SpeedUtilities Processes | DLLs | Operating systems | Manufacturers | CPUs | Ports | Services | Log files | Directories | Internet services | Software packages | Viruses | Network adapters | Internet bots
» An ultimate catalog of computer data
Popular: svchost.exe | csrss.exe | spoolsv.exe | mrt.exe | lsass.exe

Forum posts for ekrn.exe

Read strings from .exe files(Like Strings.exe) in Delphi

I want to write a program for read/extract all of the valid strings in a .exe files (For example: 'This program must be run under Win' or 'MZ'), Exactly like Strings.exe of sysinternals.
Actually i want to scan a .exe file and if that contain special string value such as 'ekrn.exe' or 'Filrefox.exe' then detect that file as a suspicious file (Killing ekrn.exe or inject malcode to firefox.exe).

I wrote the following code in Delphi :

const
TargetName = 'E:AntiDebugg.exe';
var
hFile: THandle;
tmp: AnsiString;
dwFileSize, lChar, lSearch: Integer;
dwNumRead: Cardinal;
dwBuffer: array of AnsiChar;
begin
mmo1.Clear;

hFile := CreateFileA(TargetName, GENERIC_READ, FILE_SHARE_READ, nil,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);

dwFileSize := GetFileSize(hFile, nil);
SetLength(dwBuffer, dwFileSize);

lChar := 0;
lSearch := 0;

while lChar <= dwFileSize do
begin
ReadFile(hFile, dwBuffer[lChar], SizeOf(dwBuffer), dwNumRead, nil);
while dwBuffer[lChar] <> '' do
begin
tmp := tmp + dwBuffer[lChar];
Inc(lChar, 1);
end;
lSearch := 0;
Inc(lChar, 1);
end;
mmo1.Text := (tmp);
CloseHandle(hFile);


The result of running my code is (A small piece):

MZP??¸@?´ ?!¸L?!??This program must be run under Win32
$7PEL
%0?Q?´?
¤'0B??.textd­ .itext| .data`@.bss?N.idata
@.didata?@.tls.rdata@.reloc¤'@.rsrc@@@Boolean@alseTrueSystem4@AnsiCharP@ Char?h@Integer?€@Byte?@Word?°@Pointer?@Cardinal????@ NativeInt???ü@
NativeUInt?@ShortString?,@ PAnsiChar0@D@stringT@TClass?@h@HRESULT?€@TGUID


But this isn't my desired result and my desired result is :

MZP
This program must be run under Win32
.text
`.itext
`.data
.bss
.idata
.didata
.tls
.rdata
@.reloc
B.rsrc
Boolean
False
True
System
AnsiChar
Char
Integer
Byte
Word
Pointer
Cardinal
NativeInt
NativeUInt
ShortString
PAnsiChar0
string
TClass
HRESULT
TGUID



In this example the AntiDebugg.exe compiled by Delphi .


The result of Strings.exe for strings of 'AntiDebugg.exe'



Any idea ?
What should i to do ?

View complete forum thread with replies

Other posts related to ekrn.exe

See Related Forum Messages: Follow the Links Below to View Complete Thread

WCF failing is NOD32 is installed
Read strings from .exe files(Like Strings.exe) in Delphi
Disable Eset Smart Security using metasploit
PowerShell remote sessions: Problems with ESET Nod32 AntiVirus

What is the carbon footprint of your coffee?

Is it low? Is it high? Can this things really kill the planet Earth? Maybe the answer will surprise you. Maybe not.
>>> Check it now at GreenOrDie.org
Privacy | Best registry cleaners | SpeedUtilities.com