|
Well he says it also happens after a reboot...
But similarly, it's probably Imports are not properly reconstructed. Meaning the address of imported APIs is hardcoded to a specific address in your dump and not in the IAT. This address changes with each reboot thanks to ASLR.
To verify if this is your problem you can turn off ASLR, unpack your file again, and see if it works after a reboot then. Backtracing from the crashsite is probably hard because you dont know what the addresses pointed to back when you first unpacked it.
|