Replacing the Import Table in PE file by standart LoadLibrary...
Posted
by user308368
on Stack Overflow
See other posts from Stack Overflow
or by user308368
Published on 2010-04-03T16:46:56Z
Indexed on
2010/04/03
17:23 UTC
Read the original article
Hit count: 191
dllimport
Hello.
I have an executable (PE) file that load a dll file as represented in the Import table... let say: PEFile.exe Modules.dll
my question is how can i remove Modules.dll's import_descriptor from the imports and do its work by loadLibrary without the rely on the import table and without destroy the file???...
My bigger problem his i could not understand exactly how the Import thing works... after the loader read the information he needs to do the import's thing, i believe he use the LoadLibrary, GetProcAddress APIs... but i couldn't understated what he doing with the pointers he get... he putting them somewhere in memory... and then what just call them?!?
all the papers i found in the net explain the structure of the import table, but i didn't found a paper that explain how it is really work and get used...
i hope you cold understand my Gibberish English...
Thank you!
© Stack Overflow or respective owner