[5Alive]

Thanks for the replies guys. I did notice the check box for adding a new section but wasn't clear on how to use it. My dumped DLL works with the .mackt section in place. I'd just like to try and have imports and exports in the one section. I had a look at ReVirgin but I didn't care for the user interface.

The unpacked DLL I found has the import table at RVA 64564,size B4 and the export Table at 65BC0, size 4E. Whereas the file I dumped and fixed has the export table at 65ADO and the Import Table at 153D0.

I also see that Vsize of the original .radta section has been increased from FB1E to 10000, which borderss the start RVA of the .data section at 66000.
Presumably this increase is to allocate the needed space for IAT and EAT tables?

What I don't yet understand is why these particular export and import tables RVAs were chosen? Is it common practice copy and paste these tables and then adjust the RVAs accordingly? I thought this process would have been more "automated" if you see what I mean.

I'm probably thinking this is much more difficult than it actually is, and I'm maybe overlooking something simple.

Oh and what do you to find a suitable "cave" for the IAT? I tried dumping the .rdata section (Vsize was increased to 10000) and opened it in Hex Workshop expecting to see sufficient free space towards the end of the file(there wasn't room).

Many thanks,
5aLIVE.