GIV Posted April 28, 2014 Share Posted April 28, 2014 Hi again. Today i have one problem following a LCF-AT tutorial in unpacking a Themida target. One API even is ok in the unpackme (TlsSetValue) in Kernel32 when the IAT is rebuilded via Scylla the API is put in oleaut32. the dump in consequence will not start. I put in attach all the things needed and a video of the problem. I did not do something alright or? See ya! TheMida v2.1.8.0 UnpackMe.7z Link to comment
LCF-AT Posted April 28, 2014 Share Posted April 28, 2014 Hi GIV, so if you read the IAT in Scylla then you can already see it has read the IAT not right so in your case your oleaut32 module holds 72 entrys (oleout 3 + kernel 4 + Advapi 3 + kernel 62 = 72 entrys which you can see in my video in Scylla).In your case these modules was read as one with oleout and they will now fixed to oleout = wrong.So what you can do is to enable the fix to original first thunk in Scylla settings and try again. greetz 1 Link to comment
Aguila Posted April 28, 2014 Share Posted April 28, 2014 Yes, LCF-AT is probably right. Maybe I will remove the choice for that option, because using Original First Thunk is always a good behaviour, so it should be always enabled. Link to comment
GIV Posted April 29, 2014 Author Share Posted April 29, 2014 (edited) Checked that option.The same problem. Edit.With version 0.8 is working fine though.Video2.7z Edited April 29, 2014 by GIV Link to comment
SiSC0 Posted April 29, 2014 Share Posted April 29, 2014 Hi, i have the same issue with a asprotect (DIE0.84: ASProtect(1.23-2.56)[EXE32]) protected file.Scylla Version x86 v0.9.6b. --- only for Information --- 1 Link to comment
Aguila Posted May 5, 2014 Share Posted May 5, 2014 Thanks for the bug report. I was a little bit busy with ScyllaHide. This should fix the problem I hope, please see the attachment.Scylla097.rar 3 Link to comment
GIV Posted May 6, 2014 Author Share Posted May 6, 2014 I was a little bit busy with ScyllaHide. I guessed the same. No problem. I just thought you forgot. Link to comment
zzheihei Posted September 25, 2014 Share Posted September 25, 2014 Can the problem be solved? Link to comment
Hasby Posted October 1, 2014 Share Posted October 1, 2014 (edited) Thanks for the bug report. I was a little bit busy with ScyllaHide. This should fix the problem I hope, please see the attachment. Scylla is a MASTER PIECE like the very famous "ImPrec" Keep working bro. BTW : sorry out of the topic. Just a question may be you or someone know. I often to test dumped files with Import Fixer (SuperCracker), but often put bugs on dumped file. Why ??? Anyone to explain ?? Is there any update version of ImportFixer from the author ?? Thanks for advances. Edited October 1, 2014 by Hasby Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now