分享 - Import REConstructor 1.7a FINAL

[yoyo007]

■ 軟體說明：

∥軟體名稱：Import REConstructor
∥版本資訊：1.7a FINAL
∥檔案大小：410 KB (420,729 位元組)
∥軟體分類：軟體本地化
∥存放空間：HTTP
∥中 文 化：YoYo



■ 軟體簡介：

輸入表重建工具，基本跟 1.6 fixed 大同小異；用於修復可執行檔案 dump 後的輸入表 (如果有需要)，配合 OllyDBG & PE Tools 或 LordPE 完成手動脫殼作業，使用方法如預覽圖：

引用:

1. dump 可執行檔案後，開啟 ImpREC 選擇目標處理序。
2. 填入 OEP 按 [自動搜尋] 按鈕。(或手動確認 IAT 位址和大小)
3. 提示找到一些資訊按 [確定]，再按 [擷取輸入表] 按鈕。
4. 按 [顯示無效函數] 看看是否全都有效。
5. 按 [修復轉存檔案] 選擇目標 dump.exe 或 dump.dll 修復。
6. 作業完成，結束程式。

註：中文化對介面進行了一些調整；dump (傾印) 這裡統一譯作 [轉存]。

以下引自 TUTS4YOU：

引用:

This tool is designed to rebuild imports for protected/packed Win32 executables. It reconstructs a new Image Import Descriptor (IID), Import Array Table (IAT) and all ASCII module and function names. It can also inject into your output executable, a loader which is able to fill the IAT with real pointers to API or a ripped code from the protector/packer (very useful against emulated API in a thunk).

Sorry but this tool is not designed for newbies, you should be familiar a bit with manual unpacking first (some tutorials are easy to find on internet).

Features:

- Imports
- An original tree view
- 2 different methods to find original imports (by IAT and/or API calls)
- A *FULL* complete rebuilder (including a new fresh IAT)

- Loader
- An analyzer and ripper of redirected API code
- An injected loader code to support mix of imports + ripped code in a thunk
- A heuristic relocator

- Tracers
- 3 default tracers (disasm, hook & ring3) to find APIs in redirected code
- A plugin interface to develop your own tracers

- Misc
- Support ALL 32/64bits Windows (9x, ME, NT, 2k, XP and Vista32/64)
- An export renormalizer for Win9x/ME (ala Icedump)
- A built-in coloured disasm/hex-viewer to analyze the redirected code
- A built-in dumper
- Support almost all known antidump tricks

以下版本歷程引自 [History.txt]：

引用:

v1.7a FINAL (PUBLIC VERSION)
----------------------------

- Misc
- Fixed Win2K crash, AllocConsole was replaced with ActivateActCtx (jstorme)


v1.7 FINAL (PUBLIC VERSION)
---------------------------

- Misc
- Fixed RestoreLastError API set to SetLastError for WinXP/Vista compatibility (MaRKuS_TH-DJM)
- user32.dll is always read from the system, prevents a crash from corrupted PE of user32.dll (MaRKuS_TH-DJM)
- Latest version of psapi.dll (6.0.6000.16386) included
- Fixed Vista64 crash bug (jstorme)
- GUI modified and improved (based upon Fly's modification)
- Updated/corrected plugins and deleted dups

■ 檔案下載：


載點連結：http://0rz.tw/c03Jq

MD5：

語法:

6CE5CC63FCC7232A37A66E3033509CD9

解壓碼：

語法:

CENTURYS 網際論壇 中文化開發團隊

[Heaven]

終於有用到這種工具了...
感謝分享!