批处理之家 - Powered by Discuz! Board

Option Explicit
Imports System
Module ReadProcessMemory
Public Class ReadProcessMemory_Main
Public Shared Sub Main(ByVal cmdArgs() As String)
Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
If CmdArgs.Length = 3 Then
If IsNumeric(cmdArgs(0)) And IsNumeric(cmdArgs(1)) And IsNumeric(cmdArgs(2)) Then
Dim ProcessHandle,BytesLong,ReturnValue,Conter As Long
Dim Bytes(Clng(cmdArgs(2))) As Byte
ProcessHandle = WinAPI.OpenProcess(PROCESS_ALL_ACCESS,False,Clng(CmdArgs(0)))
ReturnValue = WinAPI.ReadProcessMemory(ProcessHandle,Clng(CmdArgs(1)),Bytes,Clng(CmdArgs(2)),BytesLong)
If ReturnValue = 1 Then
For Conter = 0 To BytesLong - 1
Console.Write(Right("0" & Hex(Bytes(Conter)),2)&Chr(&H20))
Next
Console.WriteLine()
Else
Console.WriteLine("读取失败！")
End If
Else
Console.WriteLine("输入的值不合法！")
End If
Else
Console.WriteLine("老刘制作——进程内存读取工具")
Console.WriteLine("用法：")
Console.WriteLine(" ReadProcessMemory <ProcessID> <BaseAddress> <Long>")
Console.WriteLine(" ProcessID 指定需读取进程的PID")
Console.WriteLine(" BaseAddress 指定需读取进程内读取数据的起始地址")
Console.WriteLine(" Long 指定需读取进程内读取数据的长度（Byte）")
End If
End Sub
End Class
Public Class WinAPI
Declare Function OpenProcess Lib "KERNEL32" ( _
ByVal dwDesiredAccess As Long, _
ByVal bInheritHandle As Long, _
ByVal dwProcessId As Long ) _
As Long
Declare Function ReadProcessMemory Lib "KERNEL32" ( _
ByVal hProcess As Long, _
ByVal lpBaseAddress As Long, _
lpBuffer As Byte(), _
ByVal nSize As Long, _
ByRef lpNumberOfBytesRead As Long) _
As Long
End Class
End Module