📄 main.pas
字号:
{******************************************************************************}
{Copyright(C) 2007,Pefine Security Lab }
{All rights reserved. }
{ }
{Abstract:View Win32 PE file information. }
{ }
{Version:1.01 }
{Author:WindRand }
{Date:2007-01-20 }
{******************************************************************************}
unit Main;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, ExtCtrls, StdCtrls, ComCtrls, Buttons;
type
TMainFrm = class(TForm)
Panel1: TPanel;
Label1: TLabel;
FileEdit: TEdit;
GroupBox1: TGroupBox;
Label2: TLabel;
Label3: TLabel;
Label4: TLabel;
Label5: TLabel;
Label6: TLabel;
Label7: TLabel;
Label8: TLabel;
Label9: TLabel;
EPEdit: TEdit;
IBEdit: TEdit;
SIEdit: TEdit;
BCEdit: TEdit;
BDEdit: TEdit;
SAEdit: TEdit;
FAEdit: TEdit;
MagicEdit: TEdit;
Label10: TLabel;
Label11: TLabel;
Label12: TLabel;
Label13: TLabel;
Label14: TLabel;
Label15: TLabel;
Label16: TLabel;
Label17: TLabel;
SubEdit: TEdit;
NSEdit: TEdit;
TSEdit: TEdit;
SHEdit: TEdit;
CharEdit: TEdit;
CSEdit: TEdit;
SOHEdit: TEdit;
NRSEdit: TEdit;
Panel2: TPanel;
Button2: TButton;
Button3: TButton;
Button5: TButton;
Button6: TButton;
Button7: TButton;
SpeedButton1: TSpeedButton;
SizePanel: TPanel;
OpenDialog1: TOpenDialog;
SubBtn: TButton;
CharBtn: TButton;
Button1: TButton;
Button8: TButton;
Button9: TButton;
Button4: TButton;
Button10: TButton;
procedure Button5Click(Sender: TObject);
procedure SpeedButton1Click(Sender: TObject);
procedure Button6Click(Sender: TObject);
procedure SubBtnClick(Sender: TObject);
procedure CharBtnClick(Sender: TObject);
procedure Button1Click(Sender: TObject);
procedure Button8Click(Sender: TObject);
procedure Button9Click(Sender: TObject);
procedure FormShow(Sender: TObject);
procedure Button2Click(Sender: TObject);
procedure Button3Click(Sender: TObject);
procedure Button7Click(Sender: TObject);
procedure Button4Click(Sender: TObject);
procedure Button10Click(Sender: TObject);
private
procedure FreeHandle(hFile,mFile:Thandle);
public
PublicFileNameStr:String;
end;
var
MainFrm: TMainFrm;
TempCardinal:Cardinal;
implementation
uses About,SubSystem,Characteristics, DOSHeader, PEHeader, OptionalHeader,
Sections, Derectories, PublicUnit, JwaWinNT, FLC, TDSC, Book;
{$R *.dfm}
procedure TMainFrm.Button5Click(Sender: TObject);
begin
Application.CreateForm(TAboutFrm, AboutFrm);
AboutFrm.ShowModal;
end;
procedure TMainFrm.FreeHandle(hFile,mFile:Thandle);
begin
CloseHandle(hFile);
CloseHandle(mFile);
end;
procedure TMainFrm.SpeedButton1Click(Sender: TObject);
var
FileNameStr:String;
ImageDosHeader:PIMAGEDOSHEADER;
ImageNTHeaders:PIMAGENTHEADERS;
hFile,mFile:THandle;
hView:Pointer;
vBase:LongWord;
begin
OpenDialog1.Filter:='PE Files(*.exe;*.dll;*.ocx)|*.exe;*.dll;*.ocx';
if OpenDialog1.Execute then
FileNameStr:=OpenDialog1.FileName;
//if file null not run
if FileNameStr='' then
Exit;
SizePanel.Caption:=' FileName:'+ExtractFileName(FileNameStr)+','+GetFileSize(FileNameStr);
FileEdit.Text:=FileNameStr;
PublicFileNameStr:=FileNameStr;
hFile:=CreateFile(PChar(FileNameStr),GENERIC_READ,FILE_SHARE_READ,nil,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
if hFile=INVALID_HANDLE_VALUE then
begin
MessageBox(Handle,'Open file error!','Information',MB_OK+MB_ICONERROR);
CloseHandle(hFile);
Exit;
end;
mFile:=CreateFileMapping(hFile,nil,PAGE_READONLY,0,0,nil);
if mFile=0 then
begin
MessageBox(Handle,'Cannot open the file for memory mapping!','Information',MB_OK+MB_ICONERROR);
CloseHandle(hFile);
Exit;
end;
hView:=MapViewOfFile(mFile,FILE_MAP_READ,0,0,0);
if hView=nil then
begin
MessageBox(Handle,'Cannot map the file into memory!','Information',MB_OK+MB_ICONERROR);
FreeHandle(hFile,mFile);
Exit;
end;
ImageDosHeader:=PImageDosHeader(hView);
if ImageDosHeader.e_magic<>IMAGE_DOS_SIGNATURE then
begin
MessageBox(Handle,'This file is not a valid PE!','Information',MB_OK+MB_ICONERROR);
FreeHandle(hFile,mFile);
Exit;
end;
vBase:=LongWord(ImageDosHeader);
ImageNTHeaders:=PIMAGENTHEADERS(vBase+LongWord(ImageDosHeader.e_lfanew));
if ImageNTHeaders.Signature<>IMAGE_NT_SIGNATURE then
begin
MessageBox(Handle,'This file is not a valid PE。','Information',MB_OK+MB_ICONINFORMATION);
FreeHandle(hFile,mFile);
Exit;
end;
EPEdit.Text:=Format('%.8x',[ImageNTHeaders.OptionalHeader.AddressOfEntryPoint]);
IBEdit.Text:=Format('%.8x',[ImageNTHeaders.OptionalHeader.ImageBase]);
SIEdit.Text:=Format('%.8x',[ImageNTHeaders.OptionalHeader.SizeOfImage]);
BCEdit.Text:=Format('%.8x',[ImageNTHeaders.OptionalHeader.BaseOfCode]);
BDEdit.Text:=Format('%.8x',[ImageNTHeaders.OptionalHeader.BaseOfData]);
SAEdit.Text:=Format('%.8x',[ImageNTHeaders.OptionalHeader.SectionAlignment]);
FAEdit.Text:=Format('%.8x',[ImageNTHeaders.OptionalHeader.FileAlignment]);
MagicEdit.Text:=Format('%.4x',[ImageNTHeaders.OptionalHeader.Magic]);
SubEdit.Text:=Format('%.4x',[ImageNTHeaders.OptionalHeader.Subsystem]);
NSEdit.Text:=Format('%.4x',[ImageNTHeaders.FileHeader.NumberOfSections]);
TSEdit.Text:=Format('%.8x',[ImageNTHeaders.FileHeader.TimeDateStamp]);
SHEdit.Text:=Format('%.8x',[ImageNTHeaders.OptionalHeader.SizeOfHeaders]);
CharEdit.Text:=Format('%.4x',[ImageNTHeaders.FileHeader.Characteristics]);
TempCardinal:=ImageNTHeaders.FileHeader.Characteristics;
CSEdit.Text:=Format('%.8x',[ImageNTHeaders.OptionalHeader.CheckSum]);
SOHEdit.Text:=Format('%.4x',[ImageNTHeaders.FileHeader.SizeOfOptionalHeader]);
NRSEdit.Text:=Format('%.8x',[ImageNTHeaders.OptionalHeader.NumberOfRvaAndSizes]);
UnmapViewOfFile(hView);
FreeHandle(hFile,mFile);
SubBtn.Enabled:=True;
CharBtn.Enabled:=True;
end;
procedure TMainFrm.Button6Click(Sender: TObject);
begin
Close;
end;
procedure TMainFrm.SubBtnClick(Sender: TObject);
begin
with TSubSystemFrm.Create(self) do
begin
Left:=(Screen.Width div 2)-(Width div 2);
Top:=(Screen.Height div 2)-(Height div 2);
Case StrToHex(SubEdit.Text) of
0:FlagRadio.ItemIndex:=0;
1:FlagRadio.ItemIndex:=1;
2:FlagRadio.ItemIndex:=2;
3:FlagRadio.ItemIndex:=3;
4:FlagRadio.ItemIndex:=4;
5:FlagRadio.ItemIndex:=5;
6:FlagRadio.ItemIndex:=6;
7:FlagRadio.ItemIndex:=7;
8:FlagRadio.ItemIndex:=8;
9:FlagRadio.ItemIndex:=9;
10:FlagRadio.ItemIndex:=10;
11:FlagRadio.ItemIndex:=11;
12:FlagRadio.ItemIndex:=12;
end;
ValueLabel.Caption:=SubEdit.Text;
if ShowModal=mrok then
begin
Case FlagRadio.ItemIndex of
0:SubEdit.Text:='0000';
1:SubEdit.Text:='0001';
2:SubEdit.Text:='0002';
3:SubEdit.Text:='0003';
4:SubEdit.Text:='0005';
5:SubEdit.Text:='0007';
6:SubEdit.Text:='0008';
7:SubEdit.Text:='0009';
8:SubEdit.Text:='000A';
9:SubEdit.Text:='000B';
10:SubEdit.Text:='000C';
11:SubEdit.Text:='000D';
12:SubEdit.Text:='000E';
end;
end;
end;
end;
function BeTrue(fg,Value:Cardinal):Boolean;
begin
Result:=fg and not Value=0;
end;
procedure TMainFrm.CharBtnClick(Sender: TObject);
begin
With TCharacteristicsFrm.Create(self) do
begin
Left:=(Screen.Width div 2)-(Width div 2);
Top:=(Screen.Height div 2)-(Height div 2);
CheckBox1.Checked:=BeTrue(IMAGE_FILE_RELOCS_STRIPPED,TempCardinal);
CheckBox2.Checked:=BeTrue(IMAGE_FILE_EXECUTABLE_IMAGE,TempCardinal);
CheckBox3.Checked:=BeTrue(IMAGE_FILE_LINE_NUMS_STRIPPED,TempCardinal);
CheckBox4.Checked:=BeTrue(IMAGE_FILE_LOCAL_SYMS_STRIPPED,TempCardinal);
CheckBox5.Checked:=BeTrue(IMAGE_FILE_AGGRESIVE_WS_TRIM,TempCardinal);
CheckBox6.Checked:=BeTrue(IMAGE_FILE_LARGE_ADDRESS_AWARE,TempCardinal);
CheckBox7.Checked:=BeTrue(IMAGE_FILE_BYTES_REVERSED_LO,TempCardinal);
CheckBox8.Checked:=BeTrue(IMAGE_FILE_32BIT_MACHINE,TempCardinal);
CheckBox9.Checked:=BeTrue(IMAGE_FILE_DEBUG_STRIPPED,TempCardinal);
CheckBox10.Checked:=BeTrue(IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP,TempCardinal);
CheckBox11.Checked:=BeTrue(IMAGE_FILE_NET_RUN_FROM_SWAP,TempCardinal);
CheckBox12.Checked:=BeTrue(IMAGE_FILE_SYSTEM,TempCardinal);
CheckBox13.Checked:=BeTrue(IMAGE_FILE_DLL,TempCardinal);
CheckBox14.Checked:=BeTrue(IMAGE_FILE_UP_SYSTEM_ONLY,TempCardinal);
CheckBox15.Checked:=BeTrue(IMAGE_FILE_BYTES_REVERSED_HI,TempCardinal);
ValueLabel.Caption:=CharEdit.Text;
if ShowModal=mrok then
begin
CharEdit.Text:=IntToHex(CharCount,4);
end;
end;
end;
procedure TMainFrm.Button1Click(Sender: TObject);
begin
if FileEdit.Text='' then
Exit;
Application.CreateForm(TDOSHeaderFrm, DOSHeaderFrm);
DOSHeaderFrm.ShowModal;
end;
procedure TMainFrm.Button8Click(Sender: TObject);
begin
if FileEdit.Text='' then
Exit;
Application.CreateForm(TPEHeaderFrm, PEHeaderFrm);
PEHeaderFrm.ShowModal;
end;
procedure TMainFrm.Button9Click(Sender: TObject);
begin
if FileEdit.Text='' then
Exit;
Application.CreateForm(TOptionalHeaderFrm, OptionalHeaderFrm);
OptionalHeaderFrm.ShowModal;
end;
procedure TMainFrm.FormShow(Sender: TObject);
begin
//Interface center
With MainFrm do
begin
Left:=(Screen.Width div 2)-(Width div 2);
Top:=(Screen.Height div 2)-(Height div 2);
end;
end;
procedure TMainFrm.Button2Click(Sender: TObject);
begin
if FileEdit.Text='' then
Exit;
Application.CreateForm(TSectionsFrm, SectionsFrm);
SectionsFrm.ShowModal;
end;
procedure TMainFrm.Button3Click(Sender: TObject);
begin
if FileEdit.Text='' then
Exit;
Application.CreateForm(TDirectoryFrm, DirectoryFrm);
DirectoryFrm.ShowModal;
end;
procedure TMainFrm.Button7Click(Sender: TObject);
begin
if FileEdit.Text='' then
Exit;
Application.CreateForm(TFLCFrm, FLCFrm);
FLCFrm.ShowModal;
end;
procedure TMainFrm.Button4Click(Sender: TObject);
begin
Application.CreateForm(TTDSCFrm, TDSCFrm);
TDSCFrm.ShowModal;
end;
procedure TMainFrm.Button10Click(Sender: TObject);
begin
Application.CreateForm(TBookFrm, BookFrm);
BookFrm.ShowModal;
end;
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -