#76
|
|||
|
|||
Very good release )
Could you please collapse all nodes after chunks merge at the end? Also, if possible add option to set image header flag "relocations stripped" on Dump. May be also option to automatically save tree on Dump as ModuleName-Tree.xml Last edited by Syoma; 03-24-2014 at 20:50. Reason: extra options |
#77
|
|||
|
|||
#78
|
|||
|
|||
Quote:
|
#79
|
|||
|
|||
Yes, I am sure it is mistake. The missed import entries are data-related, not functions. Like __declspec(dllexport) int i; and the same for structures instances.
Also, the same problem with msvcr90.dll import 150 __CppXcptFilter dd ? 154 _adjust_fdiv dd ? // <<----- this one was missed in chunk 158 _amsg_exit dd ? I do not use Olly. So, not sure what you asking for. |
#80
|
|||
|
|||
Thanks, I forgot that data exports exist... this should fix it.
|
The Following 7 Users Gave Reputation+1 to Carbon For This Useful Post: | ||
alekine322 (04-15-2014), chessgod101 (04-21-2014), Computer_Angel (03-25-2014), Dreamer (03-25-2014), giv (03-25-2014), Kla$ (03-25-2014), zeuscane (03-25-2014) |
#81
|
|||
|
|||
Bug report:
Consequent chunks merged to single branch (check attached image) Feature request: Often, especially in Delphi, you can see multiple kernel32.dll chunks with the same functions (which may be stolen). Could you please add extra loop to check all entries with the same address and fix them at once? For example: suppose GetProcAddress stolen and we have 3 chunks where function redirected to stub 00112233. Select 00112233 entry in Scylla, resolve function manually - get it resolved in all 3 chunks. Initialize function select dialog with default module name value. For example: we process kernel32.dll chunk. DLL module name with very high probability would be the same as any chunk entry above current. For the first entry some heuristic possible by module names frequency calculation for all entries in the chunk. Add option 'Save tree on exit' or Exit confirmation dialog. It is quite terrible to find Scylla window closed by extra ESC when over 50 entries already processed. |
#82
|
|||
|
|||
Bug report:
--------------------------- Exception! Please report it! --------------------------- ExceptionCode C0000005 ExceptionFlags 00000000 NumberParameters 00000002 ExceptionAddress VA 77437419 ExceptionAddress RVA 77037419 eax=0x0012EE14, ebx=0x00000000, edx=0x00670601, ecx=0x7E429340, esi=0x0012EE14, edi=0x001AF5A8, ebp=0x0012EDF0, esp=0x0012EDB0, eip=0x77437419 --------------------------- OK --------------------------- Got it on last chunk entry after manual GetProcAddress fix and press OK. WinXP/x86 SP3, Scylla 0.9.6a |
#83
|
|||
|
|||
Feature request:
Add Re-scan names button. Check attached image. Add Export Tree for ImpRec. |
The Following User Gave Reputation+1 to Syoma For This Useful Post: | ||
Git (04-13-2014) |
#84
|
|||
|
|||
Sorry for the late reply. I was busy with the ScyllaHide project.
How do you produce the view in NamesBug.png? Do you think this are valid api addresses? Quote:
C#.NET, can convert scylla xml to imprec (crap) txt. https://bitbucket.org/NtQuery/scyllatoimprectree https://bitbucket.org/NtQuery/scyllatoimprectree/downloads/ScyllaToImprecTree.rar
__________________
My blog: https://ntquery.wordpress.com |
#85
|
|||
|
|||
Hi, it was some time ago. So, I forgot how I did that. But I think it was done in usual way using some protected application. Yes, that are valid API addresses. I think they are always the same for WinXP SP3/x86. So, you can check by yourself.
Most probable next few days I will do new version of that app and provide more details. Do you have any information on other reports? |
#86
|
||||
|
||||
Scylla Imports Reconstruction 0.9.7b
Quote:
................................
__________________
� ﬗ ~}|zyx☀« Not Enought to Scare me -- I am Whitebeard »☀~}|zyxﬗ Last edited by Utshiha; 10-01-2014 at 19:48. |
#87
|
||||
|
||||
Fixed Scylla 0.9.7b
i have made aquick patch till Aguila it self will fix the issues i mentioned:
1.Freeze bug under exe32protector 2.Crash bug under PEP protector (more details in PM since im dont sure im can post other forum link) |
The Following 5 Users Gave Reputation+1 to DMichael For This Useful Post: | ||
#88
|
||||
|
||||
Scylla 0.9.7c
__________________
�����ԧ�ѧާާߧ�� ��ҧ֧��֧�֧ߧڧ� �ӧ�����ܧ� �� Windows Crack ���ҧ��֧ߧڧ� ���ѧ�-Dabei Guanyin ����է�ڧ�ѧ��ӧ� ���ѧ� �ҧ֧� �ާڧ�ѧҧ��
|
#89
|
|||
|
|||
Version 0.9.8
- Bugfixes for x64, IAT Search - diStorm3 update from Jan 3rd 2015
__________________
My blog: https://ntquery.wordpress.com |
The Following 8 Users Gave Reputation+1 to Carbon For This Useful Post: | ||
ahmadmansoor (05-04-2015), chessgod101 (05-09-2015), cjack (05-04-2015), Computer_Angel (05-04-2015), copyleft (05-04-2015), EHS4N (05-08-2015), Storm Shadow (05-05-2015), ZeNiX (05-04-2015) |
The Following 14 Users Say Thank You to Carbon For This Useful Post: | ||
ahmadmansoor (05-04-2015), chessgod101 (05-09-2015), EHS4N (05-08-2015), kienmanowar (05-03-2015), LordGarfio (01-06-2020), niculaita (05-05-2015), nikkapedd (05-03-2015), rooky2000 (05-04-2015), sendersu (05-06-2015), TechLord (06-18-2015), tonyweb (02-04-2018), Utshiha (05-04-2015) |
#90
|
|||
|
|||
Version 0.11.0
- Update `ScyllaIatFixAutoW` and `ScyllaIatSearch` to allow dumping DLLs - `pyscylla.dump_pe` and `pyscylla.rebuild_pe` now return None and throw exceptions on failure - Generate Python bindings for Python 3.8+ (i.e., drop Python 3.7 support) Version 0.10.0 - Update default configuration - Add support for Windows 8.1 and Windows 10 - Switch build system to CMake - Add bindings for Python 3 - Add a new `createNewIat` parameter to `ScyllaIatFixAutoW` - Fix bad handling of instructions with a REX prefix in `IATReferenceScan:atchNewIat` - Handle multiple imports that have the same address in `ApiReader::getApiByVirtualAddress` - Add a Sphinx-generated documentation - Update distorm to version 3.5.2 - Update WTL to version 10 https://github.com/ergrelet/Scylla https://github.com/ergrelet/Scylla/releases |
The Following 8 Users Say Thank You to dnvthv For This Useful Post: | ||
besoeso (06-03-2022), darkBLACK (06-06-2022), niculaita (06-03-2022), Stingered (06-03-2022), val2032 (06-03-2022), WildGoblin (06-07-2022), wilson bibe (06-03-2022), WRP (06-03-2022) |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Scylla IAT finder and Dumper | Storm Shadow | Source Code | 6 | 05-05-2015 02:22 |
More Armadillo - import reconstruction | FEARHQ | General Discussion | 8 | 09-19-2005 16:46 |