does anyone know how to ensure that the SQL IAT dll's are loaded for debugging? when i run my program the memory address sqlsort.dll's iat is at is not loaded.

anyone have any hints?

Your DLL probably got relocated. Press Alt-E to see where in memory the DLL is.

The Sqlsort.dll is not shown ...

all that is loaded into the executable module is the kernel32.dll and ntdll.dll

is there some way for me to ensure the dll is loaded?

Sounds like you have some sort of packer involved somewhere, only 2 .dll's in the executables window is a typical for a pcked .exe.

SiGiNT

can you give me some hints on how to solve this or what this means "pcked"?

sigint33 told that probably one of the binary files you have is packed, it means protected and compressed using a packer like UPX, FSG etc..

To solve this problem you have to know which file is packed ( you can use a packer scanner like PEiD), you could eventually find some tool to auto-unpack it (only if it is a very well known packer like UPX or similar), or you could manual unpack it.
To know more about manual unpacking I suggest you to read tutos =)

Pcked means I'm old and frequently mis-type posts and then fail to reread them!, do a multiscan on your target's directory using PEiD - you can find it most anywhere - or if olly tells you that the OEP of a module is located outside of the code that's a 99.9% indication that the module is pcked, (packed).

SiGiNT

Hey! You aren't nearly as old as I am, or your eyes nearly as tired as mine.

Regards,

JMI,

Just a suggestion, (maybe I'll create one) a smiley with wrinkles a beard and a walker or cane - the young looking ones just don't fit!

And BTW we're pretty close in age recently just got 1 yr. closer.

SiGiNT

You can't be "close" unless you are well past 50! I have children older probably than alot of our members here and I was already in my 30's when they were born.

Regards,

JMI,

0x00000038

Do the math!

SiGiNT

Well congratulations on your recent birthday.

Another couple of months and I will be 0x0000003D!

Glad to see there are some other old blind farts here, besides me.

These kids don't really remember a world without computers, cell phones, color TV and microwave ovens. Life was sure quiter when we were kids. The only thing we had to listen for was our mother's yelling it was time to come in for dinner.

Regards,

Geez, JMI

I remember when we got our first black and white TV, being a navy brat you kind of lived out of the commisary - ah yes! and playing with the rabbit ears, 99% of the forum is going "what???". and helping dad with the antenna on the roof.

SiGiNT

Anyway @jimeeq,

Was your target packed?

as far as i can tell it is not packed. what is OEP???

let me give you all some more information. This program loads the memory address of the IAT table onto the stack and then calls for it later. the problem is that when the call is made there is nothing at that memory address. is there a way to "preload" a dll into ollydbg so that the memory location has the IAT table in it?

well it's pretty likely that it's packed!
OEP: original entry point, that's where the actual program starts. but as it's packed, an algorithm will first do the unpacking and then jump there.