Andrew
06-28-2009, 11:33 PM
I've used OllyDbg and ImpREC to dump and fix a Neolite 2.0 (maximum compression) exe.
ImpREC gives about 10 invalid truncs. When I attempt to run the fixed dump the EXE crashes on startup and gives error 0x0000005.
From reading various tutorials on the Internet I'm quite sure I need to use Revirgin to rebuild the IAT table, but I'm not sure how to use the tool, and predator's tutorial is a little too hard for me to follow.
Could someone let me know whether I am correct or not thinking the exe is not running because the imports table is destroyed, and if so, could someone recommend an easier approach than revirgin?
ImpREC gives about 10 invalid truncs. When I attempt to run the fixed dump the EXE crashes on startup and gives error 0x0000005.
From reading various tutorials on the Internet I'm quite sure I need to use Revirgin to rebuild the IAT table, but I'm not sure how to use the tool, and predator's tutorial is a little too hard for me to follow.
Could someone let me know whether I am correct or not thinking the exe is not running because the imports table is destroyed, and if so, could someone recommend an easier approach than revirgin?