Hi DumbNewb,

When you've unpacked a program be sure to check if everything is correct in the PE Header :) (Like changing the Entry Point, and also check if the stuff at the Section Table is correct).
You most probably also need to fix the Import Table.

But firstly, do you know what Packer/Protector has been used? (You can use PEiD or similar tools).

Regards,

CoDe_InSiDe

EDIT:
I've downloaded the program myself and I saw it has been packed with UPX.
Then you certainly need to fix the Import Table (Use ImpREC or similar tools, or do it by hand but I won't suggest that to you now, hehe ;) )
And like I said, fix the PE Header :)

Hi DumbNewb,

When a program has been packed and then has been runned, the Packer handles the Import Table and gets the base addresses of the API's and stores them in the IAT (Just like Windows would do if you run a file).
When you dump a program from memory, the required DLL's will be loaded (With LoadLibraryA for example) and then the base addresses of the API's will be retrieved (With GetProcAddress for example).
DLL's like KERNEL32.DLL, USER32.DLL are already loaded by Windows so they will stay in the same memory area, that's why the unpacked file with the pointer to MessageBoxA (From USER32.DLL) didn't cause any problem because USER32.DLL has already been loaded and so it stays on a fixed address.

I hope you understand what i'm trying to say here :)

In the Section Table it should be for each section:

Raw Size = Virtual Size
Raw Offset = Virtual Offset

Because you dumped the file from memory (Virtual).

I hope I helped you a little bit :)
Good luck with that game ;)

Regards,

CoDe_InSiDe

Hi Guest,

it's an MMORPG that provides a short-term 'free' account, and I don't intend on paying for an account

Hehe, I can only guess which game this is... ;) (If it's the game I think then I can say that i've never seen it ;) )

All game executables and DLLs are heavily packed and mangled

Then I shall ask the obvious question: Do you know with what Protector is has been protected? (Use PEiD or similar tools)

but apparantly the resulting (dumped) executable doesn't have a valid PE header

Well, check what's wrong with the PE Header ;) (Maybe it has screwed up the NumberOfSections...)
You're saying that most PE Rebuilders fail, so then I suggest to look at it with a Hex-Editor (But then ofcourse you need to know what your looking at :) find some tutorials about the PE Header).
I think you need to try to unpack the game file itself, that should be the best option :) (But could be difficult).

is if you knew of any good source code (C/C++) and/or tutorials I could learn from for programmatically doing what ImpRec does (rebuilding the IAT).

No sorry, I don't know any tutorials or sources which explain what ImpRec is doing :) (Well, there are tutorials which explain the Import Table, but that's not all you need...)
Maybe try analyzing ImpRec itself? (It's packed with UPX, so you know how to unpack it now, hehe :D )

Regards,

CoDe_InSiDe