Delphi callµ÷ÓÃÀý×Ó

ÔÚȺÀï¿´µ½ÓÐÈË·¢Á˸ö±ðÈË·¢¸øËûµÄ
ÎÒ¿´ÁËдµÄ±È½ÏÉú¶¯ ÔÚÕâת¸ø´ó¼Ò¿´¿´
ºÃµÄ Ê°È¡ÎïÌ庯ÊýдºÃÁË Ï²½ÊÇÈçºÎ½«´úÂë×¢Èëµ½ÓÎÏ·½ø³ÌÖÐÖ´ÐÐ??
1) С͵¿ªÃÅ
PHND:= OpenProcess (PROCESS_ALL_ACCESS, False, PID);µÃµ½ÓÎÏ·´°¿Ú¾ä±ú»ñµÃȨÏÞ
2)С͵ÔÚ·¿¼ä¸ã¸ö·Å×÷°¸·½°¸µÄµØ·½
TAdd := VirtualAllocEx(PHND, nil, 4096, MEM_COMMIT, PAGE_EXECUTE_READWRITE)
ÔÚÓÎÏ·½ø³ÌÖÐÉêÇë4096×ֽڵĿռäÓÃÀ´´æ·Åº¯Êý´úÂë
3)С͵°Ñ×÷°¸·½°¸·ÅÈë×÷°¸¿Õ¼ä
WriteProcessMemory(TPHND, TAdd,PickCall,4096 , WriteCount);
°Ñ´úÂëдµ½ÓÎÏ·½ø³ÌÖÐ ¿ªÊ¼µÄµØÖ·Êǵڶþ²½µÃµ½µÄλÖÃ
4)С͵ÔÚ·¿¼äÖиã¸ö·Å×÷°¸¹¤¾ßµÄµØ·½
PAdd := VirtualAllocEx(PHND, nil, 128, MEM_COMMIT, PAGE_EXECUTE_READWRITE)
ÔÚÓÎÏ·½ø³ÌÖÐÉêÇë128×ֽڵĿռäÓÃÀ´´æ·Å²ÎÊý
5)С͵°Ñ×÷°¸¹¤¾ß·ÅÈë·¿¼ä
WriteProcessMemory(TPHND, TAdd,param,128 , WriteCount);
дÈë²ÎÊý
6)Ò»Æð¾Í¾ÍÐ÷ ¿ªÊ¼×÷°¸
TmpHandle := CreateRemoteThread(TPHND, nil, 0, TAdd, padd, 0, WriteCount);
WaitForSingleObject(TmpHandle, INFINITE);//µÈ´ý×÷°¸Íê³É
CloseHandle(TmpHandle); //¹Ø±ÕÔ¶³ÌµÄ¾ä±ú ×÷°¸Íê³Éºó¹ØÃÅÉÁÈË
µ½ÕâÀï »ù±¾¶¼¸ãÇå³þ×¢Èë´úÂëµÄÓ÷¨ÁË,ѧϰÖصãÊÇ
1)Àí½âCreateRemoteThreadº¯Êý¸÷¸ö²ÎÊýµÄÒâÒå
2)Êý¾Ý½á¹¹µÄÓ÷¨
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
procedure runCall;stdcall; // ×ß·call
var
Address:Pointer;
begin
Address:=Pointer($004537E4); //º¯ÊýÈë¿ÚµØÖ·
asm
    pushad             //±£´æ¼Ä´æÆ÷»·¾³
    mov eax,47         //²Î¿¼ÉÏÃæµÄ·´»ã±à
    call Address         //Õýʽµ÷Óú¯Êý
    popad             //»Ö¸´¼Ä´æÆ÷»·¾³
end;
end;
//-------------------------×¢Èë´úÂëµÄº¯Êý----------------------------
//²ÎÊý˵Ã÷:
//InHWND:±»×¢ÈëµÄ´°¿Ú¾ä±ú
//Func:×¢ÈëµÄº¯ÊýµÄÖ¸Õë
//Param:²ÎÊýµÄÖ¸Õë
//ParamSize:²ÎÊýµÄ´óС
//
procedure InjectFunc(InHWND: HWND; Func: Pointer; Param: Pointer; ParamSize: DWORD);
var
hProcess_N: T