Import Address Table
|
CLR Header
|
Strong Name Signature Hash (optional)
|
IL Code and Managed Structure Exception Handling Tables (optional)
|
Debug Directory (optional)
|
Metadata
|
Managed Resources (optional)
|
Unmanaged Export Stubs (optional)
|
VTFixup Table (optional)
|
Runtime Startup Stub
|
The Import Address Table is defined in the Optional Header Data Directories as a Relative Virtual Address (RVA) followed by a size. We are back to exploratory coding, but let's start with a test anyway. To begin with, I can look at the IAT field and see that there are 8 entries and the RVA is 0x2000, so let't write a test for that. I extended the current test for the Optional Header Data Directories to include parts and pieces of the IAT field and extended the properties as follows:
Once that is done, let's read the values and see what we have. To do that, we find the section table that contains the RVA (it should always be the .text section) and offset from the PointerToRawData into the section by the difference between the two Virtual addresses. Because we don't know the number of values and because the values are simple, I have deviated from the method that we have been using to read in the values and created a class for the ImportAddressTable that can read a list of values into a List<UInt32> variable. Here is the code:
That is good for now, we will pick up with the CLR Header next time. Good coding!
