Jump to content
Tuts 4 You

New Feature

mm10121991

By mm10121991
in Scylla Imports Reconstruction

Recommended Posts

mm10121991

mm10121991

Posted
Posted

Hello Aguila

Can you Add support to memory loaded Dll : Dll That are in memory but not loaded via LoadLibrary

can you Add feature to fix the import table of those dll given the Dll Base Address.

:)

LCF-AT

LCF-AT

Posted
Posted

@ mm10121991

So do you mean modules which you can see as one section dll in memory right? :) Normaly loaded dlls are also shown in the pick dll list but the other mem dlls like VMP boxed dlls and other are not chooseable with Scylla or other IAT fix tools.

@ Aguila

Short info: So I had a problem last time with your fixing tool with one target.I had dumped the file manually [not with your tool] then I tried to fix it and it was not working so I got some invalid message [can fix dump etc] but I could fix this dump with ImpRec and all was working very well.Then I had dumped the file with your tool and fix it too [was working so far] but then the dump was not executeable [bad first Thunk problem] and LordPE can't show any imports just the bad first thunk message.Can you do something with this infos to check your tool again or do you need the exsample target?If you need it [or exsample movie] then let me know [was a unpackme].Just a quick info for you before I forget it again.

greetz

Aguila

Aguila

Posted
Posted (edited)

@mm10121991

This is a nice idea, thx. Malware and Game-Cheating-Software is using this technique a lot. I will think about a solution...

@LCF-AT

An example would be nice.

Edited by Aguila
LCF-AT

LCF-AT

Posted
Posted

Tach Aguila,

ok I found the file again and have packed all files in this package and also some infos for you.

- Packed File

- Dumped + Fixed File by Scylla [don't work]

- Dumped + Fixed File by ImpRec [does work]

Just check this out and then you will find maybe the problem / diffrent about dumping / fixing between Scylla & ImpRec with this file.Maybe there is some size reduce problem in Scylla [overwritten data etc] so you will know it better of course.Just check and then tell whether you found the problem then in Scylla etc.

greetz

Test Files + Info for Scylla vs ImpRec.rar

Aguila

Aguila

Posted
Posted

I found the problem. Nice find LCF-AT, thanks :cupidarrow: Will be fixed asap.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...