|  | 
 
 发表于 2010-11-22 23:54:46
|
显示全部楼层 
| 不过,还有一个新的问题: 
 解释一下这几句代码
 
 Private Sub Command1_Click()
 'On Error Resume Next
 MyExeId = RunEXE("calc.exe")
 MyExeEP = PsLookupProcessByProcessId(MyExeId) ': MsgBox Hex$(MyExeEP), , "MyExeEP"
 TkExeId = CLng(Text1.Text)
 TkExeEP = PsLookupProcessByProcessId(TkExeId) ': MsgBox Hex$(TkExeEP), , "TkExeEP"
 DumpKernelMemoryEx MyExeEP + &H18, 4, VarPtr(o_dtb(0))
 DumpKernelMemoryEx TkExeEP + &H18, 4, VarPtr(dtb(0))
 ModifyKernelMemoryEx MyExeEP + &H18, 4, VarPtr(dtb(0))
 MsgBox "OK!", vbInformation, "傀儡进程的ID是:" & CStr(MyExeId)
 End Sub
 | 
 |