win2000的内存读取问题？？？(100分)

我在win98下用FindWindow找到一个窗口的句柄，然后用OpenProcess打开这个进程，然后用
ReadProcessMemory和WriteProcessMemory对进程的内存进行读写，一切正常，但是程序在
win2000中就不起作用了，请问这个是何原因，如果能解决，请付上源码，谢谢。！！！！

???,这个问题不会太难吧?,为什么没有人回答我.....5555.......

你先看一看你得到的进程句柄是不是NULL,如果是的话，那么多半是权限问题。

以下是一段调高自己访问权限的代码你可试一下。
function AdjustTokenPrivileges(TokenHandle: THandle; DisableAllPrivileges: BOOL;
const NewState: PTokenPrivileges; BufferLength: DWORD;
const PreviousState: PTokenPrivileges; var ReturnLength: DWORD): BOOL; stdcall; external advapi32 name 'AdjustTokenPrivileges'

procedure EnableDebugPriv;
var
hToKen: Cardinal;
sedebugnameValue: TLargeInteger;
tkp: TTokenPrivileges;
currentTkp: TTokenPrivileges;
returnLen: Cardinal;
begin
if not OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken) then
Exit;

try
if not LookupPrivilegeValue(nil, SE_DEBUG_NAME, sedebugnameValue) then
Exit;

tkp.PrivilegeCount := 1;
Int64(tkp.Privileges[0].Luid) := sedebugnameValue;
tkp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
if not AdjustTokenPrivileges(hToken, false, @tkp, sizeof(TTokenPrivileges), @currentTkp, returnLen) then
Exit;
finally
CloseHandle(hToKen);
end;
end;
之所以自定义了一下AdjustTokenPrivileges函数是因为Delphi5的这个函数定义有一些错误。

提高权限就可以了吗？我用的delphi6。
其他人还有什么高招呢？

看了这样的题目就发蒙，关注此题！
我不会，帮你提前。

up

我知道
在98中用了PROCESS_ALL_ACCESS参数的
在2k上应该改为这样才能写内存
ProcessHndle := OpenProcess(generic_read or generic_write, false, ProcessID);

这个例子够完整了吧，直接就可以在2k中修改游戏了

Unit1.pas
unit Unit1;

interface

uses
Windows, Messages, SysUtils, Classes, Controls, Forms, Dialogs,
StdCtrls, ComCtrls, ExtCtrls, Buttons, TLHelp32, psapi, Menus;

type
TForm1 = class(TForm)
GroupBox1: TGroupBox;
Button2: TButton;
Memo1: TMemo;
Edit4: TEdit;
Edit5: TEdit;
Xg_00: TEdit;
Zj_00: TComboBox;
Button3: TButton;
PopupMenu1: TPopupMenu;
N1: TMenuItem;
N2: TMenuItem;
N3: TMenuItem;
ListView1: TListView;
N4: TMenuItem;
CheckBox1: TCheckBox;
CheckBox2: TCheckBox;
CheckBox3: TCheckBox;
CheckBox4: TCheckBox;
Edit1: TEdit;
Edit2: TEdit;
Label1: TLabel;
Edit3: TEdit;
procedure Button3Click(Sender: TObject);
procedure N1Click(Sender: TObject);
procedure FormCreate(Sender: TObject);
procedure ListView1ColumnClick(Sender: TObject; Column: TListColumn);
procedure N4Click(Sender: TObject);
private
{ Private declarations }
procedure MEM_ProcessColumn(V: Integer);

public
BeingDebugged: boolean;
{ Public declarations }
end;
var
Form1: TForm1;
function get_proc_name(pid: DWORD): string;
implementation

{$R *.DFM}

function get_proc_name(pid: DWORD): string;
// nt/2000版本的函数：
function get_proc_name_nt(pid: DWORD): string;
var
hp, hmod, need: DWORD;
name: array[0..MAX_PATH] of char;
begin
hp := OpenProcess(PROCESS_VM_READ or PROCESS_QUERY_INFORMATION, false, pid);
if hp = 0 then
RaiseLastWin32Error;
EnumProcessModules(hp, @hmod, 4, need);
GetModuleFileNameEx(hp, hmod, name, MAX_PATH);
CloseHandle(hp);
Result := name;
end;
//win9x版本的函数：
function get_proc_name_9x(pid: DWORD): string;
var
snapshot: DWORD;
pe: TProcessEntry32;
begin
snapshot := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if integer(snapshot) = -1 then
RaiseLastWin32Error();
Result := '未知';
pe.dwSize := sizeof(pe);
if Process32First(snapshot, pe) then
repeat
if pe.th32ProcessID = pid then
begin
Result := pe.szExeFile;
break;
end;
until not Process32Next(snapshot, pe);
CloseHandle(snapshot);
end;
begin
if Win32Platform = VER_PLATFORM_WIN32_NT then
Result := get_proc_name_nt(pid)
else
Result := get_proc_name_9x(pid);
end;

procedure TForm1.Button3Click(Sender: TObject);
var
ProcessHndle, FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
Ret: BOOL;
Buffer, i, MemDz, ProcessID: integer;
lpBuffer: pByte;
lpNumberOfBytesRead, nSize, hwnd_s: dword;
s: string;
begin
ProcessID := -1;
if CheckBox2.Checked then
getwindowthreadprocessid(StrToIntDef(Edit1.Text, 0), @ProcessID)
else if CheckBox3.Checked then
ProcessID := StrToIntDef(Edit5.Text, 0)
else if CheckBox1.Checked then
begin
hwnd_s := findwindowexa(0, 0, 0, pchar(Edit2.Text));
if hwnd_s > 0 then
getwindowthreadprocessid(hwnd_s, @ProcessID);
if CheckBox4.Checked then
if pos(Edit4.Text, get_proc_name(ProcessID)) = 0 then
ProcessID := -1;
end
else if CheckBox4.Checked then
begin
FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
FProcessEntry32.dwSize := Sizeof(FProcessEntry32);
Ret := Process32First(FSnapshotHandle, FProcessEntry32);
while Ret do
begin
s := ExtractFileName(FProcessEntry32.szExeFile);
if s = ExtractFileName(Edit4.Text) then
begin
ProcessID := FProcessEntry32.th32ProcessID;
break;
end;
Ret := Process32Next(FSnapshotHandle, FProcessEntry32);
end;
s := '';
CloseHandle(FSnapshotHandle);
end;
if ProcessID = -1 then
begin
Memo1.Text := '目标程序没找到';
exit;
end;
Memo1.Lines.Clear;
memo1.lines.add('Process ID $' + IntToHex(ProcessID, 8) + ' (' + format('%.8d',
[ProcessID]) + ')');
memo1.lines.Add('File Name ' + get_proc_name(ProcessID));

nSize := Zj_00.ItemIndex + 1;
lpBuffer := AllocMem(nSize);
ProcessHndle := OpenProcess(generic_read or generic_write, false, ProcessID);
memo1.Lines.Add('Process Handle ' + intTohex(ProcessHndle, 8));
if (Edit3.Text <> '') and
(Edit3.Text[1] = 'h') or
(Edit3.Text[1] = 'H') then
MemDz := StrToIntDef('$' + copy(Edit3.Text, 2, Length(Edit3.Text)), 0)
else
MemDz := StrToIntDef(Edit3.Text, 0);
memo1.Lines.Add('查看地址 ' + intTohex(MemDz, 8) + 'h');
Buffer := StrToIntDef(Xg_00.Text, 0);
if Sender = Button3 then
WriteProcessMemory(ProcessHndle, Pointer(MemDz), @Buffer, sizeof(Buffer),
lpNumberOfBytesRead);
MemDz := (MemDz div 16) * 16;
s := intTohex(MemDz, 8) + 'h:';
for i := MemDz to MemDz + 16 * 8 do
begin
ReadProcessMemory(ProcessHndle, Pointer(i), lpBuffer, nSize,
lpNumberOfBytesRead);
s := s + intTohex(lpBuffer^, 2) + ' ';
//读取内容
if (i mod 16) = 15 then
begin
Memo1.Lines.Add(s);
s := intTohex(i + 1, 8) + 'h:';
end;
//格式化输出
end;
FreeMem(lpBuffer, nSize);
CloseHandle(ProcessHndle);
//关闭句柄，释放内存
end;

procedure TForm1.N1Click(Sender: TObject);
var
hCurrentWindow: HWnd;
szText: array[0..254] of char;
NewItem: TListItem;
id: dword;
begin
ListView1.Items.Clear;
hCurrentWindow := GetWindow(Handle, GW_HWNDFIRST);
while hCurrentWindow <> 0 do
begin
if GetWindowText(hCurrentWindow, @szText, 255) > 0 then
if N3.Checked or IsWindowVisible(hCurrentWindow) then //得到窗口是否visible
begin
NewItem := ListView1.Items.add;
NewItem.Caption := strpas(szText);
NewItem.subItems.Add(format('%.8d', [hCurrentWindow]));
getwindowthreadprocessid(hCurrentWindow, @id); //得到窗口的线程id
NewItem.subItems.Add(format('%.8d', [ID]));
NewItem.subItems.Add(get_proc_name(id));
end;
hCurrentWindow := GetWindow(hCurrentWindow, GW_HWNDNEXT);
end;
end;

procedure TForm1.FormCreate(Sender: TObject);
begin
N1Click(nil);
end;

procedure TForm1.MEM_ProcessColumn(V: Integer);
function CustomSortProc(Item1, Item2: TListItem; lParam: LongInt): Integer;
stdcall;
begin
if (lParam >= 0) then
begin
if abs(Form1.ListView1.Tag) = 1 then
result := Form1.ListView1.Tag * CompareText(Item1.Caption, Item2.Caption)
else
result := Form1.ListView1.Tag *
CompareText(Item1.SubItems.Strings[abs(Form1.ListView1.Tag) - 2],
Item2.SubItems.Strings[abs(Form1.ListView1.Tag) - 2]);
end
else
result := 0;
end;
begin
N1Click(nil);
inc(v);
if ListView1.Tag = V then
ListView1.Tag := -V
else
ListView1.Tag := V;
ListView1.CustomSort(@CustomSortProc, 0);
end;

procedure TForm1.ListView1ColumnClick(Sender: TObject;
Column: TListColumn);
begin
MEM_ProcessColumn(Column.Index);
end;

procedure TForm1.N4Click(Sender: TObject);
begin
if ListView1.ItemIndex > -1 then
begin
Edit2.Text := ListView1.Items.Item[ListView1.ItemIndex].Caption;
Edit1.Text := ListView1.Items.Item[ListView1.ItemIndex].SubItems[0];
Edit5.Text := ListView1.Items.Item[ListView1.ItemIndex].SubItems[1];
Edit4.Text := ListView1.Items.Item[ListView1.ItemIndex].SubItems[2];
end;
end;
end.

Unit1.dfm
object Form1: TForm1
Left = 62
Top = 48
BorderIcons = [biSystemMenu]
BorderStyle = bsDialog
Caption = 'Form1'
ClientHeight = 378
ClientWidth = 703
Color = clActiveBorder
DragKind = dkDock
DragMode = dmAutomatic
Font.Charset = DEFAULT_CHARSET
Font.Color = clWindowText
Font.Height = -11
Font.Name = 'MS Sans Serif'
Font.Style = []
Icon.Data = {
0000010001002020100000000000E80200001600000028000000200000004000
0000010004000000000080020000000000000000000000000000000000000000
000000008000008000000080800080000000800080008080000080808000C0C0
C0000000FF0000FF000000FFFF00FF000000FF00FF00FFFF0000FFFFFF000000
0000000000000000000000000000000000000000000000000000000000000000
0000000008888800000000000000000000000008844444880000000000000000
0000008447777744800000000000000000000844444444444800000000000000
0000844444444444448000000000000000008444444444444480000000000000
000844444E444444444800000000000000084444E44444444448000000000000
0008444E6E44444444480000000000000008444CECECCCCC4448000000000000
00084CCE6ECCCCCCCC4800000000000000008CCCE6ECCCCCCC80000000000000
000088FCCECCCCCCF8800000000000000000088F8F8F8F8F8800000000000000
00000088FFF8F8F88000000000000000000000088FFF8F880000000000000000
0000000088FFF8800000000000000000000000007F8F8F700000000000000000
0000000008FFF800000000000000000000000000088F88000000000000000000
0000000008FFF800000000000000000000000000088F88000000000000000000
0000000008FFF800000000000000000000000000088F88000000000000000000
0000000008F87700000000000000000000000007888888870000000000000000
0000000887777788000000000000000000000007788888770000000000000000
000000000000000000000000000000000000000000000000000000000000FFFF
FFFFFFF83FFFFFE00FFFFFC007FFFF8003FFFF0001FFFE0000FFFE0000FFFC00
007FFC00007FFC00007FFC00007FFC00007FFE0000FFFE0000FFFF0001FFFF80
03FFFFC007FFFFE00FFFFFE00FFFFFF01FFFFFF01FFFFFF01FFFFFF01FFFFFF0
1FFFFFF01FFFFFE00FFFFFC007FFFFC007FFFFC007FFFFE00FFFFFFFFFFF}
OldCreateOrder = False
Position = poDesktopCenter
OnCreate = FormCreate
PixelsPerInch = 96
TextHeight = 13
object GroupBox1: TGroupBox
Left = 0
Top = 150
Width = 703
Height = 209
Align = alTop
Caption = '内容'
TabOrder = 0
object Label1: TLabel
Left = 412
Top = 120
Width = 48
Height = 13
Caption = '查看地址'
end
object Button2: TButton
Left = 616
Top = 136
Width = 65
Height = 22
Caption = '查看'
TabOrder = 0
OnClick = Button3Click
end
object Memo1: TMemo
Left = 8
Top = 16
Width = 377
Height = 185
Font.Charset = GB2312_CHARSET
Font.Color = clWindowText
Font.Height = -12
Font.Name = '宋体'
Font.Style = []
ParentFont = False
ScrollBars = ssBoth
TabOrder = 1
WordWrap = False
end
object Edit4: TEdit
Left = 520
Top = 40
Width = 177
Height = 21
TabOrder = 2
Text = 'Winamp.exe'
end
object Edit5: TEdit
Left = 520
Top = 64
Width = 177
Height = 21
TabOrder = 3
Text = '$00000000'
end
object Xg_00: TEdit
Left = 392
Top = 172
Width = 121
Height = 21
Color = clInfoBk
TabOrder = 4
Text = '修改的值'
end
object Zj_00: TComboBox
Left = 520
Top = 172
Width = 81
Height = 21
ItemHeight = 13
ItemIndex = 1
TabOrder = 5
Text = '双字节'
Items.Strings = (
'单字节'
'双字节')
end
object Button3: TButton
Left = 616
Top = 168
Width = 75
Height = 25
Caption = '修改为'
TabOrder = 6
OnClick = Button3Click
end
object CheckBox1: TCheckBox
Left = 392
Top = 16
Width = 121
Height = 17
Caption = '通过窗口标题查找'
TabOrder = 7
end
object CheckBox2: TCheckBox
Left = 392
Top = 88
Width = 97
Height = 17
Caption = '通过hWnd查找'
TabOrder = 8
end
object CheckBox3: TCheckBox
Left = 392
Top = 64
Width = 121
Height = 17
Caption = '通过ProcessID查找'
TabOrder = 9
end
object CheckBox4: TCheckBox
Left = 392
Top = 40
Width = 113
Height = 17
Caption = '通过文件名查找'
Checked = True
State = cbChecked
TabOrder = 10
end
object Edit1: TEdit
Left = 520
Top = 88
Width = 177
Height = 21
TabOrder = 11
Text = '$00000000'
end
object Edit2: TEdit
Left = 520
Top = 16
Width = 177
Height = 21
TabOrder = 12
end
object Edit3: TEdit
Left = 520
Top = 112
Width = 121
Height = 21
TabOrder = 13
Text = '$00000000'
end
end
object ListView1: TListView
Left = 0
Top = 0
Width = 703
Height = 150
Align = alTop
Columns = <
item
Caption = '标题'
Width = 155
end
item
Caption = 'hWnd'
Width = 70
end
item
Caption = 'ProcessID'
Width = 70
end
item
Caption = '文件'
Width = 333
end>
ReadOnly = True
RowSelect = True
PopupMenu = PopupMenu1
TabOrder = 1
ViewStyle = vsReport
OnColumnClick = ListView1ColumnClick
end
object PopupMenu1: TPopupMenu
Left = 160
Top = 200
object N4: TMenuItem
Caption = '加入任务'
OnClick = N4Click
end
object N1: TMenuItem
Caption = '刷新'
OnClick = N1Click
end
object N3: TMenuItem
AutoCheck = True
Caption = '显示所有'
OnClick = N1Click
end
object N2: TMenuItem
Caption = '关闭选择的程序!!!'
end
end
end