mens tods shoes 5553

tods5eshoes

[ft=,+0,]标题：用Delphi编写WindowsPE文件随机区段名器
链接：http://www.unpack.cn/viewthread.php?tid=16931
作者：pathletboy
日期：2007-8-31 23:00代码:
unit MainFormUnit;
{
Written by pathletboy
2007.08.31
}
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;
type
TForm1 = class(TForm)
Label1: TLabel;
Button1: TButton;
OpenDialog1: TOpenDialog;
Memo1: TMemo;
Button2: TButton;
procedure Button2Click(Sender: TObject);
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
function CheckValidPE(F: string): Byte; //检查PE文件有效性
var
FS: TFileStream;
doshead: IMAGE_DOS_HEADER;
pehead: IMAGE_NT_HEADERS;
begin
if not (FileExists(F)) then
begin //判断文件是否存在
result := 0;
exit;
end;
try
try
FS := TFileStream.Create(F,[link widoczny dla zalogowanych], fmOpenRead);
if FS.Size < $1000 then
begin //判断文件大小，小于0x1000的判定为非有效PE
result := 0;
exit;
end;
FS.ReadBuffer(doshead, sizeof(IMAGE_DOS_HEADER));
if doshead.e_magic <> IMAGE_DOS_SIGNATURE then
begin //判断Dos头
result := 0;
exit;
end;
FS.Seek(doshead._lfanew, SoFromBeginning);
FS.ReadBuffer(pehead, sizeof(IMAGE_NT_HEADERS));
if pehead.Signature <IMAGE_NT_SIGNATURE> 0 then
Button2.Enabled := True
else
Button2.Enabled := False;
end;
end;
procedure TForm1.Button2Click(Sender: TObject);
begin
if ProcessRandomSectionNames(Label1.Caption, Memo1) then
Memo1.Lines.Add('处理完毕!')
else
Memo1.Lines.Add('处理失败!');
end;
end.函数CheckValidPE 检测PE有效性,及判断PE文件为EXE或DLL
函数GetRandomSectionName 生成随机区段名
函数ProcessRandomSectionNames 处理随机区段名
附件为代码及编译好的EXE
下载链接：http://www.unpack.cn/attachment.php?aid=11254
------------------------------------------
本文转载自：■龙■：用Delphi编写Windows PE文件随机区段名器
用QQ邮箱阅读空间订阅■龙■
什么是阅读空间?
此日志来自QQ邮箱！方便快捷写Qzone的新方式,[link widoczny dla zalogowanych]，详情请进>>Topics related articles：