Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-21-2013, 16:42
Conquest Conquest is offline
Friend
 
Join Date: Jan 2013
Location: 0x484F4D45
Posts: 125
Rept. Given: 46
Rept. Rcvd 29 Times in 17 Posts
Thanks Given: 31
Thanks Rcvd at 60 Times in 29 Posts
Conquest Reputation: 29
Smile ARImpRec-What is this?

So let me start with some details about the situation
I am kind of newbie in reversing scene, and not aware of some of the tools great teams like ARteam etc made for the community. I recently saw this ARImpRec.dll file in LCF-AT's vmp script which made me realize that it can be used for dumping+ import fixing very efficiently even from inside of the executable(or else my assumption is wrong. correct me if it is)
So how do i use it to achieve the desired functions(dumping+fixing)?
Reply With Quote
  #2  
Old 02-21-2013, 17:23
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Germany
Posts: 300
Rept. Given: 111
Rept. Rcvd 64 Times in 42 Posts
Thanks Given: 178
Thanks Rcvd at 215 Times in 92 Posts
deepzero Reputation: 64
Unless you have explicit need for a dll (because you want ot use it from within a script or program) you are probably best off with a graphical ImportReconstructor tool.

A classic is "ImpRec" by MackT, but it only works on x86 and has since been superseded by more modern tools such as "scylla" which supports both x86 and x64 and even is opensource.

http://forum.tuts4you.com/forum/132-scylla-imports-reconstruction/
Reply With Quote
  #3  
Old 02-21-2013, 17:49
Conquest Conquest is offline
Friend
 
Join Date: Jan 2013
Location: 0x484F4D45
Posts: 125
Rept. Given: 46
Rept. Rcvd 29 Times in 17 Posts
Thanks Given: 31
Thanks Rcvd at 60 Times in 29 Posts
Conquest Reputation: 29
Quote:
Originally Posted by deepzero View Post
Unless you have explicit need for a dll (because you want ot use it from within a script or program) you are probably best off with a graphical ImportReconstructor tool.

A classic is "ImpRec" by MackT, but it only works on x86 and has since been superseded by more modern tools such as "scylla" which supports both x86 and x64 and even is opensource.

http://forum.tuts4you.com/forum/132-scylla-imports-reconstruction/
Thanks for replying deepzero, i really appreciate it I am well aware of gui based imp re-constructors. I am specially interested in this particular tool is because of its ability to inject itself inside the process.
For instance sometime applications(game applications exactly) employ security measures to prevent lurking inside the pe and hinders the process of dumping(mean ways i know). It takes a lot of work to actually dig into the client and disable every security measures just for dumping the application. most of the time ,I am not really interested in a working client, rather just a dump to analyze the functions and the difference occurs between a dumped and packed executable(to fix exceptions).
I would also like mention about the disasm.dll . is it same as the arimprec(as far as i know its for disassembly, but can it produce dump files with imp reconstructed).
Thank you for reading this long with patience
Reply With Quote
  #4  
Old 02-21-2013, 17:50
Nacho_dj's Avatar
Nacho_dj Nacho_dj is offline
Lo*eXeTools*rd
 
Join Date: Mar 2005
Posts: 207
Rept. Given: 14
Rept. Rcvd 179 Times in 34 Posts
Thanks Given: 44
Thanks Rcvd at 134 Times in 40 Posts
Nacho_dj Reputation: 100-199 Nacho_dj Reputation: 100-199
ARImpRec.dll is a tool for rebuilding imports for x32 files, it has not been officially released at ARTeam board yet.

It was first developed for Armageddon tool, but it can be used for any rebuilding of imports you need.

This tool can rebuild imports when you are at the OEP, you just need to dump to a file and provide the tool that OEP and it will search the entire file for imports and creates a copy of your dumped file with all imports being fixed, ready to run. It doesn't matter if imports are scattered, that is with invalid handles between them, the tool rearranges them and creates a new clean import table and IAT.

It should have been released, I know, maybe soon...

Best regards

Nacho_dj
__________________
http://arteam.accessroot.com
Reply With Quote
The Following 3 Users Gave Reputation+1 to Nacho_dj For This Useful Post:
bolo2002 (02-23-2013), chessgod101 (02-22-2013), Conquest (02-21-2013)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 21:34.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )