[gabri3l]

The program is sagebrush's recallpro v1.3. Its an interesting program, in version 1.2 if you were running XP it had a bug that would delete your license information from the registry when you closed it. It just took a quick NOP to the call and it worked perfectly after that. Well it turns out that they still didn't fix the problem for version 1.3. Though they did decide to start packing it. I was finally able to get the IAT to work. The R@ider tut helped me out. I had ollydump rebuilding the Imports by default. One thing that had me confused was in labbas, r@diers, and MrBarby's tutorial they all say to increase the size when using Imprecf. I was getting frustrated because I was finding a lot of imports to fix. and a good amount of them were ADD [EAX], AL. By keeping the size about the same and Using both the ASPR2 tracer (Thank you by the way) and the 1.2 tracer I was able to get a working IAT. I know I must have done something incorrectly because when i try and repack it ASprotect says that it is already packed. and i get a message in w32dasm about pe file not in windows format but it runs! and I can debug it now and get rid of that registry call.

just a quick question for reference, when looking at what imports are in my range i look at the ptr:xxxxxxxxx and make sure that that is in my program range? And when fixing them since it will only run on my system, can you (iN theory), dump it again and rebuld the import table to give you the correct calls?

While searching for references while working on this I was able to compile a lot of tuts on using Softice and a few on revirgin for ASPR. So I think I'll give this another try using those tools now knowing that I can actually do it. I really appreciate the help. Thank you JMI