C# 制作外挂常用的API

C#做外挂的常用API.

usingSystem;

usingSystem.Collections.Generic;

usingSystem.Text;

usingSystem.Runtime.InteropServices;//这个肯定要的

namespaceWindowsApplication1

{

classwin32API

{

publicconstintOPEN_PROCESS_ALL=2035711;

publicconstintPAGE_READWRITE=4;

publicconstintPROCESS_CREATE_THREAD=2;

publicconstintPROCESS_HEAP_ENTRY_BUSY=4;

publicconstintPROCESS_VM_OPERATION=8;

publicconstintPROCESS_VM_READ=256;

publicconstintPROCESS_VM_WRITE=32;

privateconstintPAGE_EXECUTE_READWRITE=0x4;

privateconstintMEM_COMMIT=4096;

privateconstintMEM_RELEASE=0x8000;

privateconstintMEM_DECOMMIT=0x4000;

privateconstintPROCESS_ALL_ACCESS=0x1F0FFF;

//查找窗体

[DllImport("User32.dll",EntryPoint="FindWindow")]

publicexternstaticIntPtrFindWindow(

stringlpClassName,

stringlpWindowName

);

//得到目标进程句柄的函数

[DllImport("USER32.DLL")]

publicexternstaticintGetWindowThreadProcessId(

inthwnd,

refintlpdwProcessId

);

[DllImport("USER32.DLL")]

publicexternstaticintGetWindowThreadProcessId(

IntPtrhwnd,

refintlpdwProcessId

);

//打开进程

[DllImport("kernel32.dll")]

publicexternstaticintOpenProcess(

intdwDesiredAccess,

intbInheritHandle,

intdwProcessId

);

[DllImport("kernel32.dll")]

publicexternstaticIntPtrOpenProcess(

uintdwDesiredAccess,

intbInheritHandle,

uintdwProcessId

);

//关闭句柄的函数

[DllImport("kernel32.dll",EntryPoint="CloseHandle")]

publicstaticexternintCloseHandle(

inthObject

);

//读内存

[DllImport("Kernel32.dll")]

publicstaticexternInt32ReadProcessMemory(

IntPtrhProcess,

IntPtrlpBaseAddress,

[In,Out]byte[]buffer,

intsize,

outIntPtrlpNumberOfBytesWritten

);

[DllImport("Kernel32.dll")]

publicstaticexternInt32ReadProcessMemory(

inthProcess,

intlpBaseAddress,

refintbuffer,

//byte[]buffer,

intsize,

intlpNumberOfBytesWritten

);

[DllImport("Kernel32.dll")]

publicstaticexternInt32ReadProcessMemory(

inthProcess,

intlpBaseAddress,

byte[]buffer,

intsize,

intlpNumberOfBytesWritten

);

//写内存

[DllImport("kernel32.dll")]

publicstaticexternInt32WriteProcessMemory(

IntPtrhProcess,

IntPtrlpBaseAddress,

[In,Out]byte[]buffer,

intsize,

outIntPtrlpNumberOfBytesWritten

);

[DllImport("kernel32.dll")]

publicstaticexternInt32WriteProcessMemory(

inthProcess,

intlpBaseAddress,

byte[]buffer,

intsize,

intlpNumberOfBytesWritten

);

//创建线程

[DllImport("kernel32",EntryPoint="CreateRemoteThread")]

publicstaticexternintCreateRemoteThread(

inthProcess,

intlpThreadAttributes,

intdwStackSize,

intlpStartAddress,

intlpParameter,

intdwCreationFlags,

refintlpThreadId

);

//开辟指定进程的内存空间

[DllImport("Kernel32.dll")]

publicstaticexternSystem.Int32VirtualAllocEx(

System.IntPtrhProcess,

System.Int32lpAddress,

System.Int32dwSize,

System.Int16flAllocationType,

System.Int16flProtect

);

[DllImport("Kernel32.dll")]

publicstaticexternSystem.Int32VirtualAllocEx(

inthProcess,

intlpAddress,

intdwSize,

intflAllocationType,

intflProtect

);

//释放内存空间

[DllImport("Kernel32.dll")]

publicstaticexternSystem.Int32VirtualFreeEx(

inthProcess,

intlpAddress,

intdwSize,

intflAllocationType

);

}

}

.csharpcode,.csharpcodepre
{
font-size:small;
color:black;
font-family:consolas,"CourierNew",courier,monospace;
background-color:#ffffff;
/*white-space:pre;*/
}
.csharpcodepre{margin:0em;}
.csharpcode.rem{color:#008000;}
.csharpcode.kwrd{color:#0000ff;}
.csharpcode.str{color:#006080;}
.csharpcode.op{color:#0000c0;}
.csharpcode.preproc{color:#cc6633;}
.csharpcode.asp{background-color:#ffff00;}
.csharpcode.html{color:#800000;}
.csharpcode.attr{color:#ff0000;}
.csharpcode.alt
{
background-color:#f4f4f4;
width:100%;
margin:0em;
}
.csharpcode.lnum{color:#606060;}

原文地址：原文