Hi. Glad to be apart of this forum. I found this searching for RVA tools.
So im new to this Reverse Engineering Software . I have been studying daily after coming home from work for about four months already. I learned the basics of assembly language and now im on tutorial 3 in the Lenas Tutorials for beginners.
Ive also been reading other books like Goppit PE file format . << really good info. IDA Pro. Reverse engineering code with IDA. And many others. It takes a lot of dedication and a natural passion to get anywhere when it comes to RE.
So I got both.
Now my question is, I have unpack a PE file that uses Themida 1.2.0.1 . I found the OEP and used it to fix my unpack .exe file.
Then I used the Import REConstructor to fix the IAT etc. This is what I did. I added the OEP REConstructor. I used Get Imports. Found a couple valid:NO FThunks. i right clicked on main window and choosed the Advanced Commands and clicked the Get API Calls Then I clicked OK button. then it went back to main window. Then I clicked on the Show Invalid button to the right and invalid Fthunks were highlighted blue. So I right clicked again on main window again and clicked Cut Thunks.
Then afterwards I clicked on the Fix Dump button at the bottom and patched the file I dumped using OllyDBG 0llyNEW v1.10 by DMicheal.
So after patch I went to double click hoping my dumped file will execute correctly and came up an error message :
The ordinal 897 could not be located in the dynamic link library
C:\user\crackhead\dumped__.exe
I run Windows 8 pro
I know the OEP was correct cause Import said in a popup message something about about found something in OEP this and that.
Can someone please help. Thanks.
ordinal 897 message after using Import REConstructor v1.7e
-
- Posts: 1
- Joined: Mon Jan 07, 2013 3:56 am
Re: ordinal 897 message after using Import REConstructor v1.
Welcome.
I would suggest you upload somewhere both the original packed executable and the unpacked one.
It will be easier for someone willing to help you to understand what is wrong.
Keep it up!
H_T_P
PS: Please take a look at the basic spelling when you write. There is an automated check for that. I had to go through your original post and fix a lot of mistakes.
I would suggest you upload somewhere both the original packed executable and the unpacked one.
It will be easier for someone willing to help you to understand what is wrong.
Keep it up!
H_T_P
PS: Please take a look at the basic spelling when you write. There is an automated check for that. I had to go through your original post and fix a lot of mistakes.
I have Inlined Truth into Well-Packed lies. (Hack_ThE_PaRaDiSe)