SHARE
TWEET

Untitled

a guest May 19th, 2017 38 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. var
  2.   hFile:    DWORD;
  3.   hMapping: DWORD;
  4.   dwSize:   DWORD;
  5.   pFile:    Pointer;
  6.   IDH:      TImageDosHeader;
  7.   INH:      TImageNtHeaders;
  8.   ISH:      TImageSectionHeader;
  9.   bByte:    Byte;
  10. begin
  11.   hFile := CreateFile('PE.exe', GENERIC_READ or GENERIC_WRITE, FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_EXISTING, 0, 0);
  12.   if hFile <> INVALID_HANDLE_VALUE then
  13.   begin
  14.     dwSize := GetFileSize(hFile, nil);
  15.     if dwSize > 0 then
  16.     begin
  17.       hMapping := CreateFileMapping(hFile, nil, PAGE_READWRITE, 0, dwSize, 0);
  18.       if hMapping <> 0 then
  19.       begin
  20.         pFile := MapViewOfFile(hMapping, FILE_MAP_ALL_ACCESS, 0, 0, 0);
  21.         if pFile <> nil then
  22.         begin
  23.           IDH := TImageDosHeader(pFile^);
  24.           if IDH.e_magic = IMAGE_DOS_SIGNATURE then
  25.           begin
  26.             INH := TImageNtHeaders(Pointer(DWORD(pFile) + IDH._lfanew)^);
  27.             if INH.Signature = IMAGE_NT_SIGNATURE then
  28.             begin
  29.               ISH := TImageSectionHeader(Pointer(DWORD(pFile) + IDH._lfanew + 248)^);
  30.               bByte := PByte(Pointer(DWORD(pFile) + ISH.PointerToRawData))^;
  31.               MessageBox(0, PChar(IntToHex(bByte, 4)), nil, 0);
  32.             //PByte(pFile)^ := 0;
  33.             end;
  34.             UnmapViewOfFile(pFile);
  35.           end;
  36.         end;
  37.       end;
  38.     end
  39.   end;
RAW Paste Data
Challenge yourself this year...
Learn something new in 2017
Top