本文所述實例為VB讀取記憶體、執行緒及句柄的一個API,對涉及系統底層操作的VB程式設計有一定的幫助,需要的讀者可以參考使用。這個API可取得到線程ID,寫內存,包括進程句柄,ByVal 內存區地址,數據,總長度,已經完成長度,讀取進程,包括進程句柄,ByVal內存區位址,讀取來的資料存放處,要讀取的長度,已經讀取的長度,內存分配(進程柄,地址[好像只要丟個0進去就行],長度,權限1[MEM_COMMIT],權限2[PAGE_READWRITE])傳回:分配到的記憶體起始位址等功能。
具體實現代碼如下:
Attribute VB_Name = "API"Option ExplicitPublic Declare Function GetDesktopWindow Lib "User32.DLL" () As LongPublic Declare Function FindWindow Lib "User32.DLL" Alias "FindWindowAare As LongString FuncName AsclString,Val Captional String" Lib "User32.DLL" (ByVal hwnd As Long, ByVal wCmd As Long) As LongPublic Declare Function GetWindowText Lib "User32.DLL" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String, ByVal cch As Long) As LongPublic Const GW_CHILD = (5) hw_CHILD = (5) Public Const GW_HWNDNEXT = (2)Public Declare Function GetWindowThreadProcessId Lib "User32.DLL" (ByVal hwnd As Long, ProcessId As Long) As Long'取找線程ID(句柄,回傳的線程ID)Public Declare Function OpenProcess Lib "Kernel32.DLL" (ByVal 操作權限As Long, ByVal 繼承句柄As Long, ByVal 線程ID As Long) As LongPublic Declare Function ReadProcessMemory Lib "Kernel32.DLL" (ByVal 進程柄As Long, ByVal 記憶體位置As Long, 緩衝區As Any, ByVal 長度As Long, lpNumberOfBytesWritten As Long) As Long'讀取進程(進程句柄,ByVal 記憶體區位址,讀取的資料存放處,要讀取的長度,已經讀取的長度[0])Public Declare Function WriteProcessMemory Lib "Kernel32.DLL" (ByVal 進程柄As Long, 記憶體位置As Any, 緩衝區As Any, ByVal 長度As Long, lpNumberOfBytesWritten As Long) As Long'寫入記憶體(進程句柄,ByVal 記憶體區位址,資料,總長度,已經完成長度[0])Public Declare Function CloseHandle Lib "Kernel32.DLL" (ByVal 進程柄As Long) As Long'釋放(進程句柄)'不釋放會出錯Public Const STANDARD_RIGHTS_REQUIRED = &HF0000Public Const SYNCHRONIZE = &H100000Public Const RRAD_WRITE = &H1F0FFFPublic Const PROCESS_VM_OPERATION = &H8&Public Const 讀取= &H10&PublicOV ConLLKw. Alias "RtlMoveMemory" (變數1 As Any, 變數2 As Any, ByVal 長度As Long)'---------記憶體保護分配釋放Public Declare Function VPE Lib "Kernel32.DLL" Alias "VirtualProtectEx" (ByVal進程柄As Long, 位址As Any, ByVal 長度As Long, ByVal flNewProtect As Long, lpflOldProtect As Long) As LongPublic Declare Function VAE Lib "Kernel32.DLL" Alias "VirtualAllocEx" (ByVal 進程柄As Long, ByVal 位址As Long, ByVal 長度As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long'記憶體分配(進程柄,位址[好像只要丟個0進去就行],長度,權限1[MEM_COMMIT],權限2[PAGE_READWRITE])回傳:分配到的記憶體起始位址Public Declare Function VFE Lib "Kernel32. DLL" Alias "VirtualFreeEx" (ByVal 進程柄As Long, ByVal 位址As Long, ByVal 長度As Long, ByVal 釋放類型As Long) As LongPublic Const MEM_COMMIT = &H1000Public Const PAGE_READWRITE = &H4Public Const STILL_ACTIVE = &H103&Public Const INFINITE = &HFFFF'---------取模組函數位置APIPublic Declare Function GetModuleHandle As LongPublic Declare Function LoadLibrary Lib "Kernel32.DLL" Alias "LoadLibraryA" (ByVal ModuleName As String) As LongPublic Declare Function GetProcAddress Lib "Kernel32.DLL" (ByVal hModule As Long. " (ByVal進程柄As Long, lpThreadAttributes As Any, ByVal dwStackSize As Long, ByVal lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadID As Long) As LongPublic Declare Function GetTickCount Lib "kerker 32" () As Longnel32" () As Longnel32" () As Longnel32" () As Longnel32