看看tls。

是TLS的问题，TLS清空。
发现Helloworld程序输入表隐藏成功且可以执行了。
- -
但是换成更复杂的程序还是出错~.~

还有一个问题。。。。。。。
6. ImageImportDescriptor:
    OriginalFirstThunk:  0x00080DD8
    TimeDateStamp:       0x00000000  (GMT: Thu Jan 01 00:00:00 1970)
    ForwarderChain:      0x00000000
    Name:                0x00081AA0  ("OLEAUT32.dll")
    FirstThunk:          0x000573A8

    Ordinal/Hint API name
    ------------ ---------------------------------------
    0x0008
    0x0006
    0x0002
这样的输入表，由于没有函数名，会导致我的程序出错。。
怎么破。

GetProcAddress function
Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
Syntax

C++

FARPROC WINAPI GetProcAddress(
  _In_ HMODULE hModule,
  _In_ LPCSTR  lpProcName
);

Parameters

hModule [in]
A handle to the DLL module that contains the function or variable. The LoadLibrary, LoadLibraryEx, LoadPackagedLibrary, or GetModuleHandle function returns this handle.
The GetProcAddress function does not retrieve addresses from modules that were loaded using the LOAD_LIBRARY_AS_DATAFILE flag. For more information, see LoadLibraryEx.
lpProcName [in]
The function or variable name, or the function's ordinal value. If this parameter is an ordinal value, it must be in the low-order word; the high-order word must be zero.
在MSDN找到答案了- -