VB操作内存类

最新推荐文章于 2021-09-10 09:04:47 发布
最新推荐文章于 2021-09-10 09:04:47 发布
阅读量509 收藏 2
点赞数
文章标签: VB
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/rsice/article/details/103608812
版权 
Private Declare Function ReadProcessMemory Lib "kernel32.dll" (ByVal hProcess As Long, ByRef lpBaseAddress As Any, ByRef lpBuffer As Any, ByVal nSize As Long, ByRef lpNumberOfBytesWritten As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32.dll" (ByVal hProcess As Long, ByRef lpBaseAddress As Any, ByRef lpBuffer As Any, ByVal nSize As Long, ByRef lpNumberOfBytesWritten As Long) As Long
Private Declare Function VirtualProtect Lib "kernel32" (ByRef lpAddress As Any, ByVal dwSize As Long, ByVal flNewProtect As Long, lpflOldProtect As Long) As Long '设置内存可读写
Private Const PAGE_EXECUTE_READWRITE = &H40 ' PAGE_EXECUTE_READWRITE  表示可读可写
Private Declare Function VirtualQueryEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, lpBuffer As MEMORY_BASIC_INFORMATION, ByVal dwLength As Long) As Long '搜索内存
Private Type MEMORY_BASIC_INFORMATION
    BaseAddress As Long
    AllocationBase As Long
    AllocationProtect As Long
    RegionSize As Long
    State As Long
    Protect As Long
    lType As Long
End Type

Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long)
Private Const PROCESS_ALL_ACCESS = &H1F0FFF

'设置内存属性,1可读写,其他恢复原样
Function SetMem(ByVal addr As String, ByVal lens As Integer, Optional Stype As Integer = 1)
    Select Case Stype
        Case 1:
            VirtualProtect ByVal addr, lens, PAGE_EXECUTE_READWRITE, OldProtect '修改内存属性
        Case Else:
            VirtualProtect ByVal addr, lens, OldProtect, OldProtect '恢复内存属性
    End Select
End Function

'搜索内存(句柄,开始地址,结束地址,比较方式,搜索类型)  比较方式:1精确数值 2大于 3小于 4两数之间 搜索类型:0 16进制,1 1字节整数,2 2字节整数,3 4字节整数, 4 4字节浮点数
Function SearchMem(ByVal mhwnd As Long, ByVal svalue As String, Optional beginaddr As String = "&H400000", Optional endaddr As String = "&H7FFFFFFF", Optional SearchStyle As Integer = 1, Optional Stype As Integer = 3) As String

    Const PAGE_READWRITE = 4, MEM_COMMIT = &H1000
    Dim i As Long, j As Long, count As Long
    Dim r As Long, mbi As MEMORY_BASIC_INFORMATION
    Dim lpAddress As Long: lpAddress = beginaddr
    Dim bSearch() As Byte
    Dim ubs As Long
    Dim kx  As Long
    bSearching = True
    nCountX = 0
    r = VirtualQueryEx(mhwnd, lpAddress, mbi, Len(mbi))
    
    '将7FFFFFFF作为搜索结束地址
    Dim lpBuffer() As Byte
    
    '字符串转数组
    Dim sp() As String
    Dim tmp As Long
    Dim nLength As Long
    '搜索支持数据串,每个数据用逗号分开,如123,234,5,9
    sp = Split(svalue, ",")
    nLength = UBound(sp)
    
    If Stype = 0 Then sp(0) = CLng("&H" & svalue)
    
    If Stype = 1 Then '  1字节
        ReDim bSearch(nLength)
        For i = 0 To nLength
            bSearch(i) = Val(sp(i)) And &HFF '防止溢出错误
        Next
    ElseIf Stype = 2 Then ' 2字节
        ReDim bSearch((nLength + 1) * 2 - 1)
        For i = 0 To nLength
            tmp = Val(sp(i))
            CopyMemory bSearch(i * 2), tmp, 2
        Next
    ElseIf Stype = 3 Then ' 4字节
        ReDim bSearch((nLength + 1) * 4 - 1)
        For i = 0 To nLength
            tmp = Val(sp(i))
            CopyMemory bSearch(i * 4), tmp, 4
        Next
    Else
        ReDim bSearch((nLength + 1) * 4 - 1)
        Dim tmp_f As Single
        For i = 0 To nLength
            tmp_f = CSng(sp(i))
            CopyMemory bSearch(i * 4), tmp_f, 4
        Next
    End If
    
    ubs = UBound(bSearch)
    
    If SearchStyle = 1 Then
        Do While (r And (lpAddress < CLng(endaddr)) And bSearching)
            '只搜索可读取的已提交的内存区域
            If (mbi.Protect And PAGE_READWRITE) And (mbi.State = MEM_COMMIT) Then
                ReDim lpBuffer(mbi.RegionSize - 1)
                ReadProcessMemory mhwnd, ByVal mbi.BaseAddress, lpBuffer(0), mbi.RegionSize, 0&
                For i = 0 To mbi.RegionSize - 1 - ubs '防止越界
                    '逐个字节比较,如果有任何一个不相等,则不再比较其它
                    For j = 0 To ubs
                        If bSearch(j) <> lpBuffer(i + j) Then GoTo a10
                    Next
                    nCountX = nCountX + 1
                    SearchMem = SearchMem & Hex(i + lpAddress) & "|"
a10:
                Next
            End If
            lpAddress = lpAddress + mbi.RegionSize '搜索下一条
            r = VirtualQueryEx(mhwnd, lpAddress, mbi, Len(mbi))
        Loop
    End If
    
    If SearchStyle = 2 Then
        Do While (r And (lpAddress < CLng(endaddr)) And bSearching)
            '只搜索可读取的已提交的内存区域
            If (mbi.Protect And PAGE_READWRITE) And (mbi.State = MEM_COMMIT) Then
                
                ReDim lpBuffer(mbi.RegionSize - 1)
                
                ReadProcessMemory mhwnd, ByVal mbi.BaseAddress, lpBuffer(0), mbi.RegionSize, 0&
                
                For i = 0 To mbi.RegionSize - 1 - ubs '防止越界
                    
                    '逐个字节比较,如果有任何一个不相等,则不再比较其它
                    For j = 0 To ubs
                        If bSearch(j) <= lpBuffer(i + j) Then GoTo b10
                    Next
                    nCountX = nCountX + 1
                    SearchMem = SearchMem & Hex(i + lpAddress) & "|"
b10:
                Next
            End If
            lpAddress = lpAddress + mbi.RegionSize
            r = VirtualQueryEx(mhwnd, lpAddress, mbi, Len(mbi))
        Loop
        
    End If
    
    If SearchStyle = 3 Then
        Do While (r And (lpAddress < CLng(endaddr)) And bSearching)
            '只搜索可读取的已提交的内存区域
            If (mbi.Protect And PAGE_READWRITE) And (mbi.State = MEM_COMMIT) Then
                ReDim lpBuffer(mbi.RegionSize - 1)
                ReadProcessMemory mhwnd, ByVal mbi.BaseAddress, lpBuffer(0), mbi.RegionSize, 0&
                For i = 0 To mbi.RegionSize - 1 - ubs '防止越界
                    '逐个字节比较,如果有任何一个不相等,则不再比较其它
                    For j = 0 To ubs
                        If bSearch(j) >= lpBuffer(i + j) Then GoTo c10
                    Next
                    nCountX = nCountX + 1
                    SearchMem = SearchMem & Hex(i + lpAddress) & "|"
c10:
                Next
            End If
            lpAddress = lpAddress + mbi.RegionSize
            r = VirtualQueryEx(mhwnd, lpAddress, mbi, Len(mbi))
        Loop
    End If
    
    If SearchStyle = 4 Then
        Do While (r And (lpAddress < CLng(endaddr)) And bSearching)
            '只搜索可读取的已提交的内存区域
            If (mbi.Protect And PAGE_READWRITE) And (mbi.State = MEM_COMMIT) Then
                ReDim lpBuffer(mbi.RegionSize - 1)
                ReadProcessMemory mhwnd, ByVal mbi.BaseAddress, lpBuffer(0), mbi.RegionSize, 0&
                For i = 0 To mbi.RegionSize - 1 - ubs '防止越界
                    If lpBuffer(i) <= Val(txtValue2Search1) Or lpBuffer(i) >= Val(txtValue2Search2) Then GoTo d10
                    nCountX = nCountX + 1
                    SearchMem = SearchMem & Hex(i + lpAddress) & "|"
d10:
                Next
            End If
            
            lpAddress = lpAddress + mbi.RegionSize
            r = VirtualQueryEx(mhwnd, lpAddress, mbi, Len(mbi))
        Loop
    End If
    SearchMem = Left(SearchMem, Len(SearchMem) - 1)
    bSearching = False
End Function

'字节集
Private Function newHEX(str2 As String) As Long
    Dim i As Long, a As Variant, k As Long
    k = 0
    For i = Len(str2) - 1 To 0 Step -1
        a = Asc(LCase(Mid(str2, Len(str2) - i, 1)))
        a = IIf(a >= 48 And a <= 57, a - 48, a - 87)
        k = k + (16 ^ i) * a
    Next
    newHEX = k
End Function

'------------------------------读取内存开始---------------------------------------------
'读取指定地址的整数数值,类型可以是2--1字节,1--2字节 或者 0--4字节,默认4字节
Function ReadInt(mhwnd As Long, addr As String, Optional Stype As Integer = 0)
    Dim jz  As Long '基址
    Dim lresult As Long '累加地址
    Dim mHprocess As Long '句柄
    Dim sz  '这个是字符数组--为了拆分 指针
    Dim p1 As Long '一级偏移
    Dim p2 As Long '二级偏移
    Dim p3 As Long '三级偏移
    Dim psum As Integer '偏移数量
    Dim s As Integer '类型
    Dim result As Long '最终结果
    
    sz = Split(addr, "]+") '分割字符-把偏移等变为数组元素保存起来,标记符号是 ']+'
    psum = UBound(sz)
    
    mHprocess = mhwnd
    
    Select Case Stype
        Case 0:
            s = 4 '4字节
            result = CLng(result)
        Case 1:
            s = 2 '2字节
            result = CInt(result)
        Case 2:
            s = 1 '1字节
            result = CByte(result)
        Case Else
            s = 4 '4字节
            result = CLng(result)
    End Select
    
    '0偏移-读取静态地址--
    If psum = 0 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        ReadProcessMemory mHprocess, ByVal jz, lresult, s, 0&
        result = lresult
        ReadInt = result
    End If
    
    '1偏移-
    If psum = 1 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        ReadProcessMemory mHprocess, ByVal jz, lresult, s, 0
        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, s, 0
        result = lresult
        ReadInt = result
    End If
    
    '2偏移-
    If psum = 2 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        p2 = Val("&H" & Trim(sz(2)))
        ReadProcessMemory mHprocess, ByVal jz, lresult, s, 0
        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, s, 0
        ReadProcessMemory mHprocess, ByVal lresult + p2, lresult, s, 0
        result = lresult
        ReadInt = result
    End If
    
    '3偏移-
    If psum = 3 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        p2 = Val("&H" & Trim(sz(2)))
        p3 = Val("&H" & Trim(sz(3))) '最后的偏移
        ReadProcessMemory mHprocess, ByVal jz, lresult, s, 0
        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, s, 0
        ReadProcessMemory mHprocess, ByVal lresult + p2, lresult, s, 0
        ReadProcessMemory mHprocess, ByVal lresult + p3, lresult, s, 0
        result = lresult
        ReadInt = result
    End If
End Function

'读取指定地址的双精度浮点数
Function ReadDouble(mhwnd As Long, addr As String) As Double
    Dim jz  As Long '基址
    Dim lresult As Long '累加地址
    Dim result As Long '最终结果
    Dim mHprocess As Long '句柄
    Dim sz  '这个是字符数组--为了拆分 指针
    Dim p1 As Long '一级偏移
    Dim p2 As Long '二级偏移
    Dim p3 As Long '三级偏移
    Dim psum As Integer '偏移数量
    
    sz = Split(addr, "]+") '分割字符-把偏移等变为数组元素保存起来,标记符号是 ']+'
    psum = UBound(sz)
    
    mHprocess = mhwnd
    
    '0偏移-读取4字节的静态地址--
    If psum = 0 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        ReadProcessMemory mHprocess, ByVal jz, lresult, 8, 0&
        result = lresult
        ReadDouble = result
    End If
    
    '1偏移-
    If psum = 1 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 8, 0
        result = lresult
        ReadDouble = result
    End If
    
    '2偏移-
    If psum = 2 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        p2 = Val("&H" & Trim(sz(2)))
        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p2, lresult, 8, 0
        result = lresult
        ReadDouble = result
    End If
    
    '3偏移-
    If psum = 3 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        p2 = Val("&H" & Trim(sz(2)))
        p3 = Val("&H" & Trim(sz(3))) '最后的偏移
        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p2, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p3, lresult, 8, 0
        result = lresult
        ReadDouble = result
    End If
End Function

'读取指定地址的单精度浮点数
Function ReadFloat(mhwnd As Long, addr As String) As Single
    Dim jz  As Long '基址
    Dim lresult As Long '累加地址
    Dim result As Long '最终结果
    Dim mHprocess As Long '句柄
    Dim sz  '这个是字符数组--为了拆分 指针
    Dim p1 As Long '一级偏移
    Dim p2 As Long '二级偏移
    Dim p3 As Long '三级偏移
    Dim psum As Integer '偏移数量
    
    sz = Split(addr, "]+") '分割字符-把偏移等变为数组元素保存起来,标记符号是 ']+'
    psum = UBound(sz)
    
    mHprocess = mhwnd
    
    '0偏移-读取4字节的静态地址--
    If psum = 0 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0&
        result = lresult
        ReadFloat = result
    End If
    
    '1偏移-
    If psum = 1 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0
        result = lresult
        ReadFloat = result
    End If
    
    '2偏移-
    If psum = 2 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        p2 = Val("&H" & Trim(sz(2)))
        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p2, lresult, 4, 0
        result = lresult
        ReadFloat = result
    End If
    
    '3偏移-
    If psum = 3 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        p2 = Val("&H" & Trim(sz(2)))
        p3 = Val("&H" & Trim(sz(3))) '最后的偏移
        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p2, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p3, lresult, 4, 0
        result = lresult
        ReadFloat = result
    End If
End Function

'读取指定地址的GBK字符串
Function ReadString(mhwnd As Long, addr As String) As String
    Dim jz  As Long '基址
    Dim lresult As Long '累加地址
    Dim result(64) As Byte '最终结果
    Dim mHprocess As Long '句柄
    Dim sz  '这个是字符数组--为了拆分 指针
    Dim p1 As Long '一级偏移
    Dim p2 As Long '二级偏移
    Dim p3 As Long '三级偏移
    Dim psum As Integer '偏移数量
    
    sz = Split(addr, "]+") '分割字符-把偏移等变为数组元素保存起来,标记符号是 ']+'
    psum = UBound(sz)
    
    mHprocess = mhwnd
    
    '0偏移-读取4字节的静态地址--
    If psum = 0 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        ReadProcessMemory mHprocess, ByVal jz, result(0), 64, 0&
        ReadString = StrConv(result, vbUnicode)
    End If
    
    '1偏移-
    If psum = 1 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p1, result(0), 64, 0
        ReadString = StrConv(result, vbUnicode)
    End If
    
    '2偏移-
    If psum = 2 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        p2 = Val("&H" & Trim(sz(2)))
        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p2, result(0), 64, 0
        ReadString = StrConv(result, vbUnicode)
    End If
    
    '3偏移-
    If psum = 3 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        p2 = Val("&H" & Trim(sz(2)))
        p3 = Val("&H" & Trim(sz(3))) '最后的偏移
        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p2, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p3, result(0), 64, 0
        ReadString = StrConv(result, vbUnicode)
    End If
End Function

'读取指定地址的Unicode字符串
Function ReadStringU(mhwnd As Long, addr As String) As String
    Dim jz  As Long
    Dim lresult As Long
    Dim result(64) As Byte
    Dim mHprocess As Long
    Dim StringU As Long
    Dim sz  '这个是字符数组--为了拆分 指针
    Dim p1 As Long
    Dim p2 As Long
    Dim p3 As Long
    Dim psum As Integer
    
    sz = Split(addr, "]+") '分割字符-把偏移等变为数组元素保存起来,标记符号是 ']+'
    psum = UBound(sz)
    
    mHprocess = mhwnd
    
    '0偏移-读取4字节的静态地址--
    If psum = 0 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        ReadProcessMemory mHprocess, ByVal jz, StringU, 4, 0
        ReadProcessMemory mHprocess, ByVal StringU, result(0), 64, 0&
        ReadStringU = result
    End If
    
    '1偏移-
    If psum = 1 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p1, StringU, 4, 0
        ReadProcessMemory mHprocess, ByVal StringU, result(0), 64, 0&
        ReadStringU = result
    End If
    
    '2偏移-
    If psum = 2 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        p2 = Val("&H" & Trim(sz(2)))
        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p2, StringU, 4, 0
        ReadProcessMemory mHprocess, ByVal StringU, result(0), 64, 0&
        ReadStringU = result
    End If
    
    '3偏移-
    If psum = 3 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        p2 = Val("&H" & Trim(sz(2)))
        p3 = Val("&H" & Trim(sz(3))) '最后的偏移
        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p2, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p3, StringU, 4, 0
        ReadProcessMemory mHprocess, ByVal StringU, result(0), 64, 0&
        ReadStringU = result
    End If
End Function

'------------------------------修改内存开始---------------------------------------------

'对指定地址写入整数数值,类型可以是1字节,2字节 或者 4字节
Function WriteInt(mhwnd As Long, addr As String, v As Long, Optional Stype As Integer = 0)
    Dim jz  As Long
    Dim lresult As Long
    Dim mHprocess As Long
    Dim sz  '这个是字符数组--为了拆分 指针
    Dim p1 As Long
    Dim p2 As Long
    Dim p3 As Long
    Dim psum As Integer
    Dim s As Integer
    
    sz = Split(addr, "]+") '分割字符-把偏移等变为数组元素保存起来
    psum = UBound(sz)
    
    mHprocess = mhwnd
    
    Select Case Stype
        Case 0:
            s = 4 '4字节
        Case 1:
            s = 2 '2字节
        Case 2:
            s = 1 '1字节
        Case Else
            s = 4 '4字节
    End Select
    
    '0偏移-读取静态地址--
    If psum = 0 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        WriteProcessMemory mHprocess, ByVal jz, v, s, 0&
    End If
    
    '1偏移-
    If psum = 1 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0
        WriteProcessMemory mHprocess, ByVal lresult + p1, v, s, 0
    End If
    
    
    '2偏移-
    If psum = 2 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        p2 = Val("&H" & Trim(sz(2)))
        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0
        WriteProcessMemory mHprocess, ByVal lresult + p2, v, s, 0
    End If
    
    '3偏移-
    If psum = 3 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        p2 = Val("&H" & Trim(sz(2)))
        p3 = Val("&H" & Trim(sz(3))) '最后的偏移
        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p2, lresult, 4, 0
        WriteProcessMemory mHprocess, ByVal lresult + p3, v, s, 0
    End If
End Function

'对指定地址写入单精度浮点数
Function WriteFloat(mhwnd As Long, addr As String, v As Single)
    Dim jz  As Long
    Dim lresult As Long
    Dim mHprocess As Long
    Dim sz  '这个是字符数组--为了拆分 指针
    Dim p1 As Long
    Dim p2 As Long
    Dim p3 As Long
    Dim psum As Integer
    sz = Split(addr, "]+") '分割字符-把偏移等变为数组元素保存起来
    '标记符号是 ']+'
    psum = UBound(sz)
    
    mHprocess = mhwnd
    
    '0偏移-读取4字节的静态地址--
    If psum = 0 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        WriteProcessMemory mHprocess, ByVal jz, v, 4, 0&
    End If
    
    '1偏移-
    If psum = 1 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0
        WriteProcessMemory mHprocess, ByVal lresult + p1, v, 4, 0
    End If
    
    
    '2偏移-
    If psum = 2 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        p2 = Val("&H" & Trim(sz(2)))
        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0
        WriteProcessMemory mHprocess, ByVal lresult + p2, v, 4, 0
    End If
    
    '3偏移-
    If psum = 3 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        p2 = Val("&H" & Trim(sz(2)))
        p3 = Val("&H" & Trim(sz(3))) '最后的偏移
        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p2, lresult, 4, 0
        WriteProcessMemory mHprocess, ByVal lresult + p3, v, 4, 0
    End If
End Function

'对指定地址写入双精度浮点数
Function WriteDouble(mhwnd As Long, addr As String, v As Double)
    Dim jz  As Long
    Dim lresult As Long
    Dim mHprocess As Long
    Dim sz  '这个是字符数组--为了拆分 指针
    Dim p1 As Long
    Dim p2 As Long
    Dim p3 As Long
    Dim psum As Integer
    sz = Split(addr, "]+") '分割字符-把偏移等变为数组元素保存起来
    '标记符号是 ']+'
    psum = UBound(sz)
    
    mHprocess = mhwnd
    
    '0偏移-读取4字节的静态地址--
    If psum = 0 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        WriteProcessMemory mHprocess, ByVal jz, v, 8, 0&
    End If
    
    '1偏移-
    If psum = 1 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0
        WriteProcessMemory mHprocess, ByVal lresult + p1, v, 8, 0
    End If
    
    
    '2偏移-
    If psum = 2 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        p2 = Val("&H" & Trim(sz(2)))
        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0
        WriteProcessMemory mHprocess, ByVal lresult + p2, v, 8, 0
    End If
    
    '3偏移-
    If psum = 3 Then
        jz = Val("&H" & Trim(Replace(sz(0), "[", "")))
        p1 = Val("&H" & Trim(sz(1)))
        p2 = Val("&H" & Trim(sz(2)))
        p3 = Val("&H" & Trim(sz(3))) '最后的偏移
        ReadProcessMemory mHprocess, ByVal jz, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p1, lresult, 4, 0
        ReadProcessMemory mHprocess, ByVal lresult + p2, lresult, 4, 0
        WriteProcessMemory mHprocess, ByVal lresult + p3, v, 8, 0
    End If
End Function

'对指定地址写入二进制数据
Public Function WriteData(mhwnd As Long, Maddr As String, Mcode As String) As Long
    Dim i As Long, OPcode As String, addr As Long
    OPcode = Mcode
    
    addr = newHEX(Maddr)
    ReDim AsmCode(Len(OPcode) / 2 - 1) As Byte
    For i = 0 To UBound(AsmCode)
        AsmCode(i) = CByte("&H" & Mid(OPcode, i * 2 + 1, 2))
    Next
    WriteProcessMemory mhwnd, ByVal addr, AsmCode(0), UBound(AsmCode) + 1, 0
End Function
'------------------------------------修改内存结束-------------------------------------------------

 

rsice
关注
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
VB写监控程序
jivi的专栏
12-27 3727
去年上半年发表在QQ空间里的。先移过来再讲仅仅是用户模式下的监控,没什么意义的,另外很多的东西也都是网上可以查到的。不过大家看看倒也无妨   前段日子,一同事发一条信息问WO关于监控软件的事。说一个网友需要这方面的资料,在这之前 曾经在网上查过相关的资料,并用VC(MFC)写了一个简单的监控程序,但因没有保存。重做系统后就没了 (因为当时只是实验,所以将MFC项目的
VB内存搜索控件-仿CE快速搜索内存
09-14
VB内存搜索控件-仿CE快速搜索内存 非原创
VB也能访问内存
samuelxp的专栏
03-18 945
    有人说vb不能操作内存,效率低下,我不是太赞同.vb跟c比当然效率比较低下了,但是如果使用得当还是有不少的效率提高的.     在开发windows上的应用时(注意啊,不是驱动),理论上来说,用vb可以做任何软件.因为vb本身没有的,可以使用api,而win32 api时可以实现windows上的任何应用功能的.当然这和使用者的功力有很大的关系,如果c/c++的功力很好,你甚至可以用v
实用的内存操作(vb源码)
飞翔的专栏
05-21 795
原帖:http://blog.csdn.net/Modest/archive/2006/10/20/1342718.aspxOption ExplicitPrivate Declare Function VirtualAlloc Lib "kernel32" (ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocation
vb查看内存
12-28
查看内存
vb内存搜索模块指定内存搜索
08-08
快速搜索内存数据快速搜索内存数据快速搜索内存数据
VB操作内存
01-27
总的来说,VB操作内存涉及的知识点广泛且复杂,包括但不限于API函数的使用、内存分配与管理、数据型转换、线程和进程操作等。掌握这些技能不仅需要深入理解VB的基本机制,还要熟悉操作系统级别的概念,如内存管理...
1vb.rar_vb 内存
最新发布
09-24
VB(Visual Basic)编程内存操作是一个高级主题,通常涉及到直接访问程序的数据存储区域。在标题"1vb.rar_vb 内存"提到的场景,开发者想要通过内存工具获取并修改程序特定内存地址的值。描述提到了内存...
VB_内存读写_visualbasic_VB源码_
10-02
"VB_内存读写_visualbasic_VB源码_"这个主题就是关于如何在VB进行内存操作的实践教程。 首先,我们要理解内存读写的概念。内存读写是指程序直接访问计算机内存,读取或修改存储在内存数据。在VB,这通常...
pconline1482308810420_vb内存_物理读写_vb实现物理内存的读写操作_
10-03
标题的“vb内存_物理读写_vb实现物理内存的读写操作”表明这是一个关于使用Visual Basic(VB)编程语言实现对计算机物理内存进行直接读写操作的技术主题。在计算机科学,直接操作物理内存通常涉及到低级别的系统...
VB 指针 内存分配
04-09
分配内存 用法和C的malloc同理 别忘记释放内存
VB实现游戏内存快速搜索
09-18
VB实现游戏内存快速搜索的程序,只搜索已使用的可读写的内存块来加快搜索速度
一个VB编写的内存查找器带源码
08-23
自己收集的一款游戏基址超级遍历工具。超强,附带工具源码和模块源码,经过调试可以直接使用,不过只能找到1级基址
修改内存VB模块
09-20
使用这个模块可以达到修改许多修改游戏本地内存的目的。
VB 实现读写内存教程
12-12
VB读写内存。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
VB窗口信息获取与内存操作
08-04
VB窗口信息获取与内存操作VB,全称Visual Basic,是微软公司推出的一种面向对象的、事件驱动的编程语言,它以其易学易用的特点深受初学者和专业人士的喜爱。在VB,窗口信息获取与内存操作是两个重要的技术...
VB 内存分配与流读写 代码
barenx的专栏
03-29 2454
Option ExplicitPrivate Declare Function VirtualAlloc()Function VirtualAlloc Lib "kernel32" (ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As
vb.net 教程 5-14 图像处理之内存处理基础4
chinaherolts2008的博客
09-10 288
版权声明:本文为博主原创文章,转载请在显著位置标明本文出处以及作者网名,未经作者允许不得用于商业目的。 之前讲了这么多内容,这篇将把之前的理论运用到实际。 准备工作:新建一个窗体,放两个按钮,分别的Text属性为“载入图片”和“一维数组”,如下图: 因为我们会使用到BitmapData和Marshal, 所以需要添加两个引用: Imports System.Drawing.Imaging Imports System.Runtime.InteropServices .
内存搜索
11-28 1172
我这段时间正好涉及到内存搜索问题,有几点感受说明一下: 一、要考虑语言的因素(如VB指针功能太弱,执行效率较低),建议采取C++或MASM32写比较代码。 二、要考虑内存对齐情况,将被查找子串转换为4的倍数的数据(32位机),速度会大幅提升。 三、如果不考虑移植性,可采用MMX、SSE或SSE2指令进行优化,但AMD的CPU不支持。 四、尽量避免使用二次循环语句,速度将呈几级数增加。 在
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值