function StampDCU const FileName string Boolean поиск маркера подмена

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
function StampDCU(const FileName : string) : Boolean;
{поиск маркера и подмена его...}
var
Fh : THandle;
FileMap : THandle;
Memory : PByteArray;
I, Size : LongInt;
begin
Result := False;
Fh := CreateFile(PAnsiChar(FileName), GENERIC_READ or GENERIC_WRITE, 0,
nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
if (Fh <> INVALID_HANDLE_VALUE) then begin
Size := Windows.GetFileSize(Fh, nil);
FileMap := CreateFileMapping(Fh, nil, PAGE_READWRITE, 0, 0, nil);
if (FileMap <> 0) then begin
Memory := MapViewOfFile(FileMap, FILE_MAP_WRITE, 0, 0, 0);
if (Memory <> nil) then begin
for I := 0 to (Size - SizeOf(TSignatureRec)) - 1 do begin
if (PSignatureRec(@Memory[I])^ = ????) then begin
{обана нйдено}
if (Memory^[I+7]=$75) and (Memory^[I+8]=$07) then
begin
Memory^[I+7] := $EB;
Result := True;
Break;
end;
end;
end;
UnmapViewOfFile(Memory);
end;
CloseHandle(FileMap);
end;
CloseHandle(Fh);
end;
end;