首页  编辑  

利用进程的内存读写,替换系统函数

Tags: /超级猛料/Language.Object Pascal/内嵌汇编、函数、过程/   Date Created:
利用进程的内存读写,替换系统函数~~
//如果直接替换会报地址访问错误~~
procedure ReplaceShowMessage(const Msg: string);
begin
 Form1.Memo1.Lines.Add(Msg);
 ShowMessagePos(Msg, -1, -1);
end;

procedure NewShowMessage(const Msg: string);
type
 TShowMessage = procedure(const Msg: string);
begin
 TShowMessage(@ReplaceShowMessage)(Msg); //采用间接调用,可以避免空间过大
 //ReplaceShowMessage(Msg); //直接调用会出异常~~
end;

procedure EndNewShowMessage;
begin
end;

procedure TForm1.FormCreate(Sender: TObject);
var
 vProcess: THandle;
 vNumberOfBytesRead: DWORD;
begin
 vProcess := OpenProcess(PROCESS_ALL_ACCESS, True, GetCurrentProcessId);
 try
   WriteProcessMemory(vProcess, @ShowMessage, @NewShowMessage,
     Integer(@EndNewShowMessage) - Integer(@NewShowMessage),
//    相邻的两个函数地址相减,得到前一个函数占用的大小~~
     vNumberOfBytesRead);
 finally
   CloseHandle(vProcess);
 end;
end;

procedure TForm1.Button1Click(Sender: TObject);
begin
 ShowMessage('Hello');
end;