Exetools

Exetools (https://forum.exetools.com/index.php)
-   Source Code (https://forum.exetools.com/forumdisplay.php?f=46)
-   -   Scylla IAT finder and Dumper (https://forum.exetools.com/showthread.php?t=16240)

Storm Shadow 10-06-2014 02:54
Scylla IAT finder and Dumper
 
Imade this small plugin to load the scylla.dll in idapro.

Maybe if we are lucky they can add it via the official ScullaHide plugin for ida pro.

All repects to the authers of the plugin.

https://github.com/techbliss/SCyllaDumper
have the scylla.dll in the PATH some where.
run from plugin in ida and find under debugger

picture
http://i.imgur.com/KrcUFNR.png


Regards

Carbon 10-06-2014 15:17
Your plugin leads to stack corruption. Just start the scylla.exe, not DLL. Anyway, I think this is useless.

Storm Shadow 10-06-2014 15:25
the plugin loads the sculla.dll from the entrypoint.

So only the one version can be used. https://anonfiles.com/file/02b4422b0b8ce5aff92243156d2cacf9
I havent found a exe of the plugin.But i would like a link, would be easyer.

Carbon 10-06-2014 16:30
are you serious? You dont know that a main executable of scylla exists?

https://forum.exetools.com/showpost.php?p=90520&postcount=80

https://stackoverflow.com/questions/3207365/how-to-use-rundll32-to-execute-dll-function

Storm Shadow 10-06-2014 16:41
I actuelly just recently switched from PowerPC to PE files.Thats why i dont know many off the tools used.
I like to have the software all in one place, i dont wanna open multible programs each time.
And i use scylla really much when examing packed files.So its just for my own lazyness :)

Storm Shadow 10-06-2014 23:53
Okay since i was the only one the board that didnt know there was a executible Scylla also :rolleyes:
i updated the plugin to use exactly that version.

Also i added support for both version so x86 loads scylla x86, and x64 loads the x64 one.

Extract the https://forum.exetools.com/showpost.php?p=90520&postcount=80
into the ida root dir.
put sculla.py in plugin dir and load via plugin menu and find it after under debugg menu.

Also important that you have environment setting called IDADIR = path /to /dir
Always have this with ida anyway.


updated git.

https://github.com/techbliss/SCyllaDumper
again thx to the authers of the tool.
This is simple plugin to load the real plugin.
Regards.

Storm Shadow 05-05-2015 02:22
1.3

Code:
Just a small tool to load the real tool.

Version 1.3

Changelog:
bugfix > path
Scylla got its own dir.
ida x64 loads scylla x64
ida x86 loads scylla x86


first remove all old repos from ida.
Extract content to ida folder, so idascylla.py is in the plugins folder.

Get latest version of scylla and put in plugins\scylla folder.

Run from Edit >> Plugins.
then find it under View menu

Why
I am really lazy.




again thx to the authers of the tool.(Carbon, Aguila)
https://github.com/NtQuery/Scylla
Regards.
latest
1.3
https://github.com/techbliss/SCyllaDumper

Latest version of scylla
http://forum.exetools.com/showpost.p...3&postcount=89


All times are GMT +8. The time now is 05:06.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX