Class form1
Private Sub button1_Click(ByVal sender As Object, ByVal e As EventArgs)
Dim PinballHandle As IntPtr
Dim PinballScoreAddressPointer As IntPtr = DirectCast(&H5D55888, IntPtr)
'内存0x1025040中的值+0x52->PinballScoreAddress
Dim PinballScoreAddress As UInteger() = New UInteger(1) {}
'游戏分数的内存地址
Dim PinballScoreWrite As UInteger() = New UInteger() {&H1869F}
'将分数改为:999600000
Dim PinballScoreRead As UInteger() = New UInteger(1) {}
'用来存放当前分数
'"3D Pinball"在“Windows 任务管理器”中显示为"PINBALL.EXE",但作为
'GetProcessesByName的参数使用时并不能包含扩展名".EXE"。
Dim PinballProcessID As System.Diagnostics.Process() = System.Diagnostics.Process.GetProcessesByName("ra3_1.4.game")
'根据进程名获取进程ID
If PinballProcessID.Length <> 0 Then
PinballHandle = ProcessMemoryWorkApi.OpenProcess(&H1F0FFF, 0, DirectCast(PinballProcessID(0).Id, UInt32))
'PROCESS_ALL_ACCESS=0x1F0FFF
ProcessMemoryWorkApi.ReadProcessMemory(PinballHandle, PinballScoreAddressPointer, PinballScoreAddress, 4, DirectCast(0, IntPtr))
'通过指针得到PinballScoreAddress
PinballScoreAddress(0) = PinballScoreAddress(0) + &H4
'PinballScoreAddress+0x52才是游戏分数的内存地址
ProcessMemoryWorkApi.ReadProcessMemory(PinballHandle, DirectCast(PinballScoreAddress(0), IntPtr), PinballScoreRead, 4, DirectCast(0, IntPtr))
'当前游戏分数
MessageBox.Show("当前分数为: " + PinballScoreRead(0).ToString() + vbLf + "分数即将被修改成: 99999", "ProcessMemoryWork_Demo")
ProcessMemoryWorkApi.WriteProcessMemory(PinballHandle, DirectCast(PinballScoreAddress(0), IntPtr), PinballScoreWrite, 4, DirectCast(0, IntPtr)) '修改游戏分数
ProcessMemoryWorkApi.CloseHandle(PinballHandle)
Else
MessageBox.Show("""3D Pinball"" 还没有运行吧?", "ProcessMemoryWork_Demo")
End If
End Sub
End Class
相关的 自定义类调用
Imports System
Imports System.Collections.Generic
Imports System.Linq
Imports System.Text
Imports System.Runtime.InteropServices
Namespace WindowsFormsApplication1
Class ProcessMemoryWorkApi
'HANDLE OpenProcess(
' DWORD dwDesiredAccess,// access flag
' BOOL bInheritHandle, // handle inheritance flag
' DWORD dwProcessId // process identifier
' );
<DllImport("kernel32.dll")> _
Public Shared Function OpenProcess(ByVal dwDesiredAccess As UInt32, ByVal bInheritHandle As Int32, ByVal dwProcessId As UInt32) As IntPtr
End Function
'BOOL CloseHandle(
' HANDLE hObject // handle to object to close
' );
<DllImport("kernel32.dll")> _
Public Shared Function CloseHandle(ByVal hObject As IntPtr) As Int32
End Function
'BOOL WriteProcessMemory(
' HANDLE hProcess, // handle to process whose memory is written to
' LPVOID lpBaseAddress, // address to start writing to
' LPVOID lpBuffer, // pointer to buffer to write data to
' DWORD nSize, // number of bytes to write
' LPDWORD lpNumberOfBytesWritten // actual number of bytes written
' );
<DllImport("kernel32.dll")> _
Public Shared Function WriteProcessMemory(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, ByVal lpBuffer As UInteger(), ByVal nSize As UInt32, ByVal lpNumberOfBytesWritten As IntPtr) As Int32
End Function
'BOOL ReadProcessMemory(
' HANDLE hProcess, // handle of the process whose memory is read
' LPCVOID lpBaseAddress, // address to start reading
' LPVOID lpBuffer, // address of buffer to place read data
' DWORD nSize, // number of bytes to read
' LPDWORD lpNumberOfBytesRead // address of number of bytes read
' );
<DllImport("kernel32.dll")> _
Public Shared Function ReadProcessMemory(ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, ByVal lpBuffer As UInteger(), ByVal nSize As UInt32, ByVal lpNumberOfBytesRead As IntPtr) As Int32
End Function
End Class
