Unpack OneWay.dll problem,Import REConstructor v1.6 Final fails.
 

I unpacked OneWay.dll.(www.atma-software.com/1way)
This is the OEP I thought .
I click the "Pick DLL" button.And I can see the Imagebase is 003B0000.
But When I choose OneWay.dll.
The Imagebase in the Log window is 00400000.
So I couldnot fix the unpacked dll.

see the attachment for two pictures discribe the problem I met.

What's the problem?
Import REConstructor bug?
Are there any alternative tools to fix the import table?
Confused.
Any comment is appreciated.
Thx!
------
Is this the same question of my previous thread?
http://forum.exetools.com/showthread.php?t=8612

Maybe this dll first packed with asprotect,then PEcompact.

Regards

You probably need to change ImageBase in PE header of dumped dll to 003B0000

hey


in your options..
make sure this is unticked " use PE Header from disk"

otherwise then yes you pick up the 004xxxxx instead of 35xxxxxxx ..
i just tried it.. and it picks up base...

Well,Thank you very much.I got it.
I always learn so much from ARteam.You did very well.

--------------------------
Yes,you are right.
There is a crash when I fixed the Import table.
But I found the cause:the imagebase of the dumped dll is still 00400000.
I should be 003B0000.
I corrected it with lordPE.It works.

If you donnot want to do so.
When you dump the dll,You could tick the "Full dump:Rebuild Imagebase"
and make sure tick "change Imagebase to" and set it to 003B0000.

That's it.

Thanks again.

Regards