dpogacic
03-27-2011, 06:02 PM
Hi there!
How I unpacked a file packed by PeCompact manually with OLLY DBG V 1.10, I have problems to rebuild the imports.
I am using the imprec V 1.6 Final, with all needed settings made in the imprec.ini, but I have problem when I want to change the Original Entry Point - OEP, to search for the invalid imports.
After the magic JMP EAX command in PECompact on the address:
0083AB1F
I am on the OEP, on the address:
005B6D9F
and, after the code analising, I know that is the original OEP.
When I change the OEP in the imprec to:005B6D9F after the file dumping, by clicking on "Auto search", the imprec shows the message:
"Invalid RVA. Invalid OEP. The OEP does not match in the process memory."
I am interesting where is the problem?
File I unpacked is called "jfw.exe", and link for download is:
ftp://ftp.freedomscientific.com/users/hj/private/WebFiles/JAWS/J12.0.525_Portable-32bit.exe
Best regards
Darko
How I unpacked a file packed by PeCompact manually with OLLY DBG V 1.10, I have problems to rebuild the imports.
I am using the imprec V 1.6 Final, with all needed settings made in the imprec.ini, but I have problem when I want to change the Original Entry Point - OEP, to search for the invalid imports.
After the magic JMP EAX command in PECompact on the address:
0083AB1F
I am on the OEP, on the address:
005B6D9F
and, after the code analising, I know that is the original OEP.
When I change the OEP in the imprec to:005B6D9F after the file dumping, by clicking on "Auto search", the imprec shows the message:
"Invalid RVA. Invalid OEP. The OEP does not match in the process memory."
I am interesting where is the problem?
File I unpacked is called "jfw.exe", and link for download is:
ftp://ftp.freedomscientific.com/users/hj/private/WebFiles/JAWS/J12.0.525_Portable-32bit.exe
Best regards
Darko