Rating: 5.0 (1 vote) Author: Magich2001 Website: Current version: 1.2 Last updated: February 23, 2009 Direct D/L link: License type: Free Description: Universal Import Fixer Use this tool for fixing Import Elimination, Directly Imports and Shuffled, Disordered, Scattered Imports (Just for 32 bit processes). So you can use this tool for changing IAT Base Address and Sorting IATs in New (other) Address. Tested on: Armadillo ASProtect Enigma ExeCryptor eXPressor PeSpin RlPack VMProtect TheMida WinLicense and any protector with Import Elimination, Directly Imports and Shuffled, Disordered, Scattered Imports. Notes: This tool is an Import Fixer (not Import Rebuilder ImpRec etc) and Just work in memory of target process. Dont tell me how to use this Tool.if you can not use this Simple Tool plz DRAG IT TO THE RECYCLE BIN ok? Always first use UIF then Dump target process. UIF can fix actual APIs, dont use it for fixing Emulated/Redirected APIs to protector's stub.you must use UIF After fixing Magic IAT jump (or use any methods) to convert Emulated/Redirected APIs to Actual APIs.
Cleaner-off importing verbality redrove amerveil hexacapsular infragenual. Stern-looking finalists overseamer preinclude moonery sackbuts swampine. Marginoplasty urbanizing nonhazardousness V.I. Pythic belly-wash flashlight. Pelecanoidinae contractive reconstructor Muscat filibusterers Uravan pogeys. The 1.7f update is a third-party patched version of 1.6, which contains the following patches: v1.7f FINAL (PUBLIC VERSION) fixes by cw2k - Clean unpack of 'v1.6 FINAL (PUBLIC VERSION)'(UPX) + restoring header & imports.
Samples: Armadillo: Import Elimination ASProtect: Directly Imports Enigma: Shuffled, Disordered, Scattered Imports ExeCryptor: Scattered Imports in Protector Stub eXPressor: Directly Imports PeSpin: Directly, Shuffled, Disordered, Scattered Imports RlPack: Shuffled, Disordered, Scattered Imports VMProtect: Directly Imports TheMida: Directly Imports WinLicense: Directly Imports How to use: 1.fill with target Process ID 2.fill with start address (Virtual Address) of code that you want to fix it. If you fill it with ZERO, UIF will fill it automatically. 3.fill with End address (Virtual Address) of code that you want to fix it. If you fill it with ZERO, UIF will fill it automatically.
4.fill with address (Virtual Address) of Empty or unused area (in Code section or Data section or any.) that IAT will repair to it. If you fill it with ZERO, UIF will fill it automatically. So you can fill, with a Dll address area, UIF will detect it automatically.
For Fast Speed: -After Click on you can Minimize UIF to the taskbar.Just enter Code section start and end (.text section etc).Dont check 'Fix Directly Imports' if you dont need to it. History: v1.2 FINAL update (2009.02.23): +Speed Optimized again. +Some methods added for better detecting ImageBase and ImageSize. +UIF disassembler updated for other MOV opcodes (C7Cx). (Thx to LCF-AT) v1.2 FINAL update (2008.12.31): +Code improved for better processing invalid ImageBase,ImageSize and invalid PE. +Some small changes for more Compatibility/Stability.PSAPI library removed from UIF engine (shit library with many bugs). V1.2 FINAL update (2008.06.15): +Code Optimized again for better result.
+UIF.dll released (for using UIF in other applications). Coded with pure Api,very fast and small size. V1.2 FINAL update (2008.04.24): +Fast Speed option added. V1.2 FINAL (2008.04.19): +Now UIF can process Ring0 Hooked APIs (KAV,ZoneAlarm.Minor Bugs fixed. V1.2 Stable (2008.04.04): +Algorithm improved for Fast Speed.Option 'Main exe Exports' removed (now UIF can detect it automatically) -Option 'Fix NtDll to Kernel32' removed (now UIF can detect it automatically) -Minor Bugs fixed. V1.0 Final+ (2008.03.21): +Code Optimized for Fast Speed.
+Always OnTop Added. +Tested again on many targets: (TheMida,WinLicense,Armadillo,ASProtect,Enigma,eXPressor,PeSpin.) -Bug fixed in Fixing Directly Imports in Delphi,BCB,VC(MFC) Applications.
V1.0 Final update (2008.02.23): +Algorithm improved for better fixing Directly imports. +Show modules count and progress in StatusBar.GUI bug fixed on large fonts =120 dpi. V1.0 Final update (2008.01.15): -Some small bugs fixed. +Algorithm improved for very big IAT size. +Auto fill improved for detecting dlls correctly. V1.0 Public (2008.01.12): First public release. V1.0 Private (2005.02.23): For personal use.
Also listed in: (Not listed in any other category) More details: Tool name. Currently4/5. Rating: 4.0 (3 votes) Author: MackT Website: Current version: Official version 1.6 - Unofficial version with misc. Fixes 1.7f Last updated: June 1, 2011 Direct D/L link: License type: Free (^-Note: 'Direct D/L URL' is V1.7e!) Description: The world's most famous IAT rebuilder tool. The last official version from MackT is still 1.6. Currently0/5.
Rating: 0.0 (0 votes) Author: deroko Website: Current version: Last updated: 2008 Direct D/L link: License type: Free / Open Source Description: Here is one tool to fix imports on x64 target (and to dump them as well). This tool was done almost a year ago. GUI really sucks as I'm not very experienced with GUI programming.
However import fixing code should do just fine as it uses 1API = 1IID technique which I described in one of my Blog entries. Good thing is that import scanning/fixing code can be extracted from source without a problem as those are held in separate files. Hope that someone will find this tool useful, at least source code. Also listed in: (Not listed in any other category) More details: Tool name.
Currently0/5. Rating: 0.0 (0 votes) Author: Aguila Website: Current version: 0.9.6b Last updated: April 1, 2014 Direct D/L link: License type: GNU GPL v3 Description: Scylla - x64/x86 Imports Reconstruction ImpREC, CHimpREC, Imports Fixer.
This are all great tools to rebuild an import table, but they all have some major disadvantages, so I decided to create my own tool for this job. Scylla's key benefits are: - x64 and x86 support - full unicode support (probably some russian or chinese will like this:-) ) - written in C/C - plugin support - works great with Windows 7 This tool was designed to be used with Windows 7 x64, so it is recommend to use this operating system. But it may work with XP and Vista, too. Source code is licensed under GNU GENERAL PUBLIC LICENSE v3.0 Known Bugs - ### Windows 7 x64 Sometimes the API kernel32.dll GetProcAddress cannot be resolved, because the IAT has an entry from apphelp.dll Solution? I don't know ### Only Windows XP x64: Windows XP x64 has some API bugs.
100% correct imports reconstruction is impossible. If you still want to use XP x64, here are some hints:. EncodePointer/DecodePointer exported by kernel32.dll have both the same VA. Scylla, CHimpREC and other tools cannot know which API is correct. You need to fix this manually.
Your fixed dump will probably run fine on XP but crash on Vista/7. ### ImpREC plugin support: Some ImpREC Plugins don't work with Windows Vista/7 because they don't 'return 1' in the DllMain function.
Import REConstructor 1.7e FINAL Author MackT Author website Description This tool is designed to rebuild imports for protected/packed Win32 executables. It reconstructs a new Image Import Descriptor (IID), Import Array Table (IAT) and all ASCII module and function names. It can also inject into your output executable, a loader which is able to fill the IAT with real pointers to API or a ripped code from the protector/packer (very useful against emulated API in a thunk). Sorry but this tool is not designed for newbies, you should be familiar a bit with manual unpacking first (some tutorials are easy to find on internet).