티스토리 뷰
==============================================================================
Universal Import Fixer (UIF) v1.2 (FINAL) by: Magic_h2001
Use this tool for fixing Import Elimination, Directly Imports and
Shuffled, Disordered, Scattered Imports (Just for 32 bit processes).
So you can use this tool for changing IAT Base Address and Sorting IATs
in New (other) Address.
Tested on:
Armadillo
ASProtect
Enigma
ExeCryptor
eXPressor
PeSpin
RlPack
VMProtect
TheMida
WinLicense
and any protector with Import Elimination, Directly Imports and
Shuffled, Disordered, Scattered Imports.
Notes:
======
This tool is an Import Fixer (not Import Rebuilder ImpRec etc) and Just work
in memory of target process. dont tell me how to use this Tool...if you can
not use this Simple Tool plz DRAG IT TO THE RECYCLE BIN ok?
Always first use UIF then Dump target process.
UIF can fix actual APIs, dont use it for fixing Emulated/Redirected APIs to
protector's stub.you must use UIF After fixing Magic IAT jump
(or use any methods) to convert Emulated/Redirected APIs to Actual APIs.
Samples:
Armadillo : Import Elimination
ASProtect : Directly Imports
Enigma : Shuffled, Disordered, Scattered Imports
ExeCryptor : Scattered Imports in Protector Stub
eXPressor : Directly Imports
PeSpin : Directly, Shuffled, Disordered, Scattered Imports
RlPack : Shuffled, Disordered, Scattered Imports
VMProtect : Directly Imports
TheMida : Directly Imports
WinLicense : Directly Imports
How to use :
============
1.fill <Process ID> with target Process ID
2.fill <Code Start> with start address of code that you want to fix it.
if you fill it with ZERO, UIF will fill it automatically.
3.fill <Code End> with End address of code that you want to fix it.
if you fill it with ZERO, UIF will fill it automatically.
4.fill <New IAT VA> with address of Empty or unused area
(in Code section or Data section or any...) that IAT will repair to it.
if you fill it with ZERO, UIF will fill it automatically.
so you can fill <code Start> , <Code End> with a Dll address area, UIF will
detect it automatically.
for Fast Speed:
===============
-After Click on <Start> you can Minimize UIF to the taskbar.
-Just enter Code section start and end (.text section etc).
-Dont check "Fix Directly Imports" if you dont need to it.
History:
========
v1.2 FINAL update (2008.12.31):
===============================
+Code improved for better processing invalid ImageBase,ImageSize and invalid PE.
+Some small changes for more Compatibility/Stability.
-PSAPI library removed from UIF engine (shit library with many bugs).
v1.2 FINAL update (2008.06.15):
===============================
+Code Optimized again for better result.
+UIF.dll released (for using UIF in other applications).
Coded with pure Api,very fast and small size.
v1.2 FINAL update (2008.04.24):
===============================
+Fast Speed option added.
v1.2 FINAL (2008.04.19):
========================
+Now UIF can process Ring0 Hooked APIs (KAV,ZoneAlarm,... etc).
-Minor Bugs fixed.
v1.2 Stable (2008.04.04):
=========================
+Algorithm improved for Fast Speed.
-Option 'Main exe Exports' removed (now UIF can detect it automatically)
-Option 'Fix NtDll to Kernel32' removed (now UIF can detect it automatically)
-Minor Bugs fixed.
v1.0 Final+ (2008.03.21):
=========================
+Code Optimized for Fast Speed.
+Always OnTop Added.
+Tested again on many targets:
(TheMida,WinLicense,Armadillo,ASProtect,Enigma,eXPressor,PeSpin,...)
-Bug fixed in Fixing Directly Imports in Delphi,BCB,VC(MFC) Applications.
v1.0 Final update (2008.02.23):
===============================
+Algorithm improved for better fixing Directly imports.
+Show modules count and progress in StatusBar.
-GUI bug fixed on large fonts >=120 dpi.
v1.0 Final update (2008.01.15):
===============================
-Some small bugs fixed.
+Algorithm improved for very big IAT size.
+Auto fill improved for detecting dlls correctly.
v1.0 Public (2008.01.12):
=========================
First public release...
v1.0 Private (2005.02.23):
==========================
For personal use...
You can download last version of UIF from this link:
http://magic.shabgard.org/UIF.zip
magic_h2001@yahoo.com
http://magic.shabgard.org
==============================================================================
언패킹 할때 사용하는 도구임 .
UIF.rar'Reversing tools > 언팩도구' 카테고리의 다른 글
| ASProtect_Import_Reconstructorv1.5 (0) | 2009.01.17 |
|---|---|
| GUnPacker.V0.4 generick unpacker & helper (3) | 2008.11.13 |
| QUnpack 2.1 +kor (0) | 2008.09.08 |
| VM_Unpacker_1.5 (0) | 2008.08.18 |
| CHimpREC: The Cheap Imports Reconstructor 1.0.0.1 (0) | 2008.06.25 |
| Y0daUnProtect (0) | 2008.04.15 |
| Themida Unpacker (0) | 2008.04.14 |
- Total
- Today
- Yesterday
- StrongOD
- ASProtect 1.32 - 1.41
- OllyDbg
- 한글화
- exeinfo pe
- PECompact
- vmprotect
- TTprotect
- plugin
- OllyScriptEditor
- Memory Hacking Software
- ollydbg scripts
- crack
- 패처
- ollydbg mup
- ollydbg ScriptEditor
- ProtectionID
- Themida
- 리버싱은 내운명
- 미니 노트북
- OllyDbg Plugins
- 리버스 엔지니어링
- Unpacking
- 미친소 수입반대
- 언패킹
- Unpacker
- ODbgScript
- ollydbg PLUGIN
- DUP2
- Reverse Engineering
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 |