unit UnitMemorySearch;
interface
uses
tlhelp32,strutils,
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ComCtrls;
type
TFrmMemory = class(TForm)
ListAdress: TListBox;
BtnFirst: TButton;
BtnNext: TButton;
Label1: TLabel;
Edvalue1: TEdit;
Label2: TLabel;
ComMod: TComboBox;
Label3: TLabel;
Edvalue2: TEdit;
Label4: TLabel;
Edname: TEdit;
Label5: TLabel;
ComTypes: TComboBox;
Label6: TLabel;
stList: TListBox;
Button1: TButton;
ProgressBar1: TProgressBar;
Edit1: TEdit;
Label7: TLabel;
procedure BtnFirstClick(Sender: TObject);
function GetmemoryValue(i,vsize:integer):integer;
function FindAdress(trvalue,olvalue:integer):boolean;
procedure BtnNextClick(Sender: TObject);
procedure Button1Click(Sender: TObject);
procedure ListAdressClick(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
lnowindex:integer;
mb,p:^char;
FrmMemory: TFrmMemory;
BaseAdr:int64=$00400000;
oldvalue:integer;
implementation
uses unit1;
{$R *.dfm}
procedure RunPro;
var
i:integer;
begin
for i:=0 to 100 do
begin
frmmemory.ProgressBar1.Position:=i;
sleep(5);
end;
frmmemory.ProgressBar1.Position:=0;
end;
{//////////////////////GetmemoryValue}
function TFrmMemory.GetmemoryValue(i,vsize:integer):integer;
var
byte1,byte2,byte3,byte4:char;
TrueValue:integer;
begin
if vsize=1 then
begin
p:=mb;
inc(p,i);
result:=integer(P^);
end
else if vsize=2 then
begin
p:=mb;
inc(p,i);
byte1:=p^;
inc(p);
byte2:=p^;
TrueValue:=integer(byte1)+integer(byte2)*16*16;
result:=TrueValue ;
end
else if vsize=4 then
begin
p:=mb;
inc(p,i);
byte1:=p^;
inc(p);
byte2:=p^;
inc(p);
byte3:=p^;
inc(p);
byte4:=p^;
TrueValue:=integer(byte1)+integer(byte2)*16*16;
TrueValue:=TrueValue+integer(byte3)*16*16*16*16;
TrueValue:=TrueValue+integer(byte4)*16*16*16*16*16*16;
result:=TrueValue;
end;
end;
/////////////////////////////////////////////////////////////
function TFrmMemory.FindAdress(Trvalue,Olvalue:integer):boolean;{findadress}
var
value,value2:integer;
isstr:string;
begin
result:=false;
value:=strtoint(edvalue1.Text );
value2:=strtoint(edvalue2.Text );
if commod.Text ='精确值'then
begin
if trvalue=value then
result:=true;
end
else if commod.Text ='大于'then
begin
if trvalue>value then
result:=true;
end
else if commod.Text ='小于'then
begin
if trvalue<value then
result:=true;
end
else if commod.Text ='增加'then
begin
if trvalue>olvalue then
result:=true;
end
else if commod.Text ='减少'then
begin
if trvalue<olvalue then
result:=true;
end
else if commod.Text ='increased by'then
begin
if trvalue>olvalue then
result:=true;
end
else if commod.Text ='decreased by'then
begin
if trvalue<olvalue then
result:=true;
end
else if commod.Text ='between'then
begin
isstr:= edvalue2.Text;
if trim(isstr) =''then exit;
if (trvalue>value) and (trvalue<value2) then
result:=true;
end ;
end;{end findadress}
//////////////////////////////////////////////////////////////////
//通过EXE文件名获得指定可执行文件的进程ID
function FindProcessID(sName:string):THandle;
var
csH:THandle;
ps:TProcessEntry32;
iFlag:byte;
b:boolean;
begin
iFlag := 0;
result := 0;
csH := tlHelp32.CreateToolhelp32Snapshot(TH32CS_SNAPALL,0);
ps.dwSize := sizeof(TProcessEntry32);
try
b := tlHelp32.Process32First(csh,ps);
if b then
begin
while tlHelp32.Process32Next(csH,ps) do
begin
if pos(sName,strpas(ps.szExeFile)) > 0 then
begin
result := ps.th32ProcessID;
//showmessage(inttostr(result)+' '+inttostr(ps.th32ParentProcessID )+' '+inttostr(ps.cntThreads) ) ;
exit;
end;
end;
end;
finally
closeHandle(csH);
end;
end;{end function FindProcessID}
procedure TFrmMemory.BtnFirstClick(Sender: TObject);
var
Fname,isv:string;
ass,i:integer;
ProID,ProHand:HWND;
siz:Cardinal;
byte1,byte2,byte3,byte4:char;
TrueValue,value:integer;
begin
isv:=edvalue1.Text;
trim(isv);
if isv='' then exit;
value:=strtoint(edvalue1.Text );
// showmessage(inttostr(value));
Fname:=edname.Text ;
BaseAdr:=$00400000;
//////////// ///////////////////////////////
if btnfirst.Caption ='BtnFirst' then
begin
btnfirst.Caption :='NewSet';
btnnext.Enabled :=True;
end
else
begin
listadress.Clear ;
btnnext.Enabled :=False;
btnfirst.Caption :='BtnFirst';
exit;
end;
//////////////////////////////// /////////////
//BaseAdr:=$00400000; 2143289344
Proid:=findprocessid(fname);
prohand:=openprocess($1F0FFF,false,proID);
if Prohand=0 then exit;
try
listadress.Clear ;
btnfirst.Enabled :=false;
mb:=AllocMem(9000000);
while BaseAdr<$7FFFFFFF do
begin
readProcessMemory(prohand, pointer(Baseadr),mb,9000000,siz);
if siz>0 then
begin
p:=mb;
// inc(p,89990);
// listadress.Items.Add(inttohex(baseadr,8)+'--'+inttostr(byte(p^)));
byte1:=p^;
inc(p);
byte2:=p^;
inc(p);
byte3:=p^;
inc(p);
byte4:=p^;
TrueValue:=integer(byte1)+integer(byte2)*16*16;
TrueValue:=TrueValue+integer(byte3)*16*16*16*16;
TrueValue:=TrueValue+integer(byte4)*16*16*16*16*16*16;
if truevalue=value then listadress.Items.Add(inttohex(baseadr,8)+' '+inttostr(Truevalue));
// findadress(siz);
for i:=1 to 8999999 do
begin
byte1:=byte2;
byte2:=byte3;
byte3:=byte4;
inc(p);
byte4:=p^;
TrueValue:=integer(byte1)+integer(byte2)*16*16;
TrueValue:=TrueValue+integer(byte3)*16*16*16*16;
TrueValue:=TrueValue+integer(byte4)*16*16*16*16*16*16;
if truevalue=value then listadress.Items.Add(inttohex(baseadr+i,8)+' '+inttostr(Truevalue));
end;
end;
BaseAdr:=BaseAdr+9000000;
{ inc(p,88888);
ass:=byte(p^);
listadress.Items.Add(inttostr(ass));
listadress.Items.Add(inttohex(baseadr,8)+'_____ '+inttostr(siz));}
end;
finally
freemem(mb,9000000);
closehandle(Prohand);
label7.Caption:='搜索到记录:'+inttostr(listadress.Count);
runpro;
oldvalue:=value;
btnfirst.Enabled:=True;
end;
end;
//////NEXT 查找事件代码!!!!!!!!!!!!!
procedure TFrmMemory.BtnNextClick(Sender: TObject);
var
Fname,isv:string;
oldadress,fi:int64;
TrueValue,i,value1,i2,i3:integer;
byte1,byte2,byte3,byte4:char;
ProID,ProHand:HWND;
siz:Cardinal;
begin
isv:=edvalue1.Text;
trim(isv);
if isv='' then exit;
value1:=strtoint(edvalue1.Text );
//showmessage(inttostr(value1));
Fname:=edname.Text ;
stlist.Items.Clear;
BaseAdr:=$00400000;// 2143289344
Proid:=findprocessid(fname);
prohand:=openprocess($1F0FFF,false,proID);
if Prohand=0 then exit;
try
btnfirst.Enabled :=false;
mb:=AllocMem(9000000);
i3:=listadress.Count-1;
readProcessMemory(prohand, pointer(Baseadr),
没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
收起资源包目录
MemorySearch.rar (27个子文件)
MemorySearch
UnitMemorySearch.pas 22KB
UnitMemorySearch.dfm 14KB
Unit1.dcu 4KB
Listval.txt 14B
UnitMemorySearch.ddp 51B
ProjectMemorySearch.dpr 417B
Project1.exe 384KB
ProjectMemorySearch.dof 2KB
ProjectMemorySearch.cfg 434B
NEXTCLICK.txt 1KB
ListTask.txt 26B
UnitProlist.ddp 51B
search.txt 3KB
UnitMemorySearch.dcu 27KB
ProjectMemorySearch.res 876B
ProjectMemorySearch.exe 470KB
Project2.exe 391KB
UnitSet.pas 3KB
成功文件存档1.txt 11KB
UnitSet.dcu 7KB
UnitProlist.dfm 1KB
UnitProlist.dcu 6KB
UnitProlist.pas 2KB
SaveAdress.txt 70B
UnitProcedure.pas 4KB
UnitSet.ddp 51B
UnitSet.dfm 3KB
共 27 条
- 1
woairuanjian
- 粉丝: 2
- 资源: 17
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
- 1
- 2
- 3
前往页