Add PE import table to model

BurnOutSharp.Models/PortableExecutable/Executable.cs

@@ -65,10 +65,15 @@ namespace BurnOutSharp.Models.PortableExecutable
         #region Named Sections
 
         /// <summary>
-        /// Export table (.edata);
+        /// Export table (.edata)
         /// </summary>
         public ExportTable ExportTable { get; set; }
 
+        /// <summary>
+        /// Import table (.idata)
+        /// </summary>
+        public ImportTable ImportTable { get; set; }
+
         /// <summary>
         /// Resource directory table (.rsrc)
         /// </summary>
@@ -84,9 +89,6 @@ namespace BurnOutSharp.Models.PortableExecutable
         // - The .debug Section
         // - .debug$F (Object Only) / IMAGE_DEBUG_TYPE_FPO
         // - The .drectve Section (Object Only)
-        // - The .idata Section
-        //      - Import Lookup Table [has model, but bit-based]
-        //      - Import Address Table
         // - The .pdata Section [Multiple formats per entry]
         // - TLS Callback Functions
         // - The .cormeta Section (Object Only)

BurnOutSharp.Models/PortableExecutable/ImportAddressTableEntry.cs

@@ -0,0 +1,24 @@
+namespace BurnOutSharp.Models.PortableExecutable
+{
+    /// <summary>
+    /// The structure and content of the import address table are identical to those of
+    /// the import lookup table, until the file is bound. During binding, the entries in
+    /// the import address table are overwritten with the 32-bit (for PE32) or 64-bit
+    /// (for PE32+) addresses of the symbols that are being imported. These addresses are
+    /// the actual memory addresses of the symbols, although technically they are still
+    /// called "virtual addresses." The loader typically processes the binding.
+    /// </summary>
+    /// <see href="https://learn.microsoft.com/en-us/windows/win32/debug/pe-format"/>
+    public class ImportAddressTableEntry
+    {
+        /// <summary>
+        /// 32-bit address of the symbol being imported
+        /// </summary>
+        public uint Address_PE32;
+
+        /// <summary>
+        /// 64-bit address of the symbol being imported
+        /// </summary>
+        public ulong Address_PE32Plus;
+    }
+}

BurnOutSharp.Models/PortableExecutable/ImportLookupTableEntry.cs

@@ -0,0 +1,36 @@
+namespace BurnOutSharp.Models.PortableExecutable
+{
+    /// <summary>
+    /// An import lookup table is an array of 32-bit numbers for PE32 or an array of
+    /// 64-bit numbers for PE32+. Each entry uses the bit-field format that is described
+    /// in the following table. In this format, bit 31 is the most significant bit for
+    /// PE32 and bit 63 is the most significant bit for PE32+. The collection of these
+    /// entries describes all imports from a given DLL. The last entry is set to zero
+    /// (NULL) to indicate the end of the table.
+    /// </summary>
+    /// <see href="https://learn.microsoft.com/en-us/windows/win32/debug/pe-format"/>
+    public class ImportLookupTableEntry
+    {
+        /// <summary>
+        /// If this bit is set, import by ordinal. Otherwise, import by name. Bit is
+        /// masked as 0x80000000 for PE32, 0x8000000000000000 for PE32+. 
+        /// </summary>
+        /// <remarks>Bit 31/63</remarks>
+        public bool OrdinalNameFlag;
+
+        /// <summary>
+        /// A 16-bit ordinal number. This field is used only if the Ordinal/Name Flag
+        /// bit field is 1 (import by ordinal). Bits 30-15 or 62-15 must be 0.
+        /// </summary>
+        /// <remarks>Bits 15-0</remarks>
+        public ushort OrdinalNumber;
+
+        /// <summary>
+        /// A 31-bit RVA of a hint/name table entry. This field is used only if the
+        /// Ordinal/Name Flag bit field is 0 (import by name). For PE32+ bits 62-31
+        /// must be zero.
+        /// </summary>
+        /// <remarks>Bits 30-0</remarks>
+        public uint HintNameTableRVA;
+    }
+}

BurnOutSharp.Models/PortableExecutable/ImportTable.cs

@@ -0,0 +1,43 @@
+namespace BurnOutSharp.Models.PortableExecutable
+{
+    /// <summary>
+    /// All image files that import symbols, including virtually all executable (EXE) files,
+    /// have an .idata section. A typical file layout for the import information follows:
+    /// 
+    ///     - Directory Table
+    ///       Null Directory Entry
+    ///     - DLL1 Import Lookup Table
+    ///       Null
+    ///     - DLL2 Import Lookup Table
+    ///       Null
+    ///     - DLL3 Import Lookup Table
+    ///       Null
+    ///     - Hint-Name Table
+    /// </summary>
+    /// <see href="https://learn.microsoft.com/en-us/windows/win32/debug/pe-format"/>
+    public class ImportTable
+    {
+        /// <summary>
+        /// The import information begins with the import directory table, which describes the
+        /// remainder of the import information. 
+        /// </summary>
+        public ImportDirectoryTableEntry[] ImportDirectoryTable;
+
+        /// <summary>
+        /// An import lookup table is an array of 32-bit numbers for PE32 or an array of 64-bit
+        /// numbers for PE32+.
+        /// </summary>
+        public ImportLookupTableEntry[,] ImportLookupTable;
+
+        /// <summary>
+        /// These addresses are the actual memory addresses of the symbols, although technically
+        /// they are still called "virtual addresses.
+        /// </summary>
+        public ImportAddressTableEntry[,] ImportAddressTable;
+
+        /// <summary>
+        /// One hint/name table suffices for the entire import section.
+        /// </summary>
+        public HintNameTableEntry[] HintNameTable;
+    }
+}