ImpREC.dll & reversing

FEUERRADER · #1 02-17-2004, 22:41

I want use ImpREC.dll in my unpacker, but it works only on winNT-systems

HOWEVER, GUW32 use THIS ImpREC.dll and successfully rebuild import on win9x! It's a paradox!!!
In my unpacker ImpREC.dll on win9x import looks like:
=============================
KERNEL32.dll 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache KERNEL32.dll 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache
=============================
On WinXP my unpacker works fine, but on win9x import filled FlushInstructionCache functions.

Rebuild function looks like:
BOOL RebuildImport(DWORD pid, DWORD oep_rva, DWORD iat_rva, DWORD nb_recursion, LPTSTR dump_filename);

Syntax of my call on MSVC++ 6.0:
RebuildImport(pi.dwProcessId, 0x401000, 0, 5, m_Dumpname);

What is nb_recursion??? I reversed PEiD Generic Unpacker by Snaker and there found this number. There was 5.
What number must be there??

p.s. sorry for my ugly english

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
ImpRec bug ?!!	Newbie_Cracker	General Discussion	2	11-14-2006 21:06
Problems with Imprec 1.6f >	ILCH	General Discussion	6	11-18-2004 09:16
imprec question	fotisl	General Discussion	1	09-20-2002 06:09