Exetools  

Go Back   Exetools > General > Source Code

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 10-06-2014, 02:54
Storm Shadow's Avatar
Storm Shadow Storm Shadow is offline
Family
 
Join Date: Jun 2014
Posts: 281
Rept. Given: 186
Rept. Rcvd 191 Times in 78 Posts
Thanks Given: 138
Thanks Rcvd at 245 Times in 97 Posts
Storm Shadow Reputation: 100-199 Storm Shadow Reputation: 100-199
Lightbulb Scylla IAT finder and Dumper

Imade this small plugin to load the scylla.dll in idapro.

Maybe if we are lucky they can add it via the official ScullaHide plugin for ida pro.

All repects to the authers of the plugin.

https://github.com/techbliss/SCyllaDumper
have the scylla.dll in the PATH some where.
run from plugin in ida and find under debugger

picture
http://i.imgur.com/KrcUFNR.png


Regards
__________________
The devil whispered in my ear, "you're not strong enough to withstand the storm."

Today I whispered in the devils ear, "I am the storm."
Reply With Quote
The Following 3 Users Gave Reputation+1 to Storm Shadow For This Useful Post:
emo (10-06-2014), Utshiha (10-06-2014)
  #2  
Old 10-06-2014, 15:17
Carbon Carbon is offline
VIP
 
Join Date: Sep 2013
Posts: 113
Rept. Given: 7
Rept. Rcvd 189 Times in 48 Posts
Thanks Given: 0
Thanks Rcvd at 59 Times in 18 Posts
Carbon Reputation: 100-199 Carbon Reputation: 100-199
Your plugin leads to stack corruption. Just start the scylla.exe, not DLL. Anyway, I think this is useless.
__________________
My blog: https://ntquery.wordpress.com
Reply With Quote
  #3  
Old 10-06-2014, 15:25
Storm Shadow's Avatar
Storm Shadow Storm Shadow is offline
Family
 
Join Date: Jun 2014
Posts: 281
Rept. Given: 186
Rept. Rcvd 191 Times in 78 Posts
Thanks Given: 138
Thanks Rcvd at 245 Times in 97 Posts
Storm Shadow Reputation: 100-199 Storm Shadow Reputation: 100-199
the plugin loads the sculla.dll from the entrypoint.

So only the one version can be used. https://anonfiles.com/file/02b4422b0b8ce5aff92243156d2cacf9
I havent found a exe of the plugin.But i would like a link, would be easyer.
__________________
The devil whispered in my ear, "you're not strong enough to withstand the storm."

Today I whispered in the devils ear, "I am the storm."
Reply With Quote
  #4  
Old 10-06-2014, 16:30
Carbon Carbon is offline
VIP
 
Join Date: Sep 2013
Posts: 113
Rept. Given: 7
Rept. Rcvd 189 Times in 48 Posts
Thanks Given: 0
Thanks Rcvd at 59 Times in 18 Posts
Carbon Reputation: 100-199 Carbon Reputation: 100-199
are you serious? You dont know that a main executable of scylla exists?

https://forum.exetools.com/showpost.php?p=90520&postcount=80

https://stackoverflow.com/questions/3207365/how-to-use-rundll32-to-execute-dll-function
__________________
My blog: https://ntquery.wordpress.com
Reply With Quote
The Following User Gave Reputation+1 to Carbon For This Useful Post:
Storm Shadow (10-06-2014)
  #5  
Old 10-06-2014, 16:41
Storm Shadow's Avatar
Storm Shadow Storm Shadow is offline
Family
 
Join Date: Jun 2014
Posts: 281
Rept. Given: 186
Rept. Rcvd 191 Times in 78 Posts
Thanks Given: 138
Thanks Rcvd at 245 Times in 97 Posts
Storm Shadow Reputation: 100-199 Storm Shadow Reputation: 100-199
I actuelly just recently switched from PowerPC to PE files.Thats why i dont know many off the tools used.
I like to have the software all in one place, i dont wanna open multible programs each time.
And i use scylla really much when examing packed files.So its just for my own lazyness
__________________
The devil whispered in my ear, "you're not strong enough to withstand the storm."

Today I whispered in the devils ear, "I am the storm."

Last edited by Storm Shadow; 10-06-2014 at 16:48.
Reply With Quote
  #6  
Old 10-06-2014, 23:53
Storm Shadow's Avatar
Storm Shadow Storm Shadow is offline
Family
 
Join Date: Jun 2014
Posts: 281
Rept. Given: 186
Rept. Rcvd 191 Times in 78 Posts
Thanks Given: 138
Thanks Rcvd at 245 Times in 97 Posts
Storm Shadow Reputation: 100-199 Storm Shadow Reputation: 100-199
Okay since i was the only one the board that didnt know there was a executible Scylla also
i updated the plugin to use exactly that version.

Also i added support for both version so x86 loads scylla x86, and x64 loads the x64 one.

Extract the https://forum.exetools.com/showpost.php?p=90520&postcount=80
into the ida root dir.
put sculla.py in plugin dir and load via plugin menu and find it after under debugg menu.

Also important that you have environment setting called IDADIR = path /to /dir
Always have this with ida anyway.


updated git.

https://github.com/techbliss/SCyllaDumper
again thx to the authers of the tool.
This is simple plugin to load the real plugin.
Regards.
__________________
The devil whispered in my ear, "you're not strong enough to withstand the storm."

Today I whispered in the devils ear, "I am the storm."

Last edited by Storm Shadow; 10-07-2014 at 00:08.
Reply With Quote
The Following User Gave Reputation+1 to Storm Shadow For This Useful Post:
  #7  
Old 05-05-2015, 02:22
Storm Shadow's Avatar
Storm Shadow Storm Shadow is offline
Family
 
Join Date: Jun 2014
Posts: 281
Rept. Given: 186
Rept. Rcvd 191 Times in 78 Posts
Thanks Given: 138
Thanks Rcvd at 245 Times in 97 Posts
Storm Shadow Reputation: 100-199 Storm Shadow Reputation: 100-199
1.3

Code:
Just a small tool to load the real tool.

Version 1.3

Changelog:
bugfix > path
Scylla got its own dir.
ida x64 loads scylla x64
ida x86 loads scylla x86


first remove all old repos from ida.
Extract content to ida folder, so idascylla.py is in the plugins folder.

Get latest version of scylla and put in plugins\scylla folder.

Run from Edit >> Plugins.
then find it under View menu

Why
I am really lazy.




again thx to the authers of the tool.(Carbon, Aguila)
https://github.com/NtQuery/Scylla
Regards.
latest
1.3
https://github.com/techbliss/SCyllaDumper

Latest version of scylla
http://forum.exetools.com/showpost.p...3&postcount=89
__________________
The devil whispered in my ear, "you're not strong enough to withstand the storm."

Today I whispered in the devils ear, "I am the storm."

Last edited by Storm Shadow; 05-05-2015 at 02:29.
Reply With Quote
The Following 2 Users Gave Reputation+1 to Storm Shadow For This Useful Post:
b30wulf (06-01-2015), mr.exodia (05-05-2015)
The Following User Says Thank You to Storm Shadow For This Useful Post:
Utshiha (05-05-2015)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Scylla x64/x86 Imports Reconstruction Killboy Community Tools 89 06-03-2022 08:49


All times are GMT +8. The time now is 09:36.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )