Jump to content
Tuts 4 You

Imports Fixer

  • entry
  • comments
  • views

Imports Fixer Overview

Sign in to follow this  



Get the latest release here

Report bugs, or post suggestions here

Today I decided to present a new tool meant for rebuilding imports and that will hopefully replace ImpREC. I called it "Imports Fixer" and for convenience will call it "IF" hereafter.

It has been a long time that the project has been private inside SnD (more than 4 years) and I think that the time has come to go for a first public release. A lot of work and effort has been done so far in order to try to compete with the so beloved ImpREC. I will present here for now a general overview of what IF can do, will do and probably can't do (for the moment ;) ). If you are familiar with ImpREC the following explanations shouldn't be problematic.

So for impatient folks who got bored from ImpREC, here is the new Imports Fixer 1.5a *PUBLIC VERSION*


As you can see there are 4 tabs :

Processes & Modules :

To get started simply select the process from the list and the loaded modules inside the running process will be automatically loaded.

You can right click a process to either dump it or kill it (the dumping is more fun than killing ;) )

Well here is the dumper tool. You can use it in collapsed mode if you do not wish to dump other memory regions and add them to the end of the main dump. You can also dump the PE header or a specific section by right clicking the desired section.


If you want to add other memory regions to the file then use the dumper tool in the expanded mode

(by clicking the arrow) you will then have a map view of the memory. Simply drag and drop

selected region into the main dump and it will be automatically added (be sure to not exceed the

max number of sections allowed).




Get Imports : retrieves and tries to resolve thunks starting from IAT begin

Load Imports : load imports from pre-saved tree

Save Imports : save imports tree


Write Imports : writes import table to the dumped file

Show invalid thunks : show non resolved thunks


Clear Imports : talks for itself ;)

Enter the OEP and press the IAT auto search button to serach for a possible valid IAT. If it fails try to manually to fill the IAT RVA and Size.


When you get imports you will have have a set of options :


you can cut, invalidate or show calls for the api :


you can also edit manually the api by double clicking it :


Hex Editor :

Time for some editing. A hex viewer/editor within executable imagesize.


Options to search for a sequence of bytes, to go to an address and to modify a byte are also present.


Disassembling & Debugging :

This section is under construction. The disassembling part is ready though, but I wanted to have a full working debugging and disassembling engine before releasing the whole package. But if you are curious here is an overview of what the disassembling would look like :


IF main menu :

Tools :

Converter tool : converts values into different formats (VA : Virtual Address, RVA : Relative Virtual Address, Offset : Address on disk)


Hex calculator : basic assembler operations and hextodec, dectohex conversions.


Preferences :


The options are very clear I think, you will get used to them very quickly. As you see IF can be hidden in tray and called when needed :


Help :

Documentation : includes a detailed help file of all functionalities supported by IF.

Check for updates : will update automatically IF after detecting a new version.

Next version update list : will give you ongoing info about updates I'm working on for next versions.


History : All IF updates since 1.0 version.


About : includes greetingz section.

Well that's it for today, if you appreciate the work an encouraging comment would be nice ;)

I am not telling at all that it is a perfect tool, but I can say that this is an active

project with some nice features and that all suggestions are welcome to improve it.


Sign in to follow this  


Recommended Comments

This looks like a very promising tool SuperCracker. When will you be releasing it?

Love all the different options :)

Share this comment

Link to comment


Very soon, working on some annoying bugs under x64, won't take that much time. In the meanwhile take time to say goodbye to ImpRec :)

Share this comment

Link to comment

It looks good but.. Can you give few reasons why I should use it instead of ImpRec? ;)

Share this comment

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...