I have an executable (PE) file that load a dll开发者_运维技巧 file as represented in the Import table... let say: PEFile.exe Modules.dll
my question is how can i remove Modules.dll's import_descriptor from the imports and do its work by loadLibrary without the rely on the import table and without destroy the file???...
My bigger problem his i could not understand exactly how the Import thing works... after the loader read the information he needs to do the import's thing, i believe he use the LoadLibrary, GetProcAddress APIs... but i couldn't understated what he doing with the pointers he get... he putting them somewhere in memory... and then what just call them?!?
all the papers i found in the net explain the structure of the import table, but i didn't found a paper that explain how it is really work and get used...
i hope you cold understand my Gibberish English...
Thank you!
Well, you will need code that can do PE file surgery.
You can investigate this library. I've never used it myself. The code I wrote for this purpose years ago is not available.
For the specific matter at hand, most likely you can remove the import table entry. Post-editing the object code, on the other hand, to call LoadLibrary, and then use the results would be a major feat of manual reassembly. Unless you have a good deal of expertise with assembly-level programming and all the calling conventions I wouldn't recommend it.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论