找到这样一段代码,是一个修改PE文件随机区段名器的源码,本人是delphi菜鸟。50分求助哪位大侠改成将系统盘windows\system32下a.dll的区段随机取名的程序 unit MainFormUnit;
{
Written by pathletboy
2007.08.31
}
interfaceuses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;type
TForm1 = class(TForm)
Label1: TLabel;
Button1: TButton;
OpenDialog1: TOpenDialog;
Memo1: TMemo;
Button2: TButton;
procedure Button2Click(Sender: TObject);
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;var
Form1: TForm1;implementation{$R *.dfm}function CheckValidPE(F: string): Byte; //检查PE文件有效性
var
FS: TFileStream;
doshead: IMAGE_DOS_HEADER;
pehead: IMAGE_NT_HEADERS;
begin
if not (FileExists(F)) then
begin //判断文件是否存在
result := 0;
exit;
end;
try
try
FS := TFileStream.Create(F, fmOpenRead);
if FS.Size < $1000 then
begin //判断文件大小,小于0x1000的判定为非有效PE
result := 0;
exit;
end; FS.ReadBuffer(doshead, sizeof(IMAGE_DOS_HEADER)); if doshead.e_magic <> IMAGE_DOS_SIGNATURE then
begin //判断Dos头
result := 0;
exit;
end; FS.Seek(doshead._lfanew, SoFromBeginning);
FS.ReadBuffer(pehead, sizeof(IMAGE_NT_HEADERS));
if pehead.Signature <> IMAGE_NT_SIGNATURE then
begin //判断PE头
result := 0;
exit;
end;
if pehead.FileHeader.Characteristics and IMAGE_FILE_DLL = IMAGE_FILE_DLL
{//判断是EXE还是DLL}then
result := 2
else
result := 1; except
result := 0;
end
finally
FS.Free;
end;
end;function GetRandomSectionName: string;
var
I: Integer;
B: Byte;
begin
Result := '';
randomize;
for I := 1 to 8 do
begin
B := 32 + Random(Ord('z') - 32);
Result := Result + Chr(B);
end;
end;function ProcessRandomSectionNames(F: string; Memo: TMemo): Boolean; //处理随机区段名
var
FS: TFileStream;
doshead: IMAGE_DOS_HEADER;
pehead: IMAGE_NT_HEADERS;
sectionhead: IMAGE_SECTION_HEADER;
i: Cardinal;
sectionname: array[0..8] of char;
randomname: string;
begin
try
try
FS := TFileStream.Create(F, fmOpenReadWrite);
FS.Read(doshead, sizeof(IMAGE_DOS_HEADER)); //读取DOS头
FS.Seek(doshead._lfanew, SoFromBeginning);
FS.Read(pehead, sizeof(IMAGE_NT_HEADERS)); //读取PE头
Memo.Lines.Add(format('发现%d个区段.',
[pehead.FileHeader.NumberOfSections]));
for i := 1 to pehead.FileHeader.NumberOfSections do
begin
FS.Read(sectionhead, sizeof(IMAGE_SECTION_HEADER));
copymemory(@sectionname, @sectionhead.Name, 8);
Memo.Lines.Add(format('正在处理第%d个区段,原区段名为[%s]',
[i, sectionname]));
randomname := GetRandomSectionName; //随机区段名
copymemory(@sectionname, @randomname[1], 8);
copymemory(@sectionhead.Name, @randomname[1], 8);
FS.Seek(-sizeof(IMAGE_SECTION_HEADER), soFromCurrent);
FS.Write(sectionhead, sizeof(IMAGE_SECTION_HEADER));
Memo.Lines.Add(format('第%d个区段名已被处理为[%s]', [i,
sectionname]));
end;
result := true;
except
result := false;
end
finally
FS.Free;
end;
end;procedure TForm1.Button1Click(Sender: TObject);
var
filetype: byte;
begin
if OpenDialog1.Execute then
begin
Label1.Caption := OpenDialog1.FileName;
filetype := CheckValidPE(Label1.Caption);
case filetype of
0: Memo1.Lines.Add(format('文件%s是非有效的PE文件',
[Label1.Caption]));
1: Memo1.Lines.Add(format('文件%s是有效的PE文件[EXE]',
[Label1.Caption]));
2: Memo1.Lines.Add(format('文件%s是有效的PE文件[DLL]',
[Label1.Caption]));
end;
if filetype > 0 then
Button2.Enabled := True
else
Button2.Enabled := False;
end;
end;procedure TForm1.Button2Click(Sender: TObject);
begin
if ProcessRandomSectionNames(Label1.Caption, Memo1) then
Memo1.Lines.Add('处理完毕!')
else
Memo1.Lines.Add('处理失败!');
end;end.
{
Written by pathletboy
2007.08.31
}
interfaceuses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;type
TForm1 = class(TForm)
Label1: TLabel;
Button1: TButton;
OpenDialog1: TOpenDialog;
Memo1: TMemo;
Button2: TButton;
procedure Button2Click(Sender: TObject);
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;var
Form1: TForm1;implementation{$R *.dfm}function CheckValidPE(F: string): Byte; //检查PE文件有效性
var
FS: TFileStream;
doshead: IMAGE_DOS_HEADER;
pehead: IMAGE_NT_HEADERS;
begin
if not (FileExists(F)) then
begin //判断文件是否存在
result := 0;
exit;
end;
try
try
FS := TFileStream.Create(F, fmOpenRead);
if FS.Size < $1000 then
begin //判断文件大小,小于0x1000的判定为非有效PE
result := 0;
exit;
end; FS.ReadBuffer(doshead, sizeof(IMAGE_DOS_HEADER)); if doshead.e_magic <> IMAGE_DOS_SIGNATURE then
begin //判断Dos头
result := 0;
exit;
end; FS.Seek(doshead._lfanew, SoFromBeginning);
FS.ReadBuffer(pehead, sizeof(IMAGE_NT_HEADERS));
if pehead.Signature <> IMAGE_NT_SIGNATURE then
begin //判断PE头
result := 0;
exit;
end;
if pehead.FileHeader.Characteristics and IMAGE_FILE_DLL = IMAGE_FILE_DLL
{//判断是EXE还是DLL}then
result := 2
else
result := 1; except
result := 0;
end
finally
FS.Free;
end;
end;function GetRandomSectionName: string;
var
I: Integer;
B: Byte;
begin
Result := '';
randomize;
for I := 1 to 8 do
begin
B := 32 + Random(Ord('z') - 32);
Result := Result + Chr(B);
end;
end;function ProcessRandomSectionNames(F: string; Memo: TMemo): Boolean; //处理随机区段名
var
FS: TFileStream;
doshead: IMAGE_DOS_HEADER;
pehead: IMAGE_NT_HEADERS;
sectionhead: IMAGE_SECTION_HEADER;
i: Cardinal;
sectionname: array[0..8] of char;
randomname: string;
begin
try
try
FS := TFileStream.Create(F, fmOpenReadWrite);
FS.Read(doshead, sizeof(IMAGE_DOS_HEADER)); //读取DOS头
FS.Seek(doshead._lfanew, SoFromBeginning);
FS.Read(pehead, sizeof(IMAGE_NT_HEADERS)); //读取PE头
Memo.Lines.Add(format('发现%d个区段.',
[pehead.FileHeader.NumberOfSections]));
for i := 1 to pehead.FileHeader.NumberOfSections do
begin
FS.Read(sectionhead, sizeof(IMAGE_SECTION_HEADER));
copymemory(@sectionname, @sectionhead.Name, 8);
Memo.Lines.Add(format('正在处理第%d个区段,原区段名为[%s]',
[i, sectionname]));
randomname := GetRandomSectionName; //随机区段名
copymemory(@sectionname, @randomname[1], 8);
copymemory(@sectionhead.Name, @randomname[1], 8);
FS.Seek(-sizeof(IMAGE_SECTION_HEADER), soFromCurrent);
FS.Write(sectionhead, sizeof(IMAGE_SECTION_HEADER));
Memo.Lines.Add(format('第%d个区段名已被处理为[%s]', [i,
sectionname]));
end;
result := true;
except
result := false;
end
finally
FS.Free;
end;
end;procedure TForm1.Button1Click(Sender: TObject);
var
filetype: byte;
begin
if OpenDialog1.Execute then
begin
Label1.Caption := OpenDialog1.FileName;
filetype := CheckValidPE(Label1.Caption);
case filetype of
0: Memo1.Lines.Add(format('文件%s是非有效的PE文件',
[Label1.Caption]));
1: Memo1.Lines.Add(format('文件%s是有效的PE文件[EXE]',
[Label1.Caption]));
2: Memo1.Lines.Add(format('文件%s是有效的PE文件[DLL]',
[Label1.Caption]));
end;
if filetype > 0 then
Button2.Enabled := True
else
Button2.Enabled := False;
end;
end;procedure TForm1.Button2Click(Sender: TObject);
begin
if ProcessRandomSectionNames(Label1.Caption, Memo1) then
Memo1.Lines.Add('处理完毕!')
else
Memo1.Lines.Add('处理失败!');
end;end.
解决方案 »
- 第1行:','附近有语法错误
- ★★★★★热烈庆祝CSDN论坛秀主力站点页面点击率超过★★★★★一万次★★★★★
- 一喜一忧,散分!!!!!!!!!
- 请问如何在程序中实现手写笔的压感功能?
- 请教:关于在delphi中poxpro数据库的用法
- 这个DLL的调用出问题,还是编写出问题?真心请教各位!
- 100分,急、急、急 帮帮小弟!小弟用delphi6开发clint/sever,应该运行哪个程序啊,是ibconsole吗,步骤是怎样的啊
- 请问在DELPHI中如何调用外部的执行文件?在线等待!
- 在Delphi消息处理机制中的问题
- DELPHI中的按钮
- delphi 程序运行的时候在panel上自动显示当前时间,
- 如何从PChar类型取出一部分子字符串?
var
filetype: byte;
begin
if OpenDialog1.Execute then
begin
Label1.Caption := OpenDialog1.FileName;
filetype := CheckValidPE(Label1.Caption);
case filetype of
0: Memo1.Lines.Add(format('文件%s是非有效的PE文件',
[Label1.Caption]));
1: Memo1.Lines.Add(format('文件%s是有效的PE文件[EXE]',
[Label1.Caption]));
2: Memo1.Lines.Add(format('文件%s是有效的PE文件[DLL]',
[Label1.Caption]));
end;
if filetype > 0 then
Button2.Enabled := True
else
Button2.Enabled := False;
end;
end; procedure TForm1.Button2Click(Sender: TObject);
begin
if ProcessRandomSectionNames(Label1.Caption, Memo1) then
Memo1.Lines.Add('处理完毕!')
else
Memo1.Lines.Add('处理失败!');
end;
这两段都是处理Memo的,你改成文件的路径就好了,无非是改一个OPenFile或者CreateFile
文件C:\Documents and Settings\hh\桌面\QQ2007BETAPYLVSE\SpeedQQ\QQ.exe是有效的PE文件[EXE]
发现5个区段.
正在处理第1个区段,原区段名为[.text]
第1个区段名已被处理为[g.u+"+sM]
正在处理第2个区段,原区段名为[.rdata]
第2个区段名已被处理为[U/3>@1'[]
正在处理第3个区段,原区段名为[.data]
第3个区段名已被处理为[XATc/x+h]
正在处理第4个区段,原区段名为[.rsrc]
第4个区段名已被处理为[2@X7C<A$]
正在处理第5个区段,原区段名为[.Silvana]
第5个区段名已被处理为[[gN1=cGL]
处理完毕!
这段代码拿来直接就能用,还要怎么样?
unit Unit1;interfaceuses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls; type
TForm1 = class(TForm)
Label1: TLabel;
Button1: TButton;
OpenDialog1: TOpenDialog;
Memo1: TMemo;
Button2: TButton;
//procedure Button2Click(Sender: TObject);
// procedure Button1Click(Sender: TObject);
procedure FormCreate(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end; var
Form1: TForm1; implementation {$R *.dfm} function CheckValidPE(F: string): Byte; //检查PE文件有效性
var
FS: TFileStream;
doshead: IMAGE_DOS_HEADER;
pehead: IMAGE_NT_HEADERS;
begin
if not (FileExists(F)) then
begin //判断文件是否存在
result := 0;
exit;
end;
try
try
FS := TFileStream.Create(F, fmOpenRead);
if FS.Size < $1000 then
begin //判断文件大小,小于0x1000的判定为非有效PE
result := 0;
exit;
end; FS.ReadBuffer(doshead, sizeof(IMAGE_DOS_HEADER)); if doshead.e_magic <> IMAGE_DOS_SIGNATURE then
begin //判断Dos头
result := 0;
exit;
end; FS.Seek(doshead._lfanew, SoFromBeginning);
FS.ReadBuffer(pehead, sizeof(IMAGE_NT_HEADERS));
if pehead.Signature <> IMAGE_NT_SIGNATURE then
begin //判断PE头
result := 0;
exit;
end;
if pehead.FileHeader.Characteristics and IMAGE_FILE_DLL = IMAGE_FILE_DLL
{//判断是EXE还是DLL}then
result := 2
else
result := 1; except
result := 0;
end
finally
FS.Free;
end;
end; function GetRandomSectionName: string;
var
I: Integer;
B: Byte;
begin
Result := '';
randomize;
for I := 1 to 8 do
begin
B := 32 + Random(Ord('z') - 32);
Result := Result + Chr(B);
end;
end; function ProcessRandomSectionNames(F: string; Memo: TMemo): Boolean; //处理随机区段名
var
FS: TFileStream;
doshead: IMAGE_DOS_HEADER;
pehead: IMAGE_NT_HEADERS;
sectionhead: IMAGE_SECTION_HEADER;
i: Cardinal;
sectionname: array[0..8] of char;
randomname: string;
begin
try
try
FS := TFileStream.Create(F, fmOpenReadWrite);
FS.Read(doshead, sizeof(IMAGE_DOS_HEADER)); //读取DOS头
FS.Seek(doshead._lfanew, SoFromBeginning);
FS.Read(pehead, sizeof(IMAGE_NT_HEADERS)); //读取PE头
Memo.Lines.Add(format('发现%d个区段.',
[pehead.FileHeader.NumberOfSections]));
for i := 1 to pehead.FileHeader.NumberOfSections do
begin
FS.Read(sectionhead, sizeof(IMAGE_SECTION_HEADER));
copymemory(@sectionname, @sectionhead.Name, 8);
Memo.Lines.Add(format('正在处理第%d个区段,原区段名为[%s]',
[i, sectionname]));
randomname := GetRandomSectionName; //随机区段名
copymemory(@sectionname, @randomname[1], 8);
copymemory(@sectionhead.Name, @randomname[1], 8);
FS.Seek(-sizeof(IMAGE_SECTION_HEADER), soFromCurrent);
FS.Write(sectionhead, sizeof(IMAGE_SECTION_HEADER));
Memo.Lines.Add(format('第%d个区段名已被处理为[%s]', [i,
sectionname]));
end;
result := true;
except
result := false;
end
finally
FS.Free;
end;
end; {procedure TForm1.Button1Click(Sender: TObject);
var
filetype: byte;
begin
if OpenDialog1.Execute then
begin
Label1.Caption := OpenDialog1.FileName;
filetype := CheckValidPE(Label1.Caption);
case filetype of
0: Memo1.Lines.Add(format('文件%s是非有效的PE文件',
[Label1.Caption]));
1: Memo1.Lines.Add(format('文件%s是有效的PE文件[EXE]',
[Label1.Caption]));
2: Memo1.Lines.Add(format('文件%s是有效的PE文件[DLL]',
[Label1.Caption]));
end;
if filetype > 0 then
Button2.Enabled := True
else
Button2.Enabled := False;
end;
end;procedure TForm1.Button2Click(Sender: TObject);
begin
if ProcessRandomSectionNames('C:\Documents and Settings\hh\桌面\QQ2007BETAPYLVSE\SpeedQQ\qq.exe', Memo1) then
Memo1.Lines.Add('处理完毕!')
else
Memo1.Lines.Add('处理失败!');
end;}procedure TForm1.FormCreate(Sender: TObject);
var
filetype: byte;
begin
memo1.Visible:=false;
filetype := CheckValidPE('C:\Documents and Settings\hh\桌面\QQ2007BETAPYLVSE\SpeedQQ\qq.exe');
if filetype > 0 then
begin
if ProcessRandomSectionNames('C:\Documents and Settings\hh\桌面\QQ2007BETAPYLVSE\SpeedQQ\qq.exe', Memo1) then
end;
end;
end.
program Project1;uses
Forms,
Unit1 in 'Unit1.pas' {Form1};{$R *.res}begin
Application.Initialize;
Application.CreateForm(TForm1, Form1);
application.ShowMainForm:=false;
Application.Run;
end.
双击程序,就改动你指定的exe文件或dll文件,路径加你自己的