|
|
|
|
#1
04-21-2005, 04:39
|
|||
|
|||
|
Program's not working under xp sp0 too. And that's why:
If you look at the import table you can see that all entries are referenced by ordinals. This means that it will work only with those versions of dll's which was loaded when you've dumped target. For example, kernel32.dll!Beep has ordinal number 27 in xpsp0 and number 29 in xpsp2. To work around this problem, go to xpsp1, convert all ordinal imports to name imports (maybe it cannot be done with all imports. If it's the case, leave ordianls for such dlls) I think there're some tools that can do this automatically. You can load unpacked program and dump it with option "Reconstruct imports" (or something like this) set. Last edited by amitophia; 04-21-2005 at 04:41. 
|
|
#2
04-21-2005, 21:51
|
|||
|
|||
|
ami,
it works! i load the original target with Olly and got the OEP, than fix the unpacked using ImpRec. btw, the developer just released another tool that I cannot unpack it using the same way (maybe uses newer protection system). Peid 0.93 cannot detect OEP and Olly got crashed. please take a look,the target downloaded from: http://rapidshare.de/files/1429442/Target.rar.html Last edited by ivanov; 04-26-2005 at 00:49.
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| IDA .sig file doesn't work when target is 16 bits? | ycloud | General Discussion | 4 | 04-24-2004 22:44 |
Hybrid Mode
