#module "procmem" /* typedef struct _PROCESS_INFORMATION { HANDLE hProcess; HANDLE hThread; DWORD dwProcessId; DWORD dwThreadId; } PROCESS_INFORMATION, *PPROCESS_INFORMATION, *LPPROCESS_INFORMATION; */ #define NULL 0 #define FALSE 0 #define TRUE 1 //#define PROCESS_ALL_ACCESS 0x1f0fff #define DEBUG_PROCESS 0x00000001 #define NORMAL_PRIORITY_CLASS 0x00000020 #deffunc setptr val,int mref PVAL,1024 mref ptr,1 mref _stat,64 _stat=PVAL.7 PVAL.7=ptr return #deffunc pmem_init // Kernel32.DLLを読み込み ll_libload hKernel,"Kernel32.dll" ll_getproc pCreateProcess,"CreateProcessA",hKernel ll_getproc pOpenProcess,"OpenProcess",hKernel ll_getproc pReadProcessMemory,"ReadProcessMemory",hKernel ll_getproc pWriteProcessMemory,"WriteProcessMemory",hKernel return #deffunc pmem_free onexit // Kernel32.DLLを開放 if hKernel : ll_free hKernel return #deffunc pmem_createproc val,str mref _p1,16 mref _p2,33 ll_getptr _p2 ll_ret lpPath ll_getptr si ll_ret psi ll_getptr pi ll_ret ppi prm=lpPath, NULL, NULL, NULL, TRUE, NORMAL_PRIORITY_CLASS,NULL,NULL,psi,ppi ll_callfunc prm,10,pCreateProcess _p1=pi.0 return // pmem_read PID,ReadBuf,ptr,size #deffunc pmem_read int,val,int,int mref _hProcess,0 mref _buf,25 mref _ptr,2 mref _len,3 mref _stat,64 ll_getptr _buf ll_ret pbuf ll_getptr size ll_ret psize prm=_hProcess, _ptr, pbuf, _len, psize ll_callfunc prm,5,pReadProcessMemory _stat=size return // pmem_write PID,WriteBuf,ptr,size #deffunc pmem_write int,val,int,int mref _hProcess,0 mref _buf,25 mref _ptr,2 mref _len,3 mref _stat,64 ll_getptr _buf ll_ret pbuf ll_getptr size ll_ret psize prm=_hProcess, _ptr, pBuf, _len, psize ll_callfunc prm,5,pWriteProcessMemory _stat=size return #global pmem_init ;使用前に呼び出す path="C:\\WINDOWS\\NOTEPAD.EXE" // 起動 pmem_createproc hProcess,path mes "hProcess: "+hProcess wait 200 // 起動待ち // 読み込み sdim Buf,65536 pmem_read hProcess,Buf,0x01000000,65536 ;pmem_read hProcess,Buf,0x00400000,65536 mes "Readed: "+stat bsave "notepad.dump",Buf,stat ; pmem_write hProcess,Buf,0x00400000,65536 ; mes "Writed: "+stat mes "ok" stop