From 9855c0c13ef5cd6597b220f0ae4e6a99e7eb3db1 Mon Sep 17 00:00:00 2001
From: Matt Nadareski <mnadareski@outlook.com>
Date: Sat, 5 Nov 2022 21:41:33 -0700
Subject: [PATCH] Add PE import directory table entries

---
 .../PortableExecutable/Executable.cs          |  2 +-
 .../ImportDirectoryTableEntry.cs              | 48 +++++++++++++++++++
 2 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 BurnOutSharp.Models/PortableExecutable/ImportDirectoryTableEntry.cs

diff --git a/BurnOutSharp.Models/PortableExecutable/Executable.cs b/BurnOutSharp.Models/PortableExecutable/Executable.cs
index b9f0e22f..830b9e08 100644
--- a/BurnOutSharp.Models/PortableExecutable/Executable.cs
+++ b/BurnOutSharp.Models/PortableExecutable/Executable.cs
@@ -56,6 +56,6 @@ namespace BurnOutSharp.Models.PortableExecutable
         /// </summary>
         public DelayLoadDirectoryTableEntry[] DelayLoadDirectoryTable { get; set; }
 
-        // TODO: Left off at "Import Directory Table"
+        // TODO: Left off at "Import Lookup Table"
     }
 }
diff --git a/BurnOutSharp.Models/PortableExecutable/ImportDirectoryTableEntry.cs b/BurnOutSharp.Models/PortableExecutable/ImportDirectoryTableEntry.cs
new file mode 100644
index 00000000..2c65d4aa
--- /dev/null
+++ b/BurnOutSharp.Models/PortableExecutable/ImportDirectoryTableEntry.cs
@@ -0,0 +1,48 @@
+using System.Runtime.InteropServices;
+
+namespace BurnOutSharp.Models.PortableExecutable
+{
+    /// <summary>
+    /// The import information begins with the import directory table, which
+    /// describes the remainder of the import information. The import directory
+    /// table contains address information that is used to resolve fixup references
+    /// to the entry points within a DLL image. The import directory table consists
+    /// of an array of import directory entries, one entry for each DLL to which
+    /// the image refers. The last directory entry is empty (filled with null values),
+    /// which indicates the end of the directory table.
+    /// </summary>
+    /// <see href="https://learn.microsoft.com/en-us/windows/win32/debug/pe-format"/>
+    [StructLayout(LayoutKind.Sequential)]
+    public class ImportDirectoryTableEntry
+    {
+        /// <summary>
+        /// The RVA of the import lookup table. This table contains a name or ordinal
+        /// for each import. (The name "Characteristics" is used in Winnt.h, but no
+        /// longer describes this field.)
+        /// </summary>
+        public uint ImportLookupTableRVA;
+
+        /// <summary>
+        /// The stamp that is set to zero until the image is bound. After the image is
+        /// bound, this field is set to the time/data stamp of the DLL.
+        /// </summary>
+        public uint TimeDateStamp;
+
+        /// <summary>
+        /// The index of the first forwarder reference.
+        /// </summary>
+        public uint ForwarderChain;
+
+        /// <summary>
+        /// The address of an ASCII string that contains the name of the DLL. This address
+        /// is relative to the image base.
+        /// </summary>
+        public uint NameRVA;
+
+        /// <summary>
+        /// The RVA of the import address table. The contents of this table are identical
+        /// to the contents of the import lookup table until the image is bound.
+        /// </summary>
+        public uint ImportAddressTableRVAThunkTable;
+    }
+}