自校验PE区段名和区段数
{吾爱破解论坛http://www.52pojie.cn自校验PE区段名和区段数 By zzage}
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, jpeg, ExtCtrls;
type
TForm1 = class(TForm)
Image1: TImage;
procedure FormCreate(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
procedure TForm1.FormCreate(Sender: TObject);
var
FS: TFileStream;
doshead: IMAGE_DOS_HEADER;
pehead: IMAGE_NT_HEADERS;
sectionhead: IMAGE_SECTION_HEADER;
i: Cardinal;
sectionname: array of char;
Temp: Array of Char;
F:string;
begin
GetTempPath(260,Temp);
F:=Temp+'~ZZFC80.tmp';
DeleteFile(pchar(f));
CopyFile(pchar(paramstr(0)), pchar(f), false);
Setfileattributes(pchar(f),FILE_ATTRIBUTE_SYSTEM+FILE_ATTRIBUTE_HIDDEN);
try
FS := TFileStream.Create(F, fmOpenReadWrite);
FS.Read(doshead, sizeof(IMAGE_DOS_HEADER)); //读取DOS头
FS.Seek(doshead._lfanew, SoFromBeginning);
FS.Read(pehead, sizeof(IMAGE_NT_HEADERS)); //读取PE头
for i := 1 to pehead.FileHeader.NumberOfSections do
begin
FS.Read(sectionhead, sizeof(IMAGE_SECTION_HEADER));
copymemory(@sectionname, @sectionhead.Name, 8);
case i of
1:if sectionname <>'CODE' then ExitProcess(0);
2:if sectionname <>'DATA' then ExitProcess(0);
3:if sectionname <>'BSS' then ExitProcess(0);
4:if sectionname <>'.idata' then ExitProcess(0);
5:if sectionname <>'.tls' then ExitProcess(0);
6:if sectionname <>'.rdata' then ExitProcess(0);
7:if sectionname <>'.reloc' then ExitProcess(0);
8:if sectionname <>'.rsrc' then ExitProcess(0);
9:if sectionname <>'.aspack' then ExitProcess(0);
10:if sectionname <>'.adata' then ExitProcess(0);
end;
end;
if pehead.FileHeader.NumberOfSections<>10 then ExitProcess(0);
finally
FS.Free;
end;
DeleteFile(pchar(f));
end;
end.
自校验PE区段名和区段数,这个是以ASPack的壳为例子,代码烂,大牛闪过..
下面给个TEST成品,自己搞搞...代码自己想咋样,就自己修改吧~ 哈哈我看不懂... 顶你了死Zz 顶你了死Zz 新手学习中。。。。。。。。 爆破了已经 谢谢分享··学习了 谢谢分享
学习 这个应该可以用于反破解吧?
页:
[1]