我们知道可以用Send ( handle, message#, lowword, long )函数完成不同程序窗口间的消息传递,其中最后两个参数为long型,因此可以利用这两个参数来传递数字型的变量。如果想传递的是字符串呢?由于每个进程都有自己独立的内存地址和内存空间,因此不可能直接通过访问变量地址的方法得到变量。
下面给出pb的方法:
source程序:
外部函数:
Function ulong GetCurrentProcessId() LIBRARY "kernel32.dll"
Function integer SndMsg(long hWnd, long uMsg, long url, &
ref blob info) library "user32.dll" Alias For "SendMessageA
constant long PBM_CUSTOM01 = 1024
程序:
IF il_hTarget <= 0 THEN findTarget() //找接受变量的窗口,主要用findwindow实现
IF il_hTarget > 0 THEN
String ls_len
//组成一个要发送的字符串
url+= " "+info+" "+String(srctype)+" "+String(offlinetype)
//计算整个要发送字符的长度,并转化为长度为10的字符串
ls_len = String(Len(url))
IF Len(ls_len) < 10 THEN
ls_len = Space(10 - Len(ls_len))+ls_len
END IF
//转化为blob并发送
Blob lb_snd
lb_snd = Blob(ls_len+url)
SndMsg(il_hTarget, PBM_CUSTOM01 +9,getcurrentprocessID(),lb_snd)
END IF
target程序:
外部函数:
Function ulong OpenProcess(ulong dwDesiredAccess,ulong bInheritHandle,ulong dwProcessId) LIBRARY "kernel32.dll"
Function ulong ReadProcessMemoryStr(ulong hProcess,long lpBaseAddress,ref string lpBuffer,ulong nSize,ref long lpNumberOfBytesWritten) LIBRARY "kernel32.dll" Alias for "ReadProcessMemory"
Function ulong ReadProcessMemoryBlob(ulong hProcess,long lpBaseAddress,ref blob lpBuffer,ulong nSize,ref long lpNumberOfBytesWritten) LIBRARY "kernel32.dll" Alias for "ReadProcessMemory"
事件pbm_custom10:
If (wparam = 0) Or (lparam = 0) THEN RETURN
Long ll_null
SetNull(ll_null)
Long processhnd
CONSTANT Long PROCESS_VM_READ = 16
processhnd = openprocess(PROCESS_VM_READ,0,wparam);
//读取发送进程的内存数据
String ls_size
Long ll_size
ls_size = Space(10) //数据的大小
ReadProcessMemoryStr(processhnd,lparam,ls_size,10,ll_null)
ll_size = Long(Trim(ls_size))
Blob lb_data
lb_data = Blob(String(Space(ll_size)))
ReadProcessMemoryBlob(processhnd,lparam+10,lb_data,ll_size,ll_null)
string ls_data
ls_data = String(lb_data) //好啦,收到礼物了
本文地址:http://com.8s8s.com/it/it19828.htm