As you know ImpRec always has had problem to fix imports of dumped DLLs because of rebasing. It reads ImageBase from memory, but uses ImageBase of dll from header to calculates RVA of JMP/CALL API. To fix that manually, you had to change ImageBase of dump to its value of mapped dll, and then fix imports by ImpRec.
By this fix, you don't need above procedure anymore. I patched ImpRec to overwrite ImageBase of dump with its new value.
There are some screenshots in attachment for comparison of v1.7c orginal and patched version.
I know it's an old topic, but I fixed some bugs in last fixed version.
[QUOTE]- Fixed bug introduced in 1.7b which destroys IAT Autosearch feature in some packed targets, like eXpressor 1.8 (Newbie_Cracker). - Fixed crash introduced in 1.7b when DLL's PE header has "NO Access" flag (Newbie_Cracker).
Here is a sample to test the IATAutosearch failure in version 1.7b & 1.7c which has not beed exist in older versions.
- Fixed a bug which avoids ImpREC to fix JMP DWORD [...] if it is located at the end of code section (Newbie_Cracker) ( Thanks to Nexus6 for report the bug and provide samples)
