| yoyo007 |
2008-02-26 08:55 PM |
Import REConstructor 1.7a FINAL
■ 軟體說明:
∥軟體名稱:Import REConstructor
∥版本資訊:1.7a FINAL
∥檔案大小:410 KB (420,729 位元組)
∥軟體分類:軟體本地化
∥存放空間:HTTP
∥中 文 化:YoYo
■ 軟體簡介:
輸入表重建工具,基本跟 1.6 fixed 大同小異;用於修復可執行檔案 dump 後的輸入表 (如果有需要),配合 OllyDBG & PE Tools 或 LordPE 完成手動脫殼作業,使用方法如預覽圖:
引用:
|
1. dump 可執行檔案後,開啟 ImpREC 選擇目標處理序。
2. 填入 OEP 按 [自動搜尋] 按鈕。(或手動確認 IAT 位址和大小)
3. 提示找到一些資訊按 [確定],再按 [擷取輸入表] 按鈕。
4. 按 [顯示無效函數] 看看是否全都有效。
5. 按 [修復轉存檔案] 選擇目標 dump.exe 或 dump.dll 修復。
6. 作業完成,結束程式。
|
|
註:中文化對介面進行了一些調整;dump (傾印) 這裡統一譯作 [轉存]。
以下引自 TUTS4YOU:
引用:
|
This tool is designed to rebuild imports for protected/packed Win32 executables. It reconstructs a new Image Import Descriptor (IID), Import Array Table (IAT) and all ASCII module and function names. It can also inject into your output executable, a loader which is able to fill the IAT with real pointers to API or a ripped code from the protector/packer (very useful against emulated API in a thunk).
Sorry but this tool is not designed for newbies, you should be familiar a bit with manual unpacking first (some tutorials are easy to find on internet).
Features:
- Imports
- An original tree view
- 2 different methods to find original imports (by IAT and/or API calls)
- A *FULL* complete rebuilder (including a new fresh IAT)
- Loader
- An analyzer and ripper of redirected API code
- An injected loader code to support mix of imports + ripped code in a thunk
- A heuristic relocator
- Tracers
- 3 default tracers (disasm, hook & ring3) to find APIs in redirected code
- A plugin interface to develop your own tracers
- Misc
- Support ALL 32/64bits Windows (9x, ME, NT, 2k, XP and Vista32/64)
- An export renormalizer for Win9x/ME (ala Icedump)
- A built-in coloured disasm/hex-viewer to analyze the redirected code
- A built-in dumper
- Support almost all known antidump tricks
|
|
以下版本歷程引自 [History.txt]:
引用:
|
v1.7a FINAL (PUBLIC VERSION)
----------------------------
- Misc
- Fixed Win2K crash, AllocConsole was replaced with ActivateActCtx (jstorme)
v1.7 FINAL (PUBLIC VERSION)
---------------------------
- Misc
- Fixed RestoreLastError API set to SetLastError for WinXP/Vista compatibility (MaRKuS_TH-DJM)
- user32.dll is always read from the system, prevents a crash from corrupted PE of user32.dll (MaRKuS_TH-DJM)
- Latest version of psapi.dll (6.0.6000.16386) included
- Fixed Vista64 crash bug (jstorme)
- GUI modified and improved (based upon Fly's modification)
- Updated/corrected plugins and deleted dups
|
|
■ 檔案下載:
載點連結: http://0rz.tw/c03Jq
MD5:
語法:
6CE5CC63FCC7232A37A66E3033509CD9
解壓碼:
語法:
CENTURYS 網際論壇 中文化開發團隊
|
