RSS订阅 | 匿名投稿
您的位置:网站首页 > 外挂 > 正文

delphi 外挂编写的几个API函数

作者:admin 来源: 日期:2013/3/20 9:16:06 人气: 标签:

3个 API函数
  GetWindowThreadProcessId :获取进程ID 
  OpenProcess              :获取进程句柄     
  ReadProcessMemory        :读出指定进程 指定位置 的数据到缓冲区 
DWORD GetWindowThreadProcessId(
  HWND hWnd,             // 窗口句柄 由FindWindow获取
  LPDWORD lpdwProcessId  // 存放进程ID的 变量
);

HANDLE OpenProcess(
  DWORD dwDesiredAccess,    // PROCESS_VM_READ or PROCESS_VM_WRITE 访问权限
  BOOL bInheritHandle,      // 这个是继承标志 在这里 为false
  DWORD dwProcessId         // 进程ID  由GetWindowThreadProcessId 获取
);
BOOL ReadProcessMemory(
  HANDLE hProcess,            // 进程句柄 由OpenProcess函数获取
  LPCVOID lpBaseAddress,      // 要读出数据的地址:$47d814
  LPVOID lpBuffer,            // 用于存放读取数据的地址:sitNum
  DWORD nSize,                // 要读出的数据大小  4
  LPDWORD lpNumberOfBytesRead // 读出数据的实际大小 
);

一.读指定进程内存:ReadProcessMemory
  此函数的定义为:function ReadProcessMemory(hProcess: THandle; const lpBaseAddress: Pointer; lpBuffer: Pointer; nSize: DWORD; var lpNumberOfBytesRead: DWORD): BOOL; stdcall;
  hProcess指向被读取内存的进程的句柄,此句柄必须有PROCESS_VM_READ权限.
  lpBaseAddress:指向被读取的内存在进程中基地址的指针.
  lpBuffer:指向用于保存读出数据的缓冲区的指针.
  nSize:指定从指定进程中要读取的字节数.
  lpNumberOfBytesRead:指向读出数据的实际字节数.

二.写指定进程内存:WriteProcessMemory
  此函数的定义为:function WriteProcessMemory(hProcess: THandle; const lpBaseAddress: Pointer; lpBuffer: Pointer; nSize: DWORD; var lpNumberOfBytesWritten: DWORD): BOOL; stdcall;
参数含义同ReadProcessMemory,其中hProcess句柄要有对进程的PROCESS_VM_WRITE和PROCESS_VM_OPERATION权限.lpBuffer为要写到指定进程的数据的指针.





procedure TForm1.Timer1Timer(Sender: TObject);
var
  hgame:HWND;
  pidgame:DWORD;
  hprocess:HWND;
  chessdata:DWORD;
  readbyte:DWORD;
  meney:DWORD;

begin
    meney:=10000;
  //获取游戏窗口句柄
    hGame:=Findwindow(nil,'Red Alert 2');
    //获取游戏进程 PID
    windows.GetWindowThreadProcessId(hGame,PidGame) ;
    //获取游戏进程句柄
    hProcess:=windows.OpenProcess(windows.PROCESS_ALL_ACCESS,false,PidGame);
      if hgame<>0 then Label1.Caption:='游戏运行中'

      else
      Label1.Caption:='游戏未启动';

      if CheckBox1.Checked then  //写数据
      meneyxg;
    //  WriteProcessMemory(hprocess,Pointer($00a1e0c4),@ChessData,4,readbyte);



      //读出数据
      ReadProcessMemory(hProcess,Pointer($00a1e0c4),@ChessData,4,readByte);
      ReadProcessMemory(hProcess,Pointer(ChessData+$24c),@ChessData,4,readByte);

      if Label1.Caption='游戏运行中' then Label2.Caption:='金钱:'+IntToStr(chessdata)
      else
      Label2.Caption:='';

       //释放进程句柄
      CloseHandle(Hprocess);
end;



  procedure meneyxg();
var
hgame:HWND;
  pidgame:DWORD;
  hprocess:HWND;
  chessdata:DWORD;
  readbyte:DWORD;
  money:DWORD;
begin
     //  ChessData:=1000;
  //获取游戏窗口句柄
    hGame:=Findwindow(nil,'Red Alert 2');
    //获取游戏进程 PID
    windows.GetWindowThreadProcessId(hGame,PidGame) ;
    //获取游戏进程句柄
    hProcess:=windows.OpenProcess(windows.PROCESS_ALL_ACCESS,false,PidGame);
    ReadProcessMemory(hProcess,Pointer($a1e0c4),@ChessData,4,readByte);
     money:=10000;
    WriteProcessMemory(hprocess,Pointer(ChessData+$24c),@money,4,readbyte);          //释放进程句柄
      CloseHandle(Hprocess);
end;
读完这篇文章后,您心情如何?
0
0
0
0
0
0
0
0
本文网址: