by 来自轻院的狼[Immlep]
site:www.ptteam.com
最近学校上VB.NET的课,VB以前学过一点点,只会看不会写,不过没有办法,学校开的,所以几个人就组了个小组,写一个vb.net下的杀毒软件,要用到ReadProcessMemory来读取其它进程的内存,可以怎么调用也不行,goole和baidu找了N个小时。提这个问题的人倒是一大堆,可以是没有人解决过,但是其中也给我一些其实,后来在好友freecat的帮助下,找到了问题的所在,主要就是ReadProcessMemory声明的问题,我们应该这样声明
Public Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByVal lpBuffer() As Byte, ByVal nSize As Integer, ByRef lpNumberOfBytesWritten As Integer) As Integer
主要是其中的,ByVal lpBaseAddress As Integer, ByVal lpBuffer() As Byte
要设为byval而不是byref
这样调用就可以得到返回值了。
[code]
Private Declare Function OpenProcess Lib "kernel32.dll" _
(ByVal dwDesiredAccess As Integer, ByVal bInheritHandle As Integer, ByVal dwProcessId As Integer) As Integer
Public Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByVal lpBuffer() As Byte, ByVal nSize As Integer, ByRef lpNumberOfBytesWritten As Integer) As Integer
Private Const PROCESS_VM_READ As Long = &H10
Dim ph As Integer
Dim i As Integer
Dim h As Integer
Dim buffer(20) As Byte
Dim bytesRead As Integer
'获得进程
ph = OpenProcess(PROCESS_ALL_ACCESS, False, 1832)
If ph Then
MessageBox.Show("true")
h = ReadProcessMemory(ph, &H403000, buffer, buffer.Length, bytesRead)
For i = 0 To buffer.Length - 1
TempMem += buffer(i).ToString
Next
Else
MessageBox.Show("false")
End If
[/code]
