代码拉取完成,页面将自动刷新
unit uPublicFunc;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, Math;
type
TPEEntityPosInfo = record
Offset: DWORD;
rva: DWORD;
end;
PImageImportByName = ^TImageImportByName;
IMAGE_IMPORT_BY_NAME = packed record
Hint: WORD;
Name: array[0..20] of Char;
end;
TImageImportByName = IMAGE_IMPORT_BY_NAME;
TDUMMYUNIONNAME = packed record
case Integer of
0: (Characteristics: DWORD);
1: (OriginalFirstThunk: DWORD);
end;
PImageThunkData = ^TImageThunkData;
_IMAGE_THUNK_DATA32 = packed record
case Integer of
0: (ForwarderString: DWORD);
1: (Functions: DWORD);
2: (Ordinal: DWORD);
3: (AddressOfData: DWORD);
end;
TImageThunkData = _IMAGE_THUNK_DATA32;
PImageImportDescriptor = ^TImageImportDescriptor;
_IMAGE_IMPORT_DESCRIPTOR = packed record
DUMMYUNIONNAME: TDUMMYUNIONNAME;
TimeDateStamp: DWORD;
ForwarderChain: DWORD;
Name: DWORD;
FirstThunk: DWORD;
end;
TImageImportDescriptor = _IMAGE_IMPORT_DESCRIPTOR;
type
TPEInfoOffset = record
FImageDosHeaderOffset: Cardinal;
FImageNtHeadersOffset: Cardinal;
FImageFileHeaderOffset: Cardinal;
FImageOptionalHeaderOffset: Cardinal;
FImageSectionOffset: Cardinal;
FImageImportTableOffset: Cardinal;
end;
type
TLGYPEInfo = class;
TDllFuncInfo = class(TObject)
private
FFuncName: string;
FBridge1FuncPos: TPEEntityPosInfo;
FHint: Integer;
FRVA: Cardinal;
public
property FuncName: string read FFuncName write FFuncName;
property Bridge1FuncPos: TPEEntityPosInfo read FBridge1FuncPos write
FBridge1FuncPos;
property Bridge2FuncPos: TPEEntityPosInfo read FBridge1FuncPos write
FBridge1FuncPos;
property Hint: Integer read FHint write FHint;
end;
TDllInfo = class(TObject)
private
FLGYPEInfo: TLGYPEInfo;
FdllName: string;
FFuncList: TList;
FImageImportDescriptor: TImageImportDescriptor;
FIsDoubleBridge: Boolean;
FRVA: Cardinal;
public
constructor Create(LGYPEInfo: TLGYPEInfo; AImageImportDescriptor:
TImageImportDescriptor);
destructor Destroy; override;
property dllName: string read FdllName write FdllName;
property FuncList: TList read FFuncList write FFuncList;
property ImageImportDescriptor: TImageImportDescriptor read
FImageImportDescriptor write FImageImportDescriptor;
property IsDoubleBridge: Boolean read FIsDoubleBridge write FIsDoubleBridge;
property RVA: Cardinal read FRVA write FRVA;
end;
TLGYPEInfo = class(TObject)
private
FDllList: TList;
FImageSectionHeaders: TList;
FFileStream: TFileStream;
FImageDosHeader: TImageDosHeader;
FImageDosHeaderStr: string;
FImageFileHeader: TImageFileHeader;
FImageNtHeaders: TImageNtHeaders;
FImageOptionalHeader: TImageOptionalHeader;
FNumberOfSections: Integer;
function MemToString(PData: Pointer; Size: Cardinal): string;
procedure GetIATInfo();
function GetImageSectionHeaders(Index: Integer): PImageSectionHeader;
procedure SetImageSectionHeaders(Index: Integer; const Value:
PImageSectionHeader);
public
constructor Create(const sFileName: string);
destructor Destroy; override;
function RvaToOffset(Rva: Cardinal): Cardinal;
property DllList: TList read FDllList write FDllList;
property FileStream: TFileStream read FFileStream write FFileStream;
property ImageDosHeader: TImageDosHeader read FImageDosHeader write
FImageDosHeader;
property ImageDosHeaderStr: string read FImageDosHeaderStr write
FImageDosHeaderStr;
property ImageFileHeader: TImageFileHeader read FImageFileHeader write
FImageFileHeader;
property ImageNtHeaders: TImageNtHeaders read FImageNtHeaders write
FImageNtHeaders;
property ImageOptionalHeader: TImageOptionalHeader read FImageOptionalHeader
write FImageOptionalHeader;
property ImageSectionHeaders[Index: Integer]: PImageSectionHeader read
GetImageSectionHeaders write SetImageSectionHeaders;
property NumberOfSections: Integer read FNumberOfSections write
FNumberOfSections;
end;
TLGYPEException = class(Exception)
end;
implementation
{ TLGYPEInfo }
constructor TLGYPEInfo.Create(const sFileName: string);
var
i: Integer;
AImageSectionHeader: PImageSectionHeader;
AImageDataDirectoryImport: TImageDataDirectory;
AImageImportDescriptor: TImageImportDescriptor;
ADllInfo: TDllInfo;
ifsOldPosition: Int64;
begin
inherited Create;
if Assigned(FFileStream) then
begin
FreeAndNil(FFileStream);
end;
if FileExists(sFileName) then
Begin
FFileStream := TFileStream.Create(sFileName, fmOpenReadWrite or fmShareDenyNone);
FFileStream.Position := 0;
FFileStream.ReadBuffer(FImageDosHeader, SizeOf(TImageDosHeader));
FFileStream.Position := FImageDosHeader._lfanew;
FFileStream.ReadBuffer(FImageNtHeaders, SizeOf(TImageNtHeaders));
FImageFileHeader := FImageNtHeaders.FileHeader;
FNumberOfSections := FImageFileHeader.NumberOfSections;
FImageOptionalHeader := FImageNtHeaders.OptionalHeader;
FImageSectionHeaders := TList.Create;
FFileStream.Position := FImageDosHeader._lfanew + SizeOf(FImageNtHeaders.Signature) + SizeOf(FImageNtHeaders.FileHeader) + FImageNtHeaders.FileHeader.SizeOfOptionalHeader;
for i := 0 to FNumberOfSections - 1 do
begin
AImageSectionHeader := AllocMem(SizeOf(TImageSectionHeader));
FFileStream.ReadBuffer(AImageSectionHeader^, SizeOf(TImageSectionHeader));
FImageSectionHeaders.Add(AImageSectionHeader);
end;
AImageDataDirectoryImport := FImageNtHeaders.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT];
FFileStream.Position := RvaToOffset(AImageDataDirectoryImport.VirtualAddress);
while True do
Begin
FFileStream.ReadBuffer(AImageImportDescriptor, SizeOf(TImageImportDescriptor));
ifsOldPosition := FFileStream.Position;
if (AImageImportDescriptor.DUMMYUNIONNAME.Characteristics = 0) and
(AImageImportDescriptor.TimeDateStamp = 0) and
(AImageImportDescriptor.ForwarderChain = 0) and
(AImageImportDescriptor.Name = 0) and
(AImageImportDescriptor.FirstThunk = 0) then
begin
Break;
end else
begin
ADllInfo := TDllInfo.Create(Self, AImageImportDescriptor);
if not Assigned(FDllList) then
begin
FDllList := TList.Create;
end;
FDllList.Add(ADllInfo);
FFileStream.Position := ifsOldPosition;
end;
end;
end else
begin
raise TLGYPEException.Create('ļ:' + sFileName + '');
end;
end;
destructor TLGYPEInfo.Destroy;
var
i: Integer;
begin
if Assigned(FFileStream) then
begin
FreeAndNil(FFileStream);
end;
for i := 0 to FImageSectionHeaders.Count - 1 do
begin
FreeMem(FImageSectionHeaders[i])
end;
FImageSectionHeaders.Clear;
FreeAndNil(FImageSectionHeaders);
inherited;
end;
procedure TLGYPEInfo.GetIATInfo;
begin
end;
function TLGYPEInfo.GetImageSectionHeaders(Index: Integer): PImageSectionHeader;
begin
Result := FImageSectionHeaders[Index];
end;
function TLGYPEInfo.MemToString(PData: Pointer; Size: Cardinal): string;
var
i: Integer;
begin
i := 0;
Result := '';
while i < Size do
begin
if ((i + 1) mod 16) = 0 then
begin
Result := Result + IntToHex(PByte(PData)^, 2) + #13#10;
end else
Begin
Result := Result + IntToHex(PByte(PData)^, 2) + ' ';
end;
Inc(Integer(PData), 1);
Inc(i);
end;
end;
function TLGYPEInfo.RvaToOffset(Rva: Cardinal): Cardinal;
var
i, iCount: Integer;
iBeginRva, iEndRva: Cardinal;
iBeginOffset: Cardinal;
begin
iCount := FNumberOfSections - 1;
Result := 0;
for i := 0 to iCount do
begin
iBeginRva := PImageSectionHeader(FImageSectionHeaders[i])^.VirtualAddress;
iEndRva := PImageSectionHeader(FImageSectionHeaders[i])^.Misc.VirtualSize + iBeginRva;
iBeginOffset := PImageSectionHeader(FImageSectionHeaders[i])^.PointerToRawData;
if (iBeginRva <= Rva) and (Rva <= iEndRva) then
begin
Result := iBeginOffset + Rva - iBeginRva;
Break;
end;
end;
end;
procedure TLGYPEInfo.SetImageSectionHeaders(Index: Integer; const Value:
PImageSectionHeader);
begin
FImageSectionHeaders[Index] := Value;
end;
constructor TDllInfo.Create(LGYPEInfo: TLGYPEInfo; AImageImportDescriptor:
TImageImportDescriptor);
var
sDllName: array[0..19] of Char;
AImageThunkData: TImageThunkData;
ADllFuncInfo: TDllFuncInfo;
iOldFileStreamPos: Int64;
AImageImportByName: TImageImportByName;
IsDoubleBridge: Boolean;
iOffset: DWORD;
begin
inherited Create;
FLGYPEInfo := LGYPEInfo;
FImageImportDescriptor := AImageImportDescriptor;
FFuncList := TList.Create;
FLGYPEInfo.FFileStream.Position := FLGYPEInfo.RvaToOffset(AImageImportDescriptor.Name);
FLGYPEInfo.FFileStream.Read(sdllName, 20);
dllName := sdllName;
FIsDoubleBridge := AImageImportDescriptor.DUMMYUNIONNAME.OriginalFirstThunk <> 0;
if FIsDoubleBridge then
begin
rva := AImageImportDescriptor.DUMMYUNIONNAME.OriginalFirstThunk;
FLGYPEInfo.FFileStream.Position := FLGYPEInfo.RvaToOffset(rva);
while True do
Begin
FLGYPEInfo.FFileStream.ReadBuffer(AImageThunkData, SizeOf(TImageThunkData));
iOldFileStreamPos := FLGYPEInfo.FFileStream.Position;
if AImageThunkData.AddressOfData = 0 then
begin
Break;
end else
begin
iOffset := FLGYPEInfo.RvaToOffset(AImageThunkData.AddressOfData);
FLGYPEInfo.FFileStream.Position := iOffset;
FLGYPEInfo.FFileStream.ReadBuffer(AImageImportByName, SizeOf(TImageImportByName));
ADllFuncInfo := TDllFuncInfo.Create;
ADllFuncInfo.Hint := AImageImportByName.Hint;
ADllFuncInfo.FuncName := AImageImportByName.Name;
ADllFuncInfo.FBridge1FuncPos.rva := rva;
ADllFuncInfo.FBridge1FuncPos.Offset := iOffset;
FFuncList.Add(ADllFuncInfo);
FLGYPEInfo.FFileStream.Position := iOldFileStreamPos;
rva := rva + SizeOf(TImageThunkData);
end;
end;
end;
if AImageImportDescriptor.DUMMYUNIONNAME.OriginalFirstThunk <> 0 then
begin
rva := AImageImportDescriptor.DUMMYUNIONNAME.OriginalFirstThunk;
end else
Begin
rva := AImageImportDescriptor.FirstThunk;
end;
end;
destructor TDllInfo.Destroy;
var
i, iCount: Integer;
ADllFuncInfo: TDllFuncInfo;
begin
inherited;
iCount := FFuncList.Count - 1;
for i := 0 to iCount do
begin
ADllFuncInfo := TDllFuncInfo(FFuncList[i]);
FreeAndNil(ADllFuncInfo);
end;
if Assigned(FFuncList) then
begin
FreeAndNil(FFuncList);
end;
end;
end.
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手