| yoyo007 |
2008-03-11 06:30 PM |
Import REConstructor v1.7c FINAL
■ 軟體說明:
∥軟體名稱:Import REConstructor
∥版本資訊:1.7c FINAL
∥檔案大小:411 KB (421,629 位元組)
∥軟體分類:軟體本地化
∥存放空間:HTTP
∥中 文 化:YoYo
■ 軟體簡介:
輸入表重建工具;用於修復可執行檔案 dump 後的輸入表 (如果有需要),配合 OllyDBG & PE Tools 或 LordPE 完成手動脫殼作業,使用方法請參考: http://forum.slime.com.tw/thread225729.html 帖內說明。
以下引自 TUTS4YOU:
引用:
|
This tool is designed to rebuild imports for protected/packed Win32 executables. It reconstructs a new Image Import Descriptor (IID), Import Array Table (IAT) and all ASCII module and function names. It can also inject into your output executable, a loader which is able to fill the IAT with real pointers to API or a ripped code from the protector/packer (very useful against emulated API in a thunk).
Sorry but this tool is not designed for newbies, you should be familiar a bit with manual unpacking first (some tutorials are easy to find on internet).
Features:
- Imports
- An original tree view
- 2 different methods to find original imports (by IAT and/or API calls)
- A *FULL* complete rebuilder (including a new fresh IAT)
- Loader
- An analyzer and ripper of redirected API code
- An injected loader code to support mix of imports + ripped code in a thunk
- A heuristic relocator
- Tracers
- 3 default tracers (disasm, hook & ring3) to find APIs in redirected code
- A plugin interface to develop your own tracers
- Misc
- Support ALL 32/64bits Windows (9x, ME, NT, 2k, XP and Vista32/64)
- An export renormalizer for Win9x/ME (ala Icedump)
- A built-in coloured disasm/hex-viewer to analyze the redirected code
- A built-in dumper
- Support almost all known antidump tricks
|
|
以下版本歷程引自 [History.txt]:
引用:
|
v1.7c FINAL (PUBLIC VERSION)
----------------------------
- Fixed bug introduced in 1.7b when DLL's have discardable sections (jstorme)
|
|
■ 檔案下載:
載點連結: http://0rz.tw/cd3JQ
MD5:
語法:
75578B0C05FA5F08596D4A0696E71009
解壓碼:
語法:
CENTURYS 網際論壇 中文化開發團隊
|
