📄 frmsearch.frm

📁 内存搜索
💻 FRM
字号:
VERSION 5.00
Begin VB.Form SearchForm 
   BorderStyle     =   1  'Fixed Single
   Caption         =   "Search Process Memory"
   ClientHeight    =   3675
   ClientLeft      =   7545
   ClientTop       =   900
   ClientWidth     =   4680
   LinkTopic       =   "Form1"
   MaxButton       =   0   'False
   ScaleHeight     =   3675
   ScaleWidth      =   4680
   ShowInTaskbar   =   0   'False
   Visible         =   0   'False
   Begin VB.TextBox Bytes 
      Appearance      =   0  'Flat
      Height          =   285
      Left            =   840
      TabIndex        =   14
      Text            =   "4"
      Top             =   2280
      Width           =   615
   End
   Begin VB.ListBox Result 
      Height          =   3375
      ItemData        =   "frmSearch.frx":0000
      Left            =   1680
      List            =   "frmSearch.frx":0002
      TabIndex        =   11
      Top             =   120
      Width           =   2895
   End
   Begin VB.TextBox Find 
      Appearance      =   0  'Flat
      Height          =   285
      Index           =   3
      Left            =   840
      TabIndex        =   10
      Text            =   "&H0"
      Top             =   1920
      Width           =   615
   End
   Begin VB.TextBox Find 
      Appearance      =   0  'Flat
      Height          =   285
      Index           =   2
      Left            =   840
      TabIndex        =   9
      Text            =   "&H0"
      Top             =   1560
      Width           =   615
   End
   Begin VB.TextBox Find 
      Appearance      =   0  'Flat
      Height          =   285
      Index           =   1
      Left            =   840
      TabIndex        =   8
      Text            =   "&H0"
      Top             =   1200
      Width           =   615
   End
   Begin VB.TextBox Find 
      Appearance      =   0  'Flat
      Height          =   285
      Index           =   0
      Left            =   840
      TabIndex        =   7
      Text            =   "&H0"
      Top             =   840
      Width           =   615
   End
   Begin VB.TextBox ProcId 
      Alignment       =   1  'Right Justify
      Appearance      =   0  'Flat
      Enabled         =   0   'False
      Height          =   285
      Left            =   600
      TabIndex        =   1
      Top             =   240
      Width           =   855
   End
   Begin VB.CommandButton Search 
      Caption         =   "Search"
      Height          =   495
      Left            =   120
      TabIndex        =   0
      Top             =   2640
      Width           =   1335
   End
   Begin VB.Label Label6 
      AutoSize        =   -1  'True
      Caption         =   "Count"
      Height          =   195
      Left            =   240
      TabIndex        =   13
      Top             =   2280
      Width           =   420
   End
   Begin VB.Label Status 
      Height          =   255
      Left            =   120
      TabIndex        =   12
      Top             =   3240
      Width           =   1335
   End
   Begin VB.Label Label5 
      Alignment       =   1  'Right Justify
      AutoSize        =   -1  'True
      Caption         =   "2nd Byte"
      Height          =   195
      Left            =   125
      TabIndex        =   6
      Top             =   1200
      Width           =   630
   End
   Begin VB.Label Label4 
      Alignment       =   1  'Right Justify
      AutoSize        =   -1  'True
      Caption         =   "3rd Byte"
      Height          =   195
      Left            =   125
      TabIndex        =   5
      Top             =   1560
      Width           =   585
   End
   Begin VB.Label Label3 
      Alignment       =   1  'Right Justify
      AutoSize        =   -1  'True
      Caption         =   "4th Byte"
      Height          =   195
      Left            =   125
      TabIndex        =   4
      Top             =   1920
      Width           =   585
   End
   Begin VB.Label Label2 
      Alignment       =   1  'Right Justify
      AutoSize        =   -1  'True
      Caption         =   "1st Byte"
      Height          =   195
      Left            =   125
      TabIndex        =   3
      Top             =   840
      Width           =   570
   End
   Begin VB.Label Label1 
      AutoSize        =   -1  'True
      Caption         =   "PID:"
      Height          =   195
      Left            =   120
      TabIndex        =   2
      Top             =   285
      Width           =   315
   End
End
Attribute VB_Name = "SearchForm"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Option Explicit

Private Sub Form_Load()
ProcId.Text = ProcessId

End Sub

Private Sub HandleResult(BaseAddr As Long, Lookfor() As Byte, InData() As Byte, Length As Long, BytesToSearch As Long)
Dim i As Long

For i = 0 To Length - BytesToSearch
    Select Case BytesToSearch
        Case 1
            If Lookfor(0) = InData(i) Then
                Result.AddItem "Virtual Address:" & Hex$((i + BaseAddr)) & "H" & "= " & Hex$(InData(i)) & "H"
                Result.AddItem ""
            End If
        Case 2
            If Lookfor(0) = InData(i) And Lookfor(1) = InData(i + 1) Then
                Result.AddItem "Virtual Address:" & Hex$((i + BaseAddr)) & "H" & "= " & Hex$(InData(i)) & "H"
                Result.AddItem "Virtual Address:" & Hex$((i + 1 + BaseAddr)) & "H" & "= " & Hex$(InData(i + 1)) & "H"
                Result.AddItem ""
            End If
        Case 3
            If Lookfor(0) = InData(i) And Lookfor(1) = InData(i + 1) And Lookfor(2) = InData(i + 2) Then
                Result.AddItem "Virtual Address:" & Hex$((i + BaseAddr)) & "H" & "= " & Hex$(InData(i)) & "H"
                Result.AddItem "Virtual Address:" & Hex$((i + 1 + BaseAddr)) & "H" & "= " & Hex$(InData(i + 1)) & "H"
                Result.AddItem "Virtual Address:" & Hex$((i + 2 + BaseAddr)) & "H" & "= " & Hex$(InData(i + 2)) & "H"
                Result.AddItem ""
            End If
        Case 4
            If Lookfor(0) = InData(i) And Lookfor(1) = InData(i + 1) And Lookfor(2) = InData(i + 2) And Lookfor(3) = InData(i + 3) Then
                Result.AddItem "Virtual Address:" & Hex$((i + BaseAddr)) & "H" & "= " & Hex$(InData(i)) & "H"
                Result.AddItem "Virtual Address:" & Hex$((i + 1 + BaseAddr)) & "H" & "= " & Hex$(InData(i + 1)) & "H"
                Result.AddItem "Virtual Address:" & Hex$((i + 2 + BaseAddr)) & "H" & "= " & Hex$(InData(i + 2)) & "H"
                Result.AddItem "Virtual Address:" & Hex$((i + 3 + BaseAddr)) & "H" & "= " & Hex$(InData(i + 3)) & "H"
                Result.AddItem ""
            End If
    End Select
    
Next
    
End Sub

Private Sub Search_Click()
Dim SearchDest(4) As Byte
Dim ReadData() As Byte
Dim hProcess As Long
Dim mi As MEMORY_BASIC_INFORMATION
Dim pAddr As Long
Dim ret As Long
Dim miLen As Long
Dim dwRead As Long
Dim BytesToFind As Long

SearchDest(0) = Val(Find(0).Text)
SearchDest(1) = Val(Find(1).Text)
SearchDest(2) = Val(Find(2).Text)
SearchDest(3) = Val(Find(3).Text)
BytesToFind = Val(Bytes.Text)

miLen = Len(mi)
pAddr = 0

hProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_OPERATION Or PROCESS_VM_READ Or PROCESS_VM_WRITE, 0, ProcessId)
If hProcess = 0 Then
    MsgBox "Cannot open the Process"
    Exit Sub
End If

Status.Caption = "Searching..."
Me.Refresh
Result.Clear

ret = VirtualQueryEx(hProcess, pAddr, mi, miLen)

Do While (ret = miLen)
    If mi.State = MEM_COMMIT Then
        ReDim ReadData(mi.RegionSize)
        ret = ReadProcessMemory(hProcess, mi.BaseAddress, ReadData(0), mi.RegionSize, dwRead)
        If ret <> 0 And dwRead = mi.RegionSize Then
            HandleResult mi.BaseAddress, SearchDest(), ReadData(), dwRead, BytesToFind
        End If
        
    End If
    pAddr = mi.BaseAddress + mi.RegionSize
    ret = VirtualQueryEx(hProcess, pAddr, mi, miLen)
Loop

CloseHandle hProcess
Status.Caption = "Finished."

End Sub
💿 文件大小 110 K
👤 上传用户 ok34090512
📂 所属分类其他
🏷️ 相关标签

#内存 #搜索
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -