📄 peheader.pas
字号:
{******************************************************************************}
{Copyright(C) 2007,Pefine Security Lab }
{All rights reserved. }
{ }
{Abstract:View Win32 PE file information. }
{ }
{Version:1.01 }
{Author:WindRand }
{Date:2007-01-20 }
{******************************************************************************}
unit PEHeader;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ExtCtrls, JwaWinNT;
type
TPEHeaderFrm = class(TForm)
GroupBox1: TGroupBox;
Label1: TLabel;
Label2: TLabel;
Label3: TLabel;
Label4: TLabel;
NSEdit: TEdit;
TSEdit: TEdit;
PCEdit: TEdit;
Label5: TLabel;
Label6: TLabel;
Label7: TLabel;
CSEdit: TEdit;
SOEdit: TEdit;
CHEdit: TEdit;
Panel1: TPanel;
Button1: TButton;
MCEdit: TEdit;
SubBtn: TButton;
Button2: TButton;
Button3: TButton;
procedure FormShow(Sender: TObject);
procedure Button1Click(Sender: TObject);
procedure FormCreate(Sender: TObject);
procedure SubBtnClick(Sender: TObject);
procedure Button2Click(Sender: TObject);
procedure Button3Click(Sender: TObject);
private
procedure FreeHandle(hFile,mFile:Thandle);
public
mFlag:Word;
tFlag:Cardinal;
cFlag:Word;
end;
var
PEHeaderFrm: TPEHeaderFrm;
implementation
uses Main, Machine, TimeDateStamp, Characteristics;
{$R *.dfm}
procedure TPEHeaderFrm.FormShow(Sender: TObject);
begin
//Interface center
With PEHeaderFrm do
begin
Left:=(Screen.Width div 2)-(Width div 2);
Top:=(Screen.Height div 2)-(Height div 2);
end;
end;
procedure TPEHeaderFrm.Button1Click(Sender: TObject);
begin
Close;
end;
procedure TPEHeaderFrm.FreeHandle(hFile,mFile:Thandle);
begin
CloseHandle(hFile);
CloseHandle(mFile);
end;
procedure TPEHeaderFrm.FormCreate(Sender: TObject);
var
FileNameStr:String;
ImageDosHeader:PIMAGEDOSHEADER;
ImageNTHeaders:PIMAGENTHEADERS;
hFile,mFile:THandle;
hView:Pointer;
vBase:LongWord;
begin
FileNameStr:=MainFrm.PublicFileNameStr;
hFile:=CreateFile(PChar(FileNameStr),GENERIC_READ,FILE_SHARE_READ,nil,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
if hFile=INVALID_HANDLE_VALUE then
begin
MessageBox(Handle,'Open file error!','Information',MB_OK+MB_ICONERROR);
CloseHandle(hFile);
Exit;
end;
mFile:=CreateFileMapping(hFile,nil,PAGE_READONLY,0,0,nil);
if mFile=0 then
begin
MessageBox(Handle,'Cannot open the file for memory mapping!','Information',MB_OK+MB_ICONERROR);
CloseHandle(hFile);
Exit;
end;
hView:=MapViewOfFile(mFile,FILE_MAP_READ,0,0,0);
if hView=nil then
begin
MessageBox(Handle,'Cannot map the file into memory!','Information',MB_OK+MB_ICONERROR);
FreeHandle(hFile,mFile);
Exit;
end;
ImageDosHeader:=PImageDosHeader(hView);
if ImageDosHeader.e_magic<>IMAGE_DOS_SIGNATURE then
begin
MessageBox(Handle,'This file is not a valid PE!','Information',MB_OK+MB_ICONERROR);
FreeHandle(hFile,mFile);
Exit;
end;
vBase:=LongWord(ImageDosHeader);
ImageNTHeaders:=PIMAGENTHEADERS(vBase+LongWord(ImageDosHeader.e_lfanew));
if ImageNTHeaders.Signature<>IMAGE_NT_SIGNATURE then
begin
MessageBox(Handle,'This file is not a valid PE。','Information',MB_OK+MB_ICONINFORMATION);
FreeHandle(hFile,mFile);
Exit;
end;
MCEdit.Text:=IntToHex(ImageNTHeaders.FileHeader.Machine,4);
mFlag:=ImageNTHeaders.FileHeader.Machine;
NSEdit.Text:=IntToHex(ImageNTHeaders.FileHeader.NumberOfSections,4);
TSEdit.Text:=IntToHex(ImageNTHeaders.FileHeader.TimeDateStamp,8);
tFlag:=ImageNTHeaders.FileHeader.TimeDateStamp;
PCEdit.Text:=IntToHex(ImageNTHeaders.FileHeader.PointerToSymbolTable,8);
CSEdit.Text:=IntToHex(ImageNTHeaders.FileHeader.NumberOfSymbols,8);
SOEdit.Text:=IntToHex(ImageNTHeaders.FileHeader.SizeOfOptionalHeader,4);
CHEdit.Text:=IntToHex(ImageNTHeaders.FileHeader.Characteristics,4);
cFlag:=ImageNTHeaders.FileHeader.Characteristics;
UnmapViewOfFile(hView);
FreeHandle(hFile,mFile);
end;
procedure TPEHeaderFrm.SubBtnClick(Sender: TObject);
begin
Application.CreateForm(TMachineFrm, MachineFrm);
MachineFrm.ShowModal;
end;
procedure TPEHeaderFrm.Button2Click(Sender: TObject);
begin
Application.CreateForm(TTimeDateStampFrm, TimeDateStampFrm);
TimeDateStampFrm.ShowModal;
end;
function BeTrue(fg,Value:Cardinal):Boolean;
begin
Result:=fg and not Value=0;
end;
procedure TPEHeaderFrm.Button3Click(Sender: TObject);
begin
With TCharacteristicsFrm.Create(self) do
begin
Left:=(Screen.Width div 2)-(Width div 2);
Top:=(Screen.Height div 2)-(Height div 2);
CheckBox1.Checked:=BeTrue(IMAGE_FILE_RELOCS_STRIPPED,TempCardinal);
CheckBox2.Checked:=BeTrue(IMAGE_FILE_EXECUTABLE_IMAGE,TempCardinal);
CheckBox3.Checked:=BeTrue(IMAGE_FILE_LINE_NUMS_STRIPPED,TempCardinal);
CheckBox4.Checked:=BeTrue(IMAGE_FILE_LOCAL_SYMS_STRIPPED,TempCardinal);
CheckBox5.Checked:=BeTrue(IMAGE_FILE_AGGRESIVE_WS_TRIM,TempCardinal);
CheckBox6.Checked:=BeTrue(IMAGE_FILE_LARGE_ADDRESS_AWARE,TempCardinal);
CheckBox7.Checked:=BeTrue(IMAGE_FILE_BYTES_REVERSED_LO,TempCardinal);
CheckBox8.Checked:=BeTrue(IMAGE_FILE_32BIT_MACHINE,TempCardinal);
CheckBox9.Checked:=BeTrue(IMAGE_FILE_DEBUG_STRIPPED,TempCardinal);
CheckBox10.Checked:=BeTrue(IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP,TempCardinal);
CheckBox11.Checked:=BeTrue(IMAGE_FILE_NET_RUN_FROM_SWAP,TempCardinal);
CheckBox12.Checked:=BeTrue(IMAGE_FILE_SYSTEM,TempCardinal);
CheckBox13.Checked:=BeTrue(IMAGE_FILE_DLL,TempCardinal);
CheckBox14.Checked:=BeTrue(IMAGE_FILE_UP_SYSTEM_ONLY,TempCardinal);
CheckBox15.Checked:=BeTrue(IMAGE_FILE_BYTES_REVERSED_HI,TempCardinal);
ValueLabel.Caption:=CHEdit.Text;
if ShowModal=mrok then
begin
CHEdit.Text:=IntToHex(CharCount,4);
end;
end;
end;
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -