unit1.pas

Hying的资源提取工具,可以提取程序的资源 delphi7下开发

unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls, ComCtrls, PsAPI, Global, toolfunc, Grids, Buttons, TlHelp32;

type
  TForm1 = class(TForm)
    CB_ProcList: TComboBox;
    Label11: TLabel;
    PageControl1: TPageControl;
    TabSheet1: TTabSheet;
    TabSheet2: TTabSheet;
    Label1: TLabel;
    Label2: TLabel;
    Label5: TLabel;
    Label6: TLabel;
    Label7: TLabel;
    Label8: TLabel;
    Label9: TLabel;
    Label10: TLabel;
    Label12: TLabel;
    TreeView1: TTreeView;
    Button1: TButton;
    ED_ImageBase: TEdit;
    ED_ImageSize: TEdit;
    GroupBox1: TGroupBox;
    Label4: TLabel;
    Label3: TLabel;
    ED_ResSize: TEdit;
    ED_ResRVA: TEdit;
    ED_ResCount: TEdit;
    ED_ResDataSize: TEdit;
    ED_ResDirSize: TEdit;
    ED_ResBase: TEdit;
    ED_NewResBase: TEdit;
    CB_ModuleList: TComboBox;
    SD1: TSaveDialog;
    SG_Drx: TStringGrid;
    ED_Dr0: TEdit;
    Label13: TLabel;
    ED_Dr2: TEdit;
    Label14: TLabel;
    ED_Dr6: TEdit;
    Label15: TLabel;
    ED_Dr1: TEdit;
    Label16: TLabel;
    ED_Dr3: TEdit;
    Label17: TLabel;
    ED_Dr7: TEdit;
    Label18: TLabel;
    LB_TID: TLabel;
    PC_2: TPageControl;
    TabSheet3: TTabSheet;
    TabSheet4: TTabSheet;
    TabSheet5: TTabSheet;
    TabSheet6: TTabSheet;
    GroupBox2: TGroupBox;
    RB_3_1: TRadioButton;
    RB_3_2: TRadioButton;
    RB_3_3: TRadioButton;
    GroupBox3: TGroupBox;
    RB_3_4: TRadioButton;
    RB_3_5: TRadioButton;
    RB_3_6: TRadioButton;
    RB_3_7: TRadioButton;
    GroupBox4: TGroupBox;
    RB_0_1: TRadioButton;
    RB_0_2: TRadioButton;
    RB_0_3: TRadioButton;
    GroupBox5: TGroupBox;
    RB_0_4: TRadioButton;
    RB_0_5: TRadioButton;
    RB_0_6: TRadioButton;
    RB_0_7: TRadioButton;
    GroupBox6: TGroupBox;
    RB_1_1: TRadioButton;
    RB_1_2: TRadioButton;
    RB_1_3: TRadioButton;
    GroupBox7: TGroupBox;
    RB_1_4: TRadioButton;
    RB_1_5: TRadioButton;
    RB_1_6: TRadioButton;
    RB_1_7: TRadioButton;
    GroupBox8: TGroupBox;
    RB_2_1: TRadioButton;
    RB_2_2: TRadioButton;
    RB_2_3: TRadioButton;
    GroupBox9: TGroupBox;
    RB_2_4: TRadioButton;
    RB_2_5: TRadioButton;
    RB_2_6: TRadioButton;
    RB_2_7: TRadioButton;
    GroupBox10: TGroupBox;
    GroupBox11: TGroupBox;
    GroupBox12: TGroupBox;
    GroupBox13: TGroupBox;
    RB_0_8: TCheckBox;
    RB_0_9: TCheckBox;
    RB_1_8: TCheckBox;
    RB_1_9: TCheckBox;
    RB_2_8: TCheckBox;
    RB_2_9: TCheckBox;
    RB_3_8: TCheckBox;
    RB_3_9: TCheckBox;
    CB_LE: TCheckBox;
    CB_GE: TCheckBox;
    CB_GD: TCheckBox;
    GroupBox14: TGroupBox;
    CB_B1: TCheckBox;
    CB_B0: TCheckBox;
    CB_B2: TCheckBox;
    CB_B3: TCheckBox;
    CB_BD: TCheckBox;
    CB_BS: TCheckBox;
    CB_BT: TCheckBox;
    Button2: TButton;
    procedure CB_ProcListDropDown(Sender: TObject);
    procedure CB_ProcListSelect(Sender: TObject);
    procedure TreeView1Change(Sender: TObject; Node: TTreeNode);
    procedure Button1Click(Sender: TObject);
    procedure CB_ModuleListSelect(Sender: TObject);
    procedure FormCreate(Sender: TObject);
    procedure CB_ModuleListDropDown(Sender: TObject);
    procedure SG_DrxClick(Sender: TObject);
    procedure CB_dr6Click(Sender: TObject);
    procedure Button2Click(Sender: TObject);
    procedure RB_Dr7Click(Sender: TObject);
    procedure RB_dr7_1Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.dfm}

procedure TForm1.CB_ProcListDropDown(Sender: TObject);
var
  i:integer;
  hProc,TmpDword:DWORD;
begin
  CB_ProcList.Items.Clear;
  EnumProcesses(@ProcIdList[0],256*4,ProcIdListCount);
  ProcIdListCount:=ProcIdListCount div 4;
  for i:=0 to ProcIdListCount-1 do begin
    hProc:=OpenProcess(PROCESS_QUERY_INFORMATION+PROCESS_VM_READ, false, ProcIdList[i]);
    if hProc <> 0 then begin
      if EnumProcessModules(hProc, @hModule[0], 4, hModuleCount) then begin
        GetModuleFileNameEx(hProc,hModule[0],@ProcName[0],255);
        CB_ProcList.Items.Add(ProcName);
      end
      else
        CB_ProcList.Items.Add('[system]');
      CloseHandle(hProc);
    end
    else
      CB_ProcList.Items.Add('[system]');
  end;
end;

procedure TForm1.CB_ProcListSelect(Sender: TObject);
var
  ModuleInfo:_MODULEINFO;
  TmpDword,hThreadSnap,hThread:DWORD;
  th32:THREADENTRY32;
  SnapOk:bool;
  i:integer;
  TmpTreeNode:TTreeNode;
begin
  WorkProc.ProcId:=ProcIdList[CB_ProcList.ItemIndex];
  CB_ModuleList.Items.Clear;
  if PageControl1.ActivePageIndex = 0 then begin
    WorkProc.hProc:=OpenProcess(PROCESS_QUERY_INFORMATION+PROCESS_VM_READ, false, WorkProc.ProcId);
    if WorkProc.hProc <> 0 then begin
      if EnumProcessModules(WorkProc.hProc, @hModule[0], 1024, hModuleCount) then begin
        hModuleCount:=hModuleCount div 4;
        GetModuleFileNameEx(WorkProc.hProc,hModule[0],@ProcName[0],255);
        CB_ModuleList.Items.Add(ProcName);
        GetModuleInformation(WorkProc.hProc,hModule[0],@ModuleInfo,SizeOf(_MODULEINFO));
        hModuleInfo[0].ImageBase:=dword(ModuleInfo.lpBaseOfDll);
        hModuleInfo[0].ImageSize:=ModuleInfo.SizeOfImage;
        CB_ModuleList.ItemIndex:=0;
        WorkProc.ImageBase:=hModuleInfo[0].ImageBase;
        WorkProc.ImageSize:=hModuleInfo[0].ImageSize;
        ED_ImageBase.Text:='0x'+inttohex(WorkProc.ImageBase,8);
        ED_ImageSize.Text:='0x'+inttohex(WorkProc.ImageSize,8);
        ResDateEntryCount:=1;
        ResDirectorySize:=0;
        ResNameSize:=0;
        ResDateSize:=0;
        TreeView1.Items.Clear;
        RefResTree;
      end
      else begin
        ED_ImageBase.Text:='0x00000000';
        ED_ImageSize.Text:='0x00000000';
        ED_ResDataSize.Text:='0x00000000';
        ED_ResDirSize.Text:='0x00000000';
        ED_ResCount.Text:='0x00000000';
      end;
      CloseHandle(WorkProc.hProc);
    end
    else begin
      ED_ImageBase.Text:='0x00000000';
      ED_ImageSize.Text:='0x00000000';
      ED_ResDataSize.Text:='0x00000000';
      ED_ResDirSize.Text:='0x00000000';
      ED_ResCount.Text:='0x00000000';
    end;
  end
  else begin
    hThreadSnap:=CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,0);
    th32.dwSize:=SizeOf(THREADENTRY32);
    SnapOk:=Thread32First(hThreadSnap,th32);
    ThreadIDCount:=0;
    while SnapOk do begin
      if th32.th32OwnerProcessID = WorkProc.ProcId then begin
        ThreadIDList[ThreadIDCount]:=th32.th32ThreadID;
        inc(ThreadIDCount);
      end;
      SnapOk:=Thread32Next(hThreadSnap,th32);
    end;
    CloseHandle(hThreadSnap);
    for i:=0 to ThreadIDCount-1 do begin
      hThread:=OpenThread(THREAD_ALL_ACCESS,False,ThreadIDList[i]);
      SuspendThread(hThread);
      ctext.ContextFlags:=CONTEXT_DEBUG_REGISTERS;
      GetThreadContext(hThread,ctext);
      ThreadDrxList[i].Dr0:=ctext.Dr0;
      ThreadDrxList[i].Dr1:=ctext.Dr1;
      ThreadDrxList[i].Dr2:=ctext.Dr2;
      ThreadDrxList[i].Dr3:=ctext.Dr3;
      ThreadDrxList[i].Dr6:=ctext.Dr6;
      ThreadDrxList[i].Dr7:=ctext.Dr7;
      ResumeThread(hThread);
      CloseHandle(hThread);
    end;
    RefDrx;
  end;
end;

procedure TForm1.TreeView1Change(Sender: TObject; Node: TTreeNode);
var
  TmpInt:integer;
begin
  if Node.Data = nil then begin
    ED_ResRVA.Text:='';
    ED_ResSize.Text:='';
  end
  else begin
    TmpInt:=integer(Node.Data);
    ED_ResRVA.Text:='0x'+IntToHex(ResDateEntry[TmpInt].OffsetToData,8);
    ED_ResSize.Text:='0x'+IntToHex(ResDateEntry[TmpInt].Size1,8);
  end;
end;

procedure TForm1.Button1Click(Sender: TObject);
var
  ResBase:dword;
  TmpStr:string;
  i,j,k:integer;
  TmpDirPointer,TmpNamePointer,TmpDataPointer,TmpPointer:Pointer;
  TmpDword,NameUseSize,hFile:dword;
  TmpWord:Word;
begin
  WorkProc.hProc:=OpenProcess(PROCESS_QUERY_INFORMATION+PROCESS_VM_READ, false, WorkProc.ProcId);
  if WorkProc.hProc = 0 then exit;
  TmpStr:=ED_NewResBase.Text;
  TmpStr:='$'+Copy(TmpStr,3,length(TmpStr));
  ResBase:=strtoint(TmpStr);