From ff99a1cb5663021d96ee8321bc24d3b0fdf196aa Mon Sep 17 00:00:00 2001
From: momo5502 <mauriceheumann@gmail.com>
Date: Tue, 6 Jan 2026 14:41:34 +0100
Subject: [PATCH] Log writes to the import table

---
 src/analyzer/analysis.cpp | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/src/analyzer/analysis.cpp b/src/analyzer/analysis.cpp
index e547dd1a..5a0fd9ae 100644
--- a/src/analyzer/analysis.cpp
+++ b/src/analyzer/analysis.cpp
@@ -532,6 +532,29 @@ namespace
             max = std::max(import_thunk, max);
         }
 
+        c.win_emu->emu().hook_memory_write(min, max - min, [&c](const uint64_t address, const void*, size_t) {
+            const auto& watched_module = *c.win_emu->mod_manager.executable;
+            const auto& accessor_module = *c.win_emu->mod_manager.executable;
+
+            const auto rip = c.win_emu->emu().read_instruction_pointer();
+
+            if (!accessor_module.contains(rip))
+            {
+                return;
+            }
+
+            const auto sym = watched_module.imports.find(address);
+            if (sym == watched_module.imports.end())
+            {
+                return;
+            }
+
+            const auto import_module = watched_module.imported_modules.at(sym->second.module_index);
+
+            c.win_emu->log.print(color::blue, "Import write access: %s (%s) at 0x%" PRIx64 " (%s)\n", sym->second.name.c_str(),
+                                 import_module.c_str(), rip, accessor_module.name.c_str());
+        });
+
         c.win_emu->emu().hook_memory_read(min, max - min, [&c](const uint64_t address, const void*, size_t) {
             const auto& watched_module = *c.win_emu->mod_manager.executable;
             const auto& accessor_module = *c.win_emu->mod_manager.executable;