Jump to content
Tuts 4 You

Version 0.8

Aguila

By Aguila
in Scylla Imports Reconstruction

Recommended Posts

Aguila

Aguila

Posted
Posted (edited)

I just uploaded a new version here:

http://forum.tuts4yo...reconstruction/

new source is here:

http://forum.tuts4yo...ruction-source/

But the most recent source is always here:

https://github.com/NtQuery/Scylla

If you download the files from any other source, please use the checksums to verify the binaries!

1st CRC32

2nd MD5

3rd SHA-1


0735d826 ?CRC32*Scylla_x64.dll
90a520f770bcb686e73c47013278ceb9 *Scylla_x64.dll
d79222d0cf1bb2da414ced4c3a585b6be23aaeca ?SHA1*Scylla_x64.dll
a3c0c79d ?CRC32*Scylla_x64.exe
9ee9fdeb5dd8ad076cae3d62f23f752a *Scylla_x64.exe
e36a705f30fbeb4da92bc3312cebf6e7279ee52f ?SHA1*Scylla_x64.exe
c9037d98 ?CRC32*Scylla_x86.dll
3294017322ce07aff9d5be56d8c46437 *Scylla_x86.dll
03ce5601bb26f5eb00343574ff627aaf1b64d655 ?SHA1*Scylla_x86.dll
721ac8b6 ?CRC32*Scylla_x86.exe
180846e55d3aa8daa7187a15221efd9d *Scylla_x86.exe
2864b5bdc7ea0635ac4d8144c7cd5e6301191b63 ?SHA1*Scylla_x86.exe
Edited by Aguila
  • Like 5
mrexodia

mrexodia

Posted
Posted

Good work!

You're providing the best IAT recovery tool on the net.

Greetings

  • 2 months later...
DMichael

DMichael

Posted
Posted (edited)
  On 11/30/2012 at 6:35 PM, Aguila said:

I just uploaded a new version here:

http://forum.tuts4yo...reconstruction/

new source is here:

http://forum.tuts4yo...ruction-source/

But the most recent source is always here:

https://github.com/NtQuery/Scylla

If you download the files from any other source, please use the checksums to verify the binaries!

1st CRC32

2nd MD5

3rd SHA-1

 

0735d826 ?CRC32*Scylla_x64.dll

90a520f770bcb686e73c47013278ceb9 *Scylla_x64.dll

d79222d0cf1bb2da414ced4c3a585b6be23aaeca ?SHA1*Scylla_x64.dll

a3c0c79d ?CRC32*Scylla_x64.exe

9ee9fdeb5dd8ad076cae3d62f23f752a *Scylla_x64.exe

e36a705f30fbeb4da92bc3312cebf6e7279ee52f ?SHA1*Scylla_x64.exe

c9037d98 ?CRC32*Scylla_x86.dll

3294017322ce07aff9d5be56d8c46437 *Scylla_x86.dll

03ce5601bb26f5eb00343574ff627aaf1b64d655 ?SHA1*Scylla_x86.dll

721ac8b6 ?CRC32*Scylla_x86.exe

180846e55d3aa8daa7187a15221efd9d *Scylla_x86.exe

2864b5bdc7ea0635ac4d8144c7cd5e6301191b63 ?SHA1*Scylla_x86.exe

 

crash on dump exe

offset:421f5d

register eax is on 0

happens only if theres use pe header from disk

Edited by DMichael
Aguila

Aguila

Posted
  • Author
Posted

can you please post the dump exe?


 


Is this offset RVA, VA or really a "offset"? Scylla is using dynamic imagebases (ASLR).


 


I should really add some crash handler :-S


DMichael

DMichael

Posted
Posted
  On 2/7/2013 at 9:04 AM, Aguila said:

can you please post the dump exe?

 

Is this offset RVA, VA or really a "offset"? Scylla is using dynamic imagebases (ASLR).

 

I should really add some crash handler :-S

rva and something strange happens it wont crash ;x

DMichael

DMichael

Posted
Posted
  On 2/7/2013 at 7:16 PM, Aguila said:

ok I think I found the problem.

 

http://forum.tuts4you.com/files/file/576-scylla-imports-reconstruction/

 


- updated to distorm v3.3

- added application exception handler

- fixed bug in dump engine

- improved "suspend process" feature, messagebox on exit




 


Also added a crash handler for the future. Thanks for your support.


thanks!!i will report if it happen again^^



			
		


		

		
	


	
    


	



					
						
    
							
							
								
  • 
									2 weeks later...
								
    • 
							
						

					
					
					
				

					

					
					







	

	

	

		

			

				

	
		antrobs
	

				
				
			

		

		

			

				


antrobs
			

			

			    Posted 
				
			

		

	

	
	

		




	

		

			

				
    
					
					
					
					
					
				

			

			
    
				
  • 
					
					
      
						
						
                        
						
						
						
							
								
							
							
							
							
							
							
						
					
    
				
    • 
				
			

		


		

		   
		   Posted 
		   
			
			
				
				
			
		

	


	

    

	

		
		

			
Thanks for the update.....



			
		


		

		
			

		
	


	
    


	



					
						
    
							
							
								
  • 
									6 months later...
								
    • 
							
						

					
					
					
				

					

					
					






					
					
					
				

					

					
					







	

	

	

		

			

				

	
		The Trooper
	

				
				
			

		

		

			

				


The Trooper
			

			

			    Posted 
				
			

		

	

	
	

		




	

		

			

				
    
					
					
					
					
					
				

			

			
    
				
  • 
					
					
      
						
						
                        
						
						
						
							
								
							
							
							
							
							
							
						
					
    
				
    • 
				
			

		


		

		   
		   Posted 
		   
			
			
				
				
			
		

	


	

    

	

		
		

			
Thank You Aguila.



			
		


		

		
	


	
    


	



					
					
					
				

					

					
					






					
					
					
				
			
			



		

	


	
	
	
	
	
		
	

			
				
				



	
	
		

			
				
Create an account or sign in to comment

				
You need to be a member in order to leave a comment

			
	
			

				

					

						
Create an account

						
Sign up for a new account in our community. It's easy!

						
							
						
						Register a new account
					

					

						
Sign in

						
Already have an account? Sign in here.

						Sign In Now
					

				

			

		

	


			
		

	

	
		

			

				
				
                

                


				
			

		

	







	

		
			
				Go to topic listing
			
		
	

	




						


	

		
    
			
				
					
					
  • 
				
			
		

	


					

					


					

				

			

			
		

		
		


	

		×
		

			
				

					
				

			

			

			

			
		

	






	

		×
		

			
    
				
  • Create New...
    •