捡物 call 代码注入
{
完整的捡物CALL
MOV ECX,[924E0C]
MOV ECX,[ECX+1C]
MOV ECX,[ECX+20]
CALL 00449BF0
}
procedure pick();stdcall;//捡物 call
begin
asm
MOV ECX,[$924E0C]
MOV ECX,[ECX+$1C]
MOV ECX,[ECX+$20]
MOV EBX,$00449BF0
CALL EBX
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
var
myHwnd: HWND;
pid, hProcess: Cardinal;
CallAddr: Pointer;
WriteCount: DWORD;
b: Boolean;
begin
myHwnd := FindWindow(NIL, 'Element Client');
if myHwnd = 0 then Exit;
GetWindowThreadProcessId(myHwnd, pid);
hProcess := OpenProcess(PROCESS_ALL_ACCESS, false, pid);
if hProcess = 0 then Exit;
CallAddr := VirtualAllocEx(hProcess, nil, MAX_PATH, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
b := WriteProcessMemory(hProcess, CallAddr, @pick, MAX_PATH, WriteCount);
if b then
CreateRemoteThread(hProcess, nil, 0, CallAddr, pointer(2), 0, WriteCount)
else
ShowMessage('写入失败');
VirtualFreeEx(hProcess, CallAddr, MAX_PATH, MEM_COMMIT or MEM_RESERVE);
end
begin
asm
MOV ECX,[$924E0C]
MOV ECX,[ECX+$1C]
MOV ECX,[ECX+$20]
MOV EBX,$00449BF0
CALL EBX
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
var
myHwnd: HWND;
pid, hProcess: Cardinal;
CallAddr: Pointer;
WriteCount: DWORD;
b: Boolean;
begin
myHwnd := FindWindow(NIL, 'Element Client');
if myHwnd = 0 then Exit;
GetWindowThreadProcessId(myHwnd, pid);
hProcess := OpenProcess(PROCESS_ALL_ACCESS, false, pid);
if hProcess = 0 then Exit;
CallAddr := VirtualAllocEx(hProcess, nil, MAX_PATH, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
b := WriteProcessMemory(hProcess, CallAddr, @pick, MAX_PATH, WriteCount);
if b then
CreateRemoteThread(hProcess, nil, 0, CallAddr, pointer(2), 0, WriteCount)
else
ShowMessage('写入失败');
VirtualFreeEx(hProcess, CallAddr, MAX_PATH, MEM_COMMIT or MEM_RESERVE);
end
附件列表
