Version 0.8

[Aguila]

I just uploaded a new version here:

http://forum.tuts4yo...reconstruction/

new source is here:

http://forum.tuts4yo...ruction-source/

But the most recent source is always here:

https://github.com/NtQuery/Scylla

If you download the files from any other source, please use the checksums to verify the binaries!

1st CRC32

2nd MD5

3rd SHA-1

0735d826 ?CRC32*Scylla_x64.dll
90a520f770bcb686e73c47013278ceb9 *Scylla_x64.dll
d79222d0cf1bb2da414ced4c3a585b6be23aaeca ?SHA1*Scylla_x64.dll
a3c0c79d ?CRC32*Scylla_x64.exe
9ee9fdeb5dd8ad076cae3d62f23f752a *Scylla_x64.exe
e36a705f30fbeb4da92bc3312cebf6e7279ee52f ?SHA1*Scylla_x64.exe
c9037d98 ?CRC32*Scylla_x86.dll
3294017322ce07aff9d5be56d8c46437 *Scylla_x86.dll
03ce5601bb26f5eb00343574ff627aaf1b64d655 ?SHA1*Scylla_x86.dll
721ac8b6 ?CRC32*Scylla_x86.exe
180846e55d3aa8daa7187a15221efd9d *Scylla_x86.exe
2864b5bdc7ea0635ac4d8144c7cd5e6301191b63 ?SHA1*Scylla_x86.exe

Edited November 30, 2012 by Aguila

[mrexodia]

Good work!

You're providing the best IAT recovery tool on the net.

Greetings

[DMichael]

I just uploaded a new version here:

http://forum.tuts4yo...reconstruction/

new source is here:

http://forum.tuts4yo...ruction-source/

But the most recent source is always here:

https://github.com/NtQuery/Scylla

If you download the files from any other source, please use the checksums to verify the binaries!

1st CRC32

2nd MD5

3rd SHA-1

 

0735d826 ?CRC32*Scylla_x64.dll

90a520f770bcb686e73c47013278ceb9 *Scylla_x64.dll

d79222d0cf1bb2da414ced4c3a585b6be23aaeca ?SHA1*Scylla_x64.dll

a3c0c79d ?CRC32*Scylla_x64.exe

9ee9fdeb5dd8ad076cae3d62f23f752a *Scylla_x64.exe

e36a705f30fbeb4da92bc3312cebf6e7279ee52f ?SHA1*Scylla_x64.exe

c9037d98 ?CRC32*Scylla_x86.dll

3294017322ce07aff9d5be56d8c46437 *Scylla_x86.dll

03ce5601bb26f5eb00343574ff627aaf1b64d655 ?SHA1*Scylla_x86.dll

721ac8b6 ?CRC32*Scylla_x86.exe

180846e55d3aa8daa7187a15221efd9d *Scylla_x86.exe

2864b5bdc7ea0635ac4d8144c7cd5e6301191b63 ?SHA1*Scylla_x86.exe

 

crash on dump exe

offset:421f5d

register eax is on 0

happens only if theres use pe header from disk

Edited February 6, 2013 by DMichael

[Aguila]

can you please post the dump exe?

 

Is this offset RVA, VA or really a "offset"? Scylla is using dynamic imagebases (ASLR).

 

I should really add some crash handler :-S

[DMichael]

can you please post the dump exe?

 

Is this offset RVA, VA or really a "offset"? Scylla is using dynamic imagebases (ASLR).

 

I should really add some crash handler :-S

rva and something strange happens it wont crash ;x

[Aguila]

ok I think I found the problem.

 

http://forum.tuts4you.com/files/file/576-scylla-imports-reconstruction/

 

- updated to distorm v3.3

- added application exception handler

- fixed bug in dump engine

- improved "suspend process" feature, messagebox on exit

 

Also added a crash handler for the future. Thanks for your support.

[DMichael]

ok I think I found the problem.

 

http://forum.tuts4you.com/files/file/576-scylla-imports-reconstruction/

 

- updated to distorm v3.3

- added application exception handler

- fixed bug in dump engine

- improved "suspend process" feature, messagebox on exit

 

Also added a crash handler for the future. Thanks for your support.

thanks!!i will report if it happen again^^

[antrobs]

Thanks for the update.....

[name031]

thinks you

[The Trooper]

Thank You Aguila.

[deepzero]

I think we need a thread where the latest versions are advertised.

There is only a lockedo ne currently: http://forum.tuts4you.com/topic/27133-scylla-imports-reconstruction/?hl=scylla

 

 

We currently  are a 0.91

• - Fixed virtual device bug
  
• - Fixed 2 minor bugs
  

 

And i*d totally have missed this update.