1,183
社区成员
发帖
与我相关
我的任务
分享各位老师请帮忙delphi中WriteProcessMemory就是不写入。
我想先读出00D50850 to 00D50855再写入winsows这几个字符,读出已经成功,但就是不写入,请各位好心老师帮我一下。这什么不写为内存?谢谢谢谢
var
FSnapshotHandle:THandle;
FProcessEntry32:TProcessEntry32;
Ret : BOOL;
ProcessID : integer;
ProcessHndle : THandle;
lpBuffer:pByte;
nSize: DWORD;
lpNumberOfBytesRead: DWORD;
i:integer;
s:string;
bytewriteln:dword;
begin
FSnapshotHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
//创建系统快照
FProcessEntry32.dwSize:=Sizeof(FProcessEntry32);
//先初始化 FProcessEntry32 的大小
Ret:=Process32First(FSnapshotHandle,FProcessEntry32);
while Ret do
begin
s:=ExtractFileName(FProcessEntry32.szExeFile);
if s='adad.exe' then
begin
ProcessID:=FProcessEntry32.th32ProcessID;
s:='';
break;
end;
Ret:=Process32Next(FSnapshotHandle,FProcessEntry32);
end;
//循环枚举出系统开启的所有进程,找出“adad.exe”
CloseHandle(FSnapshotHandle);
Memo1.Lines.Clear ;
memo1.lines.add('Process ID '+IntToHex(FProcessEntry32.th32ProcessID,8));
memo1.lines.Add('File name'+FProcessEntry32.szExeFile);
////输出进程的一些信息
nSize:=4;
lpBuffer:=AllocMem(nSize);
ProcessHndle:=OpenProcess(PROCESS_VM_READ,false,ProcessID);
// memo1.Lines.Add ('Process Handle '+intTohex(ProcessHndle,8));
memo1.Lines.Add ('Process Handle '+intTostr(ProcessHndle));
for i:=$00D50850 to $00D50855 do
begin
ReadProcessMemory(
ProcessHndle,
Pointer(i),
lpBuffer,
nSize,
lpNumberOfBytesRead
);
s:=s+intTohex(lpBuffer^,2)+'';
//读取内容
if (i mod 1) =0 then
begin
Memo1.Lines.Add(s);
s:='';
end;
//格式化输出
end;
s:='windows';
WriteProcessMemory(ProcessHndle, Pointer($004002c0), @s[1], length(s), ByteWriteln);//这里就是不写入windows?????????????????????????????????????????????????????????????????????????????????????
FreeMem(lpBuffer,nSize);
CloseHandle(ProcessHndle);
//关闭句柄,释放内存
end;
var
FSnapshotHandle:THandle;
FProcessEntry32:TProcessEntry32;
Ret : BOOL;
ProcessID : integer;
ProcessHndle : THandle;
lpBuffer:pByte;
nSize: DWORD;
lpNumberOfBytesRead: DWORD;
i:integer;
s:string;
bytewriteln:dword;
begin
FSnapshotHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
//创建系统快照
FProcessEntry32.dwSize:=Sizeof(FProcessEntry32);
//先初始化 FProcessEntry32 的大小
Ret:=Process32First(FSnapshotHandle,FProcessEntry32);
while Ret do
begin
s:=ExtractFileName(FProcessEntry32.szExeFile);
if s='adad.exe' then
begin
ProcessID:=FProcessEntry32.th32ProcessID;
s:='';
break;
end;
Ret:=Process32Next(FSnapshotHandle,FProcessEntry32);
end;
//循环枚举出系统开启的所有进程,找出“adad.exe”
CloseHandle(FSnapshotHandle);
Memo1.Lines.Clear ;
memo1.lines.add('Process ID '+IntToHex(FProcessEntry32.th32ProcessID,8));
memo1.lines.Add('File name'+FProcessEntry32.szExeFile);
////输出进程的一些信息
nSize:=4;
lpBuffer:=AllocMem(nSize);
ProcessHndle:=OpenProcess(PROCESS_VM_READ,false,ProcessID);
// memo1.Lines.Add ('Process Handle '+intTohex(ProcessHndle,8));
memo1.Lines.Add ('Process Handle '+intTostr(ProcessHndle));
for i:=$00D50850 to $00D50855 do
begin
ReadProcessMemory(
ProcessHndle,
Pointer(i),
lpBuffer,
nSize,
lpNumberOfBytesRead
);
s:=s+intTohex(lpBuffer^,2)+'';
//读取内容
if (i mod 1) =0 then
begin
Memo1.Lines.Add(s);
s:='';
end;
//格式化输出
end;
s:='windows';
WriteProcessMemory(ProcessHndle, Pointer($004002c0), @s[1], length(s), ByteWriteln);//这里就是不写入windows?????????????????????????????????????????????????????????????????????????????????????
FreeMem(lpBuffer,nSize);
CloseHandle(ProcessHndle);
//关闭句柄,释放内存
end;
...全文
请发表友善的回复…
发表回复
okmnji79513 2008-07-21
- 打赏
- 举报
帮up 学习
ovvan 2008-07-20
- 打赏
- 举报
你要写入的那段内存是不是为只读属性了呢?
chinaqwer 2008-07-04
- 打赏
- 举报
那位老师可帮我一下呀
chinaqwer 2008-07-04
- 打赏
- 举报
老师所有文件已上传请您帮忙
老师所有文件已上传请您帮忙
老师所有文件已上传请您帮忙
老师所有文件已上传请您帮忙
老师所有文件已上传请您帮忙
老师所有文件已上传请您帮忙
http://www.fs2you.com/zh-cn/files/c1faf71c-4957-11dd-9bc3-00142218fc6e/
老师所有文件已上传请您帮忙
老师所有文件已上传请您帮忙
老师所有文件已上传请您帮忙
老师所有文件已上传请您帮忙
老师所有文件已上传请您帮忙
http://www.fs2you.com/zh-cn/files/c1faf71c-4957-11dd-9bc3-00142218fc6e/
chinaqwer 2008-07-04
- 打赏
- 举报
6楼您好,adad.exe是一个随手编写的程序,没有保护机制。运行后memo1.txt显示如下
Process ID 00000108
File nameadad.exe
Process Handle 1900
61
31
62
32
63
33
ByteWriteln 这个值是2
Process ID 00000108
File nameadad.exe
Process Handle 1900
61
31
62
32
63
33
ByteWriteln 这个值是2
JPEXE 2008-07-03
- 打赏
- 举报
我突然才发现我前面回帖里的说法是错误的!没看仔细.抱歉!
你写入不成功的话,可以先GetLastError看看是多少,还有ByteWriteln的值是多少,具体分析.
也不排除adad.exe做了防改保护,截断了你的API指令,真是这样就不好办了.
你写入不成功的话,可以先GetLastError看看是多少,还有ByteWriteln的值是多少,具体分析.
也不排除adad.exe做了防改保护,截断了你的API指令,真是这样就不好办了.
chinaqwer 2008-07-03
- 打赏
- 举报
s:='123abc' //这个是要写入的字符串
WriteProcessMemory(ProcessHndle, Pointer($$00D50850), @s[1], length(s), ByteWriteln);//
谢谢4楼但我是在同一个程序我的程序定义的不好理解我从写一个
=================
var
FSnapshotHandle:THandle;
FProcessEntry32:TProcessEntry32;
Ret : BOOL;
ProcessID : integer;
ProcessHndle : THandle;
lpBuffer:pByte;
nSize: DWORD;
lpNumberOfBytesRead: DWORD;
i:integer;
s,aa:string;
bytewriteln:dword;
begin
FSnapshotHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
//创建系统快照
FProcessEntry32.dwSize:=Sizeof(FProcessEntry32);
//先初始化 FProcessEntry32 的大小
Ret:=Process32First(FSnapshotHandle,FProcessEntry32);
while Ret do
begin
s:=ExtractFileName(FProcessEntry32.szExeFile);
if s='adad.exe' then
begin
ProcessID:=FProcessEntry32.th32ProcessID;
s:='';
break;
end;
Ret:=Process32Next(FSnapshotHandle,FProcessEntry32);
end;
//循环枚举出系统开启的所有进程,找出“adad.exe”
CloseHandle(FSnapshotHandle);
Memo1.Lines.Clear ;
memo1.lines.add('Process ID '+IntToHex(FProcessEntry32.th32ProcessID,8));
memo1.lines.Add('File name'+FProcessEntry32.szExeFile);
////输出进程的一些信息
nSize:=4;
lpBuffer:=AllocMem(nSize);
ProcessHndle:=OpenProcess(PROCESS_VM_READ,false,ProcessID);
// memo1.Lines.Add ('Process Handle '+intTohex(ProcessHndle,8));
memo1.Lines.Add ('Process Handle '+intTostr(ProcessHndle));
for i:=$00D50850 to $00D50855 do
begin
ReadProcessMemory(
ProcessHndle,
Pointer(i),
lpBuffer,
nSize,
lpNumberOfBytesRead
);
s:=s+intTohex(lpBuffer^,2)+'';
//读取内容
if (i mod 1) =0 then
begin
Memo1.Lines.Add(s);
s:='';
end;
//格式化输出
end;
aa:='123abc'; //要写入的数据
WriteProcessMemory(ProcessHndle, Pointer($004002c0), @aa[1], length(aa), ByteWriteln);//这里就是不写入windows?????????????????????????????????????????????????????????????????????????????????????
FreeMem(lpBuffer,nSize);
CloseHandle(ProcessHndle);
//关闭句柄,释放内存
end;
WriteProcessMemory(ProcessHndle, Pointer($$00D50850), @s[1], length(s), ByteWriteln);//
谢谢4楼但我是在同一个程序我的程序定义的不好理解我从写一个
=================
var
FSnapshotHandle:THandle;
FProcessEntry32:TProcessEntry32;
Ret : BOOL;
ProcessID : integer;
ProcessHndle : THandle;
lpBuffer:pByte;
nSize: DWORD;
lpNumberOfBytesRead: DWORD;
i:integer;
s,aa:string;
bytewriteln:dword;
begin
FSnapshotHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
//创建系统快照
FProcessEntry32.dwSize:=Sizeof(FProcessEntry32);
//先初始化 FProcessEntry32 的大小
Ret:=Process32First(FSnapshotHandle,FProcessEntry32);
while Ret do
begin
s:=ExtractFileName(FProcessEntry32.szExeFile);
if s='adad.exe' then
begin
ProcessID:=FProcessEntry32.th32ProcessID;
s:='';
break;
end;
Ret:=Process32Next(FSnapshotHandle,FProcessEntry32);
end;
//循环枚举出系统开启的所有进程,找出“adad.exe”
CloseHandle(FSnapshotHandle);
Memo1.Lines.Clear ;
memo1.lines.add('Process ID '+IntToHex(FProcessEntry32.th32ProcessID,8));
memo1.lines.Add('File name'+FProcessEntry32.szExeFile);
////输出进程的一些信息
nSize:=4;
lpBuffer:=AllocMem(nSize);
ProcessHndle:=OpenProcess(PROCESS_VM_READ,false,ProcessID);
// memo1.Lines.Add ('Process Handle '+intTohex(ProcessHndle,8));
memo1.Lines.Add ('Process Handle '+intTostr(ProcessHndle));
for i:=$00D50850 to $00D50855 do
begin
ReadProcessMemory(
ProcessHndle,
Pointer(i),
lpBuffer,
nSize,
lpNumberOfBytesRead
);
s:=s+intTohex(lpBuffer^,2)+'';
//读取内容
if (i mod 1) =0 then
begin
Memo1.Lines.Add(s);
s:='';
end;
//格式化输出
end;
aa:='123abc'; //要写入的数据
WriteProcessMemory(ProcessHndle, Pointer($004002c0), @aa[1], length(aa), ByteWriteln);//这里就是不写入windows?????????????????????????????????????????????????????????????????????????????????????
FreeMem(lpBuffer,nSize);
CloseHandle(ProcessHndle);
//关闭句柄,释放内存
end;
JPEXE 2008-07-03
- 打赏
- 举报
s:='windows'
你要写入的内容应该在目标进程的申请内存才行,因为不同进程之间的内存是独立的!
VirtualAllocEx(ProcessHndle, ... !!!!
你要写入的内容应该在目标进程的申请内存才行,因为不同进程之间的内存是独立的!
VirtualAllocEx(ProcessHndle, ... !!!!
chinaqwer 2008-07-03
- 打赏
- 举报
为什么没人帮我
chinaqwer 2008-07-03
- 打赏
- 举报
请帮我回答
chinaqwer 2008-07-03
- 打赏
- 举报
WriteProcessMemory(ProcessHndle, Pointer($00D50850), @s[1], length(s), ByteWriteln);//
应该是写入这个地址00D50850,上面的我写错了。
=====================================================================================
更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正
应该是写入这个地址00D50850,上面的我写错了。
=====================================================================================
更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正更正
