toolfunc.pas

Hying的资源提取工具,可以提取程序的资源 delphi7下开发

unit toolfunc;

interface
uses
  Windows, Messages, Classes, SysUtils, ComCtrls;
  procedure RefResTree;
  procedure RefDrx;
  procedure RefDr6(dr6:dword);
  procedure RefDr7(dr7:dword);
  function ReadResChild(lpBaseAddress:DWORD;ParentTreeNode:TTreeNode;pretreatment:Bool):integer;
  procedure ReadMemory(lpBaseAddress:DWORD;size:DWORD;buf:Pointer);
  function ReadWideChar(OffsetToName:DWORD;Buf:Pointer):string;
  function OpenThread(dwDesiredAccess:DWORD;bInheritHandle:BOOL;dwThreadId:DWORD): THandle; stdcall;
  function OpenThread; external kernel32 name 'OpenThread';
implementation
uses
  Unit1,Global;
  
procedure RefResTree;
var
  TmpDword:DWORD;
  i,j:integer;
  TmpResDirectEntry:IMAGE_RESOURCE_DIRECTORY_ENTRY;
  TmpStr:string;
  TmpTreeNode:TTreeNode;
begin
  ReadMemory($3c,4,@TmpDword);
  ReadMemory(TmpDword+$88,4,@WorkProc.ResBase);
  if WorkProc.ResBase <> 0 then begin
    ReadMemory(WorkProc.ResBase,$10,@WorkProc.ResDirect);
    ResDirectorySize:=ResDirectorySize+$10;
    MainResDirCount:=WorkProc.ResDirect.NumberOfNamedEntries+WorkProc.ResDirect.NumberOfIdEntries;
    SetLength(MainResDir,MainResDirCount);
    j:=1;
    for i:=0 to WorkProc.ResDirect.NumberOfNamedEntries+WorkProc.ResDirect.NumberOfIdEntries-1 do begin
      ReadMemory(WorkProc.ResBase+$10+i*8,8,@TmpResDirectEntry);
      TmpDword:=TmpResDirectEntry.OffsetToData and $7fffffff +WorkProc.ResBase;
      j:=j+ReadResChild(TmpDword,nil,true);
    end;
    SetLength(ResDateEntry,j);
    SetLength(ChildResDir,j);
    for i:=0 to WorkProc.ResDirect.NumberOfNamedEntries+WorkProc.ResDirect.NumberOfIdEntries-1 do begin
      ReadMemory(WorkProc.ResBase+$10+i*8,8,@TmpResDirectEntry);
      ResDirectorySize:=ResDirectorySize+$8;
      if (TmpResDirectEntry.OffsetToName and $80000000)=0 then begin
        MainResDir[i].ID:=TmpResDirectEntry.OffsetToName;
        if TmpResDirectEntry.OffsetToName > ResTypeCount then begin
          TmpStr:=inttostr(TmpResDirectEntry.OffsetToName);
        end
        else begin
          TmpStr:=ResType[TmpResDirectEntry.OffsetToName-1];
        end;
      end
      else begin
        MainResDir[i].ID:=0;
        TmpStr:=ReadWideChar(TmpResDirectEntry.OffsetToName,@MainResDir[i].Name);
      end;
      TmpTreeNode:=form1.TreeView1.Items.AddChild(nil,TmpStr);
      TmpTreeNode.Data:=nil;
      TmpDword:=TmpResDirectEntry.OffsetToData and $7fffffff +WorkProc.ResBase;
      MainResDir[i].ChildCount:=ReadResChild(TmpDword,TmpTreeNode,false);
    end;
    for i:=1 to ResDateEntryCount-1 do begin
      if (ResDateEntry[i].Size1 and 3)=0 then begin
        ResDateSize:=ResDateSize+ResDateEntry[i].Size1;
      end
      else begin
        ResDateSize:=ResDateSize+(ResDateEntry[i].Size1 and $fffffffc) + 4;
      end
    end;
    if (ResNameSize and 3)<>0 then begin
      ResNameSize:=(ResNameSize and $fffffffc) + 4;
    end;
  end;
  form1.ED_ResCount.Text:='0x'+IntToHex(ResDateEntryCount-1,8);
  form1.ED_ResDataSize.Text:='0x'+IntToHex(ResDateSize,8);
  form1.ED_ResDirSize.Text:='0x'+IntToHex(ResDirectorySize+ResNameSize,8);
  form1.ED_ResBase.Text:='0x'+IntToHex(WorkProc.ResBase,8);
  form1.ED_NewResBase.Text:='0x'+IntToHex(WorkProc.ResBase,8);
end;

procedure RefDrx;
var
  i:integer;
begin
  form1.SG_Drx.ColCount:=ThreadIDCount+1;
  for i:=0 to ThreadIDCount-1 do begin
    form1.SG_Drx.Cells[i+1,0]:='0x'+IntToHex(ThreadIDList[i],8);
    form1.SG_Drx.Cells[i+1,1]:='0x'+IntToHex(ThreadDrxList[i].Dr0,8);
    form1.SG_Drx.Cells[i+1,2]:='0x'+IntToHex(ThreadDrxList[i].Dr1,8);
    form1.SG_Drx.Cells[i+1,3]:='0x'+IntToHex(ThreadDrxList[i].Dr2,8);
    form1.SG_Drx.Cells[i+1,4]:='0x'+IntToHex(ThreadDrxList[i].Dr3,8);
    form1.SG_Drx.Cells[i+1,5]:='0x'+IntToHex(ThreadDrxList[i].Dr6,8);
    form1.SG_Drx.Cells[i+1,6]:='0x'+IntToHex(ThreadDrxList[i].Dr7,8);
    form1.SG_Drx.ColWidths[i+1]:=70;
  end;
end;

procedure RefDr6(dr6:dword);
var
  TmpDword:dword;
  i:integer;
begin
  TmpDword:=dr6;
  for i:=0 to 3 do begin
    if (TmpDword and 1)=1 then CB_Bx[i].Checked:=true
    else CB_Bx[i].Checked:=false;
    TmpDword:=TmpDword shr 1;
  end;
  TmpDword:=TmpDword shr 9;
  if (TmpDword and 1)=1 then form1.CB_BD.Checked:=true
  else form1.CB_BD.Checked:=false;
  TmpDword:=TmpDword shr 1;
  if (TmpDword and 1)=1 then form1.CB_BS.Checked:=true
  else form1.CB_BS.Checked:=false;
  TmpDword:=TmpDword shr 1;
  if (TmpDword and 1)=1 then form1.CB_BT.Checked:=true
  else form1.CB_BT.Checked:=false;
end;

procedure RefDr7(dr7:dword);
var
  TmpDword:dword;
  i:integer;
begin
  TmpDword:=dr7;
  for i:=0 to 7 do begin
    if (TmpDword and 1)=1 then RB_LG[i].Checked:=true
    else RB_LG[i].Checked:=false;
    TmpDword:=TmpDword shr 1;
  end;
  if (TmpDword and 1)=1 then form1.CB_LE.Checked:=true
  else form1.CB_LE.Checked:=false;
  TmpDword:=TmpDword shr 1;
  if (TmpDword and 1)=1 then form1.CB_GE.Checked:=true
  else form1.CB_GE.Checked:=false;
  TmpDword:=TmpDword shr 4;
  if (TmpDword and 1)=1 then form1.CB_GD.Checked:=true
  else form1.CB_GD.Checked:=false;
  TmpDword:=TmpDword shr 3;
  for i:=0 to 3 do begin
    RB_RWE[i*4+(TmpDword and 3)].Checked:=true;
    TmpDword:=TmpDword shr 2;
    case (TmpDword and 3) of
      0:begin
        RB_Len[i*3].Checked:=true;
      end;
      1:begin
        RB_Len[i*3+1].Checked:=true;
      end;
      3:begin
        RB_Len[i*3+2].Checked:=true;
      end;
    end;
    TmpDword:=TmpDword shr 2;
  end;
end;

function ReadResChild(lpBaseAddress:DWORD;ParentTreeNode:TTreeNode;pretreatment:Bool):integer;
var
  TmpDword:DWORD;
  i:integer;
  TmpStr:string;
  TmpResDirect:IMAGE_RESOURCE_DIRECTORY;
  TmpResDirectEntry:IMAGE_RESOURCE_DIRECTORY_ENTRY;
  TmpTreeNode:TTreeNode;
begin
  ReadMemory(lpBaseAddress,$10,@TmpResDirect);
  result:=TmpResDirect.NumberOfNamedEntries+TmpResDirect.NumberOfIdEntries;
  if pretreatment then exit;           //如果只是预处理的话，则只要返回个数。
  ResDirectorySize:=ResDirectorySize+$10;
  for i:=0 to TmpResDirect.NumberOfNamedEntries+TmpResDirect.NumberOfIdEntries-1 do begin
    ReadMemory(lpBaseAddress+$10+i*8,8,@TmpResDirectEntry);
    ResDirectorySize:=ResDirectorySize+$8;
    if (TmpResDirectEntry.OffsetToName and $80000000)=0 then begin
      TmpStr:=inttostr(TmpResDirectEntry.OffsetToName);
      ChildResDir[ResDateEntryCount].ID:=TmpResDirectEntry.OffsetToName;
    end
    else begin
      ChildResDir[ResDateEntryCount].ID:=0;
      TmpStr:=ReadWideChar(TmpResDirectEntry.OffsetToName,@ChildResDir[ResDateEntryCount].Name);
    end;
    TmpTreeNode:=form1.TreeView1.Items.AddChild(ParentTreeNode,TmpStr);
    TmpDword:=TmpResDirectEntry.OffsetToData and $7fffffff +WorkProc.ResBase + $10;
    ResDirectorySize:=ResDirectorySize+$10;
    ReadMemory(TmpDword,8,@TmpResDirectEntry);
    ResDirectorySize:=ResDirectorySize+$8;
    TmpDword:=TmpResDirectEntry.OffsetToData and $7fffffff +WorkProc.ResBase;
    ReadMemory(TmpDword,$10,@ResDateEntry[ResDateEntryCount]);
    ResDirectorySize:=ResDirectorySize+$10;
    TmpTreeNode.Data:=Pointer(ResDateEntryCount);
    inc(ResDateEntryCount);
  end;
end;

function ReadWideChar(OffsetToName:DWORD;Buf:Pointer):string;
var
  TmpDword:DWORD;
  TmpWord:WORD;
begin
  TmpDword:=OffsetToName and $7fffffff +WorkProc.ResBase;
  ReadMemory(TmpDword,2,@TmpWord);
  ResNameSize:=ResNameSize+2+TmpWord*2;
  ReadMemory(TmpDword+2,TmpWord*2,@TmpBuf[0]);
  TmpBuf[TmpWord*2]:=0;
  TmpBuf[TmpWord*2+1]:=0;
  if Buf <> nil then begin
    pword(Buf)^:=TmpWord;
    CopyMemory(Pointer(dword(Buf)+2),@TmpBuf[0],TmpWord*2);
  end;
  result:='"'+WideCharToString(PWideChar(@TmpBuf[0]))+'"';
end;

procedure ReadMemory(lpBaseAddress:DWORD;size:DWORD;buf:Pointer);
var
  TmpDword,TmpDword2:DWORD;
begin
  TmpDword:=lpBaseAddress+WorkProc.ImageBase;
  ReadProcessMemory(WorkProc.hProc,Pointer(TmpDword),buf,size,TmpDword2);
end;

end.