📄 gpkernel.pas
字号:
if not ReadProcessMemory(ProcessHandle,pointer(TempAddress),@ReadMemory_Word,2,actualread)then continue;
if (actualread>0) and (ReadMemory_Word=WordValue)then
begin
inc(AttachedNum);
AddressMemStreamNew.WriteBuffer(tempAddress,Sizeof(tempAddress));
end;
inc(NowProcess);
end;
end; //word end
if vartype=DWord_value then //DWord
begin
for i:=1 to TempSize do
begin
AddressMemStream.ReadBuffer(TempAddress,Sizeof(TempAddress));
if not ReadProcessMemory(ProcessHandle,pointer(TempAddress),@ReadMemory_DWord,4,actualread) then continue;
if (actualread>0) and (ReadMemory_DWord=DWordValue)then
begin
inc(AttachedNum);
AddressMemStreamNew.WriteBuffer(tempAddress,Sizeof(tempAddress));
end;
inc(NowProcess);
end;
end; //dword end
if vartype=int64_value then //int64
begin
for i:=1 to TempSize do
begin
AddressMemStream.ReadBuffer(TempAddress,Sizeof(TempAddress));
if not ReadProcessMemory(ProcessHandle,pointer(TempAddress),@ReadMemory_int64,8,actualread) then continue;
if (actualread>0) and (ReadMemory_int64=int64Value)then
begin
inc(AttachedNum);
AddressMemStreamNew.WriteBuffer(tempAddress,Sizeof(tempAddress));
end;
inc(NowProcess);
end;
end; //int64 end
if vartype=Single_value then //Single
begin
PHelpSingleDword:=@singlevalue;
HelpSingleDword1:=(PHelpSingleDword^ shr 23);
for i:=1 to TempSize do
begin
AddressMemStream.ReadBuffer(TempAddress,Sizeof(TempAddress));
if not ReadProcessMemory(ProcessHandle,pointer(TempAddress),@ReadMemory_SingleDword,4,actualread)then continue;
if actualread>0 then
begin
///single的1位符号位与8位指数为相同
HelpsingleDWord2:=ReadMemory_singleDword shr 23;
if helpsingleDWord2=helpsingleDWord1 then
begin
inc(AttachedNum);
AddressMemStreamNew.WriteBuffer(tempAddress,Sizeof(tempAddress));
end;
inc(NowProcess);
end;
end; //for all loop
end; //single end
if vartype=Double_value then //Double
begin
PHelpDoubleInt64:=@Doublevalue;
HelpDoubleint641:=(PHelpDoubleInt64^ shr 52);
for i:=1 to TempSize do
begin
AddressMemStream.ReadBuffer(TempAddress,Sizeof(TempAddress));
if not ReadProcessMemory(ProcessHandle,pointer(TempAddress),@ReadMemory_DoubleInt64,8,actualread)then continue;
if actualread>0 then
begin
///Double的1位符号位与11位指数为相同
HelpDoubleint642:=ReadMemory_DoubleInt64 shr 52;
if HelpDoubleint642=HelpDoubleint641 then
begin
inc(AttachedNum);
AddressMemStreamNew.WriteBuffer(tempAddress,Sizeof(tempAddress));
end;
inc(NowProcess);
end;
end; //for all loop
end; ///double end
AddressMemStream.Clear;
AddressMemStream.CopyFrom(AddressMemStreamNew,0);
NowProcess:=totalProcess;
time2:=getTickCount;
CanUpdateTask:=messageBox(Application.handle,
pchar(Format(String_TaskResult,[name,AttachedNum,(Time2-Time1)/1000])),
pchar(String_TaskResultTitle),
MB_OK);
end; //Number_Scan end
//text String scan
if scantype=string_scan then
begin
time1:=getTickCount;
////初始化
TempLength:=AddressMemStream.Size;
TempSize:=TempLength shr 2;
helpStringLength:=length(scanvalue);
for i:=1 to TempSize do
begin
AddressMemStream.ReadBuffer(TempAddress,Sizeof(TempAddress));
if not readprocessmemory(processhandle,pointer(TempAddress),@ReadMemory_ArrayStringByte,helpStringLength,actualread)then continue;
if actualread>0 then
begin
CharToFind:=1;
for j:=0 to actualread-1 do
begin
if chr(ReadMemory_ArrayStringByte[j])=scanvalue[CharToFind] then
begin
inc(charToFind);
if CharToFind=Dword(helpStringLength)+1 then //found the string
begin
inc(AttachedNum);
AddressMemStreamNew.WriteBuffer(tempAddress,Sizeof(tempAddress));
CharToFind:=1;
end;
end else CharToFind:=1;
end;
end;
inc(NowProcess);
end;
NowProcess:=totalProcess;
time2:=getTickCount;
CanUpdateTask:=messageBox(Application.handle,
pchar(Format(String_TaskResult,[name,AttachedNum,(Time2-Time1)/1000])),
pchar(String_TaskResultTitle),
MB_OK);
AddressMemStream.Clear;
AddressMemStream.CopyFrom(AddressMemStreamNew,0);
end;
/////第二三..次低阶扫描低阶扫描(初始化存放的是地址范围,以后存放具体地址)/////////////////////////////////////////
///if (scantype<>number_scan) and (scantype<>String_Scan)and (scantype<>InitialLowLevel_Scan) then
if VarType=LowLevel_value then
begin
////初始化
if (SearchTimes=2) then
begin
TempLength:=AdvancedAddressMemStream.Size;
TempSize:=TempLength shr 3; ////Dword Address Dword Size
end else
begin
TempLength:=AddressMemStream.Size;
TempSize:=TempLength shr 2;
end;
MemoryFileStream:=TFileStream.Create(memoryFilename,fmOpenReadWrite or fmShareDenyNone);
MemoryFileStream.Seek(0,soFrombeginning);
MemoryFileStreamNew:=TFileStream.Create(memoryFilenameNew,fmCreate or fmOpenReadWrite or fmShareDenyNone);
MemoryFileStreamNew.Seek(0,soFrombeginning);
if SearchTimes=2 then
begin
time1:=GetTickCount;
AddressMemStream.Clear;
AdvancedAddressMemStream.Seek(0,soFromBeginning);
For i:=1 to TempSize do
begin
AdvancedAddressMemStream.ReadBuffer(TempMemoryRegion,8);
if not Readprocessmemory(processhandle,pointer(TempMemoryRegion.BaseAddress),@AdvancedReadMemory_ArrayByte,TempMemoryRegion.MemorySize,actualread) then continue;
MemoryFileStream.Read(AdvancedReadFile_ArrayByte,TempMemoryRegion.MemorySize);
For j:=0 to TempMemoryRegion.MemorySize-1 do
begin
Application.ProcessMessages;
//////_+++++//////////////////////////
if scantype=Increased_Scan then
begin
if AdvancedReadMemory_ArrayByte[j]>AdvancedReadFile_ArrayByte[j] then
begin
TempAddress:=TempMemoryRegion.BaseAddress+j;
AddressMemStream.WriteBuffer(TempAddress,Sizeof(TempAddress));
MemoryFileStreamNew.WriteBuffer(AdvancedReadMemory_ArrayByte[j],1);
inc(AttachedNum);
end;
Continue;
end;
/////////////////////////////////////
//////--------//////////////////////////
if scantype=Decreased_Scan then
begin
if AdvancedReadMemory_ArrayByte[j]<AdvancedReadFile_ArrayByte[j] then
begin
TempAddress:=TempMemoryRegion.BaseAddress+j;
AddressMemStream.WriteBuffer(TempAddress,Sizeof(TempAddress));
MemoryFileStreamNew.WriteBuffer(AdvancedReadMemory_ArrayByte[j],1);
inc(AttachedNum);
end;
Continue;
end;
/////////////////////////////////////
//////!!!!!!!!!!!!//////////////////////////
if scantype=Changed_Scan then
begin
if AdvancedReadMemory_ArrayByte[j]<>AdvancedReadFile_ArrayByte[j] then
begin
TempAddress:=TempMemoryRegion.BaseAddress+j;
AddressMemStream.WriteBuffer(TempAddress,Sizeof(TempAddress));
MemoryFileStreamNew.WriteBuffer(AdvancedReadMemory_ArrayByte[j],1);
inc(AttachedNum);
end;
Continue;
end;
/////////////////////////////////////
//////============//////////////////////////
if scantype=UnChanged_Scan then
begin
if AdvancedReadMemory_ArrayByte[j]=AdvancedReadFile_ArrayByte[j] then
begin
TempAddress:=TempMemoryRegion.BaseAddress+j;
AddressMemStream.WriteBuffer(TempAddress,Sizeof(TempAddress));
MemoryFileStreamNew.WriteBuffer(AdvancedReadMemory_ArrayByte[j],1);
inc(AttachedNum);
end;
Continue;
end;
end;///for end
////////////////////////////////////
inc(NowProcess);
end; ///大循环
NowProcess:=totalProcess;
Time2:=getTickCount;
CanUpdateTask:=messageBox(Application.handle,
pchar(Format(String_TaskResult,[name,AttachedNum,(Time2-Time1)/1000])),
pchar(String_TaskResultTitle),
MB_OK);
end else ///searchtimes=2
begin
Time1:=GetTickCount;
for i:=0 to TempSize-1 do
begin
Application.ProcessMessages;
AddressMemStream.ReadBuffer(TempAddress,Sizeof(TempAddress));
if not ReadProcessMemory(ProcessHandle,pointer(TempAddress),@AdvancedReadMemory_Byte,1,actualread) then continue;
MemoryFileStream.Read(AdvancedReadFile_Byte,1);
//////_+++++//////////////////////////
if scantype=Increased_Scan then
begin
if AdvancedReadMemory_Byte>AdvancedReadFile_Byte then
begin
AddressMemStreamNew.WriteBuffer(TempAddress,Sizeof(TempAddress));
MemoryFileStreamNew.WriteBuffer(AdvancedReadMemory_Byte,1);
inc(AttachedNum);
end;
Continue;
end;
//////------//////////////////////////
if scantype=Decreased_Scan then
begin
if AdvancedReadMemory_Byte<AdvancedReadFile_Byte then
begin
AddressMemStreamNew.WriteBuffer(TempAddress,Sizeof(TempAddress));
MemoryFileStreamNew.WriteBuffer(AdvancedReadMemory_Byte,1);
inc(AttachedNum);
end;
Continue;
end;
//////!!!!!!!!!!!!!!//////////////////////////
if scantype=Changed_Scan then
begin
if AdvancedReadMemory_Byte<>AdvancedReadFile_Byte then
begin
AddressMemStreamNew.WriteBuffer(TempAddress,Sizeof(TempAddress));
MemoryFileStreamNew.WriteBuffer(AdvancedReadMemory_Byte,1);
inc(AttachedNum);
end;
Continue;
end;
/////==============///////////////////////
if scantype=UnChanged_Scan then
begin
if AdvancedReadMemory_Byte=AdvancedReadFile_Byte then
begin
AddressMemStreamNew.WriteBuffer(TempAddress,Sizeof(TempAddress));
MemoryFileStreamNew.WriteBuffer(AdvancedReadMemory_Byte,1);
inc(AttachedNum);
end;
Continue;
end;
end;//for end
NowProcess:=totalProcess;
Time2:=GetTickCount;
CanUpdateTask:=MessageBox(Application.handle,
pchar(Format(String_TaskResult,[name,AttachedNum,(Time2-Time1)/1000])),
pchar(String_TaskResultTitle),
MB_OK);
AddressMemStream.Clear;
AddressMemStream.CopyFrom(AddressMemStreamNew,0);
end; //esle end
CopyFile(pchar(MemoryFileNameNew),pchar(MemoryFileName),FALSE);
FreeAndNIl(MemoryFileStream);
FreeAndNIl(MemoryFileStreamNew);
end; ////if VarType=LowLevel_value
FreeAndNil(AddressMemStreamNew);
closehandle(ProcessHandle);
InSearchProcess:=False;
end;//with scan end;
end;
//////读取某一进程256字节的指定内容///////////////////////////////////////////////////////
Function ReadMemory_Array(theProcessID,StartAddress:DWORD):boolean;
var k:integer;
thehandle:Thandle;
ReadByte:Byte;
ActualRead:Dword;
begin
Result:=True;
thehandle:=OpenProcess(PROCESS_ALL_ACCESS,False,theProcessID);
if thehandle<>0 then
begin
for k:=1 to 256 do
begin
MemReadData[k]:=-999; /// mean error
ActualRead:=0;
if ReadProcessMemory(theHandle,Pointer((StartAddress+k-1)),Addr(ReadByte),1,Actualread)then
begin
if (Actualread=1) then MemReadData[k]:=ReadByte;
end ;
end;
end else Result:=False;
Closehandle(thehandle);
end;
/////////////////////////////////////////////////////
Function ReadMemory(theProcessID,StartAddress:Dword;ValueAddressPointer:Pointer;ValueType:Integer):boolean;
var thehandle:Thandle;
ActualRead:Dword;
ValueLen:integer;
begin
Result:=True;
case ValueType of
Byte_value:ValueLen:=1;
Word_value:ValueLen:=2;
Dword_value:ValueLen:=4;
Int64_value:ValueLen:=8;
Single_value:ValueLen:=4;
Double_value:ValueLen:=8;
String_Value:ValueLen:=16;
else ValueLen:=1;
end; ///case end;
thehandle:=OpenProcess(PROCESS_ALL_ACCESS,False,theProcessID);
if thehandle<>0 then
begin
Result:=ReadProcessMemory(theHandle,Pointer(StartAddress),ValueAddressPointer,ValueLen,Actualread);
//if Actualread<>ValueLen then MemReadByte:=0; /// mean error
end else Result:=False;
Closehandle(thehandle);
end;
////////////写内存////////////////////////////////////////////////
Function WriteMemory(theProcessID,StartAddress:Dword;ValueAddressPointer:Pointer;ValueType,ValueLen:Integer):boolean;
var thehandle:Thandle;
ActualWrite:Dword;
begin
Result:=True;
{
case ValueType of
Byte_value:ValueLen:=1;
Word_value:ValueLen:=2;
Dword_value:ValueLen:=4;
Int64_value:ValueLen:=8;
Single_value:ValueLen:=4;
Double_value:ValueLen:=8;
String_Value:ValueLen:=16;
else ValueLen:=1;
end; ///case end;
}
thehandle:=OpenProcess(PROCESS_ALL_ACCESS,False,theProcessID);
if thehandle<>0 then
begin
WriteProcessMemory(theHandle,Pointer(StartAddress),ValueAddressPointer,ValueLen,ActualWrite);
if ActualWrite<>ValueLen then Result:=False; /// mean error
end else Result:=False;
Closehandle(thehandle);
end;
////////////////////////////////////////////////////////////
///////////////////////////////////////////////////
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -