Delphi change the assembly code of a running process -



Delphi change the assembly code of a running process -

i'm trying alter address 00741fa5 has push test.009e721c. alter push test.009e71c8.

procedure callback; asm force $9e71c8 end; procedure tform2.btn1click(sender: tobject); var ppid :dword; pprocess : cardinal; begin getwindowthreadprocessid(findwindow(nil,pchar('test')), @ppid); pprocess := openprocess(process_all_access, false, ppid); injectasm(pprocess, $741fa5, 10, integer(@callback), 0); end;

here injectasm function (with error checking)

function injectasm(process: longword; injectaddress, injectsize, codeaddress, codesize : integer): pointer; var csize, rsize : integer; replaced : array of byte; jmp : array [0..4] of byte; jmpaddress : integer; nopv : byte; : integer; nbr: ulong_ptr; begin //injectsize must equal or greater 5, because need space our //(far) jmp wwxxyyzz instruction //if there's no space, inject in place of few instructions if injectsize < 5 raise exception.create('injectsize must equal or greater 5.'); //let's re-create replaced code setlength(replaced, injectsize); := 0 injectsize - 1 replaced[i] := byte(pointer(dword(injectaddress) + i)^); //now procedure's size if codesize < 1 begin csize := 0; while byte(pointer(codeaddress + csize)^) <> $c3 csize := csize + 1; end else begin csize := codesize; end; //size of injected code rsize := injectsize + csize + 5; //5 stand far jmp //allocate memory code result := virtualallocex(process, nil, csize, mem_commit or mem_reserve, page_execute_readwrite); //write code allocated memory win32check(writeprocessmemory(process, result, ptr(codeaddress), csize, nbr)); //write replaced code win32check(writeprocessmemory(process, ptr(integer(result) + csize), @replaced[0], injectsize, nbr)); //write jmp jmpaddress := (injectaddress + injectsize) - (integer(result) + csize + injectsize) - 5; jmp[0] := $e9; jmp[1] := byte(jmpaddress); jmp[2] := byte(jmpaddress shr 8); jmp[3] := byte(jmpaddress shr 16); jmp[4] := byte(jmpaddress shr 24); win32check(writeprocessmemory(process, ptr(integer(result) + csize + injectsize), @jmp[0], 5, nbr)); if win32check(virtualprotectex(process,pointer(dword(injectaddress)),5, page_execute_readwrite, @nbr)) begin //fill code we're going replace nops if injectsize > 5 begin nopv := $90; := 5 injectsize - 1 begin win32check(writeprocessmemory(process, ptr(injectaddress+i), @nopv, 1, nbr)); end; end; //write jmp injected code jmpaddress := integer(result) - injectaddress - 5; jmp[0] := $e9; jmp[1] := byte(jmpaddress); jmp[2] := byte(jmpaddress shr 8); jmp[3] := byte(jmpaddress shr 16); jmp[4] := byte(jmpaddress shr 24); win32check(writeprocessmemory(process, ptr(injectaddress), @jmp[0], 5, nbr)); end; win32check(virtualprotectex(process,pointer(dword(injectaddress)),5, nbr, nil)); end;

but won't change. help please.

the original function can found here http://tpforums.org/forum/threads/1428-delphi-asm-code-hooking

thanks,

procedure funcnewentry; begin asm force $9e71c8 //the new asm code want add. end; end; function changeentry(pid:cardinal;targetoffest:dword;funcprocedure:pointer):pointer; var lpnumberofbyteswritten:ulong_ptr; begin pid := openprocess(process_all_access, false, pid); win32check(writeprocessmemory(pid, pointer(targetoffest), funcprocedure, sizeof(@funcprocedure), lpnumberofbyteswritten)); closehandle(pid); end;

usage

procedure tform3.btn1click(sender: tobject); var ppid:cardinal; begin getwindowthreadprocessid(findwindow(nil,pchar('test')), @ppid); changeentry(ppid,$00741fa5,@funcnewentry); end;

delphi

Comments

Popular posts from this blog

json - Hibernate and Jackson (java.lang.IllegalStateException: Cannot call sendError() after the response has been committed) -

C++ 11 "class" keyword -