#1
|
|||
|
|||
ImpREC.dll & reversing
I want use ImpREC.dll in my unpacker, but it works only on winNT-systems HOWEVER, GUW32 use THIS ImpREC.dll and successfully rebuild import on win9x! It's a paradox!!!
In my unpacker ImpREC.dll on win9x import looks like: ============================= KERNEL32.dll 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache KERNEL32.dll 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache ============================= On WinXP my unpacker works fine, but on win9x import filled FlushInstructionCache functions. Rebuild function looks like: BOOL RebuildImport(DWORD pid, DWORD oep_rva, DWORD iat_rva, DWORD nb_recursion, LPTSTR dump_filename); Syntax of my call on MSVC++ 6.0: RebuildImport(pi.dwProcessId, 0x401000, 0, 5, m_Dumpname); What is nb_recursion??? I reversed PEiD Generic Unpacker by Snaker and there found this number. There was 5. What number must be there?? p.s. sorry for my ugly english |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
ImpRec bug ?!! | Newbie_Cracker | General Discussion | 2 | 11-14-2006 21:06 |
Problems with Imprec 1.6f > | ILCH | General Discussion | 6 | 11-18-2004 09:16 |
imprec question | fotisl | General Discussion | 1 | 09-20-2002 06:09 |