[100分]在线等..求高手把源码改做直接搜AOB!!
--------------------编程问答-------------------- Ctrl+H 替换源代码不就可以了嘛难道理解错了? --------------------编程问答--------------------
Dim itemstr() As String, itemstr2() As String
Private Sub Command1_Click()
Dim mbi As MEMORY_BASIC_INFORMATION
Dim WndHandle As Long, hProcessID As Long, hProcess As Long
Dim tmpBassAddr As Long, lBassAddr As Long
Dim BassAddr() As Long, PageNum As Long, PageSize() As Long
Dim data() As Byte, fio As Byte
Dim finded As Long, i As Long, j As Long, k As Long
List1.Clear
'Text1输入要搜寻视窗的标题
WndHandle = FindWindow(vbNullString, Text1.Text)
If HWnd = 0 Then
MsgBox "无法找到该视窗"
End
End If
'由视窗的Handle取得Process ID
Call GetWindowThreadProcessId(WndHandle, hProcessID)
If hProcessID = 0 Then
MsgBox "无法取得ProcessID"
End
End If
'开启该Process
hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, hProcessID)
If hProcess = 0 Then
MsgBox "无法开启该Process"
Exit Sub
End If
'为了谨慎起见 定址由0开始一直到 &H7FFFFFFF
Do While VirtualQueryEx(hProcess, ByVal lBassAddr, mbi, Len(mbi)) '若执行成功
'预防溢位 由于Long型态最大值是 &H7FFFFFFF
'如果定址超出这个范围就离开
tmpBassAddr = mbi.BaseAddress
If tmpBassAddr > &H7FFFFFFF Then
Exit Do
End If
'定出已配置解渴读写的区块
If mbi.State = MEM_COMMIT Then '已配置
If mbi.Protect And (PAGE_READWRITE Or PAGE_EXECUTE_READWRITE Or PAGE_EXECUTE_WRITECOPY) Then
'符合纪录基底位址以及区块大小
ReDim Preserve BassAddr(PageNum)
ReDim Preserve PageSize(PageNum)
BassAddr(PageNum) = mbi.BaseAddress '基底位址
PageSize(PageNum) = mbi.RegionSize '区块大小
PageNum = PageNum + 1 '纪录总区块数
End If
End If
lBassAddr = tmpBassAddr + mbi.RegionSize '对应下一笔
Loop
ProgressBar1.Min = 1
ProgressBar1.Max = PageNum
finded = 0
fio = CByte("AOB") 'Text2.Text) '要搜寻的数值
For i = 0 To PageNum - 1
ReDim data(1 To PageSize(i)) '根据区块大小配置记忆体
'读取记忆体
ReadProcessMemory hProcess, ByVal BassAddr(i), data(1), PageSize(i), ByVal 0&
'比对
For j = 1 To PageSize(i)
If data(j) = fio Then
List1.AddItem BassAddr(i) + j - 1
finded = finded + 1
End If
Next j
ProgressBar1.Value = i + 1
Next i
Label4.Caption = "首次搜寻项目数 --> " & finded & " 笔位址"
If List1.ListCount <> 0 Then
ReDim itemstr(List1.ListCount - 1)
For i = 0 To List1.ListCount - 1
itemstr(i) = List1.List(i)
Next i
Command1.Enabled = False
Command2.Enabled = True
Else
Command1.Enabled = False
Command2.Enabled = False
End If
'关闭该Process
CloseHandle hProcess
'释放阵列配置的记忆体
Erase BassAddr
Erase PageSize
Erase data
End Sub
--------------------编程问答--------------------
我并不是个开玩笑的人
请不要这样去踩我 --------------------编程问答--------------------
这段代码能搜出的大小为Byte 0-255
不知为什么把他改做Long搜起来的地址与CE等等的搜出来是不相符
我现在是想把他改作搜Array of Bytes
--------------------编程问答-------------------- 老实说,看了两遍楼主的问题(并没仔细看代码),没有明白楼主的意思。楼主能否再详细解释一下? --------------------编程问答-------------------- 好长哦
--------------------编程问答--------------------
图片以上,可看到吗? --------------------编程问答-------------------- 看不到 --------------------编程问答--------------------
这张可以吗?
http://i.imgur.com/l7LA5.png --------------------编程问答-------------------- 其实我这专档是一个内存搜索程序
但搜索的范围只在Byte, 现我想改作搜Array of Bytes
不知道怎做,请求高手指教 --------------------编程问答-------------------- 顶顶顶顶顶顶顶!
补充:VB , API
