Where can I find the specification of data structures representing dlls in memory?
The DLL file format is the same as EXE files, PE (Portable Executable) format. You can get a copy of the specification from Microsoft. You can also try Wotsit for general file format information.
Windows provides the ImageHlp API for working with executable files. The function LoadImage
looks like a good place to start.
You should also take a look at the "Portable Executable File Format" chapter of the undocumented Windows NT. It seems to describe how to use ImageHlp to access various parts of the binary. I think the part that interests you the most is on the fourth page, which describes the part of the IMAGE_DIRECTORY_ENTRY_IMPORT
PE file.
source to share
I seem to be wrong - the structure of the PE file seems to be identical in memory.
The structures defined in winnt.h can be used to interpret memory .
When you look at these structures, you should remember that offsets (or "RVA's [1]) are not oriented very much. I probably wouldn't be as confused if I just pointed the program in the appropriate memory, rather than using the debugger.
[1] Microsoft says.
source to share