unit Unit1;interfaceuses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;type
TForm1 = class(TForm)
Button1: TButton;
Edit1: TEdit;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
PImageImportDescriptor = ^TImageImportDescriptor;
TImageImportDescriptor = packed record
OriginalFirstThunk: DWord;
TimeDateStamp : DWord;
ForwarderChain : DWord;
DLLName : DWord;
FirstThunk : DWord;
end;var
Form1: TForm1;
HFile:THandle;
Base:Pointer;
VirtualAddres:DwORD;
implementation{$R *.dfm}function RVAToOffset(Base:Pointer;VirtualAddress:DWord):DWord ;
var
dos_header:PImageDosHeader;
nt_header:PImagentHeaders;
SectionHeade:PImageSectionHeader;
NumOfSection:integer;
i:integer;
begin
dos_header:=PImageDosHeader(base);
nt_header:=PImagentHeaders(integer(dos_header)+dos_header._lfanew);
NumOfSection:=nt_header.FileHeader.NumberOfSections;
SectionHeade:=PImageSectionHeader(integer(Base)+dos_header._lfanew+
sizeof(IMAGE_NT_HEADERS));
for i := 0 to NumOfSection-1 do
begin
inc(SectionHeade,i);
if ((VirtualAddress>SectionHeade.VirtualAddress) and (VirtualAddress<
SectionHeade.VirtualAddress+SectionHeade.SizeOfRawData)) then
result:=VirtualAddress-SectionHeade.VirtualAddress+SectionHeade.PointerToRawData;
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
var
Hmaping:THandle;
dos_header:PImageDosHeader;
nt_header:PImagentHeaders;
Pimport:PImageimportDescriptor;
A:pchar;
begin
if HFile=0 then
HFile:=CreateFile('c:\1.exe',GENERIC_READ or GENERIC_WRITE,FILE_SHARE_WRITE,nil,
OPEN_EXISTING,FILE_FLAG_SEQUENTIAL_SCAN,0);
if HFile=INVALID_HANDLE_VALUE then
showmessage('打开文件失败');
Hmaping:=CreateFileMapping(HFile,nil,PAGE_READWRITE,0,0,nil);
if Hmaping<>0 then
Base:=MapViewOfFile(Hmaping,FILE_MAP_ALL_ACCESS,0,0,0);
dos_header:=PImageDosHeader(base);
if dos_header.e_magic<>IMAGE_DOS_SIGNATURE then
showmessage('错误');
nt_header:=PImagentHeaders(dword(dos_header)+dos_header._lfanew);
if nt_header.Signature<>IMAGE_NT_SIGNATURE then
showmessage('错误');
VirtualAddres:=nt_header.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
Pimport:=PImageimportDescriptor(dword(Base)+RVAToOffset(Base,VirtualAddres));
EDIT1.Text:=inttostr(dword(Base)+RVAToOffset(Base,Pimport.DLLNAME));end;end.
最后得到的是 第一个引入模块的地址,怎么才能得到它的名字的 ?就是引入的dll 名字 ~
高手解释下 谢谢!!
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;type
TForm1 = class(TForm)
Button1: TButton;
Edit1: TEdit;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
PImageImportDescriptor = ^TImageImportDescriptor;
TImageImportDescriptor = packed record
OriginalFirstThunk: DWord;
TimeDateStamp : DWord;
ForwarderChain : DWord;
DLLName : DWord;
FirstThunk : DWord;
end;var
Form1: TForm1;
HFile:THandle;
Base:Pointer;
VirtualAddres:DwORD;
implementation{$R *.dfm}function RVAToOffset(Base:Pointer;VirtualAddress:DWord):DWord ;
var
dos_header:PImageDosHeader;
nt_header:PImagentHeaders;
SectionHeade:PImageSectionHeader;
NumOfSection:integer;
i:integer;
begin
dos_header:=PImageDosHeader(base);
nt_header:=PImagentHeaders(integer(dos_header)+dos_header._lfanew);
NumOfSection:=nt_header.FileHeader.NumberOfSections;
SectionHeade:=PImageSectionHeader(integer(Base)+dos_header._lfanew+
sizeof(IMAGE_NT_HEADERS));
for i := 0 to NumOfSection-1 do
begin
inc(SectionHeade,i);
if ((VirtualAddress>SectionHeade.VirtualAddress) and (VirtualAddress<
SectionHeade.VirtualAddress+SectionHeade.SizeOfRawData)) then
result:=VirtualAddress-SectionHeade.VirtualAddress+SectionHeade.PointerToRawData;
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
var
Hmaping:THandle;
dos_header:PImageDosHeader;
nt_header:PImagentHeaders;
Pimport:PImageimportDescriptor;
A:pchar;
begin
if HFile=0 then
HFile:=CreateFile('c:\1.exe',GENERIC_READ or GENERIC_WRITE,FILE_SHARE_WRITE,nil,
OPEN_EXISTING,FILE_FLAG_SEQUENTIAL_SCAN,0);
if HFile=INVALID_HANDLE_VALUE then
showmessage('打开文件失败');
Hmaping:=CreateFileMapping(HFile,nil,PAGE_READWRITE,0,0,nil);
if Hmaping<>0 then
Base:=MapViewOfFile(Hmaping,FILE_MAP_ALL_ACCESS,0,0,0);
dos_header:=PImageDosHeader(base);
if dos_header.e_magic<>IMAGE_DOS_SIGNATURE then
showmessage('错误');
nt_header:=PImagentHeaders(dword(dos_header)+dos_header._lfanew);
if nt_header.Signature<>IMAGE_NT_SIGNATURE then
showmessage('错误');
VirtualAddres:=nt_header.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
Pimport:=PImageimportDescriptor(dword(Base)+RVAToOffset(Base,VirtualAddres));
EDIT1.Text:=inttostr(dword(Base)+RVAToOffset(Base,Pimport.DLLNAME));end;end.
最后得到的是 第一个引入模块的地址,怎么才能得到它的名字的 ?就是引入的dll 名字 ~
高手解释下 谢谢!!
解决方案 »
- delphi与access的parameters.ParamByName提示"insert into''语法错误
- 多线程中查询数据的问题
- 连接数据库显示【乱码】
- 请教Delphi中的语法问题---不见得好回答,谢谢各位帮忙!!!
- 过程赋值错误,得怎么改一下?谢谢
- 如何使用ADOBE ACROBAT的WORD中使用打印方法可生成PDF文件
- Project Peoject1.exe raised exception class EvatiantError with message'Invalid variant type conversion'.Process stopped.
- 在adodataset中如果加一些lookup字段,在用代碼給某字段賦值時會出現不明的錯誤
- 有没有将DBGRid中的数据转换为 excel、word、access格式文件的控件啊
- 怎样判断另一程序是否运行,并用语句终止它.谢谢!
- Delphi指针问题
- listview大图标显示数据问题
具体可以参考《Delphi下深入windows核心编程》