

Author: dzzie@yahoo.com
Site:   http://sandsprite.com
paper:  http://sandsprite.com/CodeStuff/Compress_imports_section.html

This is sample code package for paper above.

It is very simple implementation on how to remove imports from exe
and use your own code to restore them at runtime.

This is individual building block of understanding how to build your
own packer/crypter.

Rebuilding IAT is implemented as DLL for now for readability and
understanding of concept, this is whole point of this exercise.

hello_src     = source to base executable we modify (original_hello.exe)
restore_stub  = basic IAT restorer dll to use with modded_hello.exe
apiredir_stub = IAT restorer which also uses API redirection for imports

Basic but fun.

Humm wonder if API redirection fails for fastcall imports..must huh luckily
winapi not fastcall..

ps to really understand the api redirection one single step it in your debugger.
and compare the two. You will quickly see why it makes rebuilding much 
more annoying.

-dzzie

