剧情是这个样子的:
[Delphi] 纯文本查看 复制代码
procedure TCapture_Window.hotykey(var msg: TMessage);
var
pid: Cardinal;
pHandle: THandle;
buf: array[0..MAX_PATH] of Char;
ps: array[0..254] of Char; // 这个是定义激活的窗口的控件名
path: string; // 激活窗口的路径
arr: array[0..254] of Char;
h: HWND;
pt: TPoint;
c: TColor;
begin
if (GetAsyncKeyState(VK_LWIN) and (GetAsyncKeyState(Ord('A'))) < 0) then // Win+A
begin
h := GetForegroundWindow;
GetWindowThreadProcessId(h, @pid);
pHandle := OpenProcess(PROCESS_ALL_ACCESS, False, pid);
GetModuleFileNameEx(pHandle, 0, buf, Length(buf));
CloseHandle(pHandle);
GetWindowText(h, @arr, SizeOf(arr));
GetClassName(h, ps, 255);
path := GetProcessExePath(h);
Capture_Window.KJ_Edit1.Text := arr; //x64dbg的完整窗口标题
end; SyntaxHighlighter Copyright 2004-2013 Alex Gorbatchev.
[Asm] 纯文本查看 复制代码
000000006D525E70 | 55 | push rbp |
000000006D525E71 | 48:81EC D0000000 | sub rsp,D0 |
000000006D525E78 | 48:8BEC | mov rbp,rsp |
000000006D525E7B | 48:896D 48 | mov qword ptr ss:[rbp+48],rbp |
000000006D525E7F | 48:898D E0000000 | mov qword ptr ss:[rbp+E0],rcx |
000000006D525E86 | 48:8995 E8000000 | mov qword ptr ss:[rbp+E8],rdx |
000000006D525E8D | 4C:8985 F0000000 | mov qword ptr ss:[rbp+F0],r8 |
000000006D525E94 | 44:898D F8000000 | mov dword ptr ss:[rbp+F8],r9d |
000000006D525E9B | 48:8B8D E0000000 | mov rcx,qword ptr ss:[rbp+E0] |
000000006D525EA2 | E8 99200000 | call <moretool.sub_6D527F40> |
000000006D525EA7 | 48:8985 98000000 | mov qword ptr ss:[rbp+98],rax |
000000006D525EAE | 48:83BD 98000000 00 | cmp qword ptr ss:[rbp+98],0 |
000000006D525EB6 | 75 17 | jne moretool.6D525ECF |
000000006D525EB8 | 48:8B85 E0000000 | mov rax,qword ptr ss:[rbp+E0] |
000000006D525EBF | 48:8B80 E0020000 | mov rax,qword ptr ds:[rax+2E0] |
000000006D525EC6 | 48:8985 80000000 | mov qword ptr ss:[rbp+80],rax |
000000006D525ECD | EB 0E | jmp moretool.6D525EDD |
000000006D525ECF | 48:8B85 98000000 | mov rax,qword ptr ss:[rbp+98] |
000000006D525ED6 | 48:8985 80000000 | mov qword ptr ss:[rbp+80],rax |
000000006D525EDD | 48:8B8D 98000000 | mov rcx,qword ptr ss:[rbp+98] |
000000006D525EE4 | BA 02000000 | mov edx,2 |
000000006D525EE9 | E8 F21FE8FF | call <JMP.&MonitorFromWindow> |
000000006D525EEE | 48:8985 C8000000 | mov qword ptr ss:[rbp+C8],rax |
000000006D525EF5 | 48:8B85 E0000000 | mov rax,qword ptr ss:[rbp+E0] |
000000006D525EFC | 48:8B88 E0020000 | mov rcx,qword ptr ds:[rax+2E0] |
000000006D525F03 | BA 02000000 | mov edx,2 |
000000006D525F08 | E8 D31FE8FF | call <JMP.&MonitorFromWindow> |
000000006D525F0D | 48:8985 C0000000 | mov qword ptr ss:[rbp+C0],rax |
000000006D525F14 | 48:8B85 C8000000 | mov rax,qword ptr ss:[rbp+C8] |
000000006D525F1B | 48:3B85 C0000000 | cmp rax,qword ptr ss:[rbp+C0] |
000000006D525F22 | 0F84 A9000000 | je moretool.6D525FD1 | nop fail
支付3UD,阅读全文
还有更多的精彩内容,作者设置为付费后可见
滇ICP备2022002049号-2 
滇公网安备 53032102000034号)
