cypher Posted November 28, 2013 Posted November 28, 2013 (edited) Hi,has anyone used the ImpRec DLL ? I added to my cpp the prototypes and code: DWORD SetModule(DWORD pid, DWORD base); void LogIATEntry(DWORD rva_iat_slot, DWORD va_api); DWORD MakeImportTable(LPTSTR dump_filename); .... ... SetModule(fdProcessInfo->dwProcessId, fdLoadedBase);included the header with error codes and link against ImpREC_DLL.lib still getting error : error LNK2019: unresolved external symbol ""unsigned long __cdecl SetModule(unsigned long,unsigned long)" (?SetModule@@YAKKK@Z)" SOLVED:add to header #ifdef __cplusplus extern "C" { #endif /*__cplusplus*/ __declspec(dllimport) DWORD SetModule(DWORD pid, DWORD base); __declspec(dllimport) void LogIATEntry(DWORD rva_iat_slot, DWORD va_api); __declspec(dllimport) DWORD MakeImportTable(LPTSTR dump_filename); #ifdef __cplusplus } #endif /*__cplusplus*/or got the long way using LoadLibrary, GetProcAddress etc Edited November 28, 2013 by cypher
cypher Posted November 29, 2013 Author Posted November 29, 2013 (edited) am I supposed to call SetModule for every module loaded with the base of each module? Or just a single time before every other call? right now I do SetModule(pid, imagebase) //imagebase = 400000, base of main module loop over IAT entries { LogIATEntry() } MakeImportTable()however the IAT is build and entries for kernel32, user32, shell32...are correct but entries for d3dx9 (and others) are wrong and would be correct if rebased Solved:yes you have to call SetModule for every DLL Edited November 30, 2013 by cypher
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now