如何把宽字符当作函数参数传递出去? 本帖最后由 aspsky31 于 2010-02-05 21:28:50 编辑 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 什么意思?typedef struct _s{ wchar_t w[20];}s; 把宽字符存在结构体里当作存数传递给函数可以吗?就像下面这个代码一样,不过下列代码传递的是数值,我是想传递宽字符typedef struct ParamData //参数结构 { long Param1; long Param2; DWORD Param3; DWORD Param4; }ParamData,*Paramp; //************************************************************************************** //函数名:InfusionFunc //功能 :封装远程注入的函数 //参数 1:进程ID //参数 2:被注入函数指针 //参数 3:参数 //参数 4:参数长度 //************************************************************************************** void InfusionFunc(DWORD dwProcId,LPVOID mFunc, LPVOID Param, DWORD ParamSize) { HANDLE hProcess;//远程句柄 LPVOID mFuncAddr;//申请函数内存地址 LPVOID ParamAddr;//申请参数内存地址 HANDLE hThread; //线程句柄 DWORD NumberOfByte; //辅助返回值 CString str; //打开被注入的进程句柄 hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcId); //申请内存 mFuncAddr = VirtualAllocEx(hProcess,NULL,128,MEM_COMMIT,PAGE_EXECUTE_READWRITE); ParamAddr = VirtualAllocEx(hProcess,NULL,ParamSize,MEM_COMMIT,PAGE_EXECUTE_READWRITE); //写内存 WriteProcessMemory(hProcess,mFuncAddr,mFunc,128, &NumberOfByte); WriteProcessMemory(hProcess,ParamAddr,Param,ParamSize, &NumberOfByte); //创建远程线程 hThread = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)mFuncAddr, ParamAddr,0,&NumberOfByte); WaitForSingleObject(hThread, INFINITE); //等待线程结束 //释放申请有内存 VirtualFreeEx(hProcess,mFuncAddr,128,MEM_RELEASE); VirtualFreeEx(hProcess,ParamAddr,ParamSize,MEM_RELEASE); //释放远程句柄 CloseHandle(hThread); CloseHandle(hProcess); } //************************************************************************************** //函数名:CallAddhp //功能 :调用加血Call //************************************************************************************** void CallAddhp () { DWORD dwAddr = 0x00452E98; _asm { pushad mov eax,dword ptr DS:[0x456D68] mov edx,0x00453028 call dwAddr popad } } //************************************************************************************** //函数名:CallAddhp //功能 :调用加法计算Call //************************************************************************************** void CallAdd(LPVOID lParam) { ParamData * lp; lp=(ParamData *)lParam; long lp1=(long)lp->Param1; long lp2=(long)lp->Param2; DWORD dwAddr = 0x45992C; _asm { pushad pushad push lp2 push lp1 mov eax,dword ptr DS:[0x461CF8] push eax call dwAddr popad } } 下面是调用实例 ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// //一例:调用无参Call void CInfusionFunDlg::OnButton4() { // TODO: Add your control notification handler code here DWORD ProcessId=NULL; HWND hWnd = ::FindWindow(NULL,"游戏找CALL练习实例one"); //窗口标题取句柄 GetWindowThreadProcessId(hWnd,&ProcessId); if(ProcessId==NULL) ::AfxMessageBox("未找到进程"); else { InfusionFunc(ProcessId,CallAddhp,NULL,NULL); } } //二例:调用有参Call void CInfusionFunDlg::OnButtonAdd() { // TODO: Add your control notification handler code here DWORD ProcessId=NULL; HWND hWnd = ::FindWindow(NULL,"F8 CALL 01"); //窗口标题取句柄 GetWindowThreadProcessId(hWnd,&ProcessId); ParamData CallParam; CallParam.Param1 = atoi(m_edit1_text); CallParam.Param2 = atoi(m_edit2_text); if(ProcessId==NULL) ::AfxMessageBox("未找到进程"); else { InfusionFunc(ProcessId,CallAdd,&CallParam,sizeof(CallParam)); } } 你写程序就没传过int型变量吗?什么宽字符,就是unsinged short而已。 帮改改错谢谢,下面是错的代码typedef struct ParamData //参数结构{ ; wchar_t* Param7;}ParamData,*Paramp;void InfusionFunc(DWORD dwProcId,LPVOID mFunc, LPVOID Param, DWORD ParamSize){ HANDLE hProcess;//远程句柄 LPVOID mFuncAddr;//申请函数内存地址 LPVOID ParamAddr;//申请参数内存地址 HANDLE hThread; //线程句柄 DWORD NumberOfByte; //辅助返回值 CString str; //打开被注入的进程句柄 hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcId); //申请内存 mFuncAddr = VirtualAllocEx(hProcess,NULL,1024,MEM_COMMIT,PAGE_EXECUTE_READWRITE); ParamAddr = VirtualAllocEx(hProcess,NULL,ParamSize,MEM_COMMIT,PAGE_EXECUTE_READWRITE); //写内存 WriteProcessMemory(hProcess,mFuncAddr,mFunc,1024, &NumberOfByte); WriteProcessMemory(hProcess,ParamAddr,Param,ParamSize, &NumberOfByte); //创建远程线程 hThread = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)mFuncAddr, ParamAddr,0,&NumberOfByte); WaitForSingleObject(hThread, INFINITE); //等待线程结束 //释放申请有内存 VirtualFreeEx(hProcess,mFuncAddr,128,MEM_RELEASE); VirtualFreeEx(hProcess,ParamAddr,ParamSize,MEM_RELEASE); //释放远程句柄 CloseHandle(hThread); CloseHandle(hProcess); }void CallSpeck(LPVOID lParam){ ParamData * lp; lp=(ParamData *)lParam; wchar_t* pa=(wchar_t*)lp->Param7; DWORD spack=0x00599FC0; _asm { pushad push pa push 0 MOV eax,DWORD PTR DS:[0x983B28] MOV eax,DWORD PTR DS:[eax+0x20] mov ecx,eax CALL spack popad } }void CDel6Dlg::OnBDll() { // TODO: Add your control notification handler code here wchar_t* w=L"函数示例";ParamData cm;InfusionFunc(m_ProcessId,CallSpeck,&cm,sizeof(cm)); } 帮改改错谢谢,下面是错的代码 typedef struct ParamData //参数结构 { ; wchar_t* Param7; }ParamData,*Paramp; void InfusionFunc(DWORD dwProcId,LPVOID mFunc, LPVOID Param, DWORD ParamSize) { HANDLE hProcess;//远程句柄 LPVOID mFuncAddr;//申请函数内存地址 LPVOID ParamAddr;//申请参数内存地址 HANDLE hThread; //线程句柄 DWORD NumberOfByte; //辅助返回值 CString str; //打开被注入的进程句柄 hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcId); //申请内存 mFuncAddr = VirtualAllocEx(hProcess,NULL,1024,MEM_COMMIT,PAGE_EXECUTE_READWRITE); ParamAddr = VirtualAllocEx(hProcess,NULL,ParamSize,MEM_COMMIT,PAGE_EXECUTE_READWRITE); //写内存 WriteProcessMemory(hProcess,mFuncAddr,mFunc,1024, &NumberOfByte); WriteProcessMemory(hProcess,ParamAddr,Param,ParamSize, &NumberOfByte); //创建远程线程 hThread = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)mFuncAddr, ParamAddr,0,&NumberOfByte); WaitForSingleObject(hThread, INFINITE); //等待线程结束 //释放申请有内存 VirtualFreeEx(hProcess,mFuncAddr,128,MEM_RELEASE); VirtualFreeEx(hProcess,ParamAddr,ParamSize,MEM_RELEASE); //释放远程句柄 CloseHandle(hThread); CloseHandle(hProcess); } void CallSpeck(LPVOID lParam) { ParamData * lp; lp=(ParamData *)lParam; wchar_t* pa=(wchar_t*)lp->Param7; DWORD spack=0x00599FC0; _asm { pushad push pa push 0 MOV eax,DWORD PTR DS:[0x983B28] MOV eax,DWORD PTR DS:[eax+0x20] mov ecx,eax CALL spack popad } } void CDel6Dlg::OnBDll() { // TODO: Add your control notification handler code here wchar_t* w=L"函数示例"; ParamData cm; (cm.Param7)=w;InfusionFunc(m_ProcessId,CallSpeck,&cm,sizeof(cm)); } 不用看代码啦!太长太多了宽字符的数据类型实质是“ULNOG”,占两个字节的无符号整数。你想怎样传就怎样传吧。 CGridCtrl改变列宽度时填充整个区域的问题 CString, unicode编码, 为何英文还是占一个字节? 求助!如何创建绘制屏幕??? 关于CPropertySheet的一个奇怪问题 关于VC的前途问题? 如何调整ActiveX控件大小? 谁能给我一个用CSocket::setsockopt的例子嘛, 如何将String Table中字串表的值改变? 如何在程序中实现同时把两个人的通话录音 我的问题还是Microsoft的问题? 如何用MFC自定义消息接受USB口来的数据? windows中原子操作加法如何返回加完之后的值?
typedef struct _s
{
wchar_t w[20];
}s;
就像下面这个代码一样,不过下列代码传递的是数值,我是想传递宽字符
typedef struct ParamData //参数结构
{
long Param1;
long Param2;
DWORD Param3;
DWORD Param4;
}ParamData,*Paramp;
//**************************************************************************************
//函数名:InfusionFunc
//功能 :封装远程注入的函数
//参数 1:进程ID
//参数 2:被注入函数指针
//参数 3:参数
//参数 4:参数长度
//**************************************************************************************
void InfusionFunc(DWORD dwProcId,LPVOID mFunc, LPVOID Param, DWORD ParamSize)
{
HANDLE hProcess;//远程句柄
LPVOID mFuncAddr;//申请函数内存地址
LPVOID ParamAddr;//申请参数内存地址
HANDLE hThread; //线程句柄
DWORD NumberOfByte; //辅助返回值
CString str;
//打开被注入的进程句柄
hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcId);
//申请内存
mFuncAddr = VirtualAllocEx(hProcess,NULL,128,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
ParamAddr = VirtualAllocEx(hProcess,NULL,ParamSize,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
//写内存
WriteProcessMemory(hProcess,mFuncAddr,mFunc,128, &NumberOfByte);
WriteProcessMemory(hProcess,ParamAddr,Param,ParamSize, &NumberOfByte);
//创建远程线程
hThread = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)mFuncAddr,
ParamAddr,0,&NumberOfByte);
WaitForSingleObject(hThread, INFINITE); //等待线程结束
//释放申请有内存
VirtualFreeEx(hProcess,mFuncAddr,128,MEM_RELEASE);
VirtualFreeEx(hProcess,ParamAddr,ParamSize,MEM_RELEASE);
//释放远程句柄
CloseHandle(hThread);
CloseHandle(hProcess);
}
//**************************************************************************************
//函数名:CallAddhp
//功能 :调用加血Call
//**************************************************************************************
void CallAddhp ()
{
DWORD dwAddr = 0x00452E98;
_asm
{
pushad
mov eax,dword ptr DS:[0x456D68]
mov edx,0x00453028
call dwAddr
popad
}
}
//**************************************************************************************
//函数名:CallAddhp
//功能 :调用加法计算Call
//**************************************************************************************
void CallAdd(LPVOID lParam)
{
ParamData * lp;
lp=(ParamData *)lParam;
long lp1=(long)lp->Param1;
long lp2=(long)lp->Param2;
DWORD dwAddr = 0x45992C;
_asm
{
pushad
pushad
push lp2
push lp1
mov eax,dword ptr DS:[0x461CF8]
push eax
call dwAddr
popad
}
}
下面是调用实例
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//一例:调用无参Call
void CInfusionFunDlg::OnButton4()
{
// TODO: Add your control notification handler code here
DWORD ProcessId=NULL;
HWND hWnd = ::FindWindow(NULL,"游戏找CALL练习实例one"); //窗口标题取句柄
GetWindowThreadProcessId(hWnd,&ProcessId);
if(ProcessId==NULL)
::AfxMessageBox("未找到进程");
else
{
InfusionFunc(ProcessId,CallAddhp,NULL,NULL);
}
}
//二例:调用有参Call
void CInfusionFunDlg::OnButtonAdd()
{
// TODO: Add your control notification handler code here
DWORD ProcessId=NULL;
HWND hWnd = ::FindWindow(NULL,"F8 CALL 01"); //窗口标题取句柄
GetWindowThreadProcessId(hWnd,&ProcessId);
ParamData CallParam;
CallParam.Param1 = atoi(m_edit1_text);
CallParam.Param2 = atoi(m_edit2_text);
if(ProcessId==NULL)
::AfxMessageBox("未找到进程");
else
{
InfusionFunc(ProcessId,CallAdd,&CallParam,sizeof(CallParam));
}
}
typedef struct ParamData //参数结构
{
;
wchar_t* Param7;
}ParamData,*Paramp;
void InfusionFunc(DWORD dwProcId,LPVOID mFunc, LPVOID Param, DWORD ParamSize)
{
HANDLE hProcess;//远程句柄
LPVOID mFuncAddr;//申请函数内存地址
LPVOID ParamAddr;//申请参数内存地址
HANDLE hThread; //线程句柄
DWORD NumberOfByte; //辅助返回值
CString str;
//打开被注入的进程句柄
hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcId);
//申请内存
mFuncAddr = VirtualAllocEx(hProcess,NULL,1024,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
ParamAddr = VirtualAllocEx(hProcess,NULL,ParamSize,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
//写内存
WriteProcessMemory(hProcess,mFuncAddr,mFunc,1024, &NumberOfByte);
WriteProcessMemory(hProcess,ParamAddr,Param,ParamSize, &NumberOfByte);
//创建远程线程
hThread = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)mFuncAddr,
ParamAddr,0,&NumberOfByte);
WaitForSingleObject(hThread, INFINITE); //等待线程结束
//释放申请有内存
VirtualFreeEx(hProcess,mFuncAddr,128,MEM_RELEASE);
VirtualFreeEx(hProcess,ParamAddr,ParamSize,MEM_RELEASE);
//释放远程句柄
CloseHandle(hThread);
CloseHandle(hProcess);
}void CallSpeck(LPVOID lParam)
{
ParamData * lp;
lp=(ParamData *)lParam;
wchar_t* pa=(wchar_t*)lp->Param7; DWORD spack=0x00599FC0;
_asm
{
pushad
push pa
push 0
MOV eax,DWORD PTR DS:[0x983B28]
MOV eax,DWORD PTR DS:[eax+0x20]
mov ecx,eax
CALL spack
popad
}
}void CDel6Dlg::OnBDll()
{
// TODO: Add your control notification handler code here
wchar_t* w=L"函数示例";
ParamData cm;InfusionFunc(m_ProcessId,CallSpeck,&cm,sizeof(cm));
}
帮改改错谢谢,下面是错的代码
typedef struct ParamData //参数结构
{
;
wchar_t* Param7;
}ParamData,*Paramp;
void InfusionFunc(DWORD dwProcId,LPVOID mFunc, LPVOID Param, DWORD ParamSize)
{
HANDLE hProcess;//远程句柄
LPVOID mFuncAddr;//申请函数内存地址
LPVOID ParamAddr;//申请参数内存地址
HANDLE hThread; //线程句柄
DWORD NumberOfByte; //辅助返回值
CString str;
//打开被注入的进程句柄
hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcId);
//申请内存
mFuncAddr = VirtualAllocEx(hProcess,NULL,1024,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
ParamAddr = VirtualAllocEx(hProcess,NULL,ParamSize,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
//写内存
WriteProcessMemory(hProcess,mFuncAddr,mFunc,1024, &NumberOfByte);
WriteProcessMemory(hProcess,ParamAddr,Param,ParamSize, &NumberOfByte);
//创建远程线程
hThread = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)mFuncAddr,
ParamAddr,0,&NumberOfByte);
WaitForSingleObject(hThread, INFINITE); //等待线程结束
//释放申请有内存
VirtualFreeEx(hProcess,mFuncAddr,128,MEM_RELEASE);
VirtualFreeEx(hProcess,ParamAddr,ParamSize,MEM_RELEASE);
//释放远程句柄
CloseHandle(hThread);
CloseHandle(hProcess); } void CallSpeck(LPVOID lParam)
{
ParamData * lp;
lp=(ParamData *)lParam;
wchar_t* pa=(wchar_t*)lp->Param7;
DWORD spack=0x00599FC0;
_asm
{
pushad
push pa
push 0
MOV eax,DWORD PTR DS:[0x983B28]
MOV eax,DWORD PTR DS:[eax+0x20]
mov ecx,eax
CALL spack popad
} }
void CDel6Dlg::OnBDll()
{
// TODO: Add your control notification handler code here
wchar_t* w=L"函数示例";
ParamData cm;
(cm.Param7)=w;
InfusionFunc(m_ProcessId,CallSpeck,&cm,sizeof(cm)); }
宽字符的数据类型实质是“ULNOG”,占两个字节的无符号整数。你想怎样传就怎样传吧。