Public Declare Function PutMem2 Lib "msvbvm60" (ByVal 00А53а98 As Long, ByVal 123456789 As Long) _ As Long
Верно?
Public Declare Function PutMem4 Lib "msvbvm60" (ByVal pDst As Long, ByVal NewValue As Long) _
As Long
' ... /// .... ///
' ... /// .... ///
' ... /// .... ///
' Записй дворда в память:
PutMem4 &h00А53а98, 123456789
MSDN писал(а):To open a handle to another local process and obtain full access rights, you must enable the SeDebugPrivilege privilege
Public Const TOKEN_QUERY As Long = &H8&
Public Const TOKEN_ADJUST_PRIVILEGES As Long = &H20&
Public Const SE_PRIVILEGE_ENABLED As Long = &H2
Public Const SE_DEBUG_NAME As String = "SeDebugPrivilege"
Public Type LUID
lowpart As Long
highpart As Long
End Type
Public Type LUID_AND_ATTRIBUTES
pLuid As LUID
Attributes As Long
End Type
Public Type TOKEN_PRIVILEGES
PrivilegeCount As Long
Privileges As LUID_AND_ATTRIBUTES
End Type
Public Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPriv As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long 'Used to adjust your program's security privileges, can't restore without it!
Public Declare Function LookupPrivilegeValue Lib "advapi32.dll" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As Any, ByVal lpName As String, lpLuid As LUID) As Long 'Returns a valid LUID which is important when making security changes in NT.
Public Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Public Declare Function GetCurrentProcess Lib "kernel32" () As Long
Public Function EnablePrivilege(seName As String, fEnable As Boolean) As Boolean
Dim p_lngRtn As Long
Dim p_lngToken As Long
Dim p_lngBufferLen As Long
Dim p_typLUID As LUID
Dim p_typTokenPriv As TOKEN_PRIVILEGES
Dim p_typPrevTokenPriv As TOKEN_PRIVILEGES
p_lngRtn = OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, p_lngToken)
If p_lngRtn = 0 Then
Exit Function
ElseIf Err.LastDllError <> 0 Then
Exit Function
End If
p_lngRtn = LookupPrivilegeValue(0&, seName, p_typLUID)
If p_lngRtn = 0 Then
Exit Function
End If
p_typTokenPriv.PrivilegeCount = 1
p_typTokenPriv.Privileges.Attributes = IIf(fEnable, SE_PRIVILEGE_ENABLED, 0)
p_typTokenPriv.Privileges.pLuid = p_typLUID
EnablePrivilege = (AdjustTokenPrivileges(p_lngToken, False, p_typTokenPriv, Len(p_typPrevTokenPriv), p_typPrevTokenPriv, p_lngBufferLen) <> 0)
End Function
bPrivilege = EnablePrivilege(SE_DEBUG_NAME, True)
pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
CloseHandle hProcess
Option Explicit
Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAcess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAdress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long()
Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddess As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWriten As Long) As Long
Public Declare Function GetLastError Lib "kernel32" () As Integer
Public Const PROCESS_ALL_ACCESS = &H1F0FFF
Private Sub Command1_Click()
Dim hwnd As Long
Dim pid As Long
Dim hProcess As Long
Dim str As String * 2
Dim str2 As String * 2
str = "Ww"
hwnd = FindWindow(vbNullString, "Калькулятор Плюс")
If (hwnd = 0) Then
MsgBox "Window not found!"
Exit Sub
End If
GetWindowThreadProcessId hwnd, pid
hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0&, pid)
If (hProcess = 0) Then
MsgBox "Couldn 't get a process handle!"
Exit Sub
End If
Call ReadProcessMemory(hProcess, &H5D081236, str2, 2, 0&) 'читаються верные данные, проверено.
txtD1 = str2 'в текстовое поле txtD1 выводиться str2
Call WriteProcessMemory(hProcess, &H5D081236, str, 2, 0&) 'эта строка записывает в память(проверял) и вызывает ошибку Винды и Винда закрывает программу. Без этой строки программа работает нормально.
CloseHandle hProcess
End Sub
str = "1q"
Call WriteProcessMemory(hProcess, &H5D081236, str, 3, 0&)
Call ReadProcessMemory(hProcess, &H5D081236, str2, 2, 0&)
txtD1 = str2
str = "2Q"
Call WriteProcessMemory(hProcess, &H5D081236, str, 3, 0&)
Call ReadProcessMemory(hProcess, &H5D081236, str2, 2, 0&)
txtD1 = str2
CloseHandle hProcess
End Sub
Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAdress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long()
Я вижу, пока, один вариант. Это структура из двух лонгов
Есть другие, более простые, варианты решения этой задачи?
&h7ffffffd = 2147483645 = +2147483645
&h7ffffffe = 2147483646 = +2147483646
&h7fffffff = 2147483647 = +2147483647
&h80000000 = 2147483648 = -2147483648
&h80000001 = 2147483649 = -2147483647
&h80000002 = 2147483650 = -2147483646
...
&h90000123 = 2415919000 = -1879047901
...
&hffffffff = 4294967295 = -1
If (С > 2147483647) Then
А = С - 4294967296#
Else
А = С
End If
WriteProcessMemory(hProcess, procAdres, VarPtr(А), 4, 0&)
А = 2147483647
В = 100
С = А + В
If (2147483647 - А < В) Then
С = -4294967296# + А + В
End If
WriteProcessMemory(hProcess, procAdres, VarPtr(С), 4, 0&)
Сейчас этот форум просматривают: нет зарегистрированных пользователей и гости: 7