W dniu sobota, 19 sierpnia 2017 15:22:46 UTC+2 użytkownik fir napisał:
> I think i need some code that would work like
> that
>
> AddImportsForModule("KERNEL32.DLL", "ExitProcess", "GetModuleHandleA",
"GetProcAddress");
>
> AddImportsForModule("msvcrt.dll", "fopen", "free", "printf", "exit", "fclose",
"fread");
>
>
>
> well maybe it would be more like
>
> char* import_names[] = {"fopen", "free", "printf", "exit", "fclose", "fread");
>
> AddImportsForModule("msvcrt.dll", import_names);
>
> but this is detail
>
> the code just need to build binary block of .idata section that i can flush to exe
file
> when flushing exe to disk in my assembler
>
> im howewer a bit confused how weirdly this .idata binary is build, so maybe some
hints on that?
>
> btw some best info i found on this topic is here
>
> https://github.com/macton/x64-fasm-examples/blob/mas
ter/Windows/00_BasicOS/00_pe_return_03.asm
>
> or around here, so if someone would like to focus on this and give me some hints
may use it
>
> tnx

after contemplating that sht for a while

https://github.com/macton/x64-fasm-examples/blob/mas
ter/Windows/00_BasicOS/02_pe_messagebox_03.asm

it seems to me that i need to do such things
(say i got N modules of import)

- flush N of those 40-byte-long module describing records and finish it with zero
record

- flush N module names

- flush so called ILT and IAT for each module (slightly confused here)

- flush all function names (intermixed with 'hints')

would it be all? if so it seems less confusing i previously thought (though those
import-adding-api should be redefined as i need to build a wholle collection before
flushing it in last step

somethink like

AddImport("KERNEL32.DLL", "ExitProcess");
AddImport("KERNEL32.DLL", "GetModuleHandleA");
AddImport("KERNEL32.DLL", "GetProcAddress");

AddImport("msvcrt.dll", "fopen");
AddImport("msvcrt.dll", "free");
AddImport("msvcrt.dll", "printf");
AddImport("msvcrt.dll", ""exit");
AddImport("msvcrt.dll", "fclose");
AddImport("msvcrt.dll", "fread");

FlushIDataSection();