自定义了一个函数,在写内存的时候发现在调用一次的时候写入地址数据正常,当调用第二次的时候在隔四个字节的地方加上b8 25 95 00这样的字节,不明白为什么,请帮助解答一下,代码如下:
function WriteMemory(address:Integer;Bname:array of byte):Boolean;
var
i:Integer;
pData:array of ^Integer;
dwOldProtect: DWORD;
mbi_thunk:TMemoryBasicInformation;
begin
SetLength(pData,SizeOf(Bname));
for i:=0 to SizeOf(Bname)do
begin
pData[i]:=Pointer(address+i);
// VirtualQuery(pdata[i], mbi_thunk, sizeof(MEMORY_BASIC_INFORMATION));
end;
//改变页保护属性为读写
VirtualProtect(mbi_thunk.BaseAddress, mbi_thunk.RegionSize,PAGE_READWRITE, mbi_thunk.Protect);
for i:=0 to SizeOf(Bname)-1 do
begin
PByte(pdata[i])^:=bname[i]; //修改指定地址为XX end;
VirtualProtect(mbi_thunk.BaseAddress, mbi_thunk.RegionSize,mbi_thunk.Protect, dwOldProtect);
Result :=True;
end;调用代码如下:
procedure TForm1.Button2Click(Sender: TObject);
const
temp : array[0..1] of byte = ($34,$35);
temp1 : array[0..1] of byte = ($34,$35);
begin
WriteMemory($00450cf8,killb);
WriteMemory($00450cfe,killc); //当这里为一次writememort调用的时候发现正常,两次的时候在00450d04的地址上就加上了b8 25 95 00 不明白是为什么。
end;------------------------------
以下是全部代码:
unit Unit1;interfaceuses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, bsSkinCtrls, bsSkinData, BusinessSkinForm, StdCtrls;type
TForm1 = class(TForm)
Button1: TButton;
Button2: TButton;
procedure Button1Click(Sender: TObject);
procedure Button2Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;var
Form1: TForm1;implementation{$R *.dfm}function WriteMemory(address:Integer;Bname:array of byte):Boolean;
var
i:Integer;
pData:array of ^Integer;
dwOldProtect: DWORD;
mbi_thunk:TMemoryBasicInformation;
begin
SetLength(pData,SizeOf(Bname));
for i:=0 to SizeOf(Bname)do
begin
pData[i]:=Pointer(address+i);
// VirtualQuery(pdata[i], mbi_thunk, sizeof(MEMORY_BASIC_INFORMATION));
end;
//改变页保护属性为读写
VirtualProtect(mbi_thunk.BaseAddress, mbi_thunk.RegionSize,PAGE_READWRITE, mbi_thunk.Protect);
//VirtualProtect(pdata[i], mbi_thunk.RegionSize,PAGE_READWRITE, mbi_thunk.AllocationBase);
for i:=0 to SizeOf(Bname)-1 do
begin
PByte(pdata[i])^:=bname[i]; //修改指定地址为XX
end;
VirtualProtect(mbi_thunk.BaseAddress, mbi_thunk.RegionSize,mbi_thunk.Protect, dwOldProtect);
Result :=True;
end;
procedure TForm1.Button1Click(Sender: TObject);beginend;
procedure TForm1.Button2Click(Sender: TObject);
const
temp : array[0..1] of byte = ($34,$35);
temp1 : array[0..1] of byte = ($34,$35);
begin
WriteMemory($00450cf8,temp);
WriteMemory($00450cfe,temp1);
end;end.
function WriteMemory(address:Integer;Bname:array of byte):Boolean;
var
i:Integer;
pData:array of ^Integer;
dwOldProtect: DWORD;
mbi_thunk:TMemoryBasicInformation;
begin
SetLength(pData,SizeOf(Bname));
for i:=0 to SizeOf(Bname)do
begin
pData[i]:=Pointer(address+i);
// VirtualQuery(pdata[i], mbi_thunk, sizeof(MEMORY_BASIC_INFORMATION));
end;
//改变页保护属性为读写
VirtualProtect(mbi_thunk.BaseAddress, mbi_thunk.RegionSize,PAGE_READWRITE, mbi_thunk.Protect);
for i:=0 to SizeOf(Bname)-1 do
begin
PByte(pdata[i])^:=bname[i]; //修改指定地址为XX end;
VirtualProtect(mbi_thunk.BaseAddress, mbi_thunk.RegionSize,mbi_thunk.Protect, dwOldProtect);
Result :=True;
end;调用代码如下:
procedure TForm1.Button2Click(Sender: TObject);
const
temp : array[0..1] of byte = ($34,$35);
temp1 : array[0..1] of byte = ($34,$35);
begin
WriteMemory($00450cf8,killb);
WriteMemory($00450cfe,killc); //当这里为一次writememort调用的时候发现正常,两次的时候在00450d04的地址上就加上了b8 25 95 00 不明白是为什么。
end;------------------------------
以下是全部代码:
unit Unit1;interfaceuses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, bsSkinCtrls, bsSkinData, BusinessSkinForm, StdCtrls;type
TForm1 = class(TForm)
Button1: TButton;
Button2: TButton;
procedure Button1Click(Sender: TObject);
procedure Button2Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;var
Form1: TForm1;implementation{$R *.dfm}function WriteMemory(address:Integer;Bname:array of byte):Boolean;
var
i:Integer;
pData:array of ^Integer;
dwOldProtect: DWORD;
mbi_thunk:TMemoryBasicInformation;
begin
SetLength(pData,SizeOf(Bname));
for i:=0 to SizeOf(Bname)do
begin
pData[i]:=Pointer(address+i);
// VirtualQuery(pdata[i], mbi_thunk, sizeof(MEMORY_BASIC_INFORMATION));
end;
//改变页保护属性为读写
VirtualProtect(mbi_thunk.BaseAddress, mbi_thunk.RegionSize,PAGE_READWRITE, mbi_thunk.Protect);
//VirtualProtect(pdata[i], mbi_thunk.RegionSize,PAGE_READWRITE, mbi_thunk.AllocationBase);
for i:=0 to SizeOf(Bname)-1 do
begin
PByte(pdata[i])^:=bname[i]; //修改指定地址为XX
end;
VirtualProtect(mbi_thunk.BaseAddress, mbi_thunk.RegionSize,mbi_thunk.Protect, dwOldProtect);
Result :=True;
end;
procedure TForm1.Button1Click(Sender: TObject);beginend;
procedure TForm1.Button2Click(Sender: TObject);
const
temp : array[0..1] of byte = ($34,$35);
temp1 : array[0..1] of byte = ($34,$35);
begin
WriteMemory($00450cf8,temp);
WriteMemory($00450cfe,temp1);
end;end.
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货