|
I've dumped many PECompact dll's successfully. Any problems have almost always been in the relocations area. If it is a relocations issue search for the great program called "Relox".
1) load .dll into default base address, dump at OEIP, call "dumped_10000000.dll"
2) modify target .dll to new base address, say 0x20000000 (can do this with PECompact targets fine)
3) load .dll again, dump at OEIP, call "dumped_20000000.dll"
4) start Relox, load dump1 in slot1 then dump2 in slot2.
5) Do a compare in Relox and it will rebuild relocations for you
6) Use Relox to add new .reloc section to your "dumped_10000000.dll"
Good luck!
|