110,538
社区成员
发帖
与我相关
我的任务
分享
using System;
using System.Runtime.InteropServices;
namespace Text
{
class Program
{
[DllImport("kernel32.dll ")]
public static extern uint OpenProcess(UInt32 dwDesiredAccess, bool bInheritHandle, UInt32 dwProcessId);
[DllImport("User32.dll ")]
public static extern System.IntPtr FindWindowEx(System.IntPtr parent, System.IntPtr childe, string strclass, string strname);
[DllImport("user32.dll")]
public static extern uint GetWindowThreadProcessId(IntPtr hwnd, out int pid);
[DllImport("Kernel32")]
public static extern int GetProcAddress(int handle, String funcname);
[DllImport("kernel32", EntryPoint = "GetModuleHandle")]
public static extern int GetModuleHandle(string lpModuleName);
[DllImport("kernel32", EntryPoint = "WriteProcessMemory")]
public static extern int WriteProcessMemory(uint hwnd, UInt32 baseaddress, int lpBuffer, int nsize, int filewriten);
static void Main(string[] args)
{
#region 测试
unsafe
{
Console.WriteLine("----------Press Any Key To Start----------");
Console.ReadKey();
Console.WriteLine("开始");
const uint PROCESS_ALL_ACCESS = 0x1F0FFF; //定义权限
//const uint PROCESS_VM_READ = 0x0010;
//const uint PROCESS_VM_WRITE = 0x0020;
//string winName = "计算器";
string winName = "无标题 - 记事本";
IntPtr hwnd = FindWindowEx(System.IntPtr.Zero, System.IntPtr.Zero, null, winName); // 取句柄
int pid;
uint dwProcessId = GetWindowThreadProcessId(hwnd, out pid); // 取进程ID
uint hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, dwProcessId); // 打开进程
Console.WriteLine("Pid={0}, Hwnd={1},hProcess={2}", pid.ToString(), hwnd, hProcess);
if (hProcess > 0)
{
UInt16 ModiCode = 0xEB;
UInt32 MutexAAdd = (UInt32)GetProcAddress(GetModuleHandle("Kernel32.dll"), "CreateMutexA") + 13;
WriteProcessMemory(hProcess, (UInt32)MutexAAdd, (int)&ModiCode, System.Runtime.InteropServices.Marshal.SizeOf(ModiCode), 0);
Console.WriteLine("MutexAAdd={0}", MutexAAdd);
}
else
{
Console.WriteLine("打开失败,hProcess <=0, hProcess={0}", hProcess);
}
hProcess = 0;
Console.WriteLine("Press any key to end");
Console.ReadKey();
}
#endregion
}
}
}
using System;
using System.Runtime.InteropServices;
namespace Text
{
class Program
{
[DllImport("kernel32.dll ")]
public static extern uint OpenProcess(UInt32 dwDesiredAccess, bool bInheritHandle, int dwProcessId);
[DllImport("User32.dll ")]
public static extern System.IntPtr FindWindowEx(System.IntPtr parent, System.IntPtr childe, string strclass, string strname);
[DllImport("user32.dll")]
public static extern uint GetWindowThreadProcessId(IntPtr hwnd, out int pid);
[DllImport("Kernel32")]
public static extern int GetProcAddress(int handle, String funcname);
[DllImport("kernel32", EntryPoint = "GetModuleHandle")]
public static extern int GetModuleHandle(string lpModuleName);
[DllImport("kernel32", EntryPoint = "WriteProcessMemory")]
public static extern int WriteProcessMemory(uint hwnd, UInt32 baseaddress, int lpBuffer, int nsize, int filewriten);
static void Main(string[] args)
{
#region 测试
unsafe
{
Console.WriteLine("----------Press Any Key To Start----------");
Console.ReadKey();
Console.WriteLine("开始");
const uint PROCESS_ALL_ACCESS = 0x1F0FFF; //定义权限
//const uint PROCESS_VM_READ = 0x0010;
//const uint PROCESS_VM_WRITE = 0x0020;
//string winName = "计算器";
string winName = "无标题 - 记事本";
IntPtr hwnd = FindWindowEx(System.IntPtr.Zero, System.IntPtr.Zero, null, winName); // 取句柄
int pid;
uint dwProcessId = GetWindowThreadProcessId(hwnd, out pid); // 取进程ID
uint hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, pid); // 打开进程
Console.WriteLine("Pid={0}, Hwnd={1},hProcess={2}", pid.ToString(), hwnd, hProcess);
if (hProcess > 0)
{
UInt16 ModiCode = 0xEB;
UInt32 MutexAAdd = (UInt32)GetProcAddress(GetModuleHandle("Kernel32.dll"), "CreateMutexA") + 13;
WriteProcessMemory(hProcess, (UInt32)MutexAAdd, (int)&ModiCode, System.Runtime.InteropServices.Marshal.SizeOf(ModiCode), 0);
Console.WriteLine("MutexAAdd={0}", MutexAAdd);
}
else
{
Console.WriteLine("打开失败,hProcess <=0, hProcess={0}", hProcess);
}
hProcess = 0;
Console.WriteLine("Press any key to end");
Console.ReadKey();
}
#endregion
}
}
}
uint hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, dwProcessId); // 打开进程
Console.WriteLine(GetLastError());