一 模块代码
Option Explicit
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Const PROCESS_ALL_ACCESS = &H1F0FFF '参数决定了对进程的存储权限，使用完全控制
Public Declare Function ReadProcessMemory Lib "kernel32.dll" ( _
ByVal hProcess As Long, _
ByVal lpBaseAddress As Long, _
ByRef lpBuffer As Any, _
ByVal nSize As Long, _
ByRef lpNumberOfBytesWritten As Long) As Long
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long

二 窗体代码
Option Explicit
Dim Hwd As Long '存放窗体句柄
Dim pid As Long '存放进程ID
Dim hProcess As Long '存放进程句柄
Dim H As Long '存放二级指针
Dim buffer As Long '存放一级指针
Dim HP As Integer '存放血量
Dim MP As Integer '存放魔法值
Dim JY As Integer '存放经验值
Dim MaxMp As Integer '存放魔法上限
Dim MaxHp As Integer '存放血量上限
Dim DJ As Integer '人物等级
Private Sub Form_Load()
Hwd = FindWindow(vbNullString, "Element Client") '读取HWND
If Hwd = 0 Then
MsgBox "游戏未运行!!!!!", , "游戏未运行"
End If
GetWindowThreadProcessId Hwd, pid '获取进程标识符
hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, pid) '将进程标识符做为参数，返回目标进程PID的句柄，得到此句柄后即可对目标进行读写操,PROCESS_ALL_ACCESS表示完全控制,权限最大
If hProcess = 0 Then
MsgBox "不能打开进程!!!!!", , "打开进程错误"
Exit Sub
End If

HwdLab.caption=”游戏窗体句柄:” & Hwd
PidLab.caption=”游戏进程ID:” & Pid
ProLab.caption=”游戏进程句柄:” & hProcess ‘这几句,我是为了自己调试用的,方 便随时了解一些信息的?
buffer = Val(Text1.Text) '赋值初始化一级指针,这是我自己电脑上找到的,所以就不贴出来了,可能每个人的都不同吧~我是直接把
End Sub
Private Function ncnr(lpADDress As Long) As Long ' 声明一些需要的变量,注意类型必须为LONG,偶开始在网上找回来的时候,是Integer的,试了半天都通不过~~~~后来改了这才通过的~~原因就是Integer的数值容量太少,内存中存的溢出了
Dim hwnd As Long ' 储存 FindWindow 函数返回的句柄
Dim pHandle As Long ' 储存进程句柄
hwnd = FindWindow(vbNullString, "Element Client") ' 取得进程标识符,双开的话最好把"Element Client"用变量代替,这样方便更改窗体后直接用
GetWindowThreadProcessId hwnd, pid ' 使用进程标识符取得进程句柄
pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pid) ' 在内存地址中读取数据
ReadProcessMemory pHandle, lpADDress, ByVal VarPtr(ncnr), 4, 0& ' 关闭进程句柄
CloseHandle hProcess ‘记得一定要释放内存,不然,呵呵,你等着VB崩溃吧?
End Function
Private Sub Timer1_Timer() ‘我设的interval是100
H = ncnr(buffer) '读内存得到一级指针
AzhiZen.caption=Hex(H) ‘方便自己直观的看内存变化
H = ncnr(H + 36) '读内存得到二级,+号后面的数值是偏移量十六进制24转成十进制的数,以下都相同?
BzhiZen,caption=Hex(H) ‘方便自己直观的看内存变化
HP = ncnr(H + 596) '得到血量值
MP = ncnr(H + 600) '得到魔法值
JY = ncnr(H + 604) '得到经验值
MaxMp = ncnr(H + 624) '得到魔法上限
MaxHp = ncnr(H + 620) '得到血量上限
DJ = ncnr(H + 588) '得到人物等级
HPLab.Caption = "人物血量值: " & HP & " / " & MaxHp
MPlab.Caption = "人物魔法值: " & MP & " / " & MaxMp
JYlab.Caption = "人物经验值: " & JY & " / " & "暂时未知"
DJlab.Caption = "人物等级数: " & DJ & " 级"
End Sub

[