博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
VB内存操作类模块
阅读量:4516 次
发布时间:2019-06-08

本文共 23276 字,大约阅读时间需要 77 分钟。

Private Declare Function ReadProcessMemory Lib "kernel32.dll" (ByVal hProcess As Long, ByRef lpBaseAddress As Any, ByRef lpBuffer As Any, ByVal nSize As Long, ByRef lpNumberOfBytesWritten As Long) As LongPrivate Declare Function WriteProcessMemory Lib "kernel32.dll" (ByVal hProcess As Long, ByRef lpBaseAddress As Any, ByRef lpBuffer As Any, ByVal nSize As Long, ByRef lpNumberOfBytesWritten As Long) As LongPrivate Declare Function VirtualProtect Lib "kernel32" (ByRef lpAddress As Any, ByVal dwSize As Long, ByVal flNewProtect As Long, lpflOldProtect As Long) As Long '设置内存可读写Private Const PAGE_EXECUTE_READWRITE = &H40 ' PAGE_EXECUTE_READWRITE  表示可读可写Private Declare Function VirtualQueryEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, lpBuffer As MEMORY_BASIC_INFORMATION, ByVal dwLength As Long) As Long '搜索内存Private Type MEMORY_BASIC_INFORMATION    BaseAddress As Long    AllocationBase As Long    AllocationProtect As Long    RegionSize As Long    State As Long    Protect As Long    lType As LongEnd TypePrivate Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long)Private Const PROCESS_ALL_ACCESS = &H1F0FFF'设置内存属性,1可读写,其他恢复原样Function SetMem(ByVal addr As String, ByVal lens As Integer, Optional Stype As Integer = 1)    Select Case Stype        Case 1:            VirtualProtect ByVal addr, lens, PAGE_EXECUTE_READWRITE, OldProtect '修改内存属性        Case Else:            VirtualProtect ByVal addr, lens, OldProtect, OldProtect '恢复内存属性    End SelectEnd Function'搜索内存(句柄,开始地址,结束地址,比较方式,搜索类型)  比较方式:1精确数值 2大于 3小于 4两数之间 搜索类型:0 16进制,1 1字节整数,2 2字节整数,3 4字节整数, 4 4字节浮点数Function SearchMem(ByVal mhwnd As Long, ByVal svalue As String, Optional beginaddr As String = "&H400000", Optional endaddr As String = "&H7FFFFFFF", Optional SearchStyle As Integer = 1, Optional Stype As Integer = 3) As String    Const PAGE_READWRITE = 4, MEM_COMMIT = &H1000    Dim i As Long, j As Long, count As Long    Dim r As Long, mbi As MEMORY_BASIC_INFORMATION    Dim lpAddress As Long: lpAddress = beginaddr    Dim bSearch() As Byte    Dim ubs As Long    Dim kx  As Long    bSearching = True    nCountX = 0    r = VirtualQueryEx(mhwnd, lpAddress, mbi, Len(mbi))        '将7FFFFFFF作为搜索结束地址    Dim lpBuffer() As Byte        '字符串转数组    Dim sp() As String    Dim tmp As Long    Dim nLength As Long    '搜索支持数据串,每个数据用逗号分开,如123,234,5,9    sp = Split(svalue, ",")    nLength = UBound(sp)        If Stype = 0 Then sp(0) = CLng("&H" & svalue)        If Stype = 1 Then '  1字节        ReDim bSearch(nLength)        For i = 0 To nLength            bSearch(i) = Val(sp(i)) And &HFF '防止溢出错误        Next    ElseIf Stype = 2 Then ' 2字节        ReDim bSearch((nLength + 1) * 2 - 1)        For i = 0 To nLength            tmp = Val(sp(i))            CopyMemory bSearch(i * 2), tmp, 2        Next    ElseIf Stype = 3 Then ' 4字节        ReDim bSearch((nLength + 1) * 4 - 1)        For i = 0 To nLength            tmp = Val(sp(i))            CopyMemory bSearch(i * 4), tmp, 4        Next    Else        ReDim bSearch((nLength + 1) * 4 - 1)        Dim tmp_f As Single        For i = 0 To nLength            tmp_f = CSng(sp(i))            CopyMemory bSearch(i * 4), tmp_f, 4        Next    End If        ubs = UBound(bSearch)        If SearchStyle = 1 Then        Do While (r And (lpAddress < CLng(endaddr)) And bSearching)            '只搜索可读取的已提交的内存区域            If (mbi.Protect And PAGE_READWRITE) And (mbi.State = MEM_COMMIT) Then                ReDim lpBuffer(mbi.RegionSize - 1)                ReadProcessMemory mhwnd, ByVal mbi.BaseAddress, lpBuffer(0), mbi.RegionSize, 0&                For i = 0 To mbi.RegionSize - 1 - ubs '防止越界                    '逐个字节比较,如果有任何一个不相等,则不再比较其它                    For j = 0 To ubs                        If bSearch(j) <> lpBuffer(i + j) Then GoTo a10                    Next                    nCountX = nCountX + 1                    SearchMem = SearchMem & Hex(i + lpAddress) & "|"a10:                Next            End If            lpAddress = lpAddress + mbi.RegionSize '搜索下一条            r = VirtualQueryEx(mhwnd, lpAddress, mbi, Len(mbi))        Loop    End If        If SearchStyle = 2 Then        Do While (r And (lpAddress < CLng(endaddr)) And bSearching)            '只搜索可读取的已提交的内存区域            If (mbi.Protect And PAGE_READWRITE) And (mbi.State = MEM_COMMIT) Then                                ReDim lpBuffer(mbi.RegionSize - 1)                                ReadProcessMemory mhwnd, ByVal mbi.BaseAddress, lpBuffer(0), mbi.RegionSize, 0&                                For i = 0 To mbi.RegionSize - 1 - ubs '防止越界                                        '逐个字节比较,如果有任何一个不相等,则不再比较其它                    For j = 0 To ubs                        If bSearch(j) <= lpBuffer(i + j) Then GoTo b10                    Next                    nCountX = nCountX + 1                    SearchMem = SearchMem & Hex(i + lpAddress) & "|"b10:                Next            End If            lpAddress = lpAddress + mbi.RegionSize            r = VirtualQueryEx(mhwnd, lpAddress, mbi, Len(mbi))        Loop            End If        If SearchStyle = 3 Then        Do While (r And (lpAddress < CLng(endaddr)) And bSearching)            '只搜索可读取的已提交的内存区域            If (mbi.Protect And PAGE_READWRITE) And (mbi.State = MEM_COMMIT) Then                ReDim lpBuffer(mbi.RegionSize - 1)                ReadProcessMemory mhwnd, ByVal mbi.BaseAddress, lpBuffer(0), mbi.RegionSize, 0&                For i = 0 To mbi.RegionSize - 1 - ubs '防止越界                    '逐个字节比较,如果有任何一个不相等,则不再比较其它                    For j = 0 To ubs                        If bSearch(j) >= lpBuffer(i + j) Then GoTo c10                    Next                    nCountX = nCountX + 1                    SearchMem = SearchMem & Hex(i + lpAddress) & "|"c10:                Next            End If            lpAddress = lpAddress + mbi.RegionSize            r = VirtualQueryEx(mhwnd, lpAddress, mbi, Len(mbi))        Loop    End If        If SearchStyle = 4 Then        Do While (r And (lpAddress < CLng(endaddr)) And bSearching)            '只搜索可读取的已提交的内存区域            If (mbi.Protect And PAGE_READWRITE) And (mbi.State = MEM_COMMIT) Then                ReDim lpBuffer(mbi.RegionSize - 1)                ReadProcessMemory mhwnd, ByVal mbi.BaseAddress, lpBuffer(0), mbi.RegionSize, 0&                For i = 0 To mbi.RegionSize - 1 - ubs '防止越界                    If lpBuffer(i) <= Val(txtValue2Search1) Or lpBuffer(i) >= Val(txtValue2Search2) Then GoTo d10                    nCountX = nCountX + 1                    SearchMem = SearchMem & Hex(i + lpAddress) & "|"d10:                Next            End If                        lpAddress = lpAddress + mbi.RegionSize            r = VirtualQueryEx(mhwnd, lpAddress, mbi, Len(mbi))        Loop    End If    SearchMem = Left(SearchMem, Len(SearchMem) - 1)    bSearching = FalseEnd Function'字节集Private Function newHEX(str2 As String) As Long    Dim i As Long, a As Variant, k As Long    k = 0    For i = Len(str2) - 1 To 0 Step -1        a = Asc(LCase(Mid(str2, Len(str2) - i, 1)))        a = IIf(a >= 48 And a <= 57, a - 48, a - 87)        k = k + (16 ^ i) * a    Next    newHEX = kEnd Function'------------------------------读取内存开始---------------------------------------------'读取指定地址的整数数值,类型可以是2--1字节,1--2字节 或者 0--4字节,默认4字节Function ReadInt(mhwnd As Long, addr As String, Optional Stype As Integer = 0)    Dim jz  As Long '基址    Dim lresult As Long '累加地址    Dim mHprocess As Long '句柄    Dim sz  '这个是字符数组--为了拆分 指针    Dim p1 As Long '一级偏移    Dim p2 As Long '二级偏移    Dim p3 As Long '三级偏移    Dim psum As Integer '偏移数量    Dim s As Integer '类型    Dim result As Long '最终结果        sz = Split(addr, "]+") '分割字符-把偏移等变为数组元素保存起来,标记符号是 ']+'    psum = UBound(sz)        mHprocess = mhwnd        Select Case Stype        Case 0:            s = 4 '4字节            result = CLng(result)        Case 1:            s = 2 '2字节            result = CInt(result)        Case 2:            s = 1 '1字节            result = CByte(result)        Case Else            s = 4 '4字节            result = CLng(result)    End Select        '0偏移-读取静态地址--    If psum = 0 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        ReadProcessMemory mHprocess, ByVal jz, lresult, s, 0&        result = lresult        ReadInt = result    End If        '1偏移-    If psum = 1 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        ReadProcessMemory mHprocess, ByVal jz, lresult, s, 0        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, s, 0        result = lresult        ReadInt = result    End If        '2偏移-    If psum = 2 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        p2 = Val("&H" & Trim(sz(2)))        ReadProcessMemory mHprocess, ByVal jz, lresult, s, 0        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, s, 0        ReadProcessMemory mHprocess, ByVal lresult + p2, lresult, s, 0        result = lresult        ReadInt = result    End If        '3偏移-    If psum = 3 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        p2 = Val("&H" & Trim(sz(2)))        p3 = Val("&H" & Trim(sz(3))) '最后的偏移        ReadProcessMemory mHprocess, ByVal jz, lresult, s, 0        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, s, 0        ReadProcessMemory mHprocess, ByVal lresult + p2, lresult, s, 0        ReadProcessMemory mHprocess, ByVal lresult + p3, lresult, s, 0        result = lresult        ReadInt = result    End IfEnd Function'读取指定地址的双精度浮点数Function ReadDouble(mhwnd As Long, addr As String) As Double    Dim jz  As Long '基址    Dim lresult As Long '累加地址    Dim result As Long '最终结果    Dim mHprocess As Long '句柄    Dim sz  '这个是字符数组--为了拆分 指针    Dim p1 As Long '一级偏移    Dim p2 As Long '二级偏移    Dim p3 As Long '三级偏移    Dim psum As Integer '偏移数量        sz = Split(addr, "]+") '分割字符-把偏移等变为数组元素保存起来,标记符号是 ']+'    psum = UBound(sz)        mHprocess = mhwnd        '0偏移-读取4字节的静态地址--    If psum = 0 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        ReadProcessMemory mHprocess, ByVal jz, lresult, 8, 0&        result = lresult        ReadDouble = result    End If        '1偏移-    If psum = 1 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 8, 0        result = lresult        ReadDouble = result    End If        '2偏移-    If psum = 2 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        p2 = Val("&H" & Trim(sz(2)))        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p2, lresult, 8, 0        result = lresult        ReadDouble = result    End If        '3偏移-    If psum = 3 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        p2 = Val("&H" & Trim(sz(2)))        p3 = Val("&H" & Trim(sz(3))) '最后的偏移        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p2, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p3, lresult, 8, 0        result = lresult        ReadDouble = result    End IfEnd Function'读取指定地址的单精度浮点数Function ReadFloat(mhwnd As Long, addr As String) As Single    Dim jz  As Long '基址    Dim lresult As Long '累加地址    Dim result As Long '最终结果    Dim mHprocess As Long '句柄    Dim sz  '这个是字符数组--为了拆分 指针    Dim p1 As Long '一级偏移    Dim p2 As Long '二级偏移    Dim p3 As Long '三级偏移    Dim psum As Integer '偏移数量        sz = Split(addr, "]+") '分割字符-把偏移等变为数组元素保存起来,标记符号是 ']+'    psum = UBound(sz)        mHprocess = mhwnd        '0偏移-读取4字节的静态地址--    If psum = 0 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0&        result = lresult        ReadFloat = result    End If        '1偏移-    If psum = 1 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0        result = lresult        ReadFloat = result    End If        '2偏移-    If psum = 2 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        p2 = Val("&H" & Trim(sz(2)))        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p2, lresult, 4, 0        result = lresult        ReadFloat = result    End If        '3偏移-    If psum = 3 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        p2 = Val("&H" & Trim(sz(2)))        p3 = Val("&H" & Trim(sz(3))) '最后的偏移        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p2, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p3, lresult, 4, 0        result = lresult        ReadFloat = result    End IfEnd Function'读取指定地址的GBK字符串Function ReadString(mhwnd As Long, addr As String) As String    Dim jz  As Long '基址    Dim lresult As Long '累加地址    Dim result(64) As Byte '最终结果    Dim mHprocess As Long '句柄    Dim sz  '这个是字符数组--为了拆分 指针    Dim p1 As Long '一级偏移    Dim p2 As Long '二级偏移    Dim p3 As Long '三级偏移    Dim psum As Integer '偏移数量        sz = Split(addr, "]+") '分割字符-把偏移等变为数组元素保存起来,标记符号是 ']+'    psum = UBound(sz)        mHprocess = mhwnd        '0偏移-读取4字节的静态地址--    If psum = 0 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        ReadProcessMemory mHprocess, ByVal jz, result(0), 64, 0&        ReadString = StrConv(result, vbUnicode)    End If        '1偏移-    If psum = 1 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p1, result(0), 64, 0        ReadString = StrConv(result, vbUnicode)    End If        '2偏移-    If psum = 2 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        p2 = Val("&H" & Trim(sz(2)))        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p2, result(0), 64, 0        ReadString = StrConv(result, vbUnicode)    End If        '3偏移-    If psum = 3 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        p2 = Val("&H" & Trim(sz(2)))        p3 = Val("&H" & Trim(sz(3))) '最后的偏移        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p2, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p3, result(0), 64, 0        ReadString = StrConv(result, vbUnicode)    End IfEnd Function'读取指定地址的Unicode字符串Function ReadStringU(mhwnd As Long, addr As String) As String    Dim jz  As Long    Dim lresult As Long    Dim result(64) As Byte    Dim mHprocess As Long    Dim StringU As Long    Dim sz  '这个是字符数组--为了拆分 指针    Dim p1 As Long    Dim p2 As Long    Dim p3 As Long    Dim psum As Integer        sz = Split(addr, "]+") '分割字符-把偏移等变为数组元素保存起来,标记符号是 ']+'    psum = UBound(sz)        mHprocess = mhwnd        '0偏移-读取4字节的静态地址--    If psum = 0 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        ReadProcessMemory mHprocess, ByVal jz, StringU, 4, 0        ReadProcessMemory mHprocess, ByVal StringU, result(0), 64, 0&        ReadStringU = result    End If        '1偏移-    If psum = 1 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p1, StringU, 4, 0        ReadProcessMemory mHprocess, ByVal StringU, result(0), 64, 0&        ReadStringU = result    End If        '2偏移-    If psum = 2 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        p2 = Val("&H" & Trim(sz(2)))        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p2, StringU, 4, 0        ReadProcessMemory mHprocess, ByVal StringU, result(0), 64, 0&        ReadStringU = result    End If        '3偏移-    If psum = 3 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        p2 = Val("&H" & Trim(sz(2)))        p3 = Val("&H" & Trim(sz(3))) '最后的偏移        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p2, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p3, StringU, 4, 0        ReadProcessMemory mHprocess, ByVal StringU, result(0), 64, 0&        ReadStringU = result    End IfEnd Function'------------------------------修改内存开始---------------------------------------------'对指定地址写入整数数值,类型可以是1字节,2字节 或者 4字节Function WriteInt(mhwnd As Long, addr As String, v As Long, Optional Stype As Integer = 0)    Dim jz  As Long    Dim lresult As Long    Dim mHprocess As Long    Dim sz  '这个是字符数组--为了拆分 指针    Dim p1 As Long    Dim p2 As Long    Dim p3 As Long    Dim psum As Integer    Dim s As Integer        sz = Split(addr, "]+") '分割字符-把偏移等变为数组元素保存起来    psum = UBound(sz)        mHprocess = mhwnd        Select Case Stype        Case 0:            s = 4 '4字节        Case 1:            s = 2 '2字节        Case 2:            s = 1 '1字节        Case Else            s = 4 '4字节    End Select        '0偏移-读取静态地址--    If psum = 0 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        WriteProcessMemory mHprocess, ByVal jz, v, s, 0&    End If        '1偏移-    If psum = 1 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0        WriteProcessMemory mHprocess, ByVal lresult + p1, v, s, 0    End If            '2偏移-    If psum = 2 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        p2 = Val("&H" & Trim(sz(2)))        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0        WriteProcessMemory mHprocess, ByVal lresult + p2, v, s, 0    End If        '3偏移-    If psum = 3 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        p2 = Val("&H" & Trim(sz(2)))        p3 = Val("&H" & Trim(sz(3))) '最后的偏移        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p2, lresult, 4, 0        WriteProcessMemory mHprocess, ByVal lresult + p3, v, s, 0    End IfEnd Function'对指定地址写入单精度浮点数Function WriteFloat(mhwnd As Long, addr As String, v As Single)    Dim jz  As Long    Dim lresult As Long    Dim mHprocess As Long    Dim sz  '这个是字符数组--为了拆分 指针    Dim p1 As Long    Dim p2 As Long    Dim p3 As Long    Dim psum As Integer    sz = Split(addr, "]+") '分割字符-把偏移等变为数组元素保存起来    '标记符号是 ']+'    psum = UBound(sz)        mHprocess = mhwnd        '0偏移-读取4字节的静态地址--    If psum = 0 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        WriteProcessMemory mHprocess, ByVal jz, v, 4, 0&    End If        '1偏移-    If psum = 1 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0        WriteProcessMemory mHprocess, ByVal lresult + p1, v, 4, 0    End If            '2偏移-    If psum = 2 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        p2 = Val("&H" & Trim(sz(2)))        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0        WriteProcessMemory mHprocess, ByVal lresult + p2, v, 4, 0    End If        '3偏移-    If psum = 3 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        p2 = Val("&H" & Trim(sz(2)))        p3 = Val("&H" & Trim(sz(3))) '最后的偏移        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p2, lresult, 4, 0        WriteProcessMemory mHprocess, ByVal lresult + p3, v, 4, 0    End IfEnd Function'对指定地址写入双精度浮点数Function WriteDouble(mhwnd As Long, addr As String, v As Double)    Dim jz  As Long    Dim lresult As Long    Dim mHprocess As Long    Dim sz  '这个是字符数组--为了拆分 指针    Dim p1 As Long    Dim p2 As Long    Dim p3 As Long    Dim psum As Integer    sz = Split(addr, "]+") '分割字符-把偏移等变为数组元素保存起来    '标记符号是 ']+'    psum = UBound(sz)        mHprocess = mhwnd        '0偏移-读取4字节的静态地址--    If psum = 0 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        WriteProcessMemory mHprocess, ByVal jz, v, 8, 0&    End If        '1偏移-    If psum = 1 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0        WriteProcessMemory mHprocess, ByVal lresult + p1, v, 8, 0    End If            '2偏移-    If psum = 2 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        p2 = Val("&H" & Trim(sz(2)))        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0        WriteProcessMemory mHprocess, ByVal lresult + p2, v, 8, 0    End If        '3偏移-    If psum = 3 Then        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))        p1 = Val("&H" & Trim(sz(1)))        p2 = Val("&H" & Trim(sz(2)))        p3 = Val("&H" & Trim(sz(3))) '最后的偏移        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0        ReadProcessMemory mHprocess, ByVal lresult + p2, lresult, 4, 0        WriteProcessMemory mHprocess, ByVal lresult + p3, v, 8, 0    End IfEnd Function'对指定地址写入二进制数据Public Function WriteData(mhwnd As Long, Maddr As String, Mcode As String) As Long    Dim i As Long, OPcode As String, addr As Long    OPcode = Mcode        addr = newHEX(Maddr)    ReDim AsmCode(Len(OPcode) / 2 - 1) As Byte    For i = 0 To UBound(AsmCode)        AsmCode(i) = CByte("&H" & Mid(OPcode, i * 2 + 1, 2))    Next    WriteProcessMemory mhwnd, ByVal addr, AsmCode(0), UBound(AsmCode) + 1, 0End Function'------------------------------------修改内存结束-------------------------------------------------
posted on
2012-11-09 14:18 阅读(
...) 评论(
...)

转载于:https://www.cnblogs.com/homexigua/archive/2012/11/09/2762555.html

你可能感兴趣的文章
Elasticsearch 2.3 java api
查看>>
golang写入csv
查看>>
基础2
查看>>
java基础篇---网络编程(UDP程序设计)
查看>>
Kafka Producer相关代码分析【转】
查看>>
LeetCode 121. Best Time to Buy and Sell Stock
查看>>
麻省理工学院公开课-第四讲:快速排序 及 随机化 算法
查看>>
pycharm 的包路径设置export PYTHONPATH=$PYTHONPATH
查看>>
SQL语句创建函数
查看>>
解决mysql无法显示中文/MySQL中文乱码问号等问题
查看>>
CentOS 7.2 配置mysql5.7
查看>>
python输出转义字符
查看>>
java基础43 IO流技术(输入字节流/缓冲输入字节流)
查看>>
计算一个整数二进制中1的个数
查看>>
netdom join 错误:指定的域不存在,或无法联系。
查看>>
Android中Dialog的使用
查看>>
Android Activity接收Service发送的广播
查看>>
[Leetcode] Spiral Matrix | 把一个2D matrix用螺旋方式打印
查看>>
加速和监控国际网络
查看>>
【Flex】读取本地XML,然后XML数据转成JSON数据
查看>>
喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!-- 愿君每日到此一游!
当前时间: 2024-10-15 17:13:49   当前IP: 3.128.200.220   联系邮箱:javaeecc@qq.com     Copyright © 2020 - 2022 baihongyu.com 京ICP备2021015314号-2
强烈建议你试试无所不能的CHAT-GPT,快点击我
强烈建议你试试无所不能的CHAT-GPT,快点击我