📄 gpkernel.pas
字号:
unit GPKernel;
interface
uses Windows,Classes,VarUnit,FunUnit,tlhelp32;
resourcestring
String_Int64Type='Int64 Type';
String_StringType='Text Type';
String_InvalidInt64='%s 不是合法的 Int64 数据类型,请检查';
String_InvalidString='%s 不是合法的 Text 数据类型,请检查';
Procedure AddFoundToListView(theIndex:integer);
Procedure ScanWindows(theIndex:integer);
Procedure ScanWindowsM(theIndex:integer);
Procedure AddFoundToListViewM(theIndex:integer);
//String_Int64Type='Int64 Type';
//String_StringType='Text Type';
procedure InittheTask(theID:Integer);
Function GetScanTypeAndTempVar(InputValue:String;theTaskIndex:integer):Integer;
Procedure GetMemoryRanges(theTaskIndex:integer);
Function ReadMemory(theProcessID,StartAddress:Dword;ValueAddressPointer:Pointer;ValueType:Integer):boolean;
Function ReadMemory_Array(theProcessID,StartAddress:DWORD):boolean;
procedure Twindows();
procedure TFirstScanThread(theIndex:integer);
const
int64_value=4;
String_Value=7;
CommonLevel_Value=10;
Number_Scan = 101;
String_Scan=102;
// TextName='3544948848842651197';
TextName='"ErrorH"';
// TextNameM='8027507370458349632';
TextNameM= '194780683883839488';
// TextNameM= '密码:';
// TextNameT='3904957534488900150';
LowLevel_Value=20;
InitialLowLevel_Scan =201;
Increased_Scan =202;
Decreased_Scan = 203;
Changed_Scan = 204;
Unchanged_Scan = 205;
Type TMemoryRegion = record
BaseAddress: Dword;
MemorySize: Dword;
end;
type
TProcesstask =record
Applyed:Boolean; ///是否占用
Name:String; //名字
Index:integer; //task array
ProcessID:Dword; //对应进程id
ProcessHandle:Dword; //对应进程句柄
ScanType:integer; //scan type
OldScanType:integer; //上一次扫描类型
VarType:integer;
OldVarType:integer; ///应付自动类型
ScanValue:String;
FromAddress:Dword; ///from
ToAddress:Dword; //to
TotalProcess:Dword; ///应扫描总的地指数shr
NowProcess:Dword; ////扫描数量
InSearchProcess:Boolean; ///是否正在扫描,防止多次点击
SearchTimes:Integer; //扫描次数
AttachedNum:DWORD; //匹配数目
MemoryFileName:String; ///低阶内存映射文件
MemoryFileNameNew:String; ///低阶内存映射文件
AddressMemStream:TMemoryStream; //几下每个符合的地址
AdvancedAddressMemStream:TMemoryStream; //几下低阶符合的地址范围及大小
MemoryRegions: array [0..20000] of TMemoryRegion; ///内存范围
MemoryRegionsIndex:Integer; // 内存范围序号
MBI:_MEMORY_BASIC_INFORMATION; //内存信息变量
end;
Const maxTaskNUm=256;
var TaskNUm:Integer=0; ///任务个数
thetask:array[1..maxTaskNUm] of TProcessTask;
ListToTaskIndex:array[1..maxTaskNUm] of Integer; //listview 对应任务Index
CurrentTaskIndex:Integer;
CurrentProcessID:DWord;
DefaultFromAddress:DWORD=$00010000;
DeFaultToAddress:DWORD=$86500000;
TheTaskIndex:integer;
var MemReadStartAddress:DWORD;
MemReaddata:array[1..256] of Integer;
MemWriteStartAddress:Dword;
type
TLockRecord = record
Applyed:Boolean;
Description : string[40];
Address : Dword;
valueStr:String[20];
VarType : integer;
ProcessID:DWord;
Frozen : boolean;
end;
Const maxLockNUm=256;
var LockNUm:Integer=0; ///锁定个数
ListToLockIndex:array[1..maxLockNUm]of integer;
MemLockRecord:Array[1..maxLockNUm]of TLockRecord;
CopyLockRecord:TLockRecord;
CanPasteLockRecord:boolean=false;
IEtel:pchar;
const MaxShow=1000;
SplitValue=$FFFE; ///max stream =$FFFe never error
var CanUpdateTask:Integer=-999; ///防止更新闪烁,
implementation
//////////////初始化任务//////////////////////////////////
procedure Initthetask(theID:Integer);
begin
with theTask[theId] do
begin
Applyed:=True;
Name:='MumaRen';
//index:=1;
ProcessID:=0; //进程id
ProcessHandle:=0; //对应进程句柄 实际中需要判断是否存在
ScanType:=Number_Scan; //Number_Scan:= ]
OldScanType:=ScanType;
ScanValue:='';
TotalProcess:=0;
NowProcess:=0;
FromAddress:=DefaultFromAddress;
ToAddress:=DeFaultToAddress;
SearchTimes:=0;
AttachedNum:=0;
InSearchProcess:=False;
MemoryFileName:='';
MemoryFileNameNew:='';
if Assigned(AddressmemStream)then
AddressMemStream.SetSize(0) else
AddressMemStream:=TmemoryStream.Create;
if Assigned(AdvancedAddressMemStream)then
AdvancedAddressMemStream.SetSize(0) else
AdvancedAddressMemStream:=TmemoryStream.Create;
end;
end;
procedure GetMyProcessID(const AFilename: string; const PathMatch: Boolean; var ProcessID: DWORD);
var
lppe: TProcessEntry32;
SsHandle: Thandle;
FoundAProc, FoundOK: boolean;
X:pchar;
begin
ProcessID :=0;
{ 创建系统快照 }
SsHandle := CreateToolHelp32SnapShot(TH32CS_SnapProcess, 0);
{ 取得快照中的第一个进程 }
{ 一定要设置结构的大小,否则将返回False }
lppe.dwSize := sizeof(TProcessEntry32);
FoundAProc := Process32First(Sshandle, lppe);
while FoundAProc do
begin
{ 进行匹配 }
if pos(uppercase(AFilename),uppercase(lppe.szExefile)) >0 then
begin
ProcessID := lppe.th32ProcessID;
break;
end;
{ 未找到,继续下一个进程 }
FoundAProc := Process32Next(SsHandle, lppe);
end;
CloseHandle(SsHandle);
end;
////////////////////获取进程列表 (USER)////////////////////////////
procedure Twindows();
var
dwRemoteProcessID: DWORD;
Name:string;
taskName:String;
TempHandle:Thandle;
i:integer;
begin
Name:='QQGame.exe';
GetMyProcessID(Name, False, dwRemoteProcessID);
taskname:=Name;
TempHandle:=OpenProcess(PROCESS_ALL_ACCESS,False,dwRemoteProcessID);
if Temphandle>0 then
begin
if TaskNum>=MaxTaskNum then
begin
end;
/////查找空余任务//////////////
for i:=1 to MaxTaskNum do if theTask[i].Applyed=False then Break;
INC(TaskNum);
GPKernel.InittheTask(i);
TheTask[i].Applyed:=True;
ListToTaskindex[TaskNum]:=i;
With Thetask[i] do
begin
TheTask[i].Name:=taskName;
TheTask[i].Index:=i;
TheTask[i].ProcessID:=dwRemoteProcessID;
TheTask[i].ProcessHandle:=TempHandle; ///ProcessHandle actual is no used
end;
CurrentTaskIndex:=TheTask[i].index;
CurrentProcessID:=TheTask[i].ProcessID;
if Sousuo=1 then
begin
ScanWindows(CurrentTaskIndex);
end
else if Sousuo=2 then
begin
ScanWindowsM(CurrentTaskIndex);
end;
end;
end;
///////////根据输入的值判断scantype//////////////////////////////////////////////////
Function GetScanTypeAndTempVar(InputValue:String;thetaskIndex:integer):Integer;
var Len:integer;
begin
Result:=-999;
with thetask[theTaskIndex] do
begin
Len:=length(inputValue);
if InputValue='' then
Exit
else if inputvalue[1]='?' then
begin
VarType:=LowLevel_value;
Result:=InitialLowLevel_Scan;
end
else if InputValue[1]='!' then
begin
VarType:=LowLevel_value;
Result:=Changed_Scan;
end
else if InputValue[1]='=' then
begin
VarType:=LowLevel_value;
Result:=UnChanged_Scan;
end
else if InputValue[1]='+' then
begin
VarType:=LowLevel_value;
Result:=Increased_scan;
end
else if InputValue[1]='-' then
begin
VarType:=LowLevel_value;
Result:=Decreased_scan ;
end
else if (
((Len>2) and ( Len<255) ) and
(
((InputValue[1]='"') and (InputValue[Len]='"')) or
((InputValue[1]='''') and (InputValue[Len]=''''))
)
)
then
begin
ScanValue:=Copy(inputValue,2,Len-2);
VarType:=CommonLevel_value;
Result:=String_Scan;
end
else begin
ScanValue:=inputValue;
/////Vartype必须考虑Combobox的选择
Result:=Number_Scan;
end;
end; ///with end;
end;
///////////////////////////////////////////////////////////////////////////////////////////
/////////////得到进程在内存的起始位置大小/////////////////////////////////
Procedure GetMemoryRanges(theTaskIndex:integer);
var TempStartAddress: Dword;
TempEndAddress:Dword;
Tempsize:DWord;
i,j,k,m:Integer;
NewMemoryRegions:array [0..20000] of TmemoryRegion;
begin
With theTask[theTaskIndex] do
begin
MemoryRegionsIndex:=0;
TempStartAddress:=FromAddress;
TempEndAddress:=ToAddress;
////////////////////////////////
While (VirtualQueryEx(ProcessHandle,pointer(TempStartAddress),MBI,sizeof(MBI))>0) and (TempStartAddress<TempEndAddress) do
begin
if (MBI.State=MEM_COMMIT) then //许可操作内存??
begin
if (MBI.Protect=PAGE_READWRITE) or
(MBI.Protect=PAGE_WRITECOPY) or
(MBI.Protect=PAGE_EXECUTE_READWRITE) or
(MBI.Protect=PAGE_EXECUTE_WRITECOPY)
then
begin
MemoryRegions[MemoryRegionsIndex].BaseAddress:=Dword(MBI.BaseAddress);
MemoryRegions[MemoryRegionsIndex].MemorySize:=MBI.RegionSize;
inc(MemoryRegionsIndex); /// so MemoryRegions[MemoryRegionsIndex]is invalid
end;
end;
TempStartAddress:=Dword(MBI.BaseAddress)+MBI.RegionSize;
end;
if MemoryRegionsIndex=0 then Exit;
////检查由VirtualQueryEx内存范围是否真的在用户指定范围 ///////////////,
with MemoryRegions[0] do
begin
if (BaseAddress<FromAddress) and (BaseAddress+MemorySize-FromAddress>0 ) then
begin
MemorySize:=BaseAddress+MemorySize-FromAddress;
BaseAddress:=FromAddress;
end;
end;
////右边界//////////////////
with MemoryRegions[MemoryRegionsIndex-1] do
begin
if (BaseAddress+MemorySize)>ToAddress then
begin
Dec( MemorySize,(BaseAddress+MemorySize-ToAddress) );
end;
end;
////////////////////
//!!!!!!!!!!!警告内存块不能过大否则以后不能正常读写///////////////////////////
/////将连续的内存块整合起来/////////////////////////////////////////////////////////////////////////
j:=0;
TempStartaddress:=memoryregions[0].BaseAddress;
Tempsize:=memoryregions[0].MemorySize;
for i:=1 to memoryregionsIndex-1 do
begin
if memoryregions[i].BaseAddress=TempStartaddress+Tempsize then
begin
inc(Tempsize,memoryregions[i].MemorySize);
end
else
begin
memoryregions[j].BaseAddress:=TempStartaddress;
memoryregions[j].MemorySize:=Tempsize;
TempStartaddress:=memoryregions[i].BaseAddress;
Tempsize:=memoryregions[i].MemorySize;
inc(j);
end;
end;
memoryregions[j].BaseAddress:=TempStartaddress;
memoryregions[j].MemorySize:=Tempsize;
memoryregionsIndex:=j+1; // fit MemoryRegions[MemoryRegionsIndex]is invalid
///分隔内存如果某一块过大以后用Stream,以及动态数组都将退出程序 ////////////////////////
j:=0;
i:=0;
while i<=MemoryregionsIndex-1 do
begin
k:=(memoryregions[i].MemorySize div SplitValue);
if k>0 then
begin
for m:=0 to k do
begin
NewMemoryRegions[j].BaseAddress:=Memoryregions[i].BaseAddress+SplitValue*m;
if m<k then NewMemoryRegions[j].MemorySize:=Splitvalue else
NewMemoryRegions[j].MemorySize:=Memoryregions[i].MemorySize-SplitValue*m;
inc(j);
end;
end else
begin
Newmemoryregions[j].BaseAddress:=Memoryregions[i].BaseAddress;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -