deepzero, you can get them in t4u download area

Sorry, I don't want to include the distorm project. Just download the latest distorm from the official website and extract it in this folder.
I updated the project files: https://github.com/NtQuery/Scylla/commit/133a8fac409940012ee97d46d4955203bf4421bb

It should work with Visual Studio 2010. I compile it with platform toolset v90 to get WIN XP SP0/1 support. If you compile it with v10, you can execute it only on XP SP2+

@Newbie_Cracker
OK thx, I added it. See attachment.

ahmadmansoor had a nice idea for a new IAT search algorithm. It seems that it is very accurate after some tweaks, but takes a little bit longer depending on your computer.

Use the option "advanced iat search" and test it.

If you like to support this project, BTC Address: 1GmVrhWwUhwLohaCLP4SKV5kkz8rd16N8h

new options added

I really recommend to update due to the bug fixes.

Direct import scanner fix methods:
- Normal: Patch memory with jmp/call only
- Universal: Works with everything, creates a jump table in the scylla section, watch for relocation information in the log file

I also found some weird thing in Windows 7 x64. I don't know yet why this happens:

The 0.9.4 betra behaved strange on my latest attempts.
On simple unpackmes the resulted dump was invalid....
I home that 0.9.4 final does not have that behaviour.

I was watch ur update ,My friend Universal import scanner fix is a Good Idea .
but it is limited with some Protector ,in other it is Difficult to handle it .
Let take the Themida/Winlicense : through the unpacked rutine ,it pass through IAT Table rebuild which write the API to the file .here it decide to write the
so this nop it Defined through this rutine ,and I think it is random .
so guessing which NOP is the right to replce for Fix This import will fault by 70%

pls check this Image :
http://postimg.org/image/6fzu4kr8v/
and u will see what I was talking about .I have write a lot of tut on rebuild IAT for Themedi I can send it to u and through this tut u will see when and where the nop is written .
and so on for other Protector ,which each one his privacy .

can u give example (code or File ) ?

Thanks for ur great work ,pls keep up.

@giv
feel free to report bugs.

@ahmadmansoor
Try the "universal" direct import fixer (enable in options). It will work with Themida and any other protector.

I don't think I can give an example. It is still weird. It has probably something to do with this https://forum.tuts4you.com/topic/34548-scylla-version-announcements/#entry159332

my friend the example which I gave u in the Picture was universal enable in options :D I will upload the files when back to home .

I will check this

Now I see there is a bug. You must disable the "normal" fixer otherwise the "universal" will not work. And it is fixed only in the dumped and fixed file. Not in memory.

Lol .... my friend I have disable the "normal" fixer too.
I have use the default option when run Scylla first time .
check picture
http://postimg.org/image/umncnodiv/

yes that are the correct settings. Now dump and fix and the direct imports will be resolved.

I think I miss something ,so u keep the same size of (jmp or Call) and not make any changes
Ok let me do more checks .

I change the jmp destination to a jmp table.

1.Scylla should have option to use PE Header of module on disk just like imprec .
right now, scylla read the pe header from memory and in some case the export directory is destroy make scylla crash.
You could try some target using cryengine sdk such as Warface to get this case/.

2. About apphelp.dll, we could resolve it using plugin to handle it.