Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function ResumeThread Lib "kernel32" (ByVal hThread As Long) As Long
Private Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
Private Declare Function FindWindow Lib "User32" Alias "FindWindowA" (ByVal Classname As String, ByVal WindowName As String) As Long
Private Declare Function GetWindowThreadProcessId Lib "User32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Private Declare Function CreateProcess Lib "kernel32" Alias "CreateProcessA" (ByVal lpApplicationName As String, ByVal lpCommandLine As String, ByVal lpProcessAttributes As Long, ByVal lpThreadAttributes As Long, ByVal bInheritHandles As Long, ByVal dwCreationFlags As Long, lpEnvironment As Any, ByVal lpCurrentDirectory As String, lpStartupInfo As STARTUPINFO, lpProcessInformation As PROCESS_INFORMATION) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function GetExitCodeProcess Lib "kernel32" (ByVal hProcess As Long, lpExitCode As Long) As LongPrivate Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
Private Const CREATE_SUSPENDED = &H4
Private Const NORMAL_PRIORITY_CLASS = &H20&
Private Const INFINITE = -1&
Private Const STARTF_USEPOSITION = &H4Private Type STARTUPINFO
cb As Long
lpReserved As String
lpDesktop As String
lpTitle As String
dwX As Long
dwY As Long
dwXSize As Long
dwYSize As Long
dwXCountChars As Long
dwYCountChars As Long
dwFillAttribute As Long
dwFlags As Long
wShowWindow As Integer
cbReserved2 As Integer
lpReserved2 As Long
hStdInput As Long
hStdOutput As Long
hStdError As Long
End TypePrivate Type PROCESS_INFORMATION
hProcess As Long
hThread As Long
dwProcessId As Long
dwThreadID As Long
End TypePublic Function ExecCmd(cmdline$)
Dim proc As PROCESS_INFORMATION
Dim start As STARTUPINFO
Dim ProcessHandle As Long
Dim hwnd As Long
Dim ProcessID As Longstart.cb = Len(start)ret& = CreateProcess(vbNullString, cmdline$, 0&, 0&, False, CREATE_SUSPENDED, 0&, vbNullString, start, proc) WriteProcessMemory proc.hProcess, &H425BA7, &HEB, 1, 0&
WriteProcessMemory proc.hProcess, &H45EA67, &HEB, 1, 0&
CloseHandle ProcessHandle
ResumeThread proc.hThreadEnd FunctionPrivate Sub Start_Click()
Dim retval As Long
retval = ExecCmd("C:\Program Files\Dar2000\Dar.exe")
End Sub我打算在程序未運行前修改代碼,開啟進程後無法使用WriteProcessMemory寫入,我用工作管理員看進程只有60kb,請問如何做才可以在程序未運行前修改代碼?
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function ResumeThread Lib "kernel32" (ByVal hThread As Long) As Long
Private Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
Private Declare Function FindWindow Lib "User32" Alias "FindWindowA" (ByVal Classname As String, ByVal WindowName As String) As Long
Private Declare Function GetWindowThreadProcessId Lib "User32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Private Declare Function CreateProcess Lib "kernel32" Alias "CreateProcessA" (ByVal lpApplicationName As String, ByVal lpCommandLine As String, ByVal lpProcessAttributes As Long, ByVal lpThreadAttributes As Long, ByVal bInheritHandles As Long, ByVal dwCreationFlags As Long, lpEnvironment As Any, ByVal lpCurrentDirectory As String, lpStartupInfo As STARTUPINFO, lpProcessInformation As PROCESS_INFORMATION) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function GetExitCodeProcess Lib "kernel32" (ByVal hProcess As Long, lpExitCode As Long) As LongPrivate Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
Private Const CREATE_SUSPENDED = &H4
Private Const NORMAL_PRIORITY_CLASS = &H20&
Private Const INFINITE = -1&
Private Const STARTF_USEPOSITION = &H4Private Type STARTUPINFO
cb As Long
lpReserved As String
lpDesktop As String
lpTitle As String
dwX As Long
dwY As Long
dwXSize As Long
dwYSize As Long
dwXCountChars As Long
dwYCountChars As Long
dwFillAttribute As Long
dwFlags As Long
wShowWindow As Integer
cbReserved2 As Integer
lpReserved2 As Long
hStdInput As Long
hStdOutput As Long
hStdError As Long
End TypePrivate Type PROCESS_INFORMATION
hProcess As Long
hThread As Long
dwProcessId As Long
dwThreadID As Long
End TypePublic Function ExecCmd(cmdline$)
Dim proc As PROCESS_INFORMATION
Dim start As STARTUPINFO
Dim ProcessHandle As Long
Dim hwnd As Long
Dim ProcessID As Longstart.cb = Len(start)ret& = CreateProcess(vbNullString, cmdline$, 0&, 0&, False, CREATE_SUSPENDED, 0&, vbNullString, start, proc) WriteProcessMemory proc.hProcess, &H425BA7, &HEB, 1, 0&
WriteProcessMemory proc.hProcess, &H45EA67, &HEB, 1, 0&
CloseHandle ProcessHandle
ResumeThread proc.hThreadEnd FunctionPrivate Sub Start_Click()
Dim retval As Long
retval = ExecCmd("C:\Program Files\Dar2000\Dar.exe")
End Sub我打算在程序未運行前修改代碼,開啟進程後無法使用WriteProcessMemory寫入,我用工作管理員看進程只有60kb,請問如何做才可以在程序未運行前修改代碼?
'把石器装入内存
result = CreateProcess(file$, para$, ByVal 0, ByVal 0, True, CREATE_SUSPENDED, ByVal 0, path$, si, pi)
If result = 0 Then
MsgBox "石器启动失败!!!"
End
End If
'这处是修改石器代码, 使石器不能自动关闭外挂
Call WriteProcessMemory(pi.hProcess, ByVal &H401262, &HEB, 1, 0)
Call WriteProcessMemory(pi.hProcess, ByVal &H40C7BE, &HEB, 1, 0)
Call WriteProcessMemory(pi.hProcess, ByVal &H4131EE, &HEB, 1, 0)
Call WriteProcessMemory(pi.hProcess, ByVal &H45FFBC, &HEB, 1, 0)
Call ResumeThread(pi.hThread) '使石器运行 t = GetTickCount '读取石器句柄
Do
DoEvents
Call ReadProcessMemory(pi.hProcess, ByVal &H32EC684, saHwnd, 4, 0)
Loop Until GetTickCount - t >= 30000 Or saHwnd
If saHwnd = 0 Then
MsgBox "读取石器句柄超时!!!"
End
End If