Digging into Import Tables in PE Files - What is the IMAGE_IMPORT_DESCRIPTOR Structure?

Описание: Import tables are essential for programs during execution, as they allow them to import the functionality they need to interact with the operating system other software on the system. This information is contained within the structure of the PE file format and understanding how this data is stored, parsed and used to create an import table is crucial when reverse engineering. In addition, malware authors often inject code, to include PE files, into memory as part of the unpacking process. As part of this process they must (re)construct an import table for the injected code. While they don't have to follow the strict structure of the PE file, the premise is very similar.

In this video we'll discuss the relevant structures in the PE file format used to create the import table using tools such as IDA Pro, WInDbg and 010 Editor. By the end of this video, you may not be ready to tackle the latest obfuscation techniques in malware, but you will have a better understanding of the basic role of the import.

Cybersecurity, reverse engineering, malware analysis and ethical hacking content!
🎓 Courses on Pluralsight 👉🏻 https://www.pluralsight.com/authors/j...
🌶️ YouTube 👉🏻 Like, Comment & Subscribe!
🙏🏻 Support my work 👉🏻   / joshstroschein  
🌎 Follow me 👉🏻   / jstrosch  ,   / joshstroschein  
⚙️ Tinker with me on Github 👉🏻 https://github.com/jstrosch

You can find a full explanation of the PE file format structure on MSDN at: https://learn.microsoft.com/en-us/win....