How to repair IAT Tables

No replies
Joined: 2009/09/10

Let me start by saying i'm new to the whole reverse engineering thing and apologise for my possible ignorance, incompetance and inexperience, Right....that out the way now i hope i can find some guidance.

What i'm trying to do is (using SX's MRI 5.1.1) add extra programs to the "Agent Toolbox" popup of the MRI program.

The tools/program i have to help me with this are:

OllyDBG (As i understand it, that it what SX have used)
QUnpack (As i saw in mentioned in the thread about how to customise MRI)
Resource Hacker (for the same reason as above)
WinMount (to mount the .wim file)
EasyBoot (to modify the boot menu)

I've used QUnPack to unpack the .exe, find the OEP key and save the resource table.

I've used Resource Hacker to look around the decompiled .exe to see what is saved where (text,images etc)

I've tried to used OllyDBG to unpack the .exe (before i found QUnpacker) but i was lost when all the various windows got populated with the decompiled (i assume) data [i used File>Open] and ran into the following error: "Quick Statical Analysis of 'MRI' reports that it's code is eiter compressed, encrypted or contains a large amount of embedded data. Results of code analysis may be very unreliable or simply wrong. Do you want to continue analysis?"

Once i edit the values of the unpacked .exe (unpacked with QUPacker) and save it the (then saved) .exe becomes unreadable. This is a problem i read in te ow to edit MRI thread and the conclusion was it was down to the IAT table.

My Question is how do i go about repairing this or where do i go to learn about how to fix an/the IAT table and do i need other tools to do this? I have googled and found an IAT repair script for OllyDBG but have no idea where to put it/how to use it.

Any guidance would be gratefully received.