Thema: Delphi Entypoint

Einzelnen Beitrag anzeigen

Benutzerbild von SleepyMaster
SleepyMaster

Registriert seit: 18. Mai 2003
634 Beiträge
 
#7

Re: Entypoint

  Alt 25. Dez 2003, 14:26
OK! Ich habs geschafft! Für alle die es interessiert wie:
(Ist aber kein bissel optimiert, da ich es eigendlich nur aus Assarbads programm isexe rauskopiert hat und damit eigendlich für was anderes gedacht ist!)

Delphi-Quellcode:
type
  PIMAGE_DOS_HEADER = ^IMAGE_DOS_HEADER;
  PIMAGE_NT_HEADERS = ^IMAGE_NT_HEADERS;

function _isEXE(fname: string; var DOS_EXE: boolean; var imghead: IMAGE_NT_HEADERS): boolean;
var
  hfile, hmap: THandle;
  saveview, pEXE: pchar;
begin
  result := false;
  if @DOS_EXE <> nil then
    DOS_EXE := false;
  if fname <> 'then
    begin
      hfile := createfile(@fname[1], GENERIC_READ, FILE_SHARE_READ, nil, OPEN_EXISTING, 0, 0);
      if hfile <> INVALID_HANDLE_VALUE then
        try
          hmap := CreateFileMapping(hFile, nil, PAGE_READONLY, 0, 0, nil);
          if hmap <> 0 then
            try
              saveview := MapViewOfFile(hMap, FILE_MAP_READ, 0, 0, 0);
              pEXE := saveview;
              if not IsBadReadPtr(pEXE, sizeof(WORD)) then
                begin
                  result := PWORD(pEXE)^ = IMAGE_DOS_SIGNATURE;
                  if @DOS_EXE <> nil then
                    DOS_EXE := result;
                  if result then
                    begin
                      pEXE := pEXE + PIMAGE_DOS_HEADER(pEXE)^._lfanew;
                      if not IsBadReadPtr(pEXE, sizeof(DWORD)) then
                        begin
                          result := PIMAGE_NT_HEADERS(pEXE)^.Signature = IMAGE_NT_SIGNATURE;
                          if result then
                            if @imghead <> nil then
                              CopyMemory(@imghead, pEXE, sizeof(imghead));
                        end;
                    end;
                end;
            finally
              UnmapViewOfFile(saveview);
              CloseHandle(hmap);
            end;
        finally
          CloseHandle(hfile);
        end;
    end;
end;

function DWORD2hex(dw: DWORD): string;
begin
  result := Format('%8.8Xh', [dw]);
end;

procedure TForm1.Button1Click(Sender: TObject);
var
  NTImgHeaders: IMAGE_NT_HEADERS;
  bool_pefile, bool_dosexe: boolean;
begin
bool_pefile := _isexe(Paramstr(0), bool_dosexe, NTImgHeaders);
Edit1.Text:=dword2hex(NTImgHeaders.OptionalHeader.AddressOfEntryPoint);
end;
  Mit Zitat antworten Zitat