想写一个简单的内存注册机,
1 写入制定地址 cc
2 等待异常处理,
可是这个代码 不写 cc进去 也弹不出来 调用程序的界面,
跟踪进去好像停在
WaitForDebugEvent(DBEvent, INFINITE);
上了,
老大们帮忙看看 代码,
procedure TForm1.Button3Click(Sender: TObject);
var
filename: string;
StartupInfo: TStartupInfo;
pi: TProcessInformation;
WhileDoflag: bool;
DBEvent: TDebugEvent;
regs: Tcontext;
dwState, oldpp, breakpoint, number: DWORD;
dwoldbyte: byte;
svalue: array[1..256] of char;
begin
breakpoint := $1012475;
fillchar(StartupInfo, sizeof(StartupInfo), #0);
with StartupInfo do
begin
cb := Sizeof(TStartupInfo);
dwFlags := STARTF_USESHOWWINDOW;
wShowWindow := SW_NORMAL;
end;
dwoldbyte := $CC;
WhileDoflag := true;
filename := 'D:\mycode\c.exe';
if not CreateProcess(nil, Pchar(filename), nil, nil, false, (DEBUG_PROCESS), nil, nil, StartupInfo, pi) then
exit;
regs.ContextFlags := CONTEXT_FULL or CONTEXT_DEBUG_REGISTERS;
while whiledoflag do
begin
WaitForDebugEvent(DBEvent, INFINITE);
dwState := DBG_EXCEPTION_NOT_HANDLED;
case DBEvent.dwDebugEventCode of
CREATE_PROCESS_DEBUG_EVENT:
begin
dwstate := DBG_CONTINUE;
// ReadProcessMemory(pi.hProcess, Pointer(breakpoint), pointer(@svalue[1]), 255, number);
// WriteProcessMemory(pi.hProcess, Pointer(breakpoint), pointer(dwoldbyte), 1, number);
// WriteProcessMemory(pi.hProcess, Pointer(breakpoint+1), pointer(dwoldbyte), 1, number);
end;
EXIT_PROCESS_DEBUG_EVENT:
begin
whiledoflag := false;
end;
EXCEPTION_DEBUG_EVENT:
begin
if DBEvent.Exception.ExceptionRecord.ExceptionCode = EXCEPTION_BREAKPOINT then
begin
GetThreadContext(pi.hThread, Regs);
if regs.Eip = $01012475 then
begin
regs.Eip := regs.eip - 1;
SetThreadContext(pi.hThread, Regs);
end;
end;
dwstate := DBG_CONTINUE;
end;
end;
ContinuedebugEvent(pi.dwProcessId, pi.dwThreadId, dwState);
end;
closehandle(pi.hProcess);
CloseHandle(pi.hThread);
end;
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
