请问大家 如果读取其他进程中指定内存地址中的字符串?(是字符串,非16进制数值)
有知道的能说一下吗?急用谢谢大家了。
或者有相关文章的话 麻烦也提供一下。
有知道的能说一下吗?急用谢谢大家了。
或者有相关文章的话 麻烦也提供一下。
解决方案 »
- 怎么把生成的文本自动生成到指定文件夹内???
- 急!在一段程序中要通过find方法查找一条记录,其中关键字是一个字符串量,我在程序中这样写:
- 菜五子棋,帮我,谢谢!!!
- Call Fun(arr(), n)是什么意思?
- 请教用wise installation打包后碰到的运行错误问题?急!!
- win2000中如何得到当前打印机所支持的纸张类型列表,及其对应的PaperSize值?
- 怎样能得到字符的宽度?
- 关于数据库
- 我用水晶报表生成了一个TXT文件,当字段内容有两行时,为什么生成的TXT文件里只有字段第一行的内容?如何解决?(急急急,在线等待,提示�
- 关于窗体的action事件的问题!
- 请教这段程序怎么样将内存中的数据还原成中文
- SourceTo 1.1出来了!!!好用的源代码转换工具,完全开放源代码!!!
模块:
Option Explicit'查找窗体写内存等
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As LongPrivate Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As LongPrivate Const STANDARD_RIGHTS_REQUIRED = &HF0000
Private Const SYNCHRONIZE = &H100000
Private Const SPECIFIC_RIGHTS_ALL = &HFFFF
Private Const STANDARD_RIGHTS_ALL = &H1F0000
Private Const PROCESS_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF
Private Const PROCESS_VM_OPERATION = &H8&
Private Const PROCESS_VM_READ = &H10&
Private Const PROCESS_VM_WRITE = &H20&Public GamePid As Long ' 储存进程标识符( Process Id )
'获取内存内容
Public Function GetData(ByVal lppid As Long, ByVal lpADDress As Long, SaveData() As Byte, Optional ByVal dtLen As Long = 4)
Dim pHandle As Long ' 储存进程句柄
' 使用进程标识符取得进程句柄
pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, lppid)
' 在内存地址中读取数据
ReadProcessMemory pHandle, ByVal lpADDress, ByVal VarPtr(SaveData(0)), dtLen, 0&
' 关闭进程句柄
CloseHandle pHandle
End FunctionPublic Function GetPid() As Long
' 取得进程标识符
GetWindowThreadProcessId Form1.hwnd, GetPid
End Function窗体:
Option ExplicitPrivate Sub Command1_Click()
'On Error GoTo m_ErrDim SaveArr() As Byte
Dim sLen As Long
GamePid = GetPid'也可以用FINDWINDOW:
'("ThunderRT6FormDC", "Form1")
'("工程1", "工程1")也可以'获取
'读字符串个数长度
sLen = LenB(Text1.Text)ReDim SaveArr(sLen)GetData GamePid, &HD00AE8, SaveArr(), sLenMe.Caption = "读入成功"Dim i
For i = 0 To sLen - 1
Print SaveArr(i)
NextText2.Text = StrConv(SaveArr, vbUnicode)Exit Sub'm_Err:
'MsgBox "err:" & Err.DescriptionEnd Sub什么也不要动,编译它,然后运行,点“读”,可以看到TEXT2的内容变为TEXT1,详细代码自己看吧,根据前几天写的红色警戒5项属性修改器改的,可能有点乱。
模块
Attribute VB_Name = "Module1"
Option Explicit'查找窗体写内存等
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As LongPrivate Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As LongPrivate Const STANDARD_RIGHTS_REQUIRED = &HF0000
Private Const SYNCHRONIZE = &H100000
Private Const SPECIFIC_RIGHTS_ALL = &HFFFF
Private Const STANDARD_RIGHTS_ALL = &H1F0000
Private Const PROCESS_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF
Private Const PROCESS_VM_OPERATION = &H8&
Private Const PROCESS_VM_READ = &H10&
Private Const PROCESS_VM_WRITE = &H20&Public GamePid As Long ' 储存进程标识符( Process Id )
'获取内存内容
Public Function GetData(ByVal lppid As Long, ByVal lpADDress As Long, SaveData() As Byte, Optional ByVal dtLen As Long = 4)
Dim pHandle As Long ' 储存进程句柄
' 使用进程标识符取得进程句柄
pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, lppid)
' 在内存地址中读取数据
ReadProcessMemory pHandle, ByVal lpADDress, ByVal VarPtr(SaveData(0)), dtLen, 0&
' 关闭进程句柄
CloseHandle pHandle
End FunctionPublic Function GetPid() As Long
' 取得进程标识符
GetWindowThreadProcessId Form1.hwnd, GetPid
End Function窗体:
VERSION 5.00
Begin VB.Form Form1
AutoRedraw = -1 'True
BorderStyle = 3 'Fixed Dialog
Caption = "Form1"
ClientHeight = 1065
ClientLeft = 45
ClientTop = 330
ClientWidth = 3960
LinkTopic = "侠义道补药"
MaxButton = 0 'False
MinButton = 0 'False
ScaleHeight = 1065
ScaleWidth = 3960
ShowInTaskbar = 0 'False
StartUpPosition = 3 '窗口缺省
Begin VB.TextBox Text2
Height = 390
Left = 1200
TabIndex = 2
Text = "Text2"
Top = 585
Width = 2655
End
Begin VB.TextBox Text1
Height = 375
Left = 360
TabIndex = 1
Text = "Text1"
Top = 120
Width = 3495
End
Begin VB.CommandButton Command1
Caption = "读"
Height = 375
Left = 360
TabIndex = 0
Top = 600
Width = 735
End
End
Attribute VB_Name = "Form1"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Option ExplicitPrivate Sub Command1_Click()
'On Error GoTo m_ErrDim SaveArr() As Byte
Dim sLen As Long
GamePid = GetPid'也可以用FINDWINDOW:
'("ThunderRT6FormDC", "Form1")
'("工程1", "工程1")也可以'获取
'读字符串个数长度
sLen = LenB(Text1.Text)ReDim SaveArr(sLen)GetData GamePid, &HD00AE8, SaveArr(), sLenMe.Caption = "读入成功"Dim i
For i = 0 To sLen - 1
Print SaveArr(i)
NextText2.Text = StrConv(SaveArr, vbUnicode)Exit Sub'm_Err:
'MsgBox "err:" & Err.DescriptionEnd Sub工程:
Type=Exe
Form=Form1.frm
Reference=*\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\WINDOWS\System32\stdole2.tlb#OLE Automation
Module=Module1; Module1.bas
IconForm="Form1"
Startup="Form1"
HelpFile=""
Title="工程1"
ExeName32="工程1.exe"
Command32=""
Name="工程1"
HelpContextID="0"
CompatibleMode="0"
MajorVer=1
MinorVer=0
RevisionVer=0
AutoIncrementVer=0
ServerSupportFiles=0
VersionCompanyName="YY"
CompilationType=0
OptimizationType=0
FavorPentiumPro(tm)=0
CodeViewDebugInfo=0
NoAliasing=0
BoundsCheck=0
OverflowCheck=0
FlPointCheck=0
FDIVCheck=0
UnroundedFP=0
StartMode=0
Unattended=0
Retained=0
ThreadPerObject=0
MaxNumberOfThreads=1
DebugStartupOption=0[MS Transaction Server]
AutoRefresh=1
按上一个回复的试试,不行留个MAIL,给你发过去。
Private Declare Sub CopyMemory Lib "kernel32.dll" Alias "RtlMoveMemory" (ByVal Destination As String, ByRef Source As Long, ByVal Length As Long)Dim strTmp as string
strTmp=space(字符长度)
CopyMemory strTmp,[内存地址],[字符长度]
CopyMemory strTmp,ByVal [内存地址],[字符长度]
你的代码我调试了一下,其他一切还正常。
就是读取位数这里有点问题,好像无法用text1的数值来正确获取内存字符串位数。
另:有没有什么办法能直接从特定地址开始读取,一直读到“Hex(00)”后自动结束读取的?希望zcsor能明白我的意思,谢谢。:)
我代码里的内存地址吗,呵呵最近在写修改器,工具很多,这个很容易找,你用什么修改器都能找到。。
从指定地址读你就设置GATDATA里面的参数就可以了
GetData GamePid, &HD00AE8, SaveArr(), sLen
第一个参数是PID,第2个是要开始读的地址,第3个是长度,
你想读到00就终止,那可以这样做:
设置最后一个参数为1,读一个比较一次是不是0
还可以
读一定的字节,例如1024个,然后再去比较数组里面的元素。。
但是无论你用什么办法,都必须进行错误处理,内存的保护也许会造成程序运行的错误
我没实践,另外还要识别是不是到了程序的最后面,这个我在帖子里问过了,当时只是问了问PE结构,没求代码,想实现来着,呵呵不过到底还是没做,又扎到外挂里了。
CopyMemory函数:
dim SwpHandTmp(19) as byte,BuffArray(100) as byte,i as long
'初始化BuffArray数组
for i=0 to 100
BuffArray(i)=i
next
CopyMemory SwpHandTmp(0), BuffArray(10), 20
for i=0 to 19
debug.print SwpHandTmp(i)
next
以上代码可以正常运行,换为:CopyMemory ByVal VarPtr(SwpHandTmp(0)), BuffArray(10), 20试试请测试以上代码,别的我没什么好说了。
给楼主的代码只是我最近写的那个红色警戒修改器改出来的,呵呵。图方便了。代码在下载区的源码-GAME里有,我的BLOG上也有。