function Subtration(X, Y: Integer): Integer; { 减法 }
begin
Result := X - Y;
end; { Subtration }procedure TForm1.Button1Click(Sender: TObject);
var
X, Y: Integer;
begin
X := 10;
Y := 12;
ShowMessage(Format('%d-%d=%d', [X, Y, Subtration(X, Y)]));
end;procedure TForm1.FormCreate(Sender: TObject);
const
cAddBuffer = #$3#$C2'q'#$5#$E8'/K'#$FA#$FF#$C3#$8B;
var
vProcess: THandle;
vNumberOfBytesRead: DWORD;
begin
vProcess := OpenProcess(PROCESS_ALL_ACCESS, True, GetCurrentProcessId);
try
WriteProcessMemory(vProcess, @Subtration,
@cAddBuffer[1], Length(cAddBuffer), vNumberOfBytesRead);
finally
CloseHandle(vProcess);
end;
end;
begin
Result := X - Y;
end; { Subtration }procedure TForm1.Button1Click(Sender: TObject);
var
X, Y: Integer;
begin
X := 10;
Y := 12;
ShowMessage(Format('%d-%d=%d', [X, Y, Subtration(X, Y)]));
end;procedure TForm1.FormCreate(Sender: TObject);
const
cAddBuffer = #$3#$C2'q'#$5#$E8'/K'#$FA#$FF#$C3#$8B;
var
vProcess: THandle;
vNumberOfBytesRead: DWORD;
begin
vProcess := OpenProcess(PROCESS_ALL_ACCESS, True, GetCurrentProcessId);
try
WriteProcessMemory(vProcess, @Subtration,
@cAddBuffer[1], Length(cAddBuffer), vNumberOfBytesRead);
finally
CloseHandle(vProcess);
end;
end;
begin
Form1.Memo1.Lines.Add(Msg);
ShowMessagePos(Msg, -1, -1);
end;procedure NewShowMessage(const Msg: string);
type
TShowMessage = procedure(const Msg: string);
begin
TShowMessage(@ReplaceShowMessage)(Msg); //采用间接调用,可以避免空间过大
//ReplaceShowMessage(Msg); //直接调用会出异常~~
end;procedure EndNewShowMessage;
begin
end;procedure TForm1.FormCreate(Sender: TObject);
var
vProcess: THandle;
vNumberOfBytesRead: DWORD;
begin
vProcess := OpenProcess(PROCESS_ALL_ACCESS, True, GetCurrentProcessId);
try
WriteProcessMemory(vProcess, @ShowMessage, @NewShowMessage,
Integer(@EndNewShowMessage) - Integer(@NewShowMessage),
// 相邻的两个函数地址相减,得到前一个函数占用的大小~~
vNumberOfBytesRead);
finally
CloseHandle(vProcess);
end;
end;procedure TForm1.Button1Click(Sender: TObject);
begin
ShowMessage('Hello');
end;
begin
Assembler:=TAssembler.Create ;
Assembler.Allocate();
Assembler.MOV(rEAX,Cardinal(PChar('Hello')));
Assembler.CALL(@ShowMessage);
Assembler.RET ;
Assembler.Execute ;
Assembler.Free ;
end;
象VCL这样能够支持RTTI的运行方式,更容易找到实例、属性、方法的存放位置~~
看来安全性的问题,不便公开讨论,就此结贴~~