这是注入EXPLORER.EXE线程内存保留地址的核心代码.

Option Explicit
Public Declare Function OpenProcess Lib \"kernel32\" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function VirtualAllocEx Lib \"kernel32\" (ByVal ProcessHandle As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Public Declare Function VirtualFreeEx Lib \"kernel32\" (ByVal ProcessHandle As Long, lpAddress As Any, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Public Declare Function GetWindowThreadProcessId Lib \"user32\" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Public Declare Function GetProcAddress Lib \"kernel32\" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Public Declare Function FindWindow Lib \"user32\" Alias \"FindWindowA\" (ByVal lpClassName As Any, ByVal lpWindowName As Any) As Long
Public Declare Function CreateRemoteThread Lib \"kernel32\" (ByVal ProcessHandle As Long, lpThreadAttributes As Long, ByVal dwStackSize As Long, lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpthreadid As Long) As Long
Public Declare Function CreateThread Lib \"kernel32\" (ByVal lpThreadAttributes As Any, ByVal dwStackSize As Long, ByVal lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpthreadid As Long) As Long
Public Declare Function GetModuleHandleA Lib \"kernel32\" (ByVal ModName As Any) As Long
Public Declare Function WriteProcessMemory Lib \"kernel32\" (ByVal ProcessHandle As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function ReadProcessMemory Lib \"kernel32\" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function LoadLibrary Lib \"kernel32\" Alias \"LoadLibraryA\" (ByVal lpLibFileName As String) As Long
Public Declare Function CallWindowProc Lib \"user32\" Alias \"CallWindowProcA\" (ByVal lpPrevWndFunc As Long, ByVal hwnd As Long, ByVal Msg As Any, ByVal wParam As Any, ByVal lParam As Any) As Long
Public Declare Function MessageBox Lib \"user32\" Alias \"MessageBoxA\" (ByVal hwnd As Long, ByVal lpText As String, ByVal lpCaption As String, ByVal wType As Long) As Long
Public Declare Function DeleteFile Lib \"kernel32\" Alias \"DeleteFileA\" (ByVal lpFileName As String) As Long
Public Declare Function CreateEvent Lib \"kernel32\" Alias \"CreateEventA\" (ByVal lpEventAttributes As Long, ByVal bManualReset As Long, ByVal bInitialState As Long, ByVal lpname As String) As Long
Public Declare Function GetModuleFileName Lib \"kernel32\" Alias \"GetModuleFileNameA\" (ByVal hModule As Integer, ByVal lpFileName As String, ByVal nSize As Integer) As Integer
Public Declare Function GetCurrentProcessId Lib \"kernel32\" () As Long
Public Declare Function GetMessage Lib \"user32\" Alias \"GetMessageA\" (lpMsg As Msg, ByVal hwnd As Long, ByVal wMsgFilterMin As Long, ByVal wMsgFilterMax As Long) As Long
Public Declare Function TranslateMessage Lib \"user32\" (lpMsg As Msg) As Long
Public Declare Function DispatchMessage Lib \"user32\" Alias \"DispatchMessageA\" (lpMsg As Msg) As Long
Public Declare Function ShowWindow Lib \"user32\" (ByVal hwnd As Long, ByVal nCmdShow As Long) As Long
Public Declare Function LoadCursor Lib \"user32\" Alias \"LoadCursorA\" (ByVal hInstance As Long, ByVal lpCursorName As Any) As Long
Public Declare Function LoadIcon Lib \"user32\" Alias \"LoadIconA\" (ByVal hInstance As Long, ByVal lpIconName As String) As Long
Public Declare Function CreateFontIndirect Lib \"gdi32\" Alias \"CreateFontIndirectA\" (lpLogFont As LOGFONT) As Long
Public Declare Function DestroyWindow Lib \"user32\" (ByVal hwnd As Long) As Long
Public Declare Function SendMessage Lib \"user32\" Alias \"SendMessageA\" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long
Public Declare Function CreateWindowEx Lib \"user32\" Alias \"CreateWindowExA\" (ByVal dwExStyle As Long, ByVal lpClassName As String, ByVal lpWindowName As String, ByVal dwStyle As Long, ByVal x As Long, ByVal y As Long, ByVal nWidth As Long, ByVal nHeight As Long, ByVal hWndParent As Long, ByVal hMenu As Long, ByVal hInstance As Long, lpParam As Any) As Long
Public Declare Function SetWindowText Lib \"user32\" Alias \"SetWindowTextA\" (ByVal hwnd As Long, ByVal lpString As String) As Long
Public Declare Function SetWindowLong Lib \"user32\" Alias \"SetWindowLongA\" (ByVal hwnd As Long, ByVal nIndex As Long, ByVal dwNewLong As Long) As Long
Public Declare Function RegisterClass Lib \"user32\" Alias \"RegisterClassA\" (Class As WNDCLASS) As Long
Public Declare Function UnregisterClass Lib \"user32\" Alias \"UnregisterClassA\" (ByVal lpClassName As String, ByVal hInstance As Long) As Long
Public Declare Function DefWindowProc Lib \"user32\" Alias \"DefWindowProcA\" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long

如果本文没有解决您的问题，请进老妖怪开发者社区提问