Author: Vimil Saju
How to get the list of functions that an executable file imports as well as other
information like the dlls from which the program imports these functions.
Answer:
The following program shows how you can get the list of functions imported by the
executable file. It consists of two units the first one is the 'structures' unit
which is required by the program unit
Here is the code
Structures File
1 unit structures;
2
3 interface
4 uses Windows, sysutils;
5 const
6 IMAGE_DOS_SIGNATURE = $5A4D; { MZ }
7 IMAGE_OS2_SIGNATURE = $454E; { NE }
8 IMAGE_OS2_SIGNATURE_LE = $454C; { LE }
9 IMAGE_VXD_SIGNATURE = $454C; { LE }
10 IMAGE_NT_SIGNATURE = $00004550; { PE00 }
11
12 IMAGE_SIZEOF_SHORT_NAME = 8;
13 IMAGE_SIZEOF_SECTION_HEADER = 40;
14 IMAGE_NUMBEROF_DIRECTORY_ENTRIES = 16;
15 IMAGE_RESOURCE_NAME_IS_STRING = $80000000;
16 IMAGE_RESOURCE_DATA_IS_DIRECTORY = $80000000;
17 IMAGE_OFFSET_STRIP_HIGH = $7FFFFFFF;
18 DIRECTORY_ENTRY_EXPORT = 0; // Export Directory
19 IMAGE_DIRECTORY_ENTRY_IMPORT = 1; // Import Directory
20 IMAGE_DIRECTORY_ENTRY_RESOURCE = 2; // Resource Directory
21 IMAGE_DIRECTORY_ENTRY_EXCEPTION = 3; // Exception Directory
22 IMAGE_DIRECTORY_ENTRY_SECURITY = 4; // Security Directory
23 IMAGE_DIRECTORY_ENTRY_BASERELOC = 5; // Base Relocation Table
24 IMAGE_DIRECTORY_ENTRY_DEBUG = 6; // Debug Directory
25 IMAGE_DIRECTORY_ENTRY_COPYRIGHT = 7; // Description String
26 IMAGE_DIRECTORY_ENTRY_GLOBALPTR = 8; // Machine Value (MIPS GP)
27 IMAGE_DIRECTORY_ENTRY_TLS = 9; // TLS Directory
28 IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG = 10; // Load Configuration Directory
29 IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT = 11; // Bound Import Directory in headers
30 IMAGE_DIRECTORY_ENTRY_IAT = 12;
31
32 type
33 plist_entry = ^LIST_ENTRY;
34 LIST_ENTRY = record
35 Flink: pLIST_ENTRY;
36 Blink: pLIST_ENTRY;
37 end;
38
39 type
40 IMAGE_EXPORT_DIRECTORY = packed record
41 Characteristics: DWORD;
42 TimeDateStamp: DWORD;
43 MajorVersion: WORD;
44 MinorVersion: WORD;
45 Name: DWORD;
46 Base: DWORD;
47 NumberOfFunctions: DWORD;
48 NumberOfNames: DWORD;
49 pAddressOfFunctions: PDWORD;
50 pAddressOfNames: PDWORD;
51 pAddressOfNameOrdinals: PWORD;
52 end;
53 PIMAGE_EXPORT_DIRECTORY = ^IMAGE_EXPORT_DIRECTORY;
54
55 type
56 FPO_DATA = packed record
57 ulOffStart: DWORD; // offset 1st byte of function code
58 cbProcSize: DWORD; // # bytes in function
59 cdwLocals: DWORD; // # bytes in locals/4
60 cdwParams: WORD; // # bytes in params/4
61 cbProlog: WORD; // # bytes in prolog
62 cbRegs: WORD; // # regs saved
63 fHasSEH: WORD; // TRUE if SEH in func
64 fUseBP: WORD; // TRUE if EBP has been allocated
65 reserved: WORD; // reserved for future use
66 cbFrame: WORD; // frame type
67 end;
68 PFPO_DATA = ^FPO_DATA;
69
70 type
71 IMAGE_FUNCTION_ENTRY = packed record
72 StartingAddress: dword;
73 EndingAddress: dword;
74 EndOfPrologue: dword;
75 end;
76 PIMAGE_FUNCTION_ENTRY = ^IMAGE_FUNCTION_ENTRY;
77
78 type
79 PIMAGE_DOS_HEADER = ^IMAGE_DOS_HEADER;
80 IMAGE_DOS_HEADER = packed record { DOS .EXE header }
81 e_magic: WORD; { Magic number }
82 e_cblp: WORD; { Bytes on last page of file }
83 e_cp: WORD; { Pages in file }
84 e_crlc: WORD; { Relocations }
85 e_cparhdr: WORD; { Size of header in paragraphs }
86 e_minalloc: WORD; { Minimum extra paragraphs needed }
87 e_maxalloc: WORD; { Maximum extra paragraphs needed }
88 e_ss: WORD; { Initial (relative) SS value }
89 e_sp: WORD; { Initial SP value }
90 e_csum: WORD; { Checksum }
91 e_ip: WORD; { Initial IP value }
92 e_cs: WORD; { Initial (relative) CS value }
93 e_lfarlc: WORD; { File address of relocation table }
94 e_ovno: WORD; { Overlay number }
95 e_res: packed array[0..3] of WORD; { Reserved words }
96 e_oemid: WORD; { OEM identifier (for e_oeminfo) }
97 e_oeminfo: WORD; { OEM information; e_oemid specific }
98 e_res2: packed array[0..9] of WORD; { Reserved words }
99 e_lfanew: Longint; { File address of new exe header }
100 end;
101
102 PIMAGE_FILE_HEADER = ^IMAGE_FILE_HEADER;
103 IMAGE_FILE_HEADER = packed record
104 Machine: WORD;
105 NumberOfSections: WORD;
106 TimeDateStamp: DWORD;
107 PointerToSymbolTable: DWORD;
108 NumberOfSymbols: DWORD;
109 SizeOfOptionalHeader: WORD;
110 Characteristics: WORD;
111 end;
112
113 PIMAGE_DATA_DIRECTORY = ^IMAGE_DATA_DIRECTORY;
114 IMAGE_DATA_DIRECTORY = packed record
115 VirtualAddress: DWORD;
116 Size: DWORD;
117 end;
118
119 PIMAGE_OPTIONAL_HEADER = ^IMAGE_OPTIONAL_HEADER;
120 IMAGE_OPTIONAL_HEADER = packed record
121 { Standard fields. }
122 Magic: WORD;
123 MajorLinkerVersion: Byte;
124 MinorLinkerVersion: Byte;
125 SizeOfCode: DWORD;
126 SizeOfInitializedData: DWORD;
127 SizeOfUninitializedData: DWORD;
128 AddressOfEntryPoint: DWORD;
129 BaseOfCode: DWORD;
130 BaseOfData: DWORD;
131 { NT additional fields. }
132 ImageBase: DWORD;
133 SectionAlignment: DWORD;
134 FileAlignment: DWORD;
135 MajorOperatingSystemVersion: WORD;
136 MinorOperatingSystemVersion: WORD;
137 MajorImageVersion: WORD;
138 MinorImageVersion: WORD;
139 MajorSubsystemVersion: WORD;
140 MinorSubsystemVersion: WORD;
141 Reserved1: DWORD;
142 SizeOfImage: DWORD;
143 SizeOfHeaders: DWORD;
144 CheckSum: DWORD;
145 Subsystem: WORD;
146 DllCharacteristics: WORD;
147 SizeOfStackReserve: DWORD;
148 SizeOfStackCommit: DWORD;
149 SizeOfHeapReserve: DWORD;
150 SizeOfHeapCommit: DWORD;
151 LoaderFlags: DWORD;
152 NumberOfRvaAndSizes: DWORD;
153 DataDirectory: packed array[0..IMAGE_NUMBEROF_DIRECTORY_ENTRIES - 1] of
154 IMAGE_DATA_DIRECTORY;
155 end;
156
157 PIMAGE_SECTION_HEADER = ^IMAGE_SECTION_HEADER;
158 IMAGE_SECTION_HEADER = packed record
159 Name: packed array[0..IMAGE_SIZEOF_SHORT_NAME - 1] of Char;
160 PhysicalAddress: DWORD; // or VirtualSize (union);
161 VirtualAddress: DWORD;
162 SizeOfRawData: DWORD;
163 PointerToRawData: DWORD;
164 PointerToRelocations: DWORD;
165 PointerToLinenumbers: DWORD;
166 NumberOfRelocations: WORD;
167 NumberOfLinenumbers: WORD;
168 Characteristics: DWORD;
169 end;
170
171 PIMAGE_NT_HEADERS = ^IMAGE_NT_HEADERS;
172 IMAGE_NT_HEADERS = packed record
173 Signature: DWORD;
174 FileHeader: IMAGE_FILE_HEADER;
175 OptionalHeader: IMAGE_OPTIONAL_HEADER;
176 end;
177
178 PIMAGE_RESOURCE_DIRECTORY = ^IMAGE_RESOURCE_DIRECTORY;
179 IMAGE_RESOURCE_DIRECTORY = packed record
180 Characteristics: DWORD;
181 TimeDateStamp: DWORD;
182 MajorVersion: WORD;
183 MinorVersion: WORD;
184 NumberOfNamedEntries: WORD;
185 NumberOfIdEntries: WORD;
186 end;
187
188 PIMAGE_RESOURCE_DIRECTORY_ENTRY = ^IMAGE_RESOURCE_DIRECTORY_ENTRY;
189 IMAGE_RESOURCE_DIRECTORY_ENTRY = packed record
190 Name: DWORD; // Or ID: Word (Union)
191 OffsetToData: DWORD;
192 end;
193
194 PIMAGE_RESOURCE_DATA_ENTRY = ^IMAGE_RESOURCE_DATA_ENTRY;
195 IMAGE_RESOURCE_DATA_ENTRY = packed record
196 OffsetToData: DWORD;
197 Size: DWORD;
198 CodePage: DWORD;
199 Reserved: DWORD;
200 end;
201
202 PIMAGE_RESOURCE_DIR_STRING_U = ^IMAGE_RESOURCE_DIR_STRING_U;
203 IMAGE_RESOURCE_DIR_STRING_U = packed record
204 Length: WORD;
205 NameString: array[0..0] of WCHAR;
206 end;
207
208 type
209 LOADED_IMAGE = record
210 ModuleName: pchar;
211 hFile: thandle;
212 MappedAddress: pchar;
213 FileHeader: PIMAGE_NT_HEADERS;
214 LastRvaSection: PIMAGE_SECTION_HEADER;
215 NumberOfSections: integer;
216 Sections: PIMAGE_SECTION_HEADER;
217 Characteristics: integer;
218 fSystemImage: boolean;
219 fDOSImage: boolean;
220 Links: LIST_ENTRY;
221 SizeOfImage: integer;
222 end;
223 PLOADED_IMAGE = ^LOADED_IMAGE;
224
225 type
226 IMAGE_LOAD_CONFIG_DIRECTORY = packed record
227 Characteristics: DWORD;
228 TimeDateStamp: DWORD;
229 MajorVersion: WORD;
230 MinorVersion: WORD;
231 GlobalFlagsClear: DWORD;
232 GlobalFlagsSet: DWORD;
233 CriticalSectionDefaultTimeout: DWORD;
234 DeCommitFreeBlockThreshold: DWORD;
235 DeCommitTotalFreeThreshold: DWORD;
236 LockPrefixTable: Pointer;
237 MaximumAllocationSize: DWORD;
238 VirtualMemoryThreshold: DWORD;
239 ProcessHeapFlags: DWORD;
240 ProcessAffinityMask: DWORD;
241 Reserved: array[0..2] of DWORD;
242 end;
243 PIMAGE_LOAD_CONFIG_DIRECTORY = ^IMAGE_LOAD_CONFIG_DIRECTORY;
244
245 type
246 IMAGE_IMPORT_BY_NAME = packed record
247 Hint: WORD;
248 Name: DWORD;
249 end;
250 PIMAGE_IMPORT_BY_NAME = ^IMAGE_IMPORT_BY_NAME;
251
252 type
253 IMAGE_THUNK_DATA = packed record
254 ForwarderString: PBYTE;
255 Func: PDWORD;
256 Ordinal: DWORD;
257 AddressOfData: PIMAGE_IMPORT_BY_NAME;
258 end;
259 PIMAGE_THUNK_DATA = ^IMAGE_THUNK_DATA;
260
261 type
262 IMAGE_IMPORT_DESCRIPTOR = packed record
263 Characteristics: DWORD;
264 TimeDateStamp: DWORD;
265 ForwarderChain: DWORD;
266 Name: DWORD;
267 FirstThunk: DWORD;
268 end;
269 PIMAGE_IMPORT_DESCRIPTOR = ^IMAGE_IMPORT_DESCRIPTOR;
270
271 implementation
272
273 end.
274
275 //Code File
276
277 unit p1;
278
279 interface
280
281 uses
282 Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
283 StdCtrls, structures;
284
285 type
286 TForm1 = class(TForm)
287 Button1: TButton;
288 Memo1: TMemo;
289 OpenDialog1: TOpenDialog;
290 procedure Button1Click(Sender: TObject);
291 private
292 { Private declarations }
293 public
294 procedure ProcessFile;
295 end;
296
297 var
298 Form1: TForm1;
299 h1, hmap: integer;
300 bptr: pointer;
301 gptr: pbyte;
302 ntsign: plongword;
303 doshd: PIMAGE_DOS_HEADER;
304 pehd: PIMAGE_FILE_HEADER;
305 peoptn: PIMAGE_OPTIONAL_HEADER;
306 sectionheads: array of PIMAGE_SECTION_HEADER;
307 offsetmem: longword;
308 idataphysicaladress: pbyte;
309 idata: PIMAGE_IMPORT_DESCRIPTOR;
310 modulename, functionname: pchar;
311 dptr: plongword;
312 ord: word;
313 pexpdir: PIMAGE_EXPORT_DIRECTORY;
314 pexpnames: pdword;
315 expfname: pchar;
316 implementation
317
318 {$R *.DFM}
319
320 procedure TForm1.Button1Click(Sender: TObject);
321 begin
322 processfile;
323 end;
324
325 procedure TForm1.ProcessFile;
326 var
327 i, j: integer;
328 begin
329 if opendialog1.Execute = false then
330 exit
331 else
332 h1 := fileopen(opendialog1.FileName, fmShareDenyNone or fmOpenRead);
333 hmap := CreateFileMapping(h1, nil, PAGE_READONLY, 0, 0, nil);
334 doshd := PIMAGE_DOS_HEADER(mapviewoffile(hmap, FILE_MAP_READ, 0, 0, 0));
335 bptr := doshd;
336 memo1.lines.add('DOS Header');
337 memo1.Lines.Add(' -e_magic=' + inttostr(doshd.e_magic));
338 memo1.Lines.Add(' -e_cblp=' + inttostr(doshd.e_cblp));
339 memo1.Lines.Add(' -e_cp=' + inttostr(doshd.e_cp));
340 memo1.Lines.Add(' -e_crlc=' + inttostr(doshd.e_crlc));
341 memo1.Lines.Add(' -e_cparhdr=' + inttostr(doshd.e_cparhdr));
342 memo1.Lines.Add(' -e_minalloc=' + inttostr(doshd.e_minalloc));
343 memo1.Lines.Add(' -e_maxalloc=' + inttostr(doshd.e_maxalloc));
344 memo1.Lines.Add(' -e_ss=' + inttostr(doshd.e_ss));
345 memo1.Lines.Add(' -e_sp=' + inttostr(doshd.e_sp));
346 memo1.Lines.Add(' -e_csum=' + inttostr(doshd.e_csum));
347 memo1.Lines.Add(' -e_ip=' + inttostr(doshd.e_ip));
348 memo1.Lines.Add(' -e_cs=' + inttostr(doshd.e_cs));
349 memo1.Lines.Add(' -e_lfarlc=' + inttostr(doshd.e_lfarlc));
350 memo1.Lines.Add(' -e_ovno=' + inttostr(doshd.e_ovno));
351 memo1.Lines.Add(' -e_oemid=' + inttostr(doshd.e_oemid));
352 memo1.Lines.Add(' -e_oeminfo=' + inttostr(doshd.e_oeminfo));
353 memo1.Lines.Add(' -e_lfanew=' + inttostr(doshd.e_lfanew));
354 gptr := bptr;
355 inc(gptr, doshd.e_lfanew);
356 ntsign := plongword(gptr);
357 if (ntsign^ = IMAGE_NT_SIGNATURE) then
358 begin
359 memo1.Lines.Add('NT Signature<' + inttostr(IMAGE_NT_SIGNATURE) + '>=' +
360 inttostr(ntsign^));
361 memo1.Lines.Add('Windows Executable');
362 memo1.lines.add('------------------------------------------');
363 gptr := bptr;
364 inc(gptr, doshd.e_lfanew + 4);
365 pehd := PIMAGE_FILE_HEADER(gptr);
366 memo1.lines.add('PE Header');
367 memo1.Lines.Add(' -Machine=' + inttostr(pehd.Machine));
368 memo1.Lines.Add(' -Number of Sections=' + inttostr(pehd.NumberOfSections));
369 memo1.Lines.Add(' -TimeDateStamp=' + IntToStr(pehd.TimeDateStamp));
370 memo1.Lines.Add(' -PointerToSymbolTable=' +
371 IntToStr(pehd.PointerToSymbolTable));
372 memo1.Lines.Add(' -Number of Symbols=' + IntToStr(pehd.NumberOfSymbols));
373 memo1.Lines.Add(' -SizeOfOptionalHeader=' +
374 IntToStr(pehd.SizeOfOptionalHeader));
375 memo1.Lines.Add(' -Characteristics=' + IntToStr(pehd.Characteristics));
376 memo1.lines.add('------------------------------------------');
377 gptr := pbyte(pehd);
378 inc(gptr, sizeof(IMAGE_FILE_HEADER));
379 peoptn := PIMAGE_OPTIONAL_HEADER(gptr);
380 memo1.lines.add('PE Optional Header');
381 memo1.Lines.Add(' -Magic=' + inttostr(peoptn.Magic));
382 memo1.Lines.Add(' -MajorLinkerVersion=' + inttostr(peoptn.MajorLinkerVersion));
383 memo1.Lines.Add(' -MinorLinkerVersion=' + inttostr(peoptn.MinorLinkerVersion));
384 memo1.Lines.Add(' -SizeOfCode=' + inttostr(peoptn.SizeOfCode));
385 memo1.Lines.Add(' -SizeOfInitializedData=' +
386 inttostr(peoptn.SizeOfInitializedData));
387 memo1.Lines.Add(' -SizeOfUninitializedData=' +
388 inttostr(peoptn.SizeOfUninitializedData));
389 memo1.Lines.Add(' -AddressOfEntryPoint=' +
390 inttostr(peoptn.AddressOfEntryPoint));
391 memo1.Lines.Add(' -BaseOfCode=' + inttostr(peoptn.BaseOfCode));
392 memo1.Lines.Add(' -BaseOfData=' + inttostr(peoptn.BaseOfData));
393 memo1.Lines.Add(' -ImageBase=' + inttostr(peoptn.ImageBase));
394 memo1.Lines.Add(' -SectionAlignment=' + inttostr(peoptn.SectionAlignment));
395 memo1.Lines.Add(' -FileAlignment=' + inttostr(peoptn.FileAlignment));
396 memo1.Lines.Add(' -MajorOperatingSystemVersion=' +
397 inttostr(peoptn.MajorOperatingSystemVersion));
398 memo1.Lines.Add(' -MinorOperatingSystemVersion=' +
399 inttostr(peoptn.MinorOperatingSystemVersion));
400 memo1.Lines.Add(' -MajorImageVersion=' + inttostr(peoptn.MajorImageVersion));
401 memo1.Lines.Add(' -MinorImageVersion=' + inttostr(peoptn.MinorImageVersion));
402 memo1.Lines.Add(' -MajorSubsystemVersion=' +
403 inttostr(peoptn.MajorSubsystemVersion));
404 memo1.Lines.Add(' -MinorSubsystemVersion =' +
405 inttostr(peoptn.MinorSubsystemVersion));
406 memo1.Lines.Add(' -Reserved1 =' + inttostr(peoptn.Reserved1));
407 memo1.Lines.Add(' -SizeOfImage =' + inttostr(peoptn.SizeOfImage));
408 memo1.Lines.Add(' -SizeOfHeaders =' + inttostr(peoptn.SizeOfHeaders));
409 memo1.Lines.Add(' -CheckSum =' + inttostr(peoptn.CheckSum));
410 memo1.Lines.Add(' -SubSystem =' + inttostr(peoptn.Subsystem));
411 memo1.Lines.Add(' -DllCharacteristics =' + inttostr(peoptn.DllCharacteristics));
412 memo1.Lines.Add(' -SizeOfStackReserve =' + inttostr(peoptn.SizeOfStackReserve));
413 memo1.Lines.Add(' -SizeOfStackCommit =' + inttostr(peoptn.SizeOfStackCommit));
414 memo1.Lines.Add(' -SizeOfHeapReserve =' + inttostr(peoptn.SizeOfHeapReserve));
415 memo1.Lines.Add(' -SizeOfHeapCommit =' + inttostr(peoptn.SizeOfHeapCommit));
416 memo1.Lines.Add(' -LoaderFlags =' + inttostr(peoptn.LoaderFlags));
417 memo1.Lines.Add(' -NumberOfRvaAndSizes =' +
418 inttostr(peoptn.NumberOfRvaAndSizes));
419 memo1.lines.add('------------------------------------------');
420 setlength(sectionheads, pehd.NumberOfSections);
421 for i := 0 to pehd.NumberOfSections - 1 do
422 begin
423 gptr := pbyte(peoptn);
424 inc(gptr, sizeof(IMAGE_OPTIONAL_HEADER) + i * sizeof(IMAGE_SECTION_HEADER));
425 sectionheads[i] := PIMAGE_SECTION_HEADER(gptr);
426 end;
427 if peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size = 0 then
428 begin
429 memo1.lines.add('No Export Table Present');
430 memo1.lines.add('------------------------------------------');
431 end
432 else
433 begin
434 memo1.lines.add('Export Table Present');
435 for i := pehd.NumberOfSections - 1 downto 0 do
436 begin
437 if peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress >=
438 sectionheads[i].VirtualAddress then
439 begin
440 offsetmem := sectionheads[i].PointerToRawData -
441 sectionheads[i].VirtualAddress;
442 break;
443 end;
444 end;
445 gptr := bptr;
446 inc(gptr, offsetmem +
447 peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
448 pexpdir := PIMAGE_EXPORT_DIRECTORY(gptr);
449 pexpnames := pdword(longint(bptr) +
450 integer(PIMAGE_EXPORT_DIRECTORY(gptr).pAddressOfNames));
451 for i := 0 to pexpdir.NumberOfNames - 1 do
452 begin
453 expfname := pchar(integer(bptr) + integer(pexpnames^));
454 memo1.lines.add(' -' + expfname);
455 inc(pexpnames);
456 end;
457 memo1.lines.add('------------------------------------------');
458 end;
459 if peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size = 0 then
460 memo1.lines.add('No Import Table Present')
461 else
462 begin
463 memo1.lines.add('Import Table Present');
464 for i := pehd.NumberOfSections - 1 downto 0 do
465 begin
466 if peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress >=
467 sectionheads[i].VirtualAddress then
468 begin
469 offsetmem := sectionheads[i].PointerToRawData -
470 sectionheads[i].VirtualAddress;
471 break;
472 end;
473 end;
474 gptr := bptr;
475 inc(gptr, offsetmem +
476 peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
477 idataphysicaladress := gptr;
478 i := 0;
479 j := 0;
480 while true do
481 begin
482 gptr := idataphysicaladress;
483 inc(gptr, i * sizeof(IMAGE_IMPORT_DESCRIPTOR));
484 idata := PIMAGE_IMPORT_DESCRIPTOR(gptr);
485 if idata.Name = 0 then
486 break;
487 gptr := bptr;
488 inc(gptr, offsetmem + idata.Name);
489 modulename := pchar(gptr);
490 memo1.Lines.Add('Module Name:' + modulename);
491 while true do
492 begin
493 if (idata.FirstThunk + j * 4) = 0 then
494 break;
495 gptr := bptr;
496 inc(gptr, offsetmem + idata.FirstThunk + j * 4);
497 dptr := plongword(gptr);
498 gptr := bptr;
499 inc(gptr, offsetmem + dptr^);
500 if isbadcodeptr(gptr) then
501 break;
502 ord := pword(gptr)^;
503 inc(gptr, 2);
504 functionname := pchar(gptr);
505 if isbadcodeptr(functionname) then
506 break;
507 if functionname = nil then
508 break;
509 memo1.Lines.Add(' -Ord:' + inttohex(ord, 3) + ' Function Name:' +
510 functionname);
511 inc(j);
512 end;
513 inc(i);
514 end;
515 end;
516 end;
517 UnmapViewOfFile(bptr);
518 closehandle(hmap);
519 fileclose(h1);
520 end;
521
522 end.
|
