自己写个调用改写内存保护!
varAder, Szy: DWORD;
N1,N2: DWORD;
function APILoader(): DWORD;
var
NTDLL: THandle;
Address: Pointer;
begin
Result := 0;
NTDLL := GetModuleHandle('NTDLL.DLL');
if NTDLL = 0 then Exit;
Address := GetProcAddress(NTDLL, 'ZwProtectVirtualMemory');
Result := Dword(Address);
end;
procedure KillMoney3();
begin
asm
MOV EAX,N1
MOV EDX,N2
CALL DWORD PTR DS:
ret $14
end;
end;
procedure KillMoney2();
begin
asm
pushad
PUSH offset dwOldProtect
PUSH $40
PUSH offset szy
PUSH offset Ader
PUSH $-1
CALL KillMoney3
popad
end;
end;
procedure KillMoney1(aa, bb: DWORD);
var
Apiadder: DWORD;
begin
ader := aa;
szy := bb;
Apiadder := APILoader;
asm
pushad
mov eax,Apiadder
add eax,$1
mov ecx,
mov n1,ecx
add eax,$5
mov ecx,
mov n2,ecx
CALL KillMoney2
popad
end;
end;
procedure TForm1.Button5Click(Sender: TObject);
begin
KillMoney1($00445000, $5);
asm
mov eax,$00445000
mov ,$10000
end;
end;
希望有朋友把它改的更完善,记得发出来学习一下!
GetProcAddressGetModuleHandle有Code 的朋友发出来学习下!改善下 调用方法
KillMoney1($00445000, $5);< ---改写 00445000 地址保护可写长度为5
asm 《--------这个不用解释,了地球人都知道测试可写
mov eax,$00445000
mov ,$10000
end;
end;
页:
[1]