C# 做外挂,常用API-白红宇

C# 做外挂,常用API

阅读量：6371 次

发布时间：2019-06-23

本文共 3118 字，大约阅读时间需要 10 分钟。

摘自网上供自己备查:

using System;

using System.Collections.Generic;

using System.Text;

using System.Runtime.InteropServices; //这个肯定要的

namespace WindowsApplication1

{

class win32API

{

public const int OPEN_PROCESS_ALL = 2035711;

public const int PAGE_READWRITE = 4;

public const int PROCESS_CREATE_THREAD = 2;

public const int PROCESS_HEAP_ENTRY_BUSY = 4;

public const int PROCESS_VM_OPERATION = 8;

public const int PROCESS_VM_READ = 256;

public const int PROCESS_VM_WRITE = 32;

private const int PAGE_EXECUTE_READWRITE = 0x4;

private const int MEM_COMMIT = 4096;

private const int MEM_RELEASE = 0x8000;

private const int MEM_DECOMMIT = 0x4000;

private const int PROCESS_ALL_ACCESS = 0x1F0FFF;

//查找窗体

[DllImport("User32.dll", EntryPoint = "FindWindow")]

public extern static IntPtr FindWindow(

string lpClassName,

string lpWindowName

);

//得到目标进程句柄的函数

[DllImport("USER32.DLL")]

public extern static int GetWindowThreadProcessId(

int hwnd,

ref int lpdwProcessId

);

[DllImport("USER32.DLL")]

public extern static int GetWindowThreadProcessId(

IntPtr hwnd,

ref int lpdwProcessId

);

//打开进程

[DllImport("kernel32.dll")]

public extern static int OpenProcess(

int dwDesiredAccess,

int bInheritHandle,

int dwProcessId

);

[DllImport("kernel32.dll")]

public extern static IntPtr OpenProcess(

uint dwDesiredAccess,

int bInheritHandle,

uint dwProcessId

);

//关闭句柄的函数

[DllImport("kernel32.dll", EntryPoint = "CloseHandle")]

public static extern int CloseHandle(

int hObject

);

//读内存

[DllImport("Kernel32.dll ")]

public static extern Int32 ReadProcessMemory(

IntPtr hProcess,

IntPtr lpBaseAddress,

[In, Out] byte[] buffer,

int size,

out IntPtr lpNumberOfBytesWritten

);

[DllImport("Kernel32.dll ")]

public static extern Int32 ReadProcessMemory(

int hProcess,

int lpBaseAddress,

ref int buffer,

//byte[] buffer,

int size,

int lpNumberOfBytesWritten

);

[DllImport("Kernel32.dll ")]

public static extern Int32 ReadProcessMemory(

int hProcess,

int lpBaseAddress,

byte[] buffer,

int size,

int lpNumberOfBytesWritten

);

//写内存

[DllImport("kernel32.dll")]

public static extern Int32 WriteProcessMemory(

IntPtr hProcess,

IntPtr lpBaseAddress,

[In, Out] byte[] buffer,

int size,

out IntPtr lpNumberOfBytesWritten

);

[DllImport("kernel32.dll")]

public static extern Int32 WriteProcessMemory(

int hProcess,

int lpBaseAddress,

byte[] buffer,

int size,

int lpNumberOfBytesWritten

);

//创建线程

[DllImport("kernel32", EntryPoint = "CreateRemoteThread")]

public static extern int CreateRemoteThread(

int hProcess,

int lpThreadAttributes,

int dwStackSize,

int lpStartAddress,

int lpParameter,

int dwCreationFlags,

ref int lpThreadId

);

//开辟指定进程的内存空间

[DllImport("Kernel32.dll")]

public static extern System.Int32 VirtualAllocEx(

System.IntPtr hProcess,

System.Int32 lpAddress,

System.Int32 dwSize,

System.Int16 flAllocationType,

System.Int16 flProtect

);

[DllImport("Kernel32.dll")]

public static extern System.Int32 VirtualAllocEx(

int hProcess,

int lpAddress,

int dwSize,

int flAllocationType,

int flProtect

);

//释放内存空间

[DllImport("Kernel32.dll")]

public static extern System.Int32 VirtualFreeEx(

int hProcess,

int lpAddress,

int dwSize,

int flAllocationType

);

}

转载地址：http://dbuqa.baihongyu.com/

你可能感兴趣的文章

分享：使用 TypeScript 编写的游戏代码

查看>>

java使用AES加密解密 AES-128-ECB加密

查看>>

京东小哥肩扛手推翻山路为九旬老人及时送上百斤货物

查看>>

这家数据公司为什么能成为数百万企业的选择？

查看>>

揭秘双11前夕，阿里技术人都在忙什么？

查看>>

微软发布Windows Server更新消息：涨价

查看>>

田溯宁亚信IPO现场致辞：寒冬能养出真正有竞争力的好物种

查看>>

2019春晚由谁主持？技术上有何创新？为你提前揭秘

查看>>

「每天一道面试题」synchronized底层实现原理深挖

查看>>

“外卖小哥”悄然改变城市青年就业观

查看>>

墨西哥输油管爆炸已致73人死75人伤爆炸原因确定

查看>>

兰州消防搜救犬享“贵宾”待遇训导员与其同睡增进关系

macOS NSStatusBar + NSPopover

查看>>

大数据：美团酒旅实时数据规则引擎应用实践

查看>>

Vue 折腾记 - (5) 写一个不大靠谱的selectSearch组件

查看>>

gfx-hal(Vulkan) CommandPool操作简析