Skip to content

Import adding

Jump to bottom
hasherezade edited this page Jan 24, 2023 · 14 revisions

PE-bear allows for manual adding of new imports into the import table. To do so, you can follow this small tutorial.

Step 1 : Make a space by adding new section:

Step 2 : Copy the RVA of new section:

Step 3 : Move the table into new section:

Step 4 : Click 'Add new library' to add a new record:

Step 5 : Fill the new record by valid RVAs[*] pointing on empty space. At least NameRVA and FirstThunk must be filled:

*-before edit, make sure that "Follow on click" is disabled - otherwise PE-bear will attempt to follow the invalid address, and you will be blocked from editing the field:

Step 6 : Type a library name

Step 7 : When you filled FirstThunk you can add new function. Select the library and click 'Add a function to the library'.

A new record will appear - start by filling the thunk.

Step 8 : If you want to import by name, you must fill the thunk by valid RVA.

Then, fill the function name

~ hasherezade (@hasherezade), 2022 ~

Clone this wiki locally