求VB几个Api的详解
WriteProcessMemory,Readprocessmemory里头的参数以及各种写法.各种求一百分奉上.想学学写个魔兽全图的.看了看果子林的源码后头的参数压根不...
WriteProcessMemory,Readprocessmemory 里头的参数 以及各种写法.各种求
一百分奉上.想学学写个魔兽全图的.看了看果子林的源码 后头的参数压根不明白.求详解啊.
我在Breeze356大哥的专栏里头看到了些基址。问题是我应该怎么用VB去条用他们啊。
先用FindWindow取得窗口句柄
再用GetWindowThreadProcessId取得进程PID
然后用OpenProcess打开进程?
就算这样打开进程 最后我该如何修改呢?
求一段代码的详细注释
///////////////////////////////////////////////////////大地图显示单位
05.patch(0x3A201D, "\xEB");
/////////////////////////////////////////////////////小地图显示单位
19.patch(0x361EAB,"\x90\x90\x39\x5E\x10\x90\x90\xB8\x00\x00\x00\x00\xEB\x07");
就Breeze大哥的这一段吧 我应该如何用WriteProcessMemory去写呢?求详细注解 展开
一百分奉上.想学学写个魔兽全图的.看了看果子林的源码 后头的参数压根不明白.求详解啊.
我在Breeze356大哥的专栏里头看到了些基址。问题是我应该怎么用VB去条用他们啊。
先用FindWindow取得窗口句柄
再用GetWindowThreadProcessId取得进程PID
然后用OpenProcess打开进程?
就算这样打开进程 最后我该如何修改呢?
求一段代码的详细注释
///////////////////////////////////////////////////////大地图显示单位
05.patch(0x3A201D, "\xEB");
/////////////////////////////////////////////////////小地图显示单位
19.patch(0x361EAB,"\x90\x90\x39\x5E\x10\x90\x90\xB8\x00\x00\x00\x00\xEB\x07");
就Breeze大哥的这一段吧 我应该如何用WriteProcessMemory去写呢?求详细注解 展开
展开全部
Public Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, ByRef lpBuffer As Long, ByVal nSize As Long, ByVal lpNumberOfBytesRead As Long) As Long
参数
hProcess
目标进程的句柄,该句柄必须对目标进程具有PROCESS_VM_READ 的访问权限。
lpBaseAddress
从目标进程中读取数据的起始地址。在读取数据前,系统将先检验该地址的数据是否可读,如果不可读,函数将调用失败。
lpBuffer
用来接收数据的缓存区地址。
nSize
从目标进程读取数据的字节数。
lpNumberOfBytesRead
实际被读取数据大小的存放地址。如果被指定为NULL,那么将忽略此参数。
返回值
如果函数执行成功,返回值非零。
如果函数执行失败,返回值为零。调用 GetLastError 函数可以获取该函数执行错误的信息。
如果要读取一个进程中不可访问空间的数据,该函数就会失败。
备注
ReadProcessMemory 函数从目标进程复制指定大小的数据到自己进程的缓存区,任何拥有PROCESS_VM_READ 权限句柄的进程都可以调用该函数,目标进程的地址空间很显然要是可读的,但也并不是必须的,如果目标进程处于被调试状态的话。使用环境[包括适合WINDOWS的版本、所需头文件、所需链接库]
Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
作用:写内存
说明:
hProcess , 进程的句柄
lpBaseAddress, 进程地址
lpBuffer, 数据存放地址
nSize, 数据的长度
lpNumberOfBytesWritten,实际数据的长度
nSize以字节为单位,一个字节Byte等于8位
参数
hProcess
目标进程的句柄,该句柄必须对目标进程具有PROCESS_VM_READ 的访问权限。
lpBaseAddress
从目标进程中读取数据的起始地址。在读取数据前,系统将先检验该地址的数据是否可读,如果不可读,函数将调用失败。
lpBuffer
用来接收数据的缓存区地址。
nSize
从目标进程读取数据的字节数。
lpNumberOfBytesRead
实际被读取数据大小的存放地址。如果被指定为NULL,那么将忽略此参数。
返回值
如果函数执行成功,返回值非零。
如果函数执行失败,返回值为零。调用 GetLastError 函数可以获取该函数执行错误的信息。
如果要读取一个进程中不可访问空间的数据,该函数就会失败。
备注
ReadProcessMemory 函数从目标进程复制指定大小的数据到自己进程的缓存区,任何拥有PROCESS_VM_READ 权限句柄的进程都可以调用该函数,目标进程的地址空间很显然要是可读的,但也并不是必须的,如果目标进程处于被调试状态的话。使用环境[包括适合WINDOWS的版本、所需头文件、所需链接库]
Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
作用:写内存
说明:
hProcess , 进程的句柄
lpBaseAddress, 进程地址
lpBuffer, 数据存放地址
nSize, 数据的长度
lpNumberOfBytesWritten,实际数据的长度
nSize以字节为单位,一个字节Byte等于8位
本回答由提问者推荐
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
展开全部
Private Declare Function ReadProcessMemory Lib "Kernel32.dll" (ByVal hProcess As Long, ByRef lpBaseAddress As Any, ByRef lpBuffer As Any, ByVal nSize As Long, ByRef lpNumberOfBytesWritten As Long) As Long
Private Declare Function WriteProcessMemory Lib "Kernel32.dll" (ByVal hProcess As Long, ByRef lpBaseAddress As Any, ByRef lpBuffer As Any, ByVal nSize As Long, ByRef lpNumberOfBytesWritten As Long) As Long
hProcess 是目标进程的句柄,就是要操作的进程
lpBaseAddress 是欲操作的目标地址,位于目标进程的地址空间
lpBuffer 是缓存区地址。位于当前地址空间。若调用Readprocessmemory,读到的数据被存放于此,若调用WriteProcessMemory,则需在这里准备欲写入的数据
nSize 是欲读取/写入的字节数。
lpNumberOfBytesWritten 是实际读取/写入的字节数。
注意:
要操作某进程,必须拥有对应的权限,且从lpBaseAddress开始的nSize的内存全部具有对应的属性!
Private Declare Function WriteProcessMemory Lib "Kernel32.dll" (ByVal hProcess As Long, ByRef lpBaseAddress As Any, ByRef lpBuffer As Any, ByVal nSize As Long, ByRef lpNumberOfBytesWritten As Long) As Long
hProcess 是目标进程的句柄,就是要操作的进程
lpBaseAddress 是欲操作的目标地址,位于目标进程的地址空间
lpBuffer 是缓存区地址。位于当前地址空间。若调用Readprocessmemory,读到的数据被存放于此,若调用WriteProcessMemory,则需在这里准备欲写入的数据
nSize 是欲读取/写入的字节数。
lpNumberOfBytesWritten 是实际读取/写入的字节数。
注意:
要操作某进程,必须拥有对应的权限,且从lpBaseAddress开始的nSize的内存全部具有对应的属性!
参考资料: 《WINDOWS环境下32位汇编语言程序设计(第2版)》
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
展开全部
Private Declare Function WriteProcessMemory Lib "kernel32" Alias "WriteProcessMemory" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
hProcess:可以由API函数OpenProcess来打开一个进程,并返回句柄,返回的句柄就是此参数。
lpBaseAddress:要写入的内存起始地址。说明:如果没有用ByVal指明,那么默认使用变量地址传入;如果指明了ByVal,那么使用变量内存放的数值传入并作为地址。
lpBuffer:写入内存的地址源(即来源)。说明:同上。
nSize:写入的数据字节大小。
lpNumberOfBytesWritten:实际写入的数据字节大小。
例如:
dim a as long,c as long
a=1
c=2
WriteProcessMemory hProcess,a,c,4
'执行后a=2,c=2,等同于WriteProcessMemory hProcess,byval varptr(a),byval varptr(c),4
WriteProcessMemory hProcess,byval a,c,4
'如果是这样子传入参数的话,会造成不可预料的后果,因为byval a指的是写入内存地址为0x00000001。
所以要理解byval的用途
Private Declare Function ReadProcessMemory Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
hProcess:同上。
lpBaseAddress:来源内存地址,即要读取的内存地址。说明:同上。
lpBuffer:要存放的内存地址。说明:同上。
nSize:同上。
lpNumberOfBytesWritten:同上。
hProcess:可以由API函数OpenProcess来打开一个进程,并返回句柄,返回的句柄就是此参数。
lpBaseAddress:要写入的内存起始地址。说明:如果没有用ByVal指明,那么默认使用变量地址传入;如果指明了ByVal,那么使用变量内存放的数值传入并作为地址。
lpBuffer:写入内存的地址源(即来源)。说明:同上。
nSize:写入的数据字节大小。
lpNumberOfBytesWritten:实际写入的数据字节大小。
例如:
dim a as long,c as long
a=1
c=2
WriteProcessMemory hProcess,a,c,4
'执行后a=2,c=2,等同于WriteProcessMemory hProcess,byval varptr(a),byval varptr(c),4
WriteProcessMemory hProcess,byval a,c,4
'如果是这样子传入参数的话,会造成不可预料的后果,因为byval a指的是写入内存地址为0x00000001。
所以要理解byval的用途
Private Declare Function ReadProcessMemory Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
hProcess:同上。
lpBaseAddress:来源内存地址,即要读取的内存地址。说明:同上。
lpBuffer:要存放的内存地址。说明:同上。
nSize:同上。
lpNumberOfBytesWritten:同上。
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
展开全部
Private Declare Function ReadProcessMemory Lib "Kernel32.dll" (ByVal hProcess As Long, ByRef lpBaseAddress As Any, ByRef lpBuffer As Any, ByVal nSize As Long, ByRef lpNumberOfBytesWritten As Long) As Long
Private Declare Function WriteProcessMemory Lib "Kernel32.dll" (ByVal hProcess As Long, ByRef lpBaseAddress As Any, ByRef lpBuffer As Any, ByVal nSize As Long, ByRef lpNumberOfBytesWritten As Long) As Long
Private Declare Function OpenProcess Lib "Kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function CloseHandle Lib "Kernel32.dll" (ByVal hObject As Long) As Long
Public Function GetPid(进程名称 As String) As Long '获取ID
Dim objWMIService, objProcess, colProcess
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\.\root\cimv2")
Set colProcess = objWMIService.ExecQuery("Select * from Win32_Process")
For Each objProcess In colProcess
If objProcess.Name = 进程名称 Then
GetPid = objProcess.ProcessID
Exit For
End If
Next
Set objWMIService = Nothing
Set colProcess = Nothing
End Function
Public Sub WriteMemoryValue(ByVal 程序ID As Long, ByVal 基址 As Long, ByVal 修改值 As Long, Optional ByVal 类型 As Long = 4) '修改内存数据
If 程序ID <> 0 Then
Dim hProcess As Long
hProcess = OpenProcess(&H1F0FFF, 0, 程序ID)
WriteProcessMemory hProcess, ByVal 基址, 修改值, 类型, 0&
CloseHandle hProcess
End If
End Sub
Public Function ReadMemoryValue(ByVal 程序ID As Long, ByVal 基址 As Long, ByVal 偏移量 As String, ByVal 标识符 As String, Optional ByVal 修改值 As Long, Optional ByVal 类型 As Long = 4) As Long '读取或修改内存数据
If 程序ID <> 0 Then
Dim hProcess As Long
Dim buffer As Long
Dim T As Long
hProcess = OpenProcess(&H1F0FFF, 0, 程序ID)
ReadProcessMemory hProcess, ByVal 基址, ByVal VarPtr(buffer), 类型, 0&
temdeta = buffer
For I = 1 To SplitDate(偏移量, 标识符)
T = temdeta + CStr(Val("&H" & (SplitDate(偏移量, 标识符, I))))
ReadProcessMemory _
hProcess, _
ByVal T, _
ByVal VarPtr(buffer), 类型, 0&
temdeta = buffer
Next
If 修改值 <> 0 Then
WriteMemoryValue 程序ID, T, 修改值
ReadProcessMemory hProcess, ByVal T, ByVal VarPtr(buffer), 类型, 0&
End If
ReadMemoryValue = buffer
CloseHandle hProcess
End If
End Function
Function IsRunning(ByVal ProgramID) As Boolean '确认该ID程序是否在运行
Dim hProgram As Long
hProgram = OpenProcess(0, False, ProgramID)
If Not hProgram = 0 Then
IsRunning = True
Else
IsRunning = False
End If
CloseHandle hProgram
End Function
Public Function SplitDate(ByVal 数据 As String, ByVal 标识符 As String, Optional ByVal 数量 As Integer) As String
If 数量 > 0 Then
Dim intFor As Integer
Dim intTem As Integer
For intFor = 1 To Len(数据)
If Mid(数据, intFor, 1) = 标识符 Then
intTem = intTem + 1
If intTem = 数量 Then
SplitDate = tem
Exit For
Else
tem = ""
End If
Else
tem = tem & Mid(数据, intFor, 1)
End If
Next
Else
Dim I, J
J = 0
For I = 1 To Len(数据)
If Mid(数据, I, 1) = 标识符 Then J = J + 1
Next
SplitDate = J
End If
End Function
很久以前用6.0的时候自己写的
新建个模块放进去就可以了...我觉得应该还是比较容易理解的...
Private Declare Function WriteProcessMemory Lib "Kernel32.dll" (ByVal hProcess As Long, ByRef lpBaseAddress As Any, ByRef lpBuffer As Any, ByVal nSize As Long, ByRef lpNumberOfBytesWritten As Long) As Long
Private Declare Function OpenProcess Lib "Kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function CloseHandle Lib "Kernel32.dll" (ByVal hObject As Long) As Long
Public Function GetPid(进程名称 As String) As Long '获取ID
Dim objWMIService, objProcess, colProcess
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\.\root\cimv2")
Set colProcess = objWMIService.ExecQuery("Select * from Win32_Process")
For Each objProcess In colProcess
If objProcess.Name = 进程名称 Then
GetPid = objProcess.ProcessID
Exit For
End If
Next
Set objWMIService = Nothing
Set colProcess = Nothing
End Function
Public Sub WriteMemoryValue(ByVal 程序ID As Long, ByVal 基址 As Long, ByVal 修改值 As Long, Optional ByVal 类型 As Long = 4) '修改内存数据
If 程序ID <> 0 Then
Dim hProcess As Long
hProcess = OpenProcess(&H1F0FFF, 0, 程序ID)
WriteProcessMemory hProcess, ByVal 基址, 修改值, 类型, 0&
CloseHandle hProcess
End If
End Sub
Public Function ReadMemoryValue(ByVal 程序ID As Long, ByVal 基址 As Long, ByVal 偏移量 As String, ByVal 标识符 As String, Optional ByVal 修改值 As Long, Optional ByVal 类型 As Long = 4) As Long '读取或修改内存数据
If 程序ID <> 0 Then
Dim hProcess As Long
Dim buffer As Long
Dim T As Long
hProcess = OpenProcess(&H1F0FFF, 0, 程序ID)
ReadProcessMemory hProcess, ByVal 基址, ByVal VarPtr(buffer), 类型, 0&
temdeta = buffer
For I = 1 To SplitDate(偏移量, 标识符)
T = temdeta + CStr(Val("&H" & (SplitDate(偏移量, 标识符, I))))
ReadProcessMemory _
hProcess, _
ByVal T, _
ByVal VarPtr(buffer), 类型, 0&
temdeta = buffer
Next
If 修改值 <> 0 Then
WriteMemoryValue 程序ID, T, 修改值
ReadProcessMemory hProcess, ByVal T, ByVal VarPtr(buffer), 类型, 0&
End If
ReadMemoryValue = buffer
CloseHandle hProcess
End If
End Function
Function IsRunning(ByVal ProgramID) As Boolean '确认该ID程序是否在运行
Dim hProgram As Long
hProgram = OpenProcess(0, False, ProgramID)
If Not hProgram = 0 Then
IsRunning = True
Else
IsRunning = False
End If
CloseHandle hProgram
End Function
Public Function SplitDate(ByVal 数据 As String, ByVal 标识符 As String, Optional ByVal 数量 As Integer) As String
If 数量 > 0 Then
Dim intFor As Integer
Dim intTem As Integer
For intFor = 1 To Len(数据)
If Mid(数据, intFor, 1) = 标识符 Then
intTem = intTem + 1
If intTem = 数量 Then
SplitDate = tem
Exit For
Else
tem = ""
End If
Else
tem = tem & Mid(数据, intFor, 1)
End If
Next
Else
Dim I, J
J = 0
For I = 1 To Len(数据)
If Mid(数据, I, 1) = 标识符 Then J = J + 1
Next
SplitDate = J
End If
End Function
很久以前用6.0的时候自己写的
新建个模块放进去就可以了...我觉得应该还是比较容易理解的...
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
展开全部
学习一下,请问有关这些高级的教材在哪里有??
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
更多回答(3)
推荐律师服务:
若未解决您的问题,请您详细描述您的问题,通过百度律临进行免费专业咨询
