关于读写进程的一组资料 ( 积分: 0 )

procedure TForm1.Button1Click(Sender: TObject);<br>const db2:dword=$9090;<br>var<br> &nbsp;ststartup: tSTARTUPINFO;<br> &nbsp;stprocinfo: TProcessInformation;<br> &nbsp;dbbyte;<br> &nbsp;tmp:dword;<br> &nbsp;nsize:integer;<br>begin<br> &nbsp;GetStartupInfo(ststartup);<br> &nbsp;nsize:=2;<br> &nbsp;db:=AllocMem(nSize);<br> &nbsp;if CreateProcess(nil, PChar('d:/masm32/test1.exe'), nil, nil,<br> &nbsp; &nbsp; False, IDLE_PRIORITY_CLASS, nil, nil, ststartup,stprocinfo) then<br> &nbsp;begin<br> &nbsp; &nbsp;if ReadProcessMemory(stprocinfo.hProcess ,pointer($00401004),db,nsize,tmp) then<br> &nbsp; &nbsp;begin<br> &nbsp; &nbsp; &nbsp;writeProcessMemory(stprocinfo.hProcess ,pointer($00401004),@db2,nsize,tmp) ;<br> &nbsp; &nbsp;end;<br> &nbsp;end;<br>end;

procedure TForm1.Button1Click(Sender: TObject);<br>const db2:dword=$9090;<br>var<br> &nbsp;ststartup: tSTARTUPINFO;<br> &nbsp;stprocinfo: TProcessInformation;<br> &nbsp;dbbyte;<br> &nbsp;tmp:dword;<br> &nbsp;nsize:integer;<br>begin<br> &nbsp;GetStartupInfo(ststartup);<br> &nbsp;nsize:=2;<br> &nbsp;db:=AllocMem(nSize);<br> &nbsp;if CreateProcess(nil, PChar('d:/masm32/test1.exe'), nil, nil,<br> &nbsp; &nbsp; False, IDLE_PRIORITY_CLASS, nil, nil, ststartup,stprocinfo) then<br> &nbsp;begin<br> &nbsp; &nbsp;if ReadProcessMemory(stprocinfo.hProcess ,pointer($00401004),db,nsize,tmp) then<br> &nbsp; &nbsp;begin<br> &nbsp; &nbsp; &nbsp;writeProcessMemory(stprocinfo.hProcess ,pointer($00401004),@db2,nsize,tmp) ;<br> &nbsp; &nbsp;end;<br> &nbsp;end;<br>end;

procedure TForm1.Button3Click(Sender: TObject);<br>var<br> &nbsp;dllname:string;<br> &nbsp;progmanhandle:dword;<br> &nbsp;threadid:dword;<br> &nbsp;processid:dword;<br> &nbsp;funcpointer;<br> &nbsp;prociddword;<br> &nbsp;virpointer;<br> &nbsp;tmp:dword;<br> &nbsp;kerhandle:dword;<br>begin<br> &nbsp;////////////////////////////////////////////////////////<br> &nbsp;kerhandle:=GetModuleHandle(pchar('Kernel32.dll'));<br> &nbsp;if kerhandle&lt;&gt;0 then begin<br> &nbsp; &nbsp;funcp:=GetProcAddress(kerhandle,'LoadLibraryA');<br> &nbsp;end else exit;<br> &nbsp;////////////////////////////////////////////////////////<br> &nbsp;dllname:='g:/wpdll/wpdll.dll';<br> &nbsp;procid:=allocmem(4);<br> &nbsp;progmanhandle:=findwindow('Progman','Program Manager');<br> &nbsp;if progmanhandle&lt;&gt;0 then begin<br> &nbsp; &nbsp;threadid:=GetWindowThreadProcessId(progmanhandle,procid);<br> &nbsp; &nbsp;if threadid&lt;&gt;0 then begin<br> &nbsp; &nbsp; &nbsp;processid:=OpenProcess(PROCESS_CREATE_THREAD or PROCESS_VM_OPERATION or<br> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; PROCESS_VM_WRITE,FALSE,procid^);<br> &nbsp; &nbsp; &nbsp;if processid&lt;&gt;0 then begin<br> &nbsp; &nbsp; &nbsp; &nbsp;virp:=VirtualAllocEx(processid,nil,MAX_PATH,MEM_COMMIT,PAGE_READWRITE);<br> &nbsp; &nbsp; &nbsp; &nbsp;if virp&lt;&gt;nil then begin<br> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;if writeProcessMemory(processid,virp,pchar(dllname),MAX_PATH,tmp) then begin<br> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;CreateRemoteThread(processid,nil,0,funcp,virp,0,threadid);<br> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;end;<br> &nbsp; &nbsp; &nbsp; &nbsp;end;<br> &nbsp; &nbsp; &nbsp;end;<br> &nbsp; &nbsp;end;<br> &nbsp;end;<br> &nbsp;freemem(procid);