MyKernel32类
[java] view plain copy print ? package com.jna; import com.sun.jna.Native; import com.sun.jna.Structure; import com.sun.jna.examples.win32.Kernel32; import com.sun.jna.examples.win32.W32API; import com.sun.jna.ptr.IntByReference; public interface MyKernel32 extends Kernel32{ public MyKernel32 INSTANCE=(MyKernel32)Native.loadLibrary("kernel32",MyKernel32.class); public W32API.HANDLE OpenProcess(int dwDesiredAccess,boolean flag,int dwProcessid); public boolean ReadProcessMemory(W32API.HANDLE hProcess,int ipBaseAddress,Object ipBuffer,int nSize,IntByReference ipNumberOfBytesRead); public boolean ReadProcesMemorey(W32API.HANDLE hProcess,int IntBaseAddress,byte []ipBuffer,int nSize,IntByReference ipNumberOfBytesRead); public int VirtualAllocEx(W32API.HANDLE hProcess,IntByReference lpAddress,int dwSize,int flAllocationType,int flProtect); public HANDLE CreateRemoteThread(W32API.HANDLE hProcess,Structure lpThreadAttributes,int dwStackSize,int lpStartAddress,Structure lpParameter,int dwCreationFlags,IntByReference lpThreadId); public boolean WriteProcessMemory(W32API.HANDLE hProcess,int lpBaseAddress,byte []lpBuffer,int nSize,IntByReference lpNumberOfBytesWritten); } package com.jna; import com.sun.jna.Native; import com.sun.jna.Structure; import com.sun.jna.examples.win32.Kernel32; import com.sun.jna.examples.win32.W32API; import com.sun.jna.ptr.IntByReference; public interface MyKernel32 extends Kernel32{ public MyKernel32 INSTANCE=(MyKernel32)Native.loadLibrary("kernel32",MyKernel32.class); public W32API.HANDLE OpenProcess(int dwDesiredAccess,boolean flag,int dwProcessid); public boolean ReadProcessMemory(W32API.HANDLE hProcess,int ipBaseAddress,Object ipBuffer,int nSize,IntByReference ipNumberOfBytesRead); public boolean ReadProcesMemorey(W32API.HANDLE hProcess,int IntBaseAddress,byte []ipBuffer,int nSize,IntByReference ipNumberOfBytesRead); public int VirtualAllocEx(W32API.HANDLE hProcess,IntByReference lpAddress,int dwSize,int flAllocationType,int flProtect); public HANDLE CreateRemoteThread(W32API.HANDLE hProcess,Structure lpThreadAttributes,int dwStackSize,int lpStartAddress,Structure lpParameter,int dwCreationFlags,IntByReference lpThreadId); public boolean WriteProcessMemory(W32API.HANDLE hProcess,int lpBaseAddress,byte []lpBuffer,int nSize,IntByReference lpNumberOfBytesWritten); }
Main类
[java] view plain copy print ? package com.main; import com.jna.MyKernel32; import com.sun.jna.Structure; import com.sun.jna.examples.win32.User32; import com.sun.jna.examples.win32.W32API; import com.sun.jna.examples.win32.W32API.HANDLE; import com.sun.jna.examples.win32.W32API.HWND; import com.sun.jna.ptr.IntByReference; import org.loon.framework.os.ASM; @SuppressWarnings({"unused","static-access"}) public class Main { private static final int PROCESS_ALL_ACCESS=2035711; //权限 public void Game(){ //获得窗口句柄 W32API.HWND hwnd = User32.INSTANCE.FindWindow(null, "【魔域】"); //获得窗口进程ID IntByReference lpdwProcessId=new IntByReference(); int Tid = User32.INSTANCE.GetWindowThreadProcessId(hwnd, lpdwProcessId); W32API.HANDLE processHandle=null; //获得进程句柄 processHandle=MyKernel32.INSTANCE.OpenProcess(PROCESS_ALL_ACCESS,false, lpdwProcessId.getValue()); //开辟内存空间 int l=MyKernel32.INSTANCE.VirtualAllocEx(processHandle, null, 0x3000, 0x1000, 0x40); if(l==0){ System.out.println("分配内存失败"); return; }else{ System.out.println("分配内存成功"); System.out.println("内存地址:"+l); } //编写汇编码 ASM asm = new ASM(); //寄存器全部入栈 asm._PUSHAD(); //写入CALL汇编码 //BB出征CALL asm._PUSH(0); asm._PUSH(0x83afe631); asm._MOV_ECX(0x01170090); asm._CALL(0x00C88890); //寄存器全部出栈 asm._POPAD(); //结尾标记 asm._RET(); boolean b = MyKernel32.INSTANCE.WriteProcessMemory(processHandle, l, ASM.getHexToBytes(asm.getASMCode()), 0x3000, null); if(b){ System.out.println("写入成功"); }else{ System.out.println("写入失败"); return; } int lpThreadId=0; MyKernel32.INSTANCE.CreateRemoteThread(processHandle, null, 0, l,null , 0, null); } public static void main(String[] args) { Main main = new Main(); main.Game(); } }