Scylla x64/x86 Imports Reconstruction

Carbon · #11 02-05-2014, 07:08

Quote:

Version 0.9.4 Final

- direct import scanner (LEA, MOV, PUSH, CALL, JMP) + fixer with 2 fix methods
- create new iat in section
- fixed various bugs

I really recommend to update due to the bug fixes.

Direct import scanner fix methods:
- Normal: Patch memory with jmp/call only
- Universal: Works with everything, creates a jump table in the scylla section, watch for relocation information in the log file

I also found some weird thing in Windows 7 x64. I don't know yet why this happens:

Quote:

### Windows 7 x64

Sometimes the API kernel32.dll GetProcAddress cannot be resolved, because the IAT has an entry from apphelp.dll
Solution? I don't know

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Switch to Hybrid Mode Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Scylla IAT finder and Dumper	Storm Shadow	Source Code	6	05-05-2015 02:22
More Armadillo - import reconstruction	FEARHQ	General Discussion	8	09-19-2005 16:46

The Following 5 Users Gave Reputation+1 to Carbon For This Useful Post:
ahmadmansoor (02-06-2014), copyleft (02-08-2014), giv (02-05-2014), h8er (02-05-2014), Kla$ (02-05-2014)