//-------------------------注入代码的函数----------------------------
{参数说明:
InHWND:被注入的窗口句柄
Func:注入的函数的指针
Param:参数的指针
ParamSize:参数的大小
)
procedure InjectFunc(InHWND: HWND; Func: Pointer; Param: Pointer; ParamSize: DWORD);
var
hProcess_N: THandle;
ThreadAdd, ParamAdd: Pointer;
hThread: THandle;
ThreadID: DWORD;
lpNumberOfBytes:DWORD;
begin
GetWindowThreadProcessId(InHWND, @ThreadID);
hProcess_N := OpenProcess(PROCESS_ALL_ACCESS, False, ThreadID);//打开被注入的进程
ThreadAdd := VirtualAllocEx(hProcess_N, nil, 4096, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hProcess_N, ThreadAdd, Func, 4096, lpNumberOfBytes); //写入函数地址
ParamAdd := VirtualAllocEx(hProcess_N, nil, ParamSize, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hProcess_N, ParamAdd, Param, ParamSize, lpNumberOfBytes); //写入参数地址
hThread := CreateRemoteThread(hProcess_N, nil, 0, ThreadAdd, ParamAdd, 0, lpNumberOfBytes); //创建远程线程
WaitForSingleObject(hThread, INFINITE);//等待线程结束
VirtualFreeEx(hProcess_N, ThreadAdd, 0, MEM_RELEASE);
VirtualFreeEx(hProcess_N, ParamAdd, 0, MEM_RELEASE); //释放申请的地址
CloseHandle(hThread);
CloseHandle(hProcess_N); //关闭打开的句柄
end;
//-----------------------------定义一个参数类型-----------------------
type
TPickCallParam = packed record
EDX, EAX: DWORD;
end;
PPickCallParam = ^TPickCallParam;
//------------------------------Call------------------------------
function PickCall(p: PPickCallParam):DWORD; Stdcall;
var
edx1, eax1: DWORD;
address:Pointer;
begin
address:=Pointer($0056A840);
edx1 := p^.EDX;
eax1 := p^.EAX;
asm
pushad
mov ecx, dword ptr [$8D29A4]
mov edx, edx1
push edx
mov ecx, dword ptr [ecx+$20]
mov eax, eax1
push eax
add ecx, $D4
call address
popad
end;
result:=0;
end;
//------------------------------调用Call的函数------------------------------
procedure PickUp; //捡物品
var
baseAdd, tmp1, tmp2, baseItem, itemnum, itemid, i: integer;
itemname:WideString;
CallParam:TPickCallParam;
begin
itemnum:= GetInfo(10);
if itemnum = 0 then exit;
baseAdd:=mem.ReadInt(sjizhi+$18);
for i := 0 to 768 do
begin
tmp1:=mem.ReadInt(baseAdd+i*4);
if tmp1 <> 0 then
begin
baseitem:=mem.ReadInt(tmp1+$4);
itemid:=mem.ReadInt(baseitem+$110);//读物品ID
tmp2:=mem.ReadInt(baseitem+$164);
itemname:=mem.ReadWideStr(tmp2,12);//读物品名称
if {放上可以捡取条件} then
begin
CallParam.EDX:=itemid;
CallParam.EAX:=mem.ReadInt(baseitem+$10C);
InjectFunc(hWnd,@PickCall,@CallParam,SizeOf(CallParam));
Sleep(500);
Dec(itemnum);
if itemnum=0 then exit;
end;
end;
end;
end;
这个代码是从一个别的贴子转过来的。我有这么一个疑问
function PickCall(p: PPickCallParam):DWORD; Stdcall;
这个方法里面有一个参数p
可是这个在注入方法中
InjectFunc(hWnd,@PickCall,@CallParam,SizeOf(CallParam));
参数没有体现出来
如果这个参数是PickCall中的一个必要参数,那么应该通过什么形式加进去呢?
[培训]科锐逆向工程师培训第53期2025年7月8日开班!
