte)vKeyCoad, 0); // btScancode = vKeyCoad; KBCWait4IBE(); // '发送数据前应该先等待键盘缓冲区为空 SetPortVal(KBC_KEY_CMD, (IntPtr)0xD2, 1);// '发送键盘写入命令 //SetPortVal函数用于向端口写入数据,它的用法是SetPortVal 端口号,欲写入的数据,写入数据的长度 KBCWait4IBE(); SetPortVal(KBC_KEY_DATA, (IntPtr)0xe2, 1);// '写入按键信息,按下键 KBCWait4IBE(); // '发送数据前应该先等待键盘缓冲区为空 SetPortVal(KBC_KEY_CMD, (IntPtr)0xD2, 1);// '发送键盘写入命令 //SetPortVal函数用于向端口写入数据,它的用法是SetPortVal 端口号,欲写入的数据,写入数据的长度 KBCWait4IBE(); SetPortVal(KBC_KEY_DATA, (IntPtr)btScancode, 1);// '写入按键信息,按下键 } /// <summary> /// 模拟键盘弹出 2007-11-19 01:39 yadianna521
/// </summary>
/// <param name="vKeyCoad"></param> public void MykeyUp(int vKeyCoad) { int btScancode = 0; btScancode = MapVirtualKey((byte)vKeyCoad, 0); //btScancode = vKeyCoad; KBCWait4IBE(); // '发送数据前应该先等待键盘缓冲区为空 SetPortVal(KBC_KEY_CMD,(IntPtr) 0xD2, 1); //'发送键盘写入命令 KBCWait4IBE(); SetPortVal(KBC_KEY_DATA, (IntPtr)0xe0, 1);// '写入按键信息,释放键 KBCWait4IBE(); // '发送数据前应该先等待键盘缓冲区为空 SetPortVal(KBC_KEY_CMD, (IntPtr)0xD2, 1); //'发送键盘写入命令 KBCWait4IBE(); SetPortVal(KBC_KEY_DATA, (IntPtr)btScancode, 1);// '写入按键信息,释放键 } /// <summary> /// 模拟鼠标按下 /// </summary> /// <param name="vKeyCoad"></param> public void MyMouseDown(int vKeyCoad) { int btScancode = 0; btScancode = MapVirtualKey((byte)vKeyCoad, 0); //btScancode = vKeyCoad; KBCWait4IBE(); // '发送数据前应该先等待键盘缓冲区为空 SetPortVal(KBC_KEY_CMD,(IntPtr)0xD3, 1);// '发送键盘写入命令 //SetPortVal函数用于向端口写入数据,它的用法是SetPortVal 端口号,欲写入的数据,写入数据的长度 KBCWait4IBE(); SetPortVal(KBC_KEY_DATA, (IntPtr)(btScancode|0x80), 1);// '写入按键信息,按下键 } /// <summary> /// 模拟鼠标弹出 /// </summary> /// <param name="vKeyCoad"></param> public void MyMouseUp(int vKeyCoad) { int btScancode = 0; btScancode = MapVirtualKey((byte)vKeyCoad, 0); // btScancode = vKeyCoad; KBCWait4IBE(); // '发送数据前应该先等待键盘缓冲区为空 SetPortVal(KBC_KEY_CMD,(IntPtr) 0xD3, 1); //'发送键盘写入命令 KBCWait4IBE(); SetPortVal(KBC_KEY_DATA, (IntPtr)(btScancode | 0x80), 1);// '写入按键信息,释放键 } /// <summary> /// 发送鼠标事件 /// </summary> /// <returns></returns> public void SendMouse() { } /// <summary> /// 鼠标动作枚举 /// </summary> public enum mouseeventflag : uint { move = 0x0001, leftdown = 0x0002, leftup = 0x0004, rightdown = 0x0008, rightup = 0x0010, middledown = 0x0020, middleup = 0x0040, xdown = 0x0080, xup = 0x0100, wheel = 0x0800, virtualdesk = 0x4000, absolute = 0x8000 } /// <summary> /// 键盘动作枚举 /// </summary> public enum VirtualKeys : byte { 2007-11-19 01:39 yadianna521
/// </summary>
/// <param name="vKeyCoad"></param> public void MykeyUp(int vKeyCoad) { int btScancode = 0; btScancode = MapVirtualKey((byte)vKeyCoad, 0); //btScancode = vKeyCoad; KBCWait4IBE(); // '发送数据前应该先等待键盘缓冲区为空 SetPortVal(KBC_KEY_CMD,(IntPtr) 0xD2, 1); //'发送键盘写入命令 KBCWait4IBE(); SetPortVal(KBC_KEY_DATA, (IntPtr)0xe0, 1);// '写入按键信息,释放键 KBCWait4IBE(); // '发送数据前应该先等待键盘缓冲区为空 SetPortVal(KBC_KEY_CMD, (IntPtr)0xD2, 1); //'发送键盘写入命令 KBCWait4IBE(); SetPortVal(KBC_KEY_DATA, (IntPtr)btScancode, 1);// '写入按键信息,释放键 } /// <summary> /// 模拟鼠标按下 /// </summary> /// <param name="vKeyCoad"></param> public void MyMouseDown(int vKeyCoad) { int btScancode = 0; btScancode = MapVirtualKey((byte)vKeyCoad, 0); //btScancode = vKeyCoad; KBCWait4IBE(); // '发送数据前应该先等待键盘缓冲区为空 SetPortVal(KBC_KEY_CMD,(IntPtr)0xD3, 1);// '发送键盘写入命令 //SetPortVal函数用于向端口写入数据,它的用法是SetPortVal 端口号,欲写入的数据,写入数据的长度 KBCWait4IBE(); SetPortVal(KBC_KEY_DATA, (IntPtr)(btScancode|0x80), 1);// '写入按键信息,按下键 } /// <summary> /// 模拟鼠标弹出 /// </summary> /// <param name="vKeyCoad"></param> public void MyMouseUp(int vKeyCoad) { int btScancode = 0; btScancode = MapVirtualKey((byte)vKeyCoad, 0); // btScancode = vKeyCoad; KBCWait4IBE(); // '发送数据前应该先等待键盘缓冲区为空 SetPortVal(KBC_KEY_CMD,(IntPtr) 0xD3, 1); //'发送键盘写入命令 KBCWait4IBE(); SetPortVal(KBC_KEY_DATA, (IntPtr)(btScancode | 0x80), 1);// '写入按键信息,释放键 } /// <summary> /// 发送鼠标事件 /// </summary> /// <returns></returns> public void SendMouse() { } /// <summary> /// 鼠标动作枚举 /// </summary> public enum mouseeventflag : uint { move = 0x0001, leftdown = 0x0002, leftup = 0x0004, rightdown = 0x0008, rightup = 0x0010, middledown = 0x0020, middleup = 0x0040, xdown = 0x0080, xup = 0x0100, wheel = 0x0800, virtualdesk = 0x4000, absolute = 0x8000 } /// <summary> /// 键盘动作枚举 /// </summary> public enum VirtualKeys : byte { 2007-11-19 01:39 yadianna521
创建一个类文件复制进去编译一下就可以了
这个类,封装了2个方式,一种是系统api[user32.dll]文件,调用方式 key kk = new key(); kk.send(key.VirtualKeys.VK_F1,GetState(key.VirtualKeys.VK_F1)); 这是模拟键盘的F1. 这是模拟键盘的winio调用方式 key kk = new key(); // IntPtr a = new IntPtr(); kk.sendwinio(); kk.MykeyDown((int)key.VirtualKeys.VK_F1); System.Threading.Thread.Sleep(2000); kk.MykeyUp((int)key.VirtualKeys.VK_F1); 也是模拟f1,之间的差别就是,winio调用方式能穿透一部分游戏,达到一部分外挂的效果. 2008-3-12 01:27 jackson0169
下载地址呢?
页: [1] 查看完整版本: c#类,封装了键盘,和鼠标模拟,和内存读取(申精)
Powered by Discuz! Archiver © 2001-2006 Comsenz Inc.  |
|
|
来自: donixli1314 > 《Desktop》
