The Import Directory: Part 2

by Dejan Lukan
Oct. 7, 2017 0 comments INFOSEC Institute

You can take a look at the previous article before reading this one. If you already understand the basics of IAT table, then you can skip the first article, but otherwise you should read that before continuing below. Presenting the Example Import Directory Let’s use the !dh command to dump the PE header. Below we can see that we’ve dumped the PE header that’s located at the 0x00400000 virtual address. Note that we presented only the Import Directory entry, because we’re interested only in that right now.