Thread: ImpRec bug ?!!
View Single Post
  #3  
Old 11-14-2006, 21:06
Newbie_Cracker's Avatar
Newbie_Cracker Newbie_Cracker is offline
VIP
  
Join Date: Jan 2005
Posts: 227
Rept. Given: 72
Rept. Rcvd 26 Times in 12 Posts
Thanks Given: 50
Thanks Rcvd at 25 Times in 18 Posts
Newbie_Cracker Reputation: 26
There is no problem with IAT. I got a fully unpacked file by Revirgin.
I couldn't attach the sample,so get it from rapidshare.com.

h++p://rapidshare.com/files/3315837/Sample_DLL.rar.html

The archive contains the dumped & unpacked DLL. Load unpacked DLL by OllyDbg, grap its imports address using ImpRec, then try to fix the dumped DLL.
Now, plz look at 0F588AB8. It should be VirtualQuery (first error in run-time). Use Hiew to see the API. 'Cause I dumped it in WinXP SP2, maybe you'll see correct API in OllyDbg.
__________________
In memory of UnREal RCE...
Reply With Quote