Thread: FThunk RVA Import Problem Need Help
View Single Post
  #2  
Old 04-20-2019, 16:57
deepzero's Avatar
deepzero deepzero is online now
VIP
  
Join Date: Mar 2010
Location: Germany
Posts: 310
Rept. Given: 115
Rept. Rcvd 64 Times in 42 Posts
Thanks Given: 195
Thanks Rcvd at 224 Times in 95 Posts
deepzero Reputation: 64
1. upx -d works perfectly. If your exe doesnt run after, it's because of an integrity check. Debug it.

2. your OEP is right, but I dont know how you arrive at those IAT numbers. Using the same scylla version as you, scylla correctly finds the entire IAT with VA:004AE5C0 and Size:0000042C.


3. Hint: For the integrity check, look around 0x00489BC6.


Once the integrity check is patched, the unpacked file works.
Reply With Quote
The Following 4 Users Say Thank You to deepzero For This Useful Post:
Indigo (07-19-2019), Mendax47 (04-20-2019), niculaita (04-21-2019), tonyweb (04-21-2019)