Crash on getting imports.

[mudlord]

Hi,

Ran into a bug on a target which is using a modified UPX.

On getting the imports after autosearching for IAT, Scylla crashes.

I recall when on XP, ImpRec didnt have this problem.

Not sure where to post the target since it is commercial, though.

If it helps, using OllyDump which was ported by AORE for Olly2.

Using one of the standard UPX 3.04 crackmes crashes on fixing the dump, if that helps.

Edited September 19, 2011 by mudlord

[Aguila]

thanks for the bug report.

For the first bug:

I guess it is some buffer overflow exception caused by some very long API names. Please try the attached exe.

[mudlord]

Thanks very much, bug 1 fixed.

Indeed there was undecorated C++ functions being called, like new etc...

Edited September 19, 2011 by mudlord

[Aguila]

I found the second bug. Ollydump by AORE for Olly 2 is producing corrupt dumps. But anyway, Scylla should not crash because of that. Will be fixed in the next version.

[mudlord]

Cool.

Is there any dumping plugins for Olly2 that you do recommend though?

[BondCracked]

I found the second bug. Ollydump by AORE for Olly 2 is producing corrupt dumps. But anyway, Scylla should not crash because of that. Will be fixed in the next version.

I can confirm that. The plugin dumped a file and the reconstruction didn't work. The Scylla dumped file worked well.

[mudlord]

*facepalm* so Scylla does dumps too?

I wish I tried out a piece of software more, before finding well known alternatives...