📄 unit1.pas
字号:
SetLength(ResDateBuf,ResDateSize);
ZeroMemory(@ResDateBuf[0],ResDateSize);
SetLength(ResDirectoryBuf,ResDirectorySize);
ZeroMemory(@ResDirectoryBuf[0],ResDirectorySize);
SetLength(ResNameBuf,ResNameSize);
ZeroMemory(@ResNameBuf[0],ResNameSize);
pIMAGE_RESOURCE_DIRECTORY(@ResDirectoryBuf[0])^:=WorkProc.ResDirect;
TmpDirPointer:=@ResDirectoryBuf[$10];
TmpNamePointer:=@ResNameBuf[0];
NameUseSize:=0;
TmpDword:=$10+8*MainResDirCount;
for i:=0 to MainResDirCount-1 do begin
if MainResDir[i].ID <> 0 then begin
pIMAGE_RESOURCE_DIRECTORY_ENTRY(TmpDirPointer).OffsetToName:=MainResDir[i].ID;
end
else begin
TmpWord:=Pword(@MainResDir[i].Name[0])^;
CopyMemory(TmpNamePointer,@MainResDir[i].Name[0],TmpWord*2+2);
pIMAGE_RESOURCE_DIRECTORY_ENTRY(TmpDirPointer).OffsetToName:=(NameUseSize+ResDirectorySize) or $80000000;
NameUseSize:=NameUseSize+TmpWord*2+2;
TmpNamePointer:=Pointer(dword(TmpNamePointer)+TmpWord*2+2);
end;
pIMAGE_RESOURCE_DIRECTORY_ENTRY(TmpDirPointer).OffsetToData:=TmpDword or $80000000;
TmpDword:=TmpDword+$10+MainResDir[i].ChildCount*8;
TmpDirPointer:=Pointer(dword(TmpDirPointer)+8);
end;
TmpDword:=0;
for i:=0 to MainResDirCount-1 do begin
TmpDword:=TmpDword+$10+MainResDir[i].ChildCount*8;
end;
TmpDword:=TmpDword+dword(TmpDirPointer)-dword(@ResDirectoryBuf[0]);
k:=1;
for i:=0 to MainResDirCount-1 do begin
TmpPointer:=Pointer(dword(TmpDirPointer)+$10);
pIMAGE_RESOURCE_DIRECTORY(TmpDirPointer).Characteristics:=WorkProc.ResDirect.Characteristics;
pIMAGE_RESOURCE_DIRECTORY(TmpDirPointer).TimeDateStamp:=WorkProc.ResDirect.TimeDateStamp;
pIMAGE_RESOURCE_DIRECTORY(TmpDirPointer).MajorVersion:=WorkProc.ResDirect.MajorVersion;
pIMAGE_RESOURCE_DIRECTORY(TmpDirPointer).MinorVersion:=WorkProc.ResDirect.MinorVersion;
for j:=0 to MainResDir[i].ChildCount-1 do begin
if ChildResDir[k].ID = 0 then begin
TmpWord:=Pword(@ChildResDir[k].Name[0])^;
CopyMemory(TmpNamePointer,@ChildResDir[k].Name[0],TmpWord*2+2);
pIMAGE_RESOURCE_DIRECTORY_ENTRY(TmpPointer).OffsetToName:=(NameUseSize+ResDirectorySize) or $80000000;
NameUseSize:=NameUseSize+TmpWord*2+2;
TmpNamePointer:=Pointer(dword(TmpNamePointer)+TmpWord*2+2);
inc(pIMAGE_RESOURCE_DIRECTORY(TmpDirPointer).NumberOfNamedEntries);
end
else begin
pIMAGE_RESOURCE_DIRECTORY_ENTRY(TmpPointer).OffsetToName:=ChildResDir[k].ID;
inc(pIMAGE_RESOURCE_DIRECTORY(TmpDirPointer).NumberOfIdEntries);
end;
pIMAGE_RESOURCE_DIRECTORY_ENTRY(TmpPointer).OffsetToData:=TmpDword or $80000000;
TmpDword:=TmpDword+$18;
TmpPointer:=Pointer(dword(TmpPointer)+8);
inc(k);
end;
TmpDirPointer:=Pointer(dword(TmpDirPointer)+$10+MainResDir[i].ChildCount*8);
end;
TmpDword:=(ResDateEntryCount-1)*$18+dword(TmpDirPointer)-dword(@ResDirectoryBuf[0]);
for i:=1 to ResDateEntryCount-1 do begin
pIMAGE_RESOURCE_DIRECTORY(TmpDirPointer).Characteristics:=WorkProc.ResDirect.Characteristics;
pIMAGE_RESOURCE_DIRECTORY(TmpDirPointer).TimeDateStamp:=WorkProc.ResDirect.TimeDateStamp;
pIMAGE_RESOURCE_DIRECTORY(TmpDirPointer).MajorVersion:=WorkProc.ResDirect.MajorVersion;
pIMAGE_RESOURCE_DIRECTORY(TmpDirPointer).MinorVersion:=WorkProc.ResDirect.MinorVersion;
pIMAGE_RESOURCE_DIRECTORY(TmpDirPointer).NumberOfIdEntries:=1;
TmpDirPointer:=Pointer(dword(TmpDirPointer)+$10);
pIMAGE_RESOURCE_DIRECTORY_ENTRY(TmpDirPointer).OffsetToData:=TmpDword;
TmpDirPointer:=Pointer(dword(TmpDirPointer)+$8);
TmpDword:=TmpDword+$10;
end;
TmpDword:=ResDirectorySize+ResNameSize;
TmpDataPointer:=@ResDateBuf[0];
for i:=1 to ResDateEntryCount-1 do begin
pIMAGE_RESOURCE_DATA_ENTRY(TmpDirPointer).Size1:=ResDateEntry[i].Size1;
pIMAGE_RESOURCE_DATA_ENTRY(TmpDirPointer).OffsetToData:=TmpDword+ResBase;
ReadMemory(ResDateEntry[i].OffsetToData,ResDateEntry[i].Size1,TmpDataPointer);
if (ResDateEntry[i].Size1 and 3)=0 then begin
TmpDword:=TmpDword+ResDateEntry[i].Size1;
TmpDataPointer:=Pointer(dword(TmpDataPointer)+ResDateEntry[i].Size1);
end
else begin
TmpDword:=TmpDword+(ResDateEntry[i].Size1 and $fffffffc) + 4;
TmpDataPointer:=Pointer(dword(TmpDataPointer)+(ResDateEntry[i].Size1 and $fffffffc) + 4);
end;
TmpDirPointer:=Pointer(dword(TmpDirPointer)+$10);
end;
CloseHandle(WorkProc.hProc);
if not SD1.Execute then
TmpStr:='ResFix.dat'
else TmpStr:=SD1.FileName;
hFile:=CreateFile(pchar(TmpStr),GENERIC_READ+GENERIC_WRITE,FILE_SHARE_READ+FILE_SHARE_WRITE,nil,CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
SetFilePointer(hFile,0,nil,FILE_BEGIN);
k:=dword(@ResDirectoryBuf[0]);
WriteFile(hFile,ResDirectoryBuf[0],ResDirectorySize,TmpDword,nil);
WriteFile(hFile,ResNameBuf[0],ResNameSize,TmpDword,nil);
WriteFile(hFile,ResDateBuf[0],ResDateSize,TmpDword,nil);
CloseHandle(hFile);
end;
procedure TForm1.CB_ModuleListSelect(Sender: TObject);
var
i:integer;
begin
WorkProc.hProc:=OpenProcess(PROCESS_QUERY_INFORMATION+PROCESS_VM_READ, false, WorkProc.ProcId);
if WorkProc.hProc = 0 then exit;
i:=CB_ModuleList.ItemIndex;
WorkProc.ImageBase:=hModuleInfo[i].ImageBase;
WorkProc.ImageSize:=hModuleInfo[i].ImageSize;
ED_ImageBase.Text:='0x'+inttohex(WorkProc.ImageBase,8);
ED_ImageSize.Text:='0x'+inttohex(WorkProc.ImageSize,8);
ResDateEntryCount:=1;
ResDirectorySize:=0;
ResNameSize:=0;
ResDateSize:=0;
TreeView1.Items.Clear;
RefResTree;
CloseHandle(WorkProc.hProc);
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
SG_Drx.Cells[0,0]:='ThreadID';
SG_Drx.Cells[0,1]:='Dr0';
SG_Drx.Cells[0,2]:='Dr1';
SG_Drx.Cells[0,3]:='Dr2';
SG_Drx.Cells[0,4]:='Dr3';
SG_Drx.Cells[0,5]:='Dr6';
SG_Drx.Cells[0,6]:='Dr7';
RB_Len[0]:=RB_0_1;
RB_Len[1]:=RB_0_2;
RB_Len[2]:=RB_0_3;
RB_Len[3]:=RB_1_1;
RB_Len[4]:=RB_1_2;
RB_Len[5]:=RB_1_3;
RB_Len[6]:=RB_2_1;
RB_Len[7]:=RB_2_2;
RB_Len[8]:=RB_2_3;
RB_Len[9]:=RB_3_1;
RB_Len[10]:=RB_3_2;
RB_Len[11]:=RB_3_3;
RB_RWE[0]:=RB_0_4;
RB_RWE[1]:=RB_0_5;
RB_RWE[2]:=RB_0_6;
RB_RWE[3]:=RB_0_7;
RB_RWE[4]:=RB_1_4;
RB_RWE[5]:=RB_1_5;
RB_RWE[6]:=RB_1_6;
RB_RWE[7]:=RB_1_7;
RB_RWE[8]:=RB_2_4;
RB_RWE[9]:=RB_2_5;
RB_RWE[10]:=RB_2_6;
RB_RWE[11]:=RB_2_7;
RB_RWE[12]:=RB_3_4;
RB_RWE[13]:=RB_3_5;
RB_RWE[14]:=RB_3_6;
RB_RWE[15]:=RB_3_7;
RB_LG[0]:=RB_0_8;
RB_LG[1]:=RB_0_9;
RB_LG[2]:=RB_1_8;
RB_LG[3]:=RB_1_9;
RB_LG[4]:=RB_2_8;
RB_LG[5]:=RB_2_9;
RB_LG[6]:=RB_3_8;
RB_LG[7]:=RB_3_9;
CB_Bx[0]:=CB_B0;
CB_Bx[1]:=CB_B1;
CB_Bx[2]:=CB_B2;
CB_Bx[3]:=CB_B3;
end;
procedure TForm1.CB_ModuleListDropDown(Sender: TObject);
var
ModuleInfo:_MODULEINFO;
i:integer;
begin
CB_ModuleList.Items.Clear;
WorkProc.hProc:=OpenProcess(PROCESS_QUERY_INFORMATION+PROCESS_VM_READ, false, WorkProc.ProcId);
if WorkProc.hProc <> 0 then begin
if EnumProcessModules(WorkProc.hProc, @hModule[0], 1024, hModuleCount) then begin
hModuleCount:=hModuleCount div 4;
for i:=0 to hModuleCount-1 do begin
GetModuleFileNameEx(WorkProc.hProc,hModule[i],@ProcName[0],255);
CB_ModuleList.Items.Add(ProcName);
GetModuleInformation(WorkProc.hProc,hModule[i],@ModuleInfo,SizeOf(_MODULEINFO));
hModuleInfo[i].ImageBase:=dword(ModuleInfo.lpBaseOfDll);
hModuleInfo[i].ImageSize:=ModuleInfo.SizeOfImage;
end;
end;
end;
CB_ModuleList.ItemIndex:=0;
end;
procedure TForm1.SG_DrxClick(Sender: TObject);
var
i:integer;
begin
i:=SG_Drx.Col-1;
TmpContext.ThreadID:=ThreadIDList[i];
TmpContext.Drx:=ThreadDrxList[i];
LB_TID.Caption:='ThreadID:'+'0x'+IntToHex(TmpContext.ThreadID,8);
ED_Dr0.Text:='0x'+IntToHex(TmpContext.Drx.Dr0,8);
ED_Dr1.Text:='0x'+IntToHex(TmpContext.Drx.Dr1,8);
ED_Dr2.Text:='0x'+IntToHex(TmpContext.Drx.Dr2,8);
ED_Dr3.Text:='0x'+IntToHex(TmpContext.Drx.Dr3,8);
ED_Dr6.Text:='0x'+IntToHex(TmpContext.Drx.Dr6,8);
ED_Dr7.Text:='0x'+IntToHex(TmpContext.Drx.Dr7,8);
RefDr6(TmpContext.Drx.Dr6);
RefDr7(TmpContext.Drx.Dr7);
end;
procedure TForm1.CB_Dr6Click(Sender: TObject);
begin
if TCheckBox(Sender).Checked then begin
TmpContext.Drx.Dr6:=TmpContext.Drx.Dr6 or TCheckBox(Sender).Tag;
end
else begin
TmpContext.Drx.Dr6:=TmpContext.Drx.Dr6 xor TCheckBox(Sender).Tag;
end;
end;
procedure TForm1.Button2Click(Sender: TObject);
var
hThread:DWORD;
Tmpstr:string;
begin
TmpStr:=form1.ED_Dr0.Text;
TmpStr:='$'+Copy(TmpStr,3,length(TmpStr));
TmpContext.Drx.Dr0:=strtoint(TmpStr);
TmpStr:=form1.ED_Dr1.Text;
TmpStr:='$'+Copy(TmpStr,3,length(TmpStr));
TmpContext.Drx.Dr1:=strtoint(TmpStr);
TmpStr:=form1.ED_Dr2.Text;
TmpStr:='$'+Copy(TmpStr,3,length(TmpStr));
TmpContext.Drx.Dr2:=strtoint(TmpStr);
TmpStr:=form1.ED_Dr3.Text;
TmpStr:='$'+Copy(TmpStr,3,length(TmpStr));
TmpContext.Drx.Dr3:=strtoint(TmpStr);
hThread:=OpenThread(THREAD_ALL_ACCESS,False,TmpContext.ThreadID);
if hThread <> 0 then begin
SuspendThread(hThread);
ctext.ContextFlags:=CONTEXT_DEBUG_REGISTERS;
ctext.Dr0:=TmpContext.Drx.Dr0;
ctext.Dr1:=TmpContext.Drx.Dr1;
ctext.Dr2:=TmpContext.Drx.Dr2;
ctext.Dr3:=TmpContext.Drx.Dr3;
ctext.Dr6:=TmpContext.Drx.Dr6;
ctext.Dr7:=TmpContext.Drx.Dr7;
SetThreadContext(hThread,ctext);
ResumeThread(hThread);
CloseHandle(hThread);
end;
end;
procedure TForm1.RB_Dr7Click(Sender: TObject);
begin
if TCheckBox(Sender).Checked then begin
TmpContext.Drx.Dr7:=TmpContext.Drx.Dr7 or TCheckBox(Sender).Tag;
end
else begin
TmpContext.Drx.Dr7:=TmpContext.Drx.Dr7 xor TCheckBox(Sender).Tag;
end;
end;
procedure TForm1.RB_dr7_1Click(Sender: TObject);
var
TmpDword:dword;
i:integer;
begin
i:=TRadioButton(Sender).Tag *2;
TmpDword:=not(3 shl dr7set[i+1]);
TmpContext.Drx.Dr7:=TmpContext.Drx.Dr7 and TmpDword;
TmpDword:=dr7set[i] shl dr7set[i+1];
TmpContext.Drx.Dr7:=TmpContext.Drx.Dr7 or TmpDword;
end;
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -