如何用遍历Import表的方式获得进程引用模块名称和函数名称?(100分)

Dll名称可以搞定,<br>可是里面的函数名实在出不来,下面是我的代码<br>type<br>&nbsp; PIMAGE_IMPORT_DESCRIPTOR=^TIMAGE_IMPORT_DESCRIPTOR;<br>&nbsp; TIMAGE_IMPORT_DESCRIPTOR=record<br>&nbsp; OriginalFirstThunk WORD;<br>&nbsp; TimeDateStampWORD; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <br>&nbsp; ForwarderChainWORD; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <br>&nbsp; NameWORD;<br>&nbsp; FirstThunkWORD; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <br>end;<br>type<br>&nbsp; PIMAGE_IMPORT_BY_NAME=^TIMAGE_IMPORT_BY_NAME;<br>&nbsp; TIMAGE_IMPORT_BY_NAME=record<br>&nbsp; &nbsp; Hint : Word;<br>&nbsp; &nbsp; Name : byte;<br>end;<br>type<br>&nbsp; PIMAGE_THUNK_DATA = ^TIMAGE_THUNK_DATA;<br>&nbsp; TIMAGE_THUNK_DATA=record<br>&nbsp; &nbsp; OrdinalOrAddressOfData DWORD;//PIMAGE_IMPORT_BY_NAME;<br>end;<br><br>procedure TForm1.Button1Click(Sender: TObject);<br>var<br>&nbsp; size,add,findex : DWORD;<br>&nbsp; pvalue:string;<br>&nbsp; ff:string;<br>&nbsp; han : THandle;<br>&nbsp; ppIMAGE_IMPORT_DESCRIPTOR;<br>&nbsp; pf,pf1IMAGE_IMPORT_BY_NAME;<br>&nbsp; pp1,pp2 IMAGE_THUNK_DATA;<br>&nbsp; p,p1,p2 ointer;<br>&nbsp; pch,pch1,pch2,f1,f2,pch3,pch4: PChar;<br>begin<br>&nbsp; getmem(f1,12);<br>&nbsp; getmem(f2,12);<br>&nbsp; memo1.Lines.Clear;//放DLL名<br>&nbsp; memo2.Lines.Clear;//放函数名<br>&nbsp; try<br>&nbsp; han := getmodulehandle('project1.exe');<br>&nbsp; p :=Pointer(han);<br>&nbsp; p1 :=ImageDirectoryEntryToData(p,true,Image_directory_entry_import,size);<br>&nbsp; if p1=nil then<br>&nbsp; &nbsp; exit;<br>&nbsp; pp :=PIMAGE_IMPORT_DESCRIPTOR(p1);<br>&nbsp; pch1 :=PChar(p);<br><br>&nbsp; while pp.Name&lt;&gt;0 do<br>&nbsp; begin<br>&nbsp; pch :=pch1+pp.name;<br>&nbsp; memo1.Lines.Add(pch);<br>&nbsp; pp1 :=PIMAGE_THUNK_DATA(pch1+pp.FirstThunk);<br>&nbsp; &nbsp;if pp.OriginalFirstThunk=0 then<br>&nbsp; &nbsp; &nbsp; pp1 :=PIMAGE_THUNK_DATA(pch1+pp.FirstThunk)<br>&nbsp; &nbsp; else<br>&nbsp; &nbsp; &nbsp; pp1 :=PIMAGE_THUNK_DATA(pch1+pp.OriginalFirstThunk);<br><br>&nbsp; &nbsp; &nbsp;strpcopy(f1,inttohex(pp1.OrdinalOrAddressOfData,8));<br>&nbsp; &nbsp; &nbsp;strpcopy(f2,'80000000');<br>&nbsp; &nbsp;<br>&nbsp; &nbsp; //判断函数是按序数引入的还是按函数名引入<br>&nbsp; &nbsp;if strcomp(f1,f2)=0 then<br>&nbsp; &nbsp; while pp1.OrdinalOrAddressOfData&lt;&gt;0 do<br>&nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; findex:=GetLowWord(inttohex(pp1.OrdinalOrAddressOfData,8));<br>&nbsp; &nbsp; &nbsp; memo2.Lines.Add(inttostr(findex));<br>&nbsp; &nbsp; &nbsp; inc(pp1);<br>&nbsp; &nbsp; end<br>&nbsp; &nbsp; else<br>&nbsp; &nbsp; <br>&nbsp; &nbsp; while pp1.OrdinalOrAddressOfData&lt;&gt;nil do<br>&nbsp; &nbsp; begin<br>&nbsp; &nbsp; &nbsp; p2 := pointer(pp1.OrdinalOrAddressOfData);<br>&nbsp; &nbsp; &nbsp; pf1 :=PIMAGE_IMPORT_BY_NAME(p2);<br>&nbsp; &nbsp; &nbsp; pch2:=PChar(addr(pp))+(pf1.name and $0ffff);<br>&nbsp; &nbsp; &nbsp; memo2.Lines.Add(pch2);<br>&nbsp; &nbsp; &nbsp; inc(pp1);<br>&nbsp; &nbsp; end;<br>&nbsp; inc(pp);<br>&nbsp; end;<br>&nbsp; finally<br>&nbsp; &nbsp; freemem(f1);<br>&nbsp; &nbsp; freemem(f2);<br>&nbsp; end;<br>end;<br><br><br>