How to use ImpREC_DLL

[cypher]

Hi,

has anyone used the ImpRec DLL ?

 

I added to my cpp the prototypes and code:

DWORD SetModule(DWORD pid, DWORD base);

void  LogIATEntry(DWORD rva_iat_slot, DWORD va_api);

DWORD MakeImportTable(LPTSTR dump_filename);

....

...

SetModule(fdProcessInfo->dwProcessId, fdLoadedBase);

included the header with error codes and link against ImpREC_DLL.lib

 

still getting error :

error LNK2019: unresolved external symbol ""unsigned long __cdecl SetModule(unsigned long,unsigned long)" (?SetModule@@YAKKK@Z)" 

SOLVED:

add to header

#ifdef __cplusplus

extern "C" {

#endif /*__cplusplus*/

__declspec(dllimport) DWORD SetModule(DWORD pid, DWORD base);

__declspec(dllimport) void  LogIATEntry(DWORD rva_iat_slot, DWORD va_api);

__declspec(dllimport) DWORD MakeImportTable(LPTSTR dump_filename);

#ifdef __cplusplus

}

#endif /*__cplusplus*/

or got the long way using LoadLibrary, GetProcAddress etc

Edited November 28, 2013 by cypher

[cypher]

am I supposed to call SetModule for every module loaded with the base of each module? Or just a single time before every other call?

 

right now I do

SetModule(pid, imagebase) //imagebase = 400000, base of main module
loop over IAT entries {

LogIATEntry()

}
MakeImportTable()

however the IAT is build and entries for kernel32, user32, shell32...are correct but entries for d3dx9 (and others) are wrong and would be correct if rebased

 

Solved:

yes you have to call SetModule for every DLL

Edited November 30, 2013 by cypher