Quote:
Originally Posted by Nacho_dj
Independently of the fact that if this can/cannot be achieved by some compiler directives (I really don't know), if you are only pretending to change the order in the function names, well every entry in Original First Thunk is a pointer to a function name (this is not true if the entry comes as an ordinal), so if you want exclusively to get shuffled function names, you can build a "simple" tool to modify the order within import table area of every function name string, and then accordingly modify the pointers to those name of funtions in the Original First Thunk. This could be performed statically in the PE file.
Best regards
Nacho_dj
|
Displacing the API names and the corresponding Thunk Value is the only way I tested (manually); but this does not change the order of resolved APIs by Windows Loader in memory (import address table if I referred to the correct name). Any changes in that table needs to find and patch all references and modifying the relocation table.
Quote:
Originally Posted by chants
I would imagine the order is based on the .lib file being linked.
|
It might be true; but the order of libs has no effect on the order of APIs imported from each lib. For instance, CreateFileA, SetFilePointer, and ReadFile belong to Kernel32.lib.