📄 exporttable.pas
字号:
{******************************************************************************}
{Copyright(C) 2007,Pefine Security Lab }
{All rights reserved. }
{ }
{Abstract:View Win32 PE file information. }
{ }
{Version:1.01 }
{Author:WindRand }
{Date:2007-01-20 }
{******************************************************************************}
unit ExportTable;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ComCtrls, JwaWinNT, ExtCtrls;
type
TExportTableFrm = class(TForm)
GroupBox1: TGroupBox;
Label1: TLabel;
Label2: TLabel;
Label3: TLabel;
Label4: TLabel;
Label5: TLabel;
Label6: TLabel;
Label7: TLabel;
Label8: TLabel;
Label9: TLabel;
Label10: TLabel;
ListView1: TListView;
TEdit: TEdit;
CEdit: TEdit;
BEdit: TEdit;
NEdit: TEdit;
NSEdit: TEdit;
NFEdit: TEdit;
NNEdit: TEdit;
AFEdit: TEdit;
ANEdit: TEdit;
AOEdit: TEdit;
Panel1: TPanel;
Button1: TButton;
procedure FormShow(Sender: TObject);
procedure Button1Click(Sender: TObject);
procedure FormCreate(Sender: TObject);
private
procedure FreeHandle(hFile,mFile:Thandle);
function GetSectionHeader(tRVA:DWORD;ImageNTHeaders:PImageNtHeaders):PImageSectionHeader;
public
{ Public declarations }
end;
var
ExportTableFrm: TExportTableFrm;
implementation
uses Main;
{$R *.dfm}
procedure TExportTableFrm.FormShow(Sender: TObject);
begin
With ExportTableFrm do
begin
Left:=(Screen.Width div 2)-(Width div 2);
Top:=(Screen.Height div 2)-(Height div 2);
end;
end;
procedure TExportTableFrm.FreeHandle(hFile,mFile:Thandle);
begin
CloseHandle(hFile);
CloseHandle(mFile);
end;
function TExportTableFrm.GetSectionHeader(tRVA:DWORD;ImageNTHeaders:PImageNtHeaders):PImageSectionHeader;
var
ImageSection:PImageSectionHeader;
i:integer;
begin
ImageSection:=pImageSectionHeader(longword(ImageNTHeaders)+sizeof(TImageNtHeaders));
for i:=0 to ImageNTHeaders.FileHeader.NumberOfSections-1 do
begin
if (tRVA>=LongWord(ImageSection.VirtualAddress)) and
(tRVA<LongWord(ImageSection.VirtualAddress+ImageSection.Misc.VirtualSize)) then
begin
Result:=ImageSection;
Exit;
end;
Inc(ImageSection);
end;
Result:=nil;
end;
procedure TExportTableFrm.FormCreate(Sender: TObject);
var
ImageDosHeader:PIMAGEDOSHEADER;
ImageNTHeaders:PIMAGENTHEADERS;
ImageSection:PIMAGESECTIONHEADER;
ImageExport:PImageExportDirectory;
hFile,mFile:THandle;
hView:Pointer;
vBase,vExport:LongWord;
tRVA:Integer;
DllName:PChar;
TempStr:String;
fRVA:PDWORD;
i,j:Integer;
eRVA:DWORD;
Ordinal:PWORD;
Item:TListItem;
begin
hFile:=CreateFile(PChar(MainFrm.PublicFileNameStr),GENERIC_READ,FILE_SHARE_READ,nil,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
if hFile=INVALID_HANDLE_VALUE then
begin
MessageBox(Handle,'Open file error!','Information',MB_OK+MB_ICONERROR);
CloseHandle(hFile);
Exit;
end;
mFile:=CreateFileMapping(hFile,nil,PAGE_READONLY,0,0,nil);
if mFile=0 then
begin
MessageBox(Handle,'Cannot open the file for memory mapping!','Information',MB_OK+MB_ICONERROR);
CloseHandle(hFile);
Exit;
end;
hView:=MapViewOfFile(mFile,FILE_MAP_READ,0,0,0);
if hView=nil then
begin
MessageBox(Handle,'Cannot map the file into memory!','Information',MB_OK+MB_ICONERROR);
FreeHandle(hFile,mFile);
Exit;
end;
ImageDosHeader:=PImageDosHeader(hView);
if ImageDosHeader.e_magic<>IMAGE_DOS_SIGNATURE then
begin
MessageBox(Handle,'This file is not a valid PE!','Information',MB_OK+MB_ICONERROR);
FreeHandle(hFile,mFile);
Exit;
end;
vBase:=LongWord(ImageDosHeader);
ImageNTHeaders:=PIMAGENTHEADERS(vBase+LongWord(ImageDosHeader.e_lfanew));
if ImageNTHeaders.Signature<>IMAGE_NT_SIGNATURE then
begin
MessageBox(Handle,'This file is not a valid PE。','Information',MB_OK+MB_ICONINFORMATION);
FreeHandle(hFile,mFile);
Exit;
end;
vExport:=ImageNTHeaders.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
if vExport=0 then
begin
FreeHandle(hFile,mFile);
Exit;
end;
ImageSection:=GetSectionHeader(vExport,ImageNTHeaders);
if ImageSection=nil then
begin
FreeHandle(hFile,mFile);
Exit;
end;
tRVA:=Integer(ImageSection.VirtualAddress-ImageSection.PointerToRawData);
ImageExport:=PImageExportDirectory(PChar(vExport)-tRVA+vBase);
//DLL file name
DllName:=PChar(PChar(ImageExport.Name)-tRVA+vBase);
fRVA:=PDWORD(DWORD(ImageExport.AddressOfFunctions)-tRVA+vBase);
TEdit.Text:=IntToHex(ImageExport.TimeDateStamp,8);
CEdit.Text:=IntToHex(ImageExport.Characteristics,8);
BEdit.Text:=IntToHex(ImageExport.Base,8);
NEdit.Text:=IntToHex(ImageExport.Name,8);
NSEdit.Text:=DLLName;
NFEdit.Text:=IntToHex(ImageExport.NumberOfFunctions,8);
NNEdit.Text:=IntToHex(ImageExport.NumberOfNames,8);
AFEdit.Text:=IntToHex(ImageExport.AddressOfFunctions,8);
ANEdit.Text:=IntToHex(ImageExport.AddressOfNames,8);
AOEdit.Text:=IntToHex(ImageExport.AddressOfNameOrdinals,8);
//读取以序号输出的函数
for i:=0 to ImageExport.NumberOfFunctions-1 do
begin
eRVA :=fRVA^;
if eRVA=0 then
Continue;
Ordinal:=PWORD(DWORD(ImageExport.AddressOfNameOrdinals)-tRVA+vBase);
//读取以函数名输出的函数
for j:=0 to ImageExport.NumberOfNames-1 do
begin
if Ordinal^=i then
begin
TempStr:='';
while True do
begin
if DllName^=#0 then
Break;
Inc(DllName);
end;//end while
while True do
begin
if (DllName-1)^=#0 then
begin
TempStr:=Format('%s',[DllName]);
Break;
end;
Inc(DllName);
end;//end while
end;
Inc(Ordinal);
end;//end for
Item:=ListView1.Items.Insert(ListView1.Items.Count);
Item.Caption:=Format('%0.4d',[ImageExport.Base+i]);
Item.SubItems.Add(IntToHex(eRVA,8));
Item.SubItems.Add(TempStr);
Inc(fRVA);
end;
UnmapViewOfFile(hView);
FreeHandle(hFile,mFile);
end;
procedure TExportTableFrm.Button1Click(Sender: TObject);
begin
Close;
end;
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -