|
|
|
|
#1
07-13-2006, 14:07
|
|||
|
|||
|
Quote:
|
|
#2
07-14-2006, 12:03
|
|||
|
|||
|
Hi Ghandi2006! I'm working on a project too and I'm using imprec lite source code to reconstruct imports. The link below is a nice generic unpacker coded in ASM + imprec source. You can use to understand how the dump is done and how to use imprec.dll.
http://rapidshare.de/files/25793515/imprecgenericunpackersources.rar.html scherzo
|
|
#3
08-02-2006, 18:27
|
|||
|
|||
|
Now i have the dumper
Hi scherzo!
I have a working dumper, but now im faced with a different obstacle... Im using a 'full' version of the ImpREC.dll file, not the lite & it works great on MOST targets. There are still a few targets that are unrunnable after dumping. They throw an error stating "XXXXXXXXh refers to a location that was unaccessible or could not be read", leaving me to think that it is an unresolved import problem or License Manager Layer pointers that are not in their correct place. I will keep playing with it until this is fixed. I was wondering scherzo, would you be able to offer any advice regarding the usage of ImpREC.dll or even ImpREC_Lite.dll? On a positive note, the utility also includes a loader generator & an inline patch generator that seem to be working fine. I am adding another 2 types of inline patches to choose from as the first is not applicable to ALL targets. Im sure that between all the options i am including in this, it will be a pretty handy tool. It has so far: 1. 3 types of dumpers: RAW - Dumped, Process halted @ License Manager EP & IAT unfixed, Overlay Data NOT appended. Unpatched - Dumped, IAT repaired & Overlay Data appended. Patched - Dumped, IAT repaired, Overlay Data appended & selected patches applied. 2. Loader generator 3. Inline patch generator - One type @ present, more to come. 4. Searches for & returns: SetKey & LoadStatePool Addresses, License Manager Layer EP, Size & Address, CondZero's LML 'browser' type patches, ActiveMARK version, TO DO: 1. Add the 2 different types of inline patch generators. 2. Add an Overlay Data handler for targets that have been dumped 'raw'. 3. Inbuilt IAT repair, standalone rather than using ImpREC. Then it will also have IAT size & RVA. 4. Possible a commandline argument scanner for the targets it finds needing one. I have only encountered 2 such targets so far, but if this feature is present in 2, i figure that there are no doubt more..... Thanks for all your help guys & thank you Aaron (for hosting this site) & JMI (for allowing this thread to stay here to begin with). Ghandi
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Creating boot WinPE ISO from USB drive with min. disk space+factory reset prtn. info | chants | General Discussion | 2 | 02-29-2020 21:49 |
| looking for adware info and homepage hijacker info | chad1111 | General Discussion | 7 | 01-10-2005 21:02 |
Hybrid Mode
