VB讀取線程、句柄及寫入內存的API代碼實例。本站提示廣大學習愛好者:(VB讀取線程、句柄及寫入內存的API代碼實例)文章只能為提供參考,不一定能成為您想要的結果。以下是VB讀取線程、句柄及寫入內存的API代碼實例正文
本文所述實例為VB讀取內存、線程及句柄的一個API,對觸及零碎底層操作的VB編程有一定的協助,需求的讀者可以參考運用。這個API可獲取到線程ID,寫內存,包括進程句柄,ByVal 內存區地址,數據,總長度,曾經完生長度,讀取進程,包括進程句柄,ByVal 內存區地址,讀取來的數據寄存處,要讀取的長度,曾經讀取的長度,內存分配(進程柄,地址[仿佛只需丟個0出來就行],長度,權限1[MEM_COMMIT],權限2[PAGE_READWRITE])前往:分配到的內存起始地址等功用。
詳細完成代碼如下:
Attribute VB_Name = "API" Option Explicit Public Declare Function GetDesktopWindow Lib "User32.DLL" () As Long Public Declare Function FindWindow Lib "User32.DLL" Alias "FindWindowA" (ByVal ClassName As String, ByVal Caption As String) As Long Public Declare Function GetWindow Lib "User32.DLL" (ByVal hwnd As Long, ByVal wCmd As Long) As Long Public Declare Function GetWindowText Lib "User32.DLL" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String, ByVal cch As Long) As Long Public Const GW_CHILD = (5) Public Const GW_HWNDNEXT = (2) Public Declare Function GetWindowThreadProcessId Lib "User32.DLL" (ByVal hwnd As Long, ProcessId As Long) As Long '取找線程ID(句柄,前往的線程ID) Public Declare Function OpenProcess Lib "Kernel32.DLL" (ByVal 操作權限 As Long, ByVal 承繼句柄 As Long, ByVal 線程ID As Long) As Long Public Declare Function ReadProcessMemory Lib "Kernel32.DLL" (ByVal 進程柄 As Long, ByVal 內存地位 As Long, 緩沖區 As Any, ByVal 長度 As Long, lpNumberOfBytesWritten As Long) As Long '讀取進程(進程句柄,ByVal 內存區地址,讀取來的數據寄存處,要讀取的長度,曾經讀取的長度[0]) Public Declare Function WriteProcessMemory Lib "Kernel32.DLL" (ByVal 進程柄 As Long, 內存地位 As Any, 緩沖區 As Any, ByVal 長度 As Long, lpNumberOfBytesWritten As Long) As Long '寫內存(進程句柄,ByVal 內存區地址,數據,總長度,曾經完生長度[0]) Public Declare Function CloseHandle Lib "Kernel32.DLL" (ByVal 進程柄 As Long) As Long '釋放(進程句柄)'不釋放會出錯 Public Const STANDARD_RIGHTS_REQUIRED = &HF0000 Public Const SYNCHRONIZE = &H100000 Public Const RRAD_WRITE = &H1F0FFF Public Const PROCESS_VM_OPERATION = &H8& Public Const 讀取 = &H10& Public Const 寫入 = &H20& '---------變量轉換API Public Declare Sub MOV Lib "Kernel32.DLL" Alias "RtlMoveMemory" (變量1 As Any, 變量2 As Any, ByVal 長度 As Long) '---------內存維護分配釋放 Public Declare Function VPE Lib "Kernel32.DLL" Alias "VirtualProtectEx" (ByVal 進程柄 As Long, 地址 As Any, ByVal 長度 As Long, ByVal flNewProtect As Long, lpflOldProtect As Long) As Long Public Declare Function VAE Lib "Kernel32.DLL" Alias "VirtualAllocEx" (ByVal 進程柄 As Long, ByVal 地址 As Long, ByVal 長度 As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long '內存分配(進程柄,地址[仿佛只需丟個0出來就行],長度,權限1[MEM_COMMIT],權限2[PAGE_READWRITE])前往:分配到的內存起始地址 Public Declare Function VFE Lib "Kernel32.DLL" Alias "VirtualFreeEx" (ByVal 進程柄 As Long, ByVal 地址 As Long, ByVal 長度 As Long, ByVal 釋放類型 As Long) As Long Public Const MEM_COMMIT = &H1000 Public Const PAGE_READWRITE = &H4 Public Const STILL_ACTIVE = &H103& Public Const INFINITE = &HFFFF '---------取模塊函數地位API Public Declare Function GetModuleHandle Lib "Kernel32.DLL" Alias "GetModuleHandleA" (ByVal ModuleName As String) As Long Public Declare Function LoadLibrary Lib "Kernel32.DLL" Alias "LoadLibraryA" (ByVal ModuleName As String) As Long Public Declare Function GetProcAddress Lib "Kernel32.DLL" (ByVal hModule As Long, ByVal ProcName As String) As Long Public Declare Function CreateRemoteThread Lib "Kernel32.DLL" (ByVal 進程柄 As Long, lpThreadAttributes As Any, ByVal dwStackSize As Long, ByVal lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadID As Long) As Long Public Declare Function GetTickCount Lib "kernel32" () As Long