已经用OD查到call的代码。所以编写了下面的代码测试。
结果编译都没有通过。总是change这里出问题
错误提示:
[DCC Error] main.pas(70): E2036 Variable required
错误点:
homeAdd:=FunIn(hwndg,@change);//调用注入函数大家帮我看看到底怎么处理吧。多谢!
//源代码
unit main;interfaceuses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ComCtrls, Menus, ExtCtrls, IniFiles;type
TForm1 = class(TForm)
Button1: TButton;
procedure Button1Click(Sender: TObject);
procedure FormCreate(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
function FunIn(Hid:cardinal;FunName:pointer):cardinal;
procedure change;
end;var
Form1: TForm1;
hwndg: cardinal;
homeAdd:cardinal;
hProcess:integer;
pid : dword;
implementation{$R *.dfm}procedure change;
var
Address:pointer;
begin
Address:=Pointer($004537C4); //函数入口地址
asm
pushad //保存寄存器环境
mov eax,47 //参考上面的反汇编
call Address //正式调用函数
popad //恢复寄存器环境
end;
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
hWndG := FindWindow(0, 'Form1');
end;function TForm1.FunIn(Hid:cardinal;FunName:pointer):cardinal;
var
{要注入线程的窗口句柄和临时存放的句柄}
TmpHandle: THandle;
ThreadID: Thandle;
ThreadAdd:pointer;
WriteCount: DWORD;
begin
ThreadAdd := VirtualAllocEx(Hid, nil, 4096, MEM_COMMIT, PAGE_EXECUTE_READWRITE);//在目标进程建立内存空间
WriteProcessMemory(Hid, ThreadAdd,FunName, 4096, WriteCount);//将要注入的过程写到上面建立的内存空间中
TmpHandle := CreateRemoteThread(Hid, nil, 0, ThreadAdd, nil, CREATE_SUSPENDED, ThreadID);//获得注入后过程的句柄ID
result:=TmpHandle;//返回句柄ID
end;procedure TForm1.Button1Click(Sender: TObject);
begin
GetWindowThreadProcessId(hwndg, pid);
hProcess := OpenProcess(PROCESS_ALL_ACCESS, False, pid);
homeAdd:=FunIn(hwndg,@change);//调用注入函数
ResumeThread(homeAdd); //运行注入的CALL线程
CloseHandle(homeAdd); //关闭线程
closehandle(hprocess);
end;end.
结果编译都没有通过。总是change这里出问题
错误提示:
[DCC Error] main.pas(70): E2036 Variable required
错误点:
homeAdd:=FunIn(hwndg,@change);//调用注入函数大家帮我看看到底怎么处理吧。多谢!
//源代码
unit main;interfaceuses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ComCtrls, Menus, ExtCtrls, IniFiles;type
TForm1 = class(TForm)
Button1: TButton;
procedure Button1Click(Sender: TObject);
procedure FormCreate(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
function FunIn(Hid:cardinal;FunName:pointer):cardinal;
procedure change;
end;var
Form1: TForm1;
hwndg: cardinal;
homeAdd:cardinal;
hProcess:integer;
pid : dword;
implementation{$R *.dfm}procedure change;
var
Address:pointer;
begin
Address:=Pointer($004537C4); //函数入口地址
asm
pushad //保存寄存器环境
mov eax,47 //参考上面的反汇编
call Address //正式调用函数
popad //恢复寄存器环境
end;
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
hWndG := FindWindow(0, 'Form1');
end;function TForm1.FunIn(Hid:cardinal;FunName:pointer):cardinal;
var
{要注入线程的窗口句柄和临时存放的句柄}
TmpHandle: THandle;
ThreadID: Thandle;
ThreadAdd:pointer;
WriteCount: DWORD;
begin
ThreadAdd := VirtualAllocEx(Hid, nil, 4096, MEM_COMMIT, PAGE_EXECUTE_READWRITE);//在目标进程建立内存空间
WriteProcessMemory(Hid, ThreadAdd,FunName, 4096, WriteCount);//将要注入的过程写到上面建立的内存空间中
TmpHandle := CreateRemoteThread(Hid, nil, 0, ThreadAdd, nil, CREATE_SUSPENDED, ThreadID);//获得注入后过程的句柄ID
result:=TmpHandle;//返回句柄ID
end;procedure TForm1.Button1Click(Sender: TObject);
begin
GetWindowThreadProcessId(hwndg, pid);
hProcess := OpenProcess(PROCESS_ALL_ACCESS, False, pid);
homeAdd:=FunIn(hwndg,@change);//调用注入函数
ResumeThread(homeAdd); //运行注入的CALL线程
CloseHandle(homeAdd); //关闭线程
closehandle(hprocess);
end;end.
这条语句不应该出现在TForm1的声明里。
public
{ Public declarations }
function FunIn(Hid:cardinal;FunName:pointer):cardinal;
// procedure change;
end;procedure change;
procedure TForm1.change;
另外你写的代码真是乱,一个字太乱!看着都头大
http://topic.csdn.net/u/20080701/02/48b20515-30a7-44b0-9922-0a4e1061da05.html
这里是我写的针对计算器的一个东西里面也用到远程注入