By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
449,369 Members | 1,692 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 449,369 IT Pros & Developers. It's quick & easy.

PE Relocation table overloading

P: n/a
Hi

I am trying to intercept Win32 API, to achieve that I wish to manipulate the relocation table ( the API addresses table that is being created upon process startup/DLL Loading ), I have succeeded getting the IMAGE_NT_HEADERS for the created process and succeeded getting the PIMAGE_BASE_RELOCATION of the ".reloc" section BUT I can't figure out where to go from here... how should the PIMAGE_BASE_RELOCATION pointer be used to access and resolve the relocation table
Am I aiming at the right direction? what should I do to replace the address of one API with the address of another ( of the same signature )? Is it actually possible to do what I am trying? Can replace one address in the relocation table with another
Any comments samples and pointers will be appreciated

P.S
Please don't direct me to the detours project of Microsofts research center as this is not the best solution for me

Thanks in advance
Nadav.
Nov 17 '05 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.