Been scratching my head of this one. I have successfully dumped a BitArts Crunch target from the OEIP and rebuilt the IAT without any probs. As ppl know with BitArts the easiest way to defeat the PE stub checking is to copy the original header back in memory after using VirtualProtect.
Anyway... the program works perfect on Win 2000 but refuses to work on XP and Windows 2003. I have tried dumping and rebuilding the imports on 2003 and XP to see if this fixes the problem but no go. I suspect the IAT is messed up somehow when running under these OS but this has me stumped.
Has anyone had this problem before where youre rebuilt proggies work on one OS but not another? (talking about 2000,2003,XP here)
Have stopped on OEIP with both OllyDbg and SoftIce, tried dumping with both LordPE and PETools, in all cases rebuilt the imports with MackT.
cheers
-Ex
