#1
|
|||
|
|||
problem on unpacking a telock 0.98 b1 packed dll
I am a newbie. I followed the tuts to manually unpack the dll(g.dll) with OD. I found the OEP and dumped the dll with LOADPE, and I took the IT/IAT to a partial dump file. Then I used winhex paste the IT/IAT to the dumped dll file.
It seemed the homework had been finished. But the dumped dll file can't be correctly loaded. In attached files, g.zip is the zipped original packed dll, g_dump.zip is the zipped dumped dll. Would anybody can tell me where I did wrong? |
#2
|
||||
|
||||
tried to unpack my self, my dump has the same problems as yours... seems pe-header isn't accessible. but i'm interested, how did you resolve imports? i used imprec
it seems the dump & IAT are valid, i attached my iat for checking. got it through a self-written resolver-function because imprec wasn't able to use the plugins mybe problem of imagebase? Last edited by MaRKuS-DJM; 05-21-2004 at 20:49. |
#3
|
|||
|
|||
did u change image base or fix relocation?
|
#4
|
|||
|
|||
dear MaRKuS-DJM & other unpackerz
maybe I already mentioned: Please, don't resolve improts for such like packers, which keeps original ImportTable. (aspack,telock,PECompact..) using resolver on them indicates quite low level in unpacking.. instead debug & dump them, when unpacking in memory just finished; then find original IT in dump & set new values in PE-header. |
#5
|
|||
|
|||
look, while unpacking, i also run this dll.
nothing will bad with my PC? |
#6
|
|||
|
|||
Quote:
Your file works fine. Would you please give me a tut about unpacking telock 98b1? Thank you in advance. |
#7
|
|||
|
|||
easy steps i wrote at Don.Woodmann.net. JMI helps you.
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
unpacking telock 0.98 | hrco | General Discussion | 11 | 09-03-2003 18:32 |