The example described in this article is an API for VB to read memory, threads and handles. It is of certain help to VB programming involving the underlying operations of the system. Readers in need can refer to it. This API can obtain the thread ID, write memory, including process handle, ByVal memory area address, data, total length, completed length, and read process, including process handle, ByVal memory area address, and the storage location of the read data. The length to be read, the length that has been read, memory allocation (process handle, address [just throw a 0 in it seems to be enough], length, permission 1 [MEM_COMMIT], permission 2 [PAGE_READWRITE]) return: the allocated memory starts Start address and other functions.
The specific implementation code is as follows:
Attribute VB_Name = "API"Option ExplicitPublic Declare Function GetDesktopWindow Lib "User32.DLL" () As LongPublic Declare Function FindWindow Lib "User32.DLL" Alias "FindWindowA" (ByVal ClassName As String, ByVal Caption As String) As LongPublic Declare Function GetWindow Lib "User32.DLL" (ByVal hwnd As Long, ByVal wCmd As Long) As LongPublic Declare Function GetWindowText Lib "User32.DLL" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String, ByVal cch As Long) As LongPublic Const GW_CHILD = (5)Public Const GW_HWNDNEXT = (2) Public Declare Function GetWindowThreadProcessId Lib "User32.DLL" (ByVal hwnd As Long, ProcessId As Long) As Long' Get thread ID (handle, returned thread ID) Public Declare Function OpenProcess Lib "Kernel32.DLL" (ByVal operation permission As Long, ByVal inheritance handle As Long, ByVal Thread ID As Long) As LongPublic Declare Function ReadProcessMemory Lib "Kernel32.DLL" (ByVal Process handle As Long, ByVal Memory location As Long, Buffer As Any, ByVal Length As Long, lpNumberOfBytesWritten As Long) As Long'Read process (process handle, ByVal memory area address, read data storage location, to read The length taken, the length that has been read [0]) Public Declare Function WriteProcessMemory Lib "Kernel32.DLL" (ByVal process handle As Long, memory location As Any, Buffer As Any, ByVal Length As Long, lpNumberOfBytesWritten As Long) As Long'Write memory (process handle, ByVal memory area address, data, total length, completed length [0]) Public Declare Function CloseHandle Lib "Kernel32.DLL" (ByVal process handle As Long) As Long 'Release (process handle)' will cause an error if not released Public Const STANDARD_RIGHTS_REQUIRED = &HF0000Public Const SYNCHRONIZE = &H100000Public Const RRAD_WRITE = &H1F0FFFPublic Const PROCESS_VM_OPERATION = &H8&Public Const Read = &H10&Public Const Write = &H20&'---------Variable ConversionAPIPublic Declare Sub MOV Lib "Kernel32.DLL" Alias "RtlMoveMemory" (Variable 1 As Any, Variable 2 As Any, ByVal Length As Long)'---------Memory protection allocation release Public Declare Function VPE Lib "Kernel32.DLL" Alias "VirtualProtectEx" (ByVal Process handle As Long, Address As Any, ByVal Length As Long, ByVal flNewProtect As Long, lpflOldProtect As Long) As LongPublic Declare Function VAE Lib "Kernel32.DLL" Alias "VirtualAllocEx" (ByVal process handle As Long, ByVal address As Long, ByVal length As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long' memory allocation (process handle, address [just drop a 0 in it seems to be enough], length, permission 1 [MEM_COMMIT], permission 2 [PAGE_READWRITE]) returns: the allocated memory starting address Public Declare Function VFE Lib "Kernel32. DLL" Alias "VirtualFreeEx" (ByVal process handle As Long, ByVal address As Long, ByVal length As Long, ByVal release type As Long) As LongPublic Const MEM_COMMIT = &H1000Public Const PAGE_READWRITE = &H4Public Const STILL_ACTIVE = &H103&Public Const INFINITE = &HFFFF'---------Get module function location APIPublic Declare Function GetModuleHandle Lib "Kernel32.DLL" Alias "GetModuleHandleA" (ByVal ModuleName As String) As LongPublic Declare Function LoadLibrary Lib "Kernel32.DLL" Alias "LoadLibraryA" (ByVal ModuleName As String) As LongPublic Declare Function GetProcAddress Lib "Kernel32.DLL" (ByVal hModule As Long, ByVal ProcName As String) As LongPublic Declare Function CreateRemoteThread Lib "Kernel32. DLL" (ByVal process handle As Long, lpThreadAttributes As Any, ByVal dwStackSize As Long, ByVal lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadID As Long) As LongPublic Declare Function GetTickCount Lib "kernel32" () As Long