:134.862KB : :1 :2019-12-28 06:28:03
ret = NtWow64QueryInformationProcess64 (ProcessHandle, 0, pbi64, 48, 0)
.如果真 (ret = 0)
Alen = 取文本长度 (ModuleName)
Ulen = Alen × 2 + 1
Namebuf = 取空白字节集 (Ulen)
Name = 取空白文本 (Alen)
NtWow64ReadVirtualMemory64 (ProcessHandle, pbi64.PebBaseAddress + 24, ldr, 8, 0) ' ldr = Read64bit (hProcess, pbi64.PebBaseAddress + 24, 8)
NtWow64ReadVirtualMemory64 (ProcessHandle, ldr + 24, ldr, 8, 0) ' ldr = Read64bit (hProcess, ldr + 24, 8)
.循环判断首 ()
NtWow64ReadVirtualMemory64 (ProcessHandle, ldr + 48, ModuleHandle, 8, 0) ' ModuleHandle = Read64bit (hProcess, ldr + 48, 8)
.如果真 (ModuleHandle = 0)
跳出循环 ()
.如果真结束
NtWow64ReadVirtualMemory64 (ProcessHandle, ldr + 96, pName, 8, 0) ' pName = Read64bit (hProcess, ldr + 96, 8)
NtWow64ReadVirtualMemory64_Bin (ProcessHandle, pName, Namebuf, Ulen, 0)
WideCharToMultiByte (936, 0, Namebuf, Ulen, Name, Alen, “”, 0)
.如果真 (到小写 (Name) = 到小写 (ModuleName))
返回 (ModuleHandle)
.如果真结束
NtWow64ReadVirtualMemory64 (ProcessHandle, ldr + 8, ldr, 8, 0)
.循环判断尾 (ModuleHandle ≠ 0)
操作句柄 = OpenProcess (#PROCESS_ALL_ACCESS, 0, 进程ID)
.如果真 (操作句柄 = 0)
返回 ({ })
.如果真结束
读取数据 = 取空白字节集 (要读取的长度)
ZwWow64ReadVirtualMemory64 (操作句柄, 内存地址, 读取数据, 要读取的长度, 0)
CloseHandle (操作句柄)
返回 (读取数据)
02-17会员管理插件源码
02-16动态创建菜单与响应事件源码,菜单编辑器
02-09画板快捷启动3.2源码修改版
02-09王者荣耀战力小程序源码分享
02-09简单的指定颜色抠图源码
02-05WinLicense授权SDK源码
02-05文本逐字分割源码及优化历程
02-05易语言调用cmd命令并编辑框显示执行结果
09-07C++的string的实现源码分析
10-15易语言word循环插入文字 图片工具源码
