使用内存读取函数:ReadProcessMemory
procedure TForm1.Button2Click(Sender: TObject);
var
hProcess,iRead:Cardinal;
hgl:HGLOBAL;
Buffer: Pointer;
begin
memo1.Text :=''; //清空memo1.text中内容
GetMem(Buffer,1024); //申请内存空间1024字节用来存放字符串
// 我这里就使用自己进程来做演示了,如果是木马需要获取游戏进程的PID
hProcess := OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_OPERATION Or PROCESS_VM_READ Or PROCESS_VM_WRITE, false, GetCurrentProcessId);
// 读取内存字符串
if ReadProcessMemory(hProcess,Pointer($00148148),Buffer,1024,iRead) then
memo1.Lines.Add('Edit1.txt中的内容为:'+PChar(Buffer));
if ReadProcessMemory(hProcess,Pointer($00148180),Buffer,1024,iRead) then
memo1.Lines.Add('Edit2.txt中的内容为:'+PChar(Buffer));
// 释放资源
FreeMem(Buffer,1024);
end;
字符串在内存地址中的位置可以提前搜索好!
原创文章如转载,请注明:转载自心动吧DELPHI网络书 [ http://www.abcxd.com/delphi/ ]
本文链接地址:http://www.abcxd.com/delphi/abcxddelphi/DELPHIHACKER/shiyongneicunduquhanshuReadProcessMemory.html