BOOL WriteProcessMemory( HANDLE hProcess, // 进程的句柄(可由OpenProcess函数返回) LPVOID lpBaseAddress, // 进程地址 LPVOID lpBuffer, //数据当前存放地址 DWORD nSize, //数据的长度 LPDWORD lpNumberOfBytesWritten //指定要写入的数据类型 ); //返回值:非零值代表成功
用法如下:
var
h:HWND;
tid,hProcess:Thandle;
Calladdr:Pointer;
writeByte:DWORD;
begin
h:=findwindow(nil,'Element Client');
windows.GetWindowThreadProcessId(h,tid);
hProcess:=windows.OpenProcess(windows.PROCESS_ALL_ACCESS,false,tid);
//在游戏进程里分配内存空间
Calladdr:=VirtualAllocEx(hProcess,nil,windows.MAX_PATH,windows.MEM_COMMIT OR windows.MEM_RESERVE,windows.PAGE_EXECUTE_READWRITE);
//在游戏内存空间里写入代码
WriteProcessMemory(hProcess,Calladdr,@sitCall,MAX_PATH,writeByte);
//调用远程代码
CreateRemoteThread(hProcess,nil,0,Calladdr,nil,0,writeByte);
VirtualFreeEx(hProcess,nil,windows.MAX_PATH,windows.MEM_COMMIT OR windows.MEM_RESERVE);
end;
