The example described in this paper is an API for VB to read memory, thread and handle, which is helpful to VB programming which involves the operation of the bottom of the system, and can be used by readers. This API can get to the thread ID, write memory, include process handle, ByVal memory area address, data, total length, completed length, read process, including process handle, ByVal memory area address, read data store, length to read, length of read, memory allocation (process handle, address [ As if to lose a 0 in the line], length, permission 1[mem_commit], permission 2[page_readwrite] returns: Functions such as the memory start address assigned to.
The specific implementation code is as follows:
Attribute vb_name = "API" Option Explicit public Declare Function getdesktopwindow Lib ' User32.DLL ' () as Long public Dec
Lare Function FindWindow Lib "User32.DLL" Alias "Findwindowa" (ByVal ClassName As String, ByVal Caption as String) as Long Public Declare Function GetWindow Lib "User32.DLL" (ByVal hwnd as Long, ByVal wcmd as Long) as long public Declare functi On GetWindowText Lib "User32.DLL" Alias "Getwindowtexta" (ByVal hwnd as Long, ByVal lpstring as String, ByVal CCH as Long) As Long public Const GW_CHILD = (5) Public Const GW_HWNDNEXT = (2) public Declare Function GetWindowThreadProcessId Lib "User32.DLL" (ByVal hwnd as Long, ProcessID as long as long) takes the thread ID (handle, returned thread ID) public Declare Function openprocess Lib "Kernel32.DLL" (ByVal action permission as long, ByVal inherited handle as long, ByVal thread ID as long) as long public Declare Function Readprocessmem Ory Lib "Kernel32.DLL" (ByVal process handle as long, ByVal memory location as long, buffer as any, ByVal length as Long, lpnumberofbyteswritten as Lon g) as Long ' reads the process (process handle, byVal memory area address, read data store, length to read, read length [0]) public Declare Function writeprocessmemory Lib "Kernel32.DLL" (ByVal process handle as Long, inside
Save position as any, buffer as any, ByVal length as long, lpnumberofbyteswritten as long as Long ' write memory (process handle, ByVal memory area address, data, total length, completed length [0]) Public Declare Function CloseHandle Lib "Kernel32.DLL" (ByVal process handle as long) as Long ' release (process handle) ' does not release error public Const STANDARD _rights_required = &hf0000 Public Const SYNCHRONIZE = &h100000 Public Const RRAD_WRITE = &H1F0FFF Public Const Process_vm_operation = &H8& Public Const READ = &H10& Public Const Write = &H20& '---------variable conversion API Pu Blic Declare Sub MOV Lib "Kernel32.DLL" Alias "RtlMoveMemory" (variable 1 as any, variable 2 as any, ByVal length as Long) '---------Memory protection allocation Release public Declare Function VPE Lib "Kernel32.DLL" Alias "Virtualprotectex" (ByVal process handle as long, address as any, ByVal length as Long , ByVal Flnewprotect as Long, lpfloldprotect as long as long public Declare Function VAE Lib "Kernel32.DLL" Alias Virtua Lallocex "(ByVal process handle ASLong, ByVal address as long, ByVal length as long, ByVal Flallocationtype as Long, ByVal Flprotect as Long) as Long ' memory allocation (process handle, address [as if Just drop a 0 in. ", length, permission 1[mem_commit], permission 2[page_readwrite]) returns: The memory start address that is assigned to public Declare Function VFE Lib" Kernel32.DLL "Alias" VirtualFreeEx "(ByVal process handle as long, ByVal address as long, ByVal length as Long, ByVal release type as long) as long public Const Mem_commi T = &h1000 Public Const PAGE_READWRITE = &h4 Public Const STILL_ACTIVE = &H103& Public Const INFINITE = &A mp HFFFF '---------Fetch module function location API public Declare function GetModuleHandle Lib "Kernel32.DLL" Alias "Getmodulehandlea" (ByVal Mod Ulename as String) as Long public Declare Function LoadLibrary Lib "Kernel32.DLL" Alias "LoadLibraryA" (ByVal modulename A S String) as Long public Declare Function GetProcAddress Lib "Kernel32.DLL" (ByVal hmodule as Long, ByVal procname as Stri NG) as long public Declare Function createremotethread Lib "Kernel32.DLL" (ByVal process handle as long, lpthreadattributes as any, ByVal Dwstacksize as Long, ByVal lpstartaddress as Long, lpparameter as any, ByVal dwcreationflags as Long, lpthreadid as long) as long public decl are Function gettickcount Lib "kernel32" () as Long