VB读写进程的内存

Posted 一个码农的蹉跎岁月

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了VB读写进程的内存相关的知识,希望对你有一定的参考价值。

在窗体部分简单测试了ReadProcessMemory和WriteProcessMemory对另一个程序进程的读写,确实管用.

由于临时项目变动,又不需要了,所以直接封类,删工程.以下代码没有一个函数经过测试,编译都没有进行...

Option Explicit
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Const PROCESS_ALL_ACCESS = &H1F0FFF
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal dwProcess As Long, lpBaseAddress As Any, lpbuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal dwProcess As Long, lpBaseAddress As Any, lpbuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Dim dwProc As Long
Dim dwPid As Long
设置进程
Public Function SetProcess(Pid As Long)
    Call Terminate
    dwProc = OpenProcess(PROCESS_ALL_ACCESS, False, Pid)
    dwPid = Pid
End Function
读取,分别对应 字节组,十六进制和整数
Private Function ReadMemoryA(Addr As Long, Size As Long) As Byte()
    If Size < 1 Then Exit Function
    Dim Ret As Boolean, buf() As Byte
    ReDim buf(Size - 1) As Byte
    Ret = ReadProcessMemory(dwProc, ByVal Addr, buf(0), Size, 0)
    If Ret Then ReadMemory = buf
End Function
Private Function ReadMemoryH(Addr As Long, Size As Long) As String
    If Size < 1 Then Exit Function
    Dim Ret As Boolean, buf() As Byte
    ReDim buf(Size - 1) As Byte
    Ret = ReadProcessMemory(dwProc, ByVal Addr, buf(0), Size, 0)
    If Ret Then
        Dim i As Long
        For i = 0 To UBound(buf)
            If buf(i) > 15 Then
                ReadMemoryH = ReadMemoryH & Hex(buf(i)) & " "
            Else
                ReadMemoryH = ReadMemoryH & "0" & Hex(buf(i)) & " "
            End If
        Next
    End If
End Function
Private Function ReadMemoryL(Addr As Long) As Long
    If Size < 1 Then Exit Function
    Dim Ret As Boolean, L As Long
    ReadProcessMemory dwProc, ByVal Addr, L, 4, 0
    ReadMemoryL = L
End Function
写入,分别对应 单字节,字节组,和整数
Private Function WriteMemory(Addr As Long, buf As Byte)
    WriteProcessMemory dwProc, ByVal Addr, buf, 1, 0&
End Function
Private Function WriteMemoryA(Addr As Long, buf() As Byte)
    WriteProcessMemory dwProc, ByVal Addr, buf(0), UBound(buf) + 1, 0&
End Function
Private Function WriteMemoryL(Addr As Long, L As Long)
    WriteProcessMemory dwProc, ByVal Addr, L, 4, 0&
End Function
销毁资源占用
Private Sub Terminate()
    If dwPid <> 0 Then CloseHandle dwPid
    If dwProc <> 0 Then CloseHandle dwProc
End Sub
Private Sub Class_Terminate()
    Call Terminate
End Sub

 

以上是关于VB读写进程的内存的主要内容,如果未能解决你的问题,请参考以下文章

Android 逆向代码调试器开发 ( 代码调试器功能简介 | 设置断点 | 读写内存 | 读写寄存器 | 恢复运行 | Attach 进程 )

读写锁 与 互斥锁

互斥与同步

进程间通信

强制读写进程的内存

vb读写ini文件