半夜了,才来写,正在修改代码,VB6的热键截取是使用回调实现的,可.NET的写这个程序的时候还不会,不许xiào~~~~今天不是会了么~~还xiào~~~~~~~
上篇说了几个问题,这篇解决一下上篇的一些遗留问题。现说说内存读写的问题。直接帖代码了,没什么好说的。
读写进程内存主要就是用到上篇的那2个API,不过光它们还是不行滴。。还有这2个家伙:
Private Declare Function OpenProcess Lib "kernel32" ( _
ByVal Access As Int32, ByVal InheritHandle As Boolean, _
ByVal ProcessId As Int32) As Int32
Private Declare Function CloseHandle Lib "kernel32" ( _
ByVal Handle As Int32) As Boolean
万事具备了?别以为万事具备,写下去可能还有点问题。。。看代码:(包含了从标题获取进程句柄的过程)
Public Function ReadMemoryData(ByVal WindowTitle As String, ByVal Addr As Int32, ByVal Bytes() As Byte, ByVal len As Integer) As Boolean
Dim Pros() As Process = Process.GetProcesses(), pro As Process, pl As Integer
Dim psid As Integer, pop As Integer
For Each pro In Pros
If pro.MainWindowTitle = WindowTitle Then
psid = pro.Id
End If
Next
pop = OpenProcess(&H1F0FFF, True, psid)
Return ReadProcessMemory(pop, Addr, Bytes, len, pl)
CloseHandle(pop)
CloseHandle(psid)
End Function
恩恩,就是这样了,首先获取窗口标题(这里有个问题,资源管理器的取不到,可是IE却能,我靠!)并对比是不是要修改的那个窗体的,如果是,那么返回它的 ID属性,这个才是OpenProcess函数的ProcessId参数;接下来用获取的hProcess去读写内存吧~~pl参数本来是想用来设置内存读写属性的了,后来懒,没加进去,另外设置内存读写属性的代码是豆豆给出的哦~没好意思搬来就用:)
写内存的就不写了,和上面一样一样一样的!!!你把函数名ReadMemoryData换一下,例如WriteMemoryData,吧里面的ReadProcessMemory换成WriteProcessMemory就成了写的了,呵呵,他们太相似了。
下面就是这个TOKEN了。
我就直接把类帖这里,在你的代码里直接NEW它,调用ToKenPrivileges方法即可,若返回值为真,则成功调用,若为假,我没遇见过,不要怀疑下面代码。。。。哈哈
先说个问题,那就是函数声明里面,你需要注意:
凡是结构做参数,均以BYREF来声明!
另外代码里面的某些参数如果用声明的形式就未免太长了,我直接用数值代替了。
Public Class ToKen
#Region "常数及结构声明"
Private Const SE_PRIVILEGE_ENABLED As Int32 = 2
Private Const EWX_SHUTDOWN As Int32 = 1
Private Const EWX_REBOOT As Int32 = 2
Private Const EWX_LOGOFF As Int32 = 0
Private Structure LUID_AND_ATTRIBUTES
Public pLuid As LUID
Public Attributes As Integer
End Structure
Private Structure LUID
Dim LowPart As Int32
Dim HighPart As Int32
End Structure
Private Structure TOKEN_PRIVILEGES
Public PrivilegeCount As Integer
Public Privileges As LUID
Public Attributes As Int32
End Structure
#End Region
#Region "API声明"
Private Declare Function LookupPrivilegeValue Lib "advapi32.dll" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, ByRef lpLuid As LUID) As Int32
Private Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As IntPtr, ByVal DisableAllPrivileges As Int32, ByRef NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Int32, ByRef PreviousState As TOKEN_PRIVILEGES, ByRef ReturnLength As Int32) As Int32
Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As IntPtr, ByVal DesiredAccess As Integer, ByRef TokenHandle As IntPtr) As Boolean
#End Region
#Region "获取全部权限"
Public Function ToKenPrivileges() As Boolean
Dim hdlTokenHandle As Integer
Dim tmpLuid As LUID
Dim tkp As TOKEN_PRIVILEGES
Dim tkpNewButIgnored As TOKEN_PRIVILEGES
Dim lBufferNeeded As Integer
Dim currentProcess As Process = Process.GetCurrentProcess()
If OpenProcessToken(currentProcess.Handle, &HF00FF, hdlTokenHandle) Then
LookupPrivilegeValue("", "SeDebugPrivilege", tmpLuid)
tkp.PrivilegeCount = 1
tkp.Privileges = tmpLuid
tkp.Attributes = SE_PRIVILEGE_ENABLED
Return AdjustTokenPrivileges(hdlTokenHandle, False, tkp, Len(tkpNewButIgnored), tkpNewButIgnored, lBufferNeeded)
End If
End Function
#End Region
End Class
成了~~~这个代码完全是由VB6的代码改来的,一点新东西都没有,就是API声明,让我好头疼了几天啊。。想起来后怕。。
下一篇写啥呢。。可能没有啥大家关心的东西了。。一会加工加工,把回调写在这里吧,就是刚才写的获取热键的那个SetTimer回调实现实时GetAsyncKeyState的,VB6里写过了,今天晚上看了几个小时才写出来,结果那么3句新代码就能搞定的事。。很让人伤心。。