dll dump & erroneus rvas..

hi,
I've downloaded a dll from memory but due to relocation all the addresses are fucked up, they had an offsett of 1002000 bytes..... is there a way in IDA to fix them up??

thanks

loman

Hi,
not sure how to do this in IDA, there is something like loading offset, maybee if you manage to chage it; also you could try to change the prefered image base. The last thing to try could be dumping the dll from two different bases, and then use some tool to recover relocations from differences between dumps (I saw that tool somewhere).
Good luck,
least

The way I see it, you have two options.
1. if you use manually loading in ida, you can set the dll-base on loading.
you will find the original dll-base with depends.exe or in the pe-header with a hex editor.
2. try some of those pe-rebuilders.
3. open the dll in a hex editor, and manually go through the peheader and find the correct values. then manually correct the file.