|
Hi least,
Yes, I can dump/rebuild the prog so it works in the OS I dumped under (but only by manually adding the API's). I also think the Import table is messed up as imprec can't find it once the OEP found using OllyDbg is entered.
The file has sections similar to UPX0/UPX1 but called CWFR and FWFR and where the UPX! sig usually goes is BWFR so this could be a new UPX scrambler or a UPX-a-like packer, not sure, PEiD says it's UPX?
An example EXE is here: hxxp://arcade.reflexive.com/downloadgame.aspx?AID=79&CID=0
Install it and check fusion.exe
You maybe able to see where the import table is hidden?
thanks!
|