canuckcracker
July 31st, 2004, 02:32
Code:
pDosHdr = (PIMAGE_DOS_HEADER)pMap;
pNTHdr = (PIMAGE_NT_HEADERS)((DWORD)pMap+pDosHdr->e_lfanew); // e_lfanew specifies offset of NT HEADER
pSectionHdr = (PIMAGE_SECTION_HEADER)((DWORD)pDosHdr+pDosHdr->e_lfanew+0xf8); // SECTION HEADERS START
printf("NTHEADER @ %08x\nSECTIONHEADERS START @ %08x\n", (pMap+pDosHdr->e_lfanew), (pDosHdr+pDosHdr->e_lfanew+0xf8));
printf("%s\n", pSectionHdr->Name);
printf("%08x\n", pNTHdr->OptionalHeader.DataDirectory[1].Size);
printf("Import Table @ %08x Image Base @ %08x\n", pNTHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress, pMap);
pImpDesc = (PIMAGE_IMPORT_DESCRIPTOR)(pMap + pNTHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
printf("%08x is IMPORT_DESCRIPTOR\n", pImpDesc);
Should this not be a valid IMPORT_DESCRIPTOR struct?
p.s: pMap is the address of my file mapped in memory via MapViewOfFile
Thanks,
canuckcracker