-
-
[求助]32位汇编创建远程线程
-
发表于: 2009-7-19 19:32
-
研究了一个晚上.实在是跟DELPHI是天差地别.
看了一下Delphi的 远程线程创建 挺简单的.用汇编就不会了
请高手指点一下 一二.再次先谢过了.
.386
.model flat,stdcall
option casemap:none
;INC
include windows.inc
include user32.inc
include kernel32.inc
;LIB
includelib user32.lib
includelib kernel32.lib
DLG_MAIN EQU 101
DLG_BUTTON EQU 1000
DLG_BUTTON1 equ 1001
IDD_TIMER1 equ 1050
;==============================================================未初始化变量
.data?
hInstance dd ?
FindName dd ?
ThreadID dd ?
hWinMain dd ?
GameHwnd dd ?
PID dd ?
openHandle dd ?
ProcAdress dd ?
NumberofByte dd ?
RemoteHandle dd ?
;==============================================================初始化过的变量
.data
Other db '游戏找CALL练习实例one',0
NotFind db 'Can Not Find The Game!',0
FindSuccess db 'The Game FindSuccess!',0
OpenErr db 'Can Not Open The Process!',0
OpenTitle db 'Error',0
All_Ready db ',All_Of_Ready!',0
Gpoint db '00452e98h',0
.code
;========================================================寻找游戏窗口==============
_RemoteCall proc
local Pointer:ADDRESS
mov Pointer.Offset1,00452e98
call @f
@@:
mov eax,00951FACh
mov edx,00453028h
call Pointer
_RemoteCall endp
_FindWindow proc
invoke FindWindow,NULL,offset Other
.if eax
mov GameHwnd,eax
invoke SetWindowText,hWinMain,offset FindSuccess
invoke KillTimer,hWinMain,IDD_TIMER1
.else
invoke SetWindowText,hWinMain,offset NotFind
.endif
ret
_FindWindow endp
;====================================================消息循环=================
_ProcMain proc uses ebx edi esi Hwnd,uMsg,wParam,lParam
mov eax,uMsg
.if eax == WM_CLOSE
invoke EndDialog,Hwnd,NULL
.elseif eax == WM_INITDIALOG
push Hwnd
pop hWinMain
invoke SetTimer,Hwnd,IDD_TIMER1,1000,offset _FindWindow
.elseif eax == WM_COMMAND
mov eax,wParam
.if eax == DLG_BUTTON
invoke GetWindowThreadProcessId,GameHwnd,offset PID
invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,PID
mov openHandle,eax
.if !eax
invoke MessageBox,Hwnd,offset OpenErr,offset OpenTitle,MB_ICONERROR
.else
invoke SetWindowText,Hwnd,offset All_Ready
.endif
.elseif eax == DLG_BUTTON1
invoke VirtualAllocEx,openHandle,NULL,128,MEM_COMMIT,PAGE_EXECUTE_READWRITE
mov ProcAdress,eax
invoke WriteProcessMemory,openHandle,ProcAdress,Gpoint,12,NumberofByte
mov eax,ProcAdress
add eax,offset _RemoteCall
invoke CreateRemoteThread,openHandle,NULL,0,ProcAdress,NULL,0,NumberofByte
mov RemoteHandle,eax
invoke WaitForSingleObject,RemoteHandle,INFINITE
invoke CloseHandle,RemoteHandle
invoke VirtualFreeEx,openHandle,ProcAdress,12,MEM_RELEASE
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_ProcMain endp
;=================================================开始执行代码================================
start:
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke DialogBoxParam,hInstance,DLG_MAIN,NULL,offset _ProcMain,NULL
invoke ExitProcess,NULL
end start
看了一下Delphi的 远程线程创建 挺简单的.用汇编就不会了
请高手指点一下 一二.再次先谢过了.
.386
.model flat,stdcall
option casemap:none
;INC
include windows.inc
include user32.inc
include kernel32.inc
;LIB
includelib user32.lib
includelib kernel32.lib
DLG_MAIN EQU 101
DLG_BUTTON EQU 1000
DLG_BUTTON1 equ 1001
IDD_TIMER1 equ 1050
;==============================================================未初始化变量
.data?
hInstance dd ?
FindName dd ?
ThreadID dd ?
hWinMain dd ?
GameHwnd dd ?
PID dd ?
openHandle dd ?
ProcAdress dd ?
NumberofByte dd ?
RemoteHandle dd ?
;==============================================================初始化过的变量
.data
Other db '游戏找CALL练习实例one',0
NotFind db 'Can Not Find The Game!',0
FindSuccess db 'The Game FindSuccess!',0
OpenErr db 'Can Not Open The Process!',0
OpenTitle db 'Error',0
All_Ready db ',All_Of_Ready!',0
Gpoint db '00452e98h',0
.code
;========================================================寻找游戏窗口==============
_RemoteCall proc
local Pointer:ADDRESS
mov Pointer.Offset1,00452e98
call @f
@@:
mov eax,00951FACh
mov edx,00453028h
call Pointer
_RemoteCall endp
_FindWindow proc
invoke FindWindow,NULL,offset Other
.if eax
mov GameHwnd,eax
invoke SetWindowText,hWinMain,offset FindSuccess
invoke KillTimer,hWinMain,IDD_TIMER1
.else
invoke SetWindowText,hWinMain,offset NotFind
.endif
ret
_FindWindow endp
;====================================================消息循环=================
_ProcMain proc uses ebx edi esi Hwnd,uMsg,wParam,lParam
mov eax,uMsg
.if eax == WM_CLOSE
invoke EndDialog,Hwnd,NULL
.elseif eax == WM_INITDIALOG
push Hwnd
pop hWinMain
invoke SetTimer,Hwnd,IDD_TIMER1,1000,offset _FindWindow
.elseif eax == WM_COMMAND
mov eax,wParam
.if eax == DLG_BUTTON
invoke GetWindowThreadProcessId,GameHwnd,offset PID
invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,PID
mov openHandle,eax
.if !eax
invoke MessageBox,Hwnd,offset OpenErr,offset OpenTitle,MB_ICONERROR
.else
invoke SetWindowText,Hwnd,offset All_Ready
.endif
.elseif eax == DLG_BUTTON1
invoke VirtualAllocEx,openHandle,NULL,128,MEM_COMMIT,PAGE_EXECUTE_READWRITE
mov ProcAdress,eax
invoke WriteProcessMemory,openHandle,ProcAdress,Gpoint,12,NumberofByte
mov eax,ProcAdress
add eax,offset _RemoteCall
invoke CreateRemoteThread,openHandle,NULL,0,ProcAdress,NULL,0,NumberofByte
mov RemoteHandle,eax
invoke WaitForSingleObject,RemoteHandle,INFINITE
invoke CloseHandle,RemoteHandle
invoke VirtualFreeEx,openHandle,ProcAdress,12,MEM_RELEASE
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_ProcMain endp
;=================================================开始执行代码================================
start:
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke DialogBoxParam,hInstance,DLG_MAIN,NULL,offset _ProcMain,NULL
invoke ExitProcess,NULL
end start
