本文整理自网络,侵删。
program OEPFinder;
{$APPTYPE CONSOLE}
{$HINTS OFF}
{$WARNINGS OFF}
uses
Windows;
function Format( const fmt: string; params: array of const ): String;
var Buffer: array[ 0..2047 ] of Char;
ElsArray, El: PDWORD;
I : Integer;
P : PDWORD;
begin
ElsArray := nil;
if High( params ) >= 0 then
GetMem( ElsArray, (High( params ) + 1) * sizeof( Pointer ) );
El := ElsArray;
for I := 0 to High( params ) do
begin
P := @params[ I ];
P := Pointer( P^ );
El^ := DWORD( P );
Inc( El );
end;
wvsprintf( @Buffer[0], PChar( fmt ), PChar( ElsArray ) );
Result := Buffer;
if ElsArray <> nil then
FreeMem( ElsArray );
end;
Function FindOEP(Filename:string):string;
var
F:Integer;
signature: DWORD;
dos_header: IMAGE_DOS_HEADER;
pe_header: IMAGE_FILE_HEADER;
opt_header: IMAGE_OPTIONAL_HEADER;
OEP:Dword;
BytesRead:dword;
begin
F := CreateFile(pchar(Filename), GENERIC_READ, FILE_SHARE_READ, nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
ReadFile(F,Dos_header,SizeOf(Dos_header),BytesRead,nil);
if dos_header.e_magic <> IMAGE_DOS_SIGNATURE then begin
Result:='Invalid DOS file header';
Exit;
end;
SetFilePointer(THandle(F), dos_header._lfanew, nil, 0);
ReadFile(F,signature, SizeOf(signature),BytesRead,nil);
if signature <> IMAGE_NT_SIGNATURE then begin
Result:='Invalid PE header';
Exit;
end;
ReadFile(F,pe_header, SizeOf(pe_header),BytesRead,nil);
if pe_header.SizeOfOptionalHeader > 0 then
begin
ReadFile(F,opt_header, SizeOf(opt_header),BytesRead,nil);
OEP:=opt_header.ImageBase+opt_header.AddressOfEntryPoint;
Result:=(Format('OEP is: %00000008X', [OEP]));
end;
end;
begin
if (ParamStr(1) = '/?')or(ParamStr(1)='')or(FindOEP(ParamStr(1))='') then begin
WriteLn;
WriteLn('+++ OEP Finder Writen by Arash Veyskarami +++');
WriteLn;
WriteLn('[FindOEP.exe] [Filename]');
WriteLn;
WriteLn('Ex: FindOEP C:WindowsExplorer.exe');
WriteLn;
WriteLn('++++++++++++ +++++++++++');
end
else
WriteLN('',FindOEP(ParamStr(1)));
Readln;
end.
相关阅读 >>
Delphi 移动windows开始按钮到任务栏中的任何位置
Delphi读取webbrowse中的图片显示在image中
Delphi adoconnection1 连接excel表格读取数据
更多相关阅读请进入《Delphi》频道 >>
