triz-
January 9th, 2003, 02:30
I have 2 questions about ImpRec/RV.
1) I've been using ImpRec for nearly a year now, with no complaints. It's been running on Win98SE with no problems. My old harddrive recently became a paperweight, so I popped in a new drive and reinstalled Windows. Now, when I run it, the program stalls for about 10 seconds (cursor changes, indicating it's doing *something*) then page faults somewhere inside the code. I tried running a copy copied over from the old drive, and a freshly downloaded copy, so there's no chance of the file being corrupted. Anyone ever ran into something like this before, or maybe have any idea on how to fix it? I'm not cool enough to be in MackT's inner circle and have any newer version of it
2) Given the problem above, I've tried using Revirgin again. I trace an ASProtected program through, find OEP, suspend, enter OEP, Fetch IAT -> IAT Resolver -> Resolve again. Every ASProtect API emulator plug-in I've tried simply returns 'error' when I try it, so I loaded kernel32.dll into W32DASM, manually trace each API, and put in the DLL name, ordinal number (from the disassembler), function name and address of it. Each function is fully fixed. When I click Generate, it says 'Some function(s) are not resolved...'
Check the list again, umm, they're all there. Generate it anyway, try running the 'fixed' EXE - crash, what a surprise. 
Check the .bin file generated by Revirgin, and the manually fixed APIs aren't even in there. 
Tried the whole damn thing again, same result. Is RV set to automatically throw manually fixed APIs away, or is there some arcane step I've never read about that I'm missing?
1) I've been using ImpRec for nearly a year now, with no complaints. It's been running on Win98SE with no problems. My old harddrive recently became a paperweight, so I popped in a new drive and reinstalled Windows. Now, when I run it, the program stalls for about 10 seconds (cursor changes, indicating it's doing *something*) then page faults somewhere inside the code. I tried running a copy copied over from the old drive, and a freshly downloaded copy, so there's no chance of the file being corrupted. Anyone ever ran into something like this before, or maybe have any idea on how to fix it? I'm not cool enough to be in MackT's inner circle and have any newer version of it
2) Given the problem above, I've tried using Revirgin again. I trace an ASProtected program through, find OEP, suspend, enter OEP, Fetch IAT -> IAT Resolver -> Resolve again. Every ASProtect API emulator plug-in I've tried simply returns 'error' when I try it, so I loaded kernel32.dll into W32DASM, manually trace each API, and put in the DLL name, ordinal number (from the disassembler), function name and address of it. Each function is fully fixed. When I click Generate, it says 'Some function(s) are not resolved...'
Check the list again, umm, they're all there. Generate it anyway, try running the 'fixed' EXE - crash, what a surprise. Check the .bin file generated by Revirgin, and the manually fixed APIs aren't even in there. Tried the whole damn thing again, same result. Is RV set to automatically throw manually fixed APIs away, or is there some arcane step I've never read about that I'm missing?