Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Dealing with IAT redirection
Register Forum Rules FAQ Calendar

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 03-08-2005, 17:16
thomasantony
 
Posts: n/a
Question Dealing with IAT redirection
Hi,
Yesterday I was practicing unpacking. I downloaded tELock 0.96 frm exetools. I packed a simple messagebox proggy with it. I had checked IAT redirection while packing it. Now while trying to unpack it, ImpRec gives my invalid thunks. What do I do?


BTW, the original file was only 1K while the 'packed' file is 10K!!

Thomas Antony
Reply With Quote
  #2  
Old 03-09-2005, 08:52
D-Jester's Avatar
D-Jester D-Jester is offline
VIP
  
Join Date: Nov 2003
Location: Ohio, USA
Posts: 269
Rept. Given: 39
Rept. Rcvd 61 Times in 41 Posts
Thanks Given: 0
Thanks Rcvd at 4 Times in 4 Posts
D-Jester Reputation: 61
I don't suppose you tried using the plugin for tELock 0.95 thats included in the ImpREC distribution?

Attatched tELock Plugins
Attached Files
File Type: rar tELock Plugins.rar (10.2 KB, 13 views)
__________________
Even as darkness envelops and consumes us, wrapping around our personal worlds like the hand that grips around our necks and suffocates us, we must realize that life really is beautiful and the shadows of despair will scurry away like the fleeting roaches before the light.
Reply With Quote
  #3  
Old 03-09-2005, 12:31
bgrimm bgrimm is offline
Friend
  
Join Date: Jan 2004
Location: South of The North Pole
Posts: 66
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 3 Times in 3 Posts
bgrimm Reputation: 0
Also using Trace Level 3 (trap) usually works.
Just cut any invalid thunks tracing does not resolve.

(Tested with file packed with TeLock with
default options (with IAT Redirection)).

-bg
Reply With Quote
  #4  
Old 03-09-2005, 16:07
thomasantony
 
Posts: n/a
Hi,
Thanx will try that. BTW, I found the source for the telock plugin in the importrec directory!! And I can't seem to download the file ??

Thomas Antony
Reply With Quote
  #5  
Old 03-11-2005, 10:08
NeOXOeN NeOXOeN is offline
Friend
  
Join Date: Jan 2005
Posts: 273
Rept. Given: 2
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 2
Thanks Rcvd at 18 Times in 18 Posts
NeOXOeN Reputation: 3
i would like to suggest to you is to read some tuts about unpacking

First of you need to understand Pe stuction of file then you will know how to fix IAT.There are some great tuts about IAT here start reading it http://www.yates2k.net/



Next i would like to suggest to you is..that you start tracing the protection scene from begining that way you will find out how he redirects IAT and how to fix it.

There are also solutions made on web which can give you tips or solution how to solve it.IF you dont find it with google send me msg i will help you bye..


NEO
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
IAT Emulation & Redirection yogi_saw General Discussion 3 06-29-2011 22:59


All times are GMT +8. The time now is 07:28.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )