def add_API_to_IAT(*args):
One line seams not at its original place :
""" Add a function to the IAT. If no function from this library is imported in the binary yet, the library is added
def add_API_to_IAT(*args):
to the binary.
:param args: either (library, api) or ((library, api), )
"""
if len(args) == 1:
lib_name, api = args[0]
elif len(args) == 2:
lib_name, api = args
else:
raise ValueError("Library and API names shall be provided")
@supported_parsers("lief")
def _add_API_to_IAT(parsed, logger):
logger.debug(f">> selected API import: {lib_name} - {api}")
# Some packers create the IAT at runtime. It is sometimes in an empty section, which has offset 0. In this case,
# the header is overwritten by the patching operation. So, in this case, we don't patch at all.
patch_imports = not parsed.iat.has_section or parsed.iat.section.offset != 0
for library in parsed.imports:
if library.name.lower() == lib_name.lower():
logger.debug(">> adding API import...")
library.add_entry(api)
parsed._build_config.update(imports=True, patch_imports=patch_imports)
return
add_lib_to_IAT(lib_name)(parsed, logger)
parsed.get_import(lib_name).add_entry(api)
parsed._build_config.update(imports=True, patch_imports=patch_imports)
return _add_API_to_IAT
dhondta
commented
4 months ago
in file : src/lib/src/pbox/core/executable/modifiers/pe.py
def add_API_to_IAT(*args):One line seams not at its original place :