Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   ImpREC.dll & reversing (https://forum.exetools.com/showthread.php?t=3449)

FEUERRADER 02-17-2004 22:41
ImpREC.dll & reversing
 
I want use ImpREC.dll in my unpacker, but it works only on winNT-systems :( HOWEVER, GUW32 use THIS ImpREC.dll and successfully rebuild import on win9x! It's a paradox!!!
In my unpacker ImpREC.dll on win9x import looks like:
=============================
KERNEL32.dll 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache KERNEL32.dll 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache 1FlushInstructionCache
=============================
On WinXP my unpacker works fine, but on win9x import filled FlushInstructionCache functions.

Rebuild function looks like:
BOOL RebuildImport(DWORD pid, DWORD oep_rva, DWORD iat_rva, DWORD nb_recursion, LPTSTR dump_filename);

Syntax of my call on MSVC++ 6.0:
RebuildImport(pi.dwProcessId, 0x401000, 0, 5, m_Dumpname);

What is nb_recursion??? I reversed PEiD Generic Unpacker by Snaker and there found this number. There was 5.
What number must be there??

p.s. sorry for my ugly english :)


All times are GMT +8. The time now is 21:35.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX