OSDev.org

Hello,
I am making a PE DLL loader. I managed to successfully create a GetProcAddress function, but am having issues reading the import table. Here is the code: Thank you for your help.

nexos wrote:Hello,
I am making a PE DLL loader. I managed to successfully create a GetProcAddress function, but am having issues reading the import table. Here is the code:

Code: Select all

PE_VA moduleBase = LoadDll(moduleAddr, i);
           PE_VA kernelBase = peHeader->optHeader.ImageBase;
           PIMAGE_IMPORT_DESCRIPTOR importDir = (PIMAGE_IMPORT_DESCRIPTOR)
                (peHeader->optHeader.DataDirectory[1].VirtualAddress + kernelBase);
            PIMAGE_THUNK_DATA thunk = (PIMAGE_THUNK_DATA)(importDir->OriginalFirstThunk + kernelBase);
            PIMAGE_IMPORT_BY_NAME import = (PIMAGE_IMPORT_BY_NAME)(thunk->u1.AddressOfData + kernelBase);
            PSTR name = (PSTR)(import->Name);
            DWORD proc = GetProcAddress(moduleBase, name);

Thank you for your help.

Have you loaded the DLL at the virtual address given by peHeader->optHeader.ImageBase? As I understand it, PE executables are linked as though they're expected to be mapped at a specific memory location, and if not loaded there, they need to be relocated. Looking at your code, you're assuming moduleBase==peHeader->optHeader.ImageBase. Is that true?