Okay here's a summary of things I found.
If you load the protected DLL in to PE Explorer it shows the OEP as 0137567h, running Avatar's script it shows the OEP as 0137568h, a difference of one byte.
How can the OEP of the protected DLL be one byte away from the security DLL?
Does this suggest to me that the init/unpack is called from entry itself = DllMain()?
I tried using 0137568h with ImpRec a second time, and there were no invalid thunks this time. I fixed the dump again and it still fails to run with no error message.
@taos/Archer from what I understand from reading the archives is that this CRC happened before because I used the OEP $xxxxxx7 instead of $xxxxxx8. I notice the there is a entry to the CreatFilea API so I'll have a look at that anyway. EDIT: Nope I tried $xxxxxx7 as OEP again and it behaves the same, no error message and no run.
Is likely that IAT of the dumped file is being destroyed?
I've read that I need to patch a magic jump to prevent the IAT from being destroyed.
Sorry for all these question, but I'm finding most of the info out there is about packed EXEs not DLLs.