大家好! 我在研究修改内存. 我想利用VirtualAllocEx的申请内存修改XP自带'蜘蛛'游戏...unit Unit1;interfaceuses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, ExtCtrls, ComCtrls, StdCtrls, tlhelp32;type
TForm1 = class(TForm)
WaitTimer: TTimer;
Status: TStaticText;
btn1: TButton;
btn2: TButton;
procedure WaitTimerTimer(Sender: TObject);
procedure btn1Click(Sender: TObject);
procedure btn2Click(Sender: TObject);
private public
{ Public declarations }
end;var
Form1: TForm1;
ReadWrite: Cardinal;
ContinueLoop: BOOL;
FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
PidHandle, PidID, Temp: Integer;const
GameName = 'spider.exe';
Value1: Array [1..2] Of Byte = ($90,$90);
Value2: Array [1..2] Of Byte = ($89,$08);implementation{$R *.dfm}function GetProcessID(Const ExeFileName: string; var ProcessId: integer;Const ProcessNo :Integer = 1): boolean;
begin
result := false;
temp:=1;
FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
FProcessEntry32.dwSize := Sizeof(FProcessEntry32);
ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32);
while integer(ContinueLoop) <> 0 do
begin
if (StrIComp(PChar(ExtractFileName(FProcessEntry32.szExeFile)), PChar(ExeFileName)) = 0)
or (StrIComp(FProcessEntry32.szExeFile, PChar(ExeFileName)) = 0) then
begin
If Temp = ProcessNo then
begin
ProcessId:= FProcessEntry32.th32ProcessID;
result := true;
break;
end else inc(Temp);
end;
ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32);
end;
CloseHandle(FSnapshotHandle);
end;procedure Poke(Address: Cardinal; ChangeValues: array of byte);
begin
if GetProcessID(GameName, PidID, 1) then
begin
PidHandle:= OpenProcess(PROCESS_ALL_ACCESS,False,PidId);
WriteProcessMemory(PidHandle, Pointer(Address), @ChangeValues, SizeOf(ChangeValues), ReadWrite);
CloseHandle(PidHandle);
end;
end;procedure TForm1.WaitTimerTimer(Sender: TObject);
begin
if GetProcessID(GameName, PidID, 1)then
begin
Status.Caption:='Game Found';
btn1.Enabled:= true;
btn2.Enabled:= true;
end
else begin
Status.Caption:='Game Not Found';
btn1.Enabled:= false;
btn2.Enabled:= false;
end;
end;procedure TForm1.btn1Click(Sender: TObject);
begin
Poke($010035D1,Value1);
end;procedure TForm1.btn2Click(Sender: TObject);
begin
Poke($010035D1,Value2);
end;
end.
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, ExtCtrls, ComCtrls, StdCtrls, tlhelp32;type
TForm1 = class(TForm)
WaitTimer: TTimer;
Status: TStaticText;
btn1: TButton;
btn2: TButton;
procedure WaitTimerTimer(Sender: TObject);
procedure btn1Click(Sender: TObject);
procedure btn2Click(Sender: TObject);
private public
{ Public declarations }
end;var
Form1: TForm1;
ReadWrite: Cardinal;
ContinueLoop: BOOL;
FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
PidHandle, PidID, Temp: Integer;const
GameName = 'spider.exe';
Value1: Array [1..2] Of Byte = ($90,$90);
Value2: Array [1..2] Of Byte = ($89,$08);implementation{$R *.dfm}function GetProcessID(Const ExeFileName: string; var ProcessId: integer;Const ProcessNo :Integer = 1): boolean;
begin
result := false;
temp:=1;
FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
FProcessEntry32.dwSize := Sizeof(FProcessEntry32);
ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32);
while integer(ContinueLoop) <> 0 do
begin
if (StrIComp(PChar(ExtractFileName(FProcessEntry32.szExeFile)), PChar(ExeFileName)) = 0)
or (StrIComp(FProcessEntry32.szExeFile, PChar(ExeFileName)) = 0) then
begin
If Temp = ProcessNo then
begin
ProcessId:= FProcessEntry32.th32ProcessID;
result := true;
break;
end else inc(Temp);
end;
ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32);
end;
CloseHandle(FSnapshotHandle);
end;procedure Poke(Address: Cardinal; ChangeValues: array of byte);
begin
if GetProcessID(GameName, PidID, 1) then
begin
PidHandle:= OpenProcess(PROCESS_ALL_ACCESS,False,PidId);
WriteProcessMemory(PidHandle, Pointer(Address), @ChangeValues, SizeOf(ChangeValues), ReadWrite);
CloseHandle(PidHandle);
end;
end;procedure TForm1.WaitTimerTimer(Sender: TObject);
begin
if GetProcessID(GameName, PidID, 1)then
begin
Status.Caption:='Game Found';
btn1.Enabled:= true;
btn2.Enabled:= true;
end
else begin
Status.Caption:='Game Not Found';
btn1.Enabled:= false;
btn2.Enabled:= false;
end;
end;procedure TForm1.btn1Click(Sender: TObject);
begin
Poke($010035D1,Value1);
end;procedure TForm1.btn2Click(Sender: TObject);
begin
Poke($010035D1,Value2);
end;
end.
010035C7 - 8b 75 08 - mov esi,[ebp+08]
010035CA - 03 ce - add ecx,esi
010035CC - 5e - pop esi
010035CD - 79 02 - jns 010035d1
010035CF - 33 c9 - xor ecx,ecx
010035D1 - 89 08 - mov [eax],ecx <--这是我要修改的地址
010035D3 - 3b 0a - cmp ecx,[edx]
010035D5 - 7e 02 - jle 010035d9
010035D7 - 89 0a - mov [edx],ecx
010035D9 - 5d - pop ebp
010035DA - c2 04 00 - ret 0004