ايران ويج

ايران ويج > برنامه نویسی > دلفی > سورس دلفی
نسخه‌ی کامل: سورس دلفی
شما در حال مشاهده‌ی نسخه‌ی متنی این صفحه می‌باشید. مشاهده‌ی نسخه‌ی کامل با قالب بندی مناسب.
صفحه‌ها: 1 2 3 4 5

بهروز عباسی

۱۶-خرداد-۱۳۹۲, ۲۱:۱۵:۲۲
درود به همه
شما با این تابع میتونید در نسخه های جدید دلفی مثل XE3 به Dll injection بپردازید و از اهداف خیر خواهانه خودتون لذت ببرید :دی

این تابع هم در برنامه های 32بیتی و هم برنامه های 64بیتی تست شده و به درستی کار میکنه.
(در برنامه های 64بیتی هم dll و هم برنامه Injector باید درحالت 64بیتی کامپایل بشن)

کد:
(*

  DLL Injection in delphi :)

  Tested on 32bit and 64Bit application

  coded by Behrooz Abbassi (ME !)
*)

function InjectDLL(const dwPID: DWORD; {$IFDEF UNICODE} DLLPath: PWideChar
{$ELSE} DLLPath: PAnsiChar {$ENDIF} ): Integer;

const
  Kernel32 = 'kernel32.dll';
var
  dwThreadID: Cardinal;
  hProc, hThread, hKernel: THandle;
  BytesToWrite, BytesWritten: SIZE_T;
  pRemoteBuffer, pLoadLibrary: Pointer;
begin
  hProc := OpenProcess(PROCESS_CREATE_THREAD or PROCESS_QUERY_INFORMATION or
    PROCESS_VM_OPERATION or PROCESS_VM_WRITE or PROCESS_VM_READ, False, dwPID);
  if hProc = 0 then
    exit(0);
  try
    BytesToWrite := SizeOf(WideChar) * (Length(DLLPath) + 1);
    pRemoteBuffer := VirtualAllocEx(hProc, nil, BytesToWrite, MEM_COMMIT,
      PAGE_READWRITE);
    if pRemoteBuffer = nil then
      exit(0);
    try
      if not WriteProcessMemory(hProc, pRemoteBuffer, DLLPath, BytesToWrite,
        BytesWritten) then
        exit(0);
{$REGION 'Check for UNICODE'}
{$IFDEF UNICODE}
      hKernel := GetModuleHandleW(Kernel32);
      pLoadLibrary := GetProcAddress(hKernel, 'LoadLibraryW');
{$ELSE}
      hKernel := GetModuleHandleA(Kernel32);
      pLoadLibrary := GetProcAddress(hKernel, 'LoadLibraryA');
{$ENDIF}
{$ENDREGION}
      hThread := CreateRemoteThread(hProc, nil, 0, pLoadLibrary, pRemoteBuffer,
        0, dwThreadID);
      try
        WaitForSingleObject(hThread, INFINITE);
      finally
        CloseHandle(hThread);
      end;
    finally
      VirtualFreeEx(hProc, pRemoteBuffer, 0, MEM_RELEASE);
    end;
  finally
    CloseHandle(hProc);
  end;
  exit(1);
end;


// how to use ?
begin
                 {4864 it this sample}
                {Target process PID}   {Your dll dile path+name}
  if InjectDLL(4864, 'C:\SampleDLL') <> 0 then
    ShowMessage('woO!');

end;
/////////////////// My Dll file \\\\\\\\\\\\\\
library SampleDLL;
uses
  System.SysUtils,
  System.Classes,

  Winapi.Windows;
procedure mydllproc(Reason: Integer);
begin
  case Reason of
    DLL_PROCESS_ATTACH:
      begin
        MessageBoxW(0,'I am in your target : Dll file','woO!',0)
      end;
  end;
end;

begin
  DllProc := mydllproc;
  mydllproc(DLL_PROCESS_ATTACH);

end.

بهروز عباسی

۲۰-آذر-۱۳۹۲, ۰۲:۳۶:۳۸
نمونه برنامه دلفی برای ارتباط با درایور ها (سورسی که به زبان سی است) شامل متدهای زیر:

Registering the driver in the system
Dynamic loading driver
Dynamic unloading drivers
Removing the driver from the system
Calculation IOCTO code
and three methods of communication with the driver.

کد:
unit dDriver;  
  
interface  
uses Windows;  
const  
      METHOD_BUFFERED          = 0;  
      METHOD_NEITHER           = 3;  
      FILE_ANY_ACCESS          = 0;  
      FILE_READ_ACCESS         = 1;  
      FILE_WRITE_ACCESS        = 2;  
  
      FILE_DEVICE_UNKNOWN          = $00000022;  
Type  
      NTStatus = cardinal;  
      TString = array[0..MAX_PATH] of char;  
      PUnicodeString = ^TUnicodeString;  
      TUnicodeString = record  
         Length: WORD;  
         MaximumLength: WORD;  
         Buffer: PWideChar;  
      end;  
  
const  
     STATUS_OBJECT_NAME_EXISTS  =   $40000000;  
     OBJ_CASE_INSENSITIVE       =   $00000040;  
     OBJ_OPENIF                 =   $00000080;  
     DIRECTORY_TRAVERSE         =       $0002;  
     DIRECTORY_CREATE_OBJECT    =       $0004;  
  
procedure RtlInitUnicodeString(DestinationString: PUnicodeString; SourceString: PWideChar);  
                      stdcall; external 'ntdll.dll';  
function ZwLoadDriver(DriverServiceName: PUnicodeString): cardinal;  
                      stdcall;external 'ntdll.dll';  
  
function ZwUnloadDriver(DriverServiceName: PUnicodeString): cardinal;  
                      stdcall;external 'ntdll.dll';  
type  
        TDriver = class  
        private  
          DrName: TString;  
          DrPath: TString;  
          hDriver: Cardinal;  
          RegisteredStatus,  
          LoadedStatus,  
          UnRegisteredStatus,  
          UnLoadStatus: boolean;  
        public  
          constructor Create(Name,Path: PCHAR);   //??????? ??????-???????.???????? ???????,???? ? ????????  
          function Registered: boolean;           //??????????? ???????? ? ???????. True - ?????  
          function Load: boolean;                  //???????????? ????????? ????????,True - ?????  
          function Start(Popitka:byte = 0):boolean;  //???? ???? ???????? ??????? Registered,? ?????  
              //Load,?? ????? ??????? ????? Start.???????? ??????????? ??????? ???????? ????????  
          function UnLoad: boolean;               //???????????? ?????????? ????????.True - ?????  
          function UnRegistered: boolean;         //??????? ??????????? ???????? ?? ???????  
          function Stop:boolean;                  //????????? ??????? ? UnRegistered.  
          function IOCTL_CODE(DeviceType, FunctionNo, Method, Access: Integer): Integer; //???????? IOCTL ??????  
          function WriteToDriver(Var WriteBuf; SizeW: DWORD): integer;  //?????? ????? ?? ????????,???????? WriteFile  
          function ReadFromDriver(Var ReadBuf; SizeR: DWORD): integer;  //????? ????? ? ???????,????????? ReadFile  
          function ReadWrite(Var ToDroverBuf;   SizeOfToDroverBuf:   DWORD; CTL_CODE: DWORD;  //????? ????? ? ????????? ? ???????? ??????.  
                             Var FromDriverBuf; SizeOfFromDriverBuf: DWORD): Integer;  //???????????? DeviceIOcontrol  
          property MyDriverName: TString read DrName;   //???????? ???????? ???????  
          property MyDriverPath: TString read DrPath;   //???? ? ????????  
          //property MyDriverHandle: Cardinal read hDriver;   //???????? hDriver  
  
          property MyRegisteredStatus: boolean read RegisteredStatus;  //???????  
          property MyLoadedStatus: boolean read LoadedStatus;  
          property MyUnRegisteredStatus: boolean read UnRegisteredStatus;  
          property MyUnLoadStatus: boolean read UnLoadStatus;  
        end;  
  
implementation  
const  
      DrvReg = '\registry\machine\system\CurrentControlSet\Servic  es\';  
  
function EnablePrivilegeEx(Process: dword; lpPrivilegeName: PChar):Boolean;  
var  
      hToken: dword;  
      NameValue: Int64;  
      tkp: TOKEN_PRIVILEGES;  
      ReturnLength: dword;  
begin  
      Result:=false;  
      OpenProcessToken(Process, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken);  
      if not LookupPrivilegeValue(nil, lpPrivilegeName, NameValue) then  
      begin  
        CloseHandle(hToken);  
        exit;  
      end;  
      tkp.PrivilegeCount := 1;  
      tkp.Privileges[0].Luid := NameValue;  
      tkp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;  
      AdjustTokenPrivileges(hToken, false, tkp, SizeOf(TOKEN_PRIVILEGES), tkp, ReturnLength);  
      if GetLastError() <> ERROR_SUCCESS then  
      begin  
        CloseHandle(hToken);  
        exit;  
      end;  
      Result:=true;  
      CloseHandle(hToken);  
end;  
  
{ TDriver }  
  
constructor TDriver.Create(Name, Path: PCHAR);  
begin  
      inherited Create;  
      lStrCpy(DrName,Name);  
      lStrCpy(DrPath,Path);  
  
      RegisteredStatus:= False;    LoadedStatus:= False;  
      UnRegisteredStatus:= False;  UnLoadStatus:= False;  
      hDriver:=0;  
      //EnablePrivilegeEx(GetCurrentProcessId, 'SeLoadDriverPrivilege'); //SetDebugPrivileges  
end;  
  
function TDriver.Load: boolean;  
var  
     Image: TUnicodeString;  
     Buff: array [0..MAX_PATH] of WideChar;  
begin  
      StringToWideChar(DrvReg + DrName, Buff, MAX_PATH);  
      RtlInitUnicodeString(@Image, Buff);  
      Result := ZwLoadDriver(@Image) = 0;  
      LoadedStatus:= Result;  
end;  
  
function TDriver.Registered: boolean;  
var  
     Key, Key2: HKEY;  
     dType: dword;  
     Err: dword;  
     NtPath: array[0..MAX_PATH] of Char;  
begin  
     Result := false;  
     dType := 1;  
     Err := RegOpenKeyA(HKEY_LOCAL_MACHINE, 'system\CurrentControlSet\Services', Key);  
     if Err = ERROR_SUCCESS then  
       begin  
        Err := RegCreateKeyA(Key, drName, Key2);  
        if Err <> ERROR_SUCCESS then Err := RegOpenKeyA(Key, drName, Key2);  
        if Err = ERROR_SUCCESS then  
          begin  
           lstrcpy(NtPath, PChar('\??\' + drPath));  
           RegSetValueExA(Key2, 'ImagePath', 0, REG_SZ, @NtPath, lstrlen(NtPath));  
           RegSetValueExA(Key2, 'Type', 0, REG_DWORD, @dType, SizeOf(dword));  
           RegCloseKey(Key2);  
           Result := true;  
          end;  
        RegCloseKey(Key);  
       end;  
       RegisteredStatus:= Result;  
end;  
  
function TDriver.Start(Popitka:byte = 0):boolean;  
Var F:Boolean;  
        i:byte;  
Begin  
      F:=false;  
      i:=0;  
      repeat  
        F:=(Registered and Load);  
        if not F then  
        begin  
          UnLoad;  
          UnRegistered;  
        end;  
        inc(i);  
        if i = Popitka then  
          Break;  
      until F;  
      Result:=F;  
End;  
  
function TDriver.UnLoad: boolean;  
var  
     Image: TUnicodeString;  
     Buff: array [0..MAX_PATH] of WideChar;  
begin  
      StringToWideChar(DrvReg + DrName, Buff, MAX_PATH);  
      RtlInitUnicodeString(@Image, Buff);  
      Result := ZwUnloadDriver(@Image) = 0;  
      UnLoadStatus:= Result;  
end;  
  
function TDriver.UnRegistered: boolean;  
var  
     Key: HKEY;  
begin  
      Result := false;  
      if RegOpenKeyA(HKEY_LOCAL_MACHINE, 'system\CurrentControlSet\Services', Key) = ERROR_SUCCESS then  
        begin  
          RegDeleteKey(Key, PChar(drName+'\Enum'));  
          RegDeleteKey(Key, PChar(drName+'\Security'));  
          Result := RegDeleteKey(Key, drName) = ERROR_SUCCESS;  
          RegCloseKey(Key);  
        end;  
      UnRegisteredStatus:= Result;  
end;  
  
function TDriver.Stop:boolean;  
Begin  
      Result:= UnLoad and UnRegistered;  
End;  
  
function TDriver.ReadFromDriver(var ReadBuf; SizeR: DWORD): integer;  
Var H,N:Dword;  
begin  
      ZeroMemory(@ReadBuf,SizeR);  
      Result:=Integer(LoadedStatus and RegisteredStatus);  
      if Result = 0 then  
        exit;  
      h:= CreateFile(PCHAR('\\.\'+DrName),GENERIC_ALL,0,nil,  OPEN_EXISTING,0,0);  
      if h = INVALID_HANDLE_VALUE then  
      begin  
        Result:= -1;  
        exit;  
      end;  
      ReadFile(h,ReadBuf,SizeR,N,0);  
      Result:=N;  
      CloseHandle(h);  
end;  
  
function TDriver.WriteToDriver(var WriteBuf; SizeW: DWORD): integer;  
Var H,N:Dword;  
begin  
      Result:=Integer(LoadedStatus and RegisteredStatus);  
      if Result = 0 then exit;  
      h:= CreateFile(PCHAR('\\.\'+DrName),GENERIC_ALL,0,nil,  OPEN_EXISTING,0,0);  
      if h = INVALID_HANDLE_VALUE then  
      begin  
        Result:= -1;  
        exit;  
      end;  
      WriteFile(h,WriteBuf,SizeW,N,0);  
      Result:=N;  
      CloseHandle(h);  
end;  
  
function TDriver.ReadWrite(Var ToDroverBuf;   SizeOfToDroverBuf:  
                     DWORD; CTL_CODE: DWORD;  
                     Var FromDriverBuf; SizeOfFromDriverBuf: DWORD): Integer;  
var  
     Bytes: dword;  
begin  
     Result:= -1;  
     hDriver := CreateFile(pChar('\\.\'+DrName),GENERIC_ALL,0,nil,  OPEN_EXISTING,0,0);  
     if hDriver = INVALID_HANDLE_VALUE then exit;  
     if @FromDriverBuf <> nil then ZeroMemory(@FromDriverBuf,SizeOfFromDriverBuf);  
     if DeviceIoControl(hDriver,  
                        CTL_CODE,  
                        @ToDroverBuf,SizeOfToDroverBuf,       //??????,?????????? ? ???????  
                        @FromDriverBuf, SizeOfFromDriverBuf,  //??????,??????? ??????? ???????  
                        Bytes, nil) then  
        Result:=Bytes;  
      CloseHandle(hDriver);      
end;  
  
function TDriver.IOCTL_CODE(DeviceType, FunctionNo, Method, Access: Integer): Integer;  
begin  
      Result :=( (DeviceType shl 16) or (Access shl 14) or (FunctionNo shl 2) or Method);  
end;  
  
end.

کد:
program DriverLoader;  
{$Apptype Console}  
uses  
      windows,dDriver,SysUtils;  
Var  
      Name,Path:String;  
      Driver: TDriver;  
      DataToDriver,DataFromDriver:Array[0..19] of char;  
      CTL:DWORD;  
begin  
      Name:= 'Share';  
      Path:='D:\Sniffer\Share\i386\Share.sys';  
      WriteLn('Name: ',Name);  
      WriteLn('Path: ',Path);  
      Driver:= TDriver.Create(pChar(Name),pChar(Path));  
  
      {if Driver.Registered then  
        WriteLn('Registered!')  else  
        WriteLn('Not Registered!');  
  
      if Driver.Load then  
        WriteLn('Loaded!')  else  
        WriteLn('Not Loaded!');}  
        Driver.Start(3);  
        CTL:=Driver.IOCTL_CODE(FILE_DEVICE_UNKNOWN,$803,ME  THOD_BUFFERED,FILE_ANY_ACCESS);  
        //???????? ???????? ???????? Hellow...  
        DataToDriver:='Project1.exe';  
        Driver.WriteToDriver(DataToDriver,Length(DataToDri  ver));  
        //????????? ???????? ?? ???????? Hellow.  
        Driver.ReadFromDriver(DataFromDriver,SizeOf(DataFr  omDriver));  
        WriteLn(DataFromDriver);  
        //????????? ? ?? ? ??  
        FillChar(DataToDriver,0,SizeOf(DataToDriver));  FillChar(DataFromDriver,0,SizeOf(DataFromDriver));  
        DataToDriver:='Hellow against!';  
        Driver.ReadWrite(DataToDriver,SizeOf(DataToDriver)  ,CTL,DataFromDriver,SizeOf(DataToDriver));  
        WriteLn(DataFromDriver);  
      {if Driver.UnLoad then  
        WriteLn('UnLoad!')  else  
        WriteLn('Not UnLoad!');  
  
      if Driver.UnRegistered then  
        WriteLn('UnRegistered!')  else  
        WriteLn('Not UnRegistered!');}  
        Driver.Stop;  
     ReadLn;  
end.

کد:
#include "ntddk.h"  
#define NT_DEVICE_NAME L"\\Device\\Share"  
#define WIN32_DEVICE_NAME L"\\DosDevices\\SHare"  
#define DWORD unsigned long  
#define SECTION_SIZE 255  
  
#define IOCTL_SHARE CTL_CODE (FILE_DEVICE_UNKNOWN, 0x803, METHOD_BUFFERED, FILE_ANY_ACCESS)  
  
NTSTATUS CtlCreate(IN PDEVICE_OBJECT, IN PIRP);      
NTSTATUS CtlClose(IN PDEVICE_OBJECT, IN PIRP);      
NTSTATUS CtlDriverDispatch(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp);  
NTSTATUS CtlDriverDispatchWrite(IN PDEVICE_OBJECT,IN PIRP);   //???? ?????????? ????? WriteFile  
NTSTATUS CtlDriverDispatchRead(IN PDEVICE_OBJECT,IN PIRP);    //???? ?????????? ????? ReadFile  
NTSTATUS UnloadDriver(IN PDRIVER_OBJECT pDriverObject);    //???? ?????????? ????? DeviceIOControl  
  
NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING RegistryPath)        
{  
         PDEVICE_OBJECT pDeviceObject;  
         UNICODE_STRING uniNtName;  
         UNICODE_STRING uniWin32Name;  
         RtlInitUnicodeString(&uniNtName, NT_DEVICE_NAME);  
         RtlInitUnicodeString(&uniWin32Name, WIN32_DEVICE_NAME);        
                
      IoCreateSymbolicLink(&uniWin32Name, &uniNtName);      
         IoCreateDevice(pDriverObject,0,&uniNtName,FILE_DEV  ICE_UNKNOWN,0,FALSE,&pDeviceObject);      
                
      pDriverObject->MajorFunction[IRP_MJ_CREATE]=CtlCreate;  
         pDriverObject->MajorFunction[IRP_MJ_CLOSE]=CtlClose;  
         pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL]=CtlDriverDispatch;  
      pDriverObject->MajorFunction[IRP_MJ_WRITE] = CtlDriverDispatchWrite;  
      pDriverObject->MajorFunction[IRP_MJ_READ] = CtlDriverDispatchRead;  
         pDriverObject->DriverUnload = UnloadDriver;  
      DbgPrint("Driver has been loaded!");  
  
         return STATUS_SUCCESS;  
}  
  
NTSTATUS CtlCreate(IN PDEVICE_OBJECT pDeviceObject,IN PIRP Irp)  
{  
         Irp->IoStatus.Status=STATUS_SUCCESS;  
         Irp->IoStatus.Information=0;      
         IoCompleteRequest(Irp,IO_NO_INCREMENT);  
         return STATUS_SUCCESS;  
}          
  
NTSTATUS CtlClose(IN PDEVICE_OBJECT pDeviceObject,IN PIRP Irp)  
{  
         Irp->IoStatus.Status=STATUS_SUCCESS;  
         Irp->IoStatus.Information=0;        
         IoCompleteRequest(Irp,IO_NO_INCREMENT);  
         return STATUS_SUCCESS;        
}  
  
NTSTATUS UnloadDriver(IN PDRIVER_OBJECT pDriverObject)  
{  
         PDEVICE_OBJECT  deviceObject = pDriverObject->DeviceObject;  
         UNICODE_STRING  uniWin32NameString;  
         RtlInitUnicodeString( &uniWin32NameString, WIN32_DEVICE_NAME );  
         IoDeleteSymbolicLink( &uniWin32NameString );          
         IoDeleteDevice( deviceObject );      
      DbgPrint("Driver has been Unloaded!");  
         return STATUS_SUCCESS;  
}  
  
NTSTATUS CtlDriverDispatchWrite(IN PDEVICE_OBJECT pDeviceObject,IN PIRP Irp)  
{      
      //? Irp->UserBuffer ????? ??,??? ?????? ???????????? WriteFile??  
      PIO_STACK_LOCATION pIrpStack;              
         pIrpStack=IoGetCurrentIrpStackLocation(Irp);  
      Irp->IoStatus.Information = 0;  
  
      if (pIrpStack->MajorFunction == IRP_MJ_WRITE)  
      {  
       __try  
       {        
        ULONG Length = pIrpStack->Parameters.Write.Length;  
        DbgPrint("Recv:%s \n",Irp->UserBuffer);        
       }  
       __except(EXCEPTION_EXECUTE_HANDLER)      
       {  
        DbgPrint("Error");  
       }  
      }  
  
         Irp->IoStatus.Status=STATUS_SUCCESS;  
         IoCompleteRequest (Irp,IO_NO_INCREMENT);      
         return STATUS_SUCCESS;        
}  
  
NTSTATUS CtlDriverDispatchRead(IN PDEVICE_OBJECT pDeviceObject,IN PIRP Irp)  
{      
      //???? ???????? ? Irp->UserBuffer ??,????????? ? ?????,??????? ????? ? ReadFile ?? ??????????  
      PIO_STACK_LOCATION pIrpStack;              
         pIrpStack=IoGetCurrentIrpStackLocation(Irp);      
  
      DbgPrint("CtlDriverDispatchRead");  
  
      if (pIrpStack->MajorFunction == IRP_MJ_READ)  
      {  
       __try  
       {          
        RtlCopyMemory(Irp->UserBuffer,"Hellow!FromDrover",18);                        
       }  
       __except(EXCEPTION_EXECUTE_HANDLER)      
       {  
        DbgPrint("Error");  
       }  
      }  
  
      Irp->IoStatus.Information = 0;  
         Irp->IoStatus.Status=STATUS_SUCCESS;      
  
         IoCompleteRequest (Irp,IO_NO_INCREMENT);      
         return STATUS_SUCCESS;        
}  
  
NTSTATUS CtlDriverDispatch(IN PDEVICE_OBJECT pDeviceObject,IN PIRP Irp)  
{      
      //? ?????? ?????? ??????? ????? ????? Irp->AssociatedIrp.SystemBuffer ???.  
      PIO_STACK_LOCATION pIrpStack;              
      PVOID pBuff = Irp->UserBuffer;       //?????? ? ?????  
      PVOID pBuff_In = Irp->AssociatedIrp.SystemBuffer;  //????? ?? ?????  
      DWORD *Pid = NULL;  
      DWORD PID = 0;  
         pIrpStack=IoGetCurrentIrpStackLocation(Irp);      
      DbgPrint("CtlDriverDispatch...\n");      
              
      DbgPrint("CTL: %d",IOCTL_SHARE);  
      if (pIrpStack->Parameters.DeviceIoControl.IoControlCode == IOCTL_SHARE)// ???? ????? IOCTL ??????,??  
      {//?????? ???.  
       __try  
       {  
        DbgPrint("We are in SEH mdoe!\n");                        
        Pid = pBuff_In;  
        DbgPrint("RECV %s \n",pBuff_In);        
                
        RtlCopyMemory(pBuff,"12345",5);            
        DbgPrint("Sended: %s","12345");  
       }  
       __except(EXCEPTION_EXECUTE_HANDLER)      
       {  
        DbgPrint("Error");  
       }  
      }      
  
      Irp->IoStatus.Information = 0;  
         Irp->IoStatus.Status=STATUS_SUCCESS;      
  
         IoCompleteRequest (Irp,IO_NO_INCREMENT);      
         return STATUS_SUCCESS;        
}


من اینو تست نکردم (مال خودم رو دارم)

منبع برادران روس

شب خوش

بهروز عباسی

۰۹-دى-۱۳۹۲, ۱۹:۳۸:۳۳
ممکنه در برخی شرایط خاص بخواهید اندازه یک تابع رو به دست بیارید در این صورت می تونید از یونیت زیر استفاده کنید (مثلاً: Injection :d)

کد:
{
  ---------------------------------------------------
  Opcode Length Disassembler.
  Coded By Ms-Rem ( Ms-Rem@yandex.ru ) ICQ 286370715
  ---------------------------------------------------
  12.08.2005 - fixed many bugs...
  09.08.2005 - fixed bug with 0F BA opcode.
  07.08.2005 - added SSE, SSE2, SSE3 and 3Dnow instruction support.
  06.08.2005 - fixed bug with F6 and F7 opcodes.
  29.07.2005 - fixed bug with OP_WORD opcodes.
}
unit LDasm;

interface

type
dword  = cardinal;
ppbyte = ^pbyte;

function SizeOfCode(Code: pointer; pOpcode: ppbyte): dword;
function SizeOfProc(Proc: pointer): dword;
function IsRelativeCmd(pOpcode: pbyte): boolean;

implementation

const
OP_NONE          = $00;
OP_MODRM         = $01;
OP_DATA_I8       = $02;
OP_DATA_I16      = $04;
OP_DATA_I32      = $08;
OP_DATA_PRE66_67 = $10;
OP_WORD          = $20;
OP_REL32         = $40;


const
OpcodeFlags: array [$00..$FF] of byte =
(
  OP_MODRM,                        // 00
  OP_MODRM,                        // 01
  OP_MODRM,                        // 02
  OP_MODRM,                        // 03
  OP_DATA_I8,                      // 04
  OP_DATA_PRE66_67,                // 05
  OP_NONE,                         // 06
  OP_NONE,                         // 07
  OP_MODRM,                        // 08
  OP_MODRM,                        // 09
  OP_MODRM,                        // 0A
  OP_MODRM,                        // 0B
  OP_DATA_I8,                      // 0C
  OP_DATA_PRE66_67,                // 0D
  OP_NONE,                         // 0E
  OP_NONE,                         // 0F
  OP_MODRM,                        // 10
  OP_MODRM,                        // 11
  OP_MODRM,                        // 12
  OP_MODRM,                        // 13
  OP_DATA_I8,                      // 14
  OP_DATA_PRE66_67,                // 15
  OP_NONE,                         // 16
  OP_NONE,                         // 17
  OP_MODRM,                        // 18
  OP_MODRM,                        // 19
  OP_MODRM,                        // 1A
  OP_MODRM,                        // 1B
  OP_DATA_I8,                      // 1C
  OP_DATA_PRE66_67,                // 1D
  OP_NONE,                         // 1E
  OP_NONE,                         // 1F
  OP_MODRM,                        // 20
  OP_MODRM,                        // 21
  OP_MODRM,                        // 22
  OP_MODRM,                        // 23
  OP_DATA_I8,                      // 24
  OP_DATA_PRE66_67,                // 25
  OP_NONE,                         // 26
  OP_NONE,                         // 27
  OP_MODRM,                        // 28
  OP_MODRM,                        // 29
  OP_MODRM,                        // 2A
  OP_MODRM,                        // 2B
  OP_DATA_I8,                      // 2C
  OP_DATA_PRE66_67,                // 2D
  OP_NONE,                         // 2E
  OP_NONE,                         // 2F
  OP_MODRM,                        // 30
  OP_MODRM,                        // 31
  OP_MODRM,                        // 32
  OP_MODRM,                        // 33
  OP_DATA_I8,                      // 34
  OP_DATA_PRE66_67,                // 35
  OP_NONE,                         // 36
  OP_NONE,                         // 37
  OP_MODRM,                        // 38
  OP_MODRM,                        // 39
  OP_MODRM,                        // 3A
  OP_MODRM,                        // 3B
  OP_DATA_I8,                      // 3C
  OP_DATA_PRE66_67,                // 3D
  OP_NONE,                         // 3E
  OP_NONE,                         // 3F
  OP_NONE,                         // 40
  OP_NONE,                         // 41
  OP_NONE,                         // 42
  OP_NONE,                         // 43
  OP_NONE,                         // 44
  OP_NONE,                         // 45
  OP_NONE,                         // 46
  OP_NONE,                         // 47
  OP_NONE,                         // 48
  OP_NONE,                         // 49
  OP_NONE,                         // 4A
  OP_NONE,                         // 4B
  OP_NONE,                         // 4C
  OP_NONE,                         // 4D
  OP_NONE,                         // 4E
  OP_NONE,                         // 4F
  OP_NONE,                         // 50
  OP_NONE,                         // 51
  OP_NONE,                         // 52
  OP_NONE,                         // 53
  OP_NONE,                         // 54
  OP_NONE,                         // 55
  OP_NONE,                         // 56
  OP_NONE,                         // 57
  OP_NONE,                         // 58
  OP_NONE,                         // 59
  OP_NONE,                         // 5A
  OP_NONE,                         // 5B
  OP_NONE,                         // 5C
  OP_NONE,                         // 5D
  OP_NONE,                         // 5E
  OP_NONE,                         // 5F
  OP_NONE,                         // 60
  OP_NONE,                         // 61
  OP_MODRM,                        // 62
  OP_MODRM,                        // 63
  OP_NONE,                         // 64
  OP_NONE,                         // 65
  OP_NONE,                         // 66
  OP_NONE,                         // 67
  OP_DATA_PRE66_67,                // 68
  OP_MODRM or OP_DATA_PRE66_67,    // 69
  OP_DATA_I8,                      // 6A
  OP_MODRM or OP_DATA_I8,          // 6B
  OP_NONE,                         // 6C
  OP_NONE,                         // 6D
  OP_NONE,                         // 6E
  OP_NONE,                         // 6F
  OP_DATA_I8,                      // 70
  OP_DATA_I8,                      // 71
  OP_DATA_I8,                      // 72
  OP_DATA_I8,                      // 73
  OP_DATA_I8,                      // 74
  OP_DATA_I8,                      // 75
  OP_DATA_I8,                      // 76
  OP_DATA_I8,                      // 77
  OP_DATA_I8,                      // 78
  OP_DATA_I8,                      // 79
  OP_DATA_I8,                      // 7A
  OP_DATA_I8,                      // 7B
  OP_DATA_I8,                      // 7C
  OP_DATA_I8,                      // 7D
  OP_DATA_I8,                      // 7E
  OP_DATA_I8,                      // 7F
  OP_MODRM or OP_DATA_I8,          // 80
  OP_MODRM or OP_DATA_PRE66_67,    // 81
  OP_MODRM or OP_DATA_I8,          // 82
  OP_MODRM or OP_DATA_I8,          // 83
  OP_MODRM,                        // 84
  OP_MODRM,                        // 85
  OP_MODRM,                        // 86
  OP_MODRM,                        // 87
  OP_MODRM,                        // 88
  OP_MODRM,                        // 89
  OP_MODRM,                        // 8A
  OP_MODRM,                        // 8B
  OP_MODRM,                        // 8C
  OP_MODRM,                        // 8D
  OP_MODRM,                        // 8E
  OP_MODRM,                        // 8F
  OP_NONE,                         // 90
  OP_NONE,                         // 91
  OP_NONE,                         // 92
  OP_NONE,                         // 93
  OP_NONE,                         // 94
  OP_NONE,                         // 95
  OP_NONE,                         // 96
  OP_NONE,                         // 97
  OP_NONE,                         // 98
  OP_NONE,                         // 99
  OP_DATA_I16 or OP_DATA_PRE66_67, // 9A
  OP_NONE,                         // 9B
  OP_NONE,                         // 9C
  OP_NONE,                         // 9D
  OP_NONE,                         // 9E
  OP_NONE,                         // 9F
  OP_DATA_PRE66_67,                // A0
  OP_DATA_PRE66_67,                // A1
  OP_DATA_PRE66_67,                // A2
  OP_DATA_PRE66_67,                // A3
  OP_NONE,                         // A4
  OP_NONE,                         // A5
  OP_NONE,                         // A6
  OP_NONE,                         // A7
  OP_DATA_I8,                      // A8
  OP_DATA_PRE66_67,                // A9
  OP_NONE,                         // AA
  OP_NONE,                         // AB
  OP_NONE,                         // AC
  OP_NONE,                         // AD
  OP_NONE,                         // AE
  OP_NONE,                         // AF
  OP_DATA_I8,                      // B0
  OP_DATA_I8,                      // B1
  OP_DATA_I8,                      // B2
  OP_DATA_I8,                      // B3
  OP_DATA_I8,                      // B4
  OP_DATA_I8,                      // B5
  OP_DATA_I8,                      // B6
  OP_DATA_I8,                      // B7
  OP_DATA_PRE66_67,                // B8
  OP_DATA_PRE66_67,                // B9
  OP_DATA_PRE66_67,                // BA
  OP_DATA_PRE66_67,                // BB
  OP_DATA_PRE66_67,                // BC
  OP_DATA_PRE66_67,                // BD
  OP_DATA_PRE66_67,                // BE
  OP_DATA_PRE66_67,                // BF
  OP_MODRM or OP_DATA_I8,          // C0
  OP_MODRM or OP_DATA_I8,          // C1
  OP_DATA_I16,                     // C2
  OP_NONE,                         // C3
  OP_MODRM,                        // C4
  OP_MODRM,                        // C5
  OP_MODRM or OP_DATA_I8,          // C6
  OP_MODRM or OP_DATA_PRE66_67,    // C7
  OP_DATA_I8 or OP_DATA_I16,       // C8
  OP_NONE,                         // C9
  OP_DATA_I16,                     // CA
  OP_NONE,                         // CB
  OP_NONE,                         // CC
  OP_DATA_I8,                      // CD
  OP_NONE,                         // CE
  OP_NONE,                         // CF
  OP_MODRM,                        // D0
  OP_MODRM,                        // D1
  OP_MODRM,                        // D2
  OP_MODRM,                        // D3
  OP_DATA_I8,                      // D4
  OP_DATA_I8,                      // D5
  OP_NONE,                         // D6
  OP_NONE,                         // D7
  OP_WORD,                         // D8
  OP_WORD,                         // D9
  OP_WORD,                         // DA
  OP_WORD,                         // DB
  OP_WORD,                         // DC
  OP_WORD,                         // DD
  OP_WORD,                         // DE
  OP_WORD,                         // DF
  OP_DATA_I8,                      // E0
  OP_DATA_I8,                      // E1
  OP_DATA_I8,                      // E2
  OP_DATA_I8,                      // E3
  OP_DATA_I8,                      // E4
  OP_DATA_I8,                      // E5
  OP_DATA_I8,                      // E6
  OP_DATA_I8,                      // E7
  OP_DATA_PRE66_67 or OP_REL32,    // E8
  OP_DATA_PRE66_67 or OP_REL32,    // E9
  OP_DATA_I16 or OP_DATA_PRE66_67, // EA
  OP_DATA_I8,                      // EB
  OP_NONE,                         // EC
  OP_NONE,                         // ED
  OP_NONE,                         // EE
  OP_NONE,                         // EF
  OP_NONE,                         // F0
  OP_NONE,                         // F1
  OP_NONE,                         // F2
  OP_NONE,                         // F3
  OP_NONE,                         // F4
  OP_NONE,                         // F5
  OP_MODRM,                        // F6
  OP_MODRM,                        // F7
  OP_NONE,                         // F8
  OP_NONE,                         // F9
  OP_NONE,                         // FA
  OP_NONE,                         // FB
  OP_NONE,                         // FC
  OP_NONE,                         // FD
  OP_MODRM,                        // FE
  OP_MODRM or OP_REL32             // FF
);

OpcodeFlagsExt: array [$00..$FF] of byte =
(
  OP_MODRM,                        // 00
  OP_MODRM,                        // 01
  OP_MODRM,                        // 02
  OP_MODRM,                        // 03
  OP_NONE,                         // 04
  OP_NONE,                         // 05
  OP_NONE,                         // 06
  OP_NONE,                         // 07
  OP_NONE,                         // 08
  OP_NONE,                         // 09
  OP_NONE,                         // 0A
  OP_NONE,                         // 0B
  OP_NONE,                         // 0C
  OP_MODRM,                        // 0D
  OP_NONE,                         // 0E
  OP_MODRM or OP_DATA_I8,          // 0F
  OP_MODRM,                        // 10
  OP_MODRM,                        // 11
  OP_MODRM,                        // 12
  OP_MODRM,                        // 13
  OP_MODRM,                        // 14
  OP_MODRM,                        // 15
  OP_MODRM,                        // 16
  OP_MODRM,                        // 17
  OP_MODRM,                        // 18
  OP_NONE,                         // 19
  OP_NONE,                         // 1A
  OP_NONE,                         // 1B
  OP_NONE,                         // 1C
  OP_NONE,                         // 1D
  OP_NONE,                         // 1E
  OP_NONE,                         // 1F
  OP_MODRM,                        // 20
  OP_MODRM,                        // 21
  OP_MODRM,                        // 22
  OP_MODRM,                        // 23
  OP_MODRM,                        // 24
  OP_NONE,                         // 25
  OP_MODRM,                        // 26
  OP_NONE,                         // 27
  OP_MODRM,                        // 28
  OP_MODRM,                        // 29
  OP_MODRM,                        // 2A
  OP_MODRM,                        // 2B
  OP_MODRM,                        // 2C
  OP_MODRM,                        // 2D
  OP_MODRM,                        // 2E
  OP_MODRM,                        // 2F
  OP_NONE,                         // 30
  OP_NONE,                         // 31
  OP_NONE,                         // 32
  OP_NONE,                         // 33
  OP_NONE,                         // 34
  OP_NONE,                         // 35
  OP_NONE,                         // 36
  OP_NONE,                         // 37
  OP_NONE,                         // 38
  OP_NONE,                         // 39
  OP_NONE,                         // 3A
  OP_NONE,                         // 3B
  OP_NONE,                         // 3C
  OP_NONE,                         // 3D
  OP_NONE,                         // 3E
  OP_NONE,                         // 3F
  OP_MODRM,                        // 40
  OP_MODRM,                        // 41
  OP_MODRM,                        // 42
  OP_MODRM,                        // 43
  OP_MODRM,                        // 44
  OP_MODRM,                        // 45
  OP_MODRM,                        // 46
  OP_MODRM,                        // 47
  OP_MODRM,                        // 48
  OP_MODRM,                        // 49
  OP_MODRM,                        // 4A
  OP_MODRM,                        // 4B
  OP_MODRM,                        // 4C
  OP_MODRM,                        // 4D
  OP_MODRM,                        // 4E
  OP_MODRM,                        // 4F
  OP_MODRM,                        // 50
  OP_MODRM,                        // 51
  OP_MODRM,                        // 52
  OP_MODRM,                        // 53
  OP_MODRM,                        // 54
  OP_MODRM,                        // 55
  OP_MODRM,                        // 56
  OP_MODRM,                        // 57
  OP_MODRM,                        // 58
  OP_MODRM,                        // 59
  OP_MODRM,                        // 5A
  OP_MODRM,                        // 5B
  OP_MODRM,                        // 5C
  OP_MODRM,                        // 5D
  OP_MODRM,                        // 5E
  OP_MODRM,                        // 5F
  OP_MODRM,                        // 60
  OP_MODRM,                        // 61
  OP_MODRM,                        // 62
  OP_MODRM,                        // 63
  OP_MODRM,                        // 64
  OP_MODRM,                        // 65
  OP_MODRM,                        // 66
  OP_MODRM,                        // 67
  OP_MODRM,                        // 68
  OP_MODRM,                        // 69
  OP_MODRM,                        // 6A
  OP_MODRM,                        // 6B
  OP_MODRM,                        // 6C
  OP_MODRM,                        // 6D
  OP_MODRM,                        // 6E
  OP_MODRM,                        // 6F
  OP_MODRM or OP_DATA_I8,          // 70
  OP_MODRM or OP_DATA_I8,          // 71
  OP_MODRM or OP_DATA_I8,          // 72
  OP_MODRM or OP_DATA_I8,          // 73
  OP_MODRM,                        // 74
  OP_MODRM,                        // 75
  OP_MODRM,                        // 76
  OP_NONE,                         // 77
  OP_NONE,                         // 78
  OP_NONE,                         // 79
  OP_NONE,                         // 7A
  OP_NONE,                         // 7B
  OP_MODRM,                        // 7C
  OP_MODRM,                        // 7D
  OP_MODRM,                        // 7E
  OP_MODRM,                        // 7F
  OP_DATA_PRE66_67 or OP_REL32,    // 80
  OP_DATA_PRE66_67 or OP_REL32,    // 81
  OP_DATA_PRE66_67 or OP_REL32,    // 82
  OP_DATA_PRE66_67 or OP_REL32,    // 83
  OP_DATA_PRE66_67 or OP_REL32,    // 84
  OP_DATA_PRE66_67 or OP_REL32,    // 85
  OP_DATA_PRE66_67 or OP_REL32,    // 86
  OP_DATA_PRE66_67 or OP_REL32,    // 87
  OP_DATA_PRE66_67 or OP_REL32,    // 88
  OP_DATA_PRE66_67 or OP_REL32,    // 89
  OP_DATA_PRE66_67 or OP_REL32,    // 8A
  OP_DATA_PRE66_67 or OP_REL32,    // 8B
  OP_DATA_PRE66_67 or OP_REL32,    // 8C
  OP_DATA_PRE66_67 or OP_REL32,    // 8D
  OP_DATA_PRE66_67 or OP_REL32,    // 8E
  OP_DATA_PRE66_67 or OP_REL32,    // 8F
  OP_MODRM,                        // 90
  OP_MODRM,                        // 91
  OP_MODRM,                        // 92
  OP_MODRM,                        // 93
  OP_MODRM,                        // 94
  OP_MODRM,                        // 95
  OP_MODRM,                        // 96
  OP_MODRM,                        // 97
  OP_MODRM,                        // 98
  OP_MODRM,                        // 99
  OP_MODRM,                        // 9A
  OP_MODRM,                        // 9B
  OP_MODRM,                        // 9C
  OP_MODRM,                        // 9D
  OP_MODRM,                        // 9E
  OP_MODRM,                        // 9F
  OP_NONE,                         // A0
  OP_NONE,                         // A1
  OP_NONE,                         // A2
  OP_MODRM,                        // A3
  OP_MODRM or OP_DATA_I8,          // A4
  OP_MODRM,                        // A5
  OP_NONE,                         // A6
  OP_NONE,                         // A7
  OP_NONE,                         // A8
  OP_NONE,                         // A9
  OP_NONE,                         // AA
  OP_MODRM,                        // AB
  OP_MODRM or OP_DATA_I8,          // AC
  OP_MODRM,                        // AD
  OP_MODRM,                        // AE
  OP_MODRM,                        // AF
  OP_MODRM,                        // B0
  OP_MODRM,                        // B1
  OP_MODRM,                        // B2
  OP_MODRM,                        // B3
  OP_MODRM,                        // B4
  OP_MODRM,                        // B5
  OP_MODRM,                        // B6
  OP_MODRM,                        // B7
  OP_NONE,                         // B8
  OP_NONE,                         // B9
  OP_MODRM or OP_DATA_I8,          // BA
  OP_MODRM,                        // BB
  OP_MODRM,                        // BC
  OP_MODRM,                        // BD
  OP_MODRM,                        // BE
  OP_MODRM,                        // BF
  OP_MODRM,                        // C0
  OP_MODRM,                        // C1
  OP_MODRM or OP_DATA_I8,          // C2
  OP_MODRM,                        // C3
  OP_MODRM or OP_DATA_I8,          // C4
  OP_MODRM or OP_DATA_I8,          // C5
  OP_MODRM or OP_DATA_I8,          // C6
  OP_MODRM,                        // C7
  OP_NONE,                         // C8
  OP_NONE,                         // C9
  OP_NONE,                         // CA
  OP_NONE,                         // CB
  OP_NONE,                         // CC
  OP_NONE,                         // CD
  OP_NONE,                         // CE
  OP_NONE,                         // CF
  OP_MODRM,                        // D0
  OP_MODRM,                        // D1
  OP_MODRM,                        // D2
  OP_MODRM,                        // D3
  OP_MODRM,                        // D4
  OP_MODRM,                        // D5
  OP_MODRM,                        // D6
  OP_MODRM,                        // D7
  OP_MODRM,                        // D8
  OP_MODRM,                        // D9
  OP_MODRM,                        // DA
  OP_MODRM,                        // DB
  OP_MODRM,                        // DC
  OP_MODRM,                        // DD
  OP_MODRM,                        // DE
  OP_MODRM,                        // DF
  OP_MODRM,                        // E0
  OP_MODRM,                        // E1
  OP_MODRM,                        // E2
  OP_MODRM,                        // E3
  OP_MODRM,                        // E4
  OP_MODRM,                        // E5
  OP_MODRM,                        // E6
  OP_MODRM,                        // E7
  OP_MODRM,                        // E8
  OP_MODRM,                        // E9
  OP_MODRM,                        // EA
  OP_MODRM,                        // EB
  OP_MODRM,                        // EC
  OP_MODRM,                        // ED
  OP_MODRM,                        // EE
  OP_MODRM,                        // EF
  OP_MODRM,                        // F0
  OP_MODRM,                        // F1
  OP_MODRM,                        // F2
  OP_MODRM,                        // F3
  OP_MODRM,                        // F4
  OP_MODRM,                        // F5
  OP_MODRM,                        // F6
  OP_MODRM,                        // F7
  OP_MODRM,                        // F8
  OP_MODRM,                        // F9
  OP_MODRM,                        // FA
  OP_MODRM,                        // FB
  OP_MODRM,                        // FC
  OP_MODRM,                        // FD
  OP_MODRM,                        // FE
  OP_NONE                          // FF
);

{دîëَ÷هيèه ïîëيîمî ًàçىهًà ىàّèييîé êîىىàينû ïî َêàçàٍهë‏ يà يهه }
function SizeOfCode(Code: pointer; pOpcode: ppbyte): dword;
var
cPtr: pbyte;
Flags: byte;
PFX66, PFX67: boolean;
SibPresent: boolean;
iMod, iRM, iReg: byte;
OffsetSize, Add: byte;
Opcode: byte;
begin
Result     := 0;
OffsetSize := 0;
PFX66      := false;
PFX67      := false;
cPtr       := Code;
{îïًهنهëےهى ًàçىهً ïًهôôèêٌîâ}
while cPtr^ in [$2E, $3E, $36, $26, $64, $65, $F0, $F2, $F3, $66, $67] do
  begin
   if cPtr^ = $66 then PFX66 := true;
   if cPtr^ = $67 then PFX67 := true;
   Inc(cPtr);
   if dword(cPtr) > dword(Code) + 16 then Exit;
  end;
Opcode := cPtr^;
if pOpcode <> nil then pOpcode^ := cPtr;
{îïًهنهëےهى ًàçىهً îïêîنà è ïîëَ÷àهى ôëàمè}
if cPtr^ = $0F then
  begin
    Inc(cPtr);
    Flags := OpcodeFlagsExt[cPtr^];
  end else
  begin
    Flags := OpcodeFlags[Opcode];
    if Opcode in [$A0..$A3] then PFX66 := PFX67;
  end;
Inc(cPtr);
if (Flags and OP_WORD) > 0 then Inc(cPtr);
{îلًàلàٍûâàهى MOD r/m}
if (Flags and OP_MODRM) > 0 then
  begin
   iMod :=  cPtr^ shr 6;
   iReg := (cPtr^ and $38) shr 3;
   iRM  :=  cPtr^ and 7;
   Inc(cPtr);
   {îïêîنû F6 è F7 - Immediate ïًèٌٌٍٍَâَهٍ ٍîëüêî ïًè iReg = 0}
   if (Opcode = $F6) and (iReg = 0) then Flags := Flags or OP_DATA_I8;
   if (Opcode = $F7) and (iReg = 0) then Flags := Flags or OP_DATA_PRE66_67;  
   {îلًàلàٍûâàهى SIB è Offset}
   SibPresent := (not PFX67) and (iRM = 4);
   case iMod of
     0: begin
          if PFX67 and (iRM = 6) then OffsetSize := 2;
          if (not PFX67) and (iRM = 5) then OffsetSize := 4;    
        end;
     1: OffsetSize := 1;
     2: if PFX67 then OffsetSize := 2 else OffsetSize := 4;
     3: SibPresent := false;
   end;
   if SibPresent then
    begin
     if (cPtr^ and 7 = 5) and (iMod in [0, 2]) then OffsetSize := 4;
     Inc(cPtr);
    end;
   Inc(cPtr, OffsetSize);
  end;
{îلًàلàٍûâàهى IMM çيà÷هيèے}
if (Flags and OP_DATA_I8)  > 0 then Inc(cPtr);
if (Flags and OP_DATA_I16) > 0 then Inc(cPtr, 2);
if (Flags and OP_DATA_I32) > 0 then Inc(cPtr, 4);
if PFX66 then Add := 2 else Add := 4;
if (Flags and OP_DATA_PRE66_67) > 0 then Inc(cPtr, Add);
Result := dword(cPtr) - dword(Code);
end;


{ دîëَ÷هيèه ًàçىهًà ôَيêِèè ïî َêàçàٍهë يà يهه (ًàçىهً نî ïهًâîé êîىىàينû RET) }
function SizeOfProc(Proc: pointer): dword;
var
  Length: dword;
  pOpcode: pbyte;
begin
  Result := 0;
  repeat
    Length := SizeOfCode(Proc, @pOpcode);
    Inc(Result, Length);
    if (Length = 1) and (pOpcode^ = $C3) then Break;
    Proc := pointer(dword(Proc) + Length);
  until Length = 0;
end;

{îïًهنهëهيèه ٍîمî, èىههٍ ëè êîىىàينà rel32 offset}
function IsRelativeCmd(pOpcode: pbyte): boolean;
var
Flags: byte;
begin
if pOpcode^ = $0F then Flags := OpcodeFlagsExt[pbyte(dword(pOpcode) + 1)^]
    else Flags := OpcodeFlags[pOpcode^];
Result := Flags and OP_REL32 > 0;
end;


end.
صفحه‌ها: 1 2 3 4 5
ايران ويج > برنامه نویسی > دلفی > سورس دلفی