本帖最后由 老刘1号 于 2020-4-12 12:20 编辑
老刘制作——进程内存读取工具
用法:
ReadProcessMemory <ProcessID> <BaseAddress> <Long>
ProcessID 指定需读取进程的PID
BaseAddress 指定需读取进程内读取数据的起始地址
Long 指定需读取进程内读取数据的长度(Byte)
相关作品:http://www.bathome.net/thread-45155-1-1.html- Option Explicit
- Imports System
- Module ReadProcessMemory
- Public Class ReadProcessMemory_Main
- Public Shared Sub Main(ByVal cmdArgs() As String)
- Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
- If CmdArgs.Length = 3 Then
- If IsNumeric(cmdArgs(0)) And IsNumeric(cmdArgs(1)) And IsNumeric(cmdArgs(2)) Then
- Dim ProcessHandle,BytesLong,ReturnValue,Conter As Long
- Dim Bytes(Clng(cmdArgs(2))) As Byte
- ProcessHandle = WinAPI.OpenProcess(PROCESS_ALL_ACCESS,False,Clng(CmdArgs(0)))
- ReturnValue = WinAPI.ReadProcessMemory(ProcessHandle,Clng(CmdArgs(1)),Bytes,Clng(CmdArgs(2)),BytesLong)
- If ReturnValue = 1 Then
- For Conter = 0 To BytesLong - 1
- Console.Write(Right("0" & Hex(Bytes(Conter)),2)&Chr(&H20))
- Next
- Console.WriteLine()
- Else
- Console.WriteLine("读取失败!")
- End If
- Else
- Console.WriteLine("输入的值不合法!")
- End If
- Else
- Console.WriteLine("老刘制作——进程内存读取工具")
- Console.WriteLine("用法:")
- Console.WriteLine(" ReadProcessMemory <ProcessID> <BaseAddress> <Long>")
- Console.WriteLine(" ProcessID 指定需读取进程的PID")
- Console.WriteLine(" BaseAddress 指定需读取进程内读取数据的起始地址")
- Console.WriteLine(" Long 指定需读取进程内读取数据的长度(Byte)")
- End If
- End Sub
- End Class
- Public Class WinAPI
- Declare Function OpenProcess Lib "KERNEL32" ( _
- ByVal dwDesiredAccess As Long, _
- ByVal bInheritHandle As Long, _
- ByVal dwProcessId As Long ) _
- As Long
- Declare Function ReadProcessMemory Lib "KERNEL32" ( _
- ByVal hProcess As Long, _
- ByVal lpBaseAddress As Long, _
- lpBuffer As Byte(), _
- ByVal nSize As Long, _
- ByRef lpNumberOfBytesRead As Long) _
- As Long
- End Class
- End Module
|
发表于 2017-8-24 20:15:28
发表于 2017-8-25 10:19:29