Fill in DLL import table manually: IMAGE_IMPORT_DESCRIPTOR's Name field stores 0x0000FFFF

Question

My goal is to fill in Dll\'s import table manually in order to hook internal LoadLibrary calls (when you load library it may load another library inside its DllMain).

<

Answer 1

from your screenshot clear view that importTable point to imageBase (i.e. IMAGE_DOS_HEADER). this happens when header->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress == 0 - you not check for this condition, as result and error

api-ms-win-crt-locale-l1-1-0.dll simply have no import - DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT] is zero. need check - are import exist before process it