📄 ufileinfo.pas
字号:
unit UFileInfo;
interface
uses
Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
ComCtrls, StdCtrls, ToolWin, ShlObj, ImgList, Menus, ExtCtrls, Math,
Grids, AppEvnts, StdActns, ActnList, ClipBrd, Inifiles, MMSystem, shellapi,
Buttons,UPEConst;
type
TfrmFileInfo = class(TForm)
Panel2: TPanel;
Panel3: TPanel;
PageControl1: TPageControl;
TabSheet1: TTabSheet;
PEHeaderList: TListView;
TabSheet2: TTabSheet;
Panel1: TPanel;
OptionalheaderList: TListView;
TabSheet3: TTabSheet;
DataDirectory: TListView;
TabSheet4: TTabSheet;
Panel4: TPanel;
PageSection: TPageControl;
BitBtn2: TBitBtn;
procedure FormShow(Sender: TObject);
procedure BitBtn2Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
FFileName: string;
procedure LoadPeInfo;
procedure SetFileName(Value: string);
property FileName: string read FFileName write SetFileName;
end;
var
frmFileInfo: TfrmFileInfo;
implementation
uses UMain;
{$R *.DFM}
{CPU类型}
function GetCPUType(Value: Cardinal): string;
begin
case Value of
IMAGE_FILE_MACHINE_UNKNOWN: Result := '未知';
IMAGE_FILE_MACHINE_I386: Result := 'Intel 386';
$160: Result := 'MIPS big-endian';
IMAGE_FILE_MACHINE_R3000: Result := 'MIPS little-endian';
IMAGE_FILE_MACHINE_R4000: Result := 'MIPS little-endian';
IMAGE_FILE_MACHINE_R10000: Result := 'MIPS little-endian';
IMAGE_FILE_MACHINE_WCEMIPSV2: Result := 'MIPS little-endian WCE v2';
IMAGE_FILE_MACHINE_ALPHA: Result := 'Alpha_AXP';
IMAGE_FILE_MACHINE_SH3: Result := 'SH3 little-endian';
IMAGE_FILE_MACHINE_SH3E: Result := 'SH3E little-endian';
IMAGE_FILE_MACHINE_SH4: Result := 'SH4 little-endian';
IMAGE_FILE_MACHINE_SH5: Result := 'SH5';
IMAGE_FILE_MACHINE_ARM: Result := 'ARM Little-Endian';
IMAGE_FILE_MACHINE_THUMB: Result := 'THUMB';
IMAGE_FILE_MACHINE_ARM33: Result := 'ARM33';
IMAGE_FILE_MACHINE_POWERPC: Result := 'IBM PowerPC Little-Endian';
IMAGE_FILE_MACHINE_IA64: Result := 'Intel 64';
IMAGE_FILE_MACHINE_MIPS16: Result := 'MIPS';
IMAGE_FILE_MACHINE_ALPHA64: Result := 'ALPHA64';
IMAGE_FILE_MACHINE_MIPSFPU: Result := 'MIPS';
IMAGE_FILE_MACHINE_MIPSFPU16: Result := 'MIPS';
IMAGE_FILE_MACHINE_AMD64: Result := 'AMD K8';
IMAGE_FILE_MACHINE_TRICORE: Result := 'Infineon';
IMAGE_FILE_MACHINE_CEF: Result := 'CEF';
else Result := '未知';
end;
end;
function formatValue(W: Byte; Value: Cardinal): string;
begin
Result := Format('%.*x [%u]', [W, Value, Value]);
end;
function formatBool(Value: boolean): string;
begin
if Value then
Result := 'TRUE'
else
Result := 'FALSE';
end;
procedure TfrmFileInfo.LoadPeInfo;
function CheckValue(Flags: Cardinal; Value: Cardinal): Boolean;
begin
Result := flags and not Value = 0;
end;
var
FileHandle: integer;
DosHeader: TImageDosHeader;
NTHeader: TImageNtHeaders;
PESectionHeader: array of TImageSectionHeader;
I,J: integer;
Str: string;
DirectorySection: TTabSheet;
DataDirectoryList: TListView;
begin
FileHandle := FileOpen(FileName, fmOpenRead or fmShareDenyNone);
try
if FileRead(FileHandle, DosHeader, SizeOf(DosHeader))<>SizeOf(DosHeader) then {读取DOSHeader}
raise exception.Create('');
if FileSeek(FileHandle, DosHeader._lfanew, soFromBeginning)<>DosHeader._lfanew then {定位到PE header}
raise exception.Create('');
if FileRead(FileHandle, NTHeader, SizeOf(NTHeader))<>SizeOf(NTHeader) then {读数据到NTHeader}
raise exception.Create('');
SetLength(PESectionheader, NTHeader.FileHeader.NumberOfSections); {块表数}
for i := 0 to NTHeader.FileHeader.NumberOfSections - 1 do
{节表读入到PESectionHeader}
if FileRead(FileHandle, PESectionHeader[i], SizeOf(PESectionHeader[i]))<>SizeOf(PESectionHeader[i]) then
raise exception.Create('');
except
FileClose(FileHandle);
showmessage('读PE文件出错!');
exit;
end;
FileClose(FileHandle);
if (NTHeader.Signature <> IMAGE_NT_SIGNATURE) then
begin
ShowMessage('非Win32位PE可执行文件');
exit;
end;
with PEHeaderList do
begin
try
Items.BeginUpdate;
items.clear;
with Items.Add do
begin
Caption := 'PE文件头偏移';
{DOS文件头定位到NT文件头的值}
Subitems.Add(formatValue(8, DosHeader._lfanew));
end;
with Items.add do
begin
Caption := '可选文件头大小';
{在OBJs中,该字段通常为0
执行文件中,是指IMAGE_OPTIONAL_HEADER结构的长度}
SubItems.Add(formatValue(8, NTHeader.FileHeader.SizeOfOptionalHeader));
end;
with Items.add do
begin
if NTHeader.Signature = IMAGE_NT_SIGNATURE then Str := 'PE\0\0'
// else if NTHeader.Signature = IMAGE_OS2_SIGNATURE then Str := 'NE\0\0'
// else if NTHeader.Signature = IMAGE_OS2_SIGNATURE_LE then Str := 'LE\0\0'
else Str := '';
{PE格式对应PE、NE对应NE、VxD对应LE}
Caption := '标志:' + str;
Subitems.add(formatValue(8, NTHeader.Signature));
end;
with Items.add do
begin
Caption := GetCPUType(NTHeader.FileHeader.Machine);
{获取CPU类型}
subitems.add(formatValue(8, NTHeader.FileHeader.Machine));
end;
with Items.add do
begin
caption := format('文件中共包含%u个节', [NTHeader.FileHeader.NumberOfSections]);
{即块表的个数,如.rsrc .data .code}
subitems.add(formatValue(8, NTHeader.FileHeader.NumberOfSections));
end;
with Items.add do
begin
caption := '时间格式(距1969年12月31日4:00P.M.后的总秒数)';
subitems.add(formatValue(8, NTHeader.FileHeader.TimeDateStamp));
end;
with Items.add do
begin
caption := 'COFF符号表格偏移位置(此栏位只对COFF除错有用)';
subitems.add(formatValue(8, NTHeader.FileHeader.PointerToSymbolTable));
end;
with items.add do
begin
caption := 'COFF符号表格中符号的个数';
subitems.add(formatValue(8, NTHeader.FileHeader.NumberOfSymbols));
end;
with items.add do
begin
caption := '文件的特性值';
subitems.add(formatValue(8, NTHeader.FileHeader.Characteristics));
end;
with items.add do
begin
Caption := ' $0001--IMAGE_FILE_RELOCS_STRIPPED';
subitems.Add(FormatBool(CheckValue(IMAGE_FILE_RELOCS_STRIPPED, NTHeader.FileHeader.Characteristics)));
end;
with items.add do
begin
Caption := ' $0002--IMAGE_FILE_EXECUTABLE_IMAGE';
subitems.Add(FormatBool(CheckValue(IMAGE_FILE_EXECUTABLE_IMAGE, NTHeader.FileHeader.Characteristics)));
end;
with items.add do
begin
Caption := ' $0004--IMAGE_FILE_LINE_NUMS_STRIPPED';
subitems.Add(FormatBool(CheckValue(IMAGE_FILE_LINE_NUMS_STRIPPED, NTHeader.FileHeader.Characteristics)));
end;
with items.add do
begin
Caption := ' $0008--IMAGE_FILE_LOCAL_SYMS_STRIPPED';
subitems.Add(FormatBool(CheckValue(IMAGE_FILE_LOCAL_SYMS_STRIPPED, NTHeader.FileHeader.Characteristics)));
end;
with items.add do
begin
Caption := ' $00010--IMAGE_FILE_AGGRESIVE_WS_TRIM';
subitems.Add(FormatBool(CheckValue(IMAGE_FILE_AGGRESIVE_WS_TRIM, NTHeader.FileHeader.Characteristics)));
end;
with items.add do
begin
Caption := ' $00020--IMAGE_FILE_LARGE_ADDRESS_AWARE';
subitems.Add(FormatBool(CheckValue(IMAGE_FILE_LARGE_ADDRESS_AWARE, NTHeader.FileHeader.Characteristics)));
end;
with Items.Add do
begin
Caption := ' $00080--IMAGE_FILE_BYTES_REVERSED_LO';
subitems.Add(FormatBool(CheckValue(IMAGE_FILE_BYTES_REVERSED_LO, NTHeader.FileHeader.Characteristics)));
end;
with Items.Add do
begin
Caption := ' $00100--IMAGE_FILE_32BIT_MACHINE';
subitems.Add(FormatBool(CheckValue(IMAGE_FILE_32BIT_MACHINE, NTHeader.FileHeader.Characteristics)));
end;
with Items.Add do
begin
Caption := ' $00200--IMAGE_FILE_DEBUG_STRIPPED';
subitems.Add(FormatBool(CheckValue(IMAGE_FILE_DEBUG_STRIPPED, NTHeader.FileHeader.Characteristics)));
end;
with Items.Add do
begin
Caption := ' $00400--IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP';
subitems.Add(FormatBool(CheckValue(IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP, NTHeader.FileHeader.Characteristics)));
end;
with Items.Add do
begin
Caption := ' $00800--IMAGE_FILE_NET_RUN_FROM_SWAP';
subitems.Add(FormatBool(CheckValue(IMAGE_FILE_NET_RUN_FROM_SWAP, NTHeader.FileHeader.Characteristics)));
end;
with Items.Add do
begin
Caption := ' $01000--IMAGE_FILE_SYSTEM';
subitems.Add(FormatBool(CheckValue(IMAGE_FILE_SYSTEM, NTHeader.FileHeader.Characteristics)));
end;
with Items.Add do
begin
Caption := ' $02000--IMAGE_FILE_DLL';
subitems.Add(FormatBool(CheckValue(IMAGE_FILE_DLL, NTHeader.FileHeader.Characteristics)));
end;
with Items.Add do
begin
Caption := ' $04000--IMAGE_FILE_UP_SYSTEM_ONLY';
subitems.Add(FormatBool(CheckValue(IMAGE_FILE_UP_SYSTEM_ONLY, NTHeader.FileHeader.Characteristics)));
end;
with Items.Add do
begin
Caption := ' $08000--IMAGE_FILE_BYTES_REVERSED_HI';
subitems.Add(FormatBool(CheckValue(IMAGE_FILE_BYTES_REVERSED_HI, NTHeader.FileHeader.Characteristics)));
end;
finally
Items.EndUpdate;
end;
end;
{以下为可选头的相关信息}
with OptionalheaderList do
begin
try
Items.clear;
Items.BeginUpdate;
with items.add do
begin
caption := '标志字($010B表示EXE Image,$0107表示ROM Image)';
subitems.Add(formatValue(8, NTHeader.OptionalHeader.Magic));
end;
with items.add do
begin
caption := format('编译器版本为%u.%u',
[NTHeader.OptionalHeader.MajorLinkerVersion,
NTHeader.OptionalHeader.MinorLinkerVersion]);
subitems.add(Format(' %.*x%.*x [%u%u]',
[2, NTHeader.OptionalHeader.MajorLinkerVersion,
2, NTHeader.OptionalHeader.MinorLinkerVersion,
NTHeader.OptionalHeader.MajorLinkerVersion,
NTHeader.OptionalHeader.MinorLinkerVersion]));
end;
with items.add do
begin
caption := Format('运行此文件所需系统的最低版本为%u.%u',
[NTHeader.OptionalHeader.MajorOperatingSystemVersion,
NTHeader.OptionalHeader.MinorOperatingSystemVersion]);
subitems.add(Format('%.*x%.*x [%u%u]',
[4, NTHeader.OptionalHeader.MajorOperatingSystemVersion,
4, NTHeader.OptionalHeader.MinorOperatingSystemVersion,
NTHeader.OptionalHeader.MajorOperatingSystemVersion,
NTHeader.OptionalHeader.MinorOperatingSystemVersion]));
end;
with items.add do
begin
caption := Format('自定义版本--%u.%u',
[NTHeader.OptionalHeader.MajorImageVersion,
NTHeader.OptionalHeader.MinorImageVersion]);
subitems.add(Format('%.*x%.*x [%u%u]',
[4, NTHeader.OptionalHeader.MajorImageVersion,
4, NTHeader.OptionalHeader.MinorImageVersion,
NTHeader.OptionalHeader.MajorImageVersion,
NTHeader.OptionalHeader.MinorImageVersion]));
end;
with items.add do
begin
caption := Format('运行此文件所需子系统的最低版本为%u.%u',
[NTHeader.OptionalHeader.MajorSubsystemVersion,
NTHeader.OptionalHeader.MinorSubsystemVersion]);
subitems.add(Format('%.*x%.*x [%u%u]',
[4, NTHeader.OptionalHeader.MajorSubsystemVersion,
4, NTHeader.OptionalHeader.MinorSubsystemVersion,
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -