l3m0n
asked on
[Delphi] Readprocessmemory and openprocess.
hi what is wrong with my code:
Readprocessmemory:
OpenProcess:
Using:
myReadProcessMemory is working fine, but myOpenProcess gives AV when i try to use it.
AV message:
Project Peeper.exe raised exception class EAccessViolation with message 'Access violation at address 00000000. Read of address 00000000'. Process stopped. Use Step or Run to continue.
What is wrong? Please help
Readprocessmemory:
library dll;
uses
SysUtils,
Classes,
windows;
var
DblWord: DWORD;
hHandle: THandle;
procedure DllMain(reason: integer) ;
begin
case reason of
DLL_PROCESS_ATTACH:
begin
hHandle:=LoadLibrary('Kernel32.dll');
DblWord:=DWORD(GetProcAddress(hHandle,'ReadProcessMemory'))+5;
end;
DLL_PROCESS_DETACH:
begin
FreeLibrary(hHandle);
end;
end;
end;
function myReadProcessMemory(hProcess: THandle; const lpBaseAddress: Pointer; lpBuffer: Pointer; nSize: DWORD; var lpNumberOfBytesRead: DWORD): BOOL;
begin
asm
mov edi,edi
push ebp
mov esp,ebp
jmp [DblWord]
end;
end;
exports myReadProcessMemory;
begin
DllProc := @DllMain;
DllProc(DLL_PROCESS_ATTACH) ;
end.OpenProcess:
library open;
uses
SysUtils,
Classes,
windows;
var
DblWord: DWORD;
hHandle: THandle;
procedure DllMain(reason: integer) ;
begin
case reason of
DLL_PROCESS_ATTACH:
begin
hHandle:=LoadLibrary('Kernel32.dll');
DblWord:=DWORD(GetProcAddress(hHandle,'OpenProcess'))+5;
end;
DLL_PROCESS_DETACH:
begin
FreeLibrary(hHandle);
end;
end;
end;
function myOpenProcess(dwDesiredAccess: DWORD; bInheritHandle: Boolean; dwProcessId: DWORD): DWORD;
begin
asm
mov edi,edi
push ebp
mov esp,ebp
jmp [DblWord]
end;
end;
exports myOpenProcess;
begin
DllProc := @DllMain;
DllProc(DLL_PROCESS_ATTACH) ;
end.Using:
function myReadProcessMemory(hProcess: THandle; const lpBaseAddress: Pointer; lpBuffer: Pointer; nSize: DWORD; var lpNumberOfBytesRead: DWORD): BOOL; stdcall external 'Read.dll' name 'myReadProcessMemory';
function myOpenProcess(dwDesiredAccess: DWORD; bInheritHandle: Boolean; dwProcessId: DWORD): DWORD; stdcall external 'Open.dll' name 'myOpenProcess';myReadProcessMemory is working fine, but myOpenProcess gives AV when i try to use it.
AV message:
Project Peeper.exe raised exception class EAccessViolation with message 'Access violation at address 00000000. Read of address 00000000'. Process stopped. Use Step or Run to continue.
What is wrong? Please help
ASKER
i need to open game written by my friend in c++ it is a multi player game but now he is only testing it. I said him that he must "block" functions like: "readprocessmemory" etc. He done it, but i saw that i can read something from memory using this code, but i have problem with do OpenProcess and i dont know why. Could you help me? When i done it maybe i can help with do protection.
jimyX, Ewangoya, Thommy and Geert is the most active user here in Delphi zone as I noticed it, and you can view it on the overall Delphi zone experts.
So, I think they are the one whos caplable of helping you deep.
So, I think they are the one whos caplable of helping you deep.
The library's declare without stdcall indicator but the using code have "stdcall".
ASKER
it isnt make differences.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
it is working thanks
Getting function names used by an application or a library? ////possible using asm, but your test is wrong, why? because your testing your own application.
Getting application signatures from memory ? //possible by Delphi alone.
I doubt you are making an av, or if not, your making some malicious code.
Please explain what application you're trying to do