本帖最后由 老刘1号 于 2020-4-12 12:20 编辑
老刘制作——进程内存读取工具
用法:
ReadProcessMemory <ProcessID> <BaseAddress> <Long>
ProcessID 指定需读取进程的PID
BaseAddress 指定需读取进程内读取数据的起始地址
Long 指定需读取进程内读取数据的长度(Byte)
相关作品:http://www.bathome.net/thread-45155-1-1.html | Option Explicit | | Imports System | | Module ReadProcessMemory | | Public Class ReadProcessMemory_Main | | Public Shared Sub Main(ByVal cmdArgs() As String) | | Const PROCESS_ALL_ACCESS As Long = &H1F0FFF | | If CmdArgs.Length = 3 Then | | If IsNumeric(cmdArgs(0)) And IsNumeric(cmdArgs(1)) And IsNumeric(cmdArgs(2)) Then | | Dim ProcessHandle,BytesLong,ReturnValue,Conter As Long | | Dim Bytes(Clng(cmdArgs(2))) As Byte | | ProcessHandle = WinAPI.OpenProcess(PROCESS_ALL_ACCESS,False,Clng(CmdArgs(0))) | | ReturnValue = WinAPI.ReadProcessMemory(ProcessHandle,Clng(CmdArgs(1)),Bytes,Clng(CmdArgs(2)),BytesLong) | | If ReturnValue = 1 Then | | For Conter = 0 To BytesLong - 1 | | Console.Write(Right("0" & Hex(Bytes(Conter)),2)&Chr(&H20)) | | Next | | Console.WriteLine() | | Else | | Console.WriteLine("读取失败!") | | End If | | Else | | Console.WriteLine("输入的值不合法!") | | End If | | Else | | Console.WriteLine("老刘制作——进程内存读取工具") | | Console.WriteLine("用法:") | | Console.WriteLine(" ReadProcessMemory <ProcessID> <BaseAddress> <Long>") | | Console.WriteLine(" ProcessID 指定需读取进程的PID") | | Console.WriteLine(" BaseAddress 指定需读取进程内读取数据的起始地址") | | Console.WriteLine(" Long 指定需读取进程内读取数据的长度(Byte)") | | End If | | End Sub | | End Class | | Public Class WinAPI | | Declare Function OpenProcess Lib "KERNEL32" ( _ | | ByVal dwDesiredAccess As Long, _ | | ByVal bInheritHandle As Long, _ | | ByVal dwProcessId As Long ) _ | | As Long | | Declare Function ReadProcessMemory Lib "KERNEL32" ( _ | | ByVal hProcess As Long, _ | | ByVal lpBaseAddress As Long, _ | | lpBuffer As Byte(), _ | | ByVal nSize As Long, _ | | ByRef lpNumberOfBytesRead As Long) _ | | As Long | | End Class | | End ModuleCOPY |
| 
发表于 2017-8-24 20:15
| 
发表于 2017-8-25 10:19
| 
