link.pas

一款压缩壳PE123的DELPHI源码 学习写壳的很好的参考

unit link;

interface

uses windows,disasm;

type TLinkcode = class
  protected
    linking:boolean;
    workmem:pointer;
    maxsize:cardinal;
    p_code:cardinal;
    model:t_asmmodel;
    errtext:pansichar;
    p_ip:cardinal;
  public
    constructor create(memsize:cardinal = $1000);
    destructor Destroy();
    function Start():pointer;
    function add(cmd:string):boolean;
    function addbyte(cmd:byte):boolean;
    function addword(cmd:word):boolean;
    function adddword(cmd:Dword):boolean;
    function addmem(p_mem:pointer;c_length:cardinal):boolean;
    function _End():cardinal;
    property codesize:cardinal read p_code write p_code;
    property eip:cardinal read p_ip write p_ip;
end;

implementation

constructor TLinkcode.create(memsize:cardinal);
begin
  linking := false;
  workmem := nil;
  maxsize := memsize;
  p_code := 0;
  errtext := nil;
  setprivileged(1);
  p_ip := $400000;
end;

function TLinkcode.Start():pointer;
begin
  if linking then
    _end;
  p_code := 0;
  errtext := nil;
  if workmem = nil then
    workmem := Virtualalloc(nil,maxsize,MEM_COMMIT,PAGE_READWRITE);
  linking := true;
  errtext := pointer(cardinal(workmem)-256);
  result := workmem;
end;
function TLinkcode.add(cmd:string):boolean;
var
  code_size:integer;
begin
  if not linking then
  begin
    result := false;
    exit;
  end;
  code_size := Assemble(pchar(cmd),p_ip,@model,0,0,@errtext);
  if code_size = 0 then
  begin
    result := false;
    exit;
  end;
  move((@model.code)^,pointer(cardinal(workmem)+p_code)^,code_size);
  p_code := p_code+code_size;
  result := true;
end;
function TLinkcode.addbyte(cmd:byte):boolean;
begin
  if not linking then
  begin
    result := false;
    exit;
  end;
  move((@cmd)^,pointer(cardinal(workmem)+p_code)^,sizeof(cmd));
  p_code := p_code+sizeof(cmd);
  result := true;
end;

function TLinkcode.addword(cmd:word):boolean;
begin
  if not linking then
  begin
    result := false;
    exit;
  end;
  move((@cmd)^,pointer(cardinal(workmem)+p_code)^,sizeof(cmd));
  p_code := p_code+sizeof(cmd);
  result := true;
end;

function TLinkcode.adddword(cmd:dword):boolean;
begin
  if not linking then
  begin
    result := false;
    exit;
  end;
  move((@cmd)^,pointer(cardinal(workmem)+p_code)^,sizeof(cmd));
  p_code := p_code+sizeof(cmd);
  result := true;
end;

function TLinkcode.addmem(p_mem:pointer;c_length:cardinal):boolean;
begin
  if not linking then
  begin
    result := false;
    exit;
  end;
  move(p_mem^,pointer(cardinal(workmem)+p_code)^,c_length);
  p_code := p_code+c_length;
  result := true;
end;

function TLinkcode._End():cardinal;
begin
  if linking then
    linking := false;
  result := p_code;
end;

destructor TLinkcode.Destroy;
begin
  VirtualFree(workmem,0,MEM_RELEASE);
  workmem := nil;
end;
end.