Question

我有2个全球大战

Value1, Value2 : Cardinal;

要获取值，我使用以下函数。

procedure GetValues;
var
  Modulo : HMODULE;
  GetWindowTextAAPI: PDWord;
begin
  Modulo := GetModuleHandle('user32.dll');
  if (Modulo <> 0) then
  begin
    GetWindowTextAAPI := GetProcAddress(Modulo, 'GetWindowTextA');
    if (GetWindowTextAAPI <> nil) then
    begin
      Value1 := GetWindowTextAAPI^;
      Value2 := GetWindowTextAAPI^+4;
      ShowMessage(IntToStr(Value1)+' '+IntToStr(Value2));
    end;
  end;
end;

写我用

procedure WriteValues;
var
  Modulo : HMODULE;
  Write : Cardinal;
  GetWindowTextAAPI: PDWord;
begin
  Modulo := GetModuleHandle('user32.dll');
  if (Modulo <> 0) then
  begin
    GetWindowTextAAPI := GetProcAddress(Modulo, 'GetWindowTextA');
    if (GetWindowTextAAPI <> nil) then
    begin
      WriteProcessMemory(GetCurrentProcess, Pointer(GetWindowTextAAPI), Addr(Value1), SizeOf(Value1), Write);
      WriteProcessMemory(GetCurrentProcess, Pointer(DWORD(GetWindowTextAAPI)+4), Addr(Value2),SizeOf(Value2), Write);
    end;
  end;
end;

如何使用Move来简化？我真的需要使用WriteProcessMemory来编写我自己的进程的内存吗？

Answer 1

替代在内存中写入字节

function WriteBytes(pAddress: Pointer; Bytes: Array of Byte): Boolean;
var
  OldProtect , NewProtect : DWORD;
begin
  if VirtualProtect(pAddress, SizeOf(Bytes), PAGE_EXECUTE_READWRITE, @OldProtect) then
  begin
    Move(Bytes, pAddress^, Length(Bytes));
    VirtualProtect(pAddress, SizeOf(Bytes), OldProtect, @NewProtect);
    Result := True;
  end
  else
  Result := False;
end;

使用

const
  OriginalValue : Array[0..5] of byte = ($6A,$08,$68,$F0,$FB,$DF);
var
  Modulo : HMODULE;
  GetWindowTextAAPI: PDWord;
begin
  Modulo := GetModuleHandle('user32.dll');
  if (Modulo <> 0) then
  begin
    GetWindowTextAAPI := GetProcAddress(Modulo, 'GetWindowTextA');
    if (GetWindowTextAAPI <> nil) then
    begin
      WriteBytes(GetWindowTextAAPI,OriginalValue);
    end;
  end;
end;

在不使用WriteProcessMemory的情况下编写自己进程的内存

1 个答案: