📄 unit1.pas
字号:
memo1.Lines.Add(format(' %-*s%X',[width, 'base of data',
peoptionalHeader.BaseOfData]));
memo1.Lines.Add(format(' %-*s%X',[width, 'image base',
peoptionalHeader.ImageBase]));
memo1.Lines.Add(format(' %-*s%X',[width, 'section align',
peoptionalHeader.SectionAlignment]));
memo1.Lines.Add(format(' %-*s%X',[width, 'file align',
peoptionalHeader.FileAlignment]));
memo1.Lines.Add(format(' %-*s%u.%.2u',[width, 'required OS version',
peoptionalHeader.MajorOperatingSystemVersion,
peoptionalHeader.MinorOperatingSystemVersion]));
memo1.Lines.Add(format(' %-*s%u.%.2u',[width, 'image version',
peoptionalHeader.MajorImageVersion,
peoptionalHeader.MinorImageVersion]));
memo1.Lines.Add(format(' %-*s%u.%.2u',[width, 'subsystem version',
peoptionalHeader.MajorSubsystemVersion,
peoptionalHeader.MinorSubsystemVersion]));
memo1.Lines.Add(format(' %-*s%X',[width, 'size of image',
peoptionalHeader.SizeOfImage]));
memo1.Lines.Add(format(' %-*s%X',[width, 'size of headers',
peoptionalHeader.SizeOfHeaders]));
memo1.Lines.Add(format(' %-*s%X',[width, 'checksum',
peoptionalHeader.CheckSum]));
case peoptionalHeader.Subsystem of
IMAGE_SUBSYSTEM_NATIVE: s := 'Native';
IMAGE_SUBSYSTEM_WINDOWS_GUI: s := 'Windows GUI';
IMAGE_SUBSYSTEM_WINDOWS_CUI: s := 'Windows character';
IMAGE_SUBSYSTEM_OS2_CUI: s := 'OS/2 character';
IMAGE_SUBSYSTEM_POSIX_CUI: s := 'Posix character';
else
s := 'unknown';
end;
memo1.Lines.Add(format(' %-*s%.4X<%s>',[width, 'Subsystem',
peoptionalHeader.Subsystem,s]));
memo1.Lines.Add(format(' %-*s%X',[width, 'stack reserve size',
peoptionalHeader.SizeOfStackReserve]));
memo1.Lines.Add(format(' %-*s%X',[width, 'stack commit size',
peoptionalHeader.SizeOfStackCommit]));
memo1.Lines.Add(format(' %-*s%X',[width, 'heap reserve size',
peoptionalHeader.SizeOfStackReserve]));
memo1.Lines.Add(format(' %-*s%X',[width, 'heap commit size',
peoptionalHeader.SizeOfHeapCommit]));
memo1.Lines.Add(format(' %-*s%X',[width, 'RVAs & sizes',
peoptionalHeader.NumberOfRvaAndSizes]));
memo1.Lines.Add('');
memo1.Lines.Add('Data Directory');
for i:=0 to peoptionalHeader.NumberOfRvaAndSizes-1 do
begin
if i>12 then
datadirname:='unused'
else
datadirname:=ImageDirectoryNames[i];
memo1.Lines.Add(format(' %-12s rva: %.8X size: %.8X',[datadirname,
peoptionalHeader.DataDirectory[i].VirtualAddress,
peoptionalheader.DataDirectory[i].Size]));
end;
end;
procedure TForm1.DumpSectionTable(section:pImageSectionHeader;cSections:integer);
var
i,j,l:integer;
sec_name:string;
s:string;
begin
memo1.Lines.Add('');
memo1.Lines.Add('Section Table');
//
for i:=1 to cSections do
begin
sec_name:='';
s:='';
for j:=0 to cSections do
begin
if (chr(section.name[j])<>#0) and (chr(section.name[j])<>#$10) then
sec_name:=sec_name+chr(section.Name[j])
else
break;
end;
//
memo1.Lines.Add(format(' %.2d %-8s VirtSize: %.8X VirtAddr: %.8X',
[i,sec_name,section.Misc.PhysicalAddress,section.VirtualAddress]));
memo1.Lines.Add(format(' raw data offs: %.8X raw data size: %.8X',
[section.PointerToRawData,section.SizeOfRawData]));
memo1.Lines.Add(format(' relocation offs: %.8X relocations: %.8X',
[section.PointerToRelocations,section.NumberOfRelocations]));
memo1.Lines.Add(format(' line # offs: %.8X line #`s: %.8X',
[section.PointerToLinenumbers,section.NumberOfLinenumbers]));
memo1.Lines.Add(format(' characteristics: %.8X',[section.Characteristics]));
//
for l:=0 to 12 do
begin
// why this write ????? i don`t know :_<
if (section.Characteristics and sectionCharacteristics[l].flag)<>0 then
s:=s+format( ' %s', [sectionCharacteristics[l].name]);
end;
memo1.Lines.Add(format( ' %s', [s]));
memo1.Lines.Add('');
//
inc(section);
end;
end;
{procedure TForm1.DumpResourceSection(base:Longword;peNTHeader:pImageNtHeaders);
var
PIMAGERESOURCEDIRECTORY
resDir:pImageresourceDirectory;
begin
resDir:=GetSectionPtr('.rsrc', peNTHeader, (longword)base);
//if ( !resDir )
//return;
memo1.clear;
memo1.add('Resources');
DumpResourceDirectory(resDir, (DWORD)resDir, 0, 0);
end;}
function TForm1.GetEnclosingSectionHeader(rva:DWORD;
peNTHeader:pImageNtHeaders):pImageSectionHeader;
var
section:pImageSectionHeader;
i:integer;
begin
section:=pImageSectionHeader(longword(pentheader)+sizeof(TImageNtHeaders));
for i:=0 to peNTHeader.FileHeader.NumberOfSections-1 do
begin
// Is the RVA within this section?
if (rva >= longword(section.VirtualAddress))and
(rva < longword(section.VirtualAddress + section.Misc.VirtualSize)) then
begin
result:=section;
exit;
end;
inc(section);
end;
result:=nil;
end;
procedure TForm1.DumpImportsSection(base:LongWord;peNTHeader:pImageNtHeaders);
var
importDesc:pImageImportDescriptor;
thunk,thunkIAT:pImageThunkData;
pOrdinalName:Pimageimportbyname;
pSection:pImageSectionHeader;
delta:integer;
importsStartRVA:longword;
i:integer;
s:string;
begin
importsStartRVA := peNTHeader.OptionalHeader.DataDirectory
[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
if importsStartRVA=0 then
exit;
//
pSection:= GetEnclosingSectionHeader(importsStartRVA, peNTHeader);
if pSection=nil then
exit;
delta := integer(pSection.VirtualAddress-pSection.PointerToRawData);
importDesc := pImageImportDescriptor(importsStartRVA - delta + base);
//
memo1.Lines.Add('');
memo1.Lines.Add('Imports Table:');
while true do
begin
if (importDesc.TimeDateStamp=0) and (importDesc.Name=0) then
exit;
//why????
memo1.Lines.Add(format(' %s',[pchar(importDesc.Name) - delta + base]));
memo1.Lines.Add(format(' Hint/Name Table: %.8X',[importDesc.u.Characteristics]));
memo1.Lines.Add(format(' TimeDateStamp: %.8X',[importDesc.TimedateStamp]));
memo1.Lines.Add(format(' ForwarderChain: %.8X',[importDesc.ForwarderChina]));
memo1.Lines.Add(format(' First thunk RVA: %.8X',[importDesc.FirstThunk]));
//thunk := pImageThunkData(importDesc.u.Characteristics);
//thunkIAT := pImageThunkData(importDesc.FirstThunk);
if importdesc.u.OriginalFirstThunk<>0 then
thunk:=pImageThunkData(importdesc.u.OriginalFirstThunk)
else
thunk:=pImageThunkData(importdesc.FirstThunk);
// Adjust the pointer to point where the tables are in the mem mapped file.
thunk := pImageThunkData(pchar(thunk )- delta + base);
//
memo1.Lines.Add(' Ordn Name');
//
while thunk.u1.AddressOfData <> 0 do
begin
if (thunk.u1.Ordinal and $80000000) <> 0 then
memo1.Lines.Add(format(' %.4u',[thunk.u1.Ordinal-$80000000]))
else
begin
pOrdinalName := pImageImportByName(thunk.u1.AddressOfData);
pOrdinalName := pImageImportByName(pchar(pOrdinalName) - delta + base);
s:='';
for i:=0 to 99 do
begin
if chr(pordinalname.name[i])<>#0 then
s:=s+chr(pordinalname.name[i])
else
break;
end;
memo1.Lines.Add(format(' %4u %s',[pOrdinalName.Hint,s]));
end;
inc(thunk); // Advance to next thunk
end;
inc(importdesc);
end;
end;
procedure TForm1.DumpExportsSection(base:LongWord;peNTHeader:pImageNtHeaders);
var
exportDir:PImageExportDirectory;
header:pImageSectionHeader;
delta:integer;
filename:pchar;
i:longword;
exportsStartRVA, exportsEndRVA:longword;
functions:PDWORD;
ordinals:PWORD;
name:pchar;
entryPointRVA:DWORD;
j:DWORD;
s:string;
l,m:integer;
begin
exportsStartRVA := peNTHeader.OptionalHeader.DataDirectory
[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
exportsEndRVA := exportsStartRVA + peNTHeader.OptionalHeader.DataDirectory
[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
if (exportsStartRVA=0) or (exportsEndRVA=0) then
exit;
//
header := GetEnclosingSectionHeader( exportsStartRVA, peNTHeader );
if header=nil then
exit;
delta := integer(header.VirtualAddress - header.PointerToRawData);
exportDir := pImageExportDirectory (exportsStartRVA - delta + base);
//
filename := pchar(exportDir.Name - delta + base);
//
memo1.Lines.Add('');
memo1.Lines.add('Exports Table:');
//
memo1.Lines.Add(format(' Name: %s',[filename]));
memo1.Lines.Add(format(' Characteristics: %.8X',[exportdir.Characteristics]));
memo1.Lines.Add(format(' TimeDateStamp: %.8X',[exportdir.TimeDateStamp]));
memo1.Lines.Add(format(' Version: %u.%.2u',
[exportdir.MajorVersion,exportdir.MinorVersion]));
memo1.Lines.Add(format(' Ordinal base: %.8X',[exportdir.Base]));
memo1.Lines.Add(format(' # of functions: %.8X',[exportdir.NumberOfFunctions]));
memo1.Lines.Add(format(' # of Names: %.8X',[exportdir.NumberOfNames]));
//
functions := PDWORD(Dword(exportDir.AddressOfFunctions) - delta + base);
//ordinals := PWORD(pchar(exportDir.AddressOfNameOrdinals) - delta + base);
//name := pchar(Dword(exportDir.AddressOfNames) - delta + base);
name:=pchar(exportDir.Name - delta + base);
//
memo1.Lines.Add('');
memo1.Lines.Add(' Entry Pt Ordn Name');
//
for i:=0 to exportDir.NumberOfFunctions-1 do
begin
entryPointRVA :=functions^;
if entryPointRVA = 0 then
continue;
// See if this function has an associated name exported for it.
ordinals := PWORD(Dword(exportDir.AddressOfNameOrdinals) - delta + base);
//
for j:=0 to exportDir.NumberOfNames-1 do
begin
if ordinals^ = i then
begin
s:='';
while true do //move pointer posetion
begin
if name^=#0 then
begin
break;
end;
inc(name);
end;
//
while true do
begin
if (name-1)^=#0 then
begin
s:=format(' %s', [name]);
break;
end;
inc(name);
end;
end;
inc(ordinals);
end;
//
memo1.Lines.Add(format(' %.8X %4u%s',[entryPointRVA, i + exportDir.Base,s]));
inc(functions);
end;
end;
procedure TForm1.About1Click(Sender: TObject);
begin
if sender=About1 then
messagebox(handle,'FileName:WinDump'+#13+'Authors:sjctheworld'+#13+'Copyright:2004-2005',
'About',MB_OK or MB_ICONINFORMATION)
else
messagebox(handle,'程序名称:WinDump'+#13+'程序设计:sjctheworld'+#13+'版权所有:2004-2005',
'关于',MB_OK or MB_ICONINFORMATION)
end;
procedure TForm1.Chinese1Click(Sender: TObject);
begin
chinese1.Checked:=true;
if Chinese1.Checked=true then
begin
e1.Checked:=false;
application.MainForm.Menu:=mainmenu2;
DisPalyRowNO;
end;
end;
procedure TForm1.E1Click(Sender: TObject);
begin
e1.Checked:=true;
if e1.Checked=true then
begin
Chinese1.Checked:=false;
application.MainForm.Menu:=mainmenu1;
DisPalyRowNO;
end;
end;
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -