VB代码
========================
Private Declare Function mathadd Lib "d:\vbdll\ProjectOK.dll" (ByVal hWnd As Long, ByVal x As Long, ByVal y As Long) As Long
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Sub Command1_Click()
call Inject ()
Dim hWndl As Long
Dim x As Long
Dim y As Long
Dim filebiaoti As String
filebiaoti = "扫雷"
hWndl = FindWindow(vbNullString, filebiaoti)
x = 85
y = 80
msgbox=mathadd(hWndl, x, y)
End Sub
==========注入子程序ProjectOK.dll===================
Private Sub Inject()
Dim MySnapHandle As Long '存放进程快照句柄
Dim ProcessInfo As PROCESSENTRY32
Dim MyRemoteProcessId As Long '目标进程pid
Dim MyDllFileName As String 'dll文件路径
Dim MyDllFileLength As Long 'dll文件名长度
Dim MyDllFileBuffer As Long '写入dll文件名的内存地址
Dim MyAddr As Long '执行远程线程代码的起始地址。这里等于LoadLibraryA的地址
Dim MyReturn As Long
Dim filename As String
MySnapHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
ProcessInfo.dwSize = Len(ProcessInfo)
If Process32First(MySnapHandle, ProcessInfo) <> 0 Then
filename = "winmine.exe"
Do
If InStr(ProcessInfo.szExeFile, filename) > 0 Then
MyDllFileName = "D:\vbdll\ProjectOK.dll"
MyDllFileLength = LenB(StrConv(MyDllFileName, vbFromUnicode)) + 1
MyRemoteProcessId = OpenProcess(PROCESS_ALL_ACCESS, False, ProcessInfo.th32ProcessID)
If MyRemoteProcessId = 0 Then MsgBox "OpenProcess Error"
MyDllFileBuffer = VirtualAllocEx(MyRemoteProcessId, 0, MyDllFileLength, MEM_COMMIT, PAGE_READWRITE)
If MyDllFileBuffer = 0 Then MsgBox "VirtualAllocEx Error"
MyReturn = WriteProcessMemory(MyRemoteProcessId, MyDllFileBuffer, ByVal (MyDllFileName), MyDllFileLength, 0)
If MyReturn = 0 Then MsgBox "WriteProcessMemory Error"
MyAddr = GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA")
If MyAddr = 0 Then MsgBox "GetProcAddress Error"
Dim MyResult As Long
MyResult = CreateRemoteThread(MyRemoteProcessId, 0, 0, MyAddr, MyDllFileBuffer, 0, 0)
If MyResult = 0 Then MsgBox "error CreateRemoteThread"
CloseHandle MyResult
CloseHandle MyRemoteProcessId
End If
Loop While Process32Next(MySnapHandle, ProcessInfo) <> 0
End If
=========ProjectOK.dll===========
Private Declare Function PostMessage Lib "user32" Alias "PostMessageA" (ByVal hWnd As Long, ByVal wmsg As Long, ByVal wParam As Long, lParam As Any) As Long
Public Function mathadd(ByVal hWnd As Long, ByVal x As Long, ByVal y As Long) As Long
mathadd = x + y
lp = y * 65536 + x
PostMessage hWnd, WM_MOUSEMOVE, 0, ByVal lp
PostMessage hWnd, WM_LBUTTONDOWN, 0, ByVal lp
PostMessage hWnd, WM_LBUTTONUP, 0, ByVal lp
End Function
=========================
