|
|
#11
03-08-2004, 18:58
|
|||
|
|||
|
One interesting thing, if you unpack with Stripper, you get this info on import table:
16:31:08 - processing import table.. ImportAddressTable RVA :0001b168 - kernel32.dll ImportAddressTable RVA :0001b204 - user32.dll ImportAddressTable RVA :0001b218 - advapi32.dll ImportAddressTable RVA :0001b228 - oleaut32.dll ImportAddressTable RVA :0001b238 - kernel32.dll ImportAddressTable RVA :0001b24c - advapi32.dll ImportAddressTable RVA :0001b284 - kernel32.dll ImportAddressTable RVA :0001b36c - version.dll ImportAddressTable RVA :0001b37c - gdi32.dll ImportAddressTable RVA :0001b400 - user32.dll ImportAddressTable RVA :0001b52c - shell32.dll ImportAddressTable RVA :0001b534 - ole32.dll ImportAddressTable RVA :0001b540 - comctl32.dll ImportAddressTable RVA :0001b548 - shell32.dll ImportAddressTable RVA :0001b558 - comctl32.dll ImportAddressTable RVA :0001b568 - winmm.dll ImportAddressTable RVA :0001b570 - advapi32.dll 16:31:09 - fixing import table.. ImportAddress RVA :0001b1ac - kernel32.dll!GetModuleHandleA ImportAddress RVA :0001b1bc - kernel32.dll!GetCommandLineA ImportAddress RVA :0001b244 - kernel32.dll!GetModuleHandleA ImportAddress RVA :0001b304 - kernel32.dll!GetModuleHandleA ImportAddress RVA :0001b32c - kernel32.dll!GetCurrentProcess ImportAddress RVA :0001b330 - kernel32.dll!GetCommandLineA Whereas when I manually upack it, I get the same result as Ferrari, noting that Brightdream states that IAT starts at 0001b168, rather than 0001b238. 
|
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Help with ASProtect 1.23 RC4 | Perdition | General Discussion | 7 | 06-09-2004 01:48 |
| New Asprotect?? | loman | General Discussion | 7 | 02-04-2004 20:34 |
Threaded Mode