Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long '取窗口句柄
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesRead As Long) As Long '读取内存
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long '写入内存
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long '取进程句柄
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long '取得游戏PID值
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long '释放进程句柄
Private Const PROCESS_VM_OPERATION = &H8&
Private Const PROCESS_VM_READ = &H10&
Private Const PROCESS_VM_WRITE = &H20&
Private Sub Command1_Click() '改内存值
Dim hwnd As Long
Dim PId As Long
Dim pHandle As Long
Dim life As Long
hwnd = FindWindow(vbNullString, "连连看 v4.1") '查找游戏窗口句柄
GetWindowThreadProcessId hwnd, PId '取得游戏PID值
pHandle = OpenProcess(PROCESS_VM_OPERATION Or PROCESS_VM_READ Or PROCESS_VM_WRITE, 0, PId) '取进程句柄
If pHandle <> 0 Then '如果进程句柄不为0
WriteProcessMemory pHandle, &H12FEB8, CLng(Text1.Text), 1, 0& 'Text1.Text为写入值,CLng表示将数值转为长整型
'WriteProcessMemory 进程句柄, 基址, 写入值, 1, 0&
CloseHandle pHandle '释放进程句柄
End If
End Sub
Private Sub Timer1_Timer() '取内存值
Dim hwnd As Long
Dim PId As Long
Dim pHandle As Long
Dim life As Long
hwnd = FindWindow(vbNullString, "连连看 v4.1") '查找游戏窗口句柄
GetWindowThreadProcessId hwnd, PId '取得游戏PID值
pHandle = OpenProcess(PROCESS_VM_OPERATION Or PROCESS_VM_READ Or PROCESS_VM_WRITE, 0, PId) '取进程句柄
If pHandle <> 0 Then '如果进程句柄不为0
ReadProcessMemory pHandle, ByVal &H12FEB8, life, 4, 0& 'life为读取值
'ReadProcessMemory 进程句柄, ByVal 基址 读取值, 4, 0&
Text2.Text = life '读取结果
CloseHandle pHandle '释放进程句柄
End If
End Sub
'==================================以上是针对没有偏移的内存地址==================================
'==================================以下是针对有偏移的内存地址==================================
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long '取窗口句柄
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesRead As Long) As Long '读取内存
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long '写入内存
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long '取进程句柄
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long '取得游戏PID值
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long '释放进程句柄
Private Const PROCESS_VM_OPERATION = &H8&
Private Const PROCESS_VM_READ = &H10&
Private Const PROCESS_VM_WRITE = &H20&
Private Sub Command1_Click() '改内存值
Dim hwnd As Long
Dim PId As Long
Dim pHandle As Long
Dim life As Long
hwnd = FindWindow(vbNullString, "Plants vs. Zombies GOTY ") '查找游戏窗口句柄
GetWindowThreadProcessId hwnd, PId '取得游戏PID值
pHandle = OpenProcess(PROCESS_VM_OPERATION Or PROCESS_VM_READ Or PROCESS_VM_WRITE, 0, PId) '取进程句柄
If pHandle <> 0 Then '如果进程句柄不为0
ReadProcessMemory pHandle, ByVal &H7794F8, life, 4, 0& '7794F8为基址,也就是用CE找到的最后一个基址
ReadProcessMemory pHandle, ByVal life + &H868, life, 4, 0& '868为二级偏移
WriteProcessMemory pHandle, ByVal life + &H5578, CLng(Text1.Text), 4, 0& '5578为一级偏移,Text1.Text为将要改成的结果
CloseHandle pHandle '释放进程句柄
End If
End Sub
Private Sub Timer1_Timer() '取内存值
Dim hwnd As Long
Dim PId As Long
Dim pHandle As Long
Dim life As Long
hwnd = FindWindow(vbNullString, "Plants vs. Zombies GOTY ") '查找游戏窗口句柄
GetWindowThreadProcessId hwnd, PId '取得游戏PID值
pHandle = OpenProcess(PROCESS_VM_OPERATION Or PROCESS_VM_READ Or PROCESS_VM_WRITE, 0, PId) '取进程句柄
If pHandle <> 0 Then '如果进程句柄不为0
ReadProcessMemory pHandle, ByVal &H7794F8, life, 4, 0& '7794F8为基址,也就是用CE找到的最后一个基址
ReadProcessMemory pHandle, ByVal life + &H868, life, 4, 0& '868为二级偏移
ReadProcessMemory pHandle, ByVal life + &H5578, life, 4, 0& '5578为一级偏移
Text2.Text = life '读取结果
CloseHandle pHandle '释放进程句柄
End If
End Sub