oh ya i know wat is that call....
it's is 1 of the code that write the wrong iat to the program....
so wat u need to know about this call???
i will answer if i know....
yes i inject my own code to fix the iat...
sorry,i can't to download your unpacked.exe.
but i want to know to fix oep and other if you pass iat.
不习惯写英文,处理完iat,我就搬壳的块到dump文件尾,然后修复,不行再跟踪,再搬,不行再搬,好烦,每次搬完后又要写PE 的section信息,又要重建...dump文件结果变得真累真肥:D
优化的事就没去想...也没能力
我试过用ASProtect v1.31 build 06.14加壳 winhex11.6,
and 我也用以壳解壳的方法修复了它,发现它运行正常,但点一些项目没反应,加载调试也没发现异常和出错,然后又用ASprstripper_v2.11rc1脱壳,情况跟我干的一样,只是它比我干得“瘦”,我好像用了checksum,stolen and resource protect...最强的一项用不了,没Key,就算有我也不想加,机子太弱了...
just copy and paste the link to ur download manager...
for the stolen code i do the same way like u did...
first i add the "oep stolen code" and rebuild using lordpe...load the dumped.exe into olly and trace see where is the error occur.. normally u will get error msg because the program cannot find some of the code... so u just need to dump the region that the program cannot find and add at the back of dumped.exe and repeat the steps until u get the program running without error....