📄 frmmain.pas
字号:
begin
SubItems.Add(IntToHex(ResBuffer[i-tmpSpace],2));
StrLine:=StrLine+Chr(ResBuffer[i-tmpSpace]);
end;
SubItems.Add(StrLine);
end;
{ 重新调整偏移地址及长度 }
AOffSet:=tmpNewOffSet+Col_Num;
ACount:=ACount-(Col_Num-tmpSpace);
end;
iPos:=0;
while iPos<ACount-Max_Buf do
begin
Read(ResBuffer,SizeOf(ResBuffer));
with pbLoadBinary do
Position:=Position + SizeOf(ResBuffer);
iPos:=iPos+Max_Buf;
for i:=0 to Ceil(Max_Buf/Col_Num)-1 do
with lvBinaryRes.Items.Add do
begin
Caption:=Format('%.8xH: ',[AOffSet+(iPos-Max_Buf)+i*Col_Num]);
StrLine:='';
for j:=0 to Col_Num-1 do
begin
//SubItems.Add(Format('%.2x',[ResBuffer[i*Col_Num+j]);
SubItems.Add(IntToHex(ResBuffer[i*Col_Num+j],2));
StrLine:=StrLine+Chr(ResBuffer[i*Col_Num+j]);
end;
SubItems.Add(StrLine);
end;
end;
if (ACount-iPos)>0 then
begin
Read(ResBuffer,ACount-iPos);
with pbLoadBinary do
Position:=Position + ACount - iPos;
for i:=0 to Ceil((ACount-iPos)/Col_Num)-1 do
with lvBinaryRes.Items.Add do
begin
Caption:=Format('%.8xH: ',[AOffSet+iPos+Col_Num*i]);
StrLine:='';
for j:=0 to Col_Num-1 do
begin
if i*Col_Num+j > ACount-iPos-1 then
begin
SubItems.Add('');
end
else begin
//SubItems.Add(Format('%.2x',[ResBuffer[i*Col_Num+j]);
SubItems.Add(IntToHex(ResBuffer[i*Col_Num+j],2));
StrLine:=StrLine+Chr(ResBuffer[i*Col_Num+j]);//+Chr(ResBuffer[i*Col_Num+j+1]);
end;
end;
SubItems.Add(StrLine);
end;
end;
end;
finally
pbLoadBinary.Visible:=False;
tmpSegStream.Free;
Screen.Cursor:=crDefault;
end;
end;
{ 显示PE结构 }
procedure TMainForm.DisplayPEStructure;
begin
{ 显示的初始化 }
ClearPEContent;
trvPEStructure.Items.BeginUpdate;
try
{ 显示PE头结构及资源结构 }
DisplayPEHeader; // 头部
DisplayPEExport; // 导出函数表
DisplayPEImport; // 导入函数表
DisplayPEResource; // 资源数据
finally
trvPEStructure.Items.EndUpdate;
end;
////显示其它的块表信息待定
//选择最顶层
trvPEStructure.TopItem.Selected:=True;
end;
{ 显示导入函数表 }
procedure TMainForm.DisplayPEImport;
var
tmpNode: TTreeNode;
tmpStrList: TStringList;
i:Integer;
begin
if not CurExeImg.ImportDirExists then
exit;
tmpNode := trvPEStructure.Items.Add(nil,'导入');
tmpStrList := TStringList.Create;
try
tmpStrList := CurExeImg.GetImportName;
for i:=0 to tmpStrList.Count-1 do
trvPEStructure.Items.AddChild(tmpNode,tmpStrList.Strings[i]);
finally
tmpStrList.Free;
end;
end;
{ 显示导出函数表 }
procedure TMainForm.DisplayPEExport;
var
tmpNode: TTreeNode;
tmpStr: String;
begin
if CurExeImg.ExportDirExists then
begin
tmpNode := trvPEStructure.Items.Add(nil,'导出');
tmpStr := CurExeImg.ExportName;
if tmpStr<>'' then
trvPEStructure.Items.AddChild(tmpNode,tmpStr);
end;
end;
{ 显示PE文件头结构 }
procedure TMainForm.DisplayPEHeader;
var
trvNode1,trvNode2: TTreeNode;
i: Word;
tmpVar: Variant;
begin
with trvPEStructure.Items do
begin
trvNode1:=Add(nil,'头部');
AddChild(trvNode1,'DOS头部');
trvNode2:=AddChild(trvNode1,'NT头部');
AddChild(trvNode2,'Coff头部');
AddChild(trvNode2,'可选头部');
trvNode2:=AddChild(trvNode1,'块表头部');
tmpVar:=CurExeImg.AnalySisSectionDescript;
for i:=0 to CurExeImg.SectionNum-1 do
AddChild(trvNode2,VartoStr(tmpVar[i][0]));
end;
end;
{ 显示PE文件的资源 }
procedure TMainForm.DisplayPEResource;
var
tmpRootNode,tmpTypeNode,tmpGroupNode:TTreeNode;
tmpResType,tmpStr:String;
tmpArrayResType: Array of String;
tmpResTypeCount,tmpResInfoIndex: integer;
i,j,k:Integer;
tmpStrList,tmpMinorList: TStringList;
begin
if CurExeImg.ResDataNum=0 then exit;
Application.ProcessMessages;
//ResDataDir := VarArrayCreate([0,CurExeImg.ResDataNum-1],VarVariant);
//进行资源类型数目的计数
ResDataDir := CurExeImg.GetResourceDataDir;
tmpResTypeCount := 1;
SetLength(tmpArrayResType,CurExeImg.ResDataNum);
tmpArrayResType[0] := VartoStr(ResDataDir[0][0]);
for i:=1 to CurExeImg.ResDataNum-1 do
begin
for j:=0 to i-1 do
if VartoStr(ResDataDir[i][0])=tmpArrayResType[j] then break;
if j=i then
begin
inc(tmpResTypeCount);
tmpArrayResType[tmpResTypeCount-1] := VartoStr(ResDataDir[i][0]);
end;
end;
SetLength(tmpArrayResType,tmpResTypeCount);
tmpRootNode:=trvPEStructure.Items.Add(nil,'资源');
//将资源数据加入到树状列表
for i:=0 to tmpResTypeCount-1 do
begin
tmpResType := tmpArrayResType[i];
if (tmpResType<>'光标') and (tmpResType<>'图标') then
begin
if tmpResType = '光标索引' then
begin
tmpTypeNode := trvPEStructure.Items.AddChild(tmpRootNode,'光标');
tmpStrList := TStringList.Create;
try
tmpMinorList := TStringList.Create;
try
for j:=0 to CurExeImg.ResDataNum-1 do
if VartoStr(ResDataDir[j][0]) = '光标索引' then
begin
//tmpStrList.Clear;
tmpStrList := CurExeImg.GetCursorResInfo(Integer(ResDataDir[j][2]));
tmpMinorList.Clear;
for k:=0 to tmpStrList.Count-1 do
begin
tmpStr := tmpStrList.Strings[k];
tmpStr := Copy(tmpStr,0,pos(': ',tmpStr)-1);
tmpMinorList.Add(tmpStr);
end;
tmpGroupNode := trvPEStructure.Items.AddChild(tmpTypeNode,ResDataDir[j][1]);
for k:=0 to CurExeImg.ResDataNum-1 do
begin
tmpResInfoIndex := tmpMinorList.IndexOf(ResDataDir[k][1]);
if (tmpResInfoIndex > -1) and (VartoStr(ResDataDir[k][0]) = '光标') then
trvPEStructure.Items.AddChild(tmpGroupNode,tmpStrList.Strings[tmpResInfoIndex]);
end;
end;
finally
tmpMinorList.Free;
end;
finally
tmpStrList.Free;
end;
end
else if tmpResType = '图标索引' then
begin
tmpStrList := TStringList.Create;
tmpMinorList := TStringList.Create;
tmpTypeNode := trvPEStructure.Items.AddChild(tmpRootNode,'图标');
for j:=0 to CurExeImg.ResDataNum-1 do
if VartoStr(ResDataDir[j][0]) = '图标索引' then
begin
tmpStrList := CurExeImg.GetIconResInfo(Integer(ResDataDir[j][2]));
tmpMinorList.Clear;
for k:=0 to tmpStrList.Count-1 do
begin
tmpStr := tmpStrList.Strings[k];
tmpStr := Copy(tmpStr,0,pos(': ',tmpStr)-1);
tmpMinorList.Add(tmpStr);
end;
tmpGroupNode := trvPEStructure.Items.AddChild(tmpTypeNode,ResDataDir[j][1]);
for k:=0 to CurExeImg.ResDataNum-1 do
begin
tmpResInfoIndex := tmpMinorList.IndexOf(ResDataDir[k][1]);
if (tmpResInfoIndex > -1) and (VartoStr(ResDataDir[k][0]) = '图标') then
trvPEStructure.Items.AddChild(tmpGroupNode,tmpStrList.Strings[tmpResInfoIndex]);
end;
end;
tmpStrList.Free;
tmpMinorList.Free;
end
else begin
tmpTypeNode := trvPEStructure.Items.AddChild(tmpRootNode,tmpResType);
for j:=0 to CurExeImg.ResDataNum-1 do
if VartoStr(ResDataDir[j][0]) = tmpResType then
{tmpGroupNode := }trvPEStructure.Items.AddChild(tmpTypeNode,ResDataDir[j][1]);
end;
end;
end;
end;
{ 清除控件中原有的PE内容 }
procedure TMainForm.ClearPEContent;
begin
with trvPEStructure.Items do
begin
BeginUpdate;
Clear;
EndUpdate;
end;
with trvMenuRes.Items do
begin
BeginUpdate;
Clear;
EndUpdate;
end;
lvDetailRes.Clear;
lvBinaryRes.Clear;
lvStringRes.Clear;
imgPICRes.Picture:=nil;
end;
procedure TMainForm.ProjBinaryExecute(Sender: TObject);
var
tmpIndex:Word;
begin
ProjBinary.Checked:=not ProjBinary.Checked;
if ProjBinary.Checked then
begin
OldPageIndex := nbExeRes.PageIndex;
nbExeRes.ActivePage:='BinaryPage';
end
else
begin
tmpIndex := nbExeRes.PageIndex;
nbExeRes.PageIndex:= OldPageIndex;
OldPageIndex := tmpIndex;
end;
end;
{ 拖拉正确的文件可以打开其PE分析列表 }
procedure TMainForm.WMDropFiles(var Msg: TWMDropFiles);
var
tmpFileName:array[0..MAX_PATH-1] of Char;
StrFileName:String;
begin
try
if DragQueryFile(Msg.Drop,0,tmpFileName,MAX_PATH)>0 then
begin
StrFileName:=StrPas(tmpFileName);
if UpperCase(ExtractFileExt(StrFileName))='.LNK' then
StrFileName:=GetShortcutTarget(StrFileName);
LoadExeImage(StrFileName);
end;
finally
DragFinish(Msg.Drop);
end;
end;
{ 通过快捷方式获取目标文件名 }
function TMainForm.GetShortcutTarget(ShortcutFilename:String):String;
var
Psl:IShellLink;
Ppf:IPersistFile;
WideName:Array [0..MAX_PATH] of WideChar;
pResult:Array [0..MAX_PATH-1] Of Char;
Data:TWin32FindData;
const
IID_IPersistFile:TGUID=(D1:$0000010B; D2:$0000; D3:$0000; D4:($C0,$00,$00,$00,$00,$00,$00,$46));
begin
CoCreateInstance(CLSID_ShellLink,nil,CLSCTX_INPROC_SERVER, IID_IShellLinkA ,psl);
psl.QueryInterface(IID_IPersistFile,ppf);
MultiByteToWideChar(CP_ACP, 0, pChar(ShortcutFilename), -1, WideName, Max_Path);
ppf.Load(WideName,STGM_READ);
psl.Resolve(0,SLR_ANY_MATCH);
psl.GetPath(@pResult,MAX_PATH,Data,SLGP_UNCPRIORITY);
Result:=StrPas(@pResult);
end;
procedure TMainForm.ScrollBoxImgResize(Sender: TObject);
begin
if ImgPICRes.Picture <> nil then
with ImgPICRes do
begin
Width:=Picture.Width;
Height:=Picture.Height;
if ScrollBoxImg.Width > Width then
Left := (ScrollBoxImg.Width - Width) div 2 + 2
else Left:=2;
if ScrollBoxImg.Height > Height then
Top := (ScrollBoxImg.Height - Height) div 2 + 2
else Top:=2;
Bevel1.Width := Width+4;
Bevel1.Height:= Height+4;
Bevel1.Left := Left-2;
Bevel1.Top := Top-2;
end;
end;
{ 获取当前节点所属资源的Index,如果其Index>-1,表示找到相应资源,在导入,导出,保存时要用到 }
function TMainForm.GetResIndex(ResType, ResName: String): Integer;
var
i:integer;
begin
if not assigned(CurExeImg) then result:=-1
else if VarIsEmpty(ResDataDir) then result:=-1
else begin
for i:=0 to CurExeImg.ResDataNum-1 do
if (VartoStr(ResDataDir[i][0])=ResType)and(VartoStr(ResDataDir[i][1])=ResName) then
break;
if i<CurExeImg.ResDataNum then
result:=i
else result:=-1;
end;
end;
{ 调整窗体大小时,进度条相应的拉伸 }
procedure TMainForm.ActReOpen1Execute(Sender: TObject);
var
tmpWillOpenFileName: String;
begin
//重新打开.
tmpWillOpenFileName := (Sender as TAction).Caption;
if FileExists(tmpWillOpenFileName)=False then
begin
////最好将当前标记的ini项删除掉
ShowMessage(Format('文件[%s]不存在.',[tmpWillOpenFileName]));
exit;
end;
LoadExeImage(tmpWillOpenFileName);
end;
procedure TMainForm.btnShowCtrlClick(Sender: TObject);
begin
if BtnShowCtrl.Tag = 0 then
begin
BtnShowCtrl.Tag := 1;
BtnShowCtrl.Caption := '隐藏菜单(&M)';
MenuForm.Show;
end
else if BtnShowCtrl.Tag = 1 then
begin
BtnShowCtrl.Tag := 0;
BtnShowCtrl.Caption := '显示菜单(&M)';
MenuForm.Hide;
end
else if BtnShowCtrl.Tag = 2 then
begin
BtnShowCtrl.Tag := 3;
BtnShowCtrl.Caption := '隐藏对话(&D)';
DialogForm.Caption := '';
DialogForm.Show;//
end
else begin
BtnShowCtrl.Tag := 2;
BtnShowCtrl.Caption := '显示对话(&D)';
DialogForm.Caption := '';
DialogForm.Hide;//
end;
end;
procedure TMainForm.FormResize(Sender: TObject);
begin
if Width < 670 then
Width := 670;
if Height < 430 then
Height := 430;
end;
procedu⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -