C# 制作外挂常用的API
1: C#做外挂的常用API. 2: 3: using System;
4: using System.Collections.Generic;
5: using System.Text;
6: using System.Runtime.InteropServices; //这个肯定要的
7: 8: namespace WindowsApplication1
9: {10: class win32API
11: {12: public const int OPEN_PROCESS_ALL = 2035711;
13: public const int PAGE_READWRITE = 4;
14: public const int PROCESS_CREATE_THREAD = 2;
15: public const int PROCESS_HEAP_ENTRY_BUSY = 4;
16: public const int PROCESS_VM_OPERATION = 8;
17: public const int PROCESS_VM_READ = 256;
18: public const int PROCESS_VM_WRITE = 32;
19: 20: private const int PAGE_EXECUTE_READWRITE = 0x4;
21: private const int MEM_COMMIT = 4096;
22: private const int MEM_RELEASE = 0x8000;
23: private const int MEM_DECOMMIT = 0x4000;
24: private const int PROCESS_ALL_ACCESS = 0x1F0FFF;
25: 26: 27: 28: 29: //查找窗体
30: [DllImport("User32.dll", EntryPoint = "FindWindow")]
31: public extern static IntPtr FindWindow(
32: string lpClassName,
33: string lpWindowName
34: ); 35: 36: //得到目标进程句柄的函数
37: [DllImport("USER32.DLL")]
38: public extern static int GetWindowThreadProcessId(
39: int hwnd,
40: ref int lpdwProcessId
41: );42: [DllImport("USER32.DLL")]
43: public extern static int GetWindowThreadProcessId(
44: IntPtr hwnd,45: ref int lpdwProcessId
46: ); 47: 48: //打开进程
49: [DllImport("kernel32.dll")]
50: public extern static int OpenProcess(
51: int dwDesiredAccess,
52: int bInheritHandle,
53: int dwProcessId
54: );55: [DllImport("kernel32.dll")]
56: public extern static IntPtr OpenProcess(
57: uint dwDesiredAccess,
58: int bInheritHandle,
59: uint dwProcessId
60: ); 61: 62: //关闭句柄的函数
63: [DllImport("kernel32.dll", EntryPoint = "CloseHandle")]
64: public static extern int CloseHandle(
65: int hObject
66: ); 67: 68: //读内存
69: [DllImport("Kernel32.dll ")]
70: public static extern Int32 ReadProcessMemory(
71: IntPtr hProcess, 72: IntPtr lpBaseAddress,73: [In, Out] byte[] buffer,
74: int size,
75: out IntPtr lpNumberOfBytesWritten
76: );77: [DllImport("Kernel32.dll ")]
78: public static extern Int32 ReadProcessMemory(
79: int hProcess,
80: int lpBaseAddress,
81: ref int buffer,
82: //byte[] buffer,
83: int size,
84: int lpNumberOfBytesWritten
85: );86: [DllImport("Kernel32.dll ")]
87: public static extern Int32 ReadProcessMemory(
88: int hProcess,
89: int lpBaseAddress,
90: byte[] buffer,
91: int size,
92: int lpNumberOfBytesWritten
93: ); 94: 95: //写内存
96: [DllImport("kernel32.dll")]
97: public static extern Int32 WriteProcessMemory(
98: IntPtr hProcess, 99: IntPtr lpBaseAddress,100: [In, Out] byte[] buffer,
101: int size,
102: out IntPtr lpNumberOfBytesWritten
103: ); 104: 105: [DllImport("kernel32.dll")]
106: public static extern Int32 WriteProcessMemory(
107: int hProcess,
108: int lpBaseAddress,
109: byte[] buffer,
110: int size,
111: int lpNumberOfBytesWritten
112: ); 113: 114: //创建线程
115: [DllImport("kernel32", EntryPoint = "CreateRemoteThread")]
116: public static extern int CreateRemoteThread(
117: int hProcess,
118: int lpThreadAttributes,
119: int dwStackSize,
120: int lpStartAddress,
121: int lpParameter,
122: int dwCreationFlags,
123: ref int lpThreadId
124: ); 125: 126: //开辟指定进程的内存空间
127: [DllImport("Kernel32.dll")]
128: public static extern System.Int32 VirtualAllocEx(
129: System.IntPtr hProcess, 130: System.Int32 lpAddress, 131: System.Int32 dwSize, 132: System.Int16 flAllocationType, 133: System.Int16 flProtect 134: ); 135: 136: [DllImport("Kernel32.dll")]
137: public static extern System.Int32 VirtualAllocEx(
138: int hProcess,
139: int lpAddress,
140: int dwSize,
141: int flAllocationType,
142: int flProtect
143: ); 144: 145: //释放内存空间
146: [DllImport("Kernel32.dll")]
147: public static extern System.Int32 VirtualFreeEx(
148: int hProcess,
149: int lpAddress,
150: int dwSize,
151: int flAllocationType
152: ); 153: } 154: }
原文地址:原文
浙公网安备 33010602011771号