實在看不懂 如何設定一個值到所想要的記憶體位址呢? unit Unit1; interface uses Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, Dialogs, StdCtrls; const WM_HOOKED = WM_USER 3221; type TThreadProVarList = record //定義TThreadProVarList為一筆紀錄 SendMessage: DWORD; ExitProcess: DWORD; ExitThread: DWORD; WndHandle: DWORD; end; type TForm1 = class(TForm) Button1: TButton; Button2: TButton; procedure Button1Click(Sender: TObject); procedure Button2Click(Sender: TObject); private ThreadAdd: Pointer; PID, PHandle: DWORD; ThreadHandle, ThreadID: Thandle; procedure WMHOOKED(var Msg: TMessage);message WM_HOOKED; { Private declarations } public { Public declarations } end; var Form1: TForm1; implementation procedure ThreadPro; var VarList: TThreadProVarList; begin asm mov eax,$FFFFFFFF //32位元暫存器 mov VarList.SendMessage,eax mov eax, $FFFFFFFF mov VarList.WndHandle, eax mov eax, $FFFFFFFF mov VarList.ExitProcess, eax mov eax, $FFFFFFFF mov VarList.ExitThread, eax push 0 //進記憶體堆疊 push 0 push 4245 push VarList.WndHandle //把 call VarList.SendMessage push 0 call VarList.ExitThread end; end; {$R *.dfm} procedure TForm1.Button1Click(Sender: TObject); var WndHandle, TmpHandle: THandle; DllModule, SendPro, WriteCount: DWORD; ExitPro, ExitTPro: DWORD; begin WndHandle := FindWindow(nil, '暮岈挂'); GetWindowThreadProcessId(WndHandle, PID); PHandle := OpenProcess(PROCESS_ALL_ACCESS, False, PID); ThreadAdd := VirtualAllocEx(PHandle, nil, 4096, MEM_COMMIT, PAGE_EXECUTE_READWRITE); WriteProcessMemory(PHandle, ThreadAdd, @ThreadPro, 4096, WriteCount); ThreadHandle := CreateRemoteThread(PHandle, nil, 0, ThreadAdd, nil, CREATE_SUSPENDED, ThreadID); DllModule := LoadLibrary('User32.dll'); SendPro := DWORD(GetProcAddress(DllModule, 'SendMessageW')); DllModule := LoadLibrary('Kernel32.dll'); ExitPro := DWORD(GetProcAddress(DllModule, 'ExitProcess')); ExitTPro := DWORD(GetProcAddress(DllModule, 'ExitThread')); TmpHandle := Self.Handle; WriteProcessMemory(PHandle, Pointer(LongInt(ThreadAdd) 7), @SendPro, SizeOf(DWORD), WriteCount); WriteProcessMemory(PHandle, Pointer(LongInt(ThreadAdd) 15), @TmpHandle, SizeOf(DWORD), WriteCount); WriteProcessMemory(PHandle, Pointer(LongInt(ThreadAdd) 23), @ExitPro, SizeOf(DWORD), WriteCount); WriteProcessMemory(PHandle, Pointer(LongInt(ThreadAdd) 31), @ExitTPro, SizeOf(DWORD), WriteCount); ResumeThread(ThreadHandle); CloseHandle(ThreadHandle); end; procedure TForm1.Button2Click(Sender: TObject); begin VirtualFreeEx(PHandle, ThreadAdd, 4096, MEM_DECOMMIT); CloseHandle(PHandle); end; procedure TForm1.WMHOOKED(var Msg: TMessage); begin MessageBox(self.Handle, '膘蕾堈?盄最?髡', '!!!', MB_OK); end; end.