Scylla Imports Reconstruction
Development and support forum for the Scylla project...
62 topics in this forum
-
suggestion to aguila
by DMichael- 6 replies
- 5.7k views
i dont not if its ok to create anew theard but i think there is missing some helpfull feature in scylla 1.well the first its you have to calculate OEP cuz of imagebase changes like in Imprec it calcualtes automatactly exemple: you write in imprec 1000 oep its calcultes autoatcly to 00401000 (exemple) and if you write in scylla it just write its wrong 2.also the problem with deleting imports you have to select one be one what you want remove but in imprec you have abillty to remove the wrong in once 3.also in imprec when you dissambly it finds automatacly which import is it like in pecompact imports destroy and in syllla you have to look manully at the import if you dont u…
-
Bug When Fixing Dump
by waliedassar- 10 replies
- 12.1k views
It seems that Scylla has a bug when trying to fix a dump with an unusual SizeOfOptionalHeader value. For example (with Scylla 0.6): If the PE has the "SizeOfOptionalHeader" field set to 0x148 and the "NumberOfRvaAndSizes" field set to 0x1D, Scylla sets the "NumberOfRvaAndSizes" to 0x10 but leave the "SizeOfOptionalHeader" field as it is and this is why the fixed dumped is rejected by PE loader. Scylla 0.7 beta: If the PE has the "SizeOfOptionalHeader" field set to 0x148 and the "NumberOfRvaAndSizes" field set to 0x1D, Scylla moves the section table just after the 16th data directory without modifying the "SizeOfOptionalHeader" field. It should do the reverse, set the "Si…
-
New Feature
by mm10121991- 4 replies
- 10.6k views
Hello Aguila Can you Add support to memory loaded Dll : Dll That are in memory but not loaded via LoadLibrary can you Add feature to fix the import table of those dll given the Dll Base Address.
-
DLL injection
by mm10121991- 1 reply
- 10.8k views
hello did anyone tried dll injection with last version scylla x86 0.7 it always hang trying loading dll.
-
EP not set
by deepzero- 7 replies
- 7.2k views
hi, a minor issue: when scylla is used to iat-fix a file, it will not set the OEP of the file to the value given in the "OEP:" textbox. d.
-
Version 0.6 Beta
by Aguila- 17 replies
- 17.7k views
Here is a new beta version of Scylla. Please test it. Changelog: - Dump memory feature - Bugfixes - Many core and source code improvements Beta 3: />http://forum.tuts4you.com/topic/28627-version-06-beta/page__view__findpost__p__135322
-
New GUI
by Aguila- 3 replies
- 5.8k views
Killboy improved and recoded the GUI. Thanks to him for this great GUI The GUI can now be resized and it looks just fantastic. />http://forum.tuts4you.com/files/file/576-scylla-imports-reconstruction/ What do you think about the GUI? Maybe a button is missing on the main dialog? Or is a button usless? Please post your suggestions. Scylla is using WTL for the GUI now: http://wtl.sourceforge.net
-
Version 0.5 final
by Aguila- 7 replies
- 8.1k views
I'm proud to present the new version 0.5 of Scylla. Killboy helped a lot, many thanks to him. A lot of bugs are fixed, many gui improvements, keyboard support, etc. The highlight is probably the multi-select support and the save/load tree feature. E.g. select some imports with the mouse and delete them with the "DEL" key on your keyboard. ImpREC export/import tree support will not be added, because the ImpREC format is not really comfortable. The Scylla import/export format is xml based and it is really easy to read and edit this file. (in the menu: Imports -> Save/Load Tree, buttons on main dialog removed) Download 0.5: http://forum.tuts4yo...reconstruction/
-
Crash on getting imports.
by mudlord- 6 replies
- 6.5k views
Hi, Ran into a bug on a target which is using a modified UPX. On getting the imports after autosearching for IAT, Scylla crashes. I recall when on XP, ImpRec didnt have this problem. Not sure where to post the target since it is commercial, though. If it helps, using OllyDump which was ported by AORE for Olly2. Using one of the standard UPX 3.04 crackmes crashes on fixing the dump, if that helps.
-
Fixing a DLL Dump Appends Exe...
by Teddy Rogers- 1 reply
- 6.3k views
When fixing a DLL dump Scylla (0.2?) appends .exe to the end of the file name. Also I noticed in Downloads it says Scylla 0.2a but the title bar and info state version 0.1... />http://forum.tuts4you.com/files/file/576-scylla-imports-reconstruction/ Ted.
-
Weird tree view
by Killboy- 0 replies
- 7.3k views
One question, one bug and one suggestion regarding the main tree view. How do I remove all selected thunks? If I click on Show Invalid, how can I delete them all at once? Selecting a bunch of thunks and then rightclicking anywhere in the tree view first unselects the last item from the selection, any subsequent right click unselects the item I clicked on Is there any way to have less information overload for the thunks? Sometimes I can't read the API names but I see useless information like va (I already have the rva??) or ord. why not show these on a tooltip or an extra box in the main window when I select that thunk?
-
Scylla Imports Reconstruction
by Aguila- 1 follower
- 13 replies
- 11.5k views
OllyDbg 2 is here with improved Windows 7 support, so how about a new imports reconstructor tool? ImpREC, CHimpREC, Imports Fixer... this are all great tools to rebuild an import table, but they all have some major disadvantages, so I decided to create my own tool for this job. Scylla's key benefits are: x64 and x86 support full unicode support (probably some russian or chinese will like this :-) ) written in C/C++ plugin support works great with Windows 7 And the best: this tool will be open-source soon. First, I need to improve the code design. Currently there are only 2 plugins (PECompact, PESpin x64) in this release, full sourcecode for both is include…
