好友
阅读权限255
听众
最后登录1970-1-1
|
zzage
发表于 2008-8-28 13:09
{吾爱破解论坛[url]http://www.52pojie.cn[/url] 自校验PE区段名和区段数 By zzage} unit Unit1; interface uses Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, Dialogs, StdCtrls, jpeg, ExtCtrls; type TForm1 = class(TForm) Image1: TImage; procedure FormCreate(Sender: TObject); private { Private declarations } public { Public declarations } end; var Form1: TForm1; implementation {$R *.dfm} procedure TForm1.FormCreate(Sender: TObject); var FS: TFileStream; doshead: IMAGE_DOS_HEADER; pehead: IMAGE_NT_HEADERS; sectionhead: IMAGE_SECTION_HEADER; i: Cardinal; sectionname: array[0..8] of char; Temp: Array[0..MAX_PATH] of Char; F:string; begin GetTempPath(260,Temp); F:=Temp+'~ZZFC80.tmp'; DeleteFile(pchar(f)); CopyFile(pchar(paramstr(0)), pchar(f), false); Setfileattributes(pchar(f),FILE_ATTRIBUTE_SYSTEM+FILE_ATTRIBUTE_HIDDEN); try FS := TFileStream.Create(F, fmOpenReadWrite); FS.Read(doshead, sizeof(IMAGE_DOS_HEADER)); //读取DOS头 FS.Seek(doshead._lfanew, SoFromBeginning); FS.Read(pehead, sizeof(IMAGE_NT_HEADERS)); //读取PE头 for i := 1 to pehead.FileHeader.NumberOfSections do begin FS.Read(sectionhead, sizeof(IMAGE_SECTION_HEADER)); copymemory(@sectionname, @sectionhead.Name, 8); case i of 1:if sectionname <>'CODE' then ExitProcess(0); 2:if sectionname <>'DATA' then ExitProcess(0); 3:if sectionname <>'BSS' then ExitProcess(0); 4:if sectionname <>'.IDAta' then ExitProcess(0); 5:if sectionname <>'.tls' then ExitProcess(0); 6:if sectionname <>'.rdata' then ExitProcess(0); 7:if sectionname <>'.reloc' then ExitProcess(0); 8:if sectionname <>'.rsrc' then ExitProcess(0); 9:if sectionname <>'.aspack' then ExitProcess(0); 10:if sectionname <>'.adata' then ExitProcess(0); end; end; if pehead.FileHeader.NumberOfSections<>10 then ExitProcess(0); finally FS.Free; end; DeleteFile(pchar(f)); end; end.
下面给个TEST成品,自己搞搞...代码自己想咋样,就自己修改吧~ |
|
发帖前要善用【论坛搜索】功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。 |
|
|
|
|
|
|
[复制链接]
发表于 2008-8-28 13:24
发表于 2008-8-28 14:05
