Author website 15aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4c8#2N6s2x3@1P5h3!0#2i4K6u0W2j5$3!0E0i4K6u0r3k6X3!0J5N6h3#2Q4x3V1k6A6L8X3c8W2P5q4)9J5k6i4m8Z5M7q4)9K6c8Y4y4Z5L8%4N6@1L8%4m8A6j5#2)9K6c8o6j5@1x3e0l9`.
Description This tool is designed to rebuild imports for protected/packed Win32 executables. It reconstructs a new Image Import Descriptor (IID), Import Array Table (IAT) and all ASCII module and function names. It can also inject into your output executable, a loader which is able to fill the IAT with real pointers to API or a ripped code from the protector/packer (very useful against emulated API in a thunk).
Sorry but this tool is not designed for newbies, you should be familiar a bit with manual unpacking first (some tutorials are easy to find on internet).
Features:
- Imports
- An original tree view
- 2 different methods to find original imports (by IAT and/or API calls)
- A *FULL* complete rebuilder (including a new fresh IAT)
- Loader
- An analyzer and ripper of redirected API code
- An injected loader code to support mix of imports + ripped code in a thunk
- A heuristic relocator
- Tracers
- 3 default tracers (disasm, hook & ring3) to find APIs in redirected code
- A plugin interface to develop your own tracers
- Misc
- Support ALL 32/64bits Windows (9x, ME, NT, 2k, XP and Vista32/64)
- An export renormalizer for Win9x/ME (ala Icedump)
- A built-in coloured disasm/hex-viewer to analyze the redirected code
- A built-in dumper
- Support almost all known antidump tricks
Filesize 395.89 kb
Date Friday 22 February 2008 - 03:37:58
