Delphi写内存补丁范例

 interface uses Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, Dialogs; type TForm1 = class(TForm) procedure FormCreate(Sender: TObject); private { Private declarations } public { Public declarations } end; var Form1: TForm1; implementation {$R *.dfm} var si:STARTUPINFO ; pi:PROCESS_INFORMATION ; NewData : array[0..1] of byte = ($90,$90); NewDataSize : DWORD; Bytesread : DWORD; Olddata : array[0..1] of byte; dir:string ; procedure TForm1.FormCreate(Sender: TObject); begin dir:=ExtractFileDir(Application.ExeName ); if FileExists(dir+'/crackme1.exe') then begin ZeroMemory(@Pi,SizeOf(pi)); FillChar (si,SizeOf(si),0); si.cb :=SizeOf(si); NewDatasize :=SizeOf(NewData ) ; if CreateProcess (nil,'crackme1.exe',nil,nil,False ,CREATE_SUSPENDED ,nil ,nil,si,pi)=True then begin ReadProcessMemory(pi.hProcess ,Pointer($00401586 ),@olddata,2 ,BytesRead ); if (OldData[0]=$75) and (OldData[1]=$18) then begin WriteProcessMemory(pi.hProcess ,Pointer($00401586 ),@newdata,NewDatasize ,BytesRead ); ResumeThread(pi.hThread ); CloseHandle(pi.hProcess ); CloseHandle(pi.hThread ); end else MessageBox(Handle, PChar('无法打入内存补丁'), PChar('错误'),MB_ICONERROR or MB_OK); TerminateProcess(pi.hProcess ,0); CloseHandle(pi.hProcess ); CloseHandle(pi.hThread ); end; end else begin ShowMessage('本补丁必须与原文件放在同一目录下'); Application.Terminate ; end; end; end.