Question
I am analyzing PE structure. some article in MSDN(http://msdn.microsoft.com/en-us/magazine/bb985997.aspx) says
https://stackoverflow.com/questions/17368243
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian"IMAGE_DIRECTORY_ENTRY_IMPORT" points to the imports(an array of IMAGE_IMPORT_DESCRIPTOR structures).
I checked the actual value with 010 Editor PE template. however the value seemed to be encoded somehow and I don't know how to interpret. pictures below clearly explains this situation problem. some advice would be appreciated...!
Solution
I looked through the template, and it would appear that the "FOA" comments are generated by passing an RVA to the "RVA2FOA" function, which looks like it's converting the RVA to a file offset.
That makes sense, the file offset is something you often want to know (especially in a HEX editor, where you have to navigate by file offset), and FOA looks like it can be short for File Offset Something-or-other.
