The original IAT is completely destroyed during packing. Enigma replaces valid API pointers with internal redirections pointing straight into its own polymorphic stub or dynamically generated virtual machine code blocks.

Once execution rests at the OEP, the decrypted application code resides entirely inside the RAM. You must write this clean memory space back into a physical file.

Once the debugger breaks at these functions repeatedly, monitor the call stack. Look for the moment the execution flow transitions away from the Enigma section (often named .enigma1 or similar custom sections) and jumps into the primary .text or .code section of the binary.

Enigma often destroys or emulates the IAT. You will need to use tools like

x64dbg (for 64-bit binaries) or x32dbg (for 32-bit binaries).

Import Reconstruction tools like ImportREC or Scylla's built-in IAT engine.