WineHQ

ImpREC

NOTE: The ImpREC­ project has been dis­continued.­

This tool is desig­ned to rebuild imports for protected/packed Win32 executables. It reconstructs a new Image Import Descriptor (IID), Import Array Table (IAT) and all ASCII module and function names. It can also inject into your output executable, a loader which is able to fill the IAT with real pointers to API or a ripped code from the protector/packer (very useful against emulated API in a thunk).

This tool is for experts.

Features:

- Imports
    - an original tree view
    - 2 different methods to find original imports (by IAT and/or API calls)
    - a *FULL* complete rebuilder (including a new fresh IAT)

- Loader
    - an analyzer and ripper of redirected API code
    - an injected loader code to support mix of imports + ripped code in a thunk
    - a heuristic relocator

- Tracers
    - 3 default tracers (disasm, hook & ring3) to find APIs in redirected code
    - a plugin interface to develop your own tracers

- Misc
    - support ALL 32bits Windows (9x, ME, NT, 2k and XP)
    - an export renormalizer for Win9x/ME (ala Icedump)
    - a built-in coloured disasm/hex-viewer to analyze the redirected code
    - a built-in dumper
        - support almost all known antidump tricks


What does it need:

- a full dump of the target (RAW and VIRTUAL infos of sections DO NOT NEED to be equal)
- a running process of your target
- you have to find the Original Entry Point (OEP) manually for using the 'IAT AutoSearch' command

Application Details:

Developer: [Freeware]
URL: http://www.woodmann.com/collab...

Super Maintainers: About Maintainership

No maintainers. Volunteer today!

For more details and user comments, view the versions of this application

VersionDescriptionLatest RatingLatest Wine version testedTest resultsComments
1.7cThe world's most famous IAT rebuilder tool.Gold1.3.1720
Back