1,065
社区成员
发帖
与我相关
我的任务
分享我是VB新手,我现在手中有个程序,我想得到它的某些内存地址里的信息,请问,如何比对前后2次内存的变化?
就是说,比如这个程序现在是A状态,5555FFFF地址内的值是1,当程序进入B状态时,5555FFFF地址内的值是2,我如何将状态A的全部地址保存下来,当程序进入B状态时,再将B状态的内存地址全部保存下来,然后进行比对,就能发现5555FFFF里的1和2的区别了!
...全文
请发表友善的回复…
发表回复
y526892224 2008-09-22
- 打赏
- 举报
模块:
Option Explicit
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public Declare Function FindWindowEx Lib "user32" Alias "FindWindowExA" (ByVal hWnd1 As Long, ByVal hWnd2 As Long, ByVal lpsz1 As String, ByVal lpsz2 As String) As Long
Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Public Declare Function ReadProcessMemory Lib "kernel32.dll" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, ByRef lpBuffer As Any, ByVal nSize As Long, ByRef lpNumberOfBytesWritten As Long) As Long
Public Const PROCESS_ALL_ACCESS = &H1F0FFF
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
窗体:
Private Sub Command1_Click()
Dim h As Long
hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
If hProcess Then
ReadProcessMemory hProcess, ByVal &H5555FFFF, h, 4, 0&
CloseHandle hProcess
End If
Text1.Text = h'在Text1显示地址5555FFFF的值
End Sub
Private Sub Form_Load()
hwd = FindWindow(vbNullString, "game")'game为游戏的进程
GetWindowThreadProcessId hwd, pid hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, pid)
End Sub
我发现论坛里问到关于游戏外挂的问题,各位的回答都会很吝啬,做外挂怎么了?犯法了?有必要这样吗?
Option Explicit
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public Declare Function FindWindowEx Lib "user32" Alias "FindWindowExA" (ByVal hWnd1 As Long, ByVal hWnd2 As Long, ByVal lpsz1 As String, ByVal lpsz2 As String) As Long
Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Public Declare Function ReadProcessMemory Lib "kernel32.dll" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, ByRef lpBuffer As Any, ByVal nSize As Long, ByRef lpNumberOfBytesWritten As Long) As Long
Public Const PROCESS_ALL_ACCESS = &H1F0FFF
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
窗体:
Private Sub Command1_Click()
Dim h As Long
hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
If hProcess Then
ReadProcessMemory hProcess, ByVal &H5555FFFF, h, 4, 0&
CloseHandle hProcess
End If
Text1.Text = h'在Text1显示地址5555FFFF的值
End Sub
Private Sub Form_Load()
hwd = FindWindow(vbNullString, "game")'game为游戏的进程
GetWindowThreadProcessId hwd, pid hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, pid)
End Sub
我发现论坛里问到关于游戏外挂的问题,各位的回答都会很吝啬,做外挂怎么了?犯法了?有必要这样吗?
cangwu_lee 2007-03-08
- 打赏
- 举报
系统怀疑你吹水:说自己是新手,却玩起那么底层的“游戏”。
hackboymzw 2007-03-08
- 打赏
- 举报
如果用winhex,怎么办到?难道叫我一个地址一个地址比较?
蒋晟 2007-03-08
- 打赏
- 举报
http://blog.joycode.com/jiangsheng/archive/2003/12/04/8465.aspx
蒋晟 2007-03-08
- 打赏
- 举报
Fix People Expert
Kingsoft Knight!
Kingsoft Knight!
proer9988 2007-03-08
- 打赏
- 举报
内存搜索
hackboymzw 2007-03-08
- 打赏
- 举报
真的没人知道吗?
