Exetools
Page 1 of 6 1 23 Last »
Show 40 post(s) from this thread on one page

Exetools (https://forum.exetools.com/index.php)
-   Community Tools (https://forum.exetools.com/forumdisplay.php?f=47)
-   -   Scylla x64/x86 Imports Reconstruction (https://forum.exetools.com/showthread.php?t=13792)

Killboy 10-04-2011 04:33
Scylla x64/x86 Imports Reconstruction
 
2 Attachment(s)
Quote:
ImpREC, CHimpREC, Imports Fixer... this are all great tools to rebuild an import table, but they all have some major disadvantages, so I decided to create my own tool for this job.

Scylla's key benefits are:

- x64 and x86 support
- full unicode support (probably some russian or chinese will like this :-) )
- written in C/C++
- plugin support
- works great with Windows 7

And the best, Scylla is open source under the GNU GPL v3.
Basically, it's ImpRec on speed :) If you miss a feature or want to report a bug, head on over to the support forum on Tuts4You.

Links:
Official support forum
Download page
Source code download

I attached the current version (0.4) here:

orfei 10-05-2011 15:45
Works great Windows 7 x64.
Thanks for info.

copyleft 10-08-2011 11:30
Two main features "Save Tree" & "Load Tree" are disabled in both X86 & x64.
very difficult to use without Saving/Loading capability .

giv 10-08-2011 14:43
I tryed this software. It's a good one. But is not as good as Imprec 1.7
As i said before on other forums. It needs some improvements.
Example:
I found OEP on a target protected by PECompact 2.xx
Dumped and tried to reconstruct IAT.
With ImpREc completed the OEP -> get imports all valid. The dump is fixed alright.
With this not all impots are valid and so on....

Killboy 10-09-2011 04:51
Well, if you have any bug reports or suggestions you can post them at Tuts4You. I'm sure the author can't browse every single RE forum looking for posts with bugs.

Unlike ImpRec this tool is in active development and open source at that, so chances are these bugs will get fixed. You just have to clearly state what's wrong, what you expect instead and a test sample that can be used for bug hunting.

Killboy 10-20-2011 07:53
2 Attachment(s)
Version 0.5:

Quote:
- added save/load import tree feature
- multi-select in tree view
- fixed black icons problem in tree view
- added keyboard shortcuts
- dll dump + dll dump fix now working
- added support for scattered IATs
- pre select target path in open file dialogs
- improved import resolving engine with api scoring
- api selection
- minor bug fixes and improvements

cracker[PYG] 10-20-2011 17:50
Works great my Windows 7 x86.
Thanks you very much

JeRRy 03-17-2012 01:33
Scylla 0.6 Beta
 
Scylla 0.6 Beta
Quote:
Here is a new beta version of Scylla. Please test it.

Changelog:
- Dump memory feature
- Bugfixes
- Many core and source code improvements
Download
http://www.mediafire.com/?yy43wzb2if2ar7i

JeRRy 03-17-2012 06:22
1 Attachment(s)
Scylla 0.6 Beta 2

Quote:
-Fixed "Cannot dump image" bug.
-Added a "force dump" switch.

deepzero 03-18-2012 23:01
careful, this beta is apparently broken:


Quote:
Ah damn, the api resolving function is totally broken. The "source code improvements" created a problem somehow. Don't know yet. The 0.6 beta versions should not be used to rebuild an IAT...

giv 03-19-2012 14:32
Yes indeed..
I tryed to restore some IAT but the proggy has found nothing.
ImpRec works fine instead.
I will wait for further bug repairs....

deepzero 03-19-2012 15:38
Scylla_v0.6_Beta_3
 
1 Attachment(s)
Quote:
Thanks NikolayD and LCF-AT for the bug report.

Here you have a fixed version. This version should work fine again. Sorry for the broken app Posted Image

I am just working on a pe section dump function. This will be awesome. You can easily defeat protectors with the "big virtual size" anti dump protection (like asprotect). Big virtual sizes will be highlighted and you can correct the virtual size, so you can dump a small exe without any problems :crazy:
Big thanks to Aguila for his great work. :)

asterix 03-31-2012 16:48
Thanks for the source code

nikre 04-05-2012 09:24
where the source code?

metr0 04-06-2012 07:36
See first post, thanks.


All times are GMT +8. The time now is 14:28.
Page 1 of 6 1 23 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX