Type
TGetWindowEx=function (PWindowObj:DWORD;Ucmd:DWORD):PULONG; stdcall;
var
Form1: TForm1;
Call1:DWORD=0;
Call2:DWORD=0;
implementation
{$R *.dfm}
function GetCallAdd(FromCall:DWORD):DWORD;
begin
try
Result:=FromCall+dword(Pointer(FromCall+1)^)+5;
except
Result:=0;
end;
end;
function GetWindowObj(Hwnd:Hwnd):DWORD;stdcall;
asm
MOV ECX,DWORD PTR SS:[EBP+8]
CALL Call1
end;
function MyGetWindow(Hwnd:Hwnd;Ucmd:DWORD):Hwnd; stdcall;
asm
MOV ECX,DWORD PTR SS:[EBP+8]
CALL Call1
TEST EAX,EAX
Je @@3
PUSH DWORD PTR SS:[EBP+$C]
PUSH EAX
CALL Call2
TEST EAX,EAX
JE @@3
MOV EAX,DWORD PTR DS:[EAX]//这里读取没有问题
@@3:
end;
function MyGetWindowList(Hwnd:Hwnd;Ucmd:DWORD):Dword; stdcall;
asm
MOV ECX,DWORD PTR SS:[EBP+8]
CALL Call1
TEST EAX,EAX
Je @@3
PUSH DWORD PTR SS:[EBP+$C]
PUSH EAX
CALL Call2
@@3:
end;
function SetWindow(Hwnd:Hwnd;Ucmd:DWORD):Boolean; stdcall;
asm
MOV ECX,DWORD PTR SS:[EBP+8]
CALL Call1
TEST EAX,EAX
Je @@3
PUSH DWORD PTR SS:[EBP+$C]
PUSH EAX
CALL Call2
TEST EAX,EAX
JE @@3
MOV EAX,DWORD PTR DS:[EAX]//这里读取没有问题
xor Eax,Eax
MOV DWORD PTR DS:[EAX],EAX//这里回写失败,就酸给予页读写权限,同样失败,ring3层有办法解决吗?
@@3:
end;
procedure TForm1.Button2Click(Sender: TObject);
begin
SetWindow(Form1.Handle,GW_HWNDNEXT)
end;
procedure TForm1.Button3Click(Sender: TObject);
begin
Caption:=IntToStr(GetWindow(Form1.Handle,GW_HWNDNEXT))+'+'+IntToStr(MyGetWindow(Form1.Handle,GW_HWNDNEXT));
end;
procedure TForm1.FormCreate(Sender: TObject);
var
DLLBASE,TempApiADD:DWORD;
dwSize,TempAdd:DWORD;
TempCode:Byte;
MyProcess:DWORD;
I:Integer;
label XunHuan;
begin
DLLBASE:=LoadLibrary('user32.dll');
TempApiADD:=Dword(GetProcAddress(DLLBASE,'GetWindow'));
TempAdd:=0;
if TempApiADD<>0 then
begin
for I := 0 to 100 do
begin
TempCode:=Byte(Pointer(TempApiADD+I)^);
if TempCode=$E8 then
begin
TempAdd:=TempApiADD+I;
if Call1=0 then
begin
Call1:=GetCallAdd(TempAdd);
end else
if Call2=0 then
begin
Call2:=GetCallAdd(TempAdd);
Break
end;
end;
end;
end;
end;
