3个 API函数
GetWindowThreadProcessId :获取进程ID
OpenProcess :获取进程句柄
ReadProcessMemory :读出指定进程 指定位置 的数据到缓冲区
DWORD GetWindowThreadProcessId(
HWND hWnd, // 窗口句柄 由FindWindow获取
LPDWORD lpdwProcessId // 存放进程ID的 变量
);
HANDLE OpenProcess(
DWORD dwDesiredAccess, // PROCESS_VM_READ or PROCESS_VM_WRITE 访问权限
BOOL bInheritHandle, // 这个是继承标志 在这里 为false
DWORD dwProcessId // 进程ID 由GetWindowThreadProcessId 获取
);
BOOL ReadProcessMemory(
HANDLE hProcess, // 进程句柄 由OpenProcess函数获取
LPCVOID lpBaseAddress, // 要读出数据的地址:$47d814
LPVOID lpBuffer, // 用于存放读取数据的地址:sitNum
DWORD nSize, // 要读出的数据大小 4
LPDWORD lpNumberOfBytesRead // 读出数据的实际大小
);
一.读指定进程内存:ReadProcessMemory
此函数的定义为:function ReadProcessMemory(hProcess: THandle; const lpBaseAddress: Pointer; lpBuffer: Pointer; nSize: DWORD; var lpNumberOfBytesRead: DWORD): BOOL; stdcall;
hProcess指向被读取内存的进程的句柄,此句柄必须有PROCESS_VM_READ权限.
lpBaseAddress:指向被读取的内存在进程中基地址的指针.
lpBuffer:指向用于保存读出数据的缓冲区的指针.
nSize:指定从指定进程中要读取的字节数.
lpNumberOfBytesRead:指向读出数据的实际字节数.
二.写指定进程内存:WriteProcessMemory
此函数的定义为:function WriteProcessMemory(hProcess: THandle; const lpBaseAddress: Pointer; lpBuffer: Pointer; nSize: DWORD; var lpNumberOfBytesWritten: DWORD): BOOL; stdcall;
参数含义同ReadProcessMemory,其中hProcess句柄要有对进程的PROCESS_VM_WRITE和PROCESS_VM_OPERATION权限.lpBuffer为要写到指定进程的数据的指针.
procedure TForm1.Timer1Timer(Sender: TObject);
var
hgame:HWND;
pidgame:DWORD;
hprocess:HWND;
chessdata:DWORD;
readbyte:DWORD;
meney:DWORD;
begin
meney:=10000;
//获取游戏窗口句柄
hGame:=Findwindow(nil,'Red Alert 2');
//获取游戏进程 PID
windows.GetWindowThreadProcessId(hGame,PidGame) ;
//获取游戏进程句柄
hProcess:=windows.OpenProcess(windows.PROCESS_ALL_ACCESS,false,PidGame);
if hgame<>0 then Label1.Caption:='游戏运行中'
else
Label1.Caption:='游戏未启动';
if CheckBox1.Checked then //写数据
meneyxg;
// WriteProcessMemory(hprocess,Pointer($00a1e0c4),@ChessData,4,readbyte);
//读出数据
ReadProcessMemory(hProcess,Pointer($00a1e0c4),@ChessData,4,readByte);
ReadProcessMemory(hProcess,Pointer(ChessData+$24c),@ChessData,4,readByte);
if Label1.Caption='游戏运行中' then Label2.Caption:='金钱:'+IntToStr(chessdata)
else
Label2.Caption:='';
//释放进程句柄
CloseHandle(Hprocess);
end;
procedure meneyxg();
var
hgame:HWND;
pidgame:DWORD;
hprocess:HWND;
chessdata:DWORD;
readbyte:DWORD;
money:DWORD;
begin
// ChessData:=1000;
//获取游戏窗口句柄
hGame:=Findwindow(nil,'Red Alert 2');
//获取游戏进程 PID
windows.GetWindowThreadProcessId(hGame,PidGame) ;
//获取游戏进程句柄
hProcess:=windows.OpenProcess(windows.PROCESS_ALL_ACCESS,false,PidGame);
ReadProcessMemory(hProcess,Pointer($a1e0c4),@ChessData,4,readByte);
money:=10000;
WriteProcessMemory(hprocess,Pointer(ChessData+$24c),@money,4,readbyte); //释放进程句柄
CloseHandle(Hprocess);
end;
关键字词:
