DLL Hell (Help!)

Thanks.

My problem is i try to unpack this dll, i can find the oep very easy, i break at the JMP EAX, and step once, them iam in the oep.

for me the base was:

->> Module selected: c:\pb\pbcl.dll
Image Base:00370000 Size:0004C000

OEP in olly was: 00390108

00390108h - 00370000h = 20108h;

I enter 20108 as the oep, click IAT autosearch, and i get "Cant find anything good blah blah", now i can unpack neolite exe's fine, but i always have this problem in unpacking dll's no matter what protector

Anybody show me my problem ? thanks.

[bukkake]

If you are unpacking this with ollydbg, and used loaddll.exe, when you dump the file, open ImpRec, attach to loaddll.exe, then click pick dll, and select the dll from that list you gonna get, then you can put the OEP.

Yes, i did do that, attached to loaddll.exe, and went to Pick DLL, after i chose pbcl.dll, and then i clicked ok, i enter in the oep, then i get that msg. Iam thinking it must be some other problem, which os are u using and which version of imprec please ?

See the attached Picture, i did it correct but still no go.

[LaptoniC]

You know that dlls are relocated. So first check at the bottom of imprec for image base of DLL. Imprec has an option that loads PE header from disc. So lets say that your orginal dll image base is 10000 in the PE header, if that locations is reserverd by another dll, windows will load your dll to another address, ie 12000. Of course when Imprec look for 10000 it wont find anything. So in order to fix this, change corresponding option of Imprec. Your work wont be finished here because you have o fix reloc section too. Good luck

[fly [CUG]]

Game