EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 04-20-2019, 11:32
Mendax47 Mendax47 is offline
Friend
 
Join Date: Jun 2016
Location: Earth..
Posts: 93
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 148
Thanks Rcvd at 82 Times in 32 Posts
Mendax47 Reputation: 1
Question FThunk RVA Import Problem Need Help

I am having FThunk rva import problem in delphi which is using UPX Packer...

at first upx -d doesn't work... the unpacked binary doesn't run
https://i.imgur.com/kwWV5oT.png

in x64dbg i am having This FThunk rva import table problem

https://i.imgur.com/hGtaReT.png

Program Link:
https://mega.nz/#!9pAnXIAT!7S8hOV1sJ8wvwxHj6vUQs10QKzZv9wVRHhAbGeYKScE
Reply With Quote
  #2  
Old 04-20-2019, 16:57
deepzero's Avatar
deepzero deepzero is online now
VIP
 
Join Date: Mar 2010
Location: Europe
Posts: 212
Rept. Given: 99
Rept. Rcvd 60 Times in 38 Posts
Thanks Given: 82
Thanks Rcvd at 68 Times in 31 Posts
deepzero Reputation: 60
1. upx -d works perfectly. If your exe doesnt run after, it's because of an integrity check. Debug it.

2. your OEP is right, but I dont know how you arrive at those IAT numbers. Using the same scylla version as you, scylla correctly finds the entire IAT with VA:004AE5C0 and Size:0000042C.


3. Hint: For the integrity check, look around 0x00489BC6.


Once the integrity check is patched, the unpacked file works.
Reply With Quote
The Following 3 Users Say Thank You to deepzero For This Useful Post:
Mendax47 (04-20-2019), niculaita (04-21-2019), tonyweb (04-21-2019)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 19:52.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX