|
|
发表于 2010-12-11 09:42:47
|
显示全部楼层
调用例子
$kernel32 = DllOpen('kernel32.dll')
$pid = Run(@ScriptDir & '\SRO_Client.exe 0 /4 1 0')
$mid = memopen($pid)
memwrite($mid, 0x65F33C, '8B0D5C79D3008B118B4214FFD05F83C410C3')
memclose($mid)
$kernel32 = DllOpen('kernel32.dll')
DllClose($kernel32)
相关函数
Func memopen($pid)
Local $mid = DllCall($kernel32, 'int', 'OpenProcess', 'int', 0x1F0FFF, 'int', 1, 'int', $pid)
Return $mid[0]
EndFunc ;==>memopen
Func memread($mid, $adress, $type = 'dword')
Local $struct = DllStructCreate($type)
DllCall($kernel32, 'int', 'ReadProcessMemory', 'int', $mid, 'int', $adress, 'ptr', DllStructGetPtr($struct), 'int', DllStructGetSize($struct), 'int', '')
Return DllStructGetData($struct, 1)
EndFunc ;==>memread
Func memwrite($mid, $adress, $hex)
Local $struct = DllStructCreate('byte[' & BinaryLen('0x' & $hex) & ']')
For $i = DllStructGetSize($struct) To 1 Step -1
DllStructSetData($struct, 1, BinaryMid('0x' & $hex, $i, 1), $i)
Next
Local $x = DllCall($kernel32, 'int', 'VirtualProtectEx', 'int', $mid, 'ptr', $adress, 'int', DllStructGetSize($struct), 'dword', 0x40, 'dword*', 0)
DllCall($kernel32, 'int', 'WriteProcessMemory', 'int', $mid, 'int', $adress, 'ptr', DllStructGetPtr($struct), 'int', DllStructGetSize($struct), 'int', 0)
DllCall($kernel32, 'int', 'VirtualProtectEx', 'int', $mid, 'ptr', $adress, 'int', DllStructGetSize($struct), 'dword', $x[5], 'dword*', 0)
EndFunc ;==>memwrite
Func memclose($mid)
DllCall($kernel32, 'int', 'CloseHandle', 'int', $mid)
EndFunc ;==>memclose |
|
|手机版|小黑屋|AUTOIT CN
( 鲁ICP备19019924号-1 )谷歌
百度
发表于 2010-12-10 20:54:11