Page 4 of 4 FirstFirst 1234
Results 46 to 50 of 50

Thread: Messin' with the Import table

  1. #46
    qferret
    Guest
    Thanks for the tip Kayaker, it worked beautifully. But is there a tool that will add an import w/o adding a section? or is this not possible/too hard?

    I just had a brief look at it so far, but I think I should be able to figure out how it was done. I would just rather have it look "original" ;-)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #47
    Eternal Bliss
    Guest
    Kayaker (06-25-2001 09:18):
    Hi Eternal Bliss,

    I see what's happening. The original 'missing' Import had an initialized address in the First Thunk of 1D17 F5BF, but its API name was missing.

    You replaced the First Thunk pointer correctly to where the name should be, but didn't get the API name right. Instead you got the name corresponding to the address BFF51118 instead of BFF5171D. From what you did replace the name with I'm thinking you're running Win98 as well, but just in case I'll up my version of User32.dll (28K zip) so non-98 users can find the address easier.

    Cheers,
    Kayaker
    Thanks. 8) Did it. 8)

    the second part:
    1) I used resource editor to make the form always on top.
    2) I look for showwindow and see which one has a PUSH 00000000 which is SW_HIDE and changed it.

    Regards.
    EB
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #48
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,085
    Blog Entries
    5
    For anyone following the API Hooking thread on the main forum, here's a reupload of the original project program, which is OK to remain here.

    Kayaker
    Attached Files Attached Files

  4. #49
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,085
    Blog Entries
    5
    Hmm, I forgot I had reuploaded this lost project file. I just reupped it again to the original post, this time along with the original KeyInfo program file, so should make it easy to compare a correct import table with the 'corrupted' one for those just getting their feet wet. Links updated as well.
    (yes I know I originally called the program KeyCode, but that was a ruse so nobody tried downloading the *real* KeyInfo program to cheat ;-)

    Kayaker

  5. #50
    nofurs
    Guest
    Well maybe someone did who knows (ouch! an accusation again? LOL
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Can't get the Import table right
    By Horsa in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: May 1st, 2006, 20:49
  2. Import
    By Snitch in forum OllyDbg Support Forums
    Replies: 3
    Last Post: November 22nd, 2005, 10:23
  3. Import table doesn't really resolved
    By Ja187 in forum The Newbie Forum
    Replies: 3
    Last Post: January 4th, 2005, 12:50
  4. Import .nms files
    By psyCK0 in forum Plugins (General)
    Replies: 1
    Last Post: January 27th, 2003, 11:37
  5. Import table size.
    By remi in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: May 18th, 2002, 15:41

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •