VB读写进程的内存

最新推荐文章于 2021-04-28 17:28:25 发布

转载最新推荐文章于 2021-04-28 17:28:25 发布 · 376 阅读

1 ·

CC 4.0 BY-SA版权

原文链接：http://www.cnblogs.com/xiii/p/7215730.html

本文提供了一段未经测试的VB代码示例，用于演示如何使用ReadProcessMemory和WriteProcessMemory函数来读取和修改另一个进程的内存。这些函数通常被用于调试、游戏作弊或软件逆向工程等场景。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

在窗体部分简单测试了ReadProcessMemory和WriteProcessMemory对另一个程序进程的读写.

由于临时项目变动,又不需要了,所以直接封类,删工程.以下代码没有一个函数经过测试,编译都没有进行...

Option Explicit
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Const PROCESS_ALL_ACCESS = &H1F0FFF
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal dwProcess As Long, lpBaseAddress As Any, lpbuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal dwProcess As Long, lpBaseAddress As Any, lpbuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Dim dwProc As Long
Dim dwPid As Long
'设置进程
Public Function SetProcess(Pid As Long)
    Call Terminate
    dwProc = OpenProcess(PROCESS_ALL_ACCESS, False, Pid)
    dwPid = Pid
End Function
'读取,分别对应 字节组,十六进制和整数
Private Function ReadMemoryA(Addr As Long, Size As Long) As Byte()
    If Size < 1 Then Exit Function
    Dim Ret As Boolean, buf() As Byte
    ReDim buf(Size - 1) As Byte
    Ret = ReadProcessMemory(dwProc, ByVal Addr, buf(0), Size, 0)
    If Ret Then ReadMemory = buf
End Function
Private Function ReadMemoryH(Addr As Long, Size As Long) As String
    If Size < 1 Then Exit Function
    Dim Ret As Boolean, buf() As Byte
    ReDim buf(Size - 1) As Byte
    Ret = ReadProcessMemory(dwProc, ByVal Addr, buf(0), Size, 0)
    If Ret Then
        Dim i As Long
        For i = 0 To UBound(buf)
            If buf(i) > 15 Then
                ReadMemoryH = ReadMemoryH & Hex(buf(i)) & " "
            Else
                ReadMemoryH = ReadMemoryH & "0" & Hex(buf(i)) & " "
            End If
        Next
    End If
End Function
Private Function ReadMemoryL(Addr As Long) As Long
    If Size < 1 Then Exit Function
    Dim Ret As Boolean, L As Long
    ReadProcessMemory dwProc, ByVal Addr, L, 4, 0
    ReadMemoryL = L
End Function
'写入,分别对应 单字节,字节组,和整数
Private Function WriteMemory(Addr As Long, buf As Byte)
    WriteProcessMemory dwProc, ByVal Addr, buf, 1, 0&
End Function
Private Function WriteMemoryA(Addr As Long, buf() As Byte)
    WriteProcessMemory dwProc, ByVal Addr, buf(0), UBound(buf) + 1, 0&
End Function
Private Function WriteMemoryL(Addr As Long, L As Long)
    WriteProcessMemory dwProc, ByVal Addr, L, 4, 0&
End Function
'销毁资源占用
Private Sub Terminate()
    If dwPid <> 0 Then CloseHandle dwPid
    If dwProc <> 0 Then CloseHandle dwProc
End Sub
Private Sub Class_Terminate()
    Call Terminate
End Sub