Go Back   EXETOOLS FORUM > General > General Discussion


Thread Tools Display Modes
Old 04-20-2019, 11:32
Mendax47 Mendax47 is offline
Join Date: Jun 2016
Location: Earth..
Posts: 93
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 148
Thanks Rcvd at 82 Times in 32 Posts
Mendax47 Reputation: 1
Question FThunk RVA Import Problem Need Help

I am having FThunk rva import problem in delphi which is using UPX Packer...

at first upx -d doesn't work... the unpacked binary doesn't run

in x64dbg i am having This FThunk rva import table problem


Program Link:
Reply With Quote
Old 04-20-2019, 16:57
deepzero's Avatar
deepzero deepzero is online now
Join Date: Mar 2010
Location: Europe
Posts: 212
Rept. Given: 99
Rept. Rcvd 60 Times in 38 Posts
Thanks Given: 82
Thanks Rcvd at 68 Times in 31 Posts
deepzero Reputation: 60
1. upx -d works perfectly. If your exe doesnt run after, it's because of an integrity check. Debug it.

2. your OEP is right, but I dont know how you arrive at those IAT numbers. Using the same scylla version as you, scylla correctly finds the entire IAT with VA:004AE5C0 and Size:0000042C.

3. Hint: For the integrity check, look around 0x00489BC6.

Once the integrity check is patched, the unpacked file works.
Reply With Quote
The Following 3 Users Say Thank You to deepzero For This Useful Post:
Mendax47 (04-20-2019), niculaita (04-21-2019), tonyweb (04-21-2019)

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

All times are GMT +8. The time now is 19:52.

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX