当前位置：首页 → 问答吧 → [100分]在线等..求高手把源码改做直接搜AOB！！

[100分]在线等..求高手把源码改做直接搜AOB！！

时间：2011-08-24

来源：互联网

在线等！万分感激！希望有人能帮助我，我会一直F5的！

求高手把源码的TEXTBOX改做直接输入 "11 22 33 44 55"搜索

VB code

Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal HWnd As Long, lpdwProcessId As Long) As Long
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function VirtualQueryEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, lpBuffer As MEMORY_BASIC_INFORMATION, ByVal dwLength As Long) As Long
Public Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long

Public Const PROCESS_ALL_ACCESS = &H1F0FFF
Public Const MEM_COMMIT = &H1000
Public Const PAGE_READWRITE = &H4
Public Const PAGE_EXECUTE_READWRITE = &H40
Public Const PAGE_EXECUTE_WRITECOPY = &H80

Public Type MEMORY_BASIC_INFORMATION
     BaseAddress As Long
     AllocationBase As Long
     AllocationProtect As Long
     RegionSize As Long
     State As Long
     Protect As Long
     lType As Long
End Type

VB code

Dim itemstr() As String, itemstr2() As String

Private Sub Command1_Click()
    Dim mbi As MEMORY_BASIC_INFORMATION
    Dim WndHandle As Long, hProcessID As Long, hProcess As Long
    Dim tmpBassAddr As Long, lBassAddr As Long
    Dim BassAddr() As Long, PageNum As Long, PageSize() As Long
    Dim data() As Byte, fio As Byte
    Dim finded As Long, i As Long, j As Long, k As Long

    List1.Clear
    
    'Text1输入要搜寻视窗的标题
    WndHandle = FindWindow(vbNullString, Text1.Text)
    If HWnd = 0 Then
        MsgBox "无法找到该视窗"
        End
    End If

    '由视窗的Handle取得Process ID
    Call GetWindowThreadProcessId(WndHandle, hProcessID)
    If hProcessID = 0 Then
        MsgBox "无法取得ProcessID"
        End
    End If

    '开启该Process
    hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, hProcessID)
    If hProcess = 0 Then
        MsgBox "无法开启该Process"
        Exit Sub
    End If

    '为了谨慎起见 定址由0开始一直到 &H7FFFFFFF
    Do While VirtualQueryEx(hProcess, ByVal lBassAddr, mbi, Len(mbi))   '若执行成功
        '预防溢位 由于Long型态最大值是 &H7FFFFFFF
        '如果定址超出这个范围就离开
        tmpBassAddr = mbi.BaseAddress
        If tmpBassAddr > &H7FFFFFFF Then
            Exit Do
        End If
     
        '定出已配置解渴读写的区块
        If mbi.State = MEM_COMMIT Then  '已配置
            If mbi.Protect And (PAGE_READWRITE Or PAGE_EXECUTE_READWRITE Or PAGE_EXECUTE_WRITECOPY) Then
                '符合纪录基底位址以及区块大小
                ReDim Preserve BassAddr(PageNum)
                ReDim Preserve PageSize(PageNum)
                BassAddr(PageNum) = mbi.BaseAddress     '基底位址
                PageSize(PageNum) = mbi.RegionSize      '区块大小
                PageNum = PageNum + 1   '纪录总区块数
            End If
        End If
        
        lBassAddr = tmpBassAddr + mbi.RegionSize     '对应下一笔
    Loop

    ProgressBar1.Min = 1
    ProgressBar1.Max = PageNum
    finded = 0
    fio = CByte(Text2.Text)    '要搜寻的数值
    For i = 0 To PageNum - 1
        ReDim data(1 To PageSize(i))    '根据区块大小配置记忆体
        '读取记忆体
        ReadProcessMemory hProcess, ByVal BassAddr(i), data(1), PageSize(i), ByVal 0&
        '比对
        For j = 1 To PageSize(i)
            If data(j) = fio Then
                List1.AddItem BassAddr(i) + j - 1
                finded = finded + 1
            End If
        Next j
        ProgressBar1.Value = i + 1
    Next i
    
    Label4.Caption = "首次搜寻项目数 --> " & finded & " 笔位址"
    
    If List1.ListCount <> 0 Then
        ReDim itemstr(List1.ListCount - 1)
        For i = 0 To List1.ListCount - 1
            itemstr(i) = List1.List(i)
        Next i
        Command1.Enabled = False
        Command2.Enabled = True
    Else
        Command1.Enabled = False
        Command2.Enabled = False
    End If
    
    '关闭该Process
    CloseHandle hProcess
    '释放阵列配置的记忆体
    Erase BassAddr
    Erase PageSize
    Erase data
End Sub

作者: alanwongk 发布时间: 2011-08-24

Ctrl+H 替换源代码不就可以了嘛
难道理解错了？

作者: ybh37 发布时间: 2011-08-24

引用楼主 alanwongk 的回复:
在线等！万分感激！希望有人能帮助我，我会一直F5的！

求高手把源码的TEXTBOX改做直接输入 "11 22 33 44 55"搜索

VB code
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowNam……

Dim itemstr() As String, itemstr2() As String

Private Sub Command1_Click()
Dim mbi As MEMORY_BASIC_INFORMATION
Dim WndHandle As Long, hProcessID As Long, hProcess As Long
Dim tmpBassAddr As Long, lBassAddr As Long
Dim BassAddr() As Long, PageNum As Long, PageSize() As Long
Dim data() As Byte, fio As Byte
Dim finded As Long, i As Long, j As Long, k As Long

List1.Clear

'Text1输入要搜寻视窗的标题
WndHandle = FindWindow(vbNullString, Text1.Text)
If HWnd = 0 Then
MsgBox "无法找到该视窗"
End
End If

'由视窗的Handle取得Process ID
Call GetWindowThreadProcessId(WndHandle, hProcessID)
If hProcessID = 0 Then
MsgBox "无法取得ProcessID"
End
End If

'开启该Process
hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, hProcessID)
If hProcess = 0 Then
MsgBox "无法开启该Process"
Exit Sub
End If

'为了谨慎起见定址由0开始一直到 &H7FFFFFFF
Do While VirtualQueryEx(hProcess, ByVal lBassAddr, mbi, Len(mbi)) '若执行成功
'预防溢位由于Long型态最大值是 &H7FFFFFFF
'如果定址超出这个范围就离开
tmpBassAddr = mbi.BaseAddress
If tmpBassAddr > &H7FFFFFFF Then
Exit Do
End If

'定出已配置解渴读写的区块
If mbi.State = MEM_COMMIT Then '已配置
If mbi.Protect And (PAGE_READWRITE Or PAGE_EXECUTE_READWRITE Or PAGE_EXECUTE_WRITECOPY) Then
'符合纪录基底位址以及区块大小
ReDim Preserve BassAddr(PageNum)
ReDim Preserve PageSize(PageNum)
BassAddr(PageNum) = mbi.BaseAddress '基底位址
PageSize(PageNum) = mbi.RegionSize '区块大小
PageNum = PageNum + 1 '纪录总区块数
End If
End If

lBassAddr = tmpBassAddr + mbi.RegionSize '对应下一笔
Loop

ProgressBar1.Min = 1
ProgressBar1.Max = PageNum
finded = 0
fio = CByte("AOB") 'Text2.Text) '要搜寻的数值
For i = 0 To PageNum - 1
ReDim data(1 To PageSize(i)) '根据区块大小配置记忆体
'读取记忆体
ReadProcessMemory hProcess, ByVal BassAddr(i), data(1), PageSize(i), ByVal 0&
'比对
For j = 1 To PageSize(i)
If data(j) = fio Then
List1.AddItem BassAddr(i) + j - 1
finded = finded + 1
End If
Next j
ProgressBar1.Value = i + 1
Next i

Label4.Caption = "首次搜寻项目数 --> " & finded & " 笔位址"

If List1.ListCount <> 0 Then
ReDim itemstr(List1.ListCount - 1)
For i = 0 To List1.ListCount - 1
itemstr(i) = List1.List(i)
Next i
Command1.Enabled = False
Command2.Enabled = True
Else
Command1.Enabled = False
Command2.Enabled = False
End If

'关闭该Process
CloseHandle hProcess
'释放阵列配置的记忆体
Erase BassAddr
Erase PageSize
Erase data
End Sub

作者: worldy 发布时间: 2011-08-24

引用 2 楼 worldy 的回复:

引用楼主 alanwongk 的回复:
在线等！万分感激！希望有人能帮助我，我会一直F5的！

求高手把源码的TEXTBOX改做直接输入 "11 22 33 44 55"搜索

VB code
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As Str……

我并不是个开玩笑的人

请不要这样去踩我

作者: alanwongk 发布时间: 2011-08-24

引用 1 楼 ybh37 的回复:

Ctrl+H 替换源代码不就可以了嘛
难道理解错了？

引用 1 楼 ybh37 的回复:

Ctrl+H替换源代码不就可以了嘛
难道理解错了？

这段代码能搜出的大小为Byte 0-255

不知为什么把他改做Long搜起来的地址与CE等等的搜出来是不相符

我现在是想把他改作搜Array of Bytes

作者: alanwongk 发布时间: 2011-08-24