进程内存写入工具-WriteProcessMemory
[i=s] 本帖最后由 老刘1号 于 2017-9-10 08:33 编辑 [/i][quote]老刘制作——进程内存写入工具
用法:
WriteProcessMemory <ProcessID> <BaseAddress> <HEX> ...
ProcessID 指定需写入进程的PID
BaseAddress 指定需写入进程内数据的起始地址
HEXs 需写入的数据(至少一个,数值范围:0~255)
提示:
传入数据时,十六进制请用"&H"前缀表示[/quote]
姊妹工具:[url=http://www.bathome.net/thread-45156-1-1.html]http://www.bathome.net/thread-45156-1-1.html[/url][code]Option Explicit
Module WriteProcessMemory
Public Class WriteProcessMemory_Main
Public Shared Sub Main(ByVal cmdArgs() As String)
Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
Const PAGE_EXECUTE_READWRITE As Long = &H40
If CmdArgs.Length > 2 Then
If IsNumeric(cmdArgs(0)) And IsNumeric(cmdArgs(1)) Then
Dim ProcessHandle,OldProtect,ReturnValue(2),Conter(1) As Long
Dim Bytes() As Byte
Conter(1) = 0
Rem 获取HEXs并生成数组
For Conter(0) = 2 to CmdArgs.Length - 1
If IsNumeric(CmdArgs(Conter(0))) Then
If CLng(CmdArgs(Conter(0))) >= 0 And _
CLng(CmdArgs(Conter(0))) <= &HFF Then
ReDim Preserve Bytes(Conter(1))
Bytes(Conter(1)) = CByte(CmdArgs(Conter(0)))
Conter(1) = Conter(1) + 1
End If
End If
Next
Rem 以最高权限附加到目标进程
ProcessHandle = Win32.OpenProcess( _
PROCESS_ALL_ACCESS, _
False, _
Clng(CmdArgs(0)))
Rem 更改内存属性为读+写+执行
ReturnValue(0) = Win32.VirtualProtectEx( _
ProcessHandle, _
Clng(CmdArgs(1)), _
Conter(1), _
PAGE_EXECUTE_READWRITE, _
OldProtect)
Rem 写入数据
ReturnValue(1) = Win32.WriteProcessMemory( _
ProcessHandle, _
Clng(CmdArgs(1)), _
Bytes,Conter(1),0)
If ReturnValue(1) <> 1 Then
Console.WriteLine("写入失败!")
End If
If ReturnValue(0) <> 0 Then
Rem 还原内存属性
ReturnValue(2) = Win32.VirtualProtectEx( _
ProcessHandle, _
Clng(CmdArgs(1)), _
Conter(1), _
OldProtect,0)
End If
Else
Console.WriteLine("输入的值不合法!")
End If
Else
Console.WriteLine("老刘制作——进程内存写入工具")
Console.WriteLine()
Console.WriteLine("用法:")
Console.WriteLine(" WriteProcessMemory <ProcessID> <BaseAddress> <HEX> ...")
Console.WriteLine(" ProcessID 指定需写入进程的PID")
Console.WriteLine(" BaseAddress 指定需写入进程内数据的起始地址")
Console.WriteLine(" HEXs 需写入的数据(至少一个,数值范围:0~255)")
Console.WriteLine()
Console.WriteLine("提示:")
Console.WriteLine("传入数据时,十六进制请用""&H""前缀表示")
End If
End Sub
End Class
Public Class Win32
Declare Function OpenProcess Lib "KERNEL32" ( _
ByVal dwDesiredAccess As Long, _
ByVal bInheritHandle As Long, _
ByVal dwProcessId As Long ) _
As Long
Declare Function WriteProcessMemory Lib "KERNEL32" ( _
ByVal hProcess As Long, _
ByVal lpBaseAddress As Long, _
ByVal lpBuffer As Byte(), _
ByVal nSize As Long, _
ByRef lpNumberOfBytesWritten As Long) _
As Long
Declare Function VirtualProtectEx Lib "KERNEL32" ( _
ByVal hProcess As Long, _
ByVal lpAddress As Long, _
ByVal dwSize As Long, _
ByVal flNewProtect As Long, _
ByRef lpflOldProtect As Long) _
As Long
End Class
End Module[/code][attach]10854[/attach] [b]回复 [url=http://www.bathome.net/redirect.php?goto=findpost&pid=202893&ptid=45361]1#[/url] [i]老刘1号[/i] [/b]
不错,好工具,你的体积越来越小了,也做到了几KB。可以用来游戏作弊了。 [b]回复 [url=http://www.bathome.net/redirect.php?goto=findpost&pid=202920&ptid=45361]2#[/url] [i]happy886rr[/i] [/b]
感谢支持
哈哈,表面看来是几kb,其实windows自带着几G的运行库
游戏修改的话
水果忍者红叉修改
[img]http://odiyqfo1k.bkt.clouddn.com/o_1bpm2qn9535n1abq1bsb1rvk6pda.gif[/img]
植物大战僵尸,NOP掉种植物时的阳光耗费机制
[img]http://odiyqfo1k.bkt.clouddn.com/o_1bpm31d521nia1ask19fh1jm61jfhc.gif[/img]
页:
[1]