Quote:
Originally Posted by Computer_Angel
1.Scylla should have option to use PE Header of module on disk just like imprec .
right now, scylla read the pe header from memory and in some case the export directory is destroy make scylla crash.
You could try some target using cryengine sdk such as Warface to get this case/.
|
In the options you can choose between reading pe header from disk or from memory. It should work.
Quote:
|
the way of calculating functionName = (char*)(addressOfNamesArray[i] + deltaAddress) is not right if the address of names in the differ memory than the exportbuffer cover.
|
Thanks I will fix that.
Quote:
|
We could using plugin for apphelp.dll to solve the api. This is my small plugin for Imprec & Scylla.
|
I am more interested in how your plugin works. How do you resolve the functions?
GetProcAddress points to function rva FFF6 from apphelp.dll and this function address is NOT exported by apphelp.dll. This is my problem.
@Syoma
Thanks for the suggestions, I will fix that.