首页
社区
课程
招聘
[转帖]Scylla v9.5- x64/x86 Imports Reconstruction
发表于: 2014-3-18 08:01 3384

[转帖]Scylla v9.5- x64/x86 Imports Reconstruction

2014-3-18 08:01
3384
Scylla v9.5- x64/x86 Imports Reconstruction
Scylla - x64/x86 Imports Reconstruction
=======================================
ImpREC, CHimpREC, Imports Fixer... this are all great tools to rebuild an import table,
but they all have some major disadvantages, so I decided to create my own tool for this job.

Scylla's key benefits are:
- x64 and x86 support
- full unicode support (probably some russian or chinese will like this :-) )
- written in C/C++
- plugin support
- works great with Windows 7
This tool was designed to be used with Windows 7 x64, so it is recommend to use this operating system.
But it may work with XP and Vista, too.
Source code is licensed under GNU GENERAL PUBLIC LICENSE v3.0

Known Bugs
----------
### Windows 7 x64
Sometimes the API kernel32.dll GetProcAddress cannot be resolved,
because the IAT has an entry from apphelp.dll
Solution? I don't know

### Only Windows XP x64:
Windows XP x64 has some API bugs. 100% correct imports reconstruction is impossible.
If you still want to use XP x64, here are some hints:
* EncodePointer/DecodePointer exported by kernel32.dll have both the same VA.
Scylla, CHimpREC and other tools cannot know which API is correct. You need to fix this manually.
Your fixed dump will probably run fine on XP but crash on Vista/7.
### ImpREC plugin support:

Some ImpREC Plugins don't work with Windows Vista/7 because they don't "return 1" in the DllMain function.

Keyboard Shortcuts
------------------
- CTRL + D: [D]ump
- CTRL + F: [F]ix Dump
- CTRL + R: PE [R]ebuild
- CTRL + O: L[o]ad Tree
- CTRL + S: [S]ave Tree
- CTRL + T: Auto[t]race
- CTRL + G: [G]et Imports
- CTRL + I: AT Autosearch


Changelog
---------
Version 0.9.5
- improved process lister
- improved module lister
- improved dump name
- improved IAT parser


[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

上传的附件:
收藏
免费 1
支持
分享
最新回复 (6)
雪    币: 202
活跃值: (61)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
不错的东西,ImpREC 没得升级了,终于有替代品了。
2014-3-24 18:59
0
雪    币: 98745
活跃值: (201039)
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
3
Scylla 0.9.7c
http://rghost.ru/60007949
上传的附件:
2014-12-28 13:48
0
雪    币: 367
活跃值: (302)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
https://github.com/NtQuery/Scylla
https://github.com/NtQuery/ScyllaPlugins
2014-12-29 10:39
0
雪    币: 98745
活跃值: (201039)
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
5
Scylla 0.9.8
Changelog
Version 0.9.8
- Bugfixes for x64, IAT Search
- diStorm3 update from Jan 3rd 2015

_http://rghost.ru/8Q5j4LPkN
上传的附件:
2015-7-6 06:47
0
雪    币: 69
活跃值: (30)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
6
糟糕,这个得到的结果跟ImpRec不一样。
2015-7-17 15:31
0
雪    币: 8845
活跃值: (5341)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
7
谢谢了。。。
2015-10-8 17:39
0
游客
登录 | 注册 方可回帖
返回
//