Page 3 of 3 FirstFirst 123
Results 31 to 32 of 32

Thread: EXECryptor (Latest version) dump fixing

  1. #31
    rockdh
    Guest
    I am still trying to unpack this app.
    Then i read a bit of ASM tutorials and stuff.
    I got to know that i was doing all wrong.
    I found the correct OEP and stuff now.
    Even assembled the InitExe jump properly (the last one wasnt proper).
    THe problem now is fixing imports.
    I press IAT autosearch in ImpRec and it finds one import and the rest are invalid.
    The valid one found is MessageBoxA.
    I tried the ExeCryptor ImpRec plugin but still they are invalid.
    Deroko, please help me.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #32
    Don't use IAT autosearch, locate IAT manually, then type rva/size in imprec and locate invalid pointers, run plugin on them and voila. If target fails on some pointer, simply save tree.txt, skip that pointer and run plugin on others, later you may locate invalid ptrs manually. Logic is simple -> ExeCryptor will call GetModuleHandle or LoadLibrary to get dll base or to load needed .dll and will use custom implementation of getprocaddress to find API.

Similar Threads

  1. fixing IAT Armadillo 3.78
    By NoLOcK´s in forum The Newbie Forum
    Replies: 1
    Last Post: August 9th, 2005, 15:48
  2. EXECryptor
    By omega_red in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: September 22nd, 2004, 04:16
  3. problem fixing imports
    By jolopez in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: February 17th, 2004, 09:23
  4. Replies: 0
    Last Post: June 4th, 2001, 11:31
  5. can't crack newer version using older version tuts.
    By bas in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: February 12th, 2001, 21:40

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •