[DllImport("Kernel32.dll")]
private static extern bool WriteProcessMemory(IntPtr hProcess, int lpBaseAddress, int lpBuffer, int nSize, int lpNumberOfBytesWritten); [DllImport("Kernel32.dll")]
private static extern bool WriteProcessMemory(IntPtr hProcess, int lpBaseAddress, byte[] lpBuffer, int nSize, int lpNumberOfBytesWritten); [DllImport("Kernel32.dll")]
private static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);
[DllImport("Kernel32.dll")]
public static extern int VirtualAllocEx(IntPtr hProcess, int lpAddress, int dwSize, int flAllocationType, int flProtect);byte[] 代码 = new byte[] { 0xB8, 0x38, 0x72, 0x16, 0x39, 0x89, 0x45, 0x08, 0xB8, 0x00, 0x27, 0x06, 0x39, 0xFF, 0xD0, 0xB8, 0x83, 0xD1, 0x04, 0x39, 0xFF, 0xE0 };
byte[] 跳转代码 = new byte[] { 0xE9 };
private void lblOk_Click(object sender, EventArgs e)
{
Errors err = new Errors();
IntPtr hProcess = Kernel32.OpenProcess(true, process.Id);//获得进程句柄
Console.WriteLine("打开句柄:" + err.Error[Kernel32.GetLastError()] + "句柄是:" + hProcess.ToString()); int lpAddress = Kernel32.VirtualAllocEx(hProcess, 0, 1024, 4096, 64);//申请内存
Console.WriteLine("申请内存:" + err.Error[Kernel32.GetLastError()]); int lpCodeAddr = lpAddress; Kernel32.WriteByte(hProcess, lpCodeAddr, 代码);
Console.WriteLine("写代码:" + err.Error[Kernel32.GetLastError()]); Kernel32.WriteByte(hProcess, 956617086, 跳转代码);
Console.WriteLine("写跳转:" + err.Error[Kernel32.GetLastError()]); int 修改CALL地址 = lpCodeAddr - 956617086 - 5; Kernel32.WriteInt(hProcess, 956617087, 修改CALL地址);
Console.WriteLine("修改CALL:" + err.Error[Kernel32.GetLastError()]);//这里老是报无效内存地址错误 Kernel32.VirtualFreeEx(process.Handle, lpAddress, 1024, 1638);
Console.WriteLine("释放内存:" + err.Error[Kernel32.GetLastError()]);
}
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货