ReadProcessMemory内存读取
请问ReadProcessMemory这个函数该怎样读取指定内存地址中的值呢。在网上找了N久,头都大了,特来请教。
目标程序01是我自己编写的一个窗体程序,然后我在空白地址 &H401E46 写入了一些字符串,用内存写入没问题,读取的却不一样。
觉得奇怪的是为什么进程id会一直变动的pHandle。读出的&H401E46的内存也是一直变动的,鼠标移动到窗体不同地方也会变化(不正确)。
请问怎样才能读取到的内容和写入的时候一样呢。
窗体中的
00401E46的十六进制数据是 DC D9 06 0B 7C 7B
用下面方法读取到的却是一些变动的数字。
下面是读取的代码
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As LongPrivate Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As LongPrivate Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As LongPrivate Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As LongPrivate Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As LongPrivate Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As LongPrivate Const PROCESS_ALL_ACCESS = &H1F0FFFDim hwnd1 As LongDim pid As LongDim pHandle As LongPrivate Function ncnr(lpADDress As Long) As Integer hwnd1 = FindWindow(vbNullString, "01") GetWindowThreadProcessId hwnd1, pid pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pid) ReadProcessMemory pHandle, lpADDress, ByVal VarPtr(ncnr), 6, 0& CloseHandle pHandleEnd FunctionPrivate Sub Timer1_Timer() hwnd1 = FindWindow(vbNullString, "01") If hwnd1 = 0 Then Label1.Caption = "程序未运行" Text1.Text="" Else Label1.Caption = "程序已运行" Text1.Text = ncnr(&H401E46) End IfEnd Sub
