Im not really an expert, but why can't you just add those allocated sections to the dump? Since the code is still static in the dump, you could just leave the unresolved APIs and let them be emulated by the added sections.
I've tested this on two different machines, and it seems to work. Dont know really, but you could test this one out.
http://rapidshare.de/files/10083923/test_.zip.html
OEP at 0052D1E4
Code:
0052D247 90 NOP ---- STOLEN CODE! etc
0052D24E . E8 CC47F7FF CALL DAP.004A1A1F
Stolen Code starts at
Code:
Run trace, selected line
Back=630.
Thread=Main
Address=00EB05B3
Command=PUSH EAX -- STOLEN CODE!
Add this memory section to the dump, recover the IAT, rebuild PE, and set the EP to 00EB05B3-Imagebase = 00AB05B3
Is that what you've done? :-P
Anyways, good luck with it, you tha man!
