本文所述实例为VB读取内存、线程及句柄的一个API,对涉及系统底层操作的VB编程有一定的帮助,需要的读者可以参考使用。这个API可获取到线程ID,写内存,包括进程句柄,ByVal 内存区地址,数据,总长度,已经完成长度,读取进程,包括进程句柄,ByVal 内存区地址,读取来的数据存放处,要读取的长度,已经读取的长度,内存分配(进程柄,地址[好像只要丢个0进去就行],长度,权限1[MEM_COMMIT],权限2[PAGE_READWRITE])返回:分配到的内存起始地址等功能。
具体实现代码如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
Attribute VB_Name = "API"
Option Explicit
Public Declare Function GetDesktopWindow Lib "User32.DLL" () As Long
Public Declare Function FindWindow Lib "User32.DLL" Alias "FindWindowA" (ByVal ClassName As String, ByVal Caption As String) As Long
Public Declare Function GetWindow Lib "User32.DLL" (ByVal hwnd As Long, ByVal wCmd As Long) As Long
Public Declare Function GetWindowText Lib "User32.DLL" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String, ByVal cch As Long) As Long
Public Const GW_CHILD = (5)
Public Const GW_HWNDNEXT = (2)
Public Declare Function GetWindowThreadProcessId Lib "User32.DLL" (ByVal hwnd As Long, ProcessId As Long) As Long
'取找线程ID(句柄,返回的线程ID)
Public Declare Function OpenProcess Lib "Kernel32.DLL" (ByVal 操作权限 As Long, ByVal 继承句柄 As Long, ByVal 线程ID As Long) As Long
Public Declare Function ReadProcessMemory Lib "Kernel32.DLL" (ByVal 进程柄 As Long, ByVal 内存位置 As Long, 缓冲区 As Any, ByVal 长度 As Long, lpNumberOfBytesWritten As Long) As Long
'读取进程(进程句柄,ByVal 内存区地址,读取来的数据存放处,要读取的长度,已经读取的长度[0])
Public Declare Function WriteProcessMemory Lib "Kernel32.DLL" (ByVal 进程柄 As Long, 内存位置 As Any, 缓冲区 As Any, ByVal 长度 As Long, lpNumberOfBytesWritten As Long) As Long
'写内存(进程句柄,ByVal 内存区地址,数据,总长度,已经完成长度[0])
Public Declare Function CloseHandle Lib "Kernel32.DLL" (ByVal 进程柄 As Long) As Long
'释放(进程句柄)'不释放会出错
Public Const STANDARD_RIGHTS_REQUIRED = &HF0000
Public Const SYNCHRONIZE = &H100000
Public Const RRAD_WRITE = &H1F0FFF
Public Const PROCESS_VM_OPERATION = &H8&
Public Const 读取 = &H10&
Public Const 写入 = &H20&
'---------变量转换API
Public Declare Sub MOV Lib "Kernel32.DLL" Alias "RtlMoveMemory" (变量1 As Any, 变量2 As Any, ByVal 长度 As Long)
'---------内存保护分配释放
Public Declare Function VPE Lib "Kernel32.DLL" Alias "VirtualProtectEx" (ByVal 进程柄 As Long, 地址 As Any, ByVal 长度 As Long, ByVal flNewProtect As Long, lpflOldProtect As Long) As Long
Public Declare Function VAE Lib "Kernel32.DLL" Alias "VirtualAllocEx" (ByVal 进程柄 As Long, ByVal 地址 As Long, ByVal 长度 As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
'内存分配(进程柄,地址[好像只要丢个0进去就行],长度,权限1[MEM_COMMIT],权限2[PAGE_READWRITE])返回:分配到的内存起始地址
Public Declare Function VFE Lib "Kernel32.DLL" Alias "VirtualFreeEx" (ByVal 进程柄 As Long, ByVal 地址 As Long, ByVal 长度 As Long, ByVal 释放类型 As Long) As Long
Public Const MEM_COMMIT = &H1000
Public Const PAGE_READWRITE = &H4
Public Const STILL_ACTIVE = &H103&
Public Const INFINITE = &HFFFF
'---------取模块函数位置API
Public Declare Function GetModuleHandle Lib "Kernel32.DLL" Alias "GetModuleHandleA" (ByVal ModuleName As String) As Long
Public Declare Function LoadLibrary Lib "Kernel32.DLL" Alias "LoadLibraryA" (ByVal ModuleName As String) As Long
Public Declare Function GetProcAddress Lib "Kernel32.DLL" (ByVal hModule As Long, ByVal ProcName As String) As Long
Public Declare Function CreateRemoteThread Lib "Kernel32.DLL" (ByVal 进程柄 As Long, lpThreadAttributes As Any, ByVal dwStackSize As Long, ByVal lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadID As Long) As Long
Public Declare Function GetTickCount Lib "kernel32" () As Long
|