OD1.10载入该Dll, 用ODbgScript1.48跑Aspr2.xx_IAT_fixer_v2.2s, "Fix call xxxxxxxx..."确认框选"是(Y)", "IAT fixed. No stolen code at the OEP!..."确认框选"取消"(
选"确定"会报"无法读取调试进程的内存"错误). 此时在Log窗口可以看到OEP_rva为000DB33C.
运行LordPE将内存中Dll Dump出, 存为Dumped.dll. 然后再运行ImportREC v1.6F, 选取内存中的该Dll, 输入OEP000DB33C, 按"IAT AutoSearch", 报"Could not find anything good at this OEP! :-("!