标签:min ace can 5.0 操作 block fse 16进制 utils
unit UnitWinUtils; interface uses Windows; Type TDWA128=Array [1..128] of LongWord; TDWA256=Array [1..256] of LongWord; TDWA512=Array [1..512] of LongWord; TDWA1024=Array [1..1024] of LongWord; TDWA4096=array [1..4096] of LongWord; TDWA32768=array[1..32768] of LongWord; function GetAllChildWnd(ChildWnd: HWND; lp: lParam):Boolean;stdcall; function GetTextByHwnd(Const ChildWnd:LongWord):AnsiString; function GetClassnameByHwnd(const h:HWND):AnsiString; procedure GetAllOpenWindowsHwnd(var aProcesses:TDWA1024;var len:Integer); function GetAllProcesses(var aProcesses:TDWA128;var len:Integer):Boolean; function GetFileNameByPID(Const PID:DWORD;var FileName:AnsiString):Boolean; function InstanceToWnd(targetpid: LongWord): LongWord; function IsExeRunning(Const Exe:String):boolean; function IncludeNull2String(s:String):String; function GetPIDByHWND(const h1:Cardinal):Cardinal; function HexToInt(h:AnsiString):Integer; function IsWin64: boolean; function GetWindowsVersion: String; function BrowseForFolder(const browseTitle: string; const initialFolder: string = ‘‘): string; function GetProcessFilePathByPId( const dwProcessId:DWORD; var cstrPath:AnsiString ):boolean; function GetBuildInfo: AnsiString; procedure FileCopy(sf,tf:AnsiString); var dwa4096:TDWA32768; elementCount:integer=0; implementation uses SysUtils, shlobj, PSAPI,Messages,Classes; //--------------------由父窗体句柄获取其内的所有子窗体句柄-------passed--------- function GetAllChildWnd(ChildWnd: HWND; lp: lParam):Boolean;stdcall; { 在主程序中调用语法:EnumChildWindows(ParentWnd, @GetAllChildWnd, 1);} begin if IsWindow(ChildWnd) then begin Inc(elementCount); if elementCount<=32768 then dwa4096[elementCount]:=ChildWnd else begin Result:=False; Exit; end; end; Result := true; EnumChildWindows(ChildWnd, @GetAllChildWnd,1 );//递归枚举 end; //-------------------------由窗体句柄获取窗体文字------------------passed------- function GetTextByHwnd(Const ChildWnd:LongWord):AnsiString; var ControlText:AnsiString; begin SetLength(ControlText,128); GetWindowText(ChildWnd, @ControlText[1], 128); if GetWindowTextLength(ChildWnd) = 0 then begin if SendMessage(ChildWnd, WM_GETTEXT,Length(ControlText), LongWord(@ControlText[1]))>0 then Result:=ControlText else Result:=‘‘; end else begin if GetWindowTextLength(ChildWnd)>0 then Result:=ControlText else Result:=‘‘; end; end; //----------------- function GetClassnameByHwnd(const h:HWND):AnsiString; var buf:array [0..64] of AnsiChar; begin GetClassName(h,@buf[0],64); Result:=IncludeNull2String(buf); end; //----------------- //-----------获取当前已打开的所有顶级窗口的句柄---------------------passed------ procedure GetAllOpenWindowsHwnd(var aProcesses:TDWA1024;var len:Integer); var hwnd:LongWord; begin len:=0; hwnd := FindWindow(nil, nil); // 返回窗口的句柄 while hwnd <> 0 do begin // if GetParent(hwnd) = 0 then // 说明是顶级窗口 begin aProcesses[len+1]:=hwnd; Inc(len); end; hwnd := GetWindow(hwnd, GW_HWNDNEXT); end; end; //------------------------------------------------------------------------------ //-------------获取正在运行的进程列表数组,个数放len----------------passed------- function GetAllProcesses(var aProcesses:TDWA128;var len:Integer):Boolean; var cbNeeded:DWORD; begin Result:=False; len:=0; if not EnumProcesses(@aProcesses[1],sizeof(aProcesses),cbNeeded) then Exit else begin len:=cbNeeded div sizeof(DWORD); Result:=True; end; end; //------------------------------------------------------------------------------ //----------------------根据窗体句柄,获取PID----------------------------------- function GetPIDByHWND(const h1:Cardinal):Cardinal; begin GetWindowThreadProcessId(h1, Result); end; //------------------------------------------------------------------------------ function GetProcessFilePathByPId( const dwProcessId:DWORD; var cstrPath:AnsiString ):boolean; var hProcess:Cardinal; bSuccess:BOOL; szPath:array[1..255]of AnsiChar; hMod:HMODULE ; cbNeeded:DWORD; begin // 由于进程权限问题,有些进程是无法被OpenProcess的,如果将调用进程的权限 // 提到“调试”权限,则可能可以打开更多的进程 hProcess:=0; hProcess := OpenProcess( PROCESS_QUERY_INFORMATION or PROCESS_VM_READ ,FALSE, dwProcessId ); bSuccess:=False; //repeat if ( 0 = hProcess ) then // 打开句柄失败,比如进程为0的进程 exit; // 用于保存文件路径,扩大一位,是为了保证不会有溢出 // 模块句柄 hMod := 0; // 这个参数在这个函数中没用处,仅仅为了调用EnumProcessModules cbNeeded := 0; // 获取路径 // 因为这个函数只是要获得进程的Exe路径,因为Exe路径正好在返回的数据的 // 第一位,则不用去关心cbNeeded,hMod里即是Exe文件的句柄. // If this function is called from a 32-bit application running on WOW64, // it can only enumerate the modules of a 32-bit process. // If the process is a 64-bit process, // this function fails and the last error code is ERROR_PARTIAL_COPY (299). if False=EnumProcessModules( hProcess, @hMod, sizeof( hMod ), cbNeeded ) then exit; // 通过模块句柄,获取模块所在的文件路径,此处即为进程路径。 // 传的Size为MAX_PATH,而不是MAX_PATH+1,是因为保证不会存在溢出问题 if ( 0 = GetModuleFileNameEx( hProcess, hMod, @szPath[1], 255 ) ) then exit; // 保存文件路径 cstrPath := IncludeNull2String(szPath);//去掉了尾部多余的串 // 查找成功了 bSuccess := TRUE; //until false; // 释放句柄 if ( 0 <> hProcess ) then begin CloseHandle( hProcess ); hProcess := 0; end; result:=bSuccess; end; //----------------------根据进程号查程序的路径、名字---------------------------- function GetFileNameByPID(Const PID:DWORD;var FileName:AnsiString):Boolean; var hProcess:HWND; hMod:HMODULE; cbNeeded,dwRetValEx:DWORD; szProcessPath:Array [1..255] of AnsiChar; begin Result:=False; FileName:=‘‘; hProcess:=OpenProcess( PROCESS_QUERY_INFORMATION or PROCESS_VM_READ , FALSE, PID); if hProcess =0 then begin //repeat // if EnumProcessModules( hProcess, @hMod, sizeof(hMod), cbNeeded) then // begin //dwRetValEx := GetModuleFileNameEx( hProcess, hMod, @szProcessPath[1], Sizeof(szProcessPath)); dwRetValEx := GetModuleFileNameEx( hProcess, 0, @szProcessPath[1], Sizeof(szProcessPath)); if (dwRetValEx>0) then begin FileName:=IncludeNull2String(szProcessPath); Result:=True; end else exit; // end // else // exit; //until True; CloseHandle(hProcess); end end; //------------------------------------------------------------------------------ //-------------------判断某个程序是否正在运行---------------------------------- function IsExeRunning(Const Exe:AnsiString):boolean; var hProcess:HWND; aProcesses:array [1..256] of DWORD; cbNeeded, cProcesses,{dwRetVal,}dwRetValEx:DWORD; i:integer; hMod:HMODULE; szProcessName,szProcessPath:String[255]; tmp:AnsiString; begin Result:=False; if not EnumProcesses(@aProcesses[1],sizeof(aProcesses),cbNeeded) then Exit; cProcesses:=cbNeeded div sizeof(DWORD); //数组中装的全是进程的ID。个数在cProcesses中。 for i:= cProcesses downto 1 do begin hProcess:=OpenProcess( PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, FALSE, aProcesses[i]); if hProcess <>0 then begin if EnumProcessModules( hProcess, @hMod, sizeof(hMod), cbNeeded) then begin SetLength(szProcessName,255); SetLength(szProcessPath,255); //dwRetVal := GetModuleBaseName( hProcess, hMod, @szProcessName[1], Sizeof(szProcessName) ); dwRetValEx := GetModuleFileNameEx( hProcess, hMod, @szProcessPath[1], Sizeof(szProcessPath)); if (dwRetValEx>0) then begin tmp:=UpperCase(IncludeNull2String(szProcessPath)); if tmp=UpperCase(Exe) then begin Result:=True; Exit; end; end end end end; end; //------------------------------------------------------------------------------ //----------------------根据进程id查窗口句柄------------------------------------ function InstanceToWnd(targetpid: LongWord): LongWord; var hwnd, pid, threadid: LongWord; begin Result:=0; hwnd := FindWindow(nil, nil); // 返回窗口的句柄 while hwnd <> 0 do begin if GetParent(hwnd) = 0 then // 指定子窗口的父窗口句柄 begin threadid := GetWindowThreadProcessId(hwnd, pid); // 返回创建窗口的线程id,进程号存放在pid if pid = targetpid then begin Result := hwnd; break; end; end; hwnd := GetWindow(hwnd, GW_HWNDNEXT); end; end; //------------------------------------------------------------------------------ //----------------------将包含NULL的串转换为String------------------------------ function IncludeNull2String(s:AnsiString):AnsiString; var i:integer; begin if s=‘‘ then begin Result:=‘‘; exit; end; SetLength(Result,Length(s)); i:=1; While (s[i]<>#0)and(i<=Length(s)) do begin Result[i]:=s[i]; Inc(i); end; SetLength(Result,i-1); end; //------------------------------------------------------------------------------ //---------将16进制串转换成10进制整数------------------------------------------ function HexToInt(h:AnsiString):Integer; function CharToInt(const c:AnsiChar):Byte; begin case c of ‘0‘..‘9‘:Result:=Ord(c)-$30; ‘a‘..‘f‘:Result:=Ord(c)-$57; else Result:=0; end; end; var i,j:Byte; begin h:=LowerCase(h); j:=Length(h); if j>8 then j:=8; Result:=0; for i:=1 to j do Result:=Result*16+CharToInt(h[i]); end; //------------------------------------------------------------- // ----------------------判断是否在windows 64位系统下运行----------------------- function IsWin64: boolean; type LPFN_ISWOW64PROCESS = function(Hand: Hwnd; Isit: Pboolean) : boolean; stdcall; var pIsWow64Process: LPFN_ISWOW64PROCESS; IsWow64: boolean; begin result := false; @pIsWow64Process := GetProcAddress(GetModuleHandle(‘kernel32‘), ‘IsWow64Process‘); if @pIsWow64Process = nil then exit; pIsWow64Process(GetCurrentProcess, @IsWow64); result := IsWow64; end; // ---------------------------读取操作系统版本---------------------------------- function GetWindowsVersion:AnsiString; var AWin32Version: Extended; os:AnsiString; begin os := ‘Windows ‘; AWin32Version := StrtoFloat(Format(‘%d.%d‘, [Win32MajorVersion, Win32MinorVersion])); if Win32Platform = VER_PLATFORM_WIN32s then result := os + ‘32‘ else if Win32Platform = VER_PLATFORM_WIN32_WINDOWS then begin if AWin32Version = 4.0 then result := os + ‘95‘ else if AWin32Version = 4.1 then result := os + ‘98‘ else if AWin32Version = 4.9 then result := os + ‘Me‘ else result := os + ‘9x‘ end else if Win32Platform = VER_PLATFORM_WIN32_NT then begin if AWin32Version = 3.51 then result := os + ‘NT 3.51‘ else if AWin32Version = 4.0 then result := os + ‘NT 4.0‘ else if AWin32Version = 5.0 then result := os + ‘2000‘ else if AWin32Version = 5.1 then result := os + ‘XP‘ else if AWin32Version = 5.2 then result := os + ‘2003‘ else if AWin32Version = 6.0 then result := os + ‘Vista‘ else if AWin32Version = 6.1 then result := os + ‘7‘ else result := os; end else result := os + ‘??‘; end; var lg_StartFolder:AnsiString; function BrowseForFolderCallBack(Wnd: Hwnd; uMsg: UINT; lParam, lpData: lParam) : Integer stdcall; begin if uMsg = BFFM_INITIALIZED then SendMessage(Wnd, BFFM_SETSELECTION, 1, Integer(@lg_StartFolder[1])); result := 0; end; function BrowseForFolder(const browseTitle:AnsiString; const initialFolder:AnsiString = ‘‘):AnsiString; const BIF_NEWDIALOGSTYLE = $40; var browse_info: TBrowseInfo; folder: array [0 .. MAX_PATH] of char; find_context: PItemIDList; begin FillChar(browse_info, SizeOf(browse_info), #0); lg_StartFolder := initialFolder; browse_info.pszDisplayName := @folder[0]; browse_info.lpszTitle := PChar(browseTitle); browse_info.ulFlags := BIF_RETURNONLYFSDIRS or BIF_NEWDIALOGSTYLE; if initialFolder <> ‘‘ then browse_info.lpfn := BrowseForFolderCallBack; find_context := SHBrowseForFolder(browse_info); if Assigned(find_context) then begin if SHGetPathFromIDList(find_context, folder) then result := folder else result := ‘‘; GlobalFreePtr(find_context); end else result := ‘‘; end; //------------------------获取版本号----------------------- function GetBuildInfo: AnsiString; var verinfosize : DWORD; verinfo : pointer; vervaluesize : dword; vervalue : pvsfixedfileinfo; dummy : dword; v1,v2,v3,v4 : word; begin verinfosize := getfileversioninfosize(pchar(paramstr(0)),dummy); if verinfosize = 0 then begin dummy := getlasterror; result := ‘0.0.0.0‘; end; getmem(verinfo,verinfosize); getfileversioninfo(pchar(paramstr(0)),0,verinfosize,verinfo); verqueryvalue(verinfo,‘\‘,pointer(vervalue),vervaluesize); with vervalue^ do begin v1 := dwfileversionms shr 16; v2 := dwfileversionms and $ffff; v3 := dwfileversionls shr 16; v4 := dwfileversionls and $ffff; end; result := inttostr(v1) + ‘.‘ + inttostr(v2) + ‘.‘ + inttostr(v3) + ‘.‘ + inttostr(v4); freemem(verinfo,verinfosize); end; //--------------------------------------------------------------------- //--------------复制文件----------- procedure FileCopy(sf,tf:AnsiString); var ms:TMemoryStream; begin ms:=TMemoryStream.Create; ms.LoadFromFile(sf); ms.Position:=0; ms.SaveToFile(tf); ms.Free; end; //---------------------------------- end.
内存加载DLL
//从内存中加载DLL DELPHI版 unit MemLibrary; interface uses Windows; function memLoadLibrary(pLib: Pointer): DWord; function memGetProcAddress(dwLibHandle: DWord; pFunctionName: PChar): Pointer; stdcall; function memFreeLibrary(dwHandle: DWord): Boolean; implementation procedure ChangeReloc(baseorgp, basedllp, relocp: pointer; size: cardinal); type TRelocblock = record vaddress: integer; size: integer; end; PRelocblock = ^TRelocblock; var myreloc: PRelocblock; reloccount: integer; startp: ^word; i: cardinal; p: ^cardinal; dif: cardinal; begin myreloc := relocp; dif := cardinal(basedllp)-cardinal(baseorgp); startp := pointer(cardinal(relocp)+8); while myreloc^.vaddress <> 0 do begin reloccount := (myreloc^.size-8) div sizeof(word); for i := 0 to reloccount-1 do begin if (startp^ xor $3000 < $1000) then begin p := pointer(myreloc^.vaddress+startp^ mod $3000+integer(basedllp)); p^ := p^+dif; end; startp := pointer(cardinal(startp)+sizeof(word)); end; myreloc := pointer(startp); startp := pointer(cardinal(startp)+8); end; end; procedure CreateImportTable(dllbasep, importp: pointer); stdcall; type timportblock = record Characteristics: cardinal; TimeDateStamp: cardinal; ForwarderChain: cardinal; Name: pchar; FirstThunk: pointer; end; pimportblock = ^timportblock; var myimport: pimportblock; thunksread, thunkswrite: ^pointer; dllname: pchar; dllh: thandle; old: cardinal; begin myimport := importp; while (myimport^.FirstThunk <> nil) and (myimport^.Name <> nil) do begin dllname := pointer(integer(dllbasep)+integer(myimport^.name)); dllh := LoadLibrary(dllname); thunksread := pointer(integer(myimport^.FirstThunk)+integer(dllbasep)); thunkswrite := thunksread; if integer(myimport^.TimeDateStamp) = -1 then thunksread := pointer(integer(myimport^.Characteristics)+integer(dllbasep)); while (thunksread^ <> nil) do begin if VirtualProtect(thunkswrite,4,PAGE_EXECUTE_READWRITE,old) then begin if (cardinal(thunksread^) and $80000000 <> 0) then thunkswrite^ := GetProcAddress(dllh,pchar(cardinal(thunksread^) and $FFFF)) else thunkswrite^ := GetProcAddress(dllh,pchar(integer(dllbasep)+integer(thunksread^)+2)); VirtualProtect(thunkswrite,4,old,old); end; inc(thunksread,1); inc(thunkswrite,1); end; myimport := pointer(integer(myimport)+sizeof(timportblock)); end; end; function memLoadLibrary(pLib: Pointer): DWord; var DllMain : function (dwHandle, dwReason, dwReserved: DWord): DWord; stdcall; IDH : PImageDosHeader; INH : PImageNtHeaders; SEC : PImageSectionHeader; dwSecCount : DWord; dwLen : DWord; dwmemsize : DWord; i : Integer; pAll : Pointer; begin Result := 0; IDH := pLib; if isBadReadPtr(IDH, SizeOf(TImageDosHeader)) or (IDH^.e_magic <> IMAGE_DOS_SIGNATURE) then Exit; INH := pointer(cardinal(pLib)+cardinal(IDH^._lfanew)); if isBadReadPtr(INH, SizeOf(TImageNtHeaders)) or (INH^.Signature <> IMAGE_NT_SIGNATURE) then Exit; // if (pReserved <> nil) then // dwLen := Length(pReserved)+1 // else dwLen := 0; SEC := Pointer(Integer(INH)+SizeOf(TImageNtHeaders)); dwMemSize := INH^.OptionalHeader.SizeOfImage; if (dwMemSize = 0) then Exit; pAll := VirtualAlloc(nil,dwMemSize+dwLen,MEM_COMMIT or MEM_RESERVE,PAGE_EXECUTE_READWRITE); if (pAll = nil) then Exit; dwSecCount := INH^.FileHeader.NumberOfSections; CopyMemory(pAll,IDH,DWord(SEC)-DWord(IDH)+dwSecCount*SizeOf(TImageSectionHeader)); // CopyMemory(Pointer(DWord(pAll) + dwMemSize),pReserved,dwLen-1); CopyMemory(Pointer(DWord(pAll) + dwMemSize),nil,dwLen-1); for i := 0 to dwSecCount-1 do begin CopyMemory(Pointer(DWord(pAll)+SEC^.VirtualAddress), Pointer(DWord(pLib)+DWord(SEC^.PointerToRawData)), SEC^.SizeOfRawData); SEC := Pointer(Integer(SEC)+SizeOf(TImageSectionHeader)); end; if (INH^.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress <> 0) then ChangeReloc(Pointer(INH^.OptionalHeader.ImageBase), pAll, Pointer(DWord(pAll)+INH^.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress), INH^.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size); CreateImportTable(pAll, Pointer(DWord(pAll)+INH^.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress)); @DllMain := Pointer(INH^.OptionalHeader.AddressOfEntryPoint+DWord(pAll)); // if (INH^.OptionalHeader.AddressOfEntryPoint <> 0) and (bDllMain) then if INH^.OptionalHeader.AddressOfEntryPoint <> 0 then begin try // if (pReserved <> nil) then // DllMain(DWord(pAll),DLL_PROCESS_ATTACH,DWord(pAll)+dwMemSize) // else DllMain(DWord(pAll),DLL_PROCESS_ATTACH,0); except end; end; Result := DWord(pAll); end; function memFreeLibrary(dwHandle: DWord): Boolean; var IDH: PImageDosHeader; INH: PImageNTHeaders; begin Result := false; if (dwHandle = 0) then Exit; IDH := Pointer(dwHandle); if (IDH^.e_magic <> IMAGE_DOS_SIGNATURE) then Exit; INH := Pointer(DWord(IDH^._lfanew)+DWord(IDH)); if (INH^.Signature <> IMAGE_NT_SIGNATURE) then Exit; if VirtualFree(Pointer(dwHandle),INH^.OptionalHeader.SizeOfImage,MEM_DECOMMIT) then Result := True; end; function memGetProcAddress(dwLibHandle: DWord; pFunctionName: PChar): Pointer; stdcall; var NtHeader : PImageNtHeaders; DosHeader : PImageDosHeader; DataDirectory : PImageDataDirectory; ExportDirectory : PImageExportDirectory; i : Integer; iExportOrdinal : Integer; ExportName : String; dwPosDot : DWord; dwNewmodule : DWord; pFirstExportName : Pointer; pFirstExportAddress: Pointer; pFirstExportOrdinal: Pointer; pExportAddr : PDWord; pExportNameNow : PDWord; pExportOrdinalNow : PWord; begin Result := nil; if pFunctionName = nil then Exit; DosHeader := Pointer(dwLibHandle); if isBadReadPtr(DosHeader,sizeof(TImageDosHeader)) or (DosHeader^.e_magic <> IMAGE_DOS_SIGNATURE) then Exit; {Wrong PE (DOS) Header} NtHeader := Pointer(DWord(DosHeader^._lfanew)+DWord(DosHeader)); if isBadReadPtr(NtHeader, sizeof(TImageNTHeaders)) or (NtHeader^.Signature <> IMAGE_NT_SIGNATURE) then Exit; {Wrong PW (NT) Header} DataDirectory := @NtHeader^.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT]; if (DataDirectory = nil) or (DataDirectory^.VirtualAddress = 0) then Exit; {Library has no exporttable} ExportDirectory := Pointer(DWord(DosHeader) + DWord(DataDirectory^.VirtualAddress)); if isBadReadPtr(ExportDirectory,SizeOf(TImageExportDirectory)) then Exit; pFirstExportName := Pointer(DWord(ExportDirectory^.AddressOfNames)+DWord(DosHeader)); pFirstExportOrdinal := Pointer(DWord(ExportDirectory^.AddressOfNameOrdinals)+DWord(DosHeader)); pFirstExportAddress := Pointer(DWord(ExportDirectory^.AddressOfFunctions)+DWord(DosHeader)); if (integer(pFunctionName) > $FFFF) then {is FunctionName a PChar?} begin iExportOrdinal := -1; {if we dont find the correct ExportOrdinal} for i := 0 to ExportDirectory^.NumberOfNames-1 do {for each export do} begin pExportNameNow := Pointer(Integer(pFirstExportName)+SizeOf(Pointer)*i); if (not isBadReadPtr(pExportNameNow,SizeOf(DWord))) then begin ExportName := PChar(pExportNameNow^+ DWord(DosHeader)); if (ExportName = pFunctionName) then {is it the export we search? Calculate the ordinal.} begin pExportOrdinalNow := Pointer(Integer(pFirstExportOrdinal)+SizeOf(Word)*i); if (not isBadReadPtr(pExportOrdinalNow,SizeOf(Word))) then iExportOrdinal := pExportOrdinalNow^; end; end; end; end else{no PChar, calculate the ordinal directly} iExportOrdinal := DWord(pFunctionName)-DWord(ExportDirectory^.Base); if (iExportOrdinal < 0) or (iExportOrdinal > Integer(ExportDirectory^.NumberOfFunctions)) then Exit; {havent found the ordinal} pExportAddr := Pointer(iExportOrdinal*4+Integer(pFirstExportAddress)); if (isBadReadPtr(pExportAddr,SizeOf(DWord))) then Exit; {Is the Export outside the ExportSection? If not its NT spezific forwared function} if (pExportAddr^ < DWord(DataDirectory^.VirtualAddress)) or (pExportAddr^ > DWord(DataDirectory^.VirtualAddress+DataDirectory^.Size)) then begin if (pExportAddr^ <> 0) then {calculate export address} Result := Pointer(pExportAddr^+DWord(DosHeader)); end else begin {forwarded function (like kernel32.EnterCriticalSection -> NTDLL.RtlEnterCriticalSection)} ExportName := PChar(dwLibHandle+pExportAddr^); dwPosDot := Pos(‘.‘,ExportName); if (dwPosDot > 0) then begin dwNewModule := GetModuleHandle(PChar(Copy(ExportName,1,dwPosDot-1))); if (dwNewModule = 0) then dwNewModule := LoadLibrary(PChar(Copy(ExportName,1,dwPosDot-1))); if (dwNewModule <> 0) then result := GetProcAddress(dwNewModule,PChar(Copy(ExportName,dwPosDot+1,Length(ExportName)))); end; end; end; end.
标签:min ace can 5.0 操作 block fse 16进制 utils
原文地址:https://www.cnblogs.com/stroll/p/10348298.html
