Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

bug in "pick dll" operation

nullRd
nullRd
in Scylla Imports Reconstruction

Featured Replies

Posted

To see this bug yourself - grab any process (e.g. firefox.exe), then press "pick DLL" button.
Then choose any module (e.g. kernel32.dll)
Now press "IAT Autosearch" and "Get Imports".
This is what I've got:

 

j744.jpg

1. picked module - kernel32.dll
2. resolved imports are still belongs to main module...
3. ..but their RVA is calculated relative to base of selected module!bug tested on XPSP3, W7x64
Scylla ver 0.9.1 x32, x64

Looks like you are selecting the OEP of firefox.exe and not the DLL.  Try selecting the DLL then use the OEP of the DLL instead.  Address Entry Point + the ImageBase loaded at detected by Scylla.   On my system XP MSVPC image, the EP is 0000B64E, Scylla detected image base as 7C800000, So OEP = 7C80B64E


VA 7C801000 Size 00000620  392 Valid APIs


 


Remember when selecting the EXE process, the Imports (all the DLL API entries) you are seeing are pointing to the Exports of those DLLs.  Not the DLL's Imports.   - jack  


 


    •
    • Like 2
    • Author

    Thank you! Now I see..
    I've just lately started to use Scylla instead of ImpRec, so this thing was unclear to me.
    I'm really thought that was a bug. Forgive me for a false alarm :sorry:
     

    :)  Only a small adjustment when starting to use Scylla.  Cheers - jack 


    This little bug was fixed with version 0.9.2



    
Version 0.9.2
- Pick DLL -> Set DLL Entrypoint
    
- Advanced IAT Search Algorithm (Enable/Disable it in Options), thanks to ahmadmansoor
    
- Fixed bug in Options
    
- Added donate information, please feel free to donate some BTC to support this project
    •
    • Like 1

    Where to download the current version? In this section there isn't any up to date thread... :(


     


     


    Best regards,


    Jada^AoC


    you can "follow this file" and receive update notifications.


     


    Source is always here https://github.com/NtQuery/Scylla


    •
    • Like 1

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.