自己编写的DLL(已通过注册)已经实现注入运行中的扫雷游戏,DLL中编有PostMessage函数,用自己编写的其它程序通过DLL来向扫雷窗口发送鼠标消息.
VB代码
========================
Private Declare Function mathadd Lib "d:\vbdll\ProjectOK.dll" (ByVal hWnd As Long, ByVal x As Long, ByVal y As Long) As Long
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Sub Command1_Click()
call Inject ()
Dim hWndl As Long
Dim x As Long
Dim y As Long
Dim filebiaoti As String
filebiaoti = "扫雷"
hWndl = FindWindow(vbNullString, filebiaoti)
x = 85
y = 80
msgbox=mathadd(hWndl, x, y)
End Sub
==========注入子程序ProjectOK.dll===================
Private Sub Inject()
Dim MySnapHandle As Long '存放进程快照句柄
Dim ProcessInfo As PROCESSENTRY32
Dim MyRemoteProcessId As Long '目标进程pid
Dim MyDllFileName As String 'dll文件路径
Dim MyDllFileLength As Long 'dll文件名长度
Dim MyDllFileBuffer As Long '写入dll文件名的内存地址
Dim MyAddr As Long '执行远程线程代码的起始地址。这里等于LoadLibraryA的地址
Dim MyReturn As Long
Dim filename As String
MySnapHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
ProcessInfo.dwSize = Len(ProcessInfo)
If Process32First(MySnapHandle, ProcessInfo) <> 0 Then
filename = "winmine.exe"
Do
If InStr(ProcessInfo.szExeFile, filename) > 0 Then
MyDllFileName = "D:\vbdll\ProjectOK.dll"
MyDllFileLength = LenB(StrConv(MyDllFileName, vbFromUnicode)) + 1
MyRemoteProcessId = OpenProcess(PROCESS_ALL_ACCESS, False, ProcessInfo.th32ProcessID)
If MyRemoteProcessId = 0 Then MsgBox "OpenProcess Error"
MyDllFileBuffer = VirtualAllocEx(MyRemoteProcessId, 0, MyDllFileLength, MEM_COMMIT, PAGE_READWRITE)
If MyDllFileBuffer = 0 Then MsgBox "VirtualAllocEx Error"
MyReturn = WriteProcessMemory(MyRemoteProcessId, MyDllFileBuffer, ByVal (MyDllFileName), MyDllFileLength, 0)
If MyReturn = 0 Then MsgBox "WriteProcessMemory Error"
MyAddr = GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA")
If MyAddr = 0 Then MsgBox "GetProcAddress Error"
Dim MyResult As Long
MyResult = CreateRemoteThread(MyRemoteProcessId, 0, 0, MyAddr, MyDllFileBuffer, 0, 0)
If MyResult = 0 Then MsgBox "error CreateRemoteThread"
CloseHandle MyResult
CloseHandle MyRemoteProcessId
End If
Loop While Process32Next(MySnapHandle, ProcessInfo) <> 0
End If
=========ProjectOK.dll===========
Private Declare Function PostMessage Lib "user32" Alias "PostMessageA" (ByVal hWnd As Long, ByVal wmsg As Long, ByVal wParam As Long, lParam As Any) As Long
Public Function mathadd(ByVal hWnd As Long, ByVal x As Long, ByVal y As Long) As Long
mathadd = x + y
lp = y * 65536 + x
PostMessage hWnd, WM_MOUSEMOVE, 0, ByVal lp
PostMessage hWnd, WM_LBUTTONDOWN, 0, ByVal lp
PostMessage hWnd, WM_LBUTTONUP, 0, ByVal lp
End Function
=========================
点击按钮Command1后,程序运行崩溃出错;
若将ProjectOK.dll中3句PostMessage函数去掉,则点击按钮Command1后,程序能正常运行,msgbox=mathadd(hWndl, x, y)可以显示数值;
这是什么原因?如何解决?
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课