Import: FirstThunk problem

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Use import_adder sample to add import
2. Use imports_reader to check if import changed correctly

What is the expected output? What do you see instead?
Expected output is list of import functions, include just added.
Really, I get just DLL name and no import.

What version of the product are you using? On what operating system?
BLISS 1.0 x64 Debug, Win 7 x64
Test file 64-bit (PE32+?) binary.

Please provide any additional information below.
If I understand correctly, OriginalFirstThunk and FirstThunk data must be the 
same to resolve import correctly. But import_added fills only 
OriginalFirstThunk and leave FirstThunk data zeroed.

Original issue reported on code.google.com by an.proxy...@gmail.com on 10 May 2013 at 9:46

[GoogleCodeExporter]

It's very difficult to say what may be wrong. Just tested on a random DLL file 
from Win7 x64 System32 folder, and everything worked fine. Unit tests also 
passed for PE+ file.

import_adder just adds two sample imports to PE or PE+ file (see screenshot).

If it's possible, please attach a DLL file that caused this issue, either I 
can't reproduce it.

Original comment by rukaimi on 16 May 2013 at 6:34

Attachments:

• 1122.png

[GoogleCodeExporter]

OMG, it seems my fail. I missed I changed the line
func.set_iat_va(0xf1ac);
to
func.set_iat_va(0);
So, function was added and most editors (hiew, IDA) see it as import, but OS 
does not resolve it during image loading (leave it zero).

Thank you for the nice lib.

Original comment by an.proxy...@gmail.com on 16 May 2013 at 10:43

[GoogleCodeExporter]

You're welcome!

Original comment by rukaimi on 17 May 2013 at 8:41

• Changed state: Invalid