ordinal 897 message after using Import REConstructor v1.7e
Posted: Mon Jan 07, 2013 4:55 am
Hi. Glad to be apart of this forum. I found this searching for RVA tools.
So im new to this Reverse Engineering Software . I have been studying daily after coming home from work for about four months already. I learned the basics of assembly language and now im on tutorial 3 in the Lenas Tutorials for beginners.
Ive also been reading other books like Goppit PE file format . << really good info. IDA Pro. Reverse engineering code with IDA. And many others. It takes a lot of dedication and a natural passion to get anywhere when it comes to RE.
So I got both.
Now my question is, I have unpack a PE file that uses Themida 1.2.0.1 . I found the OEP and used it to fix my unpack .exe file.
Then I used the Import REConstructor to fix the IAT etc. This is what I did. I added the OEP REConstructor. I used Get Imports. Found a couple valid:NO FThunks. i right clicked on main window and choosed the Advanced Commands and clicked the Get API Calls Then I clicked OK button. then it went back to main window. Then I clicked on the Show Invalid button to the right and invalid Fthunks were highlighted blue. So I right clicked again on main window again and clicked Cut Thunks.
Then afterwards I clicked on the Fix Dump button at the bottom and patched the file I dumped using OllyDBG 0llyNEW v1.10 by DMicheal.
So after patch I went to double click hoping my dumped file will execute correctly and came up an error message :
The ordinal 897 could not be located in the dynamic link library
C:\user\crackhead\dumped__.exe
I run Windows 8 pro
I know the OEP was correct cause Import said in a popup message something about about found something in OEP this and that.
Can someone please help. Thanks.
So im new to this Reverse Engineering Software . I have been studying daily after coming home from work for about four months already. I learned the basics of assembly language and now im on tutorial 3 in the Lenas Tutorials for beginners.
Ive also been reading other books like Goppit PE file format . << really good info. IDA Pro. Reverse engineering code with IDA. And many others. It takes a lot of dedication and a natural passion to get anywhere when it comes to RE.
So I got both.
Now my question is, I have unpack a PE file that uses Themida 1.2.0.1 . I found the OEP and used it to fix my unpack .exe file.
Then I used the Import REConstructor to fix the IAT etc. This is what I did. I added the OEP REConstructor. I used Get Imports. Found a couple valid:NO FThunks. i right clicked on main window and choosed the Advanced Commands and clicked the Get API Calls Then I clicked OK button. then it went back to main window. Then I clicked on the Show Invalid button to the right and invalid Fthunks were highlighted blue. So I right clicked again on main window again and clicked Cut Thunks.
Then afterwards I clicked on the Fix Dump button at the bottom and patched the file I dumped using OllyDBG 0llyNEW v1.10 by DMicheal.
So after patch I went to double click hoping my dumped file will execute correctly and came up an error message :
The ordinal 897 could not be located in the dynamic link library
C:\user\crackhead\dumped__.exe
I run Windows 8 pro
I know the OEP was correct cause Import said in a popup message something about about found something in OEP this and that.
Can someone please help. Thanks.