📄 flc.pas
字号:
{******************************************************************************}
{Copyright(C) 2007,Pefine Security Lab }
{All rights reserved. }
{ }
{Abstract:View Win32 PE file information. }
{ }
{Version:1.01 }
{Author:WindRand }
{Date:2007-01-20 }
{******************************************************************************}
unit FLC;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ExtCtrls, JwaWinNT, PublicUnit;
type
TFLCFrm = class(TForm)
GroupBox1: TGroupBox;
VACheck: TRadioButton;
RVACheck: TRadioButton;
OffsetCheck: TRadioButton;
VAEdit: TEdit;
RVAEdit: TEdit;
RAWEdit: TEdit;
Panel1: TPanel;
Button1: TButton;
Button2: TButton;
procedure FormShow(Sender: TObject);
procedure VACheckClick(Sender: TObject);
procedure RVACheckClick(Sender: TObject);
procedure OffsetCheckClick(Sender: TObject);
procedure Button1Click(Sender: TObject);
procedure Button2Click(Sender: TObject);
private
procedure FreeHandle(hFile,mFile:Thandle);
public
{ Public declarations }
end;
var
FLCFrm: TFLCFrm;
implementation
uses Main;
{$R *.dfm}
procedure TFLCFrm.FormShow(Sender: TObject);
begin
With FLCFrm do
begin
Left:=(Screen.Width div 2)-(Width div 2);
Top:=(Screen.Height div 2)-(Height div 2);
end;
end;
procedure TFLCFrm.VACheckClick(Sender: TObject);
begin
VAEdit.Text:='';
RVAEdit.Text:='';
RAWEdit.Text:='';
VAEdit.Enabled:=True;
RVAEdit.Enabled:=False;
RAWEdit.Enabled:=False;
end;
procedure TFLCFrm.RVACheckClick(Sender: TObject);
begin
VAEdit.Text:='';
RVAEdit.Text:='';
RAWEdit.Text:='';
VAEdit.Enabled:=False;
RVAEdit.Enabled:=True;
RAWEdit.Enabled:=False;
end;
procedure TFLCFrm.OffsetCheckClick(Sender: TObject);
begin
VAEdit.Text:='';
RVAEdit.Text:='';
RAWEdit.Text:='';
VAEdit.Enabled:=False;
RVAEdit.Enabled:=False;
RAWEdit.Enabled:=True;
end;
procedure TFLCFrm.FreeHandle(hFile,mFile:Thandle);
begin
CloseHandle(hFile);
CloseHandle(mFile);
end;
//RVA to Offset
function RVAtoOffset(RVA:Cardinal;ImageNTHeaders:PIMAGENTHEADERS;ImgSectionHeader:PImageSectionHeader):Cardinal;
var
i:Integer;
begin
for i:=0 to ImageNtHeaders.FileHeader.NumberOfSections-1 do
begin
if (RVA>=ImgSectionHeader.VirtualAddress) and (RVA-ImgSectionHeader.VirtualAddress<ImgSectionHeader.Misc.VirtualSize) then
RVA:=RVA-ImgSectionHeader.VirtualAddress+ImgSectionHeader.PointerToRawData;
Inc(ImgSectionHeader);
end;
Result:=RVA;
end;
//Offset to RVA
function OffsettoRVA(Offset:Cardinal;ImageNTHeaders:PIMAGENTHEADERS;ImgSectionHeader:PImageSectionHeader):Cardinal;
var
i:Integer;
begin
for i:=0 to ImageNtHeaders.FileHeader.NumberOfSections-1 do
begin
if (Offset>=ImgSectionHeader.PointerToRawData) and (Offset-ImgSectionHeader.PointerToRawData<ImgSectionHeader.SizeOfRawData) then
Offset:=Offset+ImgSectionHeader.VirtualAddress-ImgSectionHeader.PointerToRawData;
Inc(ImgSectionHeader);
end;
Result:=Offset;
end;
//VA to RVA
function VAtoRVA(VA:Cardinal;ImageNTHeaders:PIMAGENTHEADERS):Cardinal;
begin
Result:=VA-ImageNTHeaders.OptionalHeader.ImageBase;
end;
//RVA to VA
function RVAtoVA(RVA:Cardinal;ImageNTHeaders:PIMAGENTHEADERS):Cardinal;
begin
Result:=ImageNTHeaders.OptionalHeader.ImageBase+RVA;
end;
procedure TFLCFrm.Button1Click(Sender: TObject);
var
FileNameStr:String;
ImageDosHeader:PIMAGEDOSHEADER;
ImageNTHeaders:PIMAGENTHEADERS;
ImgSectionHeader:PImageSectionHeader;
hFile,mFile:THandle;
hView:Pointer;
vBase:LongWord;
i:Integer;
RVA,Offset,VA:DWORD;
begin
FileNameStr:=MainFrm.PublicFileNameStr;
hFile:=CreateFile(PChar(FileNameStr),GENERIC_READ,FILE_SHARE_READ,nil,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
if hFile=INVALID_HANDLE_VALUE then
begin
MessageBox(Handle,'Open file error!','Information',MB_OK+MB_ICONERROR);
CloseHandle(hFile);
Exit;
end;
mFile:=CreateFileMapping(hFile,nil,PAGE_READONLY,0,0,nil);
if mFile=0 then
begin
MessageBox(Handle,'Cannot open the file for memory mapping!','Information',MB_OK+MB_ICONERROR);
CloseHandle(hFile);
Exit;
end;
hView:=MapViewOfFile(mFile,FILE_MAP_READ,0,0,0);
if hView=nil then
begin
MessageBox(Handle,'Cannot map the file into memory!','Information',MB_OK+MB_ICONERROR);
FreeHandle(hFile,mFile);
Exit;
end;
ImageDosHeader:=PImageDosHeader(hView);
if ImageDosHeader.e_magic<>IMAGE_DOS_SIGNATURE then
begin
MessageBox(Handle,'This file is not a valid PE!','Information',MB_OK+MB_ICONERROR);
FreeHandle(hFile,mFile);
Exit;
end;
vBase:=LongWord(ImageDosHeader);
ImageNTHeaders:=PIMAGENTHEADERS(vBase+LongWord(ImageDosHeader.e_lfanew));
if ImageNTHeaders.Signature<>IMAGE_NT_SIGNATURE then
begin
MessageBox(Handle,'This file is not a valid PE。','Information',MB_OK+MB_ICONINFORMATION);
FreeHandle(hFile,mFile);
Exit;
end;
ImgSectionHeader:=pImageSectionHeader(longword(ImageNTHeaders)+sizeof(TImageNtHeaders));
if VACheck.Checked=True then
begin
if VAEdit.Text='' then
begin
MessageBox(Handle,'Out of range!','Info',MB_OK+MB_ICONERROR);
Exit;
end;
if Length(VAEdit.Text)<8 then
VAEdit.Text:=IntToHex(HexToInt(VAEdit.Text),8);
//VA to RVA
VA:=HexToInt(VAEdit.Text);
RVAEdit.Enabled:=True;
RVAEdit.Text:=IntToHex(VAtoRVA(VA,ImageNTHeaders),8);
//RVA to Offset
RVA:=HexToInt(RVAEdit.Text);
RAWEdit.Enabled:=True;
RAWEdit.Text:=IntToHex(RVAtoOffset(RVA,ImageNTHeaders,ImgSectionHeader),8);
end;
if RVACheck.Checked=True then
begin
if Length(RVAEdit.Text)<8 then
RVAEdit.Text:=IntToHex(HexToInt(RVAEdit.Text),8);
RVA:=HexToInt(RVAEdit.Text);
//RVA to VA
VAEdit.Enabled:=True;
VAEdit.Text:=IntToHex(RVAToVA(RVA,ImageNTHeaders),8);
//RVA to Offset
RAWEdit.Enabled:=True;
RAWEdit.Text:=IntToHex(RVAtoOffset(RVA,ImageNTHeaders,ImgSectionHeader),8);
end;
if OffsetCheck.Checked=True then
begin
if Length(RAWEdit.Text)<8 then
RAWEdit.Text:=IntToHex(HexToInt(RAWEdit.Text),8);
//Offset to RVA
Offset:=HexToInt(RAWEdit.Text);
RVAEdit.Enabled:=True;
RVAEdit.Text:=IntToHex(OffsetToRVA(Offset,ImageNTHeaders,ImgSectionHeader),8);
//RVA to VA
RVA:=HexToInt(RVAEdit.Text);
VAEdit.Enabled:=True;
VAEdit.Text:=IntToHex(RVAToVA(RVA,ImageNTHeaders),8);
end;
UnmapViewOfFile(hView);
FreeHandle(hFile,mFile);
end;
procedure TFLCFrm.Button2Click(Sender: TObject);
begin
Close;
end;
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -