Hi Tseph,

Can I just check with whether i am doing something wrong or it is a bug with RV?

After manually tracing the IAT, i typed in the correct address of the API function and click "Resolve again" to resolve and then the API function name will appear... however, most of the time RV does not resolve BFF76DAB which is the CORRECT address of GetProcAddress... I have no problem with any other API...

Thanx

Hello binh81 !

I suppose you're using Revirgin on an ASProtected application. If yes, the problem with GetProcAddress is special ASProtect trick and not a bug in Revirgin.

Yep u r rite!!!

I am playing with cv3.2 :>... so is there a way to get around that problem? If I typed in manually then RV will still nag me that my IAT is incomplete!!!



And a big thanx to every1 here on this board... 2 days ago i was clueless about unpacking AsProtect and now i have alredy ripped 2 prog so far :>...

I often modify the IAT address of protected progs using the RAM Editor of WinHex to let them point to correct API entry addresses, then use ReVirgin to resolve it.

RV resolves on the memory location NOT API text input....

So, you can use SI to 'exp getprocaddress' , note the memory BFFblabla whatever and 'edit' that annoying unresolved entry with BFFblabla NOT text GetProcAddress.....resolve again and the correct API description will appear

Spl/\j