How to use ImpREC_DLL

Posted November 28, 201311 yr

Hi,

has anyone used the ImpRec DLL ?

I added to my cpp the prototypes and code:



DWORD SetModule(DWORD pid, DWORD base);

void  LogIATEntry(DWORD rva_iat_slot, DWORD va_api);

DWORD MakeImportTable(LPTSTR dump_filename);

....

...

SetModule(fdProcessInfo->dwProcessId, fdLoadedBase);

included the header with error codes and link against ImpREC_DLL.lib

still getting error :



error LNK2019: unresolved external symbol ""unsigned long __cdecl SetModule(unsigned long,unsigned long)" (?SetModule@@YAKKK@Z)"

SOLVED:

add to header



#ifdef __cplusplus

extern "C" {

#endif /*__cplusplus*/

__declspec(dllimport) DWORD SetModule(DWORD pid, DWORD base);

__declspec(dllimport) void  LogIATEntry(DWORD rva_iat_slot, DWORD va_api);

__declspec(dllimport) DWORD MakeImportTable(LPTSTR dump_filename);

#ifdef __cplusplus

}

#endif /*__cplusplus*/

or got the long way using LoadLibrary, GetProcAddress etc

Edited November 28, 201311 yr by cypher

November 29, 201311 yr

Author

am I supposed to call SetModule for every module loaded with the base of each module? Or just a single time before every other call?

right now I do



SetModule(pid, imagebase) //imagebase = 400000, base of main module
loop over IAT entries {

LogIATEntry()

}
MakeImportTable()

however the IAT is build and entries for kernel32, user32, shell32...are correct but entries for d3dx9 (and others) are wrong and would be correct if rebased

Solved:

yes you have to call SetModule for every DLL

Edited November 30, 201311 yr by cypher

Sign In

How to use ImpREC_DLL

Featured Replies

Create an account or sign in to comment

Account

Navigation

Search

Configure browser push notifications

Chrome (Android)

Chrome (Desktop)

Safari (iOS 16.4+)

Safari (macOS)

Edge (Android)

Edge (Desktop)

Firefox (Android)

Firefox (Desktop)