I have a dll file,which is packed by unknown way.
I unpacked it manually. My steps were:

1.find OEP
2.dump its memory
3.change the dump file's Entry Point
4.fix the dump file's imports table

because the origional dll file has no relocations,i did nothing for this work. The unpacked dll shows "Microsoft Visual C++ v7.1 DLL",all extra information shows "not packed". In addition,Iload it by IDA,or any other pe tools,no error occur.

Anybody would like to tell me why?and any idea?Thanks

If you don't know what it's packed with, you can't be sure you have unpacked it correctly. What if there are stolen bytes, for example?

Can you post it here so more of us can have a go at identifying it?

Git

of course I want to,but the problem is that i can't post archive files here.And,if you would like to post your email by private message i will send you the original file and my unpacked file.i have no idea now.Thanks

http://rapidshare.com

Git

OK. I have upload my unpaked dll file here:myunpacked.dll (http://rapidshare.com/files/106767568/unpacked.dll.html)
and the original packed dll file is here:original_packed.dll (http://rapidshare.com/files/106835477/packed.dll.html)
I will be very appreciated if anybody would like to help me take a look at it.
Thanks

I didn't look, but it's hard to believe there's a dll which doesn't need relocs.
Usually the packer/protector takes that part. So you won't see it in a .reloc section or something.

you means that although there is no relocations in the original file,the packer may be do some relocation hidely?

so, if a packer deal with the relocation for a dll file. How should i find the right point?
Thanks

I really have used ReloX to rebuild its Relocations, but the final dll file can't be loaded as before.
Any idea?

kcynice : look at your post and you will see there is an Edit button at the bottom. Try using that instead of replying to yourself every time.

Git

OK, Thanks