Page 2 of 2 FirstFirst 12
Results 16 to 20 of 20

Thread: Revirgin (iat rebuilder) final available.

  1. #16
    McNy@Work
    Guest
    +Tsehp (02-07-2001 05:49):
    it was a first version, just select the process at the left, do a resolve
    and then you can trace the unresolved entries, download the new version.
    regards,

    +Tsehp
    Predator [PC/pGC] (02-07-2001 20:03):
    +Tsehp my friend, I'm afraid that I have the
    ....
    I couldn't find a load button either, but you say it was for the old version so that can't be it.

    Predator
    If i weren't wrong, Predator is using the first version.
    I had a first version too, the readme file is "readme.txt"
    But in the newest version, readme file is "readme.doc"(was made some changed).
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #17
    tsehp
    Guest
    Predator [PC/pGC] (02-07-2001 20:03):
    +Tsehp my friend, I'm afraid that I have the same problem as NchantA: doing what you say, I get a 'hangup' of Revirgin. (As soon as I try the tracer).

    I used win98 build 2222. Tried it on Awave studio (www.awave.com) and on notepad.exe packed using tElock (which can redirect IAT as well).

    I couldn't find a load button either, but you say it was for the old version so that can't be it.

    Tia,

    Predator
    Ok, I'll test it again on win me using www.awave.com and report here.
    don't forget for the tracer to work to put thread.dll into %systemroot%
    later,

    +Tsehp
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #18
    spekkel
    Guest
    Hi tseph,

    well maybe a stupid question: where do i get the start rva and it's length..??
    when i click the protectected file is asks me to use the rebuilder and when i do, it asks me to set the start rva and length. So it doesn,t gives these values automaticly,i looked with pe-editor but couldn,t find the values you used on your example:notepad(asp) .
    I am using win98 first edition.

    Thanks you for the hard work on app and greetzzz.

    Spekkel
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #19
    tsehp
    Guest
    hehe that's the main job to do.
    protected apps like asprotect packed exe won't give you iat start
    and length, to find them try this :
    the exe is running, set a bpx getmenu and select a menu item, sice
    breaks, look at the call, if its like this call [425141] , then you've got an iat entry standing here, look at all the entries and locate the first,
    substract the base and you have iat start, the length is easy to find.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #20
    SpeKKel
    Guest
    OOOhh....yep i need more study (but i am so lazy)

    Ok my prog is expired , and so i can't do it with the bpx on getmenu, and i thought this comparing is done before the whole prog is loaded (asp protected :unregistered version blablabla..), but of course i can't find this comparing (when i try trw, it craches ((and all my reg/file- spying utills are killed by asp.))

    So any solutions or hints howi can bypass this ..

    Thanks AGAIN.........SpeKKeL......
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Quick Unpack v1.0 final
    By FoxB in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: June 19th, 2007, 10:52
  2. windbg final 6.4.7.2
    By 0rp in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: January 24th, 2005, 09:05
  3. Aspr Stripper 2.07 final
    By MiniMind in forum Tools of Our Trade (TOT) Messageboard
    Replies: 11
    Last Post: February 17th, 2004, 11:05
  4. icedump 6.026 final working
    By bsod in forum Tools of Our Trade (TOT) Messageboard
    Replies: 3
    Last Post: September 30th, 2002, 16:04
  5. A simple question concerning an iat rebuilder
    By tsehp in forum Advanced Reversing and Programming
    Replies: 10
    Last Post: November 9th, 2000, 14:04

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •