做外挂小记，1--获取进程PID和句柄修改内存之C++ ,VB, C#语言篇

http://hi.baidu.com/859729391/blog/item/7a5a17c7fc2d3e1c9c163de5.html

想要做外挂呢,就必须先获得,游戏进程的绝对控制权.....当然我们必须先取得游戏进程的ID!!

下面直接进入正题 ^ ^

首先说说最简单的C++,C++强大大家都知道..当然获得PID也方便得许多!

先说下思路吧..大概就是 首先获得游戏窗口名->通过游戏窗口名获得游戏窗口句柄->通过游戏窗口句柄获得游戏进程PID 有了PID之后,游戏就可以任你鱼肉了!!至于怎么修改内存达到你想要的效果,那就是八仙过海各显神通了.

下面是C++代码:

#include <windows.h>//这个大家都知道,包含后就可以使用API函数了,别问我API是啥? 百度一下!

#include <iostream.h>//略

void main()//我直接用控制台做了..所以这里直接main进入

{

DWORD D1 =20; //声明要修改的参数,就是你要修改内存的值,我直接把他弄固定20了

HWND hand;//声明窗口句柄,这样就可以用findwindow方法来找游戏进程pid

DWORD pidwin;//声明pid

void* ProcessHandle;//声明进程句柄,通过他可以得到绝对管理权限

hand=FindWindow(NULL, "就上魔力");

//api的findwindow方法,其中两个参数是(类名,窗口名),只需要其中一个就能找到窗口句柄,没有那个可以

//填NULL,表示空...

GetWindowThreadProcessId(hand,&pidwin);//通过窗口句柄hand找到游戏pid

ProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, 0, pidwin);//通过pid找到进程句柄,并且得到

//绝对控制权,PROCESS_ALL_ACCESS代表绝对控制,第二个参数总是0,第三个参数是进程pid

WriteProcessMemory(ProcessHandle,(LPVOID)0x92BD28, &D1, 4, NULL);

//写进去,(进程句柄,欲写入地址,写入值,值长度,NULL) 最后一个参数直接NULL就得了..

}

代码结束

这样我们就可以实现通过C++读写内存了!

WriteProcessMemory代表写的函数 还有另外一个是读ReadProcessMoemory 用法如下

if(ReadProcessMoemory(ProcessHandle,(LPVOID)0x92BD28, &D1, 4, NULL))

{

xxxx=D1;//直接把D1的值赋予你要显示的控键就行了.

}

然后我们来说说比较不适合读写内存的VB....但是我们一样可以用VB调用API函数来读写内存.....

下面是VB的代码:

Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long

Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long

Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long

Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long

Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long

Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long

Const PROCESS_ALL_ACCESS = &H1F0FFF

'上面是调用API的函数,这些函数几乎是做外挂必备的...直接COPY就行,不用记.

Private Sub Command1_Click()

Dim hwnd As Long

Dim ProcessID As Long

Dim ProcessHandle As Long

hwnd = FindWindow(vbNullString, "就上魔力")

If (hwnd = 0) Then

MsgBox "找不到游戏窗口!"

Exit Sub

End If

GetWindowThreadProcessId hwnd, ProcessID

ProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, False, ProcessID)

If (ProcessHandle = 0) Then

MsgBox "获取句柄失败!"

Exit Sub

End If

WriteProcessMemory ProcessHandle, &H92BD28, CLng(Text1.Text), 4, 0&

WriteProcessMemory ProcessHandle, &H92BD30, CLng(Text2.Text), 4, 0&

CloseHandle hProcess

End Sub

最后我们只用在可视化框中加入一个Command和两个Text就可以了

其实VB实现的方法和C++是一样的,只是VB需要先调用需要使用的API函数而已......