#1
|
||||
|
||||
Scylla IAT finder and Dumper
Imade this small plugin to load the scylla.dll in idapro.
Maybe if we are lucky they can add it via the official ScullaHide plugin for ida pro. All repects to the authers of the plugin. https://github.com/techbliss/SCyllaDumper have the scylla.dll in the PATH some where. run from plugin in ida and find under debugger picture http://i.imgur.com/KrcUFNR.png Regards
__________________
The devil whispered in my ear, "you're not strong enough to withstand the storm." Today I whispered in the devils ear, "I am the storm." |
#2
|
|||
|
|||
Your plugin leads to stack corruption. Just start the scylla.exe, not DLL. Anyway, I think this is useless.
__________________
My blog: https://ntquery.wordpress.com |
#3
|
||||
|
||||
the plugin loads the sculla.dll from the entrypoint.
So only the one version can be used. https://anonfiles.com/file/02b4422b0b8ce5aff92243156d2cacf9 I havent found a exe of the plugin.But i would like a link, would be easyer.
__________________
The devil whispered in my ear, "you're not strong enough to withstand the storm." Today I whispered in the devils ear, "I am the storm." |
#4
|
|||
|
|||
are you serious? You dont know that a main executable of scylla exists?
https://forum.exetools.com/showpost.php?p=90520&postcount=80 https://stackoverflow.com/questions/3207365/how-to-use-rundll32-to-execute-dll-function
__________________
My blog: https://ntquery.wordpress.com |
The Following User Gave Reputation+1 to Carbon For This Useful Post: | ||
Storm Shadow (10-06-2014) |
#5
|
||||
|
||||
I actuelly just recently switched from PowerPC to PE files.Thats why i dont know many off the tools used.
I like to have the software all in one place, i dont wanna open multible programs each time. And i use scylla really much when examing packed files.So its just for my own lazyness
__________________
The devil whispered in my ear, "you're not strong enough to withstand the storm." Today I whispered in the devils ear, "I am the storm." Last edited by Storm Shadow; 10-06-2014 at 16:48. |
#6
|
||||
|
||||
Okay since i was the only one the board that didnt know there was a executible Scylla also
i updated the plugin to use exactly that version. Also i added support for both version so x86 loads scylla x86, and x64 loads the x64 one. Extract the https://forum.exetools.com/showpost.php?p=90520&postcount=80 into the ida root dir. put sculla.py in plugin dir and load via plugin menu and find it after under debugg menu. Also important that you have environment setting called IDADIR = path /to /dir Always have this with ida anyway. updated git. https://github.com/techbliss/SCyllaDumper again thx to the authers of the tool. This is simple plugin to load the real plugin. Regards.
__________________
The devil whispered in my ear, "you're not strong enough to withstand the storm." Today I whispered in the devils ear, "I am the storm." Last edited by Storm Shadow; 10-07-2014 at 00:08. |
The Following User Gave Reputation+1 to Storm Shadow For This Useful Post: | ||
#7
|
||||
|
||||
1.3
Code:
Just a small tool to load the real tool. Version 1.3 Changelog: bugfix > path Scylla got its own dir. ida x64 loads scylla x64 ida x86 loads scylla x86 first remove all old repos from ida. Extract content to ida folder, so idascylla.py is in the plugins folder. Get latest version of scylla and put in plugins\scylla folder. Run from Edit >> Plugins. then find it under View menu Why I am really lazy. again thx to the authers of the tool.(Carbon, Aguila) https://github.com/NtQuery/Scylla Regards. 1.3 https://github.com/techbliss/SCyllaDumper Latest version of scylla http://forum.exetools.com/showpost.p...3&postcount=89
__________________
The devil whispered in my ear, "you're not strong enough to withstand the storm." Today I whispered in the devils ear, "I am the storm." Last edited by Storm Shadow; 05-05-2015 at 02:29. |
The Following User Says Thank You to Storm Shadow For This Useful Post: | ||
Utshiha (05-05-2015) |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Scylla x64/x86 Imports Reconstruction | Killboy | Community Tools | 90 | 10-28-2024 03:42 |