|
|
|
|
#1
01-12-2005, 08:52
|
|||
|
|||
|
I did unpacking app like your case.
my case was Starforce. (3 years ago.. hugh~~) SF used emulating of Kernel,GDI,User process. first I dumped code section, & alpha.dll (It emulate imported function) and I checked all opcode pointed on alpha.dll in code section. like call alpha.xxxx jmp alpha.xxxx mov reg32,alpha.xxxx I gathering all opcode address & referece address point. and I made new IAT by gathered information. gathering is so Hard or not. If you want find Making Import table, Check hxxp://win32asm.cjb.net <Iczelion's Win32 Assembly Homepage> There good information about PE File format. 
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Add imports to DLL import table | jonwil | General Discussion | 5 | 09-07-2020 16:47 |
| How to shuffle names in the PE import table? | Newbie_Cracker | General Discussion | 5 | 08-25-2019 03:59 |
| Reliable PE Library or DLL for Adding Functions to Import Table | omidgl | General Discussion | 3 | 06-28-2008 09:53 |
| Can`t restore import table | thechatter | General Discussion | 9 | 11-14-2003 21:01 |
| Changing Import Table?? | magic | General Discussion | 3 | 09-14-2003 01:59 |
Hybrid Mode
