像这样
00502FFC |. 8B46 12 mov eax, [esi+12]
00502FFF |. A3 EC2C4F01 mov [14F2CEC], eax
我想读
14F2CEC这个地址的数值,要怎么写呢??
00502FFC |. 8B46 12 mov eax, [esi+12]
00502FFF |. A3 EC2C4F01 mov [14F2CEC], eax
我想读
14F2CEC这个地址的数值,要怎么写呢??
调试欢乐多
先定义一个 long型的变量lng,使用CopyMemory API把 14F2CEC 这个值拷贝到VarPtr(lng) 的地址,然后lng的值就是14F2CEC 地址的值
模块:
Option Explicit
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public Declare Function FindWindowEx Lib "user32" Alias "FindWindowExA" (ByVal hWnd1 As Long, ByVal hWnd2 As Long, ByVal lpsz1 As String, ByVal lpsz2 As String) As Long
Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Public Declare Function ReadProcessMemory Lib "kernel32.dll" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, ByRef lpBuffer As Any, ByVal nSize As Long, ByRef lpNumberOfBytesWritten As Long) As Long
Public Const PROCESS_ALL_ACCESS = &H1F0FFF
窗体:
Private Sub Command1_Click()
Dim h As Long
hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
If hProcess Then
ReadProcessMemory hProcess, ByVal &H14F2CEC, h, 4, 0&'读取地址14F2CEC的值
CloseHandle hProcess
End If
Text1.Text = h'将读到的值显示在Text1
End SubEnd Sub