2016-11-8
17:27

root
root

[程序代码]CALL 调用

Public Const PROCESS_VM_WRITE = &H20 'For WriteProcessMemory 
Public Const PROCESS_VM_OPERATION = &H8 'For VirtualAllocEx 
Public Const PROCESS_ALL_ACCESS& = &H1F0FFF 
     
Public Const CREATE_SUSPENDED = &H4 
Public Const MEM_COMMIT = &H1000 
Public Const PAGE_READWRITE = &H4 
Public Const PAGE_EXECUTE_READWRITE = &H40 
Public Const MEM_RESERVE = &H2000 
Public Const MEM_RELEASE = &H8000 
     
Public Const INFINITE = &HFFFF 
Public Const WM_SYSCOMMAND = &H112 
     
Public Const PROCESS_VM_READ = &H10 
Public Const PROCESS_QUERY_INFORMATION = &H400 
Public Const MAX_PATH = 260 
     
Public Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long 
Public Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long 
Public Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long 
Public Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long 
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long 
Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long 
Public Declare Function ResumeThread Lib "kernel32" (ByVal hThread As Long) As Long 
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long 
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long 

Public Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long 
Public Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long 
Public Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, lpThreadAttributes As Any, ByVal dwStackSize As Long, lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long 
Public Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long 
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long 
Public Declare Function lstrlen Lib "kernel32" Alias "lstrlenA" (ByVal lpString As String) As Long 
     
Public Declare Function EnumProcessModules Lib "PSAPI.DLL" (ByVal hProcess As Long, hModule As Long, ByVal cb As Long, cbNeeded As Long) As Long 
Public Declare Function GetModuleFileNameEx Lib "PSAPI.DLL" Alias "GetModuleFileNameExA" (ByVal hProcess As Long, ByVal hModule As Long, ByVal lpFileName As String, ByVal nSize As Long) As Long 
Public Declare Function GetCurrentProcessId Lib "kernel32" () As Long




看看这个CALL: 
 
//===========================自动寻路====================== 
  P1:=P^.Param1;          // ---- 坐标X 
  P2:=P^.Param2;          // ---- 坐标Y 
  P3:=P^.Param3;          // ---- 坐标Z 
  P4:=P^.Param4;          // ---- 地图ID 
  asm 
    pushad 
    mov eax, P1 
    mov [$906F58], eax 
    mov eax, P3 
    mov [$906F5c], eax 
    mov eax, P2 
    mov [$906F60], eax 
    mov eax, dword ptr [$9045ec] 
    mov eax, dword ptr [eax+$28] 
    lea eax, dword ptr [eax+$3c] 
    push P4            // ---- 地图ID 
    push $906F58 
    push eax 
    mov  ecx, $900a90 
    mov  eax, $42aa20 
    call eax 
    popad 
  end; 

文章如需转载请注明:转载自: 紫灵幽梦
« 上一篇 下一篇 »

相关文章:

vb读取access并且显示  (2017-5-11 9:18:27)

VB 获取CPU温度示例  (2017-5-8 10:35:11)

VB程序逆向反汇编常见的函数   (2017-5-8 10:32:0)

VB内嵌汇编的模块示例  (2017-5-8 10:24:4)

内存数据的读写(PC)   (2017-3-1 17:51:40)

用VB制作外挂   (2017-3-1 16:16:53)

发表留言: