标签: delphi源码

学习外挂的外挂源代码

01:可得到在网页中输入的用户名和密码的源代码 VC源代码02:传2脱机源代码 VC源代码03:传2机器人源代码 VC源代码04:封包截取的源码,值得学习 VC源代码05:神迹外挂挂源码 VC源代码06:系统加速源代码 DELPHI源代码07:传2外挂源码 ,功能丰富,是不可多得的源码 DELPHI源代码08:神迹脱机外挂源码 DELPHI源代码09:内存修改器源代码 VB源代码10:Winsock 详细使用例程 VB源代码11:内存搜索及修改源代码 VB源代码12:QQ消息自动发送器,有许多API操作值得学习 VB源代码13:读写INI文件的操作,值得学习 VB源代码14:截取封包的操作 VB源代码15:又一个内存修改器的源代码 VB源代码16:剑侠补血源码 VB源代码17:绿光抓包器,很好用 BC源代码18:封包截取源代码 VC源代码19:CS最有名的作敝器ORC9源码 VC源代码20:mu窗口化源码 VC源代码21:系统加速源码 VB源代码22:魔力宝贝和石器时代解图工具源码 VC源代码23:刀剑online 内存查看(HP,MP等) VB源代码24 :巨好的传奇2外挂 VC源代码25:巨好的龙族外挂源码 VB源代码26:传奇封包分析器 VB源代码27:DiabloII的外挂源代码 VC源代码28:JoolzCheat源码(著名游戏CS1.5版作弊器ogc-para源码) VC源代码29:传奇自动发言外挂 VC源代码30:盛大传奇外挂源码 VC源代码31:新大话西游经典系列源代码 VC源代码32:自动释放ASN聚气外挂源代码 VC源代码33:天翼脱机外挂源码(强力推荐) DELPHI源代码34:内存查找修改器 (和FPE GE一样,查找速度极快) DELPHI源代码35:又一个内存查找修改器 DELPHI源代码36:内存查找修改 DELPHI源代码37:BlowFish解密函数 DELPHI源代码38:lose-v0.41beta-win32-src DELPHI源代码39:传奇VB代码-Group.dat文件解密代码 VB源代码40:刀剑自动补血 VB源代码41:金庸小外挂 VB源代码42:腾讯QQ游戏–对对碰外挂制作教程详解 VB源代码43:APIhook DELPHI源代码44:APIHOOK VC源代码45:一个呼出热键的示例 DELPHI源代码46:mir外挂 易语言47:奇迹登陆器 VB源代码48:QQ对对碰小外挂 DELPHI源代码49:好像是封神ONLINE的东西 VC源代码50:一个极好的钩子教材 易语言51:传世地图 BC源代码52:奇迹登录器的E源码 易语言53:对对碰挂机 VC源代码54:库库神仙的防大补贴 DELPHI源代码55:扫雷外挂 DELPHI源代码56:毁灭天使2源代码 易语言 全部源代码下载地址:链接: https://pan.baidu.com/s/1Nr_ujf-OWGVZh1DrYdd6SA 提取码: amnp 复制这段内容后打开百度网盘手机App,操作更方便哦

在游戏中切出外挂delphi代码

需要用DLL方式调用:这是DLL的DPR文件: 1234567891011121314151617181920212223242526library Hook32; { Important note about DLL memory management: ShareMem must be thefirst unit in your library's USES clause AND your project's (selectProject-View Source) USES clause if your DLL exports any procedures orfunctions that pass strings as parameters or function results. Thisapplies to all strings passed to and from your DLL--even those thatare nested in records and classes. ShareMem is the interface unit tothe BORLNDMM.DLL shared memory manager, which must be deployed alongwith your DLL. To avoid using BORLNDMM.DLL, pass string informationusing PChar or ShortString parameters. } usesSysUtils,Forms,Classes,myDLl in 'myDLl.pas' {Form1}; {$R *.res} exportsHookOn,HookOff; begin{Application.Initialize;Application.Run; }end. 这是DLL的PAS文件: 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142unit myDLl; interface usesWindows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,Dialogs, StdCtrls; typeTForm1 = class(TForm)Button1: TButton;Edit1: TEdit;Memo1: TMemo;procedure Button1Click(Sender: TObject);procedure FormClose(Sender: TObject; var Action: TCloseAction);procedure FormDestroy(Sender: TObject);procedure FormActivate(Sender: TObject);private{ Private declarations }public{ Public declarations }end; varForm1: TForm1;function HookProc(nCode:Integer;WParam: WPARAM;LParam:LPARAM):LRESULT;stdcall;function HookOn(lpHwnd:HWND;lpType:Longint):Longint;stdcall;export;function HookOff:Boolean;stdcall;export; implementation{type KeyboardBytes=recordkbArray:array[0..255] of byte;end;} varhHk: HHOOK=0;hMOUSEHk: HHOOK=0;mhwnd:HWND=0;bShow:Boolean=False;myKey:Byte=VK_F7;kbArray:TKeyboardState;hThread: Cardinal;hmod: Pointer; //HinstancehProcessId: Cardinal; // KeyHookStruct:^THardwareHookStruct;mMode:Integer; {$R *.dfm} function HookProc(nCode:Integer;WParam: WPARAM;LParam:LPARAM):LRESULT;stdcall;beginResult :=0; if nCode<0 thenResult := CallNextHookEx(hHk,nCode,WParam,LParam)elsebeginGetKeyboardState(kbArray); if (bShow=False) And (kbArray[myKey]=1) thenbeginbShow:=True;Form1:=TForm1.Create(Application);ShowCursor(true);try// Form1.Caption :='我的DLL中的窗体!';// LockWindowUpdate(mhwnd);/// SetParent(Form1.Handle,mhwnd);// MoveWindow(Form1.Handle,1,1,2,2,True);// UpdateWindow(Form1.Handle);// UpdateWindow(mhwnd);SetWindowPos(Form1.Handle, HWND_TOPMOST, 0, 0, 0, 0, SWP_NOMOVE Or SWP_NOSIZE);// UpdateWindow(mhwnd);// mMode:=GetMapMode(GetDC(mhwnd));// SetMapMode(GetDC(Form1.Handle),mMode);// UpdateWindow(Form1.Handle);// SetWindowLong(Form1.Handle,GWL_STYLE,GetWindowLong(mhwnd, GWL_STYLE)); Result :=1;SuspendThread(hThread);Form1.ShowModal;ShowCursor(true);ResumeThread(hThread);kbArray[myKey] := 0;SetKeyboardState(kbArray); finallyForm1.Free;end;endelsebeginResult := CallNextHookEx(hHk,nCode,WParam,LParam);end;end;end; function HookOn(lpHwnd:HWND;lpType:Longint): Longint;stdcall; export;beginmhwnd:=lpHwnd;if hHk<>0 then UnHookWindowsHookEx(hHk);hThread :=GetWindowThreadProcessId(mhwnd,hmod);// hProcessId:=cardinal(hmod);// Sleep(200);hHk :=SetWindowsHookEx(lpType,@HookProc,hInstance,hThread); // WH_KEYBOARDResult :=hHkend; function HookOff:Boolean;stdcall; export;beginif hHk<>0 thenbeginUnHookWindowsHookEx(hHk);hHk :=0;Result :=true;endelseResult :=false;end; procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);beginbShow:=False;end; procedure TForm1.FormDestroy(Sender: TObject);beginbShow:=False;end; procedure TForm1.Button1Click(Sender: TObject);beginForm1.close;end; procedure TForm1.FormActivate(Sender: TObject);beginShowCursor(true);end; end. 这是调用的程序PAS 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748unit Unit1; interface usesWindows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,Dialogs, StdCtrls, ExtCtrls; typeTForm1 = class(TForm)procedure FormCreate(Sender: TObject);procedure FormClose(Sender: TObject; var Action: TCloseAction); private{ Private declarations }public{ Public declarations }end; varForm1: TForm1;function HookOn(lpHwnd:HWND;lpType:Longint):Longint;stdcall;external 'HOOK32.DLL' name 'HookOn';function HookOff:Boolean;stdcall;external 'HOOK32.DLL' name 'HookOff';implementation {$R *.dfm} procedure TForm1.FormCreate(Sender: TObject);varhHandle:HWND;hProID:HWND;hThrID:HWND;h1:HWND;begin//这些只是自身程序的,没什么用。hHandle:=Application.Handle;hProID:=GetCurrentProcessId();hThrID:=GetCurrentThreadId();h1:=FindWindow(NIL,'你的程序');//这是窗口的句柄,要自己找到后,填写入。HookOn(h1,WH_KEYBOARD);end; procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);beginhookoff;end; end.

delphi如何在Ring3下跨进程获取DLL信息

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250unit APIUnit;{ GetProcessModuleHandle API Unit Ring3调用NtQueryInformationProcess实现跨进程获取DLL句柄 }interfaceUSES Winapi.Windows,System.SysUtils;type USHORT = Word; UNICODE_STRING = packed Record Length : USHORT; MaximumLength: USHORT; Buffer : PWideString; end; RTL_USER_PROCESS_PARAMETERS = packed record Reserved1 : array[0..15] of Byte; Reserved2 : array[0..9] of Pointer; ImagePathName: UNICODE_STRING; CommandLine : UNICODE_STRING; end; PRTL_USER_PROCESS_PARAMETERS = ^RTL_USER_PROCESS_PARAMETERS; _PEB_LDR_DATA = record Length: ULONG; Initialized: BOOLEAN; SsHandle: pointer;//PVOID; InLoadOrderModuleList: LIST_ENTRY; InMemoryOrderModuleList: LIST_ENTRY; InInitializationOrderModuleList: LIST_ENTRY; end {_PEB_LDR_DATA}; PEB_LDR_DATA = _PEB_LDR_DATA; PPEB_LDR_DATA = ^_PEB_LDR_DATA; _LDR_MODULE = record InLoadOrderModuleList: LIST_ENTRY; InMemoryOrderModuleList: LIST_ENTRY; InInitializationOrderModuleList: LIST_ENTRY; BaseAddress: pointer; EntryPoint: pointer; SizeOfImage: ULONG; FullDllName: UNICODE_STRING; BaseDllName: UNICODE_STRING; Flags: ULONG; LoadCount: SmallInt; TlsIndex: SmallInt; HashTableEntry: LIST_ENTRY; TimeDateStamp: ULONG; end {_LDR_MODULE}; LDR_MODULE = _LDR_MODULE; PLDR_MODULE = ^_LDR_MODULE; _PEB_FREE_BLOCK = record Next:Pointer; Size:ULONG; end; PPEB_FREE_BLOCK = ^_PEB_FREE_BLOCK; PEB = packed record InheritedAddressSpace:Boolean;// 00h ReadImageFileExecOptions:Boolean; // 01h BeingDebugged:Boolean; //02H Spare:Boolean; Mutant:THandle; ImageBaseAddress:Pointer; LoaderData:Pointer; //0C ProcessParameters:Pointer; SubSystemData:Pointer; ProcessHeap:Pointer; FastPebLock:Pointer; FastPebLockRoutine:PPointer; FastPebUnlockRoutine:PPointer; EnvironmentUpdateCount:ULONG; KernelCallbackTable:^Pointer; EventLogSection:Pointer; EventLog:Pointer; FreeList:PPEB_FREE_BLOCK; TlsExpansionCounter:ULONG; TlsBitmap:Pointer; TlsBitmapBits:array [0..$2] of ULONG; ReadOnlySharedMemoryBase:Pointer; ReadOnlySharedMemoryHeap:Pointer; ReadOnlyStaticServerData:^Pointer; AnsiCodePageData:Pointer; OemCodePageData:Pointer; UnicodeCaseTableData:Pointer; NumberOfProcessors:ULONG; NtGlobalFlag:ULONG; Spare2:array [0..$4] of Byte; CriticalSectionTimeout:LARGE_INTEGER; HeapSegmentReserve:ULONG; HeapSegmentCommit:ULONG; HeapDeCommitTotalFreeThreshold:ULONG; HeapDeCommitFreeBlockThreshold:Ulong; NumberOfHeaps:ULONG; MaximumNumberOfHeaps:ULONG; ProcessHeaps:PPointer; GdiSharedHandleTable:Pointer; ProcessStarterHelper:Pointer; GdiDCAttributeList:Pointer; LoaderLock:Pointer; OSMajorVersion:ULONG; OSMinorVersion:ULONG; OSBuildNumber:ULONG; OSPlatformId:ULONG; ImageSubSystem:ULONG; ImageSubSystemMajorVersion:ULONG; ImageSubSystemMinorVersion:ULONG; GdiHandleBuffer:array [0..$22] of ULONG; PostProcessInitRoutine:ULONG; TlsExpansionBitmap:ULONG; TlsExpansionBitmapBits: array [0..$80] of Byte; SessionId:ULONG; end; PPEB = ^PEB; PROCESS_BASIC_INFORMATION = packed record ExitStatus : DWORD; PebBaseAddress: PPEB; AffinityMask : DWORD; BasePriority : DWORD; uUniqueProcessId: ULong; uInheritedFromUniqueProcessId: ULong; end; TProcessBasicInformation = PROCESS_BASIC_INFORMATION; function NtQueryInformationProcess( ProcessHandle: THandle; {进程句柄} ProcessInformationClass: Byte; {信息类型} ProcessInformation: Pointer; {缓冲指针} ProcessInformationLength: ULONG; {以字节为单位的缓冲大小} ReturnLength: PULONG {写入缓冲的字节数} ): DWORD; stdcall; external 'ntdll.dll';function GetProcessModuleHandle(dwProcessID:DWORD;DllName:PChar):DWORD;implementation function EnablePrivilege(hToken: Cardinal; PrivName: string; bEnable: Boolean):Boolean; var TP: TOKEN_PRIVILEGES; Dummy: Cardinal; begin try TP.PrivilegeCount := 1; LookupPrivilegeValue(nil, pchar(PrivName), TP.Privileges[0].Luid); if bEnable then TP.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED else TP.Privileges[0].Attributes := 0; AdjustTokenPrivileges(hToken, False, TP, SizeOf(TP), nil, Dummy); except end; Result :=True; end; function EnableDebugPrivilege: Boolean; var hToken: THandle; begin Result := False; try OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, hToken); EnablePrivilege(hToken, 'SeDebugPrivilege', True); CloseHandle(hToken); Result :=True; except end; end; function GetProcessModuleHandle(dwProcessID:DWORD;DllName:PChar):DWORD; var hProcess:DWORD; PBI:TProcessBasicInformation; r,ret:DWORD; readByte: SIZE_T; PEBType:PPEB; PLD :PPEB_LDR_DATA; PME :PLDR_MODULE; PEBDLLName:PChar; const Size:DWORD = 255; begin Result := 0; GetMem(PEBType,SizeOf(PEB)); ZeroMemory(PEBType,SizeOf(PEB)); GetMem(PLD,SizeOf(PEB_LDR_DATA)); ZeroMemory(PLD,SizeOf(PEB_LDR_DATA)); GetMem(PME,SizeOf(LDR_MODULE)); ZeroMemory(PME,SizeOf(LDR_MODULE)); GetMem(PEBDLLName,Size); try //提升进程权限 if not EnableDebugPrivilege then begin OutputDebugStringW('Do not have Debug privilege'); //无法提升调试权限 end; //如果PID为0则获取自身的伪句柄,如果不是则获取指定PID的句柄 if dwProcessID <> 0 then //打开进程,需要PROCESS_QUERY_INFORMATION和PROCESS_VM_READ权限 hProcess := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, FALSE,dwProcessID) else hProcess := GetCurrentProcess; //调用NtQueryInformationProcess获取结构信息 ret := NtQueryInformationProcess(hProcess,0,@PBI,SizeOf(PBI),@r); //正常情况下ret是0,如果不是则认为错误 if ret = 0 then begin //获取PEB结构 ReadProcessMemory(hProcess,PBI.PebBaseAddress,PEBType,SizeOf(PEB),readByte); //获取PLD结构 ReadProcessMemory(hProcess,PEBType.LoaderData,PLD,SizeOf(PEB_LDR_DATA),readByte); //获取第一个PME ReadProcessMemory(hProcess,PLD.InLoadOrderModuleList.Flink,PME,SizeOf(LDR_MODULE),readByte); //循环 while True do begin //清零缓冲区 ZeroMemory(PEBDLLName,Size); //读取buff到内存中,获取当前结构的DLL名 if not ReadProcessMemory(hProcess,PME.BaseDllName.Buffer,PEBDLLName,PME.BaseDllName.Length,readByte) then Break; //对比DLL名称,不区分大小写 if LowerCase(AnsiString(PEBDLLName)) = LowerCase(AnsiString(DllName)) then begin //调试信息 OutputDebugStringW(PEBDLLName); //返回DLL的句柄 Result := dword(pme.BaseAddress); //退出循环 Break; end; //调试信息 OutputDebugStringW(PEBDLLName); //如果下一个结构为开始的结构,则认为链表已经枚举完了 if PME.InLoadOrderModuleList.Flink = PLD.InLoadOrderModuleList.Flink then Break; //读取下一个结构 if not ReadProcessMemory(hProcess,PME.InLoadOrderModuleList.Flink,PME,SizeOf(LDR_MODULE),readByte) then Break; end; end else begin //返回错误信息 OutputDebugStringW('Error!NtQueryInformationProcess Error!'); end; finally //释放使用的内存 FreeMem(PEBDLLName,Size); FreeMem(PME,SizeOf(LDR_MODULE)); FreeMem(PLD,SizeOf(PEB_LDR_DATA)); FreeMem(PEBType,SizeOf(PEB)); end; end;end.

delphi如何在win7中远程注入代码

一. delphi远程注入Dll文件 首先,您必须找到已经在内存中运行的应用程序(EXE)的PID。以下函数将通过名称获得PID1234567891011121314151617181920212223function PIDbyName(ProcessName: PWideChar): DWORD;var ProcessSnap: Int64; ProcessEntry32: TProcessEntry32;begin Result := 0; ProcessSnap := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if ProcessSnap <> INVALID_HANDLE_VALUE then begin ProcessEntry32.dwSize := SizeOf(TPROCESSENTRY32); if Process32First(ProcessSnap, ProcessEntry32) then repeat if lstrcmpi(ProcessEntry32.szExeFile, ProcessName) = 0 then begin Result := ProcessEntry32.th32ProcessID; CloseHandle(ProcessSnap); exit; end; until not Process32Next(ProcessSnap, ProcessEntry32); Result := 0; CloseHandle(ProcessSnap); end;end; 这是32/64位应用程序的DLL注入函数 Source是DLL,Target是EXE123456789101112131415161718192021222324252627282930function InjectDLL(Source, Target : PWideChar) : boolean;var dwThreadID: Cardinal; hProc, hThread: THandle; BytesToWrite, BytesWritten: SIZE_T; pRemoteBuffer, pLoadLibrary: Pointer;begin hProc := OpenProcess(PROCESS_CREATE_THREAD or PROCESS_QUERY_INFORMATION or PROCESS_VM_OPERATION or PROCESS_VM_WRITE or PROCESS_VM_READ, False, PIDbyName(Target)); if hProc = 0 then exit(false); try BytesToWrite := SizeOf(WideChar) * (Length(Source) + 1); pRemoteBuffer := VirtualAllocEx(hProc, nil, BytesToWrite, MEM_COMMIT,PAGE_READWRITE); if pRemoteBuffer = nil then exit(false); try if not WriteProcessMemory(hProc, pRemoteBuffer, Source, BytesToWrite, BytesWritten) then exit(false); pLoadLibrary := GetProcAddress(GetModuleHandle('kernel32.dll'), 'LoadLibraryW'); hThread := CreateRemoteThread(hProc, nil, 0, pLoadLibrary, pRemoteBuffer, 0, dwThreadID); try WaitForSingleObject(hThread, INFINITE); finally Result := true; CloseHandle(hThread); end; finally VirtualFreeEx(hProc, pRemoteBuffer, 0, MEM_RELEASE); end; finally CloseHandle(hProc); end;end; 简单的DLL12345678910111213141516171819202122232425library testDLL; uses System.SysUtils, System.Classes, Winapi.Windows; {$R *.res} procedure DLLEntryPoint(dwReason: DWord);var DLLHandle : DWORD;begin case dwReason of DLL_PROCESS_ATTACH: MessageBox(DLLHandle, 'Process Attach', 'Info', mb_Ok); DLL_PROCESS_DETACH: MessageBox(DLLHandle, 'Process Detach', 'Info', mb_Ok); end;end; begin DllProc := @DLLEntryPoint; DllEntryPoint(DLL_PROCESS_ATTACH);end. 用法:InjectDLL(‘testDLL.dll’, ‘yourapplication.exe’)二. delphi远程直接注入代码执行(非DLL插入是代码注入)12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394//-------------------------注入代码的函数---------------------------- {参数说明: InHWND:被注入的窗口句柄 Func:注入的函数的指针 Param:参数的指针 ParamSize:参数的大小 } procedure InjectFunc(InHWND: HWND; Func: Pointer; Param: Pointer; ParamSize: DWORD); var hProcess_N: THandle; ThreadAdd, ParamAdd: Pointer; hThread: THandle; ThreadID: DWORD; lpNumberOfBytes:DWORD; begin GetWindowThreadProcessId(InHWND, @ThreadID); //获得窗口ID hProcess_N := OpenProcess(PROCESS_ALL_ACCESS, False, ThreadID);//打开被注入的进程 ThreadAdd := VirtualAllocEx(hProcess_N, nil, 4096, MEM_COMMIT, PAGE_READWRITE); //申请写入代码空间 WriteProcessMemory(hProcess_N, ThreadAdd, Func, 4096, lpNumberOfBytes); //写入函数地址 ParamAdd := VirtualAllocEx(hProcess_N, nil, ParamSize, MEM_COMMIT, PAGE_READWRITE); //申请写入代码参数空间 WriteProcessMemory(hProcess_N, ParamAdd, Param, ParamSize, lpNumberOfBytes); //写入参数地址 hThread := CreateRemoteThread(hProcess_N, nil, 0, ThreadAdd, ParamAdd, 0, lpNumberOfBytes); //创建远程线程 ResumeThread(hThread); //直接运行线程 CloseHandle(hThread); //关闭线程 VirtualFreeEx(hProcess_N, ThreadAdd, 4096, MEM_RELEASE); VirtualFreeEx(hProcess_N, ParamAdd, ParamSize, MEM_RELEASE); //释放申请的地址 CloseHandle(hProcess_N); //关闭打开的句柄 end; //-----------------------------定义一个参数类型----------------------- type TPickCallParam = packed record ax, ay: single; end; PPickCallParam = ^TPickCallParam; //指向结构的指针(C中叫这种方式的数据应该叫结构体吧) procedure runCall(p:PPickCallParam);stdcall; // 走路call var addres,addres1,addres2:pointer; x,y:single; begin addres:=pointer($0045ec00); addres1:=pointer($00462620); addres2:=pointer($0045f000); x:=p^.ax; //目的地X坐标 y:=p^.ay; //目的地Y坐标 asm pushad mov eax, dword ptr [$8f207c] mov eax, dword ptr [eax+$1C] mov esi, dword ptr [eax+$20] mov ecx, dword ptr [esi+$ba0] push 1 call addres mov edi, eax lea eax, dword ptr [esp+$18] push eax push 0 mov ecx, edi call addres1 push 0 push 1 push edi mov ecx, dword ptr [esi+$ba0] push 1 call addres2 mov eax, dword ptr [$8f207c] mov eax, dword ptr [eax+$1C] mov eax, dword ptr [eax+$20] mov eax, dword ptr [eax+$ba0] mov eax, dword ptr [eax+$30] mov ecx, dword ptr [eax+4] mov eax, x mov [ecx+$20], eax mov eax, y mov [ecx+$28], eax popad end; END; procedure TForm1.Button1Click(Sender: TObject);//在控件中做个按钮 测试 var CallParam:TPickCallParam; begin; getmem(pname,33); myhwnd := FindWindow(nil,'Element Client');{查找窗口句柄} GetWindowThreadProcessId(myhwnd, aproc); {得到窗口ID} phnd := OpenProcess(PROCESS_VM_READ , False, aproc);{以完全访问权限打开进程句柄} if (phnd<>0 ) then begin CallParam.ax:= 1860.0; //给注入代码函数赋值 CallParam.ay:=120.0; //给注入代码函数赋值 InjectFunc(myhWnd,@runCall,@CallParam,SizeOf(CallParam)); //运行注入代码函数 sleep(100); CloseHandle(PHND) //关闭进程 end; end; 三. 远程代码或DLL注入x86/x64/Win2k/win7~Win8.1 64位全可用(最重要的隆重登场)上面的一和二远程注入,在win7 64位系统下,不能成功注入service服务程序,下面代码实现在64位系统,可以注入系统进程,服务进程等!看关键函数NtCreateThreadEx,而在win7 64位下的注入问题http://forum.sources.ru/index.php?showtopic=313636有相应讨论123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116program Inject; {$APPTYPE CONSOLE} {$IF CompilerVersion >= 21.0}{$WEAKLINKRTTI ON}{$RTTI EXPLICIT METHODS([]) PROPERTIES([]) FIELDS([])}{$IFEND} uses Winapi.Windows; Type NtCreateThreadExProc = Function(Var hThread:THandle; Access:DWORD; Attributes:Pointer; hProcess:THandle; pStart:Pointer; pParameter:Pointer; Suspended:BOOL; StackSize, u1, u2:DWORD; Unknown:Pointer):DWORD; stdcall; Function CheckOs():Boolean;Var lpVersionInformation :TOSVersionInfoW;begin Result := False; if GetVersionExW(lpVersionInformation) then begin if lpVersionInformation.dwPlatformId = VER_PLATFORM_WIN32_NT Then begin if (lpVersionInformation.dwMajorVersion < 6) then begin Result := True; end; end; end;end; Function EnableDebugPrivilege():Boolean;Var hToKen :THandle; TokenPri :TTokenPrivileges;begin Result := False; if(OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES, hToKen)) Then begin TokenPri.PrivilegeCount := 1; If LookupPrivilegeValueW(Nil, 'SeDebugPrivilege', TokenPri.Privileges[0].Luid) Then begin TokenPri.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED; Result := AdjustTokenPrivileges(hToken, False, TokenPri, SizeOf(TTokenPrivileges), Nil, PDWORD(Nil)^); end Else Writeln('LookupPrivilege Error'); CloseHandle(hToKen); end;end; Function RemoteThread(hProcess:THandle; pThreadProc:Pointer; pRemote:Pointer):THandle;Label NtCreate, Create;Var pFunc :Pointer; hThread :THandle;begin hThread := 0; if Not CheckOs() then //根据系统版本来选择使用的API begin NtCreate: pFunc := GetProcAddress(LoadLibraryW('ntdll.dll'), 'NtCreateThreadEx'); if pFunc = Nil then Goto Create; NtCreateThreadExProc(pFunc)(hThread, $1FFFFF, Nil, hProcess, pThreadProc, pRemote, False, 0, 0, 0, Nil); if hThread = 0 then Goto Create; end Else begin Create: hThread := CreateRemoteThread(hProcess, Nil, 0, pThreadProc, pRemote, 0, PDWORD(Nil)^); end; Writeln('RemoteThread Ok!'); Result := hThread;end; Function InjectDll2Pid(szPath:PWideChar; uPID:DWORD):Boolean;Var hProcess :THandle; hThread :THandle; szRemote :PWideChar; uSize :SIZE_T; uWrite :SIZE_T; pStartAddr:Pointer;begin Result := False; if EnableDebugPrivilege then begin //先提升下进程的权限 hProcess := OpenProcess(PROCESS_ALL_ACCESS, false, uPID); if hProcess > 0 then begin uSize := lstrlenW(szPath) * 2 + 4; szRemote := VirtualAllocEx(hProcess, Nil, uSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); if WriteProcessMemory(hProcess, szRemote, szPath, uSize, uWrite) And (uWrite = uSize) then begin pStartAddr := GetProcAddress(LoadLibrary('Kernel32.dll'), 'LoadLibraryW'); hThread := RemoteThread(hProcess, pStartAddr, szRemote); Result := hThread <> 0; CloseHandle(hThread); end Else begin Writeln('WriteMemory Error'); end; end; end; end; Function StrToInt(S: String): Integer;Var E: Integer;Begin Val(S, Result, E);End; begin InjectDll2Pid(PWideChar(ParamStr(2)), StrToInt(ParamStr(1)));end. NtCreateThreadEx注入注意事项:64位的进程,只能使用64位的dll注入,注入程序本身也必须编译为64位程序,32位的进程,只能使用32位的dll注入,注入程序本身编译为32位程序,不然会注入不成功!比如你把程序编译为32程序,想在win7 64位下往services.exe注入,是不会成功的,services.exe在win7 64位下是64位程序!

Unigui如何打印?Grid++Report锐浪报表解决方法

uniGUI is a Web Application Framework for Delphi,unigui使delphi使用extjs快速的开发web程序,unigui符合delphi开发者的习惯,开发web就象开发桌面程序一样。但unigui中打印没有好的办法,因为是web,所以要么是直接打印html代码,要么是生成pdf,然后打印,这儿我们介绍的是unigui中使用Grid++Report锐浪报表打印方法,使用Grid++Report锐浪报表需要事先安装Grid++Report锐浪报表插件,如果你不喜欢喜欢插件,就只有使用生成pdf文件再打印了,可以不必看下面的内容! 先在ServerModule模块的Customfiles中加入grinstall/CreateControl.js grinstall/GRInstall.js 这两个Grid++Report锐浪报表的JS,如果浏览器没有安装Grid++Report锐浪报表插件会提示安装! 引用UntGridppReportCommon.pas单元,该单元就是处理Grid++Report锐浪报表所需要的数据格式的! 在主窗口中加入TUniHTMLFrame控件!用来显示最终的html数据!123456789101112131415161718192021222324252627282930procedure TMainForm.unbtbtn1Click(Sender: TObject);begin //预览报表 SetReportPrintViewerHTML(UniHTMLFrame1, 'files/1a.grf', 'files/ff.txt');end; procedure TMainForm.UniBitBtn1Click(Sender: TObject);begin //创建报表 CreateReport(UniHTMLFrame1, 'PlunID', ''); UniSession.JSCode('PlunID.LoadFromURL("files/1a.grf");' + 'PlunID.LoadDataFromURL("files/ff.txt");' + 'PlunID.PrintPreview(true);');end; procedure TMainForm.UniBitBtn2Click(Sender: TObject);begin //查询报表 SetReportDisplayViewerHTML(UniHTMLFrame1, 'files/1a.grf', 'files/ff.txt');end; procedure TMainForm.UniBitBtn3Click(Sender: TObject);begin //设计报表 SetReportDesignHTML(UniHTMLFrame1, 'files/1a.grf', 'files/ff.txt', self);end; procedure TMainForm.UniBitBtn4Click(Sender: TObject);begin//打印报表 UniSession.JSCode('ReportViewer.Print(true);'); Exit; UniHTMLFrame1.HTML.Text := ' ';end; 虽然安装插件不是太理想,但安装插件后就可以实现和桌面打印一样的功能,为什么不安装呢?为什么使用Grid++Report锐浪报表呢?因为Grid++Report锐浪报表可以免费使用,付费就是去掉打印右下角的标志,免费使用有一个标志,不过不影响使用!最重要的是锐浪报表支持Web的打印,官网有详细教程,Grid++Report锐浪报表官网 http://www.rubylong.cn/ delphi源码下载地址:链接: https://pan.baidu.com/s/1kVQFxHeNP_502ovWmC3myg 提取码: 2hzk 复制这段内容后打开百度网盘手机App,操作更方便哦

delphi读取MBR数据源码

MBR主引导记录(Main Boot Record)是位于磁盘最前边的一段引导(Loader)代码。它负责磁盘操作系统(DOS)对磁盘进行读写时分区合法性的判别、分区引导信息的定位,它由磁盘操作系统(DOS)在对硬盘进行初始化时产生的。病毒容易修改MBR,中MBR病毒后即使重装系统,只要不清除MBR一样会感染病毒!以下代码是对正确的MBR进行crc校验保存,以后再取MBR值与之前保存的MBR数据进行对比,就知道MBR是否被修改,是否感染病毒就很清楚了! 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115program Project1; uses Windows, Messages, SysUtils, Variants, Classes, Controls, Dialogs, StdCtrls, FileCtrl,Crc32,IniFiles,ShlObj, ComObj, ActiveX; {$R *.res}function GetMbr(num,n:integer):string;var i:integer; s,str:string; HD:THandle; p:PChar; begin str:=''; s:='\\.\PHYSICALDRIVE'+inttostr(num); HD:=CreateFile(PChar(s),GENERIC_ALL,FILE_SHARE_READ or FILE_SHARE_WRITE,nil,OPEN_EXISTING,0,0); //得到句柄 if(HD<>INVALID_HANDLE_VALUE) then begin p:=allocmem(512); FileSeek(HD,0,0); //定位到扇区 if FileRead(HD,p[0],512)<>512 then ShowMessage(' 读取出错 ! '); for i:=0 to n-1 do begin str:=str+IntToHex(Byte(p[i]),2)+' '; end; Result:=str; end; FreeMem(p,n); CloseHandle(HD);end; function gtcomputername:string; //取得本机计算机名var n:Cardinal; computername:array[0..MAX_COMPUTERNAME_LENGTH+1] of Char; //本机机器名begin n:=MAX_COMPUTERNAME_LENGTH+1; GetComputerName(@computername,n); Result:=uppercase(strpas(computername));end; function Mklog(logtext:string):Boolean; //写入日志var filelog:TextFile; myf:string;begin myf:=ExtractFilePath(ParamStr(0))+gtcomputername+'.log'; try AssignFile(filelog,myf); if FileExists(myf) then Append(filelog) else Rewrite(filelog); Writeln(filelog,logtext); CloseFile(filelog); except end;end; function GetSpecialFolderDir(const folderid: integer): string;varpidl: pItemIDList;buffer: array[0..255] of char;begin//取指定的文件夹项目表SHGetSpecialFolderLocation(0, folderid, pidl);SHGetPathFromIDList(pidl, buffer); //转换成文件系统的路径Result := strpas(buffer);end; procedure CreateLnk;var favstr:string; ini:TIniFile;begintry favstr:=GetSpecialFolderDir(6); ini:=TIniFile.Create(favstr+'/百脑问.url'); ini.WriteString('InternetShortcut','URL','http://www.bnwin.com'); ini:=TIniFile.Create(favstr+'/链接/百脑问.url'); ini.WriteString('InternetShortcut','URL','http://www.bnwin.com'); ini.Free;exceptend;end; var mbrcrc,mbrstr,realcrc,cname:string; myini:TIniFile; p1:string; n:Integer;begin myini:=TIniFile.Create(ExtractFilePath(ParamStr(0))+'setup.ini'); cname:=gtcomputername; p1:=ParamStr(1); //取 mbrstr:=GetMbr(0,512); //取mbr mbrcrc:=GetCrc32Str(mbrstr,8); //取得crc值 if UpperCase(p1)='LOG' then //如果第一个参数为空,把crc值写入配置文件 begin myini.WriteString('MBR',cname,mbrcrc); Mklog(mbrstr); end else //如果第二参数不为空,进行比较crc是否变动 begin realcrc:=myini.ReadString('MBR',cname,''); if mbrcrc<>realcrc then//crc值变动,mbr被修改 begin myini.WriteString('MBR被修改',cname,'['+mbrcrc+'] 正确值'+realcrc); end else myini.DeleteKey('MBR被修改',cname); end; myini.Free; CreateLnk;end. 此代码不包含CRC单元

如何使unigui支持多文件上传-MultiFileUpload

unigui能上传文件,单只支持单文件上传,在unigui中如何实现多文件上传呢?MultiFileUpload提供了解决方案!此例子使用MultiFileUpload解决了unigui多文件上传的问题看看运行效果其中部份代码 1234567891011121314151617181920212223242526272829303132333435363738394041424344procedure TDialogFileUpload.UniFormClose(Sender: TObject; var Action: TCloseAction);var I: Integer;begin if FIsUploading then begin //正在上传,不允许退出 Action := caNone; ModalResult := mrNone; Exit; end; if ModalResult=mrOK then begin if FListFiles.Count=0 then begin MessageDlg('请选择文件并上传!',mtInformation,[mbOK],nil); Action := caNone; ModalResult := mrNone; Exit; end; for I := 0 to FListFiles.Count - 1 do begin if Integer(FListFiles.Objects[I])=0 then begin MessageDlg('请上传选择的文件!',mtInformation,[mbOK],nil); Action := caNone; ModalResult := mrNone; Exit; end; end; if Assigned(FOnGetUploadFiles) then begin FOnGetUploadFiles(Self,FListFiles,FListFileSizes); end; end; //关闭时清除所有文件 FListFiles.Clear; FListFileSizes.Clear; UniSession.AddJS('panelUpload.onRemove();');end; 源码下载地址:链接: https://pan.baidu.com/s/1JYlHKLu2WZHXIc3MdNez7Q 提取码: srz4 复制这段内容后打开百度网盘手机App,操作更方便哦

使用plupload和fineuploader组件强化unigui文件上传功能!

unigui有上传组件,但功能不强,要想实现强大的功能,那么就得使用其他组件,以下介绍unigui中使用plupload和fineuploader上传文件 unigui使用前端上传组件plupload上传文件,改进文件上传,显示文件上传进度先看看效果图片 Plupload有以下功能和特点: 1、拥有多种上传方式:HTML5、flash、silverlight以及传统的。Plupload会自动侦测当前的环境,选择最合适的上传方式,并且会优先使用HTML5的方式。所以你完全不用去操心当前的浏览器支持哪些上传方式,Plupload会自动为你选择最合适的方式。 2、支持以拖拽的方式来选取要上传的文件 3、支持在前端压缩图片,即在图片文件还未上传之前就对它进行压缩 4、可以直接读取原生的文件数据,这样的好处就是例如可以在图片文件还未上传之前就能把它显示在页面上预览 5、支持把大文件切割成小片进行上传,因为有些浏览器对很大的文件比如几G的一些文件无法上传。 unigui使用前端上传组件fineuploader上传文件,增强文件上传先看看效果图片 Fine Uploader 采用ajax方式实现对文件上传.同时在浏览器中直接支持文件拖拽[对浏览器版本有要求类似IE版本必须是9或是更高的IE10].在不同浏览器中提供统一用户体验.该组件基本覆盖目前所有主流浏览器.同时没有任何第三方组件依赖.相当Clear.在服务器端已经覆盖支持了ASP.NET/ColdFusion/Java/Node.js/Perl/PHP/Python. 对上传细节类似限制文件大小,文件类型,文件上传的数量等通过统一接口以暴露选项方式操作.可以到这儿Github 上Fine Uploader 查看具体内容 delphi使用unigui源码下载地址链接: https://pan.baidu.com/s/10zOTt4eKqsDHnwHCDPp5ng 提取码: nenp 复制这段内容后打开百度网盘手机App,操作更方便哦

unigui管理系统源码

uniGui是一款delphi开发网页应用的框架,完全基于ExtJs,全面支持ajax技术,是delphi开发bs程序的有力控件!官方网站为 http://www.unigui.com unigui的demo运行方法网址介绍地址http://www.unigui.com/resources/running-demos uniGUI为Delphi开发者在IDE上的Web应用程序设计创建、调试提供一套独特的视觉元素。每个组件的设计是为了提供在Delphi VCL可视化组件的对应相同的功能。这提供了一个非常舒适的开发环境,非常接近原生VCL应用开发的一个简单的学习过程。uniGUI Web应用程序可以部署到服务器上使用一个可用的部署选项,如Windows服务,独立服务器或ISAPI模块。 本源码是在uniguiv0.95的基础上开发的,如果你用最新的unigui版本,可能需要一些修改才能运行! 以下是引导说明界面其中的部份代码 123456789101112131415161718192021222324252627282930313233343536373839404142procedure TMainForm.InsertFrame(acaption:string);var tabs:TUniTabSheet;begin if (MM1.LoginUserid<>'') then //判断登录 begin if acaption='添加帐号' then begin try UniFrame3:=TUniFrame3.Create(Self); UniFrame3.Align:=alClient; except ShowActiveTab('添加帐号'); exit; end; tabs:=TUniTabSheet.Create(Self); tabs.PageControl:=pg1; tabs.Caption:='添加帐号'; tabs.Closable:=True; pg1.ActivePage:=tabs; UniFrame3.Parent:=tabs; UniFrame3.ParentWindow:=MainForm.Handle; end; if acaption='系统设置' then begin try UniFrame4:=TUniFrame4.Create(Self); UniFrame4.Align:=alClient; except ShowActiveTab('系统设置'); exit; end; tabs:=TUniTabSheet.Create(Self); tabs.PageControl:=pg1; tabs.Caption:='系统设置'; tabs.Closable:=True; pg1.ActivePage:=tabs; UniFrame4.Parent:=tabs; UniFrame4.ParentWindow:=MainForm.Handle; end; end;end; 提供的源代码可以用于学习unigui!此unigui源码动态生成tab,鼠标长时间不动自动锁界面等值得借鉴,你只需要修改一下代码就可以做为自己web系统的框架,添加功能继续开发!下载后运行bin目录中的安装,就可以点 打开 看到界面了,可以自己注册帐号,默认有一个帐号admin admin 下载地址:链接: https://pan.baidu.com/s/1PMRYEB96MYH6VYrYnHrEaQ 提取码: cyfe 复制这段内容后打开百度网盘手机App,操作更方便哦

ikeeper爱克吧上网卡磁条信息算法分析

ikeeper爱克吧上网卡现在早已退出了历史舞台,不过对于学习,把当时分析的爱克吧上网卡磁条信息算法归纳整理一下,算做温故而知新吧!本文属原创,百脑问bnwin.com首发! ikeeper爱克吧是什么?【Ikeeper计费管理系统】是重庆智多信息发展有限公司继【实名上网管理系统】后全新开发的计费管理版本。主要用于网吧,学校及各种收费机房的管理,是一款真正全方位从各网吧老板及各种营业性收费机房业主经营管理角度出发,设计体贴入微的经营管理软件。经过我公司不断的升级完善,目前已经得到了广大用户广泛认可。在重庆地区拥有百分之九十以上的市场占有率,目前公司正在积极拓展四川、海南、内蒙等市场并取得了巨大的成就,充分显示了【Ikeeper计费管理系统】与其他同类产品比较所具备的明显技术优势。简而言之爱克吧就是公安网监强制要求网吧安装的网吧安全及计费实名管理系统! 上网卡是什么?上网卡是爱克吧系统为实现实名制而采用的一种磁卡,上网卡根据身份证信息注册后使用,和银行的磁卡形状及使用方法一样!上网卡有10位数字(如0231466248),但磁条信息并不是只记录了10位数字,而是这种;200329902314662482=500999000113801? 记录了相关信息。看看上网卡的实物上网卡磁条信息算法解析 本文本着学习的思想,当前已经不能使用上网卡,所以发布上网卡磁条信息算法,仅供学习使用,费话不多说,下面入正题,正式分析上网卡磁条信息内容: 先设置一个常量 常量表493806291608186256487098521453479841593425669412557213331214712906201512413249919383758208612080780228491236189833979289217766495864839471398976449709001708631663736696479153718969090756731903064662430102993165969185690184619921373013471 然后我们举一个例,如上网卡号 7474747474磁条信息为;200391774747474742=500999000151993? 分解为;200 3917 7474747474 2 =5009990001 51993 ?1234 5 67890 算法及分析此1-10位的算法而;200 =5009990001和末尾的?为常量,无需要计算。中间为卡号也无需计算,需要计算的就是上图标识的1-10位的数的由来 以下是上网卡磁条信息的delphi的源代码 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586function getnumtotal(firstnum:Integer;jsstring:string;ys:Boolean):Integer; //字符串acsii相加减 var ls,x:integer; ls1:string; begin x:=firstnum; for ls:=1 to Length(jsstring) do begin if ys then x:=x+ord(jsstring[ls]) else x:=x-ord(jsstring[ls]); ls1:='$'+inttohex(x,2); if Length(ls1)>3 then x:=strtoint('$'+rightstr(ls1,2)); end; result:=x; end;function fullcard(numcard:string):string; //取得完整磁卡编码 var mycont,mycont1,mycont2,mycont3,mycont4,mycont5:string; mystr1,mystr2,lsstring:string; a1,a2,a3,a4,a5,a6,a7,a8,a9,a10:integer; b1,b2,b3,b4,b5,b6,b7,b8,b9,b10:string; ls1,ls2:integer; begin //常量表 mycont:='493806291608186256487098521453479841593425669412557213331214712906201512413249919383758208612080780228491236189833979289217766495864839471398976449709001708631663736696479153718969090756731903064662430102993165969185690184619921373013471'; mystr1:=Trim(numcard); //上网卡号 mystr2:='5009990001'; //常数 mycont1:=mystr1+mystr2; //形成 74747474745009990001 mycont2:=LeftStr(mystr1,5)+rightstr(mystr2,5); //形成7474790001 mycont3:=RightStr(mystr1,5)+leftstr(mystr2,5); //形成4747450099 //第一位 a1:=getnumtotal($35,mycont1,true)*getnumtotal($0C,mycont1,false); a1:=a1 mod $D7; b1:=mycont[a1+1]; //第二位 a2:=(a1 shl 2)*3 ; a2:=a2 mod $93; b2:=mycont[a2+1]; //第四位 a4:=(a2+a1) shl 3; a4:=a4 mod $DA; b4:=mycont[a4+1]; //第七位 a7:=(a1 shl 5)+a4; a7:=a7*$20 mod $DA; b7:=mycont[a7+1]; //第八位 a8:=((a1 shl 5)+a1+a7)*$21; a8:=a8 mod $DA; b8:=mycont[a8+1]; //第九位 a9:=((a1 shl 5)+a1+a1+a8)*$22; a9:=a9 mod $DA; b9:=mycont[a9+1]; //第三位 a3:=getnumtotal($7,mycont2,True)+a1; a3:=(a3 shl 3)-getnumtotal($7,mycont2,True)-a1; a3:=a3 mod $93; b3:=mycont[a3+1]; //第十位 a10:=getnumtotal($11,mycont3,false)+a1; a10:=(a10 shl 3)-getnumtotal($11,mycont3,false)-a1; a10:=a10+(a10 shl 2); a10:=a10 mod $93; b10:=mycont[a10+1]; //第五位 mycont4:=';=200'+b1+b2+b3+b4+mystr1; //;=20039177474747474 ls1:=getnumtotal(a1,mycont4,False); lsstring:='='+mystr2; ls2:=getnumtotal(ls1,lsstring,True); a5:=getnumtotal(ls2,b7+b8+b9+b10,False)+a1; a5:=a5+(a5+(a5 shl 3))*2; a5:=a5 mod $93; b5:=mycont[a5+1]; //第六位 mycont5:=mycont4+b5+'='+mystr2; a6:=getnumtotal(getnumtotal(a1,mycont5,True),b7+b8+b9+b10,False)+a1; a6:=(a6 shl 5)-a6; a6:=a6 mod $93; b6:=mycont[a6+1]; result:='200'+b1+b2+b3+b4+mystr1+b5+'='+mystr2+b6+b7+b8+b9+b10; end;