确定是否使用UPX压缩exe文件的方法 [英] Method to determine if an exe file has been compressed with UPX
问题描述
有没有方法来确定一个exe文件是否已经用UPX压缩?
Is there a method to determine if an exe file has been compressed with UPX?
确定exe文件是否被压缩的功能是非常好的,代码的问题。如果函数IsUPXCompressed被调用,那么你试图运行upx,upx不能保存它修改的文件。有一些东西在功能中没有正确共享权限。我已经测试了几个小时。如果我不调用该方法,则UPX可以写入文件没有问题。你调用它然后尝试运行UPX它不会保存文件。 UPX在尝试写入文件时报告IOException权限被拒绝错误。
The function to determine if an exe file has been compressed is excellent except I found a problem with the code. If the function IsUPXCompressed is called then you try to run upx, upx can not save the file it modifies. There is something not sharing rights correctly in the function. I have tested this for several hours. If I do not call the method then UPX can write the files with no problem. You you call it then try to run UPX it will not save the file. UPX reports an IOException Permission denied error when trying to write the file.
任何人都可以在代码中发现错误,导致此问题?
Can anyone spot something wrong in the code that would cause this problem?
谢谢
确定exe文件是否已压缩的函数除非我发现代码有问题。如果函数IsUPXCompressed被调用,那么你试图运行upx,upx不能保存它修改的文件。有一些东西在功能中没有正确共享权限。我已经测试了几个小时。如果我不调用该方法,则UPX可以写入文件没有问题。你调用它然后尝试运行UPX它不会保存文件。 UPX在尝试写入文件时报告IOException权限被拒绝错误。
The function to determine if an exe file has been compressed is excellent except I found a problem with the code. If the function IsUPXCompressed is called then you try to run upx, upx can not save the file it modifies. There is something not sharing rights correctly in the function. I have tested this for several hours. If I do not call the method then UPX can write the files with no problem. You you call it then try to run UPX it will not save the file. UPX reports an IOException Permission denied error when trying to write the file.
任何人都可以在代码中发现错误,导致此问题?
Can anyone spot something wrong in the code that would cause this problem?
谢谢
推荐答案
另一种方法,当一个exe包含UPX工具, PE头部的区段包含 UPX0 , UPX1 等部分,因此如果读取这些部分, UPX 您可以确定是否使用UPX打包程序压缩了exe。
Another Method, when a exe is packed with the UPX tool, the section of the PE header contains sections called UPX0,UPX1, etc. so if read these sections and compare the name with the string UPX you can determine if the exe was compressed using the UPX packer.
检查此功能
uses
Windows;
function IsUPXCompressed(const Filename:TFileName): Boolean;
var
i : integer;
pBaseAddress : PByte;
pDosHeader : PImageDosHeader;
pNtHeaders : PImageNtHeaders;
hFile : Cardinal;
hFileMap : Cardinal;
pSectionHeader: PImageSectionHeader;
dwOffset : Cardinal;
SectName : AnsiString;
begin
Result:=False;
hFile := CreateFile(PChar(Filename), GENERIC_READ, FILE_SHARE_READ, nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
if (hFile = INVALID_HANDLE_VALUE) then Exit;
hFileMap := CreateFileMapping(hFile, nil, PAGE_READONLY or SEC_IMAGE, 0, 0, nil);
if (hFileMap = 0) then
begin
CloseHandle(hFile);
Exit;
end;
pBaseAddress := MapViewOfFile(hFileMap, FILE_MAP_READ, 0, 0, 0);
if (pBaseAddress = nil) then
begin
CloseHandle(hFileMap);
CloseHandle(hFile);
Exit;
end;
try
dwOffset := Cardinal(pBaseAddress);
pDosHeader := PImageDosHeader(pBaseAddress);
pNtHeaders := PImageNtHeaders(dwOffset + Cardinal(pDosHeader._lfanew));
pSectionHeader := pImageSectionHeader(Cardinal(pNtHeaders) + SizeOf(TImageNtHeaders));
for i := 0 to pNtHeaders.FileHeader.NumberOfSections-1 do
begin
SetString(SectName, PAnsiChar(@pSectionHeader.Name), SizeOf(pSectionHeader.Name));
Result:=Pos('UPX',SectName)>0;
If Result then break;
Inc(pSectionHeader);
end;
finally
UnmapViewOfFile(pBaseAddress);
CloseHandle(hFileMap);
CloseHandle(hFile);
end;
end;
这篇关于确定是否使用UPX压缩exe文件的方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
