Fixed patcher rewriting non-adress calls

iat.py

@@ -28,9 +28,7 @@ def get_used_functions_from_dll(dllname, calls):
     return res
 
 
-def patch_call_to_new_IAT_entry(pe: lief.PE.Binary, call: dict[str, str], rva: int):
+def patch_direct_adress_call(pe: lief.PE.Binary, rva: int, instruction_offset: int):
-    base = pe.imagebase
-    instruction_offset = int(call["adress"], 16) - base
     # We can manually patch the instruction here: FF 15 08 10 00 01 represents `call [0x01001080]`
     adress_size = 4 if pe.abstract.header.is_32 else 8
     is_little_endian = pe.abstract.header.endianness == lief.Header.ENDIANNESS.LITTLE
@@ -48,6 +46,14 @@ def patch_call_to_new_IAT_entry(pe: lief.PE.Binary, call: dict[str, str], rva: i
     )
 
 
+def patch_call_to_new_IAT_entry(pe: lief.PE.Binary, call: dict[str, str], rva: int):
+    base = pe.imagebase
+    instruction_offset = int(call["adress"], 16) - base
+    memview = pe.get_content_from_virtual_address(instruction_offset,2)
+    if([memview[0],memview[1]] == [0xFF,0x15]):
+        patch_direct_adress_call(pe,rva, instruction_offset)
+
+
 def patch_calls_to_new_IAT(
     pe: lief.PE.Binary, imp: lief.PE.Import, entry: lief.PE.ImportEntry, rva: int
 ):
@@ -79,7 +85,7 @@ entrypoint_format = int(hex(wave_entry)[-4:], 16)
 pe.optional_header.addressof_entrypoint = entrypoint_format
 
 # remove all current imports
-# pe.remove_all_imports()
+pe.remove_all_imports()
 
 # recreate all DLL imports
 for dll in get_used_dlls(calls):