SHARE
TWEET

ReadMem

HEX0x29A Feb 24th, 2020 68 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. program ReadMemPrj;
  2.  
  3. {$APPTYPE CONSOLE}
  4.  
  5. uses
  6.   Windows, SysUtils;
  7.  
  8. const
  9.   NTDLL = 'ntdll.dll';
  10.   SE_DEBUG_PRIVILEGE = 20;
  11.   VirtAddr: DWORD = $084A5450;//Адрес вписать
  12.  
  13. function RtlAdjustPrivilege(Privilege: ULONG; Enable: BOOL; CurrentThread: BOOL;
  14.   out OldPrivilege: BOOL): ULONG; stdcall; external NTDLL;
  15.  
  16. var
  17.   hProcess, n, op: DWORD;
  18.   PID: DWORD = 666;//ID процесса
  19.   Buffer: DWORD;
  20.   OldPrivilege: BOOL;
  21. begin
  22.   RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, True, False, OldPrivilege);
  23.   Write('PID: '); ReadLn(PID); //ID процессса
  24.   hProcess := OpenProcess(PROCESS_ALL_ACCESS, False, PID);
  25.   if hProcess <> 0 then
  26.   try
  27.     if VirtualProtectEx(hProcess, Pointer(VirtAddr), SizeOf(Buffer), PAGE_EXECUTE_WRITECOPY, @op) then
  28.       if ReadProcessMemory(hProcess, Pointer(VirtAddr), @Buffer, SizeOf(Buffer), n) then
  29.         WriteLn(Format('DWORD[%.8x] = %.8x', [VirtAddr, Buffer]));
  30.   finally
  31.     VirtualProtectEx(hProcess, Pointer(VirtAddr), SizeOf(Buffer), op, @op);
  32.     CloseHandle(hProcess);
  33.   end;
  34.   ReadLn;
  35. end.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top