i'm trying to unpack aspacked dll. I found Oep without difficulty then i dump it. I corrected IAT but now i only need to get relocation size and address to fix the dumped dll. How can i get these values ?

Thanks in advance..

Sorry for my bad english, i'm french ! =)

From PE header. Open dll in olly and check PE header in memory map. For example:

100001A0 00900100 DD 00019000 ; Relocation Table address = 19000
100001A4 540B0000 DD 00000B54 ; Relocation Table size = B54 (2900.)

I don't remember did I ever unpacked dll, so good luck

Thx Mr haggar but it doesn't work. I'll try to explain my problem again :

I've aspacked a dll.

i load my aspacked dll in olly then break at oep, i check PE header in memory map :

10000198 543F0900 DD 00093F54 ; Relocation Table address = 93F54
1000019C 08000000 DD 00000008 ; Relocation Table size = 8

but i know than original dll reloc add and size are :
10000198 00F00800 DD 0008F000 ; Relocation Table address = 8F000
1000019C D4240000 DD 000024D4 ; Relocation Table size = 24D4 (9428.)

How can i find these original values while unpacking the dll ?

I'm also looking for some information on how to do this. Any help greatly appreciated.

5aLIVE