procedure TForm1.Button1Click(Sender: TObject);
var
    pid : cardinal;
    IDH: PImageDosHeader;
    INH: PImageNtHeaders;
    SHD: PImageSectionHeader;
    procHandle : Dword;
    pr : THandle;
    i,s : integer;
    name : string;
    buf1 : Pointer;
    offset : Cardinal;
    read : cardinal;
begin
  // pointer to executeable handle
  pid := FindProcess(pchar('notepad.exe'));
  //memlesen(pid);
  pr := OpenProcess(PROCESS_ALL_ACCESS, false, pid);

  buf1 := VirtualAlloc(nil,$1000,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
  offset := getoffset('notepad.exe',pid);
  form1.Memo1.Lines.Add('module: ' + inttostr(offset) + ' file:' + inttostr(pr));
  ReadProcessMemory(pr,pointer(offset),buf1,$1000,read);

  IDH := Pointer(buf1);
  // not an windows executealbe - exit
  if (isBadReadPtr(IDH,SizeOf(TImageDosHeader))
  or (IDH^.e_magic <> IMAGE_DOS_SIGNATURE))
  then begin memo1.Lines.Add('dos header not found'); exit; end;

  // pointer to nt header
  INH := Pointer(Cardinal(IDH) + Cardinal(IDH^._lfanew));
  // not an nt header - exit
  If (isBadreadPtr(INH,SizeOf(TImageNtHeaders))
  or (INH^.Signature <> IMAGE_NT_SIGNATURE))
  then Exit;

  SHD := Pointer (Cardinal(INH) + Cardinal(SizeOf(IMAGE_NT_HEADERS)));
  for i := 1 to INH^.FileHeader.NumberOfSections-1 do
  begin
       for s := 0 to 7 do
       begin
            name := name + chr(SHD^.Name[s]);
       end;
       memo1.Lines.Add(name + '1');
       SHD := Pointer (Cardinal(SHD) + Cardinal(SizeOf(IMAGE_NT_HEADERS)));
  end;
  VirtualFree(buf1,$1000,MEM_DECOMMIT);
end;