自己编写的DLL（已通过注册）已经实现注入运行中的扫雷游戏，DLL中编有PostMessage函数，用自己编写的其它程序通过DLL来向扫雷窗口发送鼠标消息.

VB代码
========================
Private Declare Function mathadd Lib "d:\vbdll\ProjectOK.dll" (ByVal hWnd As Long, ByVal x As Long, ByVal y As Long) As Long
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long

Private Sub Command1_Click()
     call Inject ()
   Dim hWndl As Long
     Dim x As Long
     Dim y As Long
     Dim filebiaoti As String
     filebiaoti = "扫雷"
     hWndl = FindWindow(vbNullString, filebiaoti)
     x = 85
     y = 80
     msgbox=mathadd(hWndl, x, y)
End Sub
==========注入子程序ProjectOK.dll===================
Private Sub Inject()  
Dim MySnapHandle             As Long   '存放进程快照句柄
Dim ProcessInfo             As PROCESSENTRY32
Dim MyRemoteProcessId       As Long   '目标进程pid
Dim MyDllFileName           As String 'dll文件路径
Dim MyDllFileLength         As Long   'dll文件名长度
Dim MyDllFileBuffer         As Long   '写入dll文件名的内存地址
Dim MyAddr                   As Long   '执行远程线程代码的起始地址。这里等于LoadLibraryA的地址
Dim MyReturn                 As Long
Dim filename  As String
MySnapHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
ProcessInfo.dwSize = Len(ProcessInfo)
If Process32First(MySnapHandle, ProcessInfo) <> 0 Then
filename = "winmine.exe"
Do
     If InStr(ProcessInfo.szExeFile, filename) > 0 Then
      MyDllFileName = "D:\vbdll\ProjectOK.dll"
      MyDllFileLength = LenB(StrConv(MyDllFileName, vbFromUnicode)) + 1
      MyRemoteProcessId = OpenProcess(PROCESS_ALL_ACCESS, False, ProcessInfo.th32ProcessID)
      If MyRemoteProcessId = 0 Then MsgBox "OpenProcess Error"
      MyDllFileBuffer = VirtualAllocEx(MyRemoteProcessId, 0, MyDllFileLength, MEM_COMMIT, PAGE_READWRITE)
      If MyDllFileBuffer = 0 Then MsgBox "VirtualAllocEx Error"
      MyReturn = WriteProcessMemory(MyRemoteProcessId, MyDllFileBuffer, ByVal (MyDllFileName), MyDllFileLength, 0)
      If MyReturn = 0 Then MsgBox "WriteProcessMemory Error"
      MyAddr = GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA")
      If MyAddr = 0 Then MsgBox "GetProcAddress Error"
      Dim MyResult As Long
      MyResult = CreateRemoteThread(MyRemoteProcessId, 0, 0, MyAddr, MyDllFileBuffer, 0, 0)
      If MyResult = 0 Then MsgBox "error CreateRemoteThread"
     CloseHandle MyResult
     CloseHandle MyRemoteProcessId
     End If
     Loop While Process32Next(MySnapHandle, ProcessInfo) <> 0
End If

=========ProjectOK.dll===========
Private Declare Function PostMessage Lib "user32" Alias "PostMessageA" (ByVal hWnd As Long, ByVal wmsg As Long, ByVal wParam As Long, lParam As Any) As Long

Public Function mathadd(ByVal hWnd As Long, ByVal x As Long, ByVal y As Long) As Long
    mathadd = x + y
    lp = y * 65536 + x
    PostMessage hWnd, WM_MOUSEMOVE, 0, ByVal lp
    PostMessage hWnd, WM_LBUTTONDOWN, 0, ByVal lp
    PostMessage hWnd, WM_LBUTTONUP, 0, ByVal lp
End Function
=========================

点击按钮Command1后,程序运行崩溃出错;
若将ProjectOK.dll中3句PostMessage函数去掉,则点击按钮Command1后,程序能正常运行,msgbox=mathadd(hWndl, x, y)可以显示数值;
这是什么原因?如何解决?

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课