我用delphi写一PE文件分析。。在C++Builder中完全成功可是在delphi中得到错误的结果。。请看我的程序:
//=====delphi==========
procedure TFormMain.PEdump(FileName: AnsiString);
type
PImageHeader = ^TImageHeader;
TImageHeader = packed record
PEDosHead : TImageDosHeader;
Signature : DWORD;
FileHeader : TImageFileHeader;
OptionalHeader : TImageOptionalHeader;
PESectionHead :array of TImageSectionHeader;
end;
var
hFile,hMapping:THandle;
basepointer,basepointer1:Pointer;
PEDosHead:pImageDosHeader;
IsDos:word;
PImageHeader1:PImageHeader ;
FileSize:integer;
begin hFile := CreateFile(PChar(FileName), GENERIC_READ or GENERIC_WRITE,
FILE_SHARE_READ, nil, OPEN_EXISTING,
FILE_FLAG_SEQUENTIAL_SCAN, 0);
if hFile=INVALID_HANDLE_VALUE then //安全检查
begin
CloseHandle(hFile);
ShowMessage('error');
exit;
end;
hMapping:=CreateFileMapping(hFile,nil,PAGE_READWRITE,0,0,nil); //创建视图
if hMapping=0 then //安全检查
begin
CloseHandle(hFile);
ShowMessage('CreateFileMapping error');
exit;
end;
basepointer:=MapViewOfFile(hMapping,FILE_MAP_ALL_ACCESS,0,0,0); //创建影像
if basepointer=nil then//安全检查
begin
ShowMessage('error MapViewofFile');
CloseHandle(hMapping);
exit;
end;
PImageHeader1:=basepointer;
IsDos:=PImageHeader1^.PEDosHead.e_magic;
if IsDos<>IMAGE_DOS_SIGNATURE then
begin
ShowMessage('不是Win32');
UnmapViewOfFile(basepointer);
FileClose(hFile);
exit;
end; LabeledEdit1.Text:=IntToHex(int64(basepointer),10);//@@@@得到错误结果
LabeledEdit2.Text:=Format('%10x',[PImageHeader1^.PEDosHead._lfanew]);//正确结果
LabeledEdit3.Text:=Format('%10d',[PImageHeader1^.FileHeader.NumberOfSections] );//@@@@@大错而特错结果 UnmapViewOfFile(basepointer);
end;
//=======c++ builder程序========== 一路OK
TFormMain::PEDump(AnsiString FileName)
{
HANDLE hFile, hMapping;
hFile = CreateFile(FileName.c_str() , GENERIC_READ|GENERIC_WRITE, FILE_SHARE_READ|FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_FLAG_SEQUENTIAL_SCAN, 0);
if(hFile==INVALID_HANDLE_VALUE)
{
CloseHandle(hFile);
ShowMessage("error open");
return 0;
}
hMapping = CreateFileMapping(hFile, 0, PAGE_READONLY | SEC_COMMIT, 0, 0, 0);
if(!hMapping )
{
CloseHandle(hFile);
ShowMessage("CreateFileMapping Error");
return 0;
}
//====
void *basepointer;
basepointer = MapViewOfFile(hMapping, FILE_MAP_READ, 0, 0, 0);
//=========
dos_head =(IMAGE_DOS_HEADER *)basepointer;
LabeledEdit1->Text=IntToHex(__int64(basepointer),10);
LabeledEdit2->Text=IntToHex(__int64(dos_head->e_lfanew),10) ;
peHeader * header;
header = (peHeader *)((char *)dos_head + dos_head->e_lfanew);//得到PE文件头
if (header->signature!=IMAGE_NT_SIGNATURE)
{ CloseHandle(hMapping);
CloseHandle(hFile);
UnmapViewOfFile(basepointer);
ShowMessage("error PE header");
return 0;
}
LabeledEdit3->Text=IntToHex(__int64(header->_head.NumberOfSections),10); //=========== CloseHandle(hMapping);
CloseHandle(hFile);
UnmapViewOfFile(basepointer);
//=====delphi==========
procedure TFormMain.PEdump(FileName: AnsiString);
type
PImageHeader = ^TImageHeader;
TImageHeader = packed record
PEDosHead : TImageDosHeader;
Signature : DWORD;
FileHeader : TImageFileHeader;
OptionalHeader : TImageOptionalHeader;
PESectionHead :array of TImageSectionHeader;
end;
var
hFile,hMapping:THandle;
basepointer,basepointer1:Pointer;
PEDosHead:pImageDosHeader;
IsDos:word;
PImageHeader1:PImageHeader ;
FileSize:integer;
begin hFile := CreateFile(PChar(FileName), GENERIC_READ or GENERIC_WRITE,
FILE_SHARE_READ, nil, OPEN_EXISTING,
FILE_FLAG_SEQUENTIAL_SCAN, 0);
if hFile=INVALID_HANDLE_VALUE then //安全检查
begin
CloseHandle(hFile);
ShowMessage('error');
exit;
end;
hMapping:=CreateFileMapping(hFile,nil,PAGE_READWRITE,0,0,nil); //创建视图
if hMapping=0 then //安全检查
begin
CloseHandle(hFile);
ShowMessage('CreateFileMapping error');
exit;
end;
basepointer:=MapViewOfFile(hMapping,FILE_MAP_ALL_ACCESS,0,0,0); //创建影像
if basepointer=nil then//安全检查
begin
ShowMessage('error MapViewofFile');
CloseHandle(hMapping);
exit;
end;
PImageHeader1:=basepointer;
IsDos:=PImageHeader1^.PEDosHead.e_magic;
if IsDos<>IMAGE_DOS_SIGNATURE then
begin
ShowMessage('不是Win32');
UnmapViewOfFile(basepointer);
FileClose(hFile);
exit;
end; LabeledEdit1.Text:=IntToHex(int64(basepointer),10);//@@@@得到错误结果
LabeledEdit2.Text:=Format('%10x',[PImageHeader1^.PEDosHead._lfanew]);//正确结果
LabeledEdit3.Text:=Format('%10d',[PImageHeader1^.FileHeader.NumberOfSections] );//@@@@@大错而特错结果 UnmapViewOfFile(basepointer);
end;
//=======c++ builder程序========== 一路OK
TFormMain::PEDump(AnsiString FileName)
{
HANDLE hFile, hMapping;
hFile = CreateFile(FileName.c_str() , GENERIC_READ|GENERIC_WRITE, FILE_SHARE_READ|FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_FLAG_SEQUENTIAL_SCAN, 0);
if(hFile==INVALID_HANDLE_VALUE)
{
CloseHandle(hFile);
ShowMessage("error open");
return 0;
}
hMapping = CreateFileMapping(hFile, 0, PAGE_READONLY | SEC_COMMIT, 0, 0, 0);
if(!hMapping )
{
CloseHandle(hFile);
ShowMessage("CreateFileMapping Error");
return 0;
}
//====
void *basepointer;
basepointer = MapViewOfFile(hMapping, FILE_MAP_READ, 0, 0, 0);
//=========
dos_head =(IMAGE_DOS_HEADER *)basepointer;
LabeledEdit1->Text=IntToHex(__int64(basepointer),10);
LabeledEdit2->Text=IntToHex(__int64(dos_head->e_lfanew),10) ;
peHeader * header;
header = (peHeader *)((char *)dos_head + dos_head->e_lfanew);//得到PE文件头
if (header->signature!=IMAGE_NT_SIGNATURE)
{ CloseHandle(hMapping);
CloseHandle(hFile);
UnmapViewOfFile(basepointer);
ShowMessage("error PE header");
return 0;
}
LabeledEdit3->Text=IntToHex(__int64(header->_head.NumberOfSections),10); //=========== CloseHandle(hMapping);
CloseHandle(hFile);
UnmapViewOfFile(basepointer);
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货