Hi everyone,
I have been mucking about trying to read PE header information. I know (and use) several very nice PE dumpers, among them PEInfo. I'm trying to write C that will contain some of their functionality.
In particular, I would like to be able to read the information in the imports section.
I am stalled trying to find the IMAGE_IMPORT_DE SCRIPTOR structures for a test PE. My code gets me to what seems to be the correct address (in the .rdata section)and using OLLYDBG I can "see" the structures in memory. But, no matter what I seem to try, I can't actually read the values for OriginalFirstTh unk or FirstThunk fields. When I dereference pointers to these values, I get crazy numbers.
Somebody out there must have a suggestion. I'd love to get it.
Thanks,
Mark Allyn
I have been mucking about trying to read PE header information. I know (and use) several very nice PE dumpers, among them PEInfo. I'm trying to write C that will contain some of their functionality.
In particular, I would like to be able to read the information in the imports section.
I am stalled trying to find the IMAGE_IMPORT_DE SCRIPTOR structures for a test PE. My code gets me to what seems to be the correct address (in the .rdata section)and using OLLYDBG I can "see" the structures in memory. But, no matter what I seem to try, I can't actually read the values for OriginalFirstTh unk or FirstThunk fields. When I dereference pointers to these values, I get crazy numbers.
Somebody out there must have a suggestion. I'd love to get it.
Thanks,
Mark Allyn