我想先读出00D50850 to 00D50855再写入winsows这几个字符,读出已经成功,但就是不写入,请各位好心老师帮我一下。这什么不写为内存?谢谢谢谢var
FSnapshotHandle:THandle;
FProcessEntry32:TProcessEntry32;
Ret : BOOL;
ProcessID : integer;
ProcessHndle : THandle;
lpBuffer:pByte;
nSize: DWORD;
lpNumberOfBytesRead: DWORD;
i:integer;
s:string;
bytewriteln:dword;
begin
FSnapshotHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
//创建系统快照
FProcessEntry32.dwSize:=Sizeof(FProcessEntry32);
//先初始化 FProcessEntry32 的大小
Ret:=Process32First(FSnapshotHandle,FProcessEntry32);
while Ret do
begin
s:=ExtractFileName(FProcessEntry32.szExeFile);
if s='adad.exe' then
begin
ProcessID:=FProcessEntry32.th32ProcessID;
s:='';
break;
end;
Ret:=Process32Next(FSnapshotHandle,FProcessEntry32);
end;
//循环枚举出系统开启的所有进程,找出“adad.exe”
CloseHandle(FSnapshotHandle);
Memo1.Lines.Clear ;
memo1.lines.add('Process ID '+IntToHex(FProcessEntry32.th32ProcessID,8));
memo1.lines.Add('File name'+FProcessEntry32.szExeFile);
////输出进程的一些信息
nSize:=4;
lpBuffer:=AllocMem(nSize);
ProcessHndle:=OpenProcess(PROCESS_VM_READ,false,ProcessID);
// memo1.Lines.Add ('Process Handle '+intTohex(ProcessHndle,8));
memo1.Lines.Add ('Process Handle '+intTostr(ProcessHndle));
for i:=$00D50850 to $00D50855 do
begin
ReadProcessMemory(
ProcessHndle,
Pointer(i),
lpBuffer,
nSize,
lpNumberOfBytesRead
);
s:=s+intTohex(lpBuffer^,2)+'';
//读取内容
if (i mod 1) =0 then
begin
Memo1.Lines.Add(s);
s:='';
end;
//格式化输出
end; s:='windows';
WriteProcessMemory(ProcessHndle, Pointer($004002c0), @s[1], length(s), ByteWriteln);//这里就是不写入windows?????????????????????????????????????????????????????????????????????????????????????
FreeMem(lpBuffer,nSize);
CloseHandle(ProcessHndle);
//关闭句柄,释放内存
end;
FSnapshotHandle:THandle;
FProcessEntry32:TProcessEntry32;
Ret : BOOL;
ProcessID : integer;
ProcessHndle : THandle;
lpBuffer:pByte;
nSize: DWORD;
lpNumberOfBytesRead: DWORD;
i:integer;
s:string;
bytewriteln:dword;
begin
FSnapshotHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
//创建系统快照
FProcessEntry32.dwSize:=Sizeof(FProcessEntry32);
//先初始化 FProcessEntry32 的大小
Ret:=Process32First(FSnapshotHandle,FProcessEntry32);
while Ret do
begin
s:=ExtractFileName(FProcessEntry32.szExeFile);
if s='adad.exe' then
begin
ProcessID:=FProcessEntry32.th32ProcessID;
s:='';
break;
end;
Ret:=Process32Next(FSnapshotHandle,FProcessEntry32);
end;
//循环枚举出系统开启的所有进程,找出“adad.exe”
CloseHandle(FSnapshotHandle);
Memo1.Lines.Clear ;
memo1.lines.add('Process ID '+IntToHex(FProcessEntry32.th32ProcessID,8));
memo1.lines.Add('File name'+FProcessEntry32.szExeFile);
////输出进程的一些信息
nSize:=4;
lpBuffer:=AllocMem(nSize);
ProcessHndle:=OpenProcess(PROCESS_VM_READ,false,ProcessID);
// memo1.Lines.Add ('Process Handle '+intTohex(ProcessHndle,8));
memo1.Lines.Add ('Process Handle '+intTostr(ProcessHndle));
for i:=$00D50850 to $00D50855 do
begin
ReadProcessMemory(
ProcessHndle,
Pointer(i),
lpBuffer,
nSize,
lpNumberOfBytesRead
);
s:=s+intTohex(lpBuffer^,2)+'';
//读取内容
if (i mod 1) =0 then
begin
Memo1.Lines.Add(s);
s:='';
end;
//格式化输出
end; s:='windows';
WriteProcessMemory(ProcessHndle, Pointer($004002c0), @s[1], length(s), ByteWriteln);//这里就是不写入windows?????????????????????????????????????????????????????????????????????????????????????
FreeMem(lpBuffer,nSize);
CloseHandle(ProcessHndle);
//关闭句柄,释放内存
end;
应该是写入这个地址00D50850,上面的我写错了。
=====================================================================================
更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正
你要写入的内容应该在目标进程的申请内存才行,因为不同进程之间的内存是独立的!
VirtualAllocEx(ProcessHndle, ... !!!!
WriteProcessMemory(ProcessHndle, Pointer($$00D50850), @s[1], length(s), ByteWriteln);// 谢谢4楼但我是在同一个程序我的程序定义的不好理解我从写一个
=================
var
FSnapshotHandle:THandle;
FProcessEntry32:TProcessEntry32;
Ret : BOOL;
ProcessID : integer;
ProcessHndle : THandle;
lpBuffer:pByte;
nSize: DWORD;
lpNumberOfBytesRead: DWORD;
i:integer;
s,aa:string;
bytewriteln:dword;
begin
FSnapshotHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
//创建系统快照
FProcessEntry32.dwSize:=Sizeof(FProcessEntry32);
//先初始化 FProcessEntry32 的大小
Ret:=Process32First(FSnapshotHandle,FProcessEntry32);
while Ret do
begin
s:=ExtractFileName(FProcessEntry32.szExeFile);
if s='adad.exe' then
begin
ProcessID:=FProcessEntry32.th32ProcessID;
s:='';
break;
end;
Ret:=Process32Next(FSnapshotHandle,FProcessEntry32);
end;
//循环枚举出系统开启的所有进程,找出“adad.exe”
CloseHandle(FSnapshotHandle);
Memo1.Lines.Clear ;
memo1.lines.add('Process ID '+IntToHex(FProcessEntry32.th32ProcessID,8));
memo1.lines.Add('File name'+FProcessEntry32.szExeFile);
////输出进程的一些信息
nSize:=4;
lpBuffer:=AllocMem(nSize);
ProcessHndle:=OpenProcess(PROCESS_VM_READ,false,ProcessID);
// memo1.Lines.Add ('Process Handle '+intTohex(ProcessHndle,8));
memo1.Lines.Add ('Process Handle '+intTostr(ProcessHndle));
for i:=$00D50850 to $00D50855 do
begin
ReadProcessMemory(
ProcessHndle,
Pointer(i),
lpBuffer,
nSize,
lpNumberOfBytesRead
);
s:=s+intTohex(lpBuffer^,2)+'';
//读取内容
if (i mod 1) =0 then
begin
Memo1.Lines.Add(s);
s:='';
end;
//格式化输出
end; aa:='123abc'; //要写入的数据
WriteProcessMemory(ProcessHndle, Pointer($004002c0), @aa[1], length(aa), ByteWriteln);//这里就是不写入windows?????????????????????????????????????????????????????????????????????????????????????
FreeMem(lpBuffer,nSize);
CloseHandle(ProcessHndle);
//关闭句柄,释放内存
end;
你写入不成功的话,可以先GetLastError看看是多少,还有ByteWriteln的值是多少,具体分析.
也不排除adad.exe做了防改保护,截断了你的API指令,真是这样就不好办了.
Process ID 00000108
File nameadad.exe
Process Handle 1900
61
31
62
32
63
33
ByteWriteln 这个值是2