📄 unit1.pas
字号:
{$ifdef debug}
showmessage('A suitable window has been found. It''s thread is '+IntToStr(possiblewinhandle));
{$endif}
{$ifdef debug}
showmessage('Loading the CEHook.dll file');
{$endif}
CEHOOKDLL:=LoadLibrary('CEHook.dll');
if CEHOOKDLL=0 then exit;
{$ifdef debug}
showmessage('Dll has been loaded. DLLHandle='+IntToStr(cehookdll));
{$endif}
{$ifdef debug}
showmessage('Going to find the MyHook function');
{$endif}
//still here so the dll is loaded
CEScanProcAddress:=GetProcAddress(CEHOOKDLL,'MyHook');
if (CEScanProcAddress=nil) then//something went wrong (dont know why though)
begin
{$ifdef debug}
showmessage('The MyHook api was not found');
{$endif}
FreeLibrary(CEHOOKDLL);
exit;
end;
{$ifdef debug}
showmessage('MyHook function found:'+IntToHex(dword(CEScanProcAddress),8));
{$endif}
hyperscanview.startaddress:=processid; //use the startaddress to identify the target process. (so dont do CE)
hyperscanview.mainformhandle:=handle;
{$ifdef debug}
showmessage('Calling SetwindowsHookEx using the threadid from the window I found');
{$endif}
hyperscanview.scanning:=false;
CEScanHook:=setwindowshookex(WH_CALLWNDPROCRET ,CEScanProcAddress,CEHOOKDLL,{GetWindowThreadProcessId(possiblewinhandle,@winprocess)}0); //just to get the dll inside the process
hyperscanview.StopAddress:=CEScanhook;
{$ifdef debug}
showmessage('The result of CEScanHook is '+IntToStr(CEScanHook));
{$endif}
hyperscanview.formscanningHandle:=CEScanHook;
SendMessage(possiblewinhandle,wm_user+666,$33333333,0);
{$ifdef debug}
showmessage('Going to send the target window the message to initialize');
{$endif}
i:=0;
while (not hyperscanview.scanning) and (i<500) do
begin
sleep(10);
inc(i);
end;
UnhookWindowsHookEx(CEScanHook);
FreeLibrary(CEHOOKDLL);
hyperscanview.scanning:=false;
if i>=500 then
begin
hyperscanenabled:=false;
speedhackenableD:=false;
end;
//SendMessage(possiblewinhandle,wm_user+666,$33333333,0);
hyperscanwindow:=hyperscanview.hyperscanwindow;
if speedhackenabled then
sendmessage(hyperscanwindow,wm_user+4,0,0); //enable speedhack
hypermode:=true;
*)
end;
procedure Tform1.SetReadWriteBreakpoint(address: dword; size: dword);
var mbi: _Memory_Basic_Information;
i: integer;
ct: _context;
regsinuse: integer;
olda,olds: dword;
dr: dword;
procedure Set4bytebreak;
begin
case regsinuse of
0: begin
ct.dr0:=address;
ct.dr7:=ct.dr7 or reg0set or reg0rw or debugexact or reg0len4;
end;
1: begin
ct.dr1:=address;
ct.dr7:=ct.Dr7 or reg1set or reg1rw or debugexact or reg1len4;
end;
2: begin
ct.Dr2:=address;
ct.dr7:=ct.dr7 or reg2set or reg2rw or debugexact or reg2len4;
end;
3: begin
ct.Dr3:=address;
ct.dr7:=ct.dr7 or reg3set or reg3rw or debugexact or reg3len4;
end;
end;
inc(address,4);
dec(size,4);
inc(regsinuse);
end;
procedure Set2bytebreak;
begin
case regsinuse of
0: begin
ct.dr0:=address;
ct.dr7:=ct.dr7 or reg0set or reg0rw or debugexact or reg0len2;
end;
1: begin
ct.dr1:=address;
ct.dr7:=ct.Dr7 or reg1set or reg1rw or debugexact or reg1len2;
end;
2: begin
ct.Dr2:=address;
ct.dr7:=ct.dr7 or reg2set or reg2rw or debugexact or reg2len2;
end;
3: begin
ct.Dr3:=address;
ct.dr7:=ct.dr7 or reg3set or reg3rw or debugexact or reg3len2;
end;
end;
inc(address,2);
dec(size,2);
inc(regsinuse);
end;
procedure Set1bytebreak;
begin
case regsinuse of
0: begin
ct.dr0:=address;
ct.dr7:=ct.dr7 or reg0set or reg0rw or debugexact;
end;
1: begin
ct.dr1:=address;
ct.dr7:=ct.Dr7 or reg1set or reg1rw or debugexact;
end;
2: begin
ct.Dr2:=address;
ct.dr7:=ct.dr7 or reg2set or reg2rw or debugexact;
end;
3: begin
ct.Dr3:=address;
ct.dr7:=ct.dr7 or reg3set or reg3rw or debugexact;
end;
end;
inc(address);
dec(size);
inc(regsinuse);
end;
resourcestring strAccessed='The following opcodes accessed the selected address';
var rd: dword;
tmp: byte;
begin
//check if you can read address to address+size
readprocessmemory(processhandle,pointer(address),@tmp,1,rd);
if rd<>1 then raise exception.Create(strAddressHasToBeReadable);
olda:=address;
olds:=size;
zeromemory(@ct,sizeof(ct));
ct.ContextFlags:=CONTEXT_DEBUG_REGISTERS;
if settings.usedebugregs then
begin
regsinuse:=0;
ct.dr7:=0;
while (regsinuse<4) and (size>0) do
begin
if size>=4 then
begin
if (address mod 4)>0 then
begin
if (address mod 2)>0 then
begin
set1bytebreak; //watch on a byte
continue;
end
else
begin
set2bytebreak;
continue;
end;
end
else
begin
set4bytebreak;
continue;
end;
end;
if size>=2 then
begin
if (address mod 2)>0 then
begin
set1bytebreak; //watch on a byte
continue;
end
else
begin
set2bytebreak;
continue;
end;
end;
if size=1 then
set1bytebreak;
end;
// ct.dr7:=$D0303;
debuggerthread.DRRegs:=ct;
debuggerthread.Suspend;
for i:=0 to length(debuggerthread.threadlist)-1 do
begin
suspendthread(debuggerthread.threadlist[i][1]);
if not SetThreadContext(debuggerthread.threadlist[i][1],debuggerthread.DRRegs) then showmessage('failed 2');
resumethread(debuggerthread.threadlist[i][1]);
end;
debuggerthread.FindWriter2:=true;
debuggerthread.Resume;
end
else
begin
//dont use debug regs
virtualqueryEx(processhandle,pointer(address),mbi,sizeof(mbi));
debugger.DebuggerThread.findreader.pagebase:=dword(mbi.BaseAddress);
debugger.DebuggerThread.findreader.pagesize:=dword(mbi.RegionSize);
debugger.DebuggerThread.findreader.Address:=address;
debugger.DebuggerThread.findreader.size:=size;
DebuggerThread.findreaderset:=true;
DebuggerThread.alsowrites:=true;
VirtualProtectEx(processhandle,pointer(address),size,PAGE_NOACCESS,debugger.DebuggerThread.findreader.originalprotection);
end;
end;
procedure Tform1.SetReadBreakpoint(address: dword; size: dword);
var mbi: _Memory_Basic_Information;
i: integer;
tmp:byte;
rD:dword;
resourcestring strOpcodeRead='The following opcodes read from the selected address';
begin
readprocessmemory(processhandle,pointer(address),@tmp,1,rd);
if rd<>1 then raise exception.Create(strAddressHasToBeReadable);
virtualqueryEx(processhandle,pointer(address),mbi,sizeof(mbi));
debugger.DebuggerThread.findreader.pagebase:=dword(mbi.BaseAddress);
debugger.DebuggerThread.findreader.pagesize:=dword(mbi.RegionSize);
debugger.DebuggerThread.findreader.Address:=address;
debugger.DebuggerThread.findreader.size:=size;
DebuggerThread.findreaderset:=true;
VirtualProtectEx(processhandle,pointer(address),size,PAGE_NOACCESS,debugger.DebuggerThread.findreader.originalprotection);
end;
procedure TForm1.SetWriteBreakpoint(address: dword; size: dword);
var mbi: _Memory_Basic_Information;
i: integer;
ct: _context;
regsinuse: integer;
olda,olds: dword;
dr: dword;
procedure Set4bytebreak;
begin
case regsinuse of
0: begin
ct.dr0:=address;
ct.dr7:=ct.dr7 or reg0set or reg0w or debugexact or reg0len4;
end;
1: begin
ct.dr1:=address;
ct.dr7:=ct.Dr7 or reg1set or reg1w or debugexact or reg1len4;
end;
2: begin
ct.Dr2:=address;
ct.dr7:=ct.dr7 or reg2set or reg2w or debugexact or reg2len4;
end;
3: begin
ct.Dr3:=address;
ct.dr7:=ct.dr7 or reg3set or reg3w or debugexact or reg3len4;
end;
end;
inc(address,4);
dec(size,4);
inc(regsinuse);
end;
procedure Set2bytebreak;
begin
case regsinuse of
0: begin
ct.dr0:=address;
ct.dr7:=ct.dr7 or reg0set or reg0w or debugexact or reg0len2;
end;
1: begin
ct.dr1:=address;
ct.dr7:=ct.Dr7 or reg1set or reg1w or debugexact or reg1len2;
end;
2: begin
ct.Dr2:=address;
ct.dr7:=ct.dr7 or reg2set or reg2w or debugexact or reg2len2;
end;
3: begin
ct.Dr3:=address;
ct.dr7:=ct.dr7 or reg3set or reg3w or debugexact or reg3len2;
end;
end;
inc(address,2);
dec(size,2);
inc(regsinuse);
end;
procedure Set1bytebreak;
begin
case regsinuse of
0: begin
ct.dr0:=address;
ct.dr7:=ct.dr7 or reg0set or reg0w or debugexact;
end;
1: begin
ct.dr1:=address;
ct.dr7:=ct.Dr7 or reg1set or reg1w or debugexact;
end;
2: begin
ct.Dr2:=address;
ct.dr7:=ct.dr7 or reg2set or reg2w or debugexact;
end;
3: begin
ct.Dr3:=address;
ct.dr7:=ct.dr7 or reg3set or reg3w or debugexact;
end;
end;
inc(address);
dec(size);
inc(regsinuse);
end;
var rd: dword;
tmp: byte;
resourcestring strOpcodeChanged='The following opcodes changed the selected address';
begin
//check if you can read address to address+size
readprocessmemory(processhandle,pointer(address),@tmp,1,rd);
if rd<>1 then raise exception.Create(strAddressHasToBeReadable);
olda:=address;
olds:=size;
zeromemory(@ct,sizeof(ct));
ct.ContextFlags:=CONTEXT_DEBUG_REGISTERS;
if settings.usedebugregs then
begin
regsinuse:=0;
ct.dr7:=0;
while (regsinuse<4) and (size>0) do
begin
if size>=4 then
begin
if (address mod 4)>0 then
begin
if (address mod 2)>0 then
begin
set1bytebreak; //watch on a byte
continue;
end
else
begin
set2bytebreak;
continue;
end;
end
else
begin
set4bytebreak;
continue;
end;
end;
if size>=2 then
begin
if (address mod 2)>0 then
begin
set1bytebreak; //watch on a byte
continue;
end
else
begin
set2bytebreak;
continue;
end;
end;
if size=1 then
set1bytebreak;
end;
// ct.dr7:=$D0303;
debuggerthread.DRRegs:=ct;
debuggerthread.Suspend;
for i:=0 to length(debuggerthread.threadlist)-1 do
begin
suspendthread(debuggerthread.threadlist[i][1]);
if not SetThreadContext(debuggerthread.threadlist[i][1],debuggerthread.DRRegs) then showmess⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -