PE Bear can not add a new library to import table of a 64 bit dll

[hmirheydari]

I have tried to add a new library to import table of a 64 bit dll, but it adds only two red rows that can not be edited as the screenshot that can be viewed at: https://terabox.com/s/1AceZNzi9rpUFOpCEP4Dq9g

[hasherezade]

hi @hmirheydari ! It seems like a situation that was described here: https://github.com/hasherezade/pe-bear/wiki/Import-adding The rows are red and cannot be edited, because you are supposed to begin by setting a valid addresses in "NameRVA", "FirstThunk" and "OriginalFirstThunk". Once you fill those RVAs with proper values, you will be able to edit the name, etc. Please check the whole tutorial linked above, and let me know if it helps. By looking at your screenshot it also seems to me that there is not enough space in the original Import Table to add new records. So you will probably have to move it into a new location first.

[hmirheydari]

Hi @hasherezade Thanks, please view the video that can be downloaded from https://terabox.com/s/14642Y4l4s7dS2X5QRJu-MA I can not change any property of added library, your help is appreciated.

[hasherezade]

@hmirheydari - thanks for the video, now I see what is the problem. I think this will help:

I added a note about it to the Wiki: Import adding, Step 5

Please let me know if it works for you.

[hmirheydari]

Hi Hasherezade/Pe-Bear,

I am sure your name will remain in history like other developers such as ollydbg and lordpe developers because the tool you have developed is very useful and really needed. What I am to propose to you is to make pe-beer simpler for users, I remember from CFFExplorer era that can be found at https://ntcore.com/?page_id=388 Importing an existing library function to a PE was a matter of sum clicks, no manual entry needed. You can download CFFExplorer and test yourself.

Regards, Hossein Mirheydari

On Tue, Jan 24, 2023 at 7:56 PM hasherezade @.***> wrote:

@hmirheydari https://github.com/hmirheydari - thanks for the video, now I see what is the problem. I think this will help:

https://raw.githubusercontent.com/wiki/hasherezade/pe-bear/img/add_import/step5-a.png

I added a note about it to the Wiki, Step 5: https://github.com/hasherezade/pe-bear/wiki/Import-adding#step-5

Please let me know if it works for you.

— Reply to this email directly, view it on GitHub https://github.com/hasherezade/pe-bear/issues/16#issuecomment-1402228680, or unsubscribe https://github.com/notifications/unsubscribe-auth/AM4ENG4FNT3FAL4M5DBAWPTWT77D5ANCNFSM6AAAAAAUED523M . You are receiving this because you were mentioned.Message ID: @.***>

[hasherezade]

@hmirheydari - thank you for your remarks. I get it that for most users adding imports manually may be too inconvenient, and I am agree with you that this should be simplified. I was planning to do it somewhere along the way, but other priorities took over. I will add automated import adding as another feature, in the next version. I already have the automated implementation in my another program, IAT Patcher, so it will be easy to adapt.

[hasherezade]

@hmirheydari - maybe you will like to test the new creator that I added:

I am still improving it. The final version will be ready for the upcoming release. For now the test version is available via AppVeyor build server - details how to get it are in the README

[hasherezade]

available in the latest release:

• https://github.com/hasherezade/pe-bear/releases/tag/v0.6.5