Exetools  

Go Back   Exetools > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 10-04-2011, 04:33
Killboy Killboy is offline
Friend
 
Join Date: Apr 2009
Posts: 9
Rept. Given: 2
Rept. Rcvd 22 Times in 4 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
Killboy Reputation: 22
Scylla x64/x86 Imports Reconstruction

Quote:
ImpREC, CHimpREC, Imports Fixer... this are all great tools to rebuild an import table, but they all have some major disadvantages, so I decided to create my own tool for this job.

Scylla's key benefits are:

- x64 and x86 support
- full unicode support (probably some russian or chinese will like this :-) )
- written in C/C++
- plugin support
- works great with Windows 7

And the best, Scylla is open source under the GNU GPL v3.
Basically, it's ImpRec on speed If you miss a feature or want to report a bug, head on over to the support forum on Tuts4You.

Links:
Official support forum
Download page
Source code download

I attached the current version (0.4) here:
Attached Files
File Type: rar Scylla_v0.4.rar (316.7 KB, 143 views)
File Type: rar Scylla_v0.4_SRC.rar (81.6 KB, 72 views)
Reply With Quote
The Following 13 Users Gave Reputation+1 to Killboy For This Useful Post:
apex (10-05-2011), chessgod101 (10-04-2011), copyleft (10-04-2011), cracker[PYG] (10-20-2011), danger_end (10-06-2011), giv (10-04-2011), henry_y (10-07-2011), N0P (10-06-2011), nulli (10-04-2011), quygia128 (10-09-2011), zementmischer (10-04-2011), |roe (10-07-2011)
  #2  
Old 10-05-2011, 15:45
orfei orfei is online now
Family
 
Join Date: Aug 2010
Posts: 138
Rept. Given: 33
Rept. Rcvd 77 Times in 48 Posts
Thanks Given: 15
Thanks Rcvd at 117 Times in 53 Posts
orfei Reputation: 77
Works great Windows 7 x64.
Thanks for info.
Reply With Quote
  #3  
Old 10-08-2011, 11:30
copyleft copyleft is offline
VIP
 
Join Date: Apr 2010
Posts: 172
Rept. Given: 180
Rept. Rcvd 43 Times in 39 Posts
Thanks Given: 142
Thanks Rcvd at 60 Times in 36 Posts
copyleft Reputation: 43
Two main features "Save Tree" & "Load Tree" are disabled in both X86 & x64.
very difficult to use without Saving/Loading capability .
Reply With Quote
  #4  
Old 10-08-2011, 14:43
giv's Avatar
giv giv is offline
VIP
 
Join Date: Jan 2011
Location: Romania
Posts: 1,657
Rept. Given: 801
Rept. Rcvd 1,283 Times in 561 Posts
Thanks Given: 226
Thanks Rcvd at 562 Times in 240 Posts
giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299
I tryed this software. It's a good one. But is not as good as Imprec 1.7
As i said before on other forums. It needs some improvements.
Example:
I found OEP on a target protected by PECompact 2.xx
Dumped and tried to reconstruct IAT.
With ImpREc completed the OEP -> get imports all valid. The dump is fixed alright.
With this not all impots are valid and so on....
Reply With Quote
  #5  
Old 10-09-2011, 04:51
Killboy Killboy is offline
Friend
 
Join Date: Apr 2009
Posts: 9
Rept. Given: 2
Rept. Rcvd 22 Times in 4 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
Killboy Reputation: 22
Well, if you have any bug reports or suggestions you can post them at Tuts4You. I'm sure the author can't browse every single RE forum looking for posts with bugs.

Unlike ImpRec this tool is in active development and open source at that, so chances are these bugs will get fixed. You just have to clearly state what's wrong, what you expect instead and a test sample that can be used for bug hunting.
Reply With Quote
  #6  
Old 10-20-2011, 07:53
Killboy Killboy is offline
Friend
 
Join Date: Apr 2009
Posts: 9
Rept. Given: 2
Rept. Rcvd 22 Times in 4 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
Killboy Reputation: 22
Version 0.5:

Quote:
- added save/load import tree feature
- multi-select in tree view
- fixed black icons problem in tree view
- added keyboard shortcuts
- dll dump + dll dump fix now working
- added support for scattered IATs
- pre select target path in open file dialogs
- improved import resolving engine with api scoring
- api selection
- minor bug fixes and improvements
Attached Files
File Type: rar Scylla_v0.5.rar (388.9 KB, 276 views)
File Type: rar Scylla_v0.5_SRC.rar (120.2 KB, 68 views)
Reply With Quote
The Following 3 Users Gave Reputation+1 to Killboy For This Useful Post:
chessgod101 (10-20-2011), cracker[PYG] (10-20-2011), henry_y (10-20-2011)
  #7  
Old 10-20-2011, 17:50
cracker[PYG] cracker[PYG] is offline
Friend
 
Join Date: Aug 2005
Posts: 74
Rept. Given: 18
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 11
Thanks Rcvd at 7 Times in 5 Posts
cracker[PYG] Reputation: 1
Works great my Windows 7 x86.
Thanks you very much
Reply With Quote
  #8  
Old 03-17-2012, 01:33
JeRRy's Avatar
JeRRy JeRRy is offline
VIP
 
Join Date: Oct 2010
Posts: 121
Rept. Given: 89
Rept. Rcvd 205 Times in 72 Posts
Thanks Given: 14
Thanks Rcvd at 26 Times in 12 Posts
JeRRy Reputation: 200-299 JeRRy Reputation: 200-299 JeRRy Reputation: 200-299
Scylla 0.6 Beta

Scylla 0.6 Beta
Quote:
Here is a new beta version of Scylla. Please test it.

Changelog:
- Dump memory feature
- Bugfixes
- Many core and source code improvements
Download
http://www.mediafire.com/?yy43wzb2if2ar7i
__________________
SnD
Reply With Quote
The Following 3 Users Gave Reputation+1 to JeRRy For This Useful Post:
chessgod101 (03-17-2012), giv (03-17-2012), memcpy (03-17-2012)
  #9  
Old 03-17-2012, 06:22
JeRRy's Avatar
JeRRy JeRRy is offline
VIP
 
Join Date: Oct 2010
Posts: 121
Rept. Given: 89
Rept. Rcvd 205 Times in 72 Posts
Thanks Given: 14
Thanks Rcvd at 26 Times in 12 Posts
JeRRy Reputation: 200-299 JeRRy Reputation: 200-299 JeRRy Reputation: 200-299
Scylla 0.6 Beta 2

Quote:
-Fixed "Cannot dump image" bug.
-Added a "force dump" switch.
Attached Files
File Type: rar Scylla_v0.6_Beta_2.rar (398.3 KB, 49 views)
__________________
SnD
Reply With Quote
The Following 5 Users Gave Reputation+1 to JeRRy For This Useful Post:
chessgod101 (03-17-2012), giv (03-18-2012), kjms (03-17-2012), oVERfLOW (03-17-2012)
  #10  
Old 03-18-2012, 23:01
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Germany
Posts: 300
Rept. Given: 111
Rept. Rcvd 64 Times in 42 Posts
Thanks Given: 178
Thanks Rcvd at 215 Times in 92 Posts
deepzero Reputation: 64
careful, this beta is apparently broken:


Quote:
Ah damn, the api resolving function is totally broken. The "source code improvements" created a problem somehow. Don't know yet. The 0.6 beta versions should not be used to rebuild an IAT...
Reply With Quote
  #11  
Old 03-19-2012, 14:32
giv's Avatar
giv giv is offline
VIP
 
Join Date: Jan 2011
Location: Romania
Posts: 1,657
Rept. Given: 801
Rept. Rcvd 1,283 Times in 561 Posts
Thanks Given: 226
Thanks Rcvd at 562 Times in 240 Posts
giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299
Yes indeed..
I tryed to restore some IAT but the proggy has found nothing.
ImpRec works fine instead.
I will wait for further bug repairs....
Reply With Quote
  #12  
Old 03-19-2012, 15:38
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Germany
Posts: 300
Rept. Given: 111
Rept. Rcvd 64 Times in 42 Posts
Thanks Given: 178
Thanks Rcvd at 215 Times in 92 Posts
deepzero Reputation: 64
Scylla_v0.6_Beta_3

Quote:
Thanks NikolayD and LCF-AT for the bug report.

Here you have a fixed version. This version should work fine again. Sorry for the broken app Posted Image

I am just working on a pe section dump function. This will be awesome. You can easily defeat protectors with the "big virtual size" anti dump protection (like asprotect). Big virtual sizes will be highlighted and you can correct the virtual size, so you can dump a small exe without any problems :crazy:
Big thanks to Aguila for his great work.
Attached Files
File Type: rar Scylla_v0.6_Beta_3.rar (401.7 KB, 87 views)
Reply With Quote
The Following 2 Users Gave Reputation+1 to deepzero For This Useful Post:
chessgod101 (03-20-2012), Ember (03-20-2012)
  #13  
Old 03-31-2012, 16:48
asterix asterix is offline
Friend
 
Join Date: Feb 2003
Posts: 98
Rept. Given: 1
Rept. Rcvd 4 Times in 1 Post
Thanks Given: 0
Thanks Rcvd at 4 Times in 4 Posts
asterix Reputation: 4
Thanks for the source code
Reply With Quote
  #14  
Old 04-05-2012, 09:24
nikre's Avatar
nikre nikre is offline
VIP
 
Join Date: Sep 2011
Posts: 180
Rept. Given: 177
Rept. Rcvd 100 Times in 35 Posts
Thanks Given: 1
Thanks Rcvd at 10 Times in 10 Posts
nikre Reputation: 100-199 nikre Reputation: 100-199
where the source code?
Reply With Quote
  #15  
Old 04-06-2012, 07:36
metr0 metr0 is offline
Friend
 
Join Date: Apr 2009
Posts: 65
Rept. Given: 19
Rept. Rcvd 11 Times in 5 Posts
Thanks Given: 2
Thanks Rcvd at 2 Times in 2 Posts
metr0 Reputation: 11
See first post, thanks.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Scylla IAT finder and Dumper Storm Shadow Source Code 6 05-05-2015 02:22
More Armadillo - import reconstruction FEARHQ General Discussion 8 09-19-2005 16:46


All times are GMT +8. The time now is 19:15.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )