📄 gpkernel.pas
字号:
begin
if Length(scanvalue)>255 then raise Exception.create(Format(String_InvalidString,[scanvalue]));
end;
end;//if end;
////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
InSearchProcess:=True;
Searchtimes:=1;
NowProcess:=0;
AttachedNum:=0;
OldScanType:=ScanType;
OldVarType:=VarType;
AddressMemStream.Seek(0,soFromBeginning);
/////////Lets Real Start !真正开始!!!!!!!!!!!!!!!!!!!!!!!!!!!!!//////////
////////////////////////////////////////////////////////////
if ScanType=Number_Scan then
begin
Time1:=GetTickCount;
if vartype=Byte_value then //byte
begin
for i:=0 to memoryregionsIndex-1 do
begin
TempLength:=MemoryRegions[i].MemorySize;
TempSize:=TempLength;
if not ReadProcessMemory(ProcessHandle,pointer(MemoryRegions[i].BaseAddress),@ReadMemory_ArrayByte,TempLength,actualread) then continue;
begin
if (actualread>0) then
begin
TempSize:=actualread;
for j:=0 to TempSize-1 do
begin
if ReadMemory_ArrayByte[j]=ByteValue then
begin
inc(AttachedNum);
tempAddress:=MemoryRegions[i].BaseAddress+j;
AddressmemStream.WriteBuffer(tempAddress,Sizeof(tempAddress));
end;
end;
end;
end;
inc(NowProcess,MemoryRegions[i].MemorySize);
end;
end; //byte end
if vartype=Word_value then //word
begin
for i:=0 to MemoryRegionsIndex-1 do
begin
for k:=0 to 1 do //k表示错位组合成类型
begin
TempLength:=(MemoryRegions[i].MemorySize-k);
TempSize:=TempLength shr 1;
if not ReadProcessMemory(processhandle,pointer(MemoryRegions[i].BaseAddress+k),@ReadMemory_ArrayWord,TempLength,actualread) then continue;
if actualread>0 then
begin
TempSize:=actualread shr 1;
for j:=0 to TempSize-1 do
begin
if ReadMemory_ArrayWord[j]=wordvalue then
begin
inc(AttachedNum);
tempAddress:=(MemoryRegions[i].BaseAddress+k)+j*2;
AddressmemStream.WriteBuffer(tempAddress,Sizeof(tempAddress));
end;
end;
end;
end;
inc(NowProcess,MemoryRegions[i].MemorySize);
end;
end; //word end
if vartype=Dword_value then //dword
begin
for i:=0 to MemoryRegionsIndex-1 do
begin
for k:=0 to 3 do //k表示错位组合成类型
begin
TempLength:=(MemoryRegions[i].MemorySize-k);
TempSize:=TempLength shr 2;
////////内存随时在变化,故判断,绝对经验
if not ReadProcessMemory(processhandle,pointer(MemoryRegions[i].BaseAddress+k),@ReadMemory_ArrayDWORD,TempLength,actualread) then continue;
if actualread>0 then
begin
TempSize:=actualread shr 2;
for j:=0 to TempSize-1 do
begin
if Readmemory_ArrayDWord[j]=Dwordvalue then
begin
inc(AttachedNum);
tempAddress:=(MemoryRegions[i].BaseAddress+k)+j*4;
AddressmemStream.WriteBuffer(tempAddress,Sizeof(tempAddress));
end;
end;
end;
end;
inc(NowProcess,MemoryRegions[i].MemorySize);
end;
end; ///dword
if vartype=Int64_value then //int64
begin
Time1:=GetTickCount;
for i:=0 to MemoryRegionsIndex-1 do
begin
for k:=0 to 7 do //k表示错位组合成类型
begin
TempLength:=(MemoryRegions[i].MemorySize-k);
TempSize:=TempLength shr 3;
if not ReadProcessMemory(processhandle,pointer(MemoryRegions[i].BaseAddress+k),@ReadMemory_Arrayint64,TempLength,actualread) then continue;
if actualread>0 then
begin
TempSize:=actualread shr 3;
for j:=0 to TempSize-1 do
begin
if Readmemory_Arrayint64[j]=int64value then
begin
inc(AttachedNum);
tempAddress:=(MemoryRegions[i].BaseAddress+k)+j*8;
AddressmemStream.WriteBuffer(tempAddress,Sizeof(tempAddress));
end;
end;
end;
end;
inc(NowProcess,MemoryRegions[i].MemorySize);
end;
end; //int64 end
if vartype=Single_value then //Single
begin
PHelpSingleDword:=@singlevalue;
HelpSingleDword1:=(PHelpSingleDword^ shr 23);
for i:=0 to MemoryRegionsIndex-1 do
begin
for k:=0 to 3 do //k表示错位组合成类型
begin
TempLength:=(MemoryRegions[i].MemorySize-k);
TempSize:=TempLength shr 2;
if not ReadProcessMemory(processhandle,pointer(MemoryRegions[i].BaseAddress+k),@ReadMemory_ArraysingleDword,TempLength,actualread) then continue;
if actualread>0 then
begin
TempSize:=actualread shr 2;
for j:=0 to TempSize-1 do
begin
///single的1位符号位与8位指数为相同
HelpsingleDWord2:=ReadMemory_ArraysingleDword[j] shr 23;
if helpsingleDWord2=helpsingleDWord1 then
begin
inc(AttachedNum);
tempAddress:=(MemoryRegions[i].BaseAddress+k)+j*4;
AddressmemStream.WriteBuffer(tempAddress,Sizeof(tempAddress));
end;
end;
end;
end; //for all loop
inc(NowProcess,MemoryRegions[i].MemorySize);
end; //for all MemoryrangesIndex
end; ///single end
if vartype=Double_value then //Double
begin
PHelpDoubleint64:=@Doublevalue;
HelpDoubleint641:=(PHelpDoubleInt64^ shr 52);
for i:=0 to MemoryRegionsIndex-1 do
begin
for k:=0 to 7 do //k表示错位组合成类型
begin
TempLength:=(MemoryRegions[i].MemorySize-k);
TempSize:=TempLength shr 3;
if not ReadProcessMemory(processhandle,pointer(MemoryRegions[i].BaseAddress+k),@ReadMemory_ArrayDoubleInt64,TempLength,actualread) then continue;
if actualread>0 then
begin
TempSize:=actualread shr 3;
for j:=0 to TempSize-1 do
begin
///double的1位符号位与11位指数为相同
HelpDoubleInt642:=ReadMemory_ArrayDoubleInt64[j] shr 52;
if helpDoubleInt642=helpDoubleInt641 then
begin
inc(AttachedNum);
tempAddress:=(MemoryRegions[i].BaseAddress+k)+j*8;
AddressmemStream.WriteBuffer(tempAddress,Sizeof(tempAddress));
end;
end;
end;
end; //for all loop
inc(NowProcess,MemoryRegions[i].MemorySize);
end; //for all MemoryrangesIndex
end; //double end
NowProcess:=totalProcess;
time2:=getTickCount;
CanUpdateTask:=messageBox(Application.handle,
pchar(Format(String_TaskResult,[name,AttachedNum,(Time2-Time1)/1000])), //pchar('任务:'+name+#13#10+'总共找到'+intToStr(AttachedNum)+'个结果 耗时'+FloattoStr((Time2-Time1)/1000)+'秒'),
pchar(String_TaskResultTitle),
MB_OK);
end; //Number_Scan end
//text String scan
if scantype=string_scan then
begin
time1:=getTickCount;
helpStringLength:=length(scanvalue);
for i:=0 to memoryregionsindex-1 do
begin
TempLength:=memoryregions[i].MemorySize;
TempSize:=TempLength;
if not readprocessmemory(processhandle,pointer(Memoryregions[i].BaseAddress),@ReadMemory_ArrayStringByte,Memoryregions[i].MemorySize,actualread) then continue;
if actualread>helpStringLength then
begin
CharToFind:=1;
TempSize:=actualread;
for j:=0 to TempSize-1 do
begin
if chr(ReadMemory_ArrayStringByte[j])=scanvalue[CharToFind] then
begin
inc(charToFind);
if CharToFind>=Dword(helpStringLength)+1 then //found the string
begin
inc(AttachedNum);
tempAddress:=(MemoryRegions[i].BaseAddress)+j-(helpStringLength-1);
AddressmemStream.WriteBuffer(tempAddress,Sizeof(tempAddress));
CharToFind:=1;
end;
end else CharToFind:=1;
end;
end;
inc(NowProcess,MemoryRegions[i].MemorySize);
end;
NowProcess:=totalProcess;
time2:=getTickCount;
CanUpdateTask:=messageBox(Application.handle,
pchar(Format(String_TaskResult,[name,AttachedNum,(Time2-Time1)/1000])), //pchar('任务:'+name+#13#10+'总共找到'+intToStr(AttachedNum)+'个结果 耗时'+FloattoStr((Time2-Time1)/1000)+'秒'),
pchar(String_TaskResultTitle),
MB_OK);
end;
///低阶扫描初始化(存放的是地址范围,以后存放具体地址)////////////
//if (scantype<>Number_scan) and (scantype<>String_scan) then
if (VarType=LowLevel_Value) then
begin
try
MemoryFileStream:=TFileStream.Create(MemoryFileName,fmCreate or FmShareDenyNone);
MemoryFileStream.Seek(0,soFrombeginning);
for i:=0 to memoryregionsindex-1 do
begin
TempLength:=MemoryRegions[i].MemorySize;
TempSize:=TempLength;
if not readprocessmemory(processhandle,pointer(Memoryregions[i].BaseAddress),@AdvancedReadMemory_ArrayByte,TempLength,actualread) then continue;
if actualread>0 then
begin
ActualWrite:=MemoryFileStream.Write(AdvancedReadMemory_ArrayByte,actualread);
Memoryregions[i].MemorySize:=ActualWrite;
AdvancedAddressMemStream.WriteBuffer(Memoryregions[i],Sizeof(Memoryregions[i]));
end;
inc(NowProcess,MemoryRegions[i].MemorySize);
end;
NowProcess:=totalProcess;
CanUpdateTask:=messageBox(Application.handle,
pchar(format(String_InitialLowLevel,[name])),
pchar(String_TaskResultTitle),
MB_OK);
finally
FreeAndNil(MemoryFileStream);
end;
end;
InSearchProcess:=False;
closehandle(ProcessHandle);
end;//with scan end;
end;
//////////////////////////////////////////////////////////////////////////////////////////
constructor TNextScanThread.Create(theIndex:integer);
begin
TheTaskIndex:=theIndex;
FreeOnTerminate:=True;
inherited Create(False);
end;
///////////////////第二次三次..的扫描///////////////////////////////////////////////////////////////
Procedure TNextScanThread.Execute;
var TempLength: DWORD;
TempAddress:Dword;
ReadMemory_Byte:Byte;
ReadMemory_Word:Word;
ReadMemory_DWord:Dword;
ReadMemory_Int64:Int64;
ReadMemory_SingleDword:Dword; //single length is same to dowrd
ReadMemory_DoubleInt64:int64; //Double length is same to int64
AdvancedReadMemory_Byte:Byte;
AdvancedReadFile_Byte:Byte;
AdvancedReadMemory_ArrayByte:Array[0..$FFFF] of Byte;
AdvancedReadFile_ArrayByte:Array[0..$FFFF] of Byte;
PhelpSingleDword:^Dword;
helpsingleDWord1:DWord; //存放原数的符号位与指数位
HelpSingleDword2:Dword;
PhelpDoubleint64:^int64;
helpDoubleint641:int64; //存放原数的符号位与指数位
HelpDoubleint642:int64;
ReadMemory_ArrayStringByte:Array[0..$FF] of Byte;
HelpStringLength:Byte;
chartoFind:integer;
Time1:Dword;
Time2:Dword;
i: integer;
j: integer;
k: integer;
ActualRead:Dword;
ByteValue: Byte;
WordValue: Word;
DWordValue: Dword;
Int64Value: Int64;
SingleValue: Single;
doubleValue: double;
AddressMemStreamNew:TmemoryStream; //新的每一个地址
TempSize:DWORD;
TempMemoryRegion:TmemoryRegion;
MemoryFileStream:TFileStream; ///低阶内存Readto memroyFilename
MemoryFileStreamNew:TFileStream; ////阶内存Readto memroyFilename
actualwrite:Dword;
begin
with theTask[theTaskIndex] do
begin
/////////////////////////////////////////////////
/////////////再次并得到最终数据/////////////////////////////////////////
if (scanType=Number_Scan)then
begin
if Vartype=Byte_value then
begin
val(scanvalue,bytevalue,i);
if i>0 then raise Exception.Create(Format(String_InvalidByte,[scanvalue]));
end;
if vartype=word_value then
begin
val(scanvalue,wordvalue,i);
if i>0 then raise Exception.Create(Format(String_InvalidWord,[scanvalue]));
end;
if vartype=dword_value then
begin
val(scanvalue,dwordvalue,i);
if i>0 then raise Exception.Create(Format(String_InvalidDword,[scanvalue]));
end;
if vartype=Int64_value then
begin
val(scanvalue,Int64value,i);
if i>0 then raise Exception.Create(Format(String_InvalidInt64,[scanvalue]));
end;
if vartype=single_value then
begin
val(scanvalue,singlevalue,i);
if i>0 then raise Exception.Create(Format(String_InvalidSingle,[scanvalue]));
end;
if vartype=double_value then
begin
val(scanvalue,doublevalue,i);
if i>0 then raise Exception.create(Format(String_InvalidDouble,[scanvalue]));
end;
if vartype=String_value then
begin
if Length(scanvalue)>255 then raise Exception.create(Format(String_InvalidString,[scanvalue]));
end;
end;//if end
////////////////////////////////////////////////////////////////////////////
InSearchProcess:=True;
INC(SearchTimes);
NowProcess:=0;
AttachedNum:=0;
OldScanType:=ScanType;
OldVarType:=VarType;
AddressMemStream.Seek(0,soFromBeginning);
AddressMemStreamNew:=TmemoryStream.Create;
/////////NextScan真正开始!!!!!!!!!!!!!!!!!!!!!!!!!!!!!//////////
////////////////////////////////////////////////////////////
if (scanType=number_Scan) then
begin
time1:=getTickCount;
////初始化
TempLength:=AddressMemStream.Size;
TempSize:=TempLength shr 2;
///按类型搜索
if vartype=Byte_value then //byte
begin
for i:=1 to TempSize do
begin
AddressMemStream.ReadBuffer(TempAddress,Sizeof(TempAddress));
if not ReadProcessMemory(ProcessHandle,pointer(TempAddress),@ReadMemory_Byte,1,actualread) then continue;
if (actualread>0) and (ReadMemory_Byte=ByteValue)then
begin
inc(AttachedNum);
AddressMemStreamNew.WriteBuffer(tempAddress,Sizeof(tempAddress));
end;
inc(NowProcess);
end;
end; //byte end
if vartype=Word_value then //Word
begin
for i:=1 to TempSize do
begin
AddressMemStream.ReadBuffer(TempAddress,Sizeof(TempAddress));
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -