|
ImportRec needs to read the header of user32.dll. it does this in the target process. but there the header got destroyed. i included a little check when ReadProcessMemory is called to compare
lpBaseAddress Parameter of ReadProcessMemory to ModuleBase of user32.dll.
if the check succeeds, i wrote a small read-function which reads the user32.dll loaded by ImportRec instead of the user32.dll used by the target process. so it gets a valid header and valid values.
regards
btw, the invalid IAT-value isn't the point it crashes. most of the time IAT-entry isn't needed.
|