📄 mainunit.pas
字号:
and (dw-dw2<$100)then
begin
{BOZA DeDeClasses.}PEStream.Seek(dw-delta,soFromBeginning);
{BOZA DeDeClasses.}PEStream.Read(b,1);
if (b>0) then
begin
dw1:=b;
repeat
{BOZA DeDeClasses.}PEStream.Read(b,1);
if not (CHR(b) in ['A'..'Z','a'..'z','0'..'9','_']) then break;
Dec(dw1);
until dw1=0;
{BOZA DeDeClasses.}PEStream.Seek(bkup+4,soFromBeginning);
if dw1=0
then AddObjectEx(dw,0);
end;
end;
{BOZA DeDeClasses.}PEStream.Seek(bkup,soFromBeginning);
Until ({BOZA DeDeClasses.}PEStream.Position>=code_size);
End {sDelphiVersion<>'D2'}
///////////////////////////////////////
// Delphi 2 Class Finder
//
///////////////////////////////////////
Else begin
DumpD2;
end;
///////////////////////////////////////////////////////////////////////////////////////
// Dumping classes methods (published)
//////////////////////////////////////////////////////////////////////////////////////
DeDeMainForm.CustomPB.Position:=1000;
DeDeMainForm.CustomPB.Update;
DeDeMainForm.DumpStatusLbl.Caption:=msg_dumpingprocs;
DeDeMainForm.DumpStatusLbl.Update;
Try
// Dump Methods
For i:=0 To Classes.Count-2 Do
begin
TClassDumper(Classes[i]).DumpMethods(0);
DeDeMainForm.CustomPB.Position:=1000+Trunc(50*(i)/Classes.Count);
Application.ProcessMessages;
end;
TClassDumper(Classes[Classes.Count-1]).DumpMethods(0);
Except
on e:Exception Do ShowMessage(e.Message);
End;
DeDeDisASM.RVAConverter.ImageBase:=PEHeader.IMAGE_BASE;
DeDeDisASM.RVAConverter.PhysOffset:=PEHeader.Objects[1].PHYSICAL_OFFSET;
DeDeDisASM.RVAConverter.CodeRVA:=PEHeader.Objects[1].RVA;
/////////////////////////////////////////////////////////////////////////////////////////
// Dump units data from PackageInfoTable and seek/dump additional procedures
/////////////////////////////////////////////////////////////////////////////////////////
if bBSS Then
begin
DeDeMainForm.DumpStatusLbl.Caption:=msg_read_package_info;
DeDeMainForm.DumpStatusLbl.Update;
DeDeMainForm.CustomPB.Position:=1050;
DeDeMainForm.CustomPB.Update;
Application.ProcessMessages;
//Find the physical offset of System..InitUnits() function
dw:=GetInitUnitsProcRVA;
if dw<>0 then
begin
Case ReducedDelphiVersion of
dvD2 : j:=InitContextOffset2;
dvD3, dvBCB3 : j:=InitContextOffset3;
dvD4, dvBCB4, dvD5, dvBCB5, dvD6 : j:=InitContextOffset4;
else j:=InitContextOffset4;
end;
//Goes there and reads the InitContext.PackageInfo member
PEFile.PEStream.Seek(dw+j, soFromBeginning);
PEFile.PEStream.ReadBuffer(dw1,4);
// Check is it CODE offset
If OffsetInSegment(dw1,'BSS') then
begin
// Gets the real data pointer in the file as physical offset
dw:=BSS.GetPointer(dw1)-PEHeader.IMAGE_BASE
-PEHeader.Objects[1].RVA
+PEHeader.Objects[1].PHYSICAL_OFFSET;
//Goes there
PEFile.PEStream.Seek(dw, soFromBeginning);
PEFile.PEStream.ReadBuffer(dw1,4);
if dw1<>0 then
With PackageInfoTable Do
Begin
dwPhysOffs:=dw+8;
SetUnitCount(dw1);
For i:=0 to dw1-1 do
begin
//Reads Units data
PEFile.PEStream.Seek(dwPhysOffs+8*i, soFromBeginning);
PEFile.PEStream.ReadBuffer(dw,4);
UnitsInitPtrs[i]:=dw;
PEFile.PEStream.ReadBuffer(dw,4);
UnitsFInitPtrs[i]:=dw;
end;
IdentUnitNames(Self);
End;
end;
end;
end;
//////////////////////////////////////////////////////////////
// Dumping additional procs - finding their addresses
//////////////////////////////////////////////////////////////
DeDeMainForm.CustomPB.Position:=1050;
DeDeMainForm.CustomPB.Update;
DeDeMainForm.DumpStatusLbl.Caption:=msg_dumpingprocs;
DeDeMainForm.DumpStatusLbl.Update;
Try
// Dump Methods
For i:=0 To Classes.Count-2 Do
begin
//Find the end of seek offset
EndSerchFuncOffs:=TClassDumper(Classes[i+1]).FdwSelfPrt;
for k:=0 to PackageInfoTable.dwUnitCount-1 do
if PackageInfoTable.UnitsStartPtrs[k]>TClassDumper(Classes[i]).FdwFirstProcRVA then
begin
if PackageInfoTable.UnitsStartPtrs[k]<EndSerchFuncOffs
then EndSerchFuncOffs:=PackageInfoTable.UnitsStartPtrs[k];
break;
end;
//DebugLog(TClassDumper(Classes[i]).FsClassName+' ->'+DWORD2HEX(TClassDumper(Classes[i]).FdwFirstProcRVA)+' ->'+DWORD2HEX(EndSerchFuncOffs));
TClassDumper(Classes[i]).DumpMethods(EndSerchFuncOffs,True);
DeDeMainForm.CustomPB.Position:=1050+Trunc(50*(i)/Classes.Count);
Application.ProcessMessages;
end;
//Find the end of seek offset
EndSerchFuncOffs:=PEHeader.RVA_ENTRYPOINT;
for k:=0 to PackageInfoTable.dwUnitCount-1 do
if PackageInfoTable.UnitsStartPtrs[k]>TClassDumper(Classes[Classes.Count-1]).FdwFirstProcRVA then
begin
if PackageInfoTable.UnitsStartPtrs[k]<EndSerchFuncOffs
then EndSerchFuncOffs:=PackageInfoTable.UnitsStartPtrs[k];
break;
end;
TClassDumper(Classes[Classes.Count-1]).DumpMethods(EndSerchFuncOffs,True);
Except
on e:Exception Do ShowMessage(e.Message);
End;
/////////////////////////////////////////////////////////////////////////////////////////
// Building BSS/DATA pointers list
/////////////////////////////////////////////////////////////////////////////////////////
if bBSS Then
begin
DeDeMainForm.DumpStatusLbl.Caption:=msg_initpointers;
DeDeMainForm.DumpStatusLbl.Update;
DeDeMainForm.CustomPB.Position:=1100;
DeDeMainForm.CustomPB.Update;
for j:=0 to self.Classes.Count-1 do
begin
DeDeMainForm.CustomPB.Position:=1100+Trunc(200*(j)/self.Classes.Count);
Application.ProcessMessages;
// skip the non classes and objects
if not (TClassDumper(self.Classes[j]).FbClassFlag in [$07,$0E]) then continue;
// Class Self Pointer
dw1:=TClassDumper(self.Classes[j]).FdwVMTPtr;
// Do not process bullshits
if dw1=0 then continue;
i:=BSS.dwStartRVA;
while i<(BSS.dwStartRVA+BSS.dwSize) do
begin
if (i mod 160) = 0 then Application.ProcessMessages;
if BSS.GetValue(i)=dw1 then
begin
TClassDumper(self.Classes[j]).FdwBSSOffset.Add(Pointer(i));
TClassDumper(self.Classes[j]).FdwHeapPtr.Add(Pointer(BSS.GetPointer(i)));
TClassDumper(self.Classes[j]).FdwDATAPrt.Add(Pointer(BSS.GetDataPrtOfBSSData(i)));
end;
Inc(i,4);
end;
end;
end;
DeDeMainForm.CustomPB.Position:=1300;
DeDeMainForm.CustomPB.Update;
DeDeMainForm.DumpStatusLbl.Caption:=msg_done;
DeDeMainForm.DumpStatusLbl.Update;
end;
procedure TClassesDumper.FinilizeDump;
var Cstm, tfrm : TOffsInfStruct;
i : Integer;
begin
// Loads DFMTXTData
LoadDFMTXTDATA;
// Load DOI definitions for dumped forms
tfrm:=DeDeClassEmulator.OffsInfArchive.GetOffsInfoByClassName('TForm');
if tfrm=nil then Exit;
For i:=0 To Classes.Count-1 Do
If (TClassDumper(Classes[i]).FdwDFMOffset<>0)
Then Begin
Cstm:=TOffsInfStruct.Create;
Cstm.Assign(tfrm);
Cstm.FsClassName:=TClassDumper(Classes[i]).FsClassName;
Cstm.FHierarchyList.Add('TForm');
DeDeClassEmulator.OffsInfArchive.AddOffsInfo(Cstm);
End;
end;
Function CheckFile(AsFile : String) : Boolean;
Begin
Result:=True;
If Not bWARN_ON_FILE_OVERWRITE Then Exit;
If FileExists(AsFile) Then
Result:=MessageDlg(Format(wrn_fileexists,[AsFile]),mtConfirmation,[mbYes,mbNo],0)=mrYes;
End;
Procedure TruncAll(Var s : String);
Begin
While Copy(s,1,1)=' ' Do s:=Copy(s,2,Length(s)-1);
While Copy(s,Length(s),1)=' ' Do s:=Copy(s,1,Length(s)-1);
End;
procedure TDeDeMainForm.CompileToSymAndLoadInSice(sMAPFilePath, sSicePath : String);
begin
With StatsForm Do
Begin
FsSiceDir:=sSicePath;
FsTarget:=sMAPFilePath;
ShowModal;
End;
end;
procedure TDeDeMainForm.PreBtnClick(Sender: TObject);
var //PE : TDelphi4PE;
ProjHeader : TDFMProjectHeader;
sCompilerOffset : String;
sCompilerComment : String;
dwProjectHeaderOffset : DWORD;
i,idx : Integer;
ListItem : TListItem;
tick1,tick2 : Cardinal;
iIDX : Byte;
bNoChanges : Boolean;
begin
GlobCBuilder:=False;
tick1:=GetTickCount;
tick2:=tick1;
bUserProcs:=DeDeReg.bDumpAll;
bBSS:=DeDeReg.bObjPropRef;
DeDeProjectFileName := ExtractFileNameWOExt(FsFileName) + '.dpj';
If not FbMemFump then
begin
// Some checks for the file name
If FileEdit.FileName='' Then FileEdit.FileName:=FE.Text;
If FileEdit.FileName='' Then Raise Exception.Create(err_specifyfilename);
If Not FileExists(FileEdit.FileName) Then Raise Exception.Create(err_filenotfound);
If RecentFileEdit.Items.IndexOf(FE.Text)=-1
Then RecentFileEdit.Items.Insert(0,FE.Text)
Else Begin
RecentFileEdit.Items.Delete(RecentFileEdit.Items.IndexOf(FE.Text));
RecentFileEdit.Items.Insert(0,FE.Text);
End;
If RecentFileEdit.Items.Count>10 Then RecentFileEdit.Items.Delete(RecentFileEdit.Items.Count-1);
GlobGetImports:=True;
// This creates the new PEFile, dumps the PEHeader and
// assigns it to DeDeClasses.PEHeader and DeDeDisASM.PEHeader
// plus some more stuff
PrepareProject(FileEdit.FileName);
ProjHeader:=nil;
End
Else Begin
GlobGetImports:=False;
End;
ProjectNameLbl.Caption:='';
DumpStatusLbl.Caption:='';
PrcsBtn.Enabled:=False;
Process1.Enabled:=False;
ClearDeDeLists;
// FOpCodeList.Clear;
// FControlList.Clear;
// Determine Compiler
FFileType:=ftEXE;
// PE:=TDelphi4PE.Create;
SetExitCtrls(False);
Try
// PE.FMemFile:=PEFile.PEStream;
// PE.SetOffsets(PEHeader.IMAGE_BASE,PEHeader.BaseOfCode,PEHeader.Objects[1].RVA,PEHeader.Objects[1].VIRTUAL_SIZE,PEHeader.Objects[1].PHYSICAL_OFFSET,PEHeader.RVA_ENTRYPOINT);
CustomPB.Min:=0;
CustomPB.Max:=1300;
CustomPB.Position:=0;
DumpStatusLbl.Caption:=msg_analizefile;
DumpAnimation.Visible:=True;
DumpAnimation.Animate:=True;
DumpAnimation.Update;
/////////////////////////////////////////////////////////////
// Needed for UnlinkCalls
DeDeSym.FirstCodeRVA:=PEHeader.BaseOfCode+PEHeader.IMAGE_BASE;
//////////////////////////////////////////////////////////////////////
///// ------------ 'BOOLEAN' CHECK ---------------------------------//
//////////////////////////////////////////////////////////////////////
ProjHeader:=nil;
GlobDelphi2:=False;
sDelphiVersion:='';
If Not IsDelphiApp
Then Begin
If FbCutSelfPtr
// Self Ptr is Cut! And 'Boolean' is found -> Delphi 2
Then Begin
ShowMessage(wrn_d2_app);
GlobDelphi2:=True;
sDelphiVersion:='D2';
End
// Self Ptr Is not Cut. CODE section is crypted
Else
Begin
//If MessageDlg(err_might_not_delphi_app,mtWarning,[mbAbort,mbIgnore],0)=mrAbort Then Exit;
iIDX:=PEHeader.GetSectionIndex('.idata');
if iIDX=255 then iIDX:=PEHeader.GetSectionIndexByRVA(PEHEader.IMPORT_TABLE_RVA);
sDelphiVersion:=GetDelphiVersionFromImports(FsFileName,
PEHeader.Objects[iIDX].PHYSICAL_OFFSET,
PEHeader.Objects[iIDX].RVA);
If (sDelphiVersion='Console')
then MessageDlg(wrn_not_using_vcl,mtInformation,[mbOk],0)
else begin
if sDelphiVersion='<unknown>'
then begin
ShowMessage(err_not_delphi_app);
exit;
end
else begin
sCompilerComment:=IdentCompiler(sCompilerOffset);
if UnitList.IndexOf('kol')<>-1
then MessageDlg(wrn_KOL_found,mtInformation,[mbOk],0)
else ShowMessage(sDelphiVersion+wrn_runtime_pkcg);
end;
if Copy(sDelphiVersion,1,3)='BCB' then GlobCBuilder:=True;
end;
End;
End
Else sDelphiVersion:='';
/////////////////////////////////////////////////////////////////////
///// END OF 'BOOLEAN' CHECK
/////////////////////////////////////////////////////////////////////
sCompilerComment:=IdentCompiler(sCompilerOffset);
dwProjectHeaderOffset:=HEX2DWORD(sCompilerOffset);
FsProjectName:=AnsiLowerCase(ChangeFileExt(sCompilerComment,''));
If sCompilerComment='' Then
Begin
ShowMessage(e⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -