다른 EXE 메모리 읽기

7636 단어 exe
procedure TfrmMain.tmrChangeServerNameTimer(Sender: TObject);

function GetProcessID(FileName: string = ''): TProcessEntry32;

var

  Ret: BOOL;

  s: string;

  FSnapshotHandle: THandle;

  FProcessEntry32: TProcessEntry32;

begin

  FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

  FProcessEntry32.dwSize := Sizeof(FProcessEntry32);

  Ret := Process32First(FSnapshotHandle, FProcessEntry32);

  while Ret do

  begin

    s := ExtractFileName(FProcessEntry32.szExeFile);

    if (AnsiCompareText(Trim(s),Trim(FileName))=0) and (FileName <> '') then begin

      result := FProcessEntry32;

      break;

    end;

    Ret := Process32Next(FSnapshotHandle, FProcessEntry32);

  end;

  CloseHandle(FSnapshotHandle);

end;

var

  FProcessEntry32: TProcessEntry32;

  ProcessID: integer;

  ProcessHandle: THandle;

  lpBuffer: PChar;

  nSize: DWORD;

  lpNumberOfBytes: DWORD;

  mbi_thunk:TMemoryBasicInformation;

  dwOldProtect:dword;

const

  LeftAddress = $02370C68;

  RightAddress1 = $02370C74;

  RightAddress2 = $02370C84;

//  ServerName = ' ';

begin

  FProcessEntry32 := GetProcessID('aLogin.exe');

  if FProcessEntry32.th32ProcessID =0 then exit;

  ProcessID := FProcessEntry32.th32ProcessID;

  ProcessHandle := OpenProcess(PROCESS_ALL_ACCESS, false, ProcessID);

  //--------------- left

  lpBuffer := PChar(GB2Big5('01.' + ServerName));

  nSize:= 12;                               //N 

  // LeftAddress 

  VirtualQueryEx(ProcessHandle,Pointer(LeftAddress),mbi_thunk, sizeof(TMemoryBasicInformation));

  VirtualProtectEx(ProcessHandle,Pointer(LeftAddress),nSize,PAGE_EXECUTE_READWRITE,mbi_thunk.Protect);

  WriteProcessMemory(ProcessHandle, Pointer(LeftAddress), lpBuffer, nSize, lpNumberOfBytes);

  VirtualProtectEx(ProcessHandle,Pointer(LeftAddress), nSize, mbi_thunk.Protect,dwOldProtect);

  //--------------- right

  lpBuffer := PChar(GB2Big5(ServerName));   // 

  nSize:= 8;                                // 

  // RightAddress1 

  VirtualQueryEx(ProcessHandle,Pointer(RightAddress1),mbi_thunk, sizeof(TMemoryBasicInformation));

  VirtualProtectEx(ProcessHandle,Pointer(RightAddress1),nSize,PAGE_EXECUTE_READWRITE,mbi_thunk.Protect);

  WriteProcessMemory(ProcessHandle, Pointer(RightAddress1), lpBuffer, nSize, lpNumberOfBytes);

  VirtualProtectEx(ProcessHandle,Pointer(RightAddress1), nSize, mbi_thunk.Protect,dwOldProtect);

  // RightAddress2 

  VirtualQueryEx(ProcessHandle,Pointer(RightAddress2),mbi_thunk, sizeof(TMemoryBasicInformation));

  VirtualProtectEx(ProcessHandle,Pointer(RightAddress2),nSize,PAGE_EXECUTE_READWRITE,mbi_thunk.Protect);

  WriteProcessMemory(ProcessHandle, Pointer(RightAddress2), lpBuffer, nSize, lpNumberOfBytes);

  VirtualProtectEx(ProcessHandle,Pointer(RightAddress2), nSize, mbi_thunk.Protect,dwOldProtect);

  // , 

  lpBuffer := AllocMem(nSize);

  ReadProcessMemory(ProcessHandle, Pointer(RightAddress2), lpBuffer, nSize, lpNumberOfBytes);

  if ServerName = Big52GB(lpBuffer) then begin

    Caption := ' :' + Big52GB(lpBuffer);

    tmrChangeServerName.Enabled := False;

  end;

  CloseHandle(ProcessHandle);  

//   Memo1.Lines.Add(Big52GB(lpBuffer));

  //MEMO   

//  Memo1.Lines.Clear;

//  memo1.lines.add('Process ID ' + IntToHex(FProcessEntry32.th32ProcessID, 8));

//  memo1.lines.Add('File name ' + FProcessEntry32.szExeFile);

//  memo1.Lines.Add('Process Handle ' + intTohex(ProcessHandle, 8));

//  Memo1.Lines.Add(' :');

end;

좋은 웹페이지 즐겨찾기