Aguila Posted September 4, 2011 Posted September 4, 2011 (edited) View File Scylla Imports Reconstruction Source Scylla - x64/x86 Imports Reconstruction ImpREC, CHimpREC, Imports Fixer... this are all great tools to rebuild an import table, but they all have some major disadvantages, so I decided to create my own tool for this job. Scylla's key benefits are: x64 and x86 support full unicode support written in C/C++ plugin support works great with Windows 7 This tool was designed to be used with Windows 7 x64, so it is recommend to use this operating system. But it may work with XP and Vista, too. Source code is licensed under GNU GENERAL PUBLIC LICENSE v3.0 https://github.com/NtQuery/Scylla https://github.com/x64dbg/Scylla Submitter Aguila Submitted 09/05/2011 Category Tools & Utilities Edited November 30, 2012 by Aguila 11
Mad Max Posted September 4, 2011 Posted September 4, 2011 So many Greetings to gRn?? Which Member since probably behind it??
metr0 Posted September 5, 2011 Posted September 5, 2011 Nice to see you releasing the source code as well!
GIV Posted October 7, 2011 Posted October 7, 2011 The software is nice. But it needs some improvements. Good work!
Teddy Rogers Posted October 8, 2011 Posted October 8, 2011 The software is nice. But it needs some improvements. Good work! You might want to elaborate on that for it to be a useful comment... Ted.
qifeon Posted October 18, 2011 Posted October 18, 2011 good,maybe searching iat need improving.00749BD4 00F349A0 Calender.ShowCalender iat end importREC can recognize right00749BD8 0000000000749BDC 6E72656B00749BE0 32336C6500749BE4 6C6C642E00749BE8 0000000000749BEC 656C654400749BF0 72436574.....but Scylla Imports Reconstruction recognize iat end erroriat_rva="00349BCC" address_va="00ED3C5C" /> </module> <module filename="calender.dll" first_thunk_rva="00349BD4"> <import_valid name="ShowCalender" ordinal="0001" hint="0000" suspect="0" iat_rva="00349BD4" address_va="00F349A0" /> </module> <module filename="?" first_thunk_rva="00349BDC"> <import_invalid iat_rva="00349BDC" address_va="6E72656B" /> <import_invalid iat_rva="00349BE0" address_va="32336C65" /> <import_invalid iat_rva="00349BE4" address_va="6C6C642E" /> <import_invalid iat_rva="00349BEC" address_va="656C6544" /> <import_invalid iat_rva="00349BF0" address_va="72436574" /> <import_invalid iat_rva="00349BF4" address_va="63697469" />
Aguila Posted November 4, 2011 Author Posted November 4, 2011 good,maybe searching iat need improving.Try the new version 0.5a, the iat search is now improved. I tested it against a few targets and it seems now more accurate than imprec's search.get 0.5a here: http://forum.tuts4you.com/files/file/576-scylla-imports-reconstruction/ 1
Teddy Rogers Posted March 12, 2016 Posted March 12, 2016 Seems someone uploaded a new release/build today, is there any more detail behind the changes? Quote Built with Visual Studio 2015 and some minor C++11 modernized. https://github.com/tathanhdinh/Scylla/releases Ted.
mrexodia Posted March 16, 2016 Posted March 16, 2016 @Teddy Rogers See here for the changelog (https://github.com/tathanhdinh/Scylla/commits) Might be worth using but I don't see any major changes.
Aguila Posted January 5, 2019 Author Posted January 5, 2019 Hi, sorry I wasn't online for so long. I am still alive 🙂 but I had a HDD crash and lost almost everything including account information. Today I was able to recover some account information from a forgotten USB stick. At least the forum here + bitbucket/github account. So I may be able to work on the projects again 🙂 3 1
Teddy Rogers Posted January 5, 2019 Posted January 5, 2019 1 hour ago, Aguila said: So I may be able to work on the projects again 🙂 Thank you for the commits! 👍 Ted.
Progman Posted June 11 Posted June 11 Commits on Oct 19, 2022 Merge remote-tracking branch 'thecruz/patch-1' into vs13 mrexodia committed2 years ago Merge remote-tracking branch 'upstream/master' into vs13 mrexodia committed2 years ago Fix some dead links mrexodia committed2 years ago Commits on Jan 23, 2018 use sensible default configuration mrexodia committed7 years ago Verified Commits on Jun 3, 2017 ignore vs directory mrexodia committed7 years ago Verified Commits on Apr 18, 2017 added support for Windows 8.1 and Windows 10 (x64dbg/x64dbg#1548) mrexodia committed7 years ago Verified Commits on Dec 1, 2016 allow to dump a PE file from raw memory with just an image base @hasherezade mrexodia committed8 years ago Verified fixed a bug with the x64dbg memory read functions (now checks if the target process is correct) mrexodia committed8 years ago 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now