using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Runtime.InteropServices;using System.Diagnostics;namespace 内存读写实例{    public class 原创外挂类    {        #region Api引用        //打开进程，返回进程句柄        [DllImportAttribute("kernel32.dll", EntryPoint = "OpenProcess")]        public static extern IntPtr OpenProcess        (            int dwDesiredAccess,        //渴望得到的访问权限(标志)            bool bInheritHandle,        //是否继承句柄            int dwProcessId             //进程标示符        );        //读内存        [DllImportAttribute("kernel32.dll", EntryPoint = "ReadProcessMemory")]        public static extern bool ReadProcessMemory        (            IntPtr hProcess,            //远程进程句柄。 被读取者            IntPtr lpBaseAddress,       //远程进程中内存地址。 从具体何处读取            IntPtr lpBuffer,            //本地进程中内存地址. 函数将读取的内容写入此处             int nSize,                  //要传送的字节数。要写入多少            IntPtr lpNumberOfBytesRead  //实际传送的字节数. 函数返回时报告实际写入多少        );        //写内存         [DllImportAttribute("kernel32.dll", EntryPoint = "WriteProcessMemory")]        public static extern bool WriteProcessMemory        (            IntPtr hProcess,                //由OpenProcess返回的进程句柄。            IntPtr lpBaseAddress,           //要写的内存首地址            int[] lpBuffer,                 //指向要写的数据的指针。            int nSize,                      //要写入的字节数。            IntPtr lpNumberOfBytesWritten   //实际数据的长度        );        //关闭内核对象        [DllImport("kernel32.dll")]        private static extern void CloseHandle        (            IntPtr hObject                 //欲关闭的对象句柄        );        #endregion        /// <summary>        /// 根据进程名获取PID        /// </summary>        /// <param name="processName">必须是纯进程名，不可以用后缀，如.exe</param>        /// <returns>返回进程ID</returns>        public static int 进程名取进程ID(string processName)        {            Process[] arrayProcess = Process.GetProcessesByName(processName);            foreach (Process p in arrayProcess)            {                return p.Id;            }            return -1;        }        /// <summary>        /// 读内存中的值，以整数形式返回        /// </summary>        /// <param name="processName">必须是不带后缀名的进程名</param>        /// <param name="baseAddress">如果是十六进制，必须在地址前加0x</param>        /// <returns></returns>        public static int 读内存整数型(string processName, int baseAddress)        {            try            {                byte[] buffer = new byte[4];                IntPtr byteAddress = Marshal.UnsafeAddrOfPinnedArrayElement(buffer, 0);         //获取缓冲区地址                 IntPtr hProcess = OpenProcess(0x1F0FFF, false, 进程名取进程ID(processName));     //0x1F0FFF表示最高权限                ReadProcessMemory(hProcess, (IntPtr)baseAddress, byteAddress, 4, IntPtr.Zero);  //将制定内存中的值读入缓冲区                 CloseHandle(hProcess);                return Marshal.ReadInt32(byteAddress);            }            catch            {                return -1;            }        }        /// <summary>        /// 写内存整数型        /// </summary>        /// <param name="processName">纯进程名，不能有后缀名</param>        /// <param name="baseAddress">欲写入的内存地址</param>        /// <param name="value">欲写入的值</param>        public static void 写内存整数型(string processName, int baseAddress, int value)        {            IntPtr hProcess = OpenProcess(0x1F0FFF, false, 进程名取进程ID(processName)); //0x1F0FFF 最高权限             WriteProcessMemory(hProcess, (IntPtr)baseAddress, new int[] { value }, 4, IntPtr.Zero);            CloseHandle(hProcess);        }     }}