#1
|
|||
|
|||
Vbox 4.6.2
Hi All -
I'm working on unwrapping an app contained in Vbox 4.6.2. I have found the OEP, found the "standard" Vbox code, performed the code injection, set the break on the infinite loop to check the new code and everything works fine. However, when I go back to Imprec there are lots of imports in the kernel32.dll that are still invalid. I have studied and followed a tut by Lunar_Dust and one by RemedY and I can't make any further headway. Any suggestions?? Thanks LetMeIn One added piece of information - each one these invalid imports in the kernel32.dll are calls to the vbox routine that i patched. Last edited by LetMeIn; 10-12-2004 at 08:30. |
#2
|
|||
|
|||
try trace level 1,2 and 3 (in imprec)... one of them should help you to fix the iat .
|
#3
|
|||
|
|||
Manual IAT reconstruction
Is there a way to reconstruct the IAT without the use of Imprec, revirgin, etc.? I know that this is or would be taking the "scenic route," but I'm curious. The semi-manual process does not seem to be working for me.
|
#4
|
|||
|
|||
Look here:
In english h**p://mup.anticrack.de/PETut.html h**p://www.absolutelock.de/construction/infobase.html and here: In spanish h**p://www.crackslatinos.hispadominio.net/miembros/teorias/t241-260.htm 253 Import tables a mano 1/4 254 Import tables a mano 2/4 255 Import tables a mano 3/4 256 Import tables a mano 4/4 Maybe someone has got english version incase you do not understand spanish |
#5
|
|||
|
|||
I have English copies of the Ricardo tuts. My question is this, is the target exe file the only file that needs unpacking? I remember reading a post in either this forum or the woodman forum that there are possibly three files - the target exe and two vbox dlls. These three files are the ones that have PREVIEW listed as a section header. Does that sound right?
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
VBOX upnacking question | ReVeR | General Discussion | 20 | 06-17-2005 22:37 |