📄 mitec_pe.pas
字号:
r: TExportItem;
begin
Result:=-1;
idx:=-1;
for i:=0 to High(FIT) do
if SameText(FIT[i].Name,AName) then begin
idx:=i;
Break;
end;
if idx=-1 then begin
SetLength(FIT,Length(FIT)+1);
with FIT[High(FIT)] do begin
Name:=AName;
ThunkData:=AThunk^;
end;
Result:=High(FIT);
while AThunk.Function_<>0 do begin
Finalize(r);
ZeroMemory(@r,SizeOf(r));
if AThunk.Ordinal and IMAGE_ORDINAL_FLAG32<>0 then begin
r.Ordinal:=IMAGE_ORDINAL(AThunk.Ordinal);
r.Name:='';
end else begin
r.Address:=Cardinal(PImageImportByName(RvaToVa(Cardinal(AThunk.AddressOfData))));
r.Name:=PChar(@PImageImportByName(r.Address).Name);
r.Ordinal:=PImageImportByName(r.Address).Hint;
end;
with FIT[Result] do begin
SetLength(Functions,Length(Functions)+1);
Functions[High(Functions)]:=r;
end;
Inc(AThunk);
end;
end;
end;
var
ImportDesc: PImageImportDescriptor;
s: string;
BoundImports, BoundImport: PImageBoundImportDescriptor;
DelayImportDesc: PImgDelayDescr;
Thunk: PImageThunkData;
begin
if ImageNTHeaders^.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size>0 then begin
ImportDesc:=PImageImportDescriptor(DirectoryEntryToData(IMAGE_DIRECTORY_ENTRY_IMPORT));
while ImportDesc^.Name<>0 do begin
s:=string(PChar(RvaToVA(ImportDesc^.Name)));
if ImportDesc^.Union.Characteristics = 0 then begin
Thunk:=PImageThunkData(RvaToVa(ImportDesc^.FirstThunk));
FLinker:='Borland';
end else begin
Thunk:=PImageThunkData(RvaToVa(ImportDesc^.Union.Characteristics));
FLinker:='Microsoft';
end;
AddItem(s,Thunk);
Inc(ImportDesc);
end;
end;
if ImageNTHeaders^.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT].Size>0 then begin
DelayImportDesc:=PImgDelayDescr(DirectoryEntryToData(IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT));
while DelayImportDesc^.szName<>0 do begin
s:=string(PChar(RvaToVaEx(DelayImportDesc^.szName)));
Thunk:=PImageThunkData(RvaToVaEx(DelayImportDesc^.pINT.AddressOfData));
AddItem(s,Thunk);
Inc(DelayImportDesc);
end;
end;
{if ImageNTHeaders^.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].Size>0 then begin
BoundImports:=PImageBoundImportDescriptor(DirectoryEntryTodata(IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT));
BoundImport:=BoundImports;
while (BoundImport^.OffsetModuleName<>0) do begin
s:=string(PChar(Cardinal(BoundImports)+BoundImport^.OffsetModuleName));
...search for name and if found then change import type to bound...
for i:=1 to BoundImport^.NumberOfModuleForwarderRefs do
Inc(PImageBoundForwarderRef(BoundImport)); // skip forward information
Inc(BoundImport);
end;
end;}
end;
procedure TMiTeC_PE.CreateVerList;
var
translation: string;
pd: PDWORD;
pc: PChar;
Handle: Cardinal;
Len,Size: Cardinal;
FBuffer: PChar;
FixedFileInfo :PVSFixedFileInfo;
begin
Size:=GetFileVersionInfoSize(PChar(FFilename),Handle);
if Size>0 then begin
GetMem(FBuffer,Size);
try
if GetFileVersionInfo(PChar(FFilename),Handle,Size,FBuffer) then begin
if VerQueryValue(FBuffer,'\',Pointer(FixedFileInfo),Len) then begin
{FVER.Add(Format('%s=%d.%d.%d.%d',['Full file version',
hiword(fixedfileinfo^.dwfileversionms),
loword(fixedfileinfo^.dwfileversionms),
hiword(fixedfileinfo^.dwfileversionls),
loword(fixedfileinfo^.dwfileversionls)]));
FVER.Add(Format('%s=%d.%d.%d.%d',['Full product version',
hiword(fixedfileinfo^.dwProductVersionMS),
loword(fixedfileinfo^.dwProductVersionMS),
hiword(fixedfileinfo^.dwProductVersionLS),
loword(fixedfileinfo^.dwProductVersionLS)]));}
if verqueryvalue(FBuffer,pchar('\VarFileInfo\Translation'),Pointer(pd),Len) then begin
translation:=IntToHex(pd^,8);
translation:=Copy(translation,5,4)+Copy(translation,1,4);
end;
if verqueryvalue(FBuffer,pchar('\StringFileInfo\'+translation+'\ProductVersion'),Pointer(pc),Len) then
FVER.Add(Format('%s=%s',['Product version',string(pc)]));
if verqueryvalue(FBuffer,pchar('\StringFileInfo\'+translation+'\FileVersion'),Pointer(pc),Len) then
FVER.Add(Format('%s=%s',['File version',string(pc)]));
if verqueryvalue(FBuffer,pchar('\StringFileInfo\'+translation+'\FileDescription'),Pointer(pc),Len) then
FVER.Add(Format('%s=%s',['Description',string(pc)]));
if verqueryvalue(FBuffer,pchar('\StringFileInfo\'+translation+'\LegalCopyright'),Pointer(pc),Len) then
FVER.Add(Format('%s=%s',['Copyright',string(pc)]));
if verqueryvalue(FBuffer,pchar('\StringFileInfo\'+translation+'\Comments'),Pointer(pc),Len) then
FVER.Add(Format('%s=%s',['Comments',string(pc)]));
if verqueryvalue(FBuffer,pchar('\StringFileInfo\'+translation+'\SpecialBuild'),Pointer(pc),Len) then
FVER.Add(Format('%s=%s',['Special build',string(pc)]));
if verqueryvalue(FBuffer,pchar('\StringFileInfo\'+translation+'\ProductName'),Pointer(pc),Len) then
FVER.Add(Format('%s=%s',['Product name',string(pc)]));
if verqueryvalue(FBuffer,pchar('\StringFileInfo\'+translation+'\CompanyName'),Pointer(pc),Len) then
FVER.Add(Format('%s=%s',['Company name',string(pc)]));
if verqueryvalue(FBuffer,pchar('\StringFileInfo\'+translation+'\InternalName'),Pointer(pc),Len) then
FVER.Add(Format('%s=%s',['Internal name',string(pc)]));
end;
end;
finally
FreeMem(FBuffer);
end;
end;
end;
destructor TMiTeC_PE.Destroy;
begin
Close;
Finalize(FRD);
FCL.Free;
FRP.Free;
FCU.Free;
FDFM.Free;
FHDR.Free;
FVER.Free;
inherited;
end;
function TMiTeC_PE.DirectoryEntryToData(Directory: Word): Pointer;
begin
Result:=Pointer(FH+ImageNTHeaders^.OptionalHeader.DataDirectory[Directory].VirtualAddress);
end;
function TMiTeC_PE.GetClassCount: Cardinal;
begin
Result:=FCL.Count;
end;
function TMiTeC_PE.GetClassItem(Index: cardinal): TClass;
begin
Result:=TClass(FCL[Index]);
end;
function TMiTeC_PE.GetDirCount: Cardinal;
begin
Result:=IMAGE_NUMBEROF_DIRECTORY_ENTRIES;
end;
function TMiTeC_PE.GetDirItem(Index: Cardinal): TDirectoryItem;
var
i: Integer;
EndRVA: Cardinal;
begin
Finalize(Result);
ZeroMemory(@Result,SizeOf(Result));
Result.Data:=ImageNTHeaders^.OptionalHeader.DataDirectory[Index];
Result.Name:=DirectoryNames(Index);
for i:=0 to SectionCount-1 do
with Sections[i] do begin
if Data.SizeOfRawData=0 then
EndRVA:=Data.Misc.VirtualSize
else
EndRVA:=Data.SizeOfRawData;
Inc(EndRVA,Data.VirtualAddress);
if (Data.VirtualAddress<=Result.Data.VirtualAddress) and (EndRVA>=Result.Data.VirtualAddress) then begin
Result.Section:=Name;
Break;
end;
end;
end;
function TMiTeC_PE.GetExpCount: Cardinal;
begin
Result:=Length(FET);
end;
function TMiTeC_PE.GetExpItem(Index: Cardinal): TExportItem;
begin
Result:=FET[Index];
end;
function TMiTeC_PE.GetFormCount: Cardinal;
begin
Result:=FDFM.Count;
end;
function TMiTeC_PE.GetFormItem(Index: Cardinal): string;
begin
Result:=FDFM[Index];
end;
function TMiTeC_PE.GetHeadCount: Cardinal;
begin
Result:=FHDR.Count;
end;
function TMiTeC_PE.GetHeadName(Index: Cardinal): string;
begin
Result:=FHDR.Names[Index];
end;
function TMiTeC_PE.GetHeadValue(Index: Cardinal): string;
begin
Result:=FHDR.ValueFromIndex[Index];
end;
function TMiTeC_PE.GetImpCount: Cardinal;
begin
Result:=Length(FIT);
end;
function TMiTeC_PE.GetImpItem(Index: Cardinal): TImportItem;
begin
Result:=FIT[Index];
end;
function TMiTeC_PE.GetPkgCount: Cardinal;
begin
Result:=FRP.Count;
end;
function TMiTeC_PE.GetPkgItem(Index: Cardinal): string;
begin
Result:=FRP[Index];
end;
function TMiTeC_PE.GetResCount: Cardinal;
begin
Result:=Length(FRD);
end;
function TMiTeC_PE.GetResItem(Index: Cardinal): TResourceItem;
begin
Result:=FRD[Index];
end;
function TMiTeC_PE.GetSecCount: Cardinal;
begin
Result:=ImageNTHeaders^.FileHeader.NumberOfSections;
end;
function TMiTeC_PE.GetSecItem(Index: Cardinal): TSectionItem;
begin
Finalize(Result);
ZeroMemory(@Result,SizeOf(Result));
Result.Data:=PImageSectionHeader(Integer(ImageNTHeaders)+Sizeof(TImageNTHeaders)+Index*SizeOf(TImageSectionHeader))^;
Result.Name:=string(PChar(@Result.Data.Name));
end;
function TMiTeC_PE.GetUnitCount: Cardinal;
begin
Result:=FCU.Count;
end;
function TMiTeC_PE.GetUnitItem(Index: Cardinal): string;
begin
Result:=FCU[Index];
end;
function TMiTeC_PE.GetVerCount: Cardinal;
begin
Result:=FVER.Count;
end;
function TMiTeC_PE.GetVerName(Index: Cardinal): string;
begin
Result:=FVER.Names[Index];
end;
function TMiTeC_PE.GetVerValue(Index: Cardinal): string;
begin
Result:=FVER.ValueFromIndex[Index];
end;
procedure TMiTeC_PE.ReadInfo;
var
i: Integer;
s: string;
begin
FSize:=GetFileSize(FFilename);
ImageNTHeaders:=PImageNtHeaders(Longint(FH)+PImageDosHeader(FH)^._lfanew);
if ValidMSEXEModule and ValidReadableNTPEModule then begin
CreateClassList;
FHDR.Add(Format('%s=0x%8.8x',['Signature',ImageNTHeaders.Signature]));
case ImageNTHeaders.FileHeader.Machine of
IMAGE_FILE_MACHINE_I386: s:='32-bit Intel';
IMAGE_FILE_MACHINE_IA64: s:='64-bit Intel';
IMAGE_FILE_MACHINE_AMD64: s:='64-bit AMD';
IMAGE_FILE_MACHINE_ALPHA: s:='DEC Alpha';
IMAGE_FILE_MACHINE_POWERPC: s:='Power PC';
else s:=Format('0x%4.4x',[ImageNTHeaders.FileHeader.Machine]);
end;
FHDR.Add(Format('%s=%s',['Machine',s]));
FHDR.Add(Format('%s=%d',['Number of sections',ImageNTHeaders.FileHeader.NumberOfSections]));
FHDR.Add(Format('%s=%s',['Timestamp',DatetimeToStr(UNIX32ToDatetime(ImageNTHeaders.FileHeader.TimeDateStamp))]));
FHDR.Add(Format('%s=0x%8.8x',['Pointer to symbol table',ImageNTHeaders.FileHeader.PointerToSymbolTable]));
FHDR.Add(Format('%s=%d',['Number of symbols',ImageNTHeaders.FileHeader.NumberOfSymbols]));
FHDR.Add(Format('%s=%d',['Size of optional header',ImageNTHeaders.FileHeader.SizeOfOptionalHeader]));
FHDR.Add(Format('%s=0x%4.4x',['Characteristics',ImageNTHeaders.FileHeader.Characteristics]));
FHDR.Add(Format('%s=0x%4.4x',['Magic',ImageNTHeaders.OptionalHeader.Magic]));
FHDR.Add(Format('%s=%d.%d',['Linker version',ImageNTHeaders.OptionalHeader.MajorLinkerVersion,ImageNTHeaders.OptionalHeader.MinorLinkerVersion]));
FHDR.Add(Format('%s=%d',['Size of code',ImageNTHeaders.OptionalHeader.SizeOfCode]));
FHDR.Add(Format('%s=%d',['Size of initialized data',ImageNTHeaders.OptionalHeader.SizeOfInitializedData]));
FHDR.Add(Format('%s=%d',['Size of uninitialized',ImageNTHeaders.OptionalHeader.SizeOfUninitializedData]));
FHDR.Add(Format('%s=0x%8.8x',['Address of entry point',ImageNTHeaders.OptionalHeader.AddressOfEntryPoint]));
FHDR.Add(Format('%s=0x%8.8x',['Base of code',ImageNTHeaders.OptionalHeader.BaseOfCode]));
FHDR.Add(Format('%s=0x%8.8x',['Base of data',ImageNTHeaders.OptionalHeader.BaseOfData]));
FHDR.Add(Format('%s=0x%8.8x',['Image base',ImageNTHeaders.OptionalHeader.ImageBase]));
FHDR.Add(Format('%s=%d',['Section alignment',ImageNTHeaders.OptionalHeader.SectionAlignment]));
FHDR.Add(Format('%s=%d',['File alignment',ImageNTHeaders.OptionalHeader.FileAlignment]));
FHDR.Add(Format('%s=%d.%d',['Operating system version',ImageNTHeaders.OptionalHeader.MajorOperatingSystemVersion,ImageNTHeaders.OptionalHeader.MinorOperatingSystemVersion]));
FHDR.Add(Format('%s=%d.%d',['Image version',ImageNTHeaders.OptionalHeader.MajorImageVersion,ImageNTHeaders.OptionalHeader.MinorImageVersion]));
FHDR.Add(Format('%s=%d.%d',['Subsystem version',ImageNTHeaders.OptionalHeader.MajorSubsystemVersion,ImageNTHeaders.OptionalHeader.MinorSubsystemVersion]));
FHDR.Add(Format('%s=%d',['Win32 version value',ImageNTHeaders.OptionalHeader.Win32VersionValue]));
FHDR.Add(Format('%s=%d',['Size of image',ImageNTHeaders.OptionalHeader.SizeOfImage]));
FHDR.Add(Format('%s=%d',['Size of headers',ImageNTHeaders.OptionalHeader.SizeOfHeaders]));
FHDR.Add(Format('%s=%d',['Checksum',ImageNTHeaders.OptionalHeader.CheckSum]));
case ImageNTHeaders.OptionalHeader.Subsystem of
IMAGE_SUBSYSTEM_UNKNOWN: s:='unknown';
IMAGE_SUBSYSTEM_NATIVE: s:='Native';
IMAGE_SUBSYSTEM_WINDOWS_GUI: s:='Windows GUI';
IMAGE_SUBSYSTEM_WINDOWS_CUI: s:='Console';
IMAGE_SUBSYSTEM_OS2_CUI: s:='OS/2';
IMAGE_SUBSYSTEM_POSIX_CUI: s:='Posix';
IMAGE_SUBSYSTEM_RESERVED8: s:='Reserved 8';
else s:=Format('0x%4.4x',[ImageNTHeaders^.OptionalHeader.Subsystem]);
end;
FHDR.Add(Format('%s=%s',['Subsystem',s]));
FHDR.Add(Format('%s=0x%4.4x',['DLL characteristics',ImageNTHeaders.OptionalHeader.DllCharacteristics]));
FHDR.Add(Format('%s=%d',['Size of stack reserve',ImageNTHeaders.OptionalHeader.SizeOfStackReserve]));
FHDR.Add(Format('%s=%d',['Size of stack commit',ImageNTHeaders.OptionalHeader.SizeOfStackCommit]));
FHDR.Add(Format('%s=%d',['Size of heap reserve',ImageNTHeaders.OptionalHeader.SizeOfHeapReserve]));
FHDR.Add(Format('%s=%d',['Size of heap commit',ImageNTHeaders.OptionalHeader.SizeOfHeapCommit]));
FHDR.Add(Format('%s=0x%8.8x',['Loader flags',ImageNTHeaders.OptionalHeader.LoaderFlags]));
FHDR.Add(Format('%s=%d',['Number of RVA',ImageNTHeaders.OptionalHeader.NumberOfRvaAndSizes]));
CreateExportList;
CreateImportList;
CreateVerList;
EnumResourceNames(FH,RT_RCDATA,@EnumResNameProc1,Cardinal(FDFM));
for i:=0 to High(cResources) do
EnumResourceNames(FH,cResources[i].ID,@EnumResNameProc2,Cardinal(@FRD));
try
GetPackageInfo(FH,FRP,FFlags,GetPackageInfoProc1);
GetPackageInfo(FH,FCU,FFlags,GetPackageInfoProc2);
FDesc:=GetPackageDescription(PChar(FFilename));
except
FFlags:=0;
FDesc:='';
end;
end;
end;
function TMiTeC_PE.RvaToVa(Rva: Cardinal): Pointer;
begin
Result:=Pointer(FH+Rva);
end;
function TMiTeC_PE.RvaToVaEx(Rva: Cardinal): Pointer;
begin
if (Rva>FSize) and (Rva>ImageNTHeaders^.OptionalHeader.ImageBase) then
Dec(Rva,ImageNTHeaders^.OptionalHeader.ImageBase);
Result:=RvaToVa(Rva);
end;
procedure TMiTeC_PE.SetFilename(const Value: string);
begin
Close;
FFilename:=Value;
FH:=GetModulehandle(PChar(FFilename));
FKeep:=False;
if FH=0 then begin
FH:=LoadLibrary(PChar(FFilename));
if FH=0 then
FH:=LoadLibraryEx(PChar(FFilename),0,LOAD_LIBRARY_AS_DATAFILE);
end else
FKeep:=True;
ReadInfo;
end;
function TMiTeC_PE.ValidMSEXEModule: Boolean;
begin
Result:=(PImageDosHeader(FH)^.e_magic=IMAGE_DOS_SIGNATURE);
end;
function TMiTeC_PE.ValidReadableNTPEModule: Boolean;
begin
Result:=(not(IsBadReadPtr(ImageNTHeaders,SizeOf(TImageNTHeaders))) and
(ImageNTHeaders^.Signature=IMAGE_NT_SIGNATURE));
end;
function TMiTeC_PE.SectionExists(ASectionName: string; var AHeader: Pointer): Boolean;
var
i: Integer;
begin
Result:=False;
i:=-1;
AHeader:=PImageSectionHeader(Integer(ImageNTHeaders)+Sizeof(TImageNTHeaders)-SizeOf(TImageSectionHeader));
while (not(Result) and (i<(ImageNTHeaders^.FileHeader.NumberOfSections-1))) do begin
Inc(i);
Inc(PImageSectionHeader(AHeader));
Result:=(StrLIComp(PChar(@PImageSectionHeader(AHeader)^.Name),PChar(ASectionName),IMAGE_SIZEOF_SHORT_NAME)=0);
end;
end;
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -