外挂之内存读取
来源:互联网 发布:删失数据的处理 编辑:程序博客网 时间:2024/04/30 12:01
模块
Option Explicit
'---------------声明函数-----------------------
'得到窗体句柄的函数,FindWindow函数用来返回符合指定的类名( ClassName )和窗口名( WindowTitle )的窗口句柄
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
'得到窗体控件句柄的函数
Public Declare Function FindWindowEx Lib "user32" Alias "FindWindowExA" (ByVal hWnd1 As Long, ByVal hWnd2 As Long, ByVal lpsz1 As String, ByVal lpsz2 As String) As Long
'得到进程标识符的函数
Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
'得到目标进程句柄的函数
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
'关闭句柄的函数
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
'读取进程内存的函数
Public Declare Function ReadProcessMemory Lib "kernel32.dll" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, ByRef lpBuffer As Any, ByVal nSize As Long, ByRef lpNumberOfBytesWritten As Long) As Long
'存储进程内存的函数
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
'=====================================================================================
'发送信息的函数
Public Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long
'SendMessage hwd, &H100, &H70, 0& '按住F1键,&H100代表按下,&H70代表F1
'SendMessage hwd, &H101, &H70, 0& '松开F1键,&H101代表松开,&H70代表F1
Public Declare Function PostMessage Lib "user32" Alias "PostMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
'延迟函数
Public Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)
'=================================================================================================
'参数决定了对进程的存储权限,使用完全控制
Public Const PROCESS_ALL_ACCESS = &H1F0FFF
'////////////////////////////////////////////////////
'////////////////////////////////////////////////////////
‘form
Option Explicit
Dim hwd As Long '储存 FindWindow 函数返回的句柄
Dim pid As Long
Dim hProcess As Long '存放进程句柄
Const dz = &H1F32930 ’要修改的内存地址 常量化。
Private Sub Form_Load()
hwd = FindWindow("TForm2", "步骤 2 ")
'得到窗体句柄的函数,FindWindow函数用来返回符合指定的
'类名( ClassName )和窗口名( WindowTitle )的窗口句柄
If hwd = 0 Then
MsgBox "未启动游戏", vbOKOnly, "提示"
Unload Form1
End If
GetWindowThreadProcessId hwd, pid '获取进程标识符
'将进程标识符做为参数,返回目标进程PID的句柄,得到此句柄后
'即可对目标进行读写操,PROCESS_ALL_ACCESS表示完全控制,权限最大
hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, pid)
If hProcess = 0 Then
MsgBox "不能打开进程", vbOKOnly, "提示"
Unload Form1
End If
CloseHandle hProcess
End Sub
Private Sub Timer1_Timer()
'4.我们在Form中添加一个Label控件和一个Timer控件,设置Timer的Interval属性为100,Timer1_Timer的代码如下:
Dim h As Long
hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
If hProcess Then
ReadProcessMemory hProcess, ByVal dz, h, 4, 0& '注意内存的地址位数,本机上16位,前面是0省略。
'第一个参数就是pHandle
'第二个参数是你要读的地址,用了个公用的dz 这个地址方便修改
'第三个参数就是你要把地址值存在哪个变量了,hr是个长整形变量,因为我现在知道那里是数值型.
'第四个参数是要读的长度,我用4个字节,
'第五个参数判断是不是无值(不是0),以传地址来取得
'一个程序可以用很多内存,但是不会有程序用尽的,没有用上的记忆体,就是无值,如果&H3CACF28是无值,就会传回0
CloseHandle hProcess
End If
Label1.Caption = h '输出数值
End Sub
Private Sub Command1_Click()
hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
If hProcess Then
WriteProcessMemory hProcess, ByVal dz, 1000, 4, 0& '写入内存“1000”这个值。
CloseHandle hProcess
End If
End Sub
- 外挂之内存读取
- Java外挂开发之内存修改器(类似CE)
- Android存储(读取)之内存FilesDir存储
- java之内存泄漏
- JavaScript之内存释放
- JavaScript之内存释放
- 捉虫记------之内存泄漏
- C++之内存分配
- C++之内存分配
- mysql之内存表
- 性能计数器之内存
- 操作系统之内存管理
- android 之内存泄漏
- JVM之内存篇
- linux之内存检查
- Android之内存管理
- java基础之内存
- 性能计数器之内存
- 韩寒经典爱情语录
- js符号注意点总结
- 生活经典
- Excel基本操作常用总结
- Inno setup常用[code]修改技巧
- 外挂之内存读取
- 在家用Windbg杀小强
- Skyeye安装笔记
- nc二次开发问题集锦
- JAVA排序汇总-java排序算法-JAVA算法汇总
- windows mobile下文件的压缩与解压缩
- 最新的课程时间表,没有看见的同学可以看一下。
- AJAX 中使用confirm
- Meta标签