C# 调用WinAPI 登陆&内存操作
来源:互联网 发布:好一点的男装淘宝店铺 编辑:程序博客网 时间:2024/06/18 11:01
[DllImport("advapi32.dll")]
public static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
调用登陆函数
IntPtr phToken = new IntPtr(0);
LogonUser(this.txtUserName.Text.Trim(), Environment.UserDomainName, this.txtPassWord.Text.Trim(), 2, 0, ref phToken))
//////////////////////////////////
#region [ API: 记事本 ]
/// <summary>
/// 传递消息给记事本
/// </summary>
/// <param name="hWnd"></param>
/// <param name="Msg"></param>
/// <param name="wParam"></param>
/// <param name="lParam"></param>
/// <returns></returns>
[DllImport("User32.DLL")]
public static extern int SendMessage(IntPtr hWnd, uint Msg, int wParam, string lParam);
/// <summary>
/// 查找句柄
/// </summary>
/// <param name="hwndParent"></param>
/// <param name="hwndChildAfter"></param>
/// <param name="lpszClass"></param>
/// <param name="lpszWindow"></param>
/// <returns></returns>
[DllImport("User32.DLL")]
public static extern IntPtr FindWindowEx(IntPtr hwndParent, IntPtr hwndChildAfter, string lpszClass, string lpszWindow);
/// <summary>
/// 记事本需要的常量
/// </summary>
public const uint WM_SETTEXT = 0x000C;//输入文本
public const int BM_CLICK = 0x00F5;//单击
#endregion
private void button1_Click(object sender, EventArgs e)
{
#region [ 启动记事本 ]
System.Diagnostics.Process Proc;
try
{
// 启动记事本
Proc = new System.Diagnostics.Process();
//Proc.StartInfo.FileName = "notepad.exe";
//Proc.StartInfo.UseShellExecute = false;
//Proc.StartInfo.RedirectStandardInput = true;
//Proc.StartInfo.RedirectStandardOutput = true;
//Proc.Start();
//以上启用一个记事本exe
/////////
Process[] pname = Process.GetProcesses(); //取得所有进程
foreach (Process name in pname) //遍历进程
{
//MessageBox.Show(name.ProcessName.ToLower());
if (name.ProcessName.ToLower().IndexOf("system") != -1) //查找管理系统(system)进程
{
if (name.MainWindowTitle=="用户登录")
{
Proc = name;
}
}
}
}
catch
{
Proc = null;
}
#endregion
#region [ 传递数据给记事本 ]
if (Proc != null)
{
// 调用 API, 传递数据
while (Proc.MainWindowHandle == IntPtr.Zero)
{
Proc.Refresh();
}
IntPtr vHandle = FindWindowEx(Proc.MainWindowHandle, IntPtr.Zero, "WindowsForms10.EDIT.app.0.33c0d9d", null);
IntPtr vButtonHandle = FindWindowEx(Proc.MainWindowHandle, IntPtr.Zero, "WindowsForms10.BUTTON.app.0.33c0d9d", "确 定");//字符串"WindowsForms10.BUTTON.app.0.33c0d9d"也可为null
// 传递数据给记事本
SendMessage(vHandle, WM_SETTEXT, 0, "Line66");//设置密码
SendMessage(vButtonHandle, BM_CLICK, 0, "null"); //点击确定按钮登陆
}
#endregion //
}
[转]C#内存操作
游戏内存基址:base = 0x006A9EC0
游戏阳光地址:[base+0x768]+0x5560
游戏金钱地址:[base+0x82C]+0x28
游戏关卡地址:[base+0x82C]+0x24 //关卡如:A-B 实际值为:(A-1)×10+B
至于如何获取这些地址不在我们这论坛研究的范围中!
对了我是用工具vs2008编写的!
新建窗体:
- C# code
- using System;using System.Drawing;using System.Text;using System.Windows.Forms;namespace PlantsVsZombiesTool{ /// <summary> /// /// </summary> public partial class Form1 : Form { public Form1() { InitializeComponent(); } private void Form1_Load(object sender, EventArgs e) { } //启动无线阳光 private void btnGet_Click(object sender, EventArgs e) { if (Helper.GetPidByProcessName(processName) == 0) { MessageBox.Show("哥们启用之前游戏总该运行吧!"); return; } if (btnGet.Text == "启用-阳光无限") { timer1.Enabled = true; btnGet.Text = "关闭-阳光无限"; } else { timer1.Enabled = false; btnGet.Text = "启用-阳光无限"; } } private void timer1_Tick(object sender, EventArgs e) { if (Helper.GetPidByProcessName(processName) == 0) { timer1.Enabled = false; btnGet.Text = "启用-阳光无限"; } int address = ReadMemoryValue(baseAddress); //读取基址(该地址不会改变) address = address + 0x768; //获取2级地址 address = ReadMemoryValue(address); address = address + 0x5560; //获取存放阳光数值的地址 WriteMemory(address, 0x1869F); //写入数据到地址(0x1869F表示99999) timer1.Interval = 1000; } //启动无线金钱 private void btnMoney_Click(object sender, EventArgs e) { if (Helper.GetPidByProcessName(processName) == 0) { MessageBox.Show("哥们启用之前游戏总该运行吧!"); return; } if (btnMoney.Text == "启用-金钱无限") { timer2.Enabled = true; btnMoney.Text = "关闭-金钱无限"; } else { timer2.Enabled = false; btnMoney.Text = "启用-金钱无限"; } } private void timer2_Tick(object sender, EventArgs e) { if (Helper.GetPidByProcessName(processName) == 0) { timer2.Enabled = false; btnMoney.Text = "启用-金钱无限"; } int address = ReadMemoryValue(baseAddress); //读取基址(该地址不会改变) address = address + 0x82C; //获取2级地址 address = ReadMemoryValue(address); address = address + 0x28; //得到金钱地址 WriteMemory(address, 0x1869F); //写入数据到地址(0x1869F表示99999) timer2.Interval = 1000; } private void btnGo_Click(object sender, EventArgs e) { if (Helper.GetPidByProcessName(processName) == 0) { MessageBox.Show("哥们启用之前游戏总该运行吧!"); return; } int address = ReadMemoryValue(baseAddress); //读取基址(该地址不会改变) address = address + 0x82C; //获取2级地址 address = ReadMemoryValue(address); address = address + 0x24; int lev = 1; try { lev = int.Parse(txtLev.Text.Trim()); } catch { MessageBox.Show("输入的关卡格式不真确!默认设置为1"); } WriteMemory(address, lev); } //读取制定内存中的值 public int ReadMemoryValue(int baseAdd) { return Helper.ReadMemoryValue(baseAdd, processName); } //将值写入指定内存中 public void WriteMemory(int baseAdd, int value) { Helper.WriteMemoryValue(baseAdd, processName, value); } private int baseAddress = 0x006A9EC0; //游戏内存基址 private string processName = "PlantsVsZombies"; //游戏进程名字 }}
下面这个类是整个工具的核心
- C# code
- using System;using System.Text;using System.Diagnostics;using System.Runtime.InteropServices;namespace PlantsVsZombiesTool{ public abstract class Helper { [DllImportAttribute("kernel32.dll", EntryPoint = "ReadProcessMemory")] public static extern bool ReadProcessMemory ( IntPtr hProcess, IntPtr lpBaseAddress, IntPtr lpBuffer, int nSize, IntPtr lpNumberOfBytesRead ); [DllImportAttribute("kernel32.dll", EntryPoint = "OpenProcess")] public static extern IntPtr OpenProcess ( int dwDesiredAccess, bool bInheritHandle, int dwProcessId ); [DllImport("kernel32.dll")] private static extern void CloseHandle ( IntPtr hObject ); //写内存 [DllImportAttribute("kernel32.dll", EntryPoint = "WriteProcessMemory")] public static extern bool WriteProcessMemory ( IntPtr hProcess, IntPtr lpBaseAddress, int[] lpBuffer, int nSize, IntPtr lpNumberOfBytesWritten ); //获取窗体的进程标识ID public static int GetPid(string windowTitle) { int rs = 0; Process[] arrayProcess = Process.GetProcesses(); foreach (Process p in arrayProcess) { if (p.MainWindowTitle.IndexOf(windowTitle) != -1) { rs = p.Id; break; } } return rs; } //根据进程名获取PID public static int GetPidByProcessName(string processName) { Process[] arrayProcess = Process.GetProcessesByName(processName); foreach (Process p in arrayProcess) { return p.Id; } return 0; } //根据窗体标题查找窗口句柄(支持模糊匹配) public static IntPtr FindWindow(string title) { Process[] ps = Process.GetProcesses(); foreach (Process p in ps) { if (p.MainWindowTitle.IndexOf(title) != -1) { return p.MainWindowHandle; } } return IntPtr.Zero; } //读取内存中的值 public static int ReadMemoryValue(int baseAddress,string processName) { try { byte[] buffer = new byte[4]; IntPtr byteAddress = Marshal.UnsafeAddrOfPinnedArrayElement(buffer, 0); //获取缓冲区地址 IntPtr hProcess = OpenProcess(0x1F0FFF, false, GetPidByProcessName(processName)); ReadProcessMemory(hProcess, (IntPtr)baseAddress, byteAddress, 4, IntPtr.Zero); //将制定内存中的值读入缓冲区 CloseHandle(hProcess); return Marshal.ReadInt32(byteAddress); } catch { return 0; } } //将值写入指定内存地址中 public static void WriteMemoryValue(int baseAddress, string processName, int value) { IntPtr hProcess = OpenProcess(0x1F0FFF, false, GetPidByProcessName(processName)); //0x1F0FFF 最高权限 WriteProcessMemory(hProcess, (IntPtr)baseAddress, new int[] { value }, 4, IntPtr.Zero); CloseHandle(hProcess); } }}
- C# 调用WinAPI 登陆&内存操作
- C#调用WinAPI(转)
- C#调用WinAPI(转)
- 如何使用C#操作WinAPI
- C#中怎么调用WinAPI函数
- C#中用WinAPI调用外部程序
- C#中怎么调用WinAPI函数
- C#中用WinAPI调用外部程序
- C#中用WinAPI调用外部程序
- C#调用WinAPI发送消息SendMessage
- c#调用winAPI向某一程序发送按键
- 推荐一个C#调用winapi的帮助网站
- c#调用winapi为外部程序控件赋值
- ruby 调用winapi
- WINAPI标识符 调用约定
- c# 中使用winapi
- c# 常用打印WinAPI
- 在C#中用WinAPI
- Dropbox差异同步算法rsync及其改进算法原理
- 操作系统之 详细分支
- 用多查询时mysqli::next_result()出错
- 用GDB调试程序(一)
- 深入理解PHP的引用(References in PHP)
- C# 调用WinAPI 登陆&内存操作
- HDU2164:Rock, Paper, or Scissors?
- oracle中varchar_varchar2_nvarchar_nvarchar2的区别
- va_list
- QTP问题
- jboss-4.2.2.GA的发端口的配置文件
- 安装gerrit trigger时遇到的问题
- 淘宝一面(面经)
- java IO操作 (读写、追加、删除、移动、复制等)