How To Altering PE Import Address Table Using C#?
This is the issue you'll want to address :).
I don't know how to work with pe in c# This is the issue you'll want to address :) A PE is just a file. Microsoft has a pretty good document that describes its format on their web site. You may have to register in order to be able to download it.It's called the Microsoft Portable Executable and Common Object File Format Specification.
microsoft.com/whdc/system/platform/firmw... If you're going to replace a function, presumably that function is in memory, so you're modifying the image in memory, not the actual PE. Luckily the format of the PE in memory is conceptually the same as it is on disk - now, you just deal with memory offsets rather than file offsets. Redirecting an import address table (IAT) function is conceptually easy.
This should get you going: 1) Locate the pointer to the PE header within the file header, which is the very beginning of the image. 2) Locate the pointer to the IAT within the PE header.3) Iterate over the entries in the IAT until you find the name of the function you wish to redirect.4) Unprotect the function pointer location for your desired IAT entry with VirtualProtect since it usually sits in a write-protected section.5) Write in your own proc pointer on top of what was previously there.6) Restore the previous protection (might not actually be necessary) 7) Done.
– radi Nov 6 '10 at 11:44 Assuming you're modifying an already running process, use ReadProcessMemory, WriteProcessMemory. If you're trying to modify a PE on disk, then that's quite a bit more complicated because you now have to somehow embed your modified routine in the PE. – 500 - Internal Server Error Nov 8 '10 at 17:28.
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.
Related Questions
Thunk table in import address table?
In the infotype for Display Address there are 3 subtypes. If the address is the same for Primary Residence and Mailing Address will information default or does the address have to be entered twice?
In the Address infotype (0006), there are 3 subtypes. If the address is the same for Primary Residence and Mailing Address, will information default or does the address have to be entered twice?
Microsoft out look express e-mail address is not displayed, no address were found to import?
Did the CIA experiment on people using mind altering drugs?
Using a hybrid system, OLTP for day and DSS for night, what is the most efficient method of altering the parameters for day and night use?