标签:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Runtime.InteropServices;
using System.Diagnostics;
namespace 内存读写实例
{
public class 原创外挂类
{
#region Api引用
//打开进程,返回进程句柄
[DllImportAttribute("kernel32.dll", EntryPoint = "OpenProcess")]
public static extern IntPtr OpenProcess
(
int dwDesiredAccess, //渴望得到的访问权限(标志)
bool bInheritHandle, //是否继承句柄
int dwProcessId //进程标示符
);
//读内存
[DllImportAttribute("kernel32.dll", EntryPoint = "ReadProcessMemory")]
public static extern bool ReadProcessMemory
(
IntPtr hProcess, //远程进程句柄。 被读取者
IntPtr lpBaseAddress, //远程进程中内存地址。 从具体何处读取
IntPtr lpBuffer, //本地进程中内存地址. 函数将读取的内容写入此处
int nSize, //要传送的字节数。要写入多少
IntPtr lpNumberOfBytesRead //实际传送的字节数. 函数返回时报告实际写入多少
);
//写内存
[DllImportAttribute("kernel32.dll", EntryPoint = "WriteProcessMemory")]
public static extern bool WriteProcessMemory
(
IntPtr hProcess, //由OpenProcess返回的进程句柄。
IntPtr lpBaseAddress, //要写的内存首地址
int[] lpBuffer, //指向要写的数据的指针。
int nSize, //要写入的字节数。
IntPtr lpNumberOfBytesWritten //实际数据的长度
);
//关闭内核对象
[DllImport("kernel32.dll")]
private static extern void CloseHandle
(
IntPtr hObject //欲关闭的对象句柄
);
#endregion
/// <summary>
/// 根据进程名获取PID
/// </summary>
/// <param name="processName">必须是纯进程名,不可以用后缀,如.exe</param>
/// <returns>返回进程ID</returns>
public static int 进程名取进程ID(string processName)
{
Process[] arrayProcess = Process.GetProcessesByName(processName);
foreach (Process p in arrayProcess)
{
return p.Id;
}
return -1;
}
/// <summary>
/// 读内存中的值,以整数形式返回
/// </summary>
/// <param name="processName">必须是不带后缀名的进程名</param>
/// <param name="baseAddress">如果是十六进制,必须在地址前加0x</param>
/// <returns></returns>
public static int 读内存整数型(string processName, int baseAddress)
{
try
{
byte[] buffer = new byte[4];
IntPtr byteAddress = Marshal.UnsafeAddrOfPinnedArrayElement(buffer, 0); //获取缓冲区地址
IntPtr hProcess = OpenProcess(0x1F0FFF, false, 进程名取进程ID(processName)); //0x1F0FFF表示最高权限
ReadProcessMemory(hProcess, (IntPtr)baseAddress, byteAddress, 4, IntPtr.Zero); //将制定内存中的值读入缓冲区
CloseHandle(hProcess);
return Marshal.ReadInt32(byteAddress);
}
catch
{
return -1;
}
}
/// <summary>
/// 写内存整数型
/// </summary>
/// <param name="processName">纯进程名,不能有后缀名</param>
/// <param name="baseAddress">欲写入的内存地址</param>
/// <param name="value">欲写入的值</param>
public static void 写内存整数型(string processName, int baseAddress, int value)
{
IntPtr hProcess = OpenProcess(0x1F0FFF, false, 进程名取进程ID(processName)); //0x1F0FFF 最高权限
WriteProcessMemory(hProcess, (IntPtr)baseAddress, new int[] { value }, 4, IntPtr.Zero);
CloseHandle(hProcess);
}
}
}
标签:
原文地址:http://www.cnblogs.com/fuhua/p/5877781.html
