转 delphi内存补丁

hixiaosheng

 
interface  
uses  
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,   
Dialogs;   
type  
TForm1 = class(TForm)   
procedure FormCreate(Sender: TObject);   
private  
{ Private declarations }  
public  
{ Public declarations }  
end;   
var  
Form1: TForm1;   
implementation  
{$R *.dfm}  
var  
si:STARTUPINFO ;   
pi:PROCESS_INFORMATION ;   
NewData : array[0..1] of byte = ($90,$90);   
NewDataSize : DWORD;   
Bytesread : DWORD;   
Olddata : array[0..1] of byte;   
dir:string ;   
procedure TForm1.FormCreate(Sender: TObject);   
begin  
dir:=ExtractFileDir(Application.ExeName );   
if FileExists(dir+'\crackme1.exe') then  
begin  
ZeroMemory(@Pi,SizeOf(pi));   
FillChar (si,SizeOf(si),0);   
si.cb :=SizeOf(si);   
NewDatasize :=SizeOf(NewData ) ;   
if CreateProcess (nil,'crackme1.exe',nil,nil,False ,CREATE_SUSPENDED ,nil ,nil,si,pi)=True then  
begin  
ReadProcessMemory(pi.hProcess ,Pointer($00401586 ),@olddata,2 ,BytesRead );   
if (OldData[0]=$75) and (OldData[1]=$18) then  
begin  
WriteProcessMemory(pi.hProcess ,Pointer($00401586 ),@newdata,NewDatasize ,BytesRead );   
ResumeThread(pi.hThread );   
CloseHandle(pi.hProcess );   
CloseHandle(pi.hThread );   
end else  
MessageBox(Handle, PChar('无法打入内存补丁'), PChar('错误'),MB_ICONERROR or MB_OK);   
TerminateProcess(pi.hProcess ,0);   
CloseHandle(pi.hProcess );   
CloseHandle(pi.hThread );   
end;   
end  
else  
begin  
ShowMessage('本补丁必须与原文件放在同一目录下');   
Application.Terminate ;   
end;   
end;   
end.