|
|
#28
04-13-2014, 17:38
|
|||
|
|||
|
Bug report:
Consequent chunks merged to single branch (check attached image) Feature request: Often, especially in Delphi, you can see multiple kernel32.dll chunks with the same functions (which may be stolen). Could you please add extra loop to check all entries with the same address and fix them at once? For example: suppose GetProcAddress stolen and we have 3 chunks where function redirected to stub 00112233. Select 00112233 entry in Scylla, resolve function manually - get it resolved in all 3 chunks. Initialize function select dialog with default module name value. For example: we process kernel32.dll chunk. DLL module name with very high probability would be the same as any chunk entry above current. For the first entry some heuristic possible by module names frequency calculation for all entries in the chunk. Add option 'Save tree on exit' or Exit confirmation dialog. It is quite terrible to find Scylla window closed by extra ESC when over 50 entries already processed. 
|
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Scylla IAT finder and Dumper | Storm Shadow | Source Code | 6 | 05-05-2015 02:22 |
| More Armadillo - import reconstruction | FEARHQ | General Discussion | 8 | 09-19-2005 16:46 |
Threaded Mode