function GetPID:THandle;
var
lppe: tprocessentry32;
sshandle: thandle;
found: boolean;
begin
result:=0;
sshandle := CreateToolhelp32Snapshot(TH32CS_SNAPALL,0);
found := process32first(sshandle, lppe);
while found do
begin
if ansiCompareText(ExtractFileName(lppe.szExefile),'hypertrm.exe') = 0 then
begin
result:=lppe.th32ProcessID;
break;
end;
found := process32next(sshandle, lppe);
end;
CloseHandle(sshandle);
end;
procedure TForm1.Button1Click(Sender: TObject);
var
ProcessHandle , MyHandle: THandle;
lpBuffer: pchar;
nSize: DWORD;
lpNumberOfBytes: DWORD;
i,n: integer;
addr:dword;
r,s,t: string;
mbi_thunk:TMemoryBasicInformation;
dwOldProtect:dword;
begin
MyHandle := GetPID;
ShowMessage(inttostr(MyHandle));
if GetPID<>0 then
begin
Memo1.Lines.Clear;
Memo2.Lines.Clear;
Memo3.Lines.Clear;
ProcessHandle := OpenProcess(PROCESS_ALL_ACCESS, false, MyHandle);
addr:=HexToInt('00AB7000');
nSize:=HexToInt('00AB8FFF')-addr+1;
lpBuffer := AllocMem(nSize);
if(not ReadProcessMemory(ProcessHandle, Pointer(addr), lpBuffer, nSize, lpNumberOfBytes))
or(nSize<>lpNumberOfBytes) then
begin
showmessage('读数据出错,可能是指定的地址不存在.');
exit;
end;
s:='';
t:='';
r:='';
for i :=0 to nSize-1 do
begin
s := s + format('%.2X ',[ord(lpBuffer[i])]);
n:= HextoInt(Trim(RightStr(S,3)));
t:=t + InttoStr(n) + ' ';
if Trim(RightStr(S,3)) = '00' then r := r + '@ '
else r:=r + CHR(n) + ' ';
if ((i mod 16 ) = 15) or (i=nSize-1) then
begin
Memo1.Lines.Add(s);//从内存中读取到的16进制数据
Memo2.Lines.Add(t);//转换成为ASSII的数据
Memo3.Lines.Add(r);//转换为字符后的数据,空数据用@表示
s := '';
t := '';
r := '';
end;
end;
FreeMem(lpBuffer, nSize);
CloseHandle(ProcessHandle);
Form1.Caption:='获取当前'+IntToStr(nSize)+'位内存数据';
end;
end;