Quote:
Originally Posted by deepzero
Unless you have explicit need for a dll (because you want ot use it from within a script or program) you are probably best off with a graphical ImportReconstructor tool.
A classic is "ImpRec" by MackT, but it only works on x86 and has since been superseded by more modern tools such as "scylla" which supports both x86 and x64 and even is opensource.
http://forum.tuts4you.com/forum/132-scylla-imports-reconstruction/
|
Thanks for replying deepzero, i really appreciate it I am well aware of gui based imp re-constructors. I am specially interested in this particular tool is because of its ability to inject itself inside the process.
For instance sometime applications(game applications exactly) employ security measures to prevent lurking inside the pe and hinders the process of dumping(mean ways i know). It takes a lot of work to actually dig into the client and disable every security measures just for dumping the application. most of the time ,I am not really interested in a working client, rather just a dump to analyze the functions and the difference occurs between a dumped and packed executable(to fix exceptions).
I would also like mention about the disasm.dll . is it same as the arimprec(as far as i know its for disassembly, but can it produce dump files with imp reconstructed).
Thank you for reading this long with patience