标题: 进程内存写入工具-WriteProcessMemory [打印本页]
作者: 老刘1号 时间: 2017-9-9 22:46 标题: 进程内存写入工具-WriteProcessMemory
老刘制作——进程内存写入工具
用法:
WriteProcessMemory <ProcessID> <BaseAddress> <HEX> ...
ProcessID 指定需写入进程的PID
BaseAddress 指定需写入进程内数据的起始地址
HEXs 需写入的数据(至少一个,数值范围:0~255)
提示:
传入数据时,十六进制请用"&H"前缀表示
姊妹工具:http://www.bathome.net/thread-45156-1-1.html- Option Explicit
- Module WriteProcessMemory
- Public Class WriteProcessMemory_Main
- Public Shared Sub Main(ByVal cmdArgs() As String)
- Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
- Const PAGE_EXECUTE_READWRITE As Long = &H40
- If CmdArgs.Length > 2 Then
- If IsNumeric(cmdArgs(0)) And IsNumeric(cmdArgs(1)) Then
- Dim ProcessHandle,OldProtect,ReturnValue(2),Conter(1) As Long
- Dim Bytes() As Byte
- Conter(1) = 0
- Rem 获取HEXs并生成数组
- For Conter(0) = 2 to CmdArgs.Length - 1
- If IsNumeric(CmdArgs(Conter(0))) Then
- If CLng(CmdArgs(Conter(0))) >= 0 And _
- CLng(CmdArgs(Conter(0))) <= &HFF Then
- ReDim Preserve Bytes(Conter(1))
- Bytes(Conter(1)) = CByte(CmdArgs(Conter(0)))
- Conter(1) = Conter(1) + 1
- End If
- End If
- Next
- Rem 以最高权限附加到目标进程
- ProcessHandle = Win32.OpenProcess( _
- PROCESS_ALL_ACCESS, _
- False, _
- Clng(CmdArgs(0)))
- Rem 更改内存属性为读+写+执行
- ReturnValue(0) = Win32.VirtualProtectEx( _
- ProcessHandle, _
- Clng(CmdArgs(1)), _
- Conter(1), _
- PAGE_EXECUTE_READWRITE, _
- OldProtect)
- Rem 写入数据
- ReturnValue(1) = Win32.WriteProcessMemory( _
- ProcessHandle, _
- Clng(CmdArgs(1)), _
- Bytes,Conter(1),0)
- If ReturnValue(1) <> 1 Then
- Console.WriteLine("写入失败!")
- End If
- If ReturnValue(0) <> 0 Then
- Rem 还原内存属性
- ReturnValue(2) = Win32.VirtualProtectEx( _
- ProcessHandle, _
- Clng(CmdArgs(1)), _
- Conter(1), _
- OldProtect,0)
- End If
- Else
- Console.WriteLine("输入的值不合法!")
- End If
- Else
- Console.WriteLine("老刘制作——进程内存写入工具")
- Console.WriteLine()
- Console.WriteLine("用法:")
- Console.WriteLine(" WriteProcessMemory <ProcessID> <BaseAddress> <HEX> ...")
- Console.WriteLine(" ProcessID 指定需写入进程的PID")
- Console.WriteLine(" BaseAddress 指定需写入进程内数据的起始地址")
- Console.WriteLine(" HEXs 需写入的数据(至少一个,数值范围:0~255)")
- Console.WriteLine()
- Console.WriteLine("提示:")
- Console.WriteLine("传入数据时,十六进制请用""&H""前缀表示")
- End If
- End Sub
- End Class
- Public Class Win32
- Declare Function OpenProcess Lib "KERNEL32" ( _
- ByVal dwDesiredAccess As Long, _
- ByVal bInheritHandle As Long, _
- ByVal dwProcessId As Long ) _
- As Long
- Declare Function WriteProcessMemory Lib "KERNEL32" ( _
- ByVal hProcess As Long, _
- ByVal lpBaseAddress As Long, _
- ByVal lpBuffer As Byte(), _
- ByVal nSize As Long, _
- ByRef lpNumberOfBytesWritten As Long) _
- As Long
- Declare Function VirtualProtectEx Lib "KERNEL32" ( _
- ByVal hProcess As Long, _
- ByVal lpAddress As Long, _
- ByVal dwSize As Long, _
- ByVal flNewProtect As Long, _
- ByRef lpflOldProtect As Long) _
- As Long
- End Class
- End Module
复制代码
链接: https://pan.baidu.com/s/1YCSEiRd7Y6dbdz47QmASZA?pwd=3rwf
作者: happy886rr 时间: 2017-9-10 21:44
回复 1# 老刘1号
不错,好工具,你的体积越来越小了,也做到了几KB。可以用来游戏作弊了。
作者: 老刘1号 时间: 2017-9-10 22:25
回复 2# happy886rr
感谢支持
哈哈,表面看来是几kb,其实windows自带着几G的运行库
游戏修改的话
水果忍者红叉修改
植物大战僵尸,NOP掉种植物时的阳光耗费机制
欢迎光临 批处理之家 (http://bbs.bathome.net/) |
Powered by Discuz! 7.2 |