|
Registriert seit: 18. Mai 2003
634 Beiträge
|
Re: Entypoint
25. Dez 2003, 13:26
OK! Ich habs geschafft! Für alle die es interessiert wie:
(Ist aber kein bissel optimiert, da ich es eigendlich nur aus Assarbads programm isexe rauskopiert hat und damit eigendlich für was anderes gedacht ist!)
Delphi-Quellcode:
type
PIMAGE_DOS_HEADER = ^IMAGE_DOS_HEADER;
PIMAGE_NT_HEADERS = ^IMAGE_NT_HEADERS;
function _isEXE(fname: string; var DOS_EXE: boolean; var imghead: IMAGE_NT_HEADERS): boolean;
var
hfile, hmap: THandle;
saveview, pEXE: pchar;
begin
result := false;
if @DOS_EXE <> nil then
DOS_EXE := false;
if fname <> '' then
begin
hfile := createfile(@fname[1], GENERIC_READ, FILE_SHARE_READ, nil, OPEN_EXISTING, 0, 0);
if hfile <> INVALID_HANDLE_VALUE then
try
hmap := CreateFileMapping(hFile, nil, PAGE_READONLY, 0, 0, nil);
if hmap <> 0 then
try
saveview := MapViewOfFile(hMap, FILE_MAP_READ, 0, 0, 0);
pEXE := saveview;
if not IsBadReadPtr(pEXE, sizeof(WORD)) then
begin
result := PWORD(pEXE)^ = IMAGE_DOS_SIGNATURE;
if @DOS_EXE <> nil then
DOS_EXE := result;
if result then
begin
pEXE := pEXE + PIMAGE_DOS_HEADER(pEXE)^._lfanew;
if not IsBadReadPtr(pEXE, sizeof(DWORD)) then
begin
result := PIMAGE_NT_HEADERS(pEXE)^.Signature = IMAGE_NT_SIGNATURE;
if result then
if @imghead <> nil then
CopyMemory(@imghead, pEXE, sizeof(imghead));
end;
end;
end;
finally
UnmapViewOfFile(saveview);
CloseHandle(hmap);
end;
finally
CloseHandle(hfile);
end;
end;
end;
function DWORD2hex(dw: DWORD): string;
begin
result := Format('%8.8Xh', [dw]);
end;
procedure TForm1.Button1Click(Sender: TObject);
var
NTImgHeaders: IMAGE_NT_HEADERS;
bool_pefile, bool_dosexe: boolean;
begin
bool_pefile := _isexe(Paramstr(0), bool_dosexe, NTImgHeaders);
Edit1.Text:=dword2hex(NTImgHeaders.OptionalHeader.AddressOfEntryPoint);
end;
|
|
|
Zitat
|
Antwort
Hybrid-Darstellung
