按键精灵X内存汇编库（全球首发）——类人猿_按键精灵吧

Declare Function OpenProcess Lib "kernel32" Alias "OpenProcess" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Declare Function ReadProcessMemory Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Long,ByVal lpBaseAddress As Long, ByRef lpBuffer As Long, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, ByRef lpBuffer As Long, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Declare Function GetCurrentProcessId Lib "kernel32" Alias "GetCurrentProcessId" () As Long
Declare Function htonl Lib "Wsock32.dll" (ByVal hostlong As Long) As Long //4字节高低位互转 //32位有符号整数不支持无符号整数 FFFF FFFF ，这个还需要调试兼容
Declare Function htons Lib "Wsock32.dll" (ByVal hostshort As Long) As Long //2字节
Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As long, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long //
Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Declare Function GetLastError Lib "kernel32" Alias "GetLastError" () As Long
Declare Function VirtualProtectEx Lib "kernel32 " (ByVal hProcess As Integer, ByVal lpAddress As Integer, ByVal dwSize As Integer, ByVal flNewProtect As Integer, ByRef lpflOldProtect As Integer) As Integer
Declare Function LoadLibraryA Lib "kernel32.dll" Alias "LoadLibraryA"(ByVal lpLibFileName As String) As Long
Declare Function FreeLibrary Lib "kernel32" Alias "FreeLibrary" (ByVal hLibModule As Long) As Long
Declare Function GetModuleHandleA Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Declare Function GetProcAddress Lib "kernel32.dll" Alias "GetProcAddress"(ByVal 模块句柄 As Long,ByVal 进程名称 As String) As Long
Declare Function GetWindowThreadProcessId Lib "user32" Alias "GetWindowThreadProcessId" (ByVal hwnd As Long, ByRef lpdwProcessId As Long) As Long
Declare Function CallWindowProcA Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As long, ByVal wParam As Long, ByVal lParam As Long) As Long
Declare Function GetCurrentThreadId Lib "kernel32" Alias "GetCurrentThreadId" () As Long
Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, ByVal lpThreadAttributes As long, ByVal dwStackSize As Long, ByVal lpStartAddress As Long, ByVal lpParameter As long, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long
Declare Function SetWindowsHookExW Lib "user32" Alias "SetWindowsHookExW" (ByVal idHook As Long, ByVal lpfn As Long, ByVal hmod As Long, ByVal dwThreadId As Long) As Long
Declare Function CallNextHookEx Lib "user32" Alias "CallNextHookEx" (ByVal hHook As Long, ByVal ncode As Long,ByVal wParam As Long,byval lParam As long) As Long
Declare Function VirtualAlloc Lib "kernel32" (ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Declare Function VirtualFree Lib "kernel32" (ByVal lpAddress As Long, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
Declare Function CreateProcessA Lib "kernel32" Alias "CreateProcessA" ( lpApplicationName As String, ByVal lpCommandLine As String, ByVal lpProcessAttributes As Long,ByVal lpThreadAttributes As Long, ByVal bInheritHandles As Long, ByVal dwCreationFlags As Long, lpEnvironment As Any, ByVal lpCurrentDriectory As String,ByVal lpStartupInfo As long, ByVal lpProcessInformation As long) As Long

送TA礼物

IP属地:广东

1楼2018-04-12 22:15回复

Function Pop_EAX()
PublicCode = PublicCode & "58"
End Function
Function Pop_EBX()
PublicCode = PublicCode & "5B"
End Function
Function Pop_ECX()
PublicCode = PublicCode & "59"
End Function
Function Pop_EDX()
PublicCode = PublicCode & "5A"
End Function
Function Pop_ESI()
PublicCode = PublicCode & "5E"
End Function
Function Pop_ESP()
PublicCode = PublicCode & "5C"
End Function
Function Pop_EDI()
PublicCode = PublicCode & "5F"
End Function
Function Pop_EBP()
PublicCode = PublicCode & "5D"
End Function
'XOR加密
'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&新加的
Function Xor_ECX_EAX()
PublicCode = PublicCode & "33C8"
End Function
Function Xor_EAX_ECX()
PublicCode = PublicCode & "33C1"
End Function
'SHL SHR加密
'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
Function Shl_EAX_(i)
If i = 0 Then
PublicCode = PublicCode & "D1E0"
ElseIf i <= 255 and i >= 0 Then
PublicCode = PublicCode & "C1E0" & W_HighAndLow(i, 2)
Else
TracePrint "命令书写错误!"
End If
End Function
Function Shl_ECX_(i)
If i = 0 Then
PublicCode = PublicCode & "D1E1"
ElseIf i <= 255 and i >= 0 Then
PublicCode = PublicCode & "C1E1" & W_HighAndLow(i, 2)
Else
TracePrint "命令书写错误!"
End If
End Function
Function Shr_EAX_(i)
If i = 0 Then
PublicCode = PublicCode & "D1E8"
ElseIf i <= 255 and i >= 0 Then
PublicCode = PublicCode & "C1E8" & W_HighAndLow(i, 2)
Else
TracePrint "命令书写错误!"
End If
End Function
Function Shr_ECX_(i)
If i = 0 Then
PublicCode = PublicCode & "D1E9"
ElseIf i <= 255 and i >= 0 Then
PublicCode = PublicCode & "C1E9" & W_HighAndLow(i, 2)
Else
TracePrint "命令书写错误!"
End If
End Function
//AND
Function And_EAX_(i)
If i <= 127 and i >= 0 Then
PublicCode = PublicCode & "83C0" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "05" & W_HighAndLow(i, 8)
End If
End Function
Function And_ECX_(i)
If i <= 127 and i >= 0 Then
PublicCode = PublicCode & "83E1" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "25" & W_HighAndLow(i, 8)
End If
End Function
Function And_EAX_ECX()
PublicCode = PublicCode & "21C8"
End Function
Function And_EBX_EDX()
PublicCode = PublicCode & "21D3"
End Function
// OR
Function Or_EAX_ECX()
PublicCode = PublicCode & "33C1"
End Function
Function Or_EBX_EDX()
PublicCode = PublicCode & "09D3"
End Function
//not
Function Not_EAX()
PublicCode = PublicCode & "F7D0"
End Function
Function Not_ECX()
PublicCode = PublicCode & "F7D1"
End Function
Function ABC按键X_类人猿技术群_526897608() //这个功能是将字节集转化成空格形式55 8B EC A1 7C 24
TracePrint "技术联系类人猿Q: 578052137"
End Function
Function ABC按键X_技术QQ_578052137() //这个功能是将字节集转化成空格形式55 8B EC A1 7C 24
TracePrint "技术联系类人猿Q: 578052137"
End Function
Function ABC按键X_测试版本_支持按键X版本内存汇编//这个功能是将字节集转化成空格形式55 8B EC A1 7C 24
TracePrint "技术联系类人猿Q: 578052137"
End Function

IP属地:广东

2楼2018-04-12 22:15

优视科技（中国）有限公司

一站式AI创作，专业资料任你选!

2024-09-26 18:49广告

立即查看

Function Lea_ECX_Ptr_EAX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D48" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D88" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_ECX_Ptr_ESP_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D4C24" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D8C24" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_ECX_Ptr_EBX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D4B" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D8B" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_ECX_Ptr_ECX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D49" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D89" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_ECX_Ptr_EDX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D4A" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D8A" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_ECX_Ptr_EDI_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D4F" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D8F" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_ECX_Ptr_EBP_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D4D" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D8D" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_ECX_Ptr_ESI_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D4E" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D8E" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_Ptr_EAX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D50" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D90" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_Ptr_ESP_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D5424" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D9424" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_Ptr_EBX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D53" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D93" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_Ptr_ECX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D51" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D91" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_Ptr_EDX_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D52" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D92" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_Ptr_EDI_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D57" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D97" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_Ptr_EBP_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D55" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D95" & W_HighAndLow(i, 8)
End If
End Function
Function Lea_EDX_Ptr_ESI_OffSet(i )
If i <= 255 and i >= 0 Then
PublicCode = PublicCode & "8D56" & W_HighAndLow(i, 2)
Else
PublicCode = PublicCode & "8D96" & W_HighAndLow(i, 8)
End If
End Function
'pop
'&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

IP属地:广东

3楼2018-04-12 22:16

Function 进制_单字节集转十(ByteValue)
Dim Hex_Read=""
If ByteValue < 16 Then
Hex_Read = "0" & Hex(ByteValue)
Else
Hex_Read=Hex(ByteValue)
End If
Return Hex_Read
End Function
TracePrint Hex(内存搜索特征码S(&HA00000,&HB00000,"8B 4B 70 8B 53 6C 51 52 8B CE E8 3F 0E 06 00 8D B3 E4 2B 00 00"))
TracePrint (Sys.GetTime() - a) / 1000 &"秒"
Function 内存搜索特征码S(BeginAddr, EndAddr, FeatureCode)//暂时最快速度，十六进制字节集
Dim Struct = StructPack("BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)
Dim Addr_Sturct=addrof(Struct)
dim X1,X2,X3,X4,X5,X6,X7,X8,X9,X10,X11,X12,X13,X14,X15,X16,X17,X18,X19,X20,X21,X22,X23,X24,X25,X26,X27,X28,X29,X30,X31,X32 //这里其实可以根据自己情况，步长位8
FeatureCode = 进制_十六字节集转十字节集(FeatureCode)//这里要进行转换,下面是十进制字节集比较
Dim CurAddr=0
Dim dwSize=(1024+Len(FeatureCode)+32)/32
Dim Array_ReadVale()
Dim Pos_Addr=0
Dim n=0
Dim str_code=""
Dim LeftCut_Str=""
dim arrar_cut
For CurAddr = BeginAddr To EndAddr Step 1024
n=0
For int(dwSize)
ReadProcessMemoryB(Handle_Process,CurAddr+n*32, Addr_Sturct, 32, 0)
X1,X2,X3,X4,X5,X6,X7,X8,X9,X10,X11,X12,X13,X14,X15,X16,X17,X18,X19,X20,X21,X22,X23,X24,X25,X26,X27,X28,X29,X30,X31,X32 = StructUnPack("BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", Struct)
Array_ReadVale(n+1) = X1&"," & X2&"," & X3&"," & X4&"," & X5&"," & X6&"," & X7&"," & X8&"," & X9&"," & X10&"," & X11&"," & X12&"," & X13&"," & X14&"," & X15&"," & X16&"," &X17&","&X18&","&X19&","&X20&","&X21&","_
&X22&","&X23&","&X24&","&X25&","&X26&","&X27&","&X28&","&X29&","&X30&","&X31 &","&X32&","
n = n + 1
Next
str_code=Join(Array_ReadVale, "")
Pos_Addr = Instr(str_code, FeatureCode, 1)
If Pos_Addr <> 0 Then
LeftCut_Str = Left(str_code, Pos_Addr)
arrar_cut=split(LeftCut_Str,",")
// TracePrint arrar_cut
TracePrint ("哥哥！终于找到了。"& Hex(CurAddr+ubound(arrar_cut)-1))
Exit For
End If
Next
Struct = Null
return CurAddr+ubound(arrar_cut)-1
End Function

IP属地:广东

4楼2018-04-12 22:18

Function 创建进程S(PathfileName,path)
Dim struct9=申请_本地内存(500)
Dim struct10=申请_本地内存(20)
CreateProcessA(0,PathfileName,0,0,0,0,0,path,struct9,struct10)
释放_本地内存 (struct9)
释放_本地内存 (struct10)
End function
Function 远程_获取模块函数名(Str_module,Str_Funciton)
Dim RetAddr=申请_进程内存空间(256) //申请储存返回值4字节和字符串
Dim PHandle=GetModuleHandleA("kernel32.dll")
dim FunAddr= GetProcAddress(PHandle, "GetModuleHandleA")
dim addr_GetProcAddress= GetProcAddress(PHandle, "GetProcAddress")
TracePrint addr_GetProcAddress
Dim addr_module=RetAddr+4
写入_ASCII字符(addr_module,str_module)
Dim addrFun =RetAddr+256//函数名字
写入_ASCII字符(addrFun,Str_Funciton)
AsmClear()
Push(addr_module)
Mov_EAX_(FunAddr)
Call_EAX
Mov_Ptr_Addr_EAX (RetAddr)
Mov_EAX_Ptr_(RetAddr)
Push(addrFun)//函数
Push_EAX //模块
Mov_EDX_(addr_GetProcAddress)
Call_EDX()
Mov_Ptr_Addr_EAX (RetAddr)
AsmCodeCall (0)
dim addr_func=读取_4字节整数(RetAddr)
释放_进程内存空间(RetAddr)
Return addr_func
End Function
Function 远程_获取模块句柄(str_module)
Dim RetAddr=申请_进程内存空间(256) //申请储存返回值4字节和字符串
Dim PHandle=GetModuleHandleA("kernel32.dll")
dim FunAddr= GetProcAddress(PHandle, "GetModuleHandleA")
//TracePrint FunAddr
Dim addr =RetAddr+4//
写入_ASCII字符(addr,str_module)
AsmClear()
Push(addr)
Mov_EAX_(FunAddr)
Call_EAX
Mov_Ptr_Addr_EAX(RetAddr)
AsmCodeCall (0)
dim Handle_Module=读取_4字节整数(RetAddr)
释放_进程内存空间(RetAddr)
Return Handle_Module
End Function
Function BindHandlePro(ProcessId)//汇编执行绑定指定进程id获取进程句柄，每次执行的时候要执行一次
Handle_Process = OpenProcess(2035711, false, ProcessId)//获取进程句柄
Return Handle_Process
End Function
//
//Function 远程_获取模块句柄(HandlePro)
//GetModuleHandleA=0
//End Function
//
Function AsmCodeCall(AsmType)//核心代码
PublicCode = PublicCode & "C3"
PublicCode = 十六进制字节集标准化(PublicCode)
// TracePrint PublicCode
dim NewWriteCodeAddr =0
Dim size=0
size = Len(PublicCode) + 10
NewWriteCodeAddr = 申请_进程内存空间(size)//申请空
// TracePrint "注入函数地址："& Hex(NewWriteCodeAddr)
call 写入_字节集( NewWriteCodeAddr, PublicCode)
dim RThwnd = CreateRemoteThread(Handle_Process, 0, 0, NewWriteCodeAddr, 0, 0, 0)
WaitForSingleObject(RThwnd,&HFFFFFFFF)
释放_进程内存空间(NewWriteCodeAddr)
End Function
Function 远程_调用进程函数(Addr)
Dim RThwnd = CreateRemoteThread(Handle_Process, 0, 0, Addr, 0, 0, 0)
WaitForSingleObject(RThwnd,&HFFFFFFFF)
return RThwnd
End Function
Function 远程_注入dll( dll路径字符串)
Dim LoadLibraryA_Addr=动态库dll函数地址获取("kernel32.dll","LoadLibraryA")
dim CodeSize = len(dll路径字符串)+100 //加10避免空间不够用
TracePrint Hex(LoadLibraryA_Addr)
dim NewWriteCodeAddr = 申请_进程内存空间(CodeSize)//申请空间
TracePrint Hex(NewWriteCodeAddr)
CALL 写入_ASCII字符(NewWriteCodeAddr, dll路径字符串)
Dim RThwnd=CreateRemoteThread(Handle_Process, 0, 0, LoadLibraryA_Addr, NewWriteCodeAddr, 0, 0)
WaitForSingleObject(RThwnd,&HFFFFFFFF)
释放_进程内存空间 (NewWriteCodeAddr)
return RThwnd
End Function
Function 写入_ASCII字符(lpBaseAddress, 字符串)
dim i=1
Dim bytestr
For len(字符串)
bytestr = Asc(mid(字符串, i, 1))
// TracePrint bytestr
写入_整数(lpBaseAddress - 1 + i, bytestr,1)
i=i+1
Next
End Function
Function 写入_字节集( WriteAddr, Byte字节集)
Dim ByteArr
ByteArr=Split(Byte字节集," ")
dim i=0
For UBound(ByteArr)
// TracePrint 字节数组(i+1)
call 写入_整数(WriteAddr+i,"&H"&ByteArr(i+1),1) //这里我统一加上&H，可以进行运
i=i+1
Next
Return WriteAddr
End Function
Function 十六进制字节集标准化(十六字节集)
Dim i
dim PublicCode_1 =""
For i = 0 To Len(十六字节集) / 2 - 1
PublicCode_1 = PublicCode_1 &(" " & Mid(十六字节集, i * 2 + 1, 2)) //======里是字符集转换空格隔开======
Next
PublicCode_1 = LTrim(PublicCode_1," ")//重新赋值
return PublicCode_1
End Function
Function 内存_属性修改(Addr,AddrSize)
Dim oldVal=0
return VirtualProtectEx(Handle_Process, Addr, AddrSize, 64, oldVal) //是否需要原来属性，这个还有待测试，是否获取原来属性也可以的。
End Function
Function 线程ID_当前()
Return GetCurrentThreadId()
End Function
Function 线程ID_窗口获取(Hwnd) //窗口线程，也就是窗口创建者ID
return GetWindowThreadProcessId(Hwnd,null)
End Function
Function 进程ID_窗口获取(Hwnd)
Dim lpdwProcessId=0
GetWindowThreadProcessId(Hwnd,lpdwProcessId)
End Function
Function 动态库dll载入(PathFileName)
Return LoadLibraryA(PathFileName)
End Function
Function 动态库dll卸载(PathFileName)
dim hMoule=GetModuleHandleA(PathFileName) //获取模块名
Return FreeLibrary(hMoule)
End Function
Function 动态库dll函数地址获取(FileName,FuncName)//大小写字符敏感
dim hMoule=GetModuleHandleA(FileName) //获取模块名
returnGetProcAddress(hMoule,FuncName)
End Function

IP属地:广东

5楼2018-04-12 22:19

Function 动态库dll模块句柄获取(FileName)
returnGetModuleHandleA(FileName)
End Function
Function 获取内存最后错误()
Return GetLastError()
End Function
Function 申请_进程内存空间(size)
dim tmp_Addr=0
tmp_Addr= VirtualAllocEx(Handle_Process, 0, size, 4096, 64)
Return tmp_Addr
End Function
Function 释放_进程内存空间(addr)
return VirtualFreeEx(Handle_Process, Addr, 0,32768)
End Function
Function 申请_本地内存(size)
returnVirtualAlloc(0,size,&H1000,&H40)//第二个参数注意下
End Function
Function 释放_本地内存(addr)
return VirtualFree(addr,0,&H4000)
End Function
Function 进制_十六字节集转十字节集(StrHexCode)//TracePrint 进制_十六字节集转十字节集("E8 67 56 71 00 8B 86 A8 24 00 00 8D")
Dim CodeArray=split(StrHexCode," ")
Dim StrCode=""
Dim m=1 //按键x版本数值从0开始
For UBound(CodeArray)
StrCode=StrCode &","& 进制_十六转十(CodeArray[m])
m=m+1
Next
Return LTrim(StrCode,",")
End Function
Function 进制_十字节集转十六字节集(StrHexCode)//TracePrint 进制_十字节集转十六字节集("232,103,86,113,0,139,134,168,36,0,0,141")
Dim CodeArray=split(StrHexCode,",")
Dim StrCode=""
Dim m=1 //按键x版本数值从0开始
For UBound(CodeArray)
StrCode=StrCode &" "& Hex(CodeArray[m])
m=m+1
Next
Return LTrim(StrCode," ")
End Function
Function 进制_单字节转二进制字节(Value)//只支持无符号整数，最大数值不能超过255
Dim ByteArr=""
Dim LenVal=0
Dim BuWei=""
If Value<16 then
ByteArr = "0" & Hex(value)
ElseIf Value <=255 and Value>=16 Then
ByteArr = Hex(value)
ElseIf Value > 255 Then
TracePrint "单字节类型数据溢出！"
ByteArr = Hex(value)
End If
return ByteArr
End Function

IP属地:广东

6楼2018-04-12 22:20

Function 进制_八字节整数转二进制字节(Value, ValueType)//64位或者长整数
Dim addr=0
Dim bufaddr=0
Dim Struct
If ValueType=0 then
Struct = StructPack("J", Value)// 无符号64整数
ElseIf ValueType = 1 Then
Struct = StructPack("j", Value)// 有符号64整数
End if
addr = addrof(Struct)
TracePrint Hex(addr)
Dim n=0
Dim str=""
For 8
ReadProcessMemory(获取本地进程句柄(),addr+n, bufaddr, 1, 0)//读取每个字节的值// lpBaseAddress是存放数据的地址
TracePrint hEX(bufaddr)
If bufaddr = 0 Then
str=str &"00"
ElseIf Len(Hex(bufaddr)) = 1 Then
str=str &"0" & Hex(bufaddr)
Else
str=str & Hex(bufaddr)
End If
n = n + 1
Next
Struct=null//释放内存
Return str
End Function
Function 进制_浮点转二进制字节(Value)
Dim addr=0
Dim bufaddr=0
Dim Struct = StructPack("f",Value) //结构体竟然不会自己释放的。
addr = addrof(Struct)
TracePrint Hex(addr)
Dim n=0
Dim str=""
For 4
ReadProcessMemory(获取本地进程句柄(),addr+n, bufaddr, 1, 0)//读取每个字节的值// lpBaseAddress是存放数据的地址
str=str & Hex(bufaddr)
n=n+1
Next
Struct=null//释放内存
Return str
End Function
Function 进制_双浮点转二进制字节(Value)
Dim addr=0
Dim bufaddr=0
Dim Struct = StructPack("d",Value) //结构体竟然不会自己释放的。
addr = addrof(Struct)
TracePrint Hex(addr)
Dim n=0
Dim str=""
For 8
ReadProcessMemory(获取本地进程句柄(),addr+n, bufaddr, 1, 0)//读取每个字节的值// lpBaseAddress是存放数据的地址
str=str & Hex(bufaddr)
n=n+1
Next
Struct=null//释放内存
Return str
End Function
Function 进制_十六转十(十六进制字符串)
//例子：Msgbox lib.算法.十六进制转十进制("FFFFFF")
Dim D,H,i,Ia
D = 0
H = UCase(十六进制字符串)
For i = 1 To Len(H)
Ia = Asc(Mid(H, i, 1)) - 48
If Ia > 9 Then Ia = Ia - 7
D = D * 16 + Ia
Next
return D
End Function
Function 进制_浮点数转十六(Value)
Dim x1, addr=0
Dim bufaddr=0
Dim Struct = StructPack("f",Value) //结构体竟然不会自己释放的。
x1= StructUnPack("f", Struct)
addr = addrof(Struct)
ReadProcessMemory(获取本地进程句柄(),addr, bufaddr, 4, 0)//读取每个字节的值// lpBaseAddress是存放数据的地址
Struct=null//释放内存
Return Hex(bufaddr)
End Function
Function 获取本地进程句柄()
dim pid=GetCurrentProcessId()
Return OpenProcess(2035711, false, pid)//获取进程句柄
End Function
Function 写入_单精度浮点数(lpBaseAddress, WriteValue)// 4字节 2字节 1字节
ReturnWriteProcessMemory(Handle_Process, lpBaseAddress, WriteValue, 4, 0)// lpBaseAddress是存放数据的地址
End Function
Function 写入_整数(lpBaseAddress, WriteValue,size)// 4字节 2字节 1字节
ReturnWriteProcessMemory(Handle_Process, lpBaseAddress, WriteValue, size, 0)// lpBaseAddress是存放数据的地址
End Function
Function 写入_4字节整数(lpBaseAddress, WriteValue)// 4字节 2字节 1字节
ReturnWriteProcessMemory(Handle_Process, lpBaseAddress, WriteValue, 4, 0)// lpBaseAddress是存放数据的地址
End Function
Function 写入_八字节长整数(Addr, Value,TypeVal)
Dim Struct
If TypeVal=0 then
Struct = StructPack("J",Value)//无符号
ElseIf TypeVal = 1 Then
Struct = StructPack("j",Value)//有符号
End If
Dim Value1 =0
dim Value2 =0 //这里要注意初始化
Value1,Value2 =StructUnPack("ll",Struct)
Struct=null//释放内存
WriteProcessMemory(Handle_Process, addr, Value1, 4, 0)
return WriteProcessMemory(Handle_Process, addr+4, Value2, 4, 0)
End Function
Function 写入_双浮点数(Addr,Value)
Dim Struct = StructPack("d",Value)
Dim Value1 =0
dim Value2 =0 //这里要注意初始化
Value1,Value2 =StructUnPack("ll",Struct)
Struct=null//释放内存
WriteProcessMemory(Handle_Process, addr, Value1, 4, 0)
return WriteProcessMemory(Handle_Process, addr+4, Value2, 4, 0)
End Function
//=============================================================读取数据
Function 读取_整数(lpBaseAddress,size)// 4字节 2字节 1字节
Dim ReadValue=0
Return ReadProcessMemory(Handle_Process,lpBaseAddress, ReadValue, size, 0)//读取每个字节的值// lpBaseAddress是存放数据的地址
End Function
Function 读取_4字节整数(lpBaseAddress)// 4字节 2字节 1字节
Dim ReadValue=0
ReadProcessMemory(Handle_Process,lpBaseAddress, ReadValue, 4, 0)//读取每个字节的值// lpBaseAddress是存放数据的地址
Return ReadValue
End Function
Function 读取_浮点数(lpBaseAddress)// 4字节 2字节 1字节
Dim ReadValue=0.02
If lpBaseAddress>=3.4*10^-38 and lpBaseAddress<=3.4*10^38 then
ReadProcessMemory(Handle_Process,lpBaseAddress, ReadValue, 4, 0)//读取每个字节的值// lpBaseAddress是存放数据的地址
End if
Return ReadValue
End Function
Function 读取_双浮点数(addr)
Dim bufaddr1=0
Dim bufaddr2=0
ReadProcessMemory(Handle_Process, addr, bufaddr1, 4, 0) //先分别读写数值的前4位后四位
ReadProcessMemory(Handle_Process, addr+4, bufaddr2, 4, 0)
Dim Struct = StructPack("ll",bufaddr1,bufaddr2) //结构体竟然不会自己释放的。浮点数这里要用ll不要用LL
dim StructAddr = addrof(Struct)
Dim DbValue=0.0
DbValue= StructUnPack("d",Struct)
Struct = null//释放内存
Return DbValue
End Function
Function 读取_ASCII字符串(lpBaseAddress, size)// 4字节 2字节 1字节
Dim srt=""
dim n=0
Dim ReadValue
For size
ReadProcessMemory(Handle_Process,lpBaseAddress+n, ReadValue, 1, 0)//读取每个字节的值// lpBaseAddress是存放数据的地址
srt = srt & chr(ReadValue)
// TracePrint chr(ReadValue)
n=n+1
Next
Return srt
End Function
//=======================================================================================常用命令
Function W_ShellCode()
Dim shell_code=""
shell_code=PublicCode
Return shell_code
End Function
Function W_HighAndLow(Value , n) '高低位互换
Dim tmp1=""
dim tmp2=""
dim i
tmp1 = Right("0000000"& Hex(Value), n)
For i = 0 To Len(tmp1) / 2 - 1
tmp2 = tmp2 & Mid(tmp1, Len(tmp1) - 1 - 2 * i, 2)
Next //=======================================这里出错
Return tmp2
End Function

IP属地:广东

7楼2018-04-12 22:21

全球唯一按键精灵X版本源码。需要共同学习可以加Q：578052137。一起玩最强的按键精灵。

IP属地:广东

8楼2018-04-12 22:22

这个怎么让按键精灵用呢

IP属地:湖南

10楼2021-11-23 22:06

日	一	二	三	四	五	六

按键精灵X内存汇编库（全球首发）——类人猿

登录百度账号

扫二维码下载贴吧客户端