Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Implement predict_function_rva by ordinal #1021

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

ncatlin
Copy link
Contributor

@ncatlin ncatlin commented Feb 3, 2024

The 'create PE from scratch' guide describes a function to get the IAT address of imported functions.

Once needed libraries and functions are added to the binary, we have to determine their addresses (Import Address Table).

For that, we can use the predict_function_rva() method which will return the IAT address set by the Builder:

Binary.predict_function_rva(self, library: str, function: str) → int

However, this feature does not work with functions imported by ordinal, which causes problems with some common libraries like WS2_32.dll which tend to have their exports imported by ordinal (eg. by sysinternals tools).

I needed this functionality in the python binding, so here is the implementation with Python API support.

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant