C# 制作外挂常用的API
1: C#做外挂的常用API.
2:
3: using System;
4: using System.Collections.Generic;
5: using System.Text;
6: using System.Runtime.InteropServices; //这个肯定要的
7:
8: namespace WindowsApplication1
9: {
10: class win32API
11: {
12: public const int OPEN_PROCESS_ALL = 2035711;
13: public const int PAGE_READWRITE = 4;
14: public const int PROCESS_CREATE_THREAD = 2;
15: public const int PROCESS_HEAP_ENTRY_BUSY = 4;
16: public const int PROCESS_VM_OPERATION = 8;
17: public const int PROCESS_VM_READ = 256;
18: public const int PROCESS_VM_WRITE = 32;
19:
20: private const int PAGE_EXECUTE_READWRITE = 0x4;
21: private const int MEM_COMMIT = 4096;
22: private const int MEM_RELEASE = 0x8000;
23: private const int MEM_DECOMMIT = 0x4000;
24: private const int PROCESS_ALL_ACCESS = 0x1F0FFF;
25:
26:
27:
28:
29: //查找窗体
30: [DllImport("User32.dll", EntryPoint = "FindWindow")]
31: public extern static IntPtr FindWindow(
32: string lpClassName,
33: string lpWindowName
34: );
35:
36: //得到目标进程句柄的函数
37: [DllImport("USER32.DLL")]
38: public extern static int GetWindowThreadProcessId(
39: int hwnd,
40: ref int lpdwProcessId
41: );
42: [DllImport("USER32.DLL")]
43: public extern static int GetWindowThreadProcessId(
44: IntPtr hwnd,
45: ref int lpdwProcessId
46: );
47:
48: //打开进程
49: [DllImport("kernel32.dll")]
50: public extern static int OpenProcess(
51: int dwDesiredAccess,
52: int bInheritHandle,
53: int dwProcessId
54: );
55: [DllImport("kernel32.dll")]
56: public extern static IntPtr OpenProcess(
57: uint dwDesiredAccess,
58: int bInheritHandle,
59: uint dwProcessId
60: );
61:
62: //关闭句柄的函数
63: [DllImport("kernel32.dll", EntryPoint = "CloseHandle")]
64: public static extern int CloseHandle(
65: int hObject
66: );
67:
68: //读内存
69: [DllImport("Kernel32.dll ")]
70: public static extern Int32 ReadProcessMemory(
71: IntPtr hProcess,
72: IntPtr lpBaseAddress,
73: [In, Out] byte[] buffer,
74: int size,
75: out IntPtr lpNumberOfBytesWritten
76: );
77: [DllImport("Kernel32.dll ")]
78: public static extern Int32 ReadProcessMemory(
79: int hProcess,
80: int lpBaseAddress,
81: ref int buffer,
82: //byte[] buffer,
83: int size,
84: int lpNumberOfBytesWritten
85: );
86: [DllImport("Kernel32.dll ")]
87: public static extern Int32 ReadProcessMemory(
88: int hProcess,
89: int lpBaseAddress,
90: byte[] buffer,
91: int size,
92: int lpNumberOfBytesWritten
93: );
94:
95: //写内存
96: [DllImport("kernel32.dll")]
97: public static extern Int32 WriteProcessMemory(
98: IntPtr hProcess,
99: IntPtr lpBaseAddress,
100: [In, Out] byte[] buffer,
101: int size,
102: out IntPtr lpNumberOfBytesWritten
103: );
104:
105: [DllImport("kernel32.dll")]
106: public static extern Int32 WriteProcessMemory(
107: int hProcess,
108: int lpBaseAddress,
109: byte[] buffer,
110: int size,
111: int lpNumberOfBytesWritten
112: );
113:
114: //创建线程
115: [DllImport("kernel32", EntryPoint = "CreateRemoteThread")]
116: public static extern int CreateRemoteThread(
117: int hProcess,
118: int lpThreadAttributes,
119: int dwStackSize,
120: int lpStartAddress,
121: int lpParameter,
122: int dwCreationFlags,
123: ref int lpThreadId
124: );
125:
126: //开辟指定进程的内存空间
127: [DllImport("Kernel32.dll")]
128: public static extern System.Int32 VirtualAllocEx(
129: System.IntPtr hProcess,
130: System.Int32 lpAddress,
131: System.Int32 dwSize,
132: System.Int16 flAllocationType,
133: System.Int16 flProtect
134: );
135:
136: [DllImport("Kernel32.dll")]
137: public static extern System.Int32 VirtualAllocEx(
138: int hProcess,
139: int lpAddress,
140: int dwSize,
141: int flAllocationType,
142: int flProtect
143: );
144:
145: //释放内存空间
146: [DllImport("Kernel32.dll")]
147: public static extern System.Int32 VirtualFreeEx(
148: int hProcess,
149: int lpAddress,
150: int dwSize,
151: int flAllocationType
152: );
153: }
154: }
原文地址:原文