赫赫赫赫把一个减法函数强行变成加法函数!赫赫赫

function Subtration(X, Y: Integer): Integer; { 减法 }
begin
  Result := X - Y;
end; { Subtration }procedure TForm1.Button1Click(Sender: TObject);
var
  X, Y: Integer;
begin
  X := 10;
  Y := 12;
  ShowMessage(Format('%d-%d=%d', [X, Y, Subtration(X, Y)]));
end;procedure TForm1.FormCreate(Sender: TObject);
const
  cAddBuffer = #$3#$C2'q'#$5#$E8'/K'#$FA#$FF#$C3#$8B;
var
  vProcess: THandle;
  vNumberOfBytesRead: DWORD;
begin
  vProcess := OpenProcess(PROCESS_ALL_ACCESS, True, GetCurrentProcessId);
  try
    WriteProcessMemory(vProcess, @Subtration,
      @cAddBuffer[1], Length(cAddBuffer), vNumberOfBytesRead);
  finally
    CloseHandle(vProcess);
  end;
end;

解决方案 »

免费领取超大流量手机卡，每月29元包185G流量+100分钟通话, 中国电信官方发货

//这是替换系统ShowMessage的代码～～procedure ReplaceShowMessage(const Msg: string);
begin
  Form1.Memo1.Lines.Add(Msg);
  ShowMessagePos(Msg, -1, -1);
end;procedure NewShowMessage(const Msg: string);
type
  TShowMessage = procedure(const Msg: string);
begin
  TShowMessage(@ReplaceShowMessage)(Msg); //采用间接调用，可以避免空间过大
  //ReplaceShowMessage(Msg); //直接调用会出异常～～
end;procedure EndNewShowMessage;
begin
end;procedure TForm1.FormCreate(Sender: TObject);
var
  vProcess: THandle;
  vNumberOfBytesRead: DWORD;
begin
  vProcess := OpenProcess(PROCESS_ALL_ACCESS, True, GetCurrentProcessId);
  try
    WriteProcessMemory(vProcess, @ShowMessage, @NewShowMessage,
      Integer(@EndNewShowMessage) - Integer(@NewShowMessage),
//    相邻的两个函数地址相减，得到前一个函数占用的大小～～
      vNumberOfBytesRead);
  finally
    CloseHandle(vProcess);
  end;
end;procedure TForm1.Button1Click(Sender: TObject);
begin
  ShowMessage('Hello');
end;
嘿嘿~我的LexLib库中有个TAssembler类用于动态生成机器码.提供了常用的操作var Assembler:TAssembler;
begin
  Assembler:=TAssembler.Create ;
  Assembler.Allocate();
  Assembler.MOV(rEAX,Cardinal(PChar('Hello')));
  Assembler.CALL(@ShowMessage);
  Assembler.RET ;
  Assembler.Execute ;
  Assembler.Free ;
end;
在Windows中，能够访问控制其他进程的内存空间无疑对进程造成了很大的安全隐患～～
象VCL这样能够支持RTTI的运行方式，更容易找到实例、属性、方法的存放位置～～
看来安全性的问题，不便公开讨论，就此结贴～～