MemorySearch内存搜索工具资源-CSDN文库

共27个文件

txt：6个

pas：4个

dcu：4个

4星 · 超过85%的资源需积分: 50 185 浏览量 2012-07-23 14:24:36 上传评论 1 收藏 556KB RAR 举报

内存搜索工具 unit UnitMemorySearch; interface uses tlhelp32,strutils, Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, Dialogs, StdCtrls, ComCtrls, Buttons, ExtCtrls; type TFrmMemory = class(TForm) ListAdress: TListBox; BtnFirst: TButton; BtnNext: TButton; Label1: TLabel; Edvalue1: TEdit; Label2: TLabel; ComMod: TComboBox; Label3: TLabel; Edvalue2: TEdit; Label4: TLabel; Edname: TEdit; Label5: TLabel; ComTypes: TComboBox; Label6: TLabel; stList: TListBox; Button1: TButton; ProgressBar1: TProgressBar; Edit1: TEdit; Label7: TLabel; BitBtn1: TBitBtn; Labpro: TLabel; Label8: TLabel; Listgetadr: TListBox; BtnAdd: TButton; Label9: TLabel; Edread: TEdit; Label10: TLabel; Edwrite: TEdit; Label11: TLabel; BtnWrite: TButton; BtnRead: TButton; Label12: TLabel; LabTime: TLabel; BtnSave: TButton; ListVal: TListBox; BtnAddVal1: TButton; BtnAddval2: TButton; BtnDelete: TButton; BtnSaveVal: TButton; BtnRAdd: TButton; Timer1: TTimer; CheckBox1: TCheckBox; BtnProset: TButton; labDebug: TLabel; ListTask: TListBox; BtnDelTask: TButton; BtnAddTask: TButton; Label13: TLabel; Label14: TLabel; Label15: TLabel; Label16: TLabel; ComTask: TComboBox; EdTaskAdr: TEdit; EdTaskVal: TEdit; Label17: TLabel; BtnResume: TButton; BtnRun: TButton; BtnTaskSave: TButton; Label18: TLabel; procedure BtnFirstClick(Sender: TObject); function GetmemoryValue(i,vsize:integer):integer; function FindAdress(trvalue,olvalue:integer):boolean; function FindAdress1(trvalue,olvalue:integer):boolean; procedure BtnNextClick(Sender: TObject); procedure Button1Click(Sender: TObject); procedure BitBtn1Click(Sender: TObject); procedure ComModChange(Sender: TObject); procedure ListAdressDblClick(Sender: TObject); procedure BtnAddClick(Sender: TObject); procedure BtnReadClick(Sender: TObject); procedure BtnWriteClick(Sender: TObject); procedure ListAdressClick(Sender: TObject); procedure ListgetadrClick(Sender: TObject); procedure BtnSaveClick(Sender: TObject); procedure FormCreate(Sender: TObject); procedure BtnAddVal1Click(Sender: TObject); procedure BtnDeleteClick(Sender: TObject); procedure BtnSaveValClick(Sender: TObject); procedure BtnAddval2Click(Sender: TObject); procedure ListValClick(Sender: TObject); procedure ListValDblClick(Sender: TObject); procedure BtnRAddClick(Sender: TObject); procedure Timer1Timer(Sender: TObject); procedure CheckBox1Click(Sender: TObject); procedure BtnProsetClick(Sender: TObject); procedure SetCase; procedure BtnDelTaskClick(Sender: TObject); procedure BtnAddTaskClick(Sender: TObject); procedure BtnRunClick(Sender: TObject); procedure BtnResumeClick(Sender: TObject); procedure BtnTaskSaveClick(Sender: TObject); private { Private declarations } public prohand,ProID:HWND; SmodSize:integer; minadr,maxadr:int64; { Public declarations } end; var searchTime:integer=0; mb,p:^char; FrmMemory: TFrmMemory; BaseAdr:int64=$00400000; oldvalue,value,value2,Casei:integer;

资源推荐

资源详情

资源评论

收起资源包目录

MemorySearch.rar （27个子文件）

MemorySearch

Project2.exe 391KB

ProjectMemorySearch.exe 470KB

UnitProlist.ddp 51B

UnitProlist.pas 2KB

Unit1.dcu 4KB

UnitMemorySearch.pas 22KB

UnitMemorySearch.dfm 14KB

UnitProcedure.pas 4KB

ProjectMemorySearch.cfg 434B

NEXTCLICK.txt 1KB

search.txt 3KB

SaveAdress.txt 70B

ProjectMemorySearch.res 876B

ListTask.txt 26B

UnitSet.pas 3KB

Project1.exe 384KB

UnitSet.dcu 7KB

Listval.txt 14B

UnitProlist.dcu 6KB

ProjectMemorySearch.dof 2KB

UnitSet.dfm 3KB

ProjectMemorySearch.dpr 417B

成功文件存档1.txt 11KB

UnitProlist.dfm 1KB

UnitMemorySearch.ddp 51B

UnitSet.ddp 51B

UnitMemorySearch.dcu 27KB

unit UnitMemorySearch; interface uses tlhelp32,strutils, Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, Dialogs, StdCtrls, ComCtrls; type TFrmMemory = class(TForm) ListAdress: TListBox; BtnFirst: TButton; BtnNext: TButton; Label1: TLabel; Edvalue1: TEdit; Label2: TLabel; ComMod: TComboBox; Label3: TLabel; Edvalue2: TEdit; Label4: TLabel; Edname: TEdit; Label5: TLabel; ComTypes: TComboBox; Label6: TLabel; stList: TListBox; Button1: TButton; ProgressBar1: TProgressBar; Edit1: TEdit; Label7: TLabel; procedure BtnFirstClick(Sender: TObject); function GetmemoryValue(i,vsize:integer):integer; function FindAdress(trvalue,olvalue:integer):boolean; procedure BtnNextClick(Sender: TObject); procedure Button1Click(Sender: TObject); procedure ListAdressClick(Sender: TObject); private { Private declarations } public { Public declarations } end; var lnowindex:integer; mb,p:^char; FrmMemory: TFrmMemory; BaseAdr:int64=$00400000; oldvalue:integer; implementation uses unit1; {$R *.dfm} procedure RunPro; var i:integer; begin for i:=0 to 100 do begin frmmemory.ProgressBar1.Position:=i; sleep(5); end; frmmemory.ProgressBar1.Position:=0; end; {//////////////////////GetmemoryValue} function TFrmMemory.GetmemoryValue(i,vsize:integer):integer; var byte1,byte2,byte3,byte4:char; TrueValue:integer; begin if vsize=1 then begin p:=mb; inc(p,i); result:=integer(P^); end else if vsize=2 then begin p:=mb; inc(p,i); byte1:=p^; inc(p); byte2:=p^; TrueValue:=integer(byte1)+integer(byte2)*16*16; result:=TrueValue ; end else if vsize=4 then begin p:=mb; inc(p,i); byte1:=p^; inc(p); byte2:=p^; inc(p); byte3:=p^; inc(p); byte4:=p^; TrueValue:=integer(byte1)+integer(byte2)*16*16; TrueValue:=TrueValue+integer(byte3)*16*16*16*16; TrueValue:=TrueValue+integer(byte4)*16*16*16*16*16*16; result:=TrueValue; end; end; ///////////////////////////////////////////////////////////// function TFrmMemory.FindAdress(Trvalue,Olvalue:integer):boolean;{findadress} var value,value2:integer; isstr:string; begin result:=false; value:=strtoint(edvalue1.Text ); value2:=strtoint(edvalue2.Text ); if commod.Text ='精确值'then begin if trvalue=value then result:=true; end else if commod.Text ='大于'then begin if trvalue>value then result:=true; end else if commod.Text ='小于'then begin if trvalue<value then result:=true; end else if commod.Text ='增加'then begin if trvalue>olvalue then result:=true; end else if commod.Text ='减少'then begin if trvalue<olvalue then result:=true; end else if commod.Text ='increased by'then begin if trvalue>olvalue then result:=true; end else if commod.Text ='decreased by'then begin if trvalue<olvalue then result:=true; end else if commod.Text ='between'then begin isstr:= edvalue2.Text; if trim(isstr) =''then exit; if (trvalue>value) and (trvalue<value2) then result:=true; end ; end;{end findadress} ////////////////////////////////////////////////////////////////// //通过EXE文件名获得指定可执行文件的进程ID function FindProcessID(sName:string):THandle; var csH:THandle; ps:TProcessEntry32; iFlag:byte; b:boolean; begin iFlag := 0; result := 0; csH := tlHelp32.CreateToolhelp32Snapshot(TH32CS_SNAPALL,0); ps.dwSize := sizeof(TProcessEntry32); try b := tlHelp32.Process32First(csh,ps); if b then begin while tlHelp32.Process32Next(csH,ps) do begin if pos(sName,strpas(ps.szExeFile)) > 0 then begin result := ps.th32ProcessID; //showmessage(inttostr(result)+' '+inttostr(ps.th32ParentProcessID )+' '+inttostr(ps.cntThreads) ) ; exit; end; end; end; finally closeHandle(csH); end; end;{end function FindProcessID} procedure TFrmMemory.BtnFirstClick(Sender: TObject); var Fname,isv:string; ass,i:integer; ProID,ProHand:HWND; siz:Cardinal; byte1,byte2,byte3,byte4:char; TrueValue,value:integer; begin isv:=edvalue1.Text; trim(isv); if isv='' then exit; value:=strtoint(edvalue1.Text ); // showmessage(inttostr(value)); Fname:=edname.Text ; BaseAdr:=$00400000; //////////// /////////////////////////////// if btnfirst.Caption ='BtnFirst' then begin btnfirst.Caption :='NewSet'; btnnext.Enabled :=True; end else begin listadress.Clear ; btnnext.Enabled :=False; btnfirst.Caption :='BtnFirst'; exit; end; //////////////////////////////// ///////////// //BaseAdr:=$00400000; 2143289344 Proid:=findprocessid(fname); prohand:=openprocess($1F0FFF,false,proID); if Prohand=0 then exit; try listadress.Clear ; btnfirst.Enabled :=false; mb:=AllocMem(9000000); while BaseAdr<$7FFFFFFF do begin readProcessMemory(prohand, pointer(Baseadr),mb,9000000,siz); if siz>0 then begin p:=mb; // inc(p,89990); // listadress.Items.Add(inttohex(baseadr,8)+'--'+inttostr(byte(p^))); byte1:=p^; inc(p); byte2:=p^; inc(p); byte3:=p^; inc(p); byte4:=p^; TrueValue:=integer(byte1)+integer(byte2)*16*16; TrueValue:=TrueValue+integer(byte3)*16*16*16*16; TrueValue:=TrueValue+integer(byte4)*16*16*16*16*16*16; if truevalue=value then listadress.Items.Add(inttohex(baseadr,8)+' '+inttostr(Truevalue)); // findadress(siz); for i:=1 to 8999999 do begin byte1:=byte2; byte2:=byte3; byte3:=byte4; inc(p); byte4:=p^; TrueValue:=integer(byte1)+integer(byte2)*16*16; TrueValue:=TrueValue+integer(byte3)*16*16*16*16; TrueValue:=TrueValue+integer(byte4)*16*16*16*16*16*16; if truevalue=value then listadress.Items.Add(inttohex(baseadr+i,8)+' '+inttostr(Truevalue)); end; end; BaseAdr:=BaseAdr+9000000; { inc(p,88888); ass:=byte(p^); listadress.Items.Add(inttostr(ass)); listadress.Items.Add(inttohex(baseadr,8)+'_____ '+inttostr(siz));} end; finally freemem(mb,9000000); closehandle(Prohand); label7.Caption:='搜索到记录：'+inttostr(listadress.Count); runpro; oldvalue:=value; btnfirst.Enabled:=True; end; end; //////NEXT 查找事件代码！！！！！！！！！！！！！ procedure TFrmMemory.BtnNextClick(Sender: TObject); var Fname,isv:string; oldadress,fi:int64; TrueValue,i,value1,i2,i3:integer; byte1,byte2,byte3,byte4:char; ProID,ProHand:HWND; siz:Cardinal; begin isv:=edvalue1.Text; trim(isv); if isv='' then exit; value1:=strtoint(edvalue1.Text ); //showmessage(inttostr(value1)); Fname:=edname.Text ; stlist.Items.Clear; BaseAdr:=$00400000;// 2143289344 Proid:=findprocessid(fname); prohand:=openprocess($1F0FFF,false,proID); if Prohand=0 then exit; try btnfirst.Enabled :=false; mb:=AllocMem(9000000); i3:=listadress.Count-1; readProcessMemory(prohand, pointer(Baseadr),

评论收藏

内容反馈