void MyGetListViewItem(HWND hWindow,TStrings *strlist)
{
const nMaxLen=1023;
char szBuf[nMaxLen+1]; int nLVItemCount;
DWORD dwProcessID;
HANDLE hProcess;
LVITEM lvItemLocal;
DWORD dwBytesRead, dwBytesWrite;
bool bSuccess,bWriteOK; //注意:本文来自www.ccrun.com,by ccrun(老妖),转载请注明出处。
//为防止某些不负责任的转载者,故出此下策,在代码中加入声明,请大家原谅。 GetWindowThreadProcessId(hWindow,&dwProcessID);
hProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcessID);
if(!hProcess) //得不到指定进程的句柄
return;
//在指定进程内分配存储空间
LPVOID lpTextRemote=VirtualAllocEx(hProcess,NULL,nMaxLen+1,MEM_COMMIT,PAGE_READWRITE);
LPVOID lpListItemRemote=VirtualAllocEx(hProcess,NULL,sizeof(LVITEM),MEM_COMMIT,PAGE_READWRITE);
if((!lpTextRemote) || (!lpListItemRemote)) //不能在指定进程内分配存储空间
return; nLVItemCount=ListView_GetItemCount(hWindow);
strlist->Add("Welcome to www.ccrun.com");
strlist->Add("ListView的Item总数: " + String(nLVItemCount));
strlist->Add("---------------------------"); for(int i=0;i<nLVItemCount;i++)
{
ZeroMemory(szBuf,nMaxLen+1);
bWriteOK= WriteProcessMemory(hProcess,lpTextRemote,(LPVOID)szBuf,nMaxLen+1,(LPDWORD)&dwBytesWrite);
if(!bWriteOK) //写内存错误
return;
lvItemLocal.iItem=i;
lvItemLocal.iSubItem=0;
lvItemLocal.mask=LVIF_TEXT;
lvItemLocal.cchTextMax=nMaxLen;
lvItemLocal.pszText=(LPTSTR)lpTextRemote;
dwBytesWrite=0;
bWriteOK=WriteProcessMemory(hProcess,lpListItemRemote,(LPVOID)&lvItemLocal,sizeof(LVITEM),(LPDWORD)&dwBytesWrite);
if(!bWriteOK) //写内存错误
return; SendMessage(hWindow,LVM_GETITEMTEXT,(WPARAM)i,(LPARAM)lpListItemRemote);
bSuccess=ReadProcessMemory(hProcess,lpTextRemote,szBuf,nMaxLen+1,&dwBytesRead);
//从指定进程存储空间读取文本
if(!bSuccess) //不能在指定进程内读取文本
return;
strlist->Add(AnsiString(szBuf));
}//end of for(i)
//在指定进程内释放存储空间
VirtualFreeEx(hProcess,lpListItemRemote,0,MEM_RELEASE);
VirtualFreeEx(hProcess,lpTextRemote,0,MEM_RELEASE);
//关闭指定进程句柄
CloseHandle(hProcess);
}
{
const nMaxLen=1023;
char szBuf[nMaxLen+1]; int nLVItemCount;
DWORD dwProcessID;
HANDLE hProcess;
LVITEM lvItemLocal;
DWORD dwBytesRead, dwBytesWrite;
bool bSuccess,bWriteOK; //注意:本文来自www.ccrun.com,by ccrun(老妖),转载请注明出处。
//为防止某些不负责任的转载者,故出此下策,在代码中加入声明,请大家原谅。 GetWindowThreadProcessId(hWindow,&dwProcessID);
hProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcessID);
if(!hProcess) //得不到指定进程的句柄
return;
//在指定进程内分配存储空间
LPVOID lpTextRemote=VirtualAllocEx(hProcess,NULL,nMaxLen+1,MEM_COMMIT,PAGE_READWRITE);
LPVOID lpListItemRemote=VirtualAllocEx(hProcess,NULL,sizeof(LVITEM),MEM_COMMIT,PAGE_READWRITE);
if((!lpTextRemote) || (!lpListItemRemote)) //不能在指定进程内分配存储空间
return; nLVItemCount=ListView_GetItemCount(hWindow);
strlist->Add("Welcome to www.ccrun.com");
strlist->Add("ListView的Item总数: " + String(nLVItemCount));
strlist->Add("---------------------------"); for(int i=0;i<nLVItemCount;i++)
{
ZeroMemory(szBuf,nMaxLen+1);
bWriteOK= WriteProcessMemory(hProcess,lpTextRemote,(LPVOID)szBuf,nMaxLen+1,(LPDWORD)&dwBytesWrite);
if(!bWriteOK) //写内存错误
return;
lvItemLocal.iItem=i;
lvItemLocal.iSubItem=0;
lvItemLocal.mask=LVIF_TEXT;
lvItemLocal.cchTextMax=nMaxLen;
lvItemLocal.pszText=(LPTSTR)lpTextRemote;
dwBytesWrite=0;
bWriteOK=WriteProcessMemory(hProcess,lpListItemRemote,(LPVOID)&lvItemLocal,sizeof(LVITEM),(LPDWORD)&dwBytesWrite);
if(!bWriteOK) //写内存错误
return; SendMessage(hWindow,LVM_GETITEMTEXT,(WPARAM)i,(LPARAM)lpListItemRemote);
bSuccess=ReadProcessMemory(hProcess,lpTextRemote,szBuf,nMaxLen+1,&dwBytesRead);
//从指定进程存储空间读取文本
if(!bSuccess) //不能在指定进程内读取文本
return;
strlist->Add(AnsiString(szBuf));
}//end of for(i)
//在指定进程内释放存储空间
VirtualFreeEx(hProcess,lpListItemRemote,0,MEM_RELEASE);
VirtualFreeEx(hProcess,lpTextRemote,0,MEM_RELEASE);
//关闭指定进程句柄
CloseHandle(hProcess);
}
Dim mhwnd As Long
mhwnd = 525298 '这是我的句柄 ^_^
Dim i As Long, s As String
Dim dwProcessId As Long, hProcess As Long
Dim dwBytesRead As Long, dwBytesWrite As Long
Dim bSuccess As Long
Call GetWindowThreadProcessId(mhwnd, dwProcessId)
Dim lpListItemRemote As Long, lpTextRemote As Long
Dim nMaxLen As Long
nMaxLen = 1023
Dim szBuf() As Byte
ReDim szBuf(nMaxLen)
Dim lvItemLocal As LV_ITEM
Dim bWriteOK As Long
'*************** 第几项
Dim lItemIndex As Long
lItemIndex = 0
'*************** 第几项
'*************** 最后返回文本
Dim sItemText As String
'*************** 最后返回文本
hProcess = OpenProcess(PROCESS_VM_OPERATION Or PROCESS_VM_READ Or PROCESS_VM_WRITE, 0&, dwProcessId)
If hProcess <> 0 Then
lpTextRemote = VirtualAllocEx(ByVal hProcess, ByVal 0&, nMaxLen + 1, MEM_COMMIT, PAGE_READWRITE)
lpListItemRemote = VirtualAllocEx(ByVal hProcess, ByVal 0&, Len(lvItemLocal), MEM_COMMIT, PAGE_READWRITE)
bWriteOK = WriteProcessMemory(ByVal hProcess, ByVal lpTextRemote, szBuf(0), nMaxLen + 1, dwBytesWrite)
lvItemLocal.iItem = 2
'lvItemLocal.iSubItem = 0
lvItemLocal.mask = LVIF_TEXT
lvItemLocal.cchTextMax = nMaxLen
'*************** lvItemLocal.pszText = VarPtr(lpTextRemote)
lvItemLocal.pszText = lpTextRemote
dwBytesWrite = 0
bWriteOK = WriteProcessMemory(ByVal hProcess, ByVal lpListItemRemote, ByVal VarPtr(lvItemLocal), Len(lvItemLocal), dwBytesWrite)
i = SendMessage(mhwnd, LVM_GETITEMTEXT, 2, ByVal lpListItemRemote)
bSuccess = ReadProcessMemory(ByVal hProcess, ByVal lpTextRemote, szBuf(0), nMaxLen + 1, dwBytesRead)
MsgBox i '字串长度
MsgBox bSuccess
MsgBox dwBytesRead
'这里有问题,问题是所有的函数都执行成功了,但是就是无法正确取得字串
'现在头很晕,实在想不明白问题出在哪里,等我想到了,再告诉你
'*************** Call VirtualFreeEx(hProcess, lpListItemRemote, 0, MEM_RELEASE)
Call VirtualFreeEx(hProcess, ByVal lpListItemRemote, 0, MEM_DECOMMIT)
'*************** Call VirtualFreeEx(hProcess, lpTextRemote, 0, MEM_RELEASE)
Call VirtualFreeEx(hProcess, ByVal lpListItemRemote, 0, MEM_DECOMMIT)
End If
CloseHandle hProcess
'*************** 显示结果
sItemText = StrConv(LeftB(szBuf, InStrB(szBuf, ChrB(0))), vbUnicode)
Debug.Print sItemText
'*************** 显示结果
End Sub
...
'*************** lvItemLocal.iItem = 2
lvItemLocal.iItem = lItemIndex
...
'*************** i = SendMessage(mhwnd, LVM_GETITEMTEXT, 2, ByVal lpListItemRemote)
i = SendMessage(mhwnd, LVM_GETITEMTEXT, lItemIndex, ByVal lpListItemRemote)
Call VirtualFreeEx(hProcess, ByVal lpListItemRemote, 0, MEM_DECOMMIT)
里的
lpListItemRemote要改成lpTextRemote