saveroo/PsApi.pas

## PsApi.pas
PsAPI; //Add this to "uses"

function GetModuleBaseAddress(ProcessID: Cardinal; MName: String): Pointer;
var
  Modules         : Array of HMODULE;
  cbNeeded, i     : Cardinal;
  ModuleInfo      : TModuleInfo;
  ModuleName      : Array[0..MAX_PATH] of Char;
  PHandle         : THandle;
begin
  Result := nil;
  SetLength(Modules, 1024);
  PHandle := OpenProcess(PROCESS_QUERY_INFORMATION + PROCESS_VM_READ, False, ProcessID);
  if (PHandle <> 0) then
  begin
    EnumProcessModules(PHandle, @Modules[0], 1024 * SizeOf(HMODULE), cbNeeded); //Getting the enumeration of modules
    SetLength(Modules, cbNeeded div SizeOf(HMODULE)); //Setting the number of modules
    for i := 0 to Length(Modules) - 1 do //Start the bucle
    begin
      GetModuleBaseName(PHandle, Modules[i], ModuleName, SizeOf(ModuleName)); //Getting the name of module
      if AnsiCompareText(MName, ModuleName) = 0 then //If the module name match with the name of module we are looking for...
      begin
        GetModuleInformation(PHandle, Modules[i], @ModuleInfo, SizeOf(ModuleInfo)); //Get the information of module
        Result := ModuleInfo.lpBaseOfDll; //Return the information we want (The image base address)
        CloseHandle(PHandle);
        Exit;
      end;
    end;
  end;
end;

procedure TForm1.Button1Click(Sender: TObject);
var
  WHandle : HWND;
  PHandle: THandle;
  Address, X, Buffer: DWORD;
  NewValue: Cardinal;
  ProcessID : Cardinal;
begin
  ProcessID := 0;
  NewValue := $09;
  WHandle := FindWindow(nil, 'test');
  GetWindowThreadProcessId(WHandle, @ProcessID);
  Address := Integer(GetModuleBaseAddress(ProcessID, 'test.exe')) + Integer($0002E7AC);
  PHandle := OpenProcess(PROCESS_ALL_ACCESS, False, ProcessID);
  ReadProcessMemory(PHandle, Ptr(Address + $7C), Addr(Buffer), 4, X);
  ReadProcessMemory(PHandle, Ptr(Buffer + $21C), Addr(Buffer), 4, X);
  ReadProcessMemory(PHandle, Ptr(Buffer + $8), Addr(Buffer), 4, X);
  WriteProcessMemory(PHandle, Ptr(Buffer), @NewValue, 1, X);
  CloseHandle(PHandle);
end;
	PsAPI; //Add this to "uses"

	function GetModuleBaseAddress(ProcessID: Cardinal; MName: String): Pointer;
	var
	Modules : Array of HMODULE;
	cbNeeded, i : Cardinal;
	ModuleInfo : TModuleInfo;
	ModuleName : Array[0..MAX_PATH] of Char;
	PHandle : THandle;
	begin
	Result := nil;
	SetLength(Modules, 1024);
	PHandle := OpenProcess(PROCESS_QUERY_INFORMATION + PROCESS_VM_READ, False, ProcessID);
	if (PHandle <> 0) then
	begin
	EnumProcessModules(PHandle, @Modules[0], 1024 * SizeOf(HMODULE), cbNeeded); //Getting the enumeration of modules
	SetLength(Modules, cbNeeded div SizeOf(HMODULE)); //Setting the number of modules
	for i := 0 to Length(Modules) - 1 do //Start the bucle
	begin
	GetModuleBaseName(PHandle, Modules[i], ModuleName, SizeOf(ModuleName)); //Getting the name of module
	if AnsiCompareText(MName, ModuleName) = 0 then //If the module name match with the name of module we are looking for...
	begin
	GetModuleInformation(PHandle, Modules[i], @ModuleInfo, SizeOf(ModuleInfo)); //Get the information of module
	Result := ModuleInfo.lpBaseOfDll; //Return the information we want (The image base address)
	CloseHandle(PHandle);
	Exit;
	end;
	end;
	end;
	end;

	procedure TForm1.Button1Click(Sender: TObject);
	var
	WHandle : HWND;
	PHandle: THandle;
	Address, X, Buffer: DWORD;
	NewValue: Cardinal;
	ProcessID : Cardinal;
	begin
	ProcessID := 0;
	NewValue := $09;
	WHandle := FindWindow(nil, 'test');
	GetWindowThreadProcessId(WHandle, @ProcessID);
	Address := Integer(GetModuleBaseAddress(ProcessID, 'test.exe')) + Integer($0002E7AC);
	PHandle := OpenProcess(PROCESS_ALL_ACCESS, False, ProcessID);
	ReadProcessMemory(PHandle, Ptr(Address + $7C), Addr(Buffer), 4, X);
	ReadProcessMemory(PHandle, Ptr(Buffer + $21C), Addr(Buffer), 4, X);
	ReadProcessMemory(PHandle, Ptr(Buffer + $8), Addr(Buffer), 4, X);
	WriteProcessMemory(PHandle, Ptr(Buffer), @NewValue, 1, X);
	CloseHandle(PHandle);
	end;