Hi,
I'm new to upacking and i would like some help on imprec. I attach to the process i want to dump, i use IAT AutoSearch, then get imports, i use autotrace for all invalid imports, but when i try fix dump i get a message saying 'Invalid dump file! Can't match RVA to Offset in the dump file'. The dump is created using armkiller.

Thanks a lot,
fotisl

Hello fotisl !

You forgot to enter the right EIP in ImpREC.
You've not resolved the program's imports, but the protection's imports.
Since the protection is already stripped from the dump, ImpREC can't fix it because it would try to access data outside the file.

What i did is select the process from the process list and imprec found an eip. I used this one. Is it the wrong one? Any ideas how i can find the right one?

Thanks!

Hello fotisl !

ImpREC didn't find the "right" OEP, it loaded it simply from the protected executable.
You can find the right OEP if you decide to read the program's documentation.
You must understand that even those automatic unpackers all people are running after need at least some kind of knowledge to use them.