delphi 内存截取字符串
使用内存读取函数:ReadProcessMemory
procedure TForm1.Button2Click(Sender: TObject);
var
hProcess,iRead:Cardinal;
hgl:HGLOBAL;
Buffer: Pointer;
begin
memo1.Text :=''; //清空memo1.text中内容
GetMem(Buffer,1024); //申请内存空间1024字节用来存放字符串
// 我这里就使用自己进程来做演示了,如果是木马需要获取游戏进程的PID
hProcess := OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_OPERATION Or PROCESS_VM_READ Or PROCESS_VM_WRITE, false, GetCurrentProcessId);
// 读取内存字符串
if ReadProcessMemory(hProcess,Pointer($00148148),Buffer,1024,iRead) then
memo1.Lines.Add('Edit1.txt中的内容为:'+PChar(Buffer));
if ReadProcessMemory(hProcess,Pointer($00148180),Buffer,1024,iRead) then
memo1.Lines.Add('Edit2.txt中的内容为:'+PChar(Buffer));
// 释放资源
FreeMem(Buffer,1024);
end;
procedure TForm1.Button2Click(Sender: TObject);
var
hProcess,iRead:Cardinal;
hgl:HGLOBAL;
Buffer: Pointer;
begin
memo1.Text :=''; //清空memo1.text中内容
GetMem(Buffer,1024); //申请内存空间1024字节用来存放字符串
// 我这里就使用自己进程来做演示了,如果是木马需要获取游戏进程的PID
hProcess := OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_OPERATION Or PROCESS_VM_READ Or PROCESS_VM_WRITE, false, GetCurrentProcessId);
// 读取内存字符串
if ReadProcessMemory(hProcess,Pointer($00148148),Buffer,1024,iRead) then
memo1.Lines.Add('Edit1.txt中的内容为:'+PChar(Buffer));
if ReadProcessMemory(hProcess,Pointer($00148180),Buffer,1024,iRead) then
memo1.Lines.Add('Edit2.txt中的内容为:'+PChar(Buffer));
// 释放资源
FreeMem(Buffer,1024);
end;
推荐分享
图文皆来源于网络,内容仅做公益性分享,版权归原作者所有,如有侵权请告知删除!
Copyright © 2014 DelphiW.com 开发 源码 文档 技巧 All Rights Reserved
晋ICP备14006235号-8 晋公网安备 14108102000087号
执行时间: 0.03502893447876 seconds