. NET Learning: VB6 written by the game modified with the. NET rewrite--special game modifier general framework written __.net

Mmm, haven't written for a long time, how to start .... Talk about the environment ... VB. NET 2005 after that. NET ....

First of all thanks: Virtualdesktop (^_^), vbman2003 (family) Two friends support, this code without their help is impossible to complete, for other help friends also express gratitude ~~~~~~

And then what I'm writing about: a game modifier, but it can be used for many games but can't search for memory. Oh.. But can be used to make their own special game modification tools, or relatively cool, memory search and assembly editor later, slowly, impatient to eat hot tofu.

This thing, now the kinetic energy, is needed for the core of these parts

1, the process list to obtain, VB6 is using the API, but. NET no more.

2, the process of the promotion of operational rights, modified the VB6 of some of the API declaration to achieve.

3, the process memory of reading and writing, but also modified some VB6 API implementation.

4, using the byte structure to access the contents of the 2 file to get the configuration.

5, some conversion of the system.

To accompany her daughter-in-law, so this is the simplest one: byte array and integer type conversion.

Comrades may want to say, this is what, also use you write ... Oh.. Anyway, I don't know. NET inside the method of conversion, in addition to the way of byte conversion code too much, also lazy to write. Then the public about the use of this API, the Internet to find the head of the big hand pain did not find.

Post it here,. NET2005 the test pass.

Private Declare Sub copymemorytoarr Lib "kernel32" Alias "RtlMoveMemory" (ByVal destination () as Byte, ByRef Source as Int Eger, ByVal Length as Integer)

Private Declare Sub copymemorytodec Lib "kernel32" Alias "RtlMoveMemory" (ByRef destination as Int32, ByVal Source () as by Te, ByVal Length as Integer)

Hey, look familiar, actually is VB6 in our lovely copymemory ... But because of the different uses, so there are 2 definitions, I did a long time, or failed to write a definition form.

Written as a function:

Public Function Hexarr2dec (ByVal Bytearr () as Byte) as Integer
Dim Dec as Integer
Copymemorytodec (Dec, Bytearr, 4)
Return DEC
End Function
Public Function Dec2hexarr (ByVal Dec as Integer) as Byte ()
Dim Mtmparr (3) as Byte
Copymemorytoarr (Mtmparr, DEC, 4)
Return Mtmparr
End Function

Call Method:

Private Sub button1_click (ByVal sender as System.Object, ByVal e as System.EventArgs) Handles Button1.Click
Dim Bytearr (3) as Byte, intnum as Integer = 511
Bytearr = Dec2hexarr (intnum)
Debug.Print (Bytearr (0) & "" & Bytearr (1) & "& Bytearr (2) &" "& Bytearr (3))
MsgBox (Hexarr2dec (Bytearr))
End Sub

OK, that's all. Looking back at this definition, there are a few interesting places

Copymemorytoarr ByVal Destination () as Byte and ByRef Source as Integer

Copymemorytodec ByRef destination as Int32 and ByVal Source () as Byte

In the past VB6, we (at least I) wanted to pass values like the RtlMoveMemory function, which is defined

Declare Sub copymemory Lib "kernel32" Alias "RtlMoveMemory" (destination as any, Source as any, ByVal Length as Long)

In. NET, this any is replaced by IntPtr, but in some operations array APIs, such as ReadProcessMemory, WriteProcessMemory, etc., written IntPtr difficult to successfully invoke, we can modify the definition of XXXX () as Byte. There is also an interesting place where the API passes values in general ByVal, but above, it is defined as ByRef Source As Integer and byref destination as Int32. (Lazy me, no unified definition, INT32 and integer)

To sum up:

If, in the API declaration of VB6, the parameter is any:

1. When you need to pass an array pointer to the API, modify the VB6 declaration to ByVal xxxx () as Byte (Must be ByVal)

2. Modify the VB6 declaration to ByRef Source as (Integer) when you need to pass a data that is manipulated within the API

3, only when passing data, can be declared as ByRef XXXX as INTPTR (Int32,integer)

Another 2 cases:

Private Declare Function readprocessmemory Lib "Kernel32" (_
ByVal hprocess as Integer, _
ByVal Lpbaseaddress as Integer, _
ByVal lpbuffer () as Byte, _
ByVal Nsize as Integer, _
ByRef Lpnumberofbyteswritten As Integer) As Integer

Private Declare Function writeprocessmemory Lib "Kernel32" (_
ByVal hprocess as Int32, _
ByVal Lpbaseaddress as Int32, _
ByVal lpbuffer () as Byte, _
ByVal Nsize as Int32, _
ByRef Lpnumberofbyteswritten as Int32) as Integer

The above 2 statement was passed in the Vs.net 2005 environmental test. where Int32 and integers can be substituted for each other.

Next, say something about. NET to the API delivery structure of the problem, public lookupprivilegevalue, AdjustTokenPrivileges, OpenProcessToken use, that is, how to enhance the process of process operations permissions, the example is full permissions.