国外知名皮肤控件AlphaControls,一些好看的皮肤会弹出对话框....
用查找句柄的方法去发消息关闭对话框,都不得行...,以为是屏敝了消息,自定义消息也失效。
后面用修改内存地址指令的方法,就可以有效的去掉NAG提示
function FindPattern(ProcessHandle: THandle; StartAddr, EndAddr: DWORD; const Pattern: array of Byte; PatternSize: Integer): DWORD;
var
Buffer: array of Byte;
BytesRead: Cardinal;
CurrentAddr: DWORD;
i: Integer;
begin
SetLength(Buffer, EndAddr - StartAddr);
// 读取整个内存区域
if ReadProcessMemory(ProcessHandle, Pointer(StartAddr), @Buffer[0], Length(Buffer), BytesRead) then
begin
for CurrentAddr := StartAddr to EndAddr - PatternSize do
begin
for i := 0 to PatternSize - 1 do
begin
if Buffer[CurrentAddr - StartAddr + i] <> Pattern[i] then
Break;
if i = PatternSize - 1 then
begin
Result := CurrentAddr; // 找到目标地址,返回找到的地址
Exit; // 退出函数
end;
end;
end;
end;
Result := 0; // 没有找到
end;
procedure PatchMemory;
var
ProcessID: DWORD;
ProcessHandle: THandle;
StartAddr, EndAddr: DWORD;
AddressFound: DWORD;
OldProtect: DWORD; // 用于保存旧的保护属性
I: Integer;
const
TARGET_INSTRUCTION: array[0..4] of Byte = ($68, $40, $00, $06, $00); // 定义特征码
PROCESS_READ_MEMORY = $0010; // 定义 PROCESS_READ_MEMORY 常量
begin
ProcessHandle := 0; // 初始化进程句柄
try
ProcessID := GetCurrentProcessId; // 获取目标进程的ID
// 打开目标进程
ProcessHandle := OpenProcess(PROCESS_READ_MEMORY, False, ProcessID);
if ProcessHandle = 0 then
begin
ShowMessage('无法打开进程: ' + SysErrorMessage(GetLastError));
Exit;
end;
// 定义搜索内存的范围
StartAddr := $0057D73D; // 搜索起始地址
EndAddr := $0057D8AF; // 结束地址
// 查找目标地址
AddressFound := FindPattern(ProcessHandle, StartAddr, EndAddr, TARGET_INSTRUCTION, Length(TARGET_INSTRUCTION));
if AddressFound <> 0 then
begin
// ShowMessage('找到地址: ' + IntToHex(AddressFound, 8));
//PatchMemory2(AddressFound); // 调用补丁函数
// 修改内存保护为可读写执行
if VirtualProtect(Pointer(AddressFound), 21, PAGE_EXECUTE_READWRITE, OldProtect) then
begin
try
for I := 0 to 21 do //修改22个基址
begin
// 写入 NOP 指令 (0x90)
PByte(Pointer(AddressFound + I))^ := $90;
end;
finally
// 还原原来的内存保护
VirtualProtect(Pointer(AddressFound), 21, OldProtect, @OldProtect);
end;
end
else
begin
ShowMessage('无法更改内存保护属性, 地址: ' + IntToHex(AddressFound, 8));
end;
end;
except
on E: Exception do
ShowMessage('发生异常: ' + E.Message);
end;
// 关闭进程句柄
if ProcessHandle <> 0 then
CloseHandle(ProcessHandle);
end;
procedure TForm1.sSkinManager1BeforeChange(Sender: TObject);
begin
PatchMemory;
end;
标签:AddressFound,控件,begin,end,NAG,AlphaControls,StartAddr,ProcessHandle,DWORD From: https://www.cnblogs.com/WilliamLv/p/18314245