Exetools  

Go Back   Exetools > General > Source Code

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 04-29-2020, 08:41
phroyt phroyt is offline
Friend
 
Join Date: May 2018
Posts: 77
Rept. Given: 0
Rept. Rcvd 8 Times in 4 Posts
Thanks Given: 35
Thanks Rcvd at 106 Times in 40 Posts
phroyt Reputation: 8
Lightbulb Reading File Version from Memory

I faced a strange problem:
GetFileVersionInfoSize And GetFileVersionInfo return nothing from an .EXE file with a valid RT_VERSION.

Using Resource Hacker the Record List appear as italic.
What I don't know what means, But the record is there.

By the way, my goal is to determinate the version of running executable that loaded my Proxy DLL.

The workaround was read the RT_VERSION resource using HInstance value from already loaded data into memory.

Code:
function FileVersion(Module: HINST = 0): String;
var
  verblock:PVSFIXEDFILEINFO;
  versionMS,versionLS:cardinal;
  verlen:cardinal;
  rs:TResourceStream;
  m:TMemoryStream;
  p:pointer;
  s:cardinal;
begin
  m:=TMemoryStream.Create;
  try
    if Module = 0 then
      Module := HInstance;

    rs:=TResourceStream.CreateFromID(Module,1,RT_VERSION);
    try
      m.CopyFrom(rs,rs.Size);
    finally
      rs.Free;
    end;
    m.Position:=0;
    if VerQueryValue(m.Memory,'\',pointer(verblock),verlen) then
      begin
        VersionMS:=verblock.dwFileVersionMS;
        VersionLS:=verblock.dwFileVersionLS;
        Result:=
          IntToStr(versionMS shr 16)+'.'+
          IntToStr(versionMS and $FFFF)+'.'+
          IntToStr(VersionLS shr 16)+'.'+
          IntToStr(VersionLS and $FFFF);
      end;
    if VerQueryValue(m.Memory,PChar('\\StringFileInfo\\'+
      IntToHex(GetThreadLocale,4)+IntToHex(GetACP,4)+'\\FileDescription'),p,s) or
        VerQueryValue(m.Memory,'\\StringFileInfo\\040904E4\\FileDescription',p,s) then //en-us
          Result:=PChar(p)+' '+Result;
  finally
    m.Free;
  end;
end;
The Module param can be omitted to load my DLL HInstace value, or can give the value using
Code:
GetModuleHandle(nil);
to find Main Module (EXE) HInstance.
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Reading process memory FEARHQ General Discussion 10 01-22-2005 21:24
Is it possbile to play a file from the memory without caching it on the HDD? raladin General Discussion 10 04-22-2004 01:49


All times are GMT +8. The time now is 14:39.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )