Exetools  

Go Back   Exetools > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #31  
Old 10-22-2012, 02:30
tenketsu tenketsu is offline
Friend
 
Join Date: Sep 2005
Posts: 24
Rept. Given: 3
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 3
Thanks Rcvd at 1 Time in 1 Post
tenketsu Reputation: 0
Scylla Imports Reconstruction 0.6b tested on Win7 x64 and works nice, thanks!
Reply With Quote
  #32  
Old 12-01-2012, 04:23
nikre's Avatar
nikre nikre is offline
VIP
 
Join Date: Sep 2011
Posts: 180
Rept. Given: 177
Rept. Rcvd 100 Times in 35 Posts
Thanks Given: 1
Thanks Rcvd at 10 Times in 10 Posts
nikre Reputation: 100-199 nikre Reputation: 100-199
Scylla v0.8

Quote:
many changes
Attached Files
File Type: rar Scylla_v0.8.rar (627.4 KB, 131 views)
Reply With Quote
The Following 11 Users Gave Reputation+1 to nikre For This Useful Post:
alekine322 (12-03-2012), bolo2002 (12-04-2012), chessgod101 (12-02-2012), Computer_Angel (12-02-2012), dnvthv (12-01-2012), Dreamer (12-01-2012), giv (12-01-2012), quygia128 (12-03-2012), rooky2000 (12-01-2012), Trit0n (12-03-2012), winndy (12-01-2012)
The Following User Says Thank You to nikre For This Useful Post:
Fyyre (06-14-2022)
  #33  
Old 12-03-2012, 15:34
WilliamElts WilliamElts is offline
VIP
 
Join Date: Aug 2011
Posts: 120
Rept. Given: 57
Rept. Rcvd 152 Times in 71 Posts
Thanks Given: 21
Thanks Rcvd at 6 Times in 2 Posts
WilliamElts Reputation: 100-199 WilliamElts Reputation: 100-199
The source code is now available at:
Quote:
https://github.com/NtQuery/Scylla
Changelog for version 0.8:
Quote:
added OriginalFirstThunk support. Thanks to p0c
fixed malformed dos header bug
NtCreateThreadEx added infos from waliedassar, thanks!
Reply With Quote
The Following 4 Users Gave Reputation+1 to WilliamElts For This Useful Post:
chessgod101 (12-03-2012), estelle (12-13-2012), giv (12-04-2012), nikre (12-03-2012)
  #34  
Old 02-11-2013, 21:03
WilliamElts WilliamElts is offline
VIP
 
Join Date: Aug 2011
Posts: 120
Rept. Given: 57
Rept. Rcvd 152 Times in 71 Posts
Thanks Given: 21
Thanks Rcvd at 6 Times in 2 Posts
WilliamElts Reputation: 100-199 WilliamElts Reputation: 100-199
Version 0.9 has been released.
Homepage:
Quote:
https://github.com/NtQuery/Scylla
Changelog:
Quote:
updated to distorm v3.3
added application exception handler
fixed bug in dump engine
improved "suspend process" feature, messagebox on exit

Last edited by chessgod101; 02-12-2013 at 01:46. Reason: Added new version number.
Reply With Quote
The Following User Gave Reputation+1 to WilliamElts For This Useful Post:
chessgod101 (02-12-2013)
  #35  
Old 05-05-2013, 07:22
cybercoder cybercoder is offline
Friend
 
Join Date: Aug 2005
Posts: 114
Rept. Given: 2
Rept. Rcvd 11 Times in 8 Posts
Thanks Given: 22
Thanks Rcvd at 46 Times in 31 Posts
cybercoder Reputation: 11
This works very well for me, just sometimes it may put the wrong import in place. This a great project looking forward to some extra features.
Reply With Quote
  #36  
Old 09-01-2013, 00:06
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Coder
 
Join Date: Feb 2006
Location: Syria
Posts: 1,044
Rept. Given: 505
Rept. Rcvd 373 Times in 142 Posts
Thanks Given: 326
Thanks Rcvd at 406 Times in 119 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
Bug fix

this is a bug fix from Aguila

Quote:
I noticed some problems with virtual devices.
thanks to him
Attached Files
File Type: rar Scyllafix.rar (175.2 KB, 50 views)
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
The Following 6 Users Gave Reputation+1 to ahmadmansoor For This Useful Post:
besoeso (09-02-2013), chessgod101 (09-05-2013), giv (09-01-2013), MarcElBichon (09-01-2013), N0P (09-01-2013), sendersu (09-01-2013)
  #37  
Old 09-01-2013, 01:39
giv's Avatar
giv giv is offline
VIP
 
Join Date: Jan 2011
Location: Romania
Posts: 1,657
Rept. Given: 801
Rept. Rcvd 1,283 Times in 561 Posts
Thanks Given: 226
Thanks Rcvd at 562 Times in 240 Posts
giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299
At least some news from Aguila. And from Ahmad too. :-)
Reply With Quote
The Following User Gave Reputation+1 to giv For This Useful Post:
ahmadmansoor (09-01-2013)
  #38  
Old 09-03-2013, 01:45
Carbon Carbon is offline
VIP
 
Join Date: Sep 2013
Posts: 113
Rept. Given: 7
Rept. Rcvd 189 Times in 48 Posts
Thanks Given: 0
Thanks Rcvd at 59 Times in 18 Posts
Carbon Reputation: 100-199 Carbon Reputation: 100-199
Code:
Version 0.9.1

- Fixed virtual device bug
- Fixed 2 minor bugs

Last edited by Carbon; 03-20-2014 at 19:23.
Reply With Quote
The Following 8 Users Gave Reputation+1 to Carbon For This Useful Post:
ahmadmansoor (09-03-2013), chessgod101 (09-05-2013), giv (09-03-2013), nikkapedd (09-06-2013), softgate (09-03-2013), uel888 (09-03-2013), winndy (09-03-2013), zeuscane (09-03-2013)
  #39  
Old 09-03-2013, 19:52
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Coder
 
Join Date: Feb 2006
Location: Syria
Posts: 1,044
Rept. Given: 505
Rept. Rcvd 373 Times in 142 Posts
Thanks Given: 326
Thanks Rcvd at 406 Times in 119 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
is there are any way for the Src for the new version? .
Thanks for ur great work
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
  #40  
Old 09-03-2013, 20:11
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 1,066
Rept. Given: 332
Rept. Rcvd 223 Times in 115 Posts
Thanks Given: 234
Thanks Rcvd at 512 Times in 288 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
Scylla author, could I ask you to pay some attention to this old issue please?

if import in form
libA.FnA
unknown func
libA.FnC

most probable the "unknown" is also from libA.
It means:
1. You can guess DLL name for "Select function" dialog
2. No need to split chunks on first unknown entry

Thanks
Reply With Quote
  #41  
Old 09-03-2013, 21:24
Newbie_Cracker's Avatar
Newbie_Cracker Newbie_Cracker is offline
VIP
 
Join Date: Jan 2005
Posts: 227
Rept. Given: 72
Rept. Rcvd 26 Times in 12 Posts
Thanks Given: 49
Thanks Rcvd at 25 Times in 18 Posts
Newbie_Cracker Reputation: 26
Today I tried to unpack a DLL and use Scylla, but it did not read its OEP from file/memory.

It seems that Scylla does not read DLL OEP in case of DLL Unpacking.

Am I right?
__________________
In memory of UnREal RCE...
Reply With Quote
  #42  
Old 09-04-2013, 02:53
Carbon Carbon is offline
VIP
 
Join Date: Sep 2013
Posts: 113
Rept. Given: 7
Rept. Rcvd 189 Times in 48 Posts
Thanks Given: 0
Thanks Rcvd at 59 Times in 18 Posts
Carbon Reputation: 100-199 Carbon Reputation: 100-199
@Newbie_Cracker
I don't get it. You need to find the OEP yourself?

@sendersu
I don't think this is a problem. I will think about it. It is because Scylla doesnt pay attention to the api order (like imprec). Scylla is using a different algorithm.

@ahmadmansoor
here: https://github.com/NtQuery/Scylla
Reply With Quote
The Following 2 Users Gave Reputation+1 to Carbon For This Useful Post:
ahmadmansoor (09-04-2013), sendersu (09-04-2013)
  #43  
Old 09-04-2013, 17:44
Newbie_Cracker's Avatar
Newbie_Cracker Newbie_Cracker is offline
VIP
 
Join Date: Jan 2005
Posts: 227
Rept. Given: 72
Rept. Rcvd 26 Times in 12 Posts
Thanks Given: 49
Thanks Rcvd at 25 Times in 18 Posts
Newbie_Cracker Reputation: 26
Quote:
Originally Posted by Carbon View Post
@Newbie_Cracker
I don't get it. You need to find the OEP yourself?
In Scylla, like ImpRec, when you choose a process, the OEP is read from PE header and automatically is shown in OEP text box.

Imprec does the same for DLLs, but Scylla does not.

It seems that it reads the ImageBase and ImageSize from memory (I haven't debugged it to check), but it does not read the OEP from the disk/memory.
__________________
In memory of UnREal RCE...
Reply With Quote
  #44  
Old 09-04-2013, 21:21
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Coder
 
Join Date: Feb 2006
Location: Syria
Posts: 1,044
Rept. Given: 505
Rept. Rcvd 373 Times in 142 Posts
Thanks Given: 326
Thanks Rcvd at 406 Times in 119 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
just one thing pls upload the distorm 3.1 folder which u use .
I can't access it .
is there a problem to compile it with v10 instead of v9.0 of VS 2010
Thanks
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
  #45  
Old 09-05-2013, 20:07
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Germany
Posts: 300
Rept. Given: 111
Rept. Rcvd 64 Times in 42 Posts
Thanks Given: 178
Thanks Rcvd at 215 Times in 92 Posts
deepzero Reputation: 64
where do these new version come from? They are not mentioned on t4u, Scylla's home.
Reply With Quote
The Following User Gave Reputation+1 to deepzero For This Useful Post:
Newbie_Cracker (09-06-2013)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Scylla IAT finder and Dumper Storm Shadow Source Code 6 05-05-2015 02:22
More Armadillo - import reconstruction FEARHQ General Discussion 8 09-19-2005 16:46


All times are GMT +8. The time now is 17:19.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )