本文所述实例为VB读取内存、线程及句柄的一个API,对涉及系统底层操作的VB编程有一定的帮助,需要的读者可以参考使用。这个API可获取到线程ID,写内存,包括进程句柄,ByVal 内存区地址,数据,总长度,已经完成长度,读取进程,包括进程句柄,ByVal 内存区地址,读取来的数据存放处,要读取的长度,已经读取的长度,内存分配(进程柄,地址[好像只要丢个0进去就行],长度,权限1[MEM_COMMIT],权限2[PAGE_READWRITE])返回:分配到的内存起始地址等功能。
具体实现代码如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
Attribute VB_Name = "API"Option ExplicitPublic Declare Function GetDesktopWindow Lib "User32.DLL" () As LongPublic Declare Function FindWindow Lib "User32.DLL" Alias "FindWindowA" (ByVal ClassName As String, ByVal Caption As String) As LongPublic Declare Function GetWindow Lib "User32.DLL" (ByVal hwnd As Long, ByVal wCmd As Long) As LongPublic Declare Function GetWindowText Lib "User32.DLL" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String, ByVal cch As Long) As LongPublic Const GW_CHILD = (5)Public Const GW_HWNDNEXT = (2)Public Declare Function GetWindowThreadProcessId Lib "User32.DLL" (ByVal hwnd As Long, ProcessId As Long) As Long'取找线程ID(句柄,返回的线程ID)Public Declare Function OpenProcess Lib "Kernel32.DLL" (ByVal 操作权限 As Long, ByVal 继承句柄 As Long, ByVal 线程ID As Long) As LongPublic Declare Function ReadProcessMemory Lib "Kernel32.DLL" (ByVal 进程柄 As Long, ByVal 内存位置 As Long, 缓冲区 As Any, ByVal 长度 As Long, lpNumberOfBytesWritten As Long) As Long'读取进程(进程句柄,ByVal 内存区地址,读取来的数据存放处,要读取的长度,已经读取的长度[0])Public Declare Function WriteProcessMemory Lib "Kernel32.DLL" (ByVal 进程柄 As Long, 内存位置 As Any, 缓冲区 As Any, ByVal 长度 As Long, lpNumberOfBytesWritten As Long) As Long'写内存(进程句柄,ByVal 内存区地址,数据,总长度,已经完成长度[0])Public Declare Function CloseHandle Lib "Kernel32.DLL" (ByVal 进程柄 As Long) As Long'释放(进程句柄)'不释放会出错Public Const STANDARD_RIGHTS_REQUIRED = &HF0000Public Const SYNCHRONIZE = &H100000Public Const RRAD_WRITE = &H1F0FFFPublic Const PROCESS_VM_OPERATION = &H8&Public Const 读取 = &H10&Public Const 写入 = &H20&'---------变量转换APIPublic Declare Sub MOV Lib "Kernel32.DLL" Alias "RtlMoveMemory" (变量1 As Any, 变量2 As Any, ByVal 长度 As Long)'---------内存保护分配释放Public Declare Function VPE Lib "Kernel32.DLL" Alias "VirtualProtectEx" (ByVal 进程柄 As Long, 地址 As Any, ByVal 长度 As Long, ByVal flNewProtect As Long, lpflOldProtect As Long) As LongPublic Declare Function VAE Lib "Kernel32.DLL" Alias "VirtualAllocEx" (ByVal 进程柄 As Long, ByVal 地址 As Long, ByVal 长度 As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long'内存分配(进程柄,地址[好像只要丢个0进去就行],长度,权限1[MEM_COMMIT],权限2[PAGE_READWRITE])返回:分配到的内存起始地址Public Declare Function VFE Lib "Kernel32.DLL" Alias "VirtualFreeEx" (ByVal 进程柄 As Long, ByVal 地址 As Long, ByVal 长度 As Long, ByVal 释放类型 As Long) As LongPublic Const MEM_COMMIT = &H1000Public Const PAGE_READWRITE = &H4Public Const STILL_ACTIVE = &H103&Public Const INFINITE = &HFFFF'---------取模块函数位置APIPublic Declare Function GetModuleHandle Lib "Kernel32.DLL" Alias "GetModuleHandleA" (ByVal ModuleName As String) As LongPublic Declare Function LoadLibrary Lib "Kernel32.DLL" Alias "LoadLibraryA" (ByVal ModuleName As String) As LongPublic Declare Function GetProcAddress Lib "Kernel32.DLL" (ByVal hModule As Long, ByVal ProcName As String) As LongPublic Declare Function CreateRemoteThread Lib "Kernel32.DLL" (ByVal 进程柄 As Long, lpThreadAttributes As Any, ByVal dwStackSize As Long, ByVal lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadID As Long) As LongPublic Declare Function GetTickCount Lib "kernel32" () As Long |
