[DelPhi] 어레기오브바이트 스캔 함수 소스

type

TArrayScan = record

ScanArray: STring;

Start: DWORD;

Finish: DWORD;

end;

​

​

Function GetMask(Array_of_bytes: String): String;

var

x, y: integer;

St: string;

Mask: string;

begin

St := StringReplace(Array_of_bytes, ' ', '', [rfReplaceAll]);

y := 1;

for x := 1 to (Length(St) div 2) do

begin

if (St[y] + St[y + 1]) <> '??' then

begin

Mask := Mask + 'O';

y := y + 2;

end else

begin

Mask := Mask + 'X';

y := y + 2;

end;

end;

Result := Mask;

end;

​

Procedure StringToArrayByte(Str: string; var Buffer: array of byte);

var

x, y, z: integer;

St: string;

begin

St := StringReplace(Str, ' ', '', [rfReplaceAll]);

y := 1;

for x := 0 to Length(St) div 2 - 1 do

begin

if St[y] + St[y + 1] <> '??' then

begin

Buffer[x] := StrToInt('$' + St[y] + St[y + 1]);

y := y + 2;

end else

begin

Buffer[x] := $00;

y := y + 2;

end;

end;

end;

​

Function CompareArray(DestAddress:DWORD ;CONST Dest: Array of byte; Source: array of byte;

ALength: integer; Mask: String; var ReTurn : TStringList) : Boolean;

var

x, y: integer;

a, b, c: integer;

begin

for x := 0 to Length(Dest) - Length(Source) do

begin

a:=0;

for y := 0 to Length(Source) - 1 do

begin

if (Dest[x + y] = Source[y]) or (Mask[Y+1] = 'X') then

begin

if y = (Length(Source) - 1) then

begin

Return.Add(IntToHex(DestAddress+x,8));

end;

end else

begin

Break;

end;

end;

end;

Result := True;

end;

​

Function ArrayScan(Struct: TArrayScan): TStringList;

var

ArrayStruct: TArrayScan;

mbi: Memory_Basic_Information;

StartAdr: DWORD;

FinishAdr: DWORD;

Mask: string;

Str : STring;

Buffer: array of byte;

ScanBuffer: array of byte;

data : COPYDATASTRUCT;

reTurn: TStringList;

begin

//

Str := StringReplace(Struct.ScanArray,' ','',[rfReplaceAll]);

StartAdr := Struct.Start;

FinishAdr := Struct.Finish;

Mask := GetMask(Str);

SetLength(ScanBuffer, Length(Str) div 2);

StringToArrayByte(Str, ScanBuffer);

reTurn := TStringList.Create;

while StartAdr <= FinishAdr - $10 do

begin

VirtualQueryEx(HandleWindow, PDWORD(StartAdr), mbi, sizeof(mbi));

if ((Mbi.RegionSize > 0) and

((Mbi.Type_9 = MEM_PRIVATE) or (Mbi.Type_9 = MEM_IMAGE)) and

(Mbi.State = MEM_COMMIT) and

((Mbi.Protect = PAGE_READONLY) or

(Mbi.Protect = PAGE_READWRITE) or

(Mbi.Protect = PAGE_WRITECOPY) or

(Mbi.Protect = PAGE_EXECUTE) or

(Mbi.Protect = PAGE_EXECUTE_READ) or

(Mbi.Protect = PAGE_EXECUTE_READWRITE) or

(Mbi.Protect = PAGE_EXECUTE_WRITECOPY) )) then

begin

SetLength(Buffer, 0);

SetLength(Buffer, mbi.RegionSize);

ReadProcessMemory(HandleWindow, mbi.BaseAddress, @Buffer[0],mbi.RegionSize, buf);

CompareArray(DWORD(mbi.BaseAddress),Buffer,ScanBuffer,Length(ScanBuffer),Mask,reTurn);

StartAdr := DWORD(MBI.BaseAddress) + MBI.RegionSize;

end else

begin

StartAdr := DWORD(MBI.BaseAddress) + MBI.RegionSize;

end;

end;

data.dwData := 4;

data.cbData := SizeOf(reTurn);

data.lpData := @reTurn;

Result := reTurn;

end;