1,184
社区成员
发帖
与我相关
我的任务
分享请问delphi如何扫描程序的所有内存
用CE能扫到,自己写的函数,有时候能扫到,有时候扫不到
通过对比,发现自己写的函数,有的地址根本扫描不到,
请问各位是什么问题呢? 帮忙看一下 多谢!
procedure mScanToList(pid: Cardinal);
var
APtr: Pointer;
Buffer: TMemoryBasicInformation;
Index: Integer;
hProcess: THandle;
BassAddr, PageSize: array of Integer;
PageNum: Integer;
i, j: Integer;
buf: array of Byte;
cRead, lp: Cardinal;
begin
APtr := nil;
Index := 0;
PageNum := 0;
hProcess := OpenProcess(PROCESS_ALL_ACCESS, False, pid);
while VirtualQueryEx(hProcess, APtr, Buffer,
SizeOf(TMemoryBasicInformation)) = SizeOf(TMemoryBasicInformation) do
begin
Inc(Index);
if (Buffer.State = MEM_COMMIT) and (Buffer.Protect and PAGE_GUARD = 0) then //http://www.delphigroups.info/2/8b/501419.html
begin
SetLength(BassAddr, PageNum + 1);
SetLength(PageSize, PageNum + 1);
BassAddr[PageNum] := Integer(Buffer.BaseAddress); //'基底位址
PageSize[PageNum] := Buffer.RegionSize; //'區塊大小
PageNum := PageNum + 1;
end;
DWord(APtr) := DWord(APtr) + Buffer.RegionSize;
end;
muMain.frmMain.stat1.Panels[2].Text:=IntToStr(PageNum);
muMain.frmMain.lv1.Items.BeginUpdate;
for i := 0 to PageNum - 1 do
begin
SetLength(buf, pageSize[i]); //区块大小
ZeroMemory(@buf[0], Length(buf));
try
ReadProcessMemory(hProcess, Pointer(BassAddr[i]), @buf[0], pageSize[i], cRead);
for j := 0 to Length(buf) - 15 do begin
//DefaultSwitch
//44 65 66 61 75 6C 74 53 77 69 74 63 68 00
if (buf[j] = $44) and (buf[j + 1] = $65) and (buf[j + 2] = $66) and (buf[j + 3] = $61) and
(buf[j + 4] = $75) and (buf[j + 5] = $6C) and (buf[j + 6] = $74) and (buf[j + 7] = $53) and
(buf[j + 8] = $77) and (buf[j + 9] = $69) and (buf[j + 10] = $74) and (buf[j + 11] = $63) and
(buf[j + 12] = $68) and (buf[j + 13] = $00) then
begin
//处理
end;
end;
except
end;
end;
muMain.frmMain.lv1.Items.EndUpdate;
CloseHandle(hProcess);
end;
通过对比,发现自己写的函数,有的地址根本扫描不到,
请问各位是什么问题呢? 帮忙看一下 多谢!
procedure mScanToList(pid: Cardinal);
var
APtr: Pointer;
Buffer: TMemoryBasicInformation;
Index: Integer;
hProcess: THandle;
BassAddr, PageSize: array of Integer;
PageNum: Integer;
i, j: Integer;
buf: array of Byte;
cRead, lp: Cardinal;
begin
APtr := nil;
Index := 0;
PageNum := 0;
hProcess := OpenProcess(PROCESS_ALL_ACCESS, False, pid);
while VirtualQueryEx(hProcess, APtr, Buffer,
SizeOf(TMemoryBasicInformation)) = SizeOf(TMemoryBasicInformation) do
begin
Inc(Index);
if (Buffer.State = MEM_COMMIT) and (Buffer.Protect and PAGE_GUARD = 0) then //http://www.delphigroups.info/2/8b/501419.html
begin
SetLength(BassAddr, PageNum + 1);
SetLength(PageSize, PageNum + 1);
BassAddr[PageNum] := Integer(Buffer.BaseAddress); //'基底位址
PageSize[PageNum] := Buffer.RegionSize; //'區塊大小
PageNum := PageNum + 1;
end;
DWord(APtr) := DWord(APtr) + Buffer.RegionSize;
end;
muMain.frmMain.stat1.Panels[2].Text:=IntToStr(PageNum);
muMain.frmMain.lv1.Items.BeginUpdate;
for i := 0 to PageNum - 1 do
begin
SetLength(buf, pageSize[i]); //区块大小
ZeroMemory(@buf[0], Length(buf));
try
ReadProcessMemory(hProcess, Pointer(BassAddr[i]), @buf[0], pageSize[i], cRead);
for j := 0 to Length(buf) - 15 do begin
//DefaultSwitch
//44 65 66 61 75 6C 74 53 77 69 74 63 68 00
if (buf[j] = $44) and (buf[j + 1] = $65) and (buf[j + 2] = $66) and (buf[j + 3] = $61) and
(buf[j + 4] = $75) and (buf[j + 5] = $6C) and (buf[j + 6] = $74) and (buf[j + 7] = $53) and
(buf[j + 8] = $77) and (buf[j + 9] = $69) and (buf[j + 10] = $74) and (buf[j + 11] = $63) and
(buf[j + 12] = $68) and (buf[j + 13] = $00) then
begin
//处理
end;
end;
except
end;
end;
muMain.frmMain.lv1.Items.EndUpdate;
CloseHandle(hProcess);
end;
...全文
请发表友善的回复…
发表回复
