#1
|
|||
|
|||
ARImpRec-What is this?
So let me start with some details about the situation
I am kind of newbie in reversing scene, and not aware of some of the tools great teams like ARteam etc made for the community. I recently saw this ARImpRec.dll file in LCF-AT's vmp script which made me realize that it can be used for dumping+ import fixing very efficiently even from inside of the executable(or else my assumption is wrong. correct me if it is) So how do i use it to achieve the desired functions(dumping+fixing)? |
#2
|
||||
|
||||
Unless you have explicit need for a dll (because you want ot use it from within a script or program) you are probably best off with a graphical ImportReconstructor tool.
A classic is "ImpRec" by MackT, but it only works on x86 and has since been superseded by more modern tools such as "scylla" which supports both x86 and x64 and even is opensource. http://forum.tuts4you.com/forum/132-scylla-imports-reconstruction/ |
#3
|
|||
|
|||
Quote:
For instance sometime applications(game applications exactly) employ security measures to prevent lurking inside the pe and hinders the process of dumping(mean ways i know). It takes a lot of work to actually dig into the client and disable every security measures just for dumping the application. most of the time ,I am not really interested in a working client, rather just a dump to analyze the functions and the difference occurs between a dumped and packed executable(to fix exceptions). I would also like mention about the disasm.dll . is it same as the arimprec(as far as i know its for disassembly, but can it produce dump files with imp reconstructed). Thank you for reading this long with patience |
#4
|
||||
|
||||
ARImpRec.dll is a tool for rebuilding imports for x32 files, it has not been officially released at ARTeam board yet.
It was first developed for Armageddon tool, but it can be used for any rebuilding of imports you need. This tool can rebuild imports when you are at the OEP, you just need to dump to a file and provide the tool that OEP and it will search the entire file for imports and creates a copy of your dumped file with all imports being fixed, ready to run. It doesn't matter if imports are scattered, that is with invalid handles between them, the tool rearranges them and creates a new clean import table and IAT. It should have been released, I know, maybe soon... Best regards Nacho_dj
__________________
http://arteam.accessroot.com |
The Following 3 Users Gave Reputation+1 to Nacho_dj For This Useful Post: | ||
Thread Tools | |
Display Modes | |
|
|