- 203 -
tcef;(14) - IAT ESifh API Redirection
yHk(14) yHk(14)t&qdk&ifawmh API function 16ckudk vkyfxm;aMumif; awGU&ygw,f/ bmaMumifhajymEdkifwmvJ qdkawmh 7xxxxxxx eJUpwJh address 16ckawGU&vdkUyg/ 'kwd,ajrmuf DLL (kernel32.dll) twGufvJ 'Denf; twdkif;ygyJ/
yHk(15) IAT xJrSm&SdwJh address awG[m yHk(16)twdkif; 402000 uaepwm awGU&ygr,f/
yHk(16) aemufqHk;wpfck&JU DWORD wefzdk;5ckvHk;uawmh oknawGcsnf;jzpfaewm owdjyKrdrSmyg/ yHk(17)/
yHk(17) Dump window rSmMunfhvdkuf&ifawmh yHk(18)twdkif; awGU&ygr,f/
yHk(18) Import table &JU 'kwd,ydkif;uawmh DWORD awG&JU array awGjzpfygw,f/ yHk(19)/
yHk(19) DWORD awG&JU array awGudkawmh IMAGE_IMPORT_DESCRIPTOR awG&JU OriginalFirst Thunk awGu point vkyfwmjzpfygw,f/ 'D array awG&JU DWORD toD;oD;[m import vkyfxm;wJh function wpfckeJU oufqdkifygw,f/ DWORD awG&JU array awGudk ydkif;jcm;xm;wm? tqHk;owfxm;wm uawmh oknawGeJUjynfhaewJh DWORD wpfckujzpfygw,f/
yHk(20)rSmjrif&wmuawmh import table &JU wwd,ydkif;(aemufqHk;ydkif;)jzpfygw,f/
yHk(20)