Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Scylla TheMida v2.1.8.0 IAT problem

GIV
GIV
in Scylla Imports Reconstruction

Featured Replies

Posted

Hi again.


:)


 


Today i have one problem following a LCF-AT tutorial in unpacking a Themida target.


 


One API even is ok in the unpackme (TlsSetValue) in Kernel32 when the IAT is rebuilded via Scylla the API is put in oleaut32.


 


the dump in consequence will not start.


 


I put in attach all the things needed and a video of the problem.


 


I did not do something alright or?


 


See ya!


TheMida v2.1.8.0 UnpackMe.7z

Hi GIV,


 


so if you read the IAT in Scylla then you can already see it has read the IAT not right so in your case your oleaut32 module holds 72 entrys (oleout 3 + kernel 4 + Advapi 3 + kernel 62 = 72 entrys which you can see in my video in Scylla).In your case these modules was read as one with oleout and they will now fixed to oleout = wrong.So what you can do is to enable the fix to original first thunk in Scylla settings and try again.


 


greetz


    •
    • Like 1

    Yes, LCF-AT is probably right. Maybe I will remove the choice for that option, because using Original First Thunk is always a good behaviour, so it should be always enabled.


    • Author

    Checked that option.


    The same problem.


     


    Edit.


    With version 0.8 is working fine though.


    Video2.7z

    Edited by GIV

    Hi,


     


    i have the same issue with a asprotect (DIE0.84: ASProtect(1.23-2.56)[EXE32]) protected file.


    Scylla Version x86 v0.9.6b.


     


    --- only for Information ---


    •
    • Like 1
    • Author

    Can the problem be solved?


    Thanks for the bug report. I was a little bit busy with ScyllaHide. This should fix the problem I hope, please see the attachment.


    Scylla097.rar

    •
    • Like 3
    • Author

    I was a little bit busy with ScyllaHide. 

    I guessed the same.

    No problem.

    I just thought you forgot.

    :)

    • 4 months later...

    Can the problem be solved?


    Thanks for the bug report. I was a little bit busy with ScyllaHide. This should fix the problem I hope, please see the attachment.

     

    Scylla is a MASTER PIECE like the very famous "ImPrec"

    Keep working bro.

     

    BTW :

    sorry out of the topic.

    Just a question may be you or someone know.

    I often to test dumped files with Import Fixer (SuperCracker), but often put bugs on dumped file.

    Why ??? Anyone to explain ??

    Is there any update version of ImportFixer from the author ??

    Thanks for advances.

    Edited by Hasby

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.