VB读取线程、句柄及写入内存的API代码实例
本文所述实例为VB读取内存、线程及句柄的一个API,对涉及系统底层操作的VB编程有一定的帮助,需要的读者可以参考使用。这个API可获取到线程ID,写内存,包括进程句柄,ByVal内存区地址,数据,总长度,已经完成长度,读取进程,包括进程句柄,ByVal内存区地址,读取来的数据存放处,要读取的长度,已经读取的长度,内存分配(进程柄,地址[好像只要丢个0进去就行],长度,权限1[MEM_COMMIT],权限2[PAGE_READWRITE])返回:分配到的内存起始地址等功能。
具体实现代码如下:
AttributeVB_Name="API" OptionExplicit PublicDeclareFunctionGetDesktopWindowLib"User32.DLL"()AsLong PublicDeclareFunctionFindWindowLib"User32.DLL"Alias"FindWindowA"(ByValClassNameAsString,ByValCaptionAsString)AsLong PublicDeclareFunctionGetWindowLib"User32.DLL"(ByValhwndAsLong,ByValwCmdAsLong)AsLong PublicDeclareFunctionGetWindowTextLib"User32.DLL"Alias"GetWindowTextA"(ByValhwndAsLong,ByVallpStringAsString,ByValcchAsLong)AsLong PublicConstGW_CHILD=(5) PublicConstGW_HWNDNEXT=(2) PublicDeclareFunctionGetWindowThreadProcessIdLib"User32.DLL"(ByValhwndAsLong,ProcessIdAsLong)AsLong '取找线程ID(句柄,返回的线程ID) PublicDeclareFunctionOpenProcessLib"Kernel32.DLL"(ByVal操作权限AsLong,ByVal继承句柄AsLong,ByVal线程IDAsLong)AsLong PublicDeclareFunctionReadProcessMemoryLib"Kernel32.DLL"(ByVal进程柄AsLong,ByVal内存位置AsLong,缓冲区AsAny,ByVal长度AsLong,lpNumberOfBytesWrittenAsLong)AsLong '读取进程(进程句柄,ByVal内存区地址,读取来的数据存放处,要读取的长度,已经读取的长度[0]) PublicDeclareFunctionWriteProcessMemoryLib"Kernel32.DLL"(ByVal进程柄AsLong,内存位置AsAny,缓冲区AsAny,ByVal长度AsLong,lpNumberOfBytesWrittenAsLong)AsLong '写内存(进程句柄,ByVal内存区地址,数据,总长度,已经完成长度[0]) PublicDeclareFunctionCloseHandleLib"Kernel32.DLL"(ByVal进程柄AsLong)AsLong '释放(进程句柄)'不释放会出错 PublicConstSTANDARD_RIGHTS_REQUIRED=&HF0000 PublicConstSYNCHRONIZE=&H100000 PublicConstRRAD_WRITE=&H1F0FFF PublicConstPROCESS_VM_OPERATION=&H8& PublicConst读取=&H10& PublicConst写入=&H20& '---------变量转换API PublicDeclareSubMOVLib"Kernel32.DLL"Alias"RtlMoveMemory"(变量1AsAny,变量2AsAny,ByVal长度AsLong) '---------内存保护分配释放 PublicDeclareFunctionVPELib"Kernel32.DLL"Alias"VirtualProtectEx"(ByVal进程柄AsLong,地址AsAny,ByVal长度AsLong,ByValflNewProtectAsLong,lpflOldProtectAsLong)AsLong PublicDeclareFunctionVAELib"Kernel32.DLL"Alias"VirtualAllocEx"(ByVal进程柄AsLong,ByVal地址AsLong,ByVal长度AsLong,ByValflAllocationTypeAsLong,ByValflProtectAsLong)AsLong '内存分配(进程柄,地址[好像只要丢个0进去就行],长度,权限1[MEM_COMMIT],权限2[PAGE_READWRITE])返回:分配到的内存起始地址 PublicDeclareFunctionVFELib"Kernel32.DLL"Alias"VirtualFreeEx"(ByVal进程柄AsLong,ByVal地址AsLong,ByVal长度AsLong,ByVal释放类型AsLong)AsLong PublicConstMEM_COMMIT=&H1000 PublicConstPAGE_READWRITE=&H4 PublicConstSTILL_ACTIVE=&H103& PublicConstINFINITE=&HFFFF '---------取模块函数位置API PublicDeclareFunctionGetModuleHandleLib"Kernel32.DLL"Alias"GetModuleHandleA"(ByValModuleNameAsString)AsLong PublicDeclareFunctionLoadLibraryLib"Kernel32.DLL"Alias"LoadLibraryA"(ByValModuleNameAsString)AsLong PublicDeclareFunctionGetProcAddressLib"Kernel32.DLL"(ByValhModuleAsLong,ByValProcNameAsString)AsLong PublicDeclareFunctionCreateRemoteThreadLib"Kernel32.DLL"(ByVal进程柄AsLong,lpThreadAttributesAsAny,ByValdwStackSizeAsLong,ByVallpStartAddressAsLong,lpParameterAsAny,ByValdwCreationFlagsAsLong,lpThreadIDAsLong)AsLong PublicDeclareFunctionGetTickCountLib"kernel32"()AsLong