这段代码一注入去就弹出错误,还没找出问题
最后25分了。。我也不想发这么小分帮下忙//全局变量
var
hwin, pid: DWORD;
hprocess: DWORD;
type
PParam = ^TParam;
TParam = packed record
fLoadLibrary: DWORD;
fGetProcAddress: DWORD;
DllName: array[0..10] of Char;
FunName: array[0..16] of Char;
FunName2: array[0..15] of Char;
end;//要注入去的函数,功能是点击一个按钮
procedure MsgA(param: PParam); stdcall;
type
LoadLibraryFunc = function(lib: PChar): DWORD; stdcall;
GetProcAddressFunc = function(lib: DWORD; name: PChar): DWORD; stdcall;
FuncTranslateMessage = function(Msg: TMsg): Boolean; stdcall;
FuncDispatchMessage = function(Msg: TMsg): Integer; stdcall;
var
myLoad: LoadLibraryFunc;
myGetProc: GetProcAddressFunc;
myTranslateMessage: FuncTranslateMessage;
myDispatchMessage: FuncDispatchMessage;
hlib: DWORD;
Msg: TMsg;
begin
myLoad := LoadLibraryFunc(param^.fLoadLibrary);
myGetProc := GetProcAddressFunc(param^.fGetProcAddress);
hlib := myLoad(@param^.DllName[0]);
myTranslateMessage := FuncTranslateMessage(myGetProc(hlib, @param^.FunName[0]));
myDispatchMessage := FuncDispatchMessage(myGetProc(hlib, @param^.FunName2[0])); Msg.hwnd:= $029051E; //按钮的句柄测试用
Msg.message:= WM_LBUTTONDOWN; //发送的消息
Msg.wParam:=0;
Msg.lParam:=0;
myTranslateMessage(Msg);
myDispatchMessage(Msg); Msg.hwnd:= $029051E; //按钮的句柄测试用
Msg.message:= WM_LBUTTONUP;
Msg.wParam:=0;
Msg.lParam:=0;
myTranslateMessage(Msg);
myDispatchMessage(Msg);
end;
//下面开始注入
procedure TForm1.Button2Click(Sender: TObject);
var
param: TParam;
pparam, pfunc: Pointer;
hlib: DWORD;
hthread: DWORD;
v: DWORD;
iSize: DWORD;
begin
hwin := FindWindow(nil, 'Form1');
GetWindowThreadProcessId(hwin, pid);
hprocess := OpenProcess(PROCESS_ALL_ACCESS, False, pid);
pparam := VirtualAllocEx(hprocess, nil, SizeOf(param), MEM_COMMIT, PAGE_READWRITE);
iSize := 1024;
pfunc := VirtualAllocEx(hprocess, nil, iSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); // 初始化参数
FillChar(param, SizeOf(param), 0);
hlib := GetModuleHandle('Kernel32.dll');
param.fLoadLibrary := DWORD(GetProcAddress(hlib, 'LoadLibraryA'));
param.fGetProcAddress := DWORD(GetProcAddress(hlib, 'GetProcAddress')); param.DllName := 'user32.dll';
param.FunName := 'TranslateMessage';
param.FunName2 := 'DispatchMessage'; WriteProcessMemory(hprocess, pparam, @param, SizeOf(param), v);
WriteProcessMemory(hprocess, pfunc, @MsgA, iSize, v);
hthread := createRemoteThread(hprocess, nil, 0, pfunc, pparam, 0, v); WaitForSingleObject(hthread, INFINITE);
VirtualFreeEx(hprocess, pfunc, iSize, MEM_DECOMMIT);
VirtualFreeEx(hprocess, pparam, SizeOf(param), MEM_DECOMMIT);
CloseHandle(hprocess);
end;
只是想尝试新方法发送消息,模拟点击程序上的一个按钮,用SendMessage没问题但这样发送就出错了
最后25分了。。我也不想发这么小分帮下忙//全局变量
var
hwin, pid: DWORD;
hprocess: DWORD;
type
PParam = ^TParam;
TParam = packed record
fLoadLibrary: DWORD;
fGetProcAddress: DWORD;
DllName: array[0..10] of Char;
FunName: array[0..16] of Char;
FunName2: array[0..15] of Char;
end;//要注入去的函数,功能是点击一个按钮
procedure MsgA(param: PParam); stdcall;
type
LoadLibraryFunc = function(lib: PChar): DWORD; stdcall;
GetProcAddressFunc = function(lib: DWORD; name: PChar): DWORD; stdcall;
FuncTranslateMessage = function(Msg: TMsg): Boolean; stdcall;
FuncDispatchMessage = function(Msg: TMsg): Integer; stdcall;
var
myLoad: LoadLibraryFunc;
myGetProc: GetProcAddressFunc;
myTranslateMessage: FuncTranslateMessage;
myDispatchMessage: FuncDispatchMessage;
hlib: DWORD;
Msg: TMsg;
begin
myLoad := LoadLibraryFunc(param^.fLoadLibrary);
myGetProc := GetProcAddressFunc(param^.fGetProcAddress);
hlib := myLoad(@param^.DllName[0]);
myTranslateMessage := FuncTranslateMessage(myGetProc(hlib, @param^.FunName[0]));
myDispatchMessage := FuncDispatchMessage(myGetProc(hlib, @param^.FunName2[0])); Msg.hwnd:= $029051E; //按钮的句柄测试用
Msg.message:= WM_LBUTTONDOWN; //发送的消息
Msg.wParam:=0;
Msg.lParam:=0;
myTranslateMessage(Msg);
myDispatchMessage(Msg); Msg.hwnd:= $029051E; //按钮的句柄测试用
Msg.message:= WM_LBUTTONUP;
Msg.wParam:=0;
Msg.lParam:=0;
myTranslateMessage(Msg);
myDispatchMessage(Msg);
end;
//下面开始注入
procedure TForm1.Button2Click(Sender: TObject);
var
param: TParam;
pparam, pfunc: Pointer;
hlib: DWORD;
hthread: DWORD;
v: DWORD;
iSize: DWORD;
begin
hwin := FindWindow(nil, 'Form1');
GetWindowThreadProcessId(hwin, pid);
hprocess := OpenProcess(PROCESS_ALL_ACCESS, False, pid);
pparam := VirtualAllocEx(hprocess, nil, SizeOf(param), MEM_COMMIT, PAGE_READWRITE);
iSize := 1024;
pfunc := VirtualAllocEx(hprocess, nil, iSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); // 初始化参数
FillChar(param, SizeOf(param), 0);
hlib := GetModuleHandle('Kernel32.dll');
param.fLoadLibrary := DWORD(GetProcAddress(hlib, 'LoadLibraryA'));
param.fGetProcAddress := DWORD(GetProcAddress(hlib, 'GetProcAddress')); param.DllName := 'user32.dll';
param.FunName := 'TranslateMessage';
param.FunName2 := 'DispatchMessage'; WriteProcessMemory(hprocess, pparam, @param, SizeOf(param), v);
WriteProcessMemory(hprocess, pfunc, @MsgA, iSize, v);
hthread := createRemoteThread(hprocess, nil, 0, pfunc, pparam, 0, v); WaitForSingleObject(hthread, INFINITE);
VirtualFreeEx(hprocess, pfunc, iSize, MEM_DECOMMIT);
VirtualFreeEx(hprocess, pparam, SizeOf(param), MEM_DECOMMIT);
CloseHandle(hprocess);
end;
只是想尝试新方法发送消息,模拟点击程序上的一个按钮,用SendMessage没问题但这样发送就出错了
解决方案 »
- Oracle 的数据库布置购买问题
- DirectShow写的媒体播放器,用于显示画面的控件在播放时被画面复盖的地方不响应鼠标事件,这是怎么回事啊?如 click、dbclick等都不响应
- ClientDataSet从XML加载数据后在没有改动的情况全部写入数据库
- 我该怎么办?是去华为做软件测试还是留下来搞开发?
- 请问,拖拉文件问题
- 请问能否在Delphi中打印Word文档,并指定从哪台打印机打印?
- “Operation must be performed on the current session.”是什么意思啊?它还是出现了这个提示错误!
- group by brwrdate?
- toolbar中,bitbtn控件的visible属性为true时,为什么还是有个别bitbtn不能显示?
- Delphi如何同时实现画图和文字编辑,求大神给个思路,可以用GDI+实现吗
- 关于Ado控件的问题
- 请问怎么得到其他进程模块的信息?
高手召唤术