dosheader.pas

Delphi写的PE查看器

{******************************************************************************}
{Copyright(C) 2007,Pefine Security Lab                                         }
{All rights reserved.                                                          }
{                                                                              }
{Abstract:View Win32 PE file information.                                      }
{                                                                              }
{Version:1.01                                                                  }
{Author:WindRand                                                               }
{Date:2007-01-20                                                               }
{******************************************************************************}
unit DOSHeader;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls, ExtCtrls;

type
  TDOSHeaderFrm = class(TForm)
    GroupBox1: TGroupBox;
    Label1: TLabel;
    Label2: TLabel;
    Label3: TLabel;
    Label4: TLabel;
    Label5: TLabel;
    Label6: TLabel;
    Label7: TLabel;
    Label8: TLabel;
    Label9: TLabel;
    MNEdit: TEdit;
    BPEdit: TEdit;
    PFEdit: TEdit;
    REEdit: TEdit;
    SHEdit: TEdit;
    IMEdit: TEdit;
    AMEdit: TEdit;
    ISEdit: TEdit;
    IPEdit: TEdit;
    Label10: TLabel;
    Label11: TLabel;
    Label12: TLabel;
    Label13: TLabel;
    Label14: TLabel;
    Label15: TLabel;
    Label16: TLabel;
    Label17: TLabel;
    CKEdit: TEdit;
    IIEdit: TEdit;
    ICEdit: TEdit;
    TOEdit: TEdit;
    ONEdit: TEdit;
    OREdit: TEdit;
    OIEdit: TEdit;
    PEEdit: TEdit;
    Panel1: TPanel;
    Button1: TButton;
    procedure FormShow(Sender: TObject);
    procedure Button1Click(Sender: TObject);
    procedure FormCreate(Sender: TObject);
  private
    procedure FreeHandle(hFile,mFile:Thandle);
  public
    { Public declarations }
  end;

var
  DOSHeaderFrm: TDOSHeaderFrm;

implementation

uses Main,JwaWinNT;

{$R *.dfm}

procedure TDOSHeaderFrm.FormShow(Sender: TObject);
begin
  //Interface center
  With DOSHeaderFrm do
    begin
      Left:=(Screen.Width div 2)-(Width div 2);
      Top:=(Screen.Height div 2)-(Height div 2);
    end;
end;

procedure TDOSHeaderFrm.Button1Click(Sender: TObject);
begin
  Close;
end;

procedure TDOSHeaderFrm.FreeHandle(hFile,mFile:Thandle);
begin
  CloseHandle(hFile);
  CloseHandle(mFile);
end;

procedure TDOSHeaderFrm.FormCreate(Sender: TObject);
var
  FileNameStr:String;
  ImageDosHeader:PIMAGEDOSHEADER;
  ImageNTHeaders:PIMAGENTHEADERS;
  hFile,mFile:THandle;
  hView:Pointer;
  vBase:LongWord;
begin
  FileNameStr:=MainFrm.PublicFileNameStr;
  hFile:=CreateFile(PChar(FileNameStr),GENERIC_READ,FILE_SHARE_READ,nil,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
  if hFile=INVALID_HANDLE_VALUE then
    begin
      MessageBox(Handle,'Open file error！','Information',MB_OK+MB_ICONERROR);
      CloseHandle(hFile);
      Exit;
    end;
  mFile:=CreateFileMapping(hFile,nil,PAGE_READONLY,0,0,nil);
  if mFile=0 then
    begin
      MessageBox(Handle,'Cannot open the file for memory mapping！','Information',MB_OK+MB_ICONERROR);
      CloseHandle(hFile);
      Exit;
    end;
  hView:=MapViewOfFile(mFile,FILE_MAP_READ,0,0,0);
  if hView=nil then
    begin
      MessageBox(Handle,'Cannot map the file into memory！','Information',MB_OK+MB_ICONERROR);
      FreeHandle(hFile,mFile);
      Exit;
    end;
  ImageDosHeader:=PImageDosHeader(hView);
  if ImageDosHeader.e_magic<>IMAGE_DOS_SIGNATURE then
    begin
      MessageBox(Handle,'This file is not a valid PE！','Information',MB_OK+MB_ICONERROR);
      FreeHandle(hFile,mFile);
      Exit;
    end;
  vBase:=LongWord(ImageDosHeader);
  ImageNTHeaders:=PIMAGENTHEADERS(vBase+LongWord(ImageDosHeader.e_lfanew));
  if ImageNTHeaders.Signature<>IMAGE_NT_SIGNATURE then
    begin
      MessageBox(Handle,'This file is not a valid PE。','Information',MB_OK+MB_ICONINFORMATION);
      FreeHandle(hFile,mFile);
      Exit;
    end;

  // Magic number
  MNEdit.Text:=IntToHex(ImageDosHeader.e_magic,4);
  // Bytes on last page of file
  BPEdit.Text:=IntToHex(ImageDosHeader.e_cblp,4);
  // Pages in file
  PFEdit.Text:=IntToHex(ImageDosHeader.e_cp,4);
  // Relocations
  REEdit.Text:=IntToHex(ImageDosHeader.e_crlc,4);
  // Size of header in paragraphs
  SHEdit.Text:=IntToHex(ImageDosHeader.e_cparhdr,4);
  // Minimum extra paragraphs needed
  IMEdit.Text:=IntToHex(ImageDosHeader.e_minalloc,4);
  // Maximum extra paragraphs needed
  AMEdit.Text:=IntToHex(ImageDosHeader.e_maxalloc,4);
  // Initial (relative) SS value
  ISEdit.Text:=IntToHex(ImageDosHeader.e_ss,4);
  // Initial SP value
  IPEdit.Text:=IntToHex(ImageDosHeader.e_sp,4);
  // Checksum
  CKEdit.Text:=IntToHex(ImageDosHeader.e_csum,4);
  // Initial IP value
  IIEdit.Text:=IntToHex(ImageDosHeader.e_ip,4);
  // Initial (relative) CS value
  ICEdit.Text:=IntToHex(ImageDosHeader.e_cs,4);
  // File address of relocation table
  TOEdit.Text:=IntToHex(ImageDosHeader.e_lfarlc,4);
  // Overlay number
  ONEdit.Text:=IntToHex(ImageDosHeader.e_ovno,4);
  // OEM identifier (for e_oeminfo)
  OREdit.Text:=IntToHex(ImageDosHeader.e_oemid,4);
  // OEM information; e_oemid specific
  OIEdit.Text:=IntToHex(ImageDosHeader.e_oeminfo,4);
  // File address of new exe header
  PEEdit.Text:=IntToHex(ImageDosHeader.e_lfanew,8);
  UnmapViewOfFile(hView);
  FreeHandle(hFile,mFile);
end;

end.